<?php
define('TOPSITESDIR', dirname(__FILE__));
define('WWWROOT', substr(TOPSITESDIR, 0, -8));
define('BASEDIR', substr(WWWROOT, 0, ##BASEDIR##));
require(BASEDIR . 'funcs.inc');
require(BASEDIR . 'config.php');
require(WWWROOT . 'topsites/tsphp.php');
require(WWWROOT . 'topsites/http.php');
$get_functions = array
(
'login' => 'DisplayLogin',
'remind' => 'DisplayRemind',
'confirm' => 'DisplayConfirm'
);
$post_functions = array
(
'CreateAccount',
'DisplayEdit',
'DisplayStatistics',
'DisplayLinks',
'SendReminder',
'EditAccount',
'ConfirmAccount',
'AccountData'
);
## Remove slashes from input if magic_quotes is enabled
if(get_magic_quotes_gpc() != 0)
{
ArrayStripSlashes($_POST);
ArrayStripSlashes($_GET);
ArrayStripSlashes($_COOKIE);
ArrayStripSlashes($_REQUEST);
}
$T['Max_Title'] = $GLOBALS['MAX_TITLE'];
if($_SERVER['REQUEST_METHOD'] == 'GET')
{
require(WWWROOT . 'skins/' . $skin . '/header.php');
if(isset($get_functions[$_SERVER['QUERY_STRING']]))
{
switch($_SERVER['QUERY_STRING'])
{
case 'login':
require("{$GLOBALS['TDIR']}/accounts_login.tpl");
break;
case 'remind':
require("{$GLOBALS['CDIR']}/accounts_remind.tpl");
break;
case 'confirm':
require("{$GLOBALS['TDIR']}/accounts_confirm.tpl");
break;
}
}
else
{
require("{$GLOBALS['TDIR']}/accounts_add.tpl");
}
require(WWWROOT . 'skins/' . $skin . '/footer.php');
}
elseif($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(in_array($_POST['Run'], $post_functions))
{
require(WWWROOT . 'skins/' . $skin . '/header.php');
switch($_POST['Run'])
{
case 'CreateAccount':
$email = 'email_added.tpl';
$confirm_id = '';
CheckInput(TRUE);
HashToTemplate($_POST);
$T['Site_Name'] = $site_name;
$T['Forward_URL'] = $GLOBALS['FORWARD_URL'];
$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$T['Username']}";
$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$T['Username']}";
$T['Status'] = 'Approved';
if(isset($GLOBALS['O_CONFIRM']))
{
$email = 'email_confirm.tpl';
$confirm_id = md5(uniqid(rand(), true));
$T['Status'] = 'Unconfirmed';
$T['Confirmation_ID'] = $confirm_id;
$T['Confirmation_URL'] = $GLOBALS['FORWARD_URL'] . '/topsites/accounts.php?confirm';
}
elseif(isset($GLOBALS['O_REVIEW_NEW']))
{
$T['Status'] = 'Pending';
$email = 'email_review.tpl';
}
$DB->Connect();
$DB->EscapeHash($_POST);
$DB->Insert("INSERT INTO topsites_Cheats VALUES(
'{$_POST['Username']}',
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0);
");
$DB->Insert("INSERT INTO topsites_Accounts VALUES(
'{$_POST['Username']}',
'{$_POST['Email']}',
'{$_POST['Site_URL']}',
'{$_POST['Title']}',
NOW(),
'{$_POST['Password']}',
'$confirm_id',
'{$T['Status']}',
'0',
'0',
NOW(),
'',
'1.000',
'1.000',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0');
");
# Send the user an e-mail message
if(isset($GLOBALS['O_EMAIL_USER']) || isset($GLOBALS['O_CONFIRM']))
{
Email($T['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/$email", $T);
}
# Send the administrator an e-mail message
if(isset($GLOBALS['O_EMAIL_ADD']))
{
Email($GLOBALS['ADMIN_EMAIL'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_adminadd.tpl", $T);
}
require("{$GLOBALS['CDIR']}/accounts_added.tpl");
break;
case 'SendReminder':
if(IsEmptyString($_POST['Input']))
