is_valid) { send_error("The reCAPTCHA wasn't entered correctly. Try it again.")/* . "(reCAPTCHA said: " . $resp->error . ")")*/; } $user = array(); if (!$userdata['session_logged_in']) { $username = isset($HTTP_POST_VARS['user_name']) ? phpbb_clean_username($HTTP_POST_VARS['user_name']) : ''; $pwd = isset($HTTP_POST_VARS['user_pwd']) ? $HTTP_POST_VARS['user_pwd'] : ''; if (empty($username) || empty($pwd)) { send_error("You have not typed in your name or password. These fields are necessary to identify your contributed sentences."); } $email = htmlspecialchars($HTTP_POST_VARS['user_email'], ENT_QUOTES); $showemail = intval($HTTP_POST_VARS['show_email']); if ($showemail!==1) $showemail = 0; if (!empty($email)) { if (!preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) { send_error("The e-mail address is not valid."); } } $r = mysql_query("SELECT * FROM pvc_users WHERE u_name='" . str_replace("\\'", "''", $username) . "'"); if ($user = mysql_fetch_assoc($r)) { // If the last login is more than x minutes ago, then reset the login tries/time if ($user['u_last_login_try'] && $session_config['login_reset_time'] && $user['u_last_login_try'] < (time() - ($session_config['login_reset_time'] * 60))) { mysql_query('UPDATE ' . USERS_TABLE . ' SET u_login_tries = 0, u_last_login_try = 0 WHERE u_id = ' . $user['u_id']); $user['u_last_login_try'] = $user['u_login_tries'] = 0; } // Check to see if user is allowed to login again... if his tries are exceeded if ($user['u_last_login_try'] && $session_config['login_reset_time'] && $session_config['max_login_attempts'] && $user['u_last_login_try'] >= (time() - ($session_config['login_reset_time'] * 60)) && $user['u_login_tries'] >= $session_config['max_login_attempts']) { die('Login_attempts_exceeded: '.$session_config['max_login_attempts'].', '.$session_config['login_reset_time']); } if( md5($pwd) == $user['u_pwd']/* && $user['user_active']*/ || ($user['u_pwd']=='' && $user['u_id']!=ANONYMOUS)) { // if the user is created by the admin, occupy this name and credit all his sentences to this user if ($user['u_pwd']=='' && $user['u_id']!=ANONYMOUS) { mysql_query('UPDATE ' . USERS_TABLE . ' SET u_pwd="'.md5($pwd).'" WHERE u_id = ' . $user['u_id']); } $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; $userdata = session_begin($user['u_id'], $user_ip, 0, FALSE, $autologin, $admin); // Reset login tries mysql_query('UPDATE ' . USERS_TABLE . ' SET u_login_tries = 0, u_last_login_try = 0 WHERE u_id = ' . $user['u_id']); if( !$userdata ) send_error("Couldn't start session : login"); } else { // Save login tries and last login if ($user['u_id'] != ANONYMOUS) { $sql = 'UPDATE ' . USERS_TABLE . ' SET u_login_tries = u_login_tries + 1, u_last_login_try = ' . time() . ' WHERE u_id = ' . $user['u_id']; mysql_query($sql); } send_error("Your password is incorrect or your name was already used by another contributor. If this is the first time you are contributing a sentence, type in your full name or nickname."); } // if (md5($pwd)!==$user['u_pwd']) { // send_error("Your password is incorrect or your name was already used by another contributor. If this is the first time you are contributing a sentence, type in your full name or nickname."); // } mysql_query("UPDATE pvc_users SET u_email=\"$email\", u_showemail=$showemail WHERE u_name=\"$username\""); } else { mysql_query("INSERT INTO pvc_users (u_name, u_email, u_pwd, u_showemail) VALUES ('" . str_replace("\\'", "''", $username) . "', \"$email\", \"".md5($pwd)."\", $showemail);"); $r = mysql_query("SELECT * FROM pvc_users WHERE u_name=\"$username\""); $user = mysql_fetch_assoc($r); } $user['byadmin'] = 0; } else { $user = $userdata; $assigned_to = isset($HTTP_POST_VARS['assigned_to']) ? phpbb_clean_username($HTTP_POST_VARS['assigned_to']) : ''; if (!empty($assigned_to) && $userdata['u_admin']==1) { $r = mysql_query("SELECT * FROM pvc_users WHERE u_name='$assigned_to'"); if (!