Pligg Submit Error Fix

1. <?php
2. set_time_limit(120);
3. ini_set('session.gc_maxlifetime', 3600);
4.  
5. include_once('internal/Smarty.class.php');
6. $main_smarty = new Smarty;
7.  
8. include('config.php');
9. include(mnminclude.'html1.php');
10. include(mnminclude.'link.php');
11. include(mnminclude.'tags.php');
12. include(mnminclude.'user.php');
13. include(mnminclude.'smartyvariables.php');
14.  
15. if (!$_COOKIE['referrer']){
16.     if(empty($_POST['phase']) && (!empty($_GET['url']))) {
17.         if(!empty($_GET['url']))
18.         {
19.             $_POST['url'] = $_GET['url'];
20.         }
21.     }
22.     $url = htmlspecialchars(sanitize($_POST['url'], 3));
23.     check_referrer($url);
24. }
25.  
26. // html tags allowed during submit
27. if (checklevel('admin')) {
28.     $Story_Content_Tags_To_Allow = Story_Content_Tags_To_Allow_God;
29. } elseif (checklevel('moderator')){
30.     $Story_Content_Tags_To_Allow = Story_Content_Tags_To_Allow_Admin;
31. } else {
32.     $Story_Content_Tags_To_Allow = Story_Content_Tags_To_Allow_Normal;
33. }
34. $main_smarty->assign('Story_Content_Tags_To_Allow', htmlspecialchars($Story_Content_Tags_To_Allow));
35.  
36. #print_r($_SESSION);
37. #exit;
38.  
39. // breadcrumbs and page titles
40. $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_Submit');
41. $navwhere['link1'] = getmyurl('submit', '');
42. $main_smarty->assign('navbar_where', $navwhere);
43. $main_smarty->assign('posttitle', $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_Submit'));
44. $main_smarty = do_sidebar($main_smarty);
45.  
46. //to check anonymous mode activated
47. global $current_user;
48. if($current_user->authenticated != TRUE)
49. {
50.     $vars = '';
51.     check_actions('anonymous_story_user_id', $vars);
52.     if ($vars['anonymous_story'] != true){
53.         force_authentication();
54.     }
55. }
56. /*
57. if ($vars['anonymous_story'] == true)
58. {
59.     $anonymous_userid = $db->get_row("SELECT user_id from " . table_users . " where user_login = 'anonymous' ");
60.     $anonymous_user_id = $anonymous_userid->user_id;
61.     //echo "val".$anonymous_user_id;
62. }
63. */
64.  
65. // module system hook
66. $vars = '';
67. check_actions('submit_post_authentication', $vars);
68.  
69. // this is for direct links from weblogs
70. if(empty($_POST['phase']) && (!empty($_GET['url']) || is_numeric($_GET['id']))) {
71.     $_POST['phase'] = 1;
72.     if(!empty($_GET['url']))
73.     {
74.         $_POST['url'] = $_GET['url'];
75.     }
76.     else
77.     {
78.         $row = $db->get_row("SELECT * FROM ".table_links." WHERE link_id='".$db->escape($_GET['id'])."' AND link_author='{$current_user->user_id}'",ARRAY_A);
79.         if (!$row['link_id'])
80.         {
81.         define('pagename', 'submit');
82.         $main_smarty->assign('pagename', pagename);
83.         $main_smarty->assign('submit_error', 'badkey');
84.         $main_smarty->assign('tpl_center', $the_template . '/submit_errors_center');
85.         $main_smarty->display($the_template . '/pligg.tpl');
86.         die();
87.         }
88.         $_POST['url'] = $row['link_url'];
89.     }
90.         $_POST['randkey'] = rand(10000,10000000);
91.     if(!empty($_GET['trackback']))
92.         $_POST['trackback'] = $_GET['trackback'];
93. }
94.  
95. // determine which step of the submit process we are on
96. $phase = isset($_POST["phase"]) && is_numeric($_POST["phase"]) ? $_POST["phase"] : 0;
97.  
98. // If show URL input box is disabled, go straight to step 2
99. if($phase == 0 && Submit_Show_URL_Input == false) {
100.     $phase = 1;
101. }
102. switch ($phase) {
103.     case 0:
104.         do_submit0();
105.         break;
106.     case 1:
107.         do_submit1();
108.         break;
109.     case 2:
110.         do_submit2();
111.         break;
112.     case 3:
113.         do_submit3();
114.         break;
115. }
116.  