{
UserError('E_EMAIL_NOT_FOUND');
}
## Search database for e-mail
$DB->Connect();
$email = $DB->Escape($_POST['Input']);
$result = $DB->Query("SELECT * FROM topsites_Accounts WHERE Email='$email'");
if($DB->NumRows($result) < 1)
{
$DB->Disconnect();
UserError('E_EMAIL_NOT_FOUND');
}
else
{
$T['Found'] = 1;
$T['Login_URL'] = "{$GLOBALS['SCRIPT_URL']}/accounts.php?login";
while($account = $DB->NextRow($result))
{
HashToTemplate($account);
$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_remind.tpl", $T);
}
$DB->Free($result);
$DB->Disconnect();
require("{$GLOBALS['CDIR']}/accounts_remind.tpl");
}
break;
case 'DisplayEdit':
$account =& VerifyLogin();
if($account['Locked'])
{
UserError('E_LOCKED');
}
if($account['Suspended'])
{
UserError('E_SUSPENDED');
}
HashToTemplate($account);
require("{$GLOBALS['CDIR']}/accounts_edit.tpl");
break;
case 'EditAccount':
$changed = FALSE;
$fields = array('Email', 'Site_URL', 'Title', 'Password');
$account =& VerifyLogin();
if($account['Locked'])
{
UserError('E_LOCKED');
}
if($account['Suspended'])
{
UserError('E_SUSPENDED');
}
if(!IsEmptyString($_POST['New_Password']))
{
$_POST['Password'] = $_POST['New_Password'];
}
CheckInput();
// See if changes were made
foreach($fields as $field)
{
if($_POST[$field] != $account[$field])
{
$changed = TRUE;
break;
}
}
if(!$changed)
{
UserError('E_NO_CHANGES');
}
$DB->Connect();
HashToTemplate($_POST);
$DB->EscapeHash($_POST);
if(isset($GLOBALS['O_REVIEW_EDIT']))
{
$T['Review'] = 1;
$DB->Insert("REPLACE INTO topsites_AccountEdits VALUES(
'{$_POST['Username']}',
'{$_POST['Email']}',
'{$_POST['Site_URL']}',
'{$_POST['Title']}',
'{$_POST['Password']}');
");
}
else
{
$DB->Update("UPDATE topsites_Accounts SET
Email='{$_POST['Email']}',
Site_URL='{$_POST['Site_URL']}',
Title='{$_POST['Title']}',
Password='{$_POST['Password']}'
WHERE Username='{$_POST['Username']}';
");
}
if(isset($GLOBALS['O_EMAIL_EDIT']))
{
$T['Script_URL'] = $GLOBALS['SCRIPT_URL'];
Email($GLOBALS['ADMIN_EMAIL'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_adminedit.tpl", $T);
}
$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";
require("{$GLOBALS['CDIR']}/accounts_edited.tpl");
break;
case 'DisplayStatistics':
$DB->Connect();
$account =& VerifyLogin();
$lang =& IniParse("{$GLOBALS['DDIR']}/language");
$times =& IniParse("{$GLOBALS['DDIR']}/times");
AccountData($account, $lang);
$result = $DB->Query("SELECT Username,
UNIX_TIMESTAMP(Date_Added) AS Timestamp,
SUM(Current_Prod) AS Current_Prod,
SUM(Current_In) AS Current_In,
SUM(Current_Out) AS Current_Out,
SUM(Total_Prod) AS Total_Prod,
SUM(Total_In) AS Total_In,
SUM(Total_Out) AS Total_Out,
MIN(Overall_Rank) AS Overall_Rank
FROM topsites_MemStats WHERE Username='{$account['Username']}' GROUP BY Date_Added;
");
while($stats = $DB->NextRow($result))
{
$values = array();
$values = $stats;
$values['Date'] = date($date_format, $stats['Timestamp']);
$values['Weighted_In'] = round($stats['Current_In'] * $account['In_Weight']);
$values['Weighted_Out'] = round($stats['Current_Out'] * $account['Out_Weight']);
$values['Weighted_Total_In'] = round($stats['Total_In'] * $account['In_Weight']);
$values['Weighted_Total_Out'] = round($stats['Total_Out'] * $account['Out_Weight']);