($user = mysql_fetch_assoc($r))) { mysql_query("INSERT INTO pvc_users (u_name, u_email, u_pwd) VALUES ('" . str_replace("\\'", "''", $assigned_to) . "', '', '');") or send_error(mysql_error());; $r = mysql_query("SELECT * FROM pvc_users WHERE u_name=\"$assigned_to\""); $user = mysql_fetch_assoc($r); } $user['byadmin'] = 1; } else { $user['byadmin'] = 0; } } } elseif (isset($_POST['new'])) { $new = intval($_POST['new']); if ($new!=2) $new = 0; } $text = htmlspecialchars($HTTP_POST_VARS['sentence'], ENT_QUOTES); $transcription = htmlspecialchars(str_replace("aa", "ā", $HTTP_POST_VARS['transcription']), ENT_QUOTES); $translation = htmlspecialchars($HTTP_POST_VARS['translation'], ENT_QUOTES); $source = htmlspecialchars($HTTP_POST_VARS['sent_source'], ENT_QUOTES); $url = mysql_real_escape_string($HTTP_POST_VARS['sent_url']); if ($url=='http://') $url = ''; $author = htmlspecialchars($HTTP_POST_VARS['author'], ENT_QUOTES); $year = intval($HTTP_POST_VARS['year']); $level = 0; if (isset($HTTP_POST_VARS['level'])) { $level = intval($HTTP_POST_VARS['level']); } $notes = htmlspecialchars($HTTP_POST_VARS['sent_notes'], ENT_QUOTES); $spoken = 0; if (isset($HTTP_POST_VARS['spoken'])) { $spoken = 1; } if (empty($text)) { send_error("You have not typed in a Persian sentence."); } if ($snt_id===-1) { $r = mysql_query("INSERT INTO pvc_sentence (snt_uid, snt_text, snt_transcr, snt_author, snt_date, snt_source, snt_url, snt_year, snt_translation, snt_note, snt_style, snt_byadmin) VALUES (\"$user[u_id]\", \"$text\", \"$transcription\", \"$author\", \"".date("Y-m-d")."\", \"$source\", \"$url\", \"$year\", \"$translation\", \"$notes\", $spoken, $user[byadmin]);"); if ($r) { $new_snt_id = mysql_insert_id(); $r = mysql_query("INSERT INTO pvc_verb_sentence (vs_vid, vs_sid) VALUES (\"$verb_id\", \"$new_snt_id\");"); print "{\"result\": 1, \"message\": \"Your sentence has been added for review. You can submit another sentence for this verb.\"}"; } else send_error("The sentence has not been added..."); } else { $r = mysql_query("UPDATE pvc_sentence SET snt_new=$new, snt_text=\"$text\", snt_transcr=\"$transcription\", snt_author=\"$author\", snt_source=\"$source\", snt_url=\"$url\", snt_year=$year, snt_translation=\"$translation\", snt_note=\"$notes\", snt_style=$spoken, snt_level=$level WHERE snt_id=$snt_id;"); if ($r) { mysql_query("DELETE FROM pvc_verb_sentence WHERE vs_sid=$snt_id"); $verb_ids = explode(';', $verb_id); $verb_links = array(); foreach ($verb_ids as $verbpos) { $verbpos = explode(':', $verbpos); $verb_id = $verbpos[0]; $r = mysql_query("SELECT * FROM pvc_verbs WHERE id=$verb_id"); if ($verb = mysql_fetch_assoc($r)) { $verb_links[] = "$verb[pers_inf]"; mysql_query("INSERT INTO pvc_verb_sentence (vs_vid, vs_sid, vs_vpos_pers, vs_vpos_trans) VALUES (\"$verb_id\", \"$snt_id\", \"$verbpos[1]\", \"$verbpos[2]\");"); } } $tags = array(); $topics = array(); foreach ($_POST as $key => $value) { $t_id = explode('_', $key); if (count($t_id)==2) { if ($t_id[0]=='tag' && $t_id[1]>0) { $tags[] = $t_id[1]; } elseif ($t_id[0]=='topic' && $t_id[1]>0) { $topics[] = $t_id[1]; } } } mysql_query("DELETE FROM pvc_sentence_tag WHERE sentence_id=$snt_id"); foreach ($tags as $t_id) { $r = mysql_query("INSERT INTO pvc_sentence_tag (sentence_id, tag_id) VALUES ($snt_id, $t_id)"); } mysql_query("DELETE FROM pvc_sentence_topic WHERE sentence_id=$snt_id"); foreach ($topics as $t_id) { $r = mysql_query("INSERT INTO pvc_sentence_topic (sentence_id, topic_id) VALUES ($snt_id, $t_id)"); } print "{\"result\": 1, \"message\": \"The sentence is successfully updated: ".implode(', ', $verb_links)."\"}"; } else send_error("The sentence is not updated..."); } ?>