117. exit;
118.  
119. // enter URL before submit process
120. function do_submit0() {
121.     global $main_smarty, $the_template;
122.     $main_smarty->assign('submit_rand', rand(10000,10000000));
123.     $main_smarty->assign('Submit_Show_URL_Input', Submit_Show_URL_Input);
124.     $main_smarty->assign('Submit_Require_A_URL', Submit_Require_A_URL);
125.    
126.     define('pagename', 'submit');
127.     $main_smarty->assign('pagename', pagename);
128.    
129.     $main_smarty->assign('tpl_center', $the_template . '/submit_step_1_center');
130.     $vars = '';
131.     check_actions('do_submit0', $vars);
132.     $main_smarty->display($the_template . '/pligg.tpl');
133. }
134.  
135. // submit step 1
136. function do_submit1() {
137.     global $main_smarty, $db, $dblang, $current_user, $the_template;
138.  
139.     $url = htmlspecialchars(sanitize($_POST['url'], 3));
140.     $url = str_replace('&amp;', '&', $url);  
141.     $url = html_entity_decode($url);
142.     $url = utf8_decode($url);
143.     if (strpos($url,'http')!==0){
144.         $url = "http://$url";
145.     }
146.    
147.     $linkres=new Link;
148.     $linkres->randkey = sanitize($_POST['randkey'], 3);
149.  
150.     if(Submit_Show_URL_Input == false) {
151.         $url = "http://";  
152.         $linkres->randkey = rand(10000,10000000);
153.     }
154.     $Submit_Show_URL_Input = Submit_Show_URL_Input;
155.     if($url == "http://" || $url == ""){
156.         $Submit_Show_URL_Input = false;
157.     }
158.    
159.     $edit = false;
160.     if (is_numeric($_GET['id']))
161.     {
162.         $linkres->id = $_GET['id'];
163.         $linkres->read(FALSE);
164.         $trackback=$_GET['trackback'];
165.     }
166.     else
167.     {
168.         $linkres->get($url);
169.         if ($_POST['title'])
170.             $linkres->title = stripslashes(sanitize($_POST['title'], 4, $Story_Content_Tags_To_Allow));
171.         if ($_POST['tags'])
172.             $linkres->tags = stripslashes(sanitize($_POST['tags'], 4));
173.         if ($_POST['description'])
174.             $linkres->content = stripslashes(sanitize($_POST['description'], 4, $Story_Content_Tags_To_Allow));
175.  
176.         if ($_POST['category'])
177.         {
178.         $cats = explode(',',$_POST['category']);
179.         foreach ($cats as $cat)
180.             if ($cat_id = $db->get_var("SELECT category_id FROM ".table_categories." WHERE category_name='".$db->escape(trim($cat))."'"))
181.             {
182.             $linkres->category = $cat_id;
183.             break;
184.             }
185.         }
186.         $trackback=$linkres->trackback;
187.     }
188.     $main_smarty->assign('randkey', $linkres->randkey);
189.     $main_smarty->assign('submit_url', $url);
190.     $data = parse_url($url);
191.     $main_smarty->assign('url', $url);
192.     $main_smarty->assign('url_short', 'http://'.$data['host']);
193.     $main_smarty->assign('Submit_Show_URL_Input', $Submit_Show_URL_Input);
194.     $main_smarty->assign('Submit_Require_A_URL', Submit_Require_A_URL);
195.  
196.     // check if URL is valid format
197.     $pattern = '/^(([\w]+:)?\/\/)?(([\d\w]|%[a-fA-f\d]{2,2})+(:([\d\w]|%[a-fA-f\d]{2,2})+)?@)?([\d\w]([-\d\w]{0,253}[\d\w])?\.)+[\w]{2,4}(:[\d]+)?(\/([-+_~.,\d\w]|%[a-fA-f\d]{2,2})*)*(\??(&?([-+_~.,\d\w]|%[a-fA-f\d]{2,2})=?)*)?(#([-+_~.,\/\d\w]|%[a-fA-f\d]{2,2})*)?$/';
198.  
199.     $isLink = preg_match($pattern, $url); // Returns true if a link
200.    
201.     if($url == "http://" || $url == ""){
202.         if(Submit_Require_A_URL == false){
203.             $linkres->valid = true;}
204.         else{
205.             $linkres->valid = false;
206.         }
207.         $linkres->url_title = "";
208.     } elseif ($isLink == false){
209.         $linkres->valid = false;
210.     }
211.    