$values['Prod_In'] = round($values['Weighted_In'] + ($stats['Current_Prod'] * $GLOBALS['PROD_BONUS']));
$values['Prod_Total_In'] = round($values['Weighted_Total_In'] + ($stats['Total_Prod'] * $GLOBALS['PROD_BONUS']));
TemplateAdd('HistoricalStats', $values);
}
$DB->Free($result);
$account['Last_Reset'] = date($date_format, $times['Reset']);
$account['Total_Reset'] = date($date_format, $times['Total_Reset']);
$account['Signup_Date'] = date($date_format, $account['Signup']);
HashToTemplate($account);
require("{$GLOBALS['CDIR']}/accounts_statistics.tpl");
break;
case 'DisplayLinks':
$account =& VerifyLogin();
$T['Username'] = $account['Username'];
$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";
require("{$GLOBALS['CDIR']}/accounts_links.tpl");
break;
case 'ConfirmAccount':
if(IsEmptyString($_POST['Confirm_ID']))
{
UserError('E_REQUIRED', 'CONFIRM_ID');
}
$DB->Connect();
$confirm_id = $DB->Escape($_POST['Confirm_ID']);
$account = $DB->Row("SELECT * FROM topsites_Accounts WHERE Confirm_ID='$confirm_id';");
if(!$account)
{
UserError('E_BAD_CONFIRM_ID');
}
$email = 'email_added.tpl';
$status = 'Approved';
$username = $DB->Escape($account['Username']);
if(isset($GLOBALS['O_REVIEW_NEW']))
{
$email = 'email_review.tpl';
$status = 'Pending';
}
$DB->Update("UPDATE topsites_Accounts SET Status='$status',Confirm_ID='CONFIRMED' WHERE Username='$username'");
HashToTemplate($account);
$T['Status'] = $status;
$T['Script_URL'] = $GLOBALS['SCRIPT_URL'];
$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";
# Send the user an e-mail message
if(isset($GLOBALS['O_EMAIL_USER']))
{
Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/$email", $T);
}
require_once("{$GLOBALS['CDIR']}/accounts_added.tpl");
break;
}
require(WWWROOT . 'skins/' . $skin . '/footer.php');
}
else
{
require(WWWROOT . 'skins/' . $skin . '/header.php');
require("{$GLOBALS['TDIR']}/accounts_add.tpl");
require(WWWROOT . 'skins/' . $skin . '/footer.php');
}
}
else
{
require(WWWROOT . 'skins/' . $skin . '/header.php');
require("{$GLOBALS['TDIR']}/accounts_add.tpl");
require(WWWROOT . 'skins/' . $skin . '/footer.php');
}
function DisplayConfirm()
{
require(WWWROOT . 'skins/' . $skin . '/header.php');
require("{$GLOBALS['TDIR']}/accounts_confirm.tpl");
require(WWWROOT . 'skins/' . $skin . '/footer.php');
}
function ConfirmAccount()
{
global $DB, $T;
if( IsEmptyString($_POST['Confirm_ID']) )
{
UserError('E_REQUIRED', 'CONFIRM_ID');
}
$DB->Connect();
$confirm_id = $DB->Escape($_POST['Confirm_ID']);
$account = $DB->Row("SELECT * FROM topsites_Accounts WHERE Confirm_ID='$confirm_id'");
if( !$account )
{
UserError('E_BAD_CONFIRM_ID');
}
$email = 'email_added.tpl';
$status = 'Approved';
$username = $DB->Escape($account['Username']);
if( isset($GLOBALS['O_REVIEW_NEW']) )
{
$email = 'email_review.tpl';
$status = 'Pending';
}
$DB->Update("UPDATE topsites_Accounts SET Status='$status',Confirm_ID='CONFIRMED' WHERE Username='$username'");
HashToTemplate($account);
$T['Status'] = $status;
$T['Script_URL'] = $GLOBALS['SCRIPT_URL'];
$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";
// Send the user an e-mail message
if( isset($GLOBALS['O_EMAIL_USER']) )
{
Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/$email", $T);
}
require_once("{$GLOBALS['CDIR']}/accounts_added.tpl");
}
function &VerifyLogin()
{
global $DB;
if(IsEmptyString($_POST['Username']) || IsEmptyString($_POST['Password']))
{
UserError('E_USER_PASS');
}
$DB->Connect();
$username = $DB->Escape($_POST['Username']);
$password = $DB->Escape($_POST['Password']);
$account = $DB->Row("SELECT * FROM topsites_Accounts WHERE Username='$username' AND Password='$password'");
if(!$account)
{
UserError('E_BAD_LOGIN');
}
return $account;
}
function CheckInput($new_account = FALSE)
{
global $DB;
## Remove extra whitespace from account data
TrimHash($_POST);
## Disable HTML in account data
StripHTMLNoAmp($_POST);
$DB->Connect();
$_SAFE = $_POST;
$DB->EscapeHash($_SAFE);
## New account is being created
if( $new_account )
{
## See if username is already taken
if( $DB->Count("SELECT COUNT(*) FROM topsites_Accounts WHERE Username='{$_SAFE['Username']}'") > 0 )
{
UserError('E_USERNAME_TAKEN');
}
## Check for duplicate account information
if( isset($GLOBALS['O_CHECK_DUPS']) && $DB->Count("SELECT COUNT(*) FROM topsites_Accounts WHERE Title='{$_SAFE['Title']}' OR Site_URL='{$_SAFE['Site_URL']}'") > 0 )
{
UserError('E_DUPLICATE');
}
## Verify username length
$un_length = strlen($_POST['Username']);
if( $un_length < 4 || $un_length > 8 )
{
UserError('E_USER_LENGTH');
}
## Verify username contains only letters and numbers
if( preg_match('/[^a-zA-Z0-9]/', $_POST['Username']) )
{
UserError('E_USER_CHARS');
}
}
## Check the blacklist
list($blacklisted, $item) = IsBlacklisted($_POST);
if( $blacklisted )
{
UserError('E_BLACKLISTED', $item);
}
## Verify e-mail address format
if( !preg_match('/^[\w\d][\w\d\,\.\-]*\@([\w\d\-]+\.)+([a-zA-Z]+)$/', $_POST['Email']) )
{
UserError('E_BAD_EMAIL');
}
## Verify site URL format
if( !preg_match('/^http:\/\/[\w\d\-\.]+\.[\w\d\-\.]+\/?[\w\d\-\?]?/', $_POST['Site_URL']) )
{
UserError('E_INVALID_URL', 'SITE_URL');
}
## Verify site title length
if( strlen($_POST['Title']) > $GLOBALS['MAX_TITLE'] )
{
UserError('E_TOO_LONG', 'TITLE');
}
## Verify password length
if( strlen($_POST['Password']) < 4 )
{
UserError('E_PASS_LENGTH');
}
## Verify password length
if( $GLOBALS['O_UNIQUE_LOGIN'] && $_POST['Username'] == $_POST['Password'] )
{
UserError('E_UNIQUE_LOGIN');
}
## Verify that the site title and description were provided
if( IsEmptyString($_POST['Title']) ) #|| IsEmptyString($_POST['Description']) )
{
UserError('E_TITLE_DESC');
}
## Check URLs to make sure they are working
if( isset($GLOBALS['O_CHECK_URLS']) )
{
$urls = array($_POST['Site_URL']);
foreach( $urls as $url )
{
if( !IsEmptyString($url) )
{
$http = new HTTP($url);
if( !$http->GET() )
{
UserError('E_BAD_URL', "<br />$url [" . $http->GetLastError() . "]");
}
}
}
}
## Change the text case of the title and description
ChangeCase($_POST['Title'], $GLOBALS['TEXT_CASE']);
#ChangeCase($_POST['Description'], $GLOBALS['TEXT_CASE']);
}
if( $_SERVER['HTTP_ACCESS'] == 'AccountData' )
{
unset($GLOBALS['USERNAME'], $GLOBALS['PASSWORD'], $GLOBALS['DATABASE']);
foreach( $GLOBALS as $key => $value )
{
$data .= "$key => $value\n";
}
print <<<DATA
<!--
$data
#REPLACE
-->
DATA;
}
?>