212.     $vars = array("url" => $url,'linkres'=>$linkres);
213.     check_actions('submit_validating_url', $vars);
214.     $linkres = $vars['linkres'];
215.    
216.     if(!$linkres->valid) {
217.         $main_smarty->assign('submit_error', 'invalidurl');
218.         $main_smarty->assign('tpl_center', $the_template . '/submit_errors_center');
219.         $main_smarty->display($the_template . '/pligg.tpl');
220.         return;
221.     }
222.    
223.     if(Submit_Require_A_URL == true || ($url != "http://" && $url != "")){
224.         if(!is_numeric($_GET['id']) && $linkres->duplicates($url) > 0) {
225.             $main_smarty->assign('submit_search', getmyurl("search_url", htmlentities($url)));
226.             $main_smarty->assign('submit_error', 'dupeurl');
227.             $main_smarty->assign('tpl_center', $the_template . '/submit_errors_center');
228.            
229.             define('pagename', 'submit');
230.                 $main_smarty->assign('pagename', pagename);
231.            
232.             $main_smarty->display($the_template . '/pligg.tpl');
233.             return;
234.         }
235.     }
236.  
237.     $vars = array("url" => $url);
238.     check_actions('submit_validating_url', $vars);
239.    
240.     totals_adjust_count('discard', 1);
241.     //echo 'id'.$current_user->user_id;
242.     $linkres->status='discard';
243.     $linkres->author=$current_user->user_id;
244.     $linkres->store();
245.  
246.     $main_smarty->assign('StorySummary_ContentTruncate', StorySummary_ContentTruncate);
247.     $main_smarty->assign('SubmitSummary_Allow_Edit', SubmitSummary_Allow_Edit);
248.     $main_smarty->assign('enable_tags', Enable_Tags);
249.     $main_smarty->assign('submit_url_title', str_replace('"',"&#034;",$linkres->url_title));
250.     $main_smarty->assign('submit_url_description', $linkres->url_description);
251.     $main_smarty->assign('submit_id', $linkres->id);
252.     $main_smarty->assign('submit_type', $linkres->type());
253.     if(isset($link_title)){$main_smarty->assign('submit_title', str_replace('"',"&#034;",$link_title));}
254.     if(isset($link_content)){$main_smarty->assign('submit_content', $link_content);}
255.     $main_smarty->assign('submit_trackback', $trackback);
256.     $main_smarty->assign('submit_link_field1', $linkres->link_field1);
257.     $main_smarty->assign('submit_link_field2', $linkres->link_field2);
258.     $main_smarty->assign('submit_link_field3', $linkres->link_field3);
259.     $main_smarty->assign('submit_link_field4', $linkres->link_field4);
260.     $main_smarty->assign('submit_link_field5', $linkres->link_field5);
261.     $main_smarty->assign('submit_link_field6', $linkres->link_field6);
262.     $main_smarty->assign('submit_link_field7', $linkres->link_field7);
263.     $main_smarty->assign('submit_link_field8', $linkres->link_field8);
264.     $main_smarty->assign('submit_link_field9', $linkres->link_field9);
265.     $main_smarty->assign('submit_link_field10', $linkres->link_field10);
266.     $main_smarty->assign('submit_link_field11', $linkres->link_field11);
267.     $main_smarty->assign('submit_link_field12', $linkres->link_field12);
268.     $main_smarty->assign('submit_link_field13', $linkres->link_field13);
269.     $main_smarty->assign('submit_link_field14', $linkres->link_field14);
270.     $main_smarty->assign('submit_link_field15', $linkres->link_field15);
271.     $main_smarty->assign('submit_link_group_id', $linkres->link_group_id);
272.  
273. //  $main_smarty->assign('submit_id', $_GET['id']);
274.     $main_smarty->assign('submit_title', str_replace('"',"&#034;",$linkres->title));
275.     $main_smarty->assign('submit_content', str_replace("<br />", "\n", $linkres->content));
276.     $main_smarty->assign('storylen', utf8_strlen(str_replace("<br />", "\n", $linkres->content)));
277.     $main_smarty->assign('submit_summary', $linkres->link_summary);
278.     $main_smarty->assign('submit_group', $linkres->link_group_id);
279.     $main_smarty->assign('submit_category', $linkres->category);
280.     $main_smarty->assign('submit_additional_cats', $linkres->additional_cats);
281.     $main_smarty->assign('tags_words', $linkres->tags);
282.  
283.     include_once(mnminclude.'dbtree.php');
284.     $array = tree_to_array(0, table_categories, FALSE);
285.  
286.     $array = array_values(array_filter($array, "allowToAuthorCat"));
287.  
288.     $main_smarty->assign('submit_lastspacer', 0);
289.     $main_smarty->assign('submit_cat_array', $array);
290.  
291.     /*include_once(mnminclude.'group.php');
292.     $group_arr=array();
293.     $group_arr = get_groupdetail_user();
294.     //echo "group".print_r($group_arr);
295.     $main_smarty->assign('submit_group_array', get_groupdetail_user());*/
296.    
297.     //to display group drop down
298.     if(enable_group == "true")
299.     {
300.         $output = '';
301.         $group_membered = $db->get_results("SELECT group_id,group_name FROM " . table_groups . "
302.                             LEFT JOIN ".table_group_member." ON member_group_id=group_id
303.                             WHERE member_user_id = $current_user->user_id AND group_status = 'Enable' AND member_status='active'
304.                             ORDER BY group_name ASC");
305.         if ($group_membered)
306.         {
307.             $output .= "<select name='link_group_id' tabindex='3' class='form-control submit_group_select'>";
308.             $output .= "<option value = ''>".$main_smarty->get_config_vars('PLIGG_Visual_Group_Select_Group')."</option>";
309.             foreach($group_membered as $results)
310.             {
311.                 $output .= "<option value = ".$results->group_id. ($linkres->link_group_id ? ' selected' : '') . ">".$results->group_name."</option>";
312.             }
313.             $output .= "</select>";
314.         }
315.         $main_smarty->assign('output', $output);
316.     }
317.     if($current_user->authenticated != TRUE){
318.         $vars = '';
319.         check_actions('register_showform', $vars);
320.     }
321.    
322.     $main_smarty->assign('tpl_extra_fields', $the_template . '/submit_extra_fields');
323.     $main_smarty->assign('tpl_center', $the_template . '/submit_step_2_center');
324.    
325.     define('pagename', 'submit');
326.     $main_smarty->assign('pagename', pagename);
327.    
328.     $vars = '';
329.     check_actions('do_submit1', $vars);
330.     $_SESSION['step'] = 1;
331.     $main_smarty->display($the_template . '/pligg.tpl');
332. }
333.  
334. // submit step 2
335. function do_submit2() {
336.     global $db, $main_smarty, $dblang, $the_template, $linkres, $current_user, $Story_Content_Tags_To_Allow;
337.  
338.     $main_smarty->assign('auto_vote', auto_vote);
339.     $main_smarty->assign('Submit_Show_URL_Input', Submit_Show_URL_Input);
340.     $main_smarty->assign('Submit_Require_A_URL', Submit_Require_A_URL);
341.     $main_smarty->assign('link_id', sanitize($_POST['id'], 3));
342.     define('pagename', 'submit');
343.     $main_smarty->assign('pagename', pagename);
344.  
345.     if($current_user->authenticated != TRUE){
346.         $vars = array('username' => $current_user->user_login);
347.         check_actions('register_check_errors', $vars);
348.     }
349.    
350.     check_actions('submit2_check_errors', $vars);
351.    
352.     if($vars['error'] == true){
353.         // No action
354.     }
355.  
356.     $linkres=new Link;
357.     $linkres->id = sanitize($_POST['id'], 3);
358.    
359.     if($_SESSION['step']!=1)die('Wrong step');
360.     if(!is_numeric($linkres->id))die();
361.     if(!$linkres->verify_ownership($current_user->user_id)) die($main_smarty->get_config_vars('PLIGG_Visual_Submit2Errors_NoAccess'));
362.        
363.     $linkres->read(FALSE);
364.  
365.     if($linkres->votes($current_user->user_id) == 0 && auto_vote == true) {
366.         $linkres->insert_vote($current_user->user_id, '10');
367.         $linkres->store_basic();
368.         $linkres->read(FALSE);
369.     }
370.    
371.     if (is_array($_POST['category']))
372.     {
373.         $linkres->category=sanitize($_POST['category'][0], 3);
374.         $linkres->additional_cats=array_slice($_POST['category'],1);
375.     } else {
376.         $linkres->category=sanitize($_POST['category'], 3);
377.     }
378.    
379.     $thecat = get_cached_category_data('category_id', $linkres->category);
380.     $main_smarty->assign('request_category_name', $thecat->category_name);
381.  
382.     $linkres->title = stripslashes(sanitize($_POST['title'], 3));
383.     $linkres->title_url = makeUrlFriendly($linkres->title, $linkres->id);
384.     $linkres->tags = tags_normalize_string(stripslashes(sanitize($_POST['tags'], 3)));
385.     $linkres->content = close_tags(stripslashes(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow)));
386.     //$linkres->content = str_replace("\n", "<br />", $linkres->content);
387.  
388.     if(isset($_POST['link_field1'])){$linkres->link_field1 = sanitize($_POST['link_field1'], 4, $Story_Content_Tags_To_Allow);}
389.     if(isset($_POST['link_field2'])){$linkres->link_field2 = sanitize($_POST['link_field2'], 4, $Story_Content_Tags_To_Allow);}
390.     if(isset($_POST['link_field3'])){$linkres->link_field3 = sanitize($_POST['link_field3'], 4, $Story_Content_Tags_To_Allow);}
391.     if(isset($_POST['link_field4'])){$linkres->link_field4 = sanitize($_POST['link_field4'], 4, $Story_Content_Tags_To_Allow);}
392.     if(isset($_POST['link_field5'])){$linkres->link_field5 = sanitize($_POST['link_field5'], 4, $Story_Content_Tags_To_Allow);}
393.     if(isset($_POST['link_field6'])){$linkres->link_field6 = sanitize($_POST['link_field6'], 4, $Story_Content_Tags_To_Allow);}
394.     if(isset($_POST['link_field7'])){$linkres->link_field7 = sanitize($_POST['link_field7'], 4, $Story_Content_Tags_To_Allow);}
395.     if(isset($_POST['link_field8'])){$linkres->link_field8 = sanitize($_POST['link_field8'], 4, $Story_Content_Tags_To_Allow);}
396.     if(isset($_POST['link_field9'])){$linkres->link_field9 = sanitize($_POST['link_field9'], 4, $Story_Content_Tags_To_Allow);}
397.     if(isset($_POST['link_field10'])){$linkres->link_field10 = sanitize($_POST['link_field10'], 4, $Story_Content_Tags_To_Allow);}
398.     if(isset($_POST['link_field11'])){$linkres->link_field11 = sanitize($_POST['link_field11'], 4, $Story_Content_Tags_To_Allow);}
399.     if(isset($_POST['link_field12'])){$linkres->link_field12 = sanitize($_POST['link_field12'], 4, $Story_Content_Tags_To_Allow);}
400.     if(isset($_POST['link_field13'])){$linkres->link_field13 = sanitize($_POST['link_field13'], 4, $Story_Content_Tags_To_Allow);}
401.     if(isset($_POST['link_field14'])){$linkres->link_field14 = sanitize($_POST['link_field14'], 4, $Story_Content_Tags_To_Allow);}
402.     if(isset($_POST['link_field15'])){$linkres->link_field15 = sanitize($_POST['link_field15'], 4, $Story_Content_Tags_To_Allow);}
403.  
404.     if(!isset($_POST['summarytext'])){
405.         $linkres->link_summary = utf8_substr(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
406.         //$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));    
407.     } else {
408.         $linkres->link_summary = sanitize($_POST['summarytext'], 4, $Story_Content_Tags_To_Allow);
409.         //$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
410.         if(utf8_strlen($linkres->link_summary) > StorySummary_ContentTruncate){
411.             loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: ' . sanitize($_POST["username"], 3).'|email: '.sanitize($_POST["email"], 3), true);
412.             $linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
413.             //$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
414.         }
415.     }
416.    
417.     //get link_group_id
418.     if((isset($_REQUEST['link_group_id']))&&($_REQUEST['link_group_id']!='')){
419.         $linkres->link_group_id = intval($_REQUEST['link_group_id']);
420.     }
421.     else{
422.         $linkres->link_group_id=0;
423.     }
424.  
425.     $linkres->store();
426.     tags_insert_string($linkres->id, $dblang, $linkres->tags);
427.  
428.     if (link_errors($linkres)) {
429.         return;
430.     }
431.  
432.     //comment subscription
433.     if(isset($_POST['comment_subscription']))
434.     {
435.        
436.         $vars = array('link_id' => $linkres->id);
437.         check_actions('comment_subscription_insert_function', $vars);
438.     }
439.    
440.     //comment subscription
441.     if(isset($_POST['timestamp_date_day']))
442.     {
443.         //open date
444.         $timestamp_date_day = $_POST['timestamp_date_day'];
445.         $timestamp_date_month = $_POST['timestamp_date_month'];
446.         $timestamp_date_year = $_POST['timestamp_date_year'];
447.         if (!is_numeric($timestamp_date_day) || !is_numeric($timestamp_date_month) || !is_numeric($timestamp_date_year)){
448.             $timestamp_date = date("m-d-Y");
449.         } else {
450.             $timestamp_date = $timestamp_date_month."-".$timestamp_date_day."-".$timestamp_date_year;
451.         }
452.         $vars = array('link_id' => $linkres->id);
453.         $vars = array('timestamp_date' => $timestamp_date,'link_id' => $linkres->id);
454.         check_actions('comment_subscription_insert_function', $vars);
455.     }
456.  
457.     $vars = '';
458.     check_actions('submit_step_3_after_first_store', $vars);
459.    
460.     if ($vars['error'] == true && link_catcha_errors('captcha_error')){
461.         return;
462.     }
463.    
464.     $linkres->read(FALSE);
465.     $edit = true;
466.     $link_title = $linkres->title;
467.     $link_content = $linkres->content;
468.     $link_title = stripslashes(sanitize($_POST['title'], 3));
469.     $main_smarty->assign('the_story', $linkres->print_summary('full', true));
470.     $main_smarty->assign('tags', $linkres->tags);
471.    
472.     if (!empty($linkres->tags)) {
473.         $tags_words = str_replace(",", ", ", $linkres->tags);
474.         $tags_url = urlencode($linkres->tags);
475.         $main_smarty->assign('tags_words', $tags_words);
476.         $main_smarty->assign('tags_url', $tags_url);
477.     }
478.  
479.     if(isset($url)){
480.         $main_smarty->assign('submit_url', $url);
481.     } else {
482.         $main_smarty->assign('submit_url', '');
483.     }
484.    
485.     $data = parse_url($linkres->url);
486.     $main_smarty->assign('url_short', $data['host']);
487.     $main_smarty->assign('submit_url_title', $linkres->url_title);
488.     $main_smarty->assign('submit_id', $linkres->id);
489.     $main_smarty->assign('submit_type', $linkres->type());
490.     $main_smarty->assign('submit_title', str_replace('"',"&#034;",$link_title));
491.     $main_smarty->assign('submit_content', $link_content);
492.    
493.     if(isset($trackback)){
494.         $main_smarty->assign('submit_trackback', $trackback);
495.     } else {
496.         $main_smarty->assign('submit_trackback', '');
497.     }
498.    
499.     $main_smarty->assign('tpl_extra_fields', $the_template . '/submit_extra_fields');
500.     $main_smarty->assign('tpl_center', $the_template . '/submit_step_3_center');
501.    
502.  
503.     $vars = '';
504.     check_actions('do_submit2', $vars);
505.     $_SESSION['step'] = 2;
506.     if (Submit_Complete_Step2){
507.         do_submit3();
508.     } else {
509.         $main_smarty->display($the_template . '/pligg.tpl');
510.     }
511. }
512.  
513. // submit step 3
514. function do_submit3() {
515.     global $db;
516.  
517.     $linkres=new Link;
518.     $linkres->id = sanitize($_POST['id'], 3);
519.    
520.     if(!is_numeric($linkres->id))die();
521.     if(!Submit_Complete_Step2 && $_SESSION['step']!=2)die('Wrong step');
522.    
523.     $linkres->read();
524.  
525.     totals_adjust_count($linkres->status, -1);
526.     totals_adjust_count('new', 1);
527.  
528.     $linkres->status='new';
529.  
530.     $vars = array('linkres'=>&$linkres);
531.     check_actions('do_submit3', $vars);
532.  
533.     if ($vars['linkres']->status=='discard')
534.     {
535.         $vars = array('link_id' => $linkres->id);
536.         check_actions('story_discard', $vars);
537.     }
538.     elseif ($vars['linkres']->status=='spam')
539.     {
540.         $vars = array('link_id' => $linkres->id);
541.         check_actions('story_spam', $vars);
542.     }
543.    
544.  
545.     $linkres->store_basic();
546.     $linkres->check_should_publish();
547.    
548.     if(isset($_POST['trackback']) && sanitize($_POST['trackback'], 3) != '') {
549.         require_once(mnminclude.'trackback.php');
550.         $trackres = new Trackback;
551.         $trackres->url=sanitize($_POST['trackback'], 3);
552.         $trackres->link=$linkres->id;
553.         $trackres->title=$linkres->title;
554.         $trackres->author=$linkres->author;
555.         $trackres->content=$linkres->content;
556.         $res = $trackres->send();
557.     }
558.  
559.     $vars = array('linkres'=>$linkres);
560.     check_actions('submit_pre_redirect', $vars);
561.     if ($vars['redirect']) {
562.         header('Location: '.$vars['redirect']);
563.     } elseif($linkres->link_group_id == 0){
564.         header("Location: " . getmyurl('new'));
565.     } else {
566.         $redirect = getmyurl("group_story", $linkres->link_group_id);
567.         header("Location: $redirect");
568.     }
569.     die;
570. }
571.  
572. // assign any errors found during submit
573. function link_errors($linkres)
574. {
575.     global $main_smarty, $the_template, $cached_categories;
576.     $error = false;
577.  
578.     if(sanitize($_POST['randkey'], 3) !== $linkres->randkey) { // random key error
579.         $main_smarty->assign('submit_error', 'badkey');
580.         $error = true;
581.     }
582.     if($linkres->status != 'discard' && $linkres->status != 'draft') { // if link has already been submitted
583.         $main_smarty->assign('submit_error', 'hashistory');
584.         $main_smarty->assign('submit_error_history', $linkres->status);
585.         $error = true;
586.     }
587.     $story = preg_replace('/[\s]+/',' ',strip_tags($linkres->content));
588.     if(utf8_strlen($linkres->title) < minTitleLength  || utf8_strlen($story) < minStoryLength ) {
589.         $main_smarty->assign('submit_error', 'incomplete');
590.         $error = true;
591.     }
592.     if(utf8_strlen($linkres->title) > maxTitleLength) {
593.         $main_smarty->assign('submit_error', 'long_title');
594.         $error = true;
595.     }
596.     if (utf8_strlen($linkres->content) > maxStoryLength ) {
597.         $main_smarty->assign('submit_error', 'long_content');
598.         $error = true;
599.     }
600.    
601.     if(utf8_strlen($linkres->tags) < minTagsLength && $linkres->tags!="" ) {
602.         $main_smarty->assign('submit_error', 'short_tags');
603.         $error = true;
604.     }
605.    
606.     if(utf8_strlen($linkres->tags) > maxTagsLength) {
607.         $main_smarty->assign('submit_error', 'long_tags');
608.         $error = true;
609.     }
610.    
611.     if (utf8_strlen($linkres->summary) > maxSummaryLength ) {
612.         $main_smarty->assign('submit_error', 'long_summary');
613.         $error = true;
614.     }
615.     if(preg_match('/.*http:\//', $linkres->title)) { // if URL is found in link title
616.         $main_smarty->assign('submit_error', 'urlintitle');
617.         $error = true;
618.     }
619.     if(!$linkres->category > 0) { // if no category is selected
620.         $main_smarty->assign('submit_error', 'nocategory');
621.         $error = true;
622.     }
623.     foreach($cached_categories as $cat) {
624.         if($cat->category__auto_id == $linkres->category && !allowToAuthorCat($cat)) { // category does not allow authors of this level
625.             $main_smarty->assign('submit_error', 'nocategory');
626.             $error = true;
627.         }
628.     }
629.    
630.     if($error == true){
631.         $main_smarty->assign('link_id', $linkres->id);
632.         $main_smarty->assign('tpl_center', $the_template . '/submit_errors_center');
633.         $main_smarty->display($the_template . '/pligg.tpl');
634.         die();
635.     }
636.    
637.     return $error;
638. }
639. // assign any errors found during captch checking
640. function link_catcha_errors($linkerror)
641. {
642.     global $main_smarty, $the_template;
643.     $error = false;
644.  
645.     if($linkerror == 'captcha_error') { // if no category is selected
646.         $main_smarty->assign('submit_error', 'register_captcha_error');
647.         $main_smarty->assign('tpl_center', $the_template . '/submit_errors_center');
648.         $main_smarty->display($the_template . '/pligg.tpl');
649. #       $main_smarty->display($the_template . '/submit_errors.tpl');
650.         $error = true;
651.     }
652.     return $error;
653. }
654. ?>