Beispiel #1
0
function change_post_confidentiality_status()
{
    $thread_id = -1;
    $comment_id = -1;
    $choice = -1;
    // Récupération des arguments
    if (isset($_GET["thread_id"])) {
        $thread_id = $_GET["thread_id"];
    }
    if (isset($_GET["comment_id"])) {
        $comment_id = $_GET["comment_id"];
    }
    if (isset($_GET["order"])) {
        $choice = $_GET["order"];
    }
    if (user_privilege_level() > 2) {
        if ($thread_id * $comment_id > 0) {
            $_SESSION['transient_display'] = '<div class="warning">Impossible de d&eacute;terminer l\'objet auquel appliquer la commande de mod&eacute;ration</div>';
        } else {
            $result = "";
            // Vérification de l'appartenance de l'ID au demandeur (pourraît être intégré à la requête SQL si nécessaire)
            if ($thread_id > 0) {
                $result = @mysql_query(sprintf("SELECT rand_prop,hash_prop FROM thread WHERE thread_id='%s'", mysql_real_escape_string($thread_id)));
            } else {
                $result = @mysql_query(sprintf("SELECT rand_prop,hash_prop FROM comment WHERE comment_id='%s'", mysql_real_escape_string($comment_id)));
            }
            // L'ID existe bien
            if ($result && ($row = mysql_fetch_assoc($result))) {
                // On vérifie l'appartenance au demandeur
                if (check_property($row["rand_prop"], $row["hash_prop"])) {
                    $query = "";
                    // Commande de mise à jour
                    if ($thread_id > 0) {
                        if ($choice == 1) {
                            $query = sprintf("UPDATE thread SET possibly_name='%s' WHERE thread_id='%s'", mysql_real_escape_string(construct_name_from_session()), mysql_real_escape_string($thread_id));
                        } elseif ($choice == 0) {
                            $query = sprintf("UPDATE thread SET possibly_name='%s' WHERE thread_id='%s'", "", mysql_real_escape_string($thread_id));
                        }
                    } else {
                        $query = "";
                        if ($choice == 1) {
                            $query = sprintf("UPDATE comment SET possibly_name='%s' WHERE comment_id='%s'", mysql_real_escape_string(construct_name_from_session()), mysql_real_escape_string($comment_id));
                        } elseif ($choice == 0) {
                            $query = sprintf("UPDATE comment SET possibly_name='%s' WHERE comment_id='%s'", "", mysql_real_escape_string($comment_id));
                        }
                    }
                    // La décision n'était ni 0 ni 1
                    if (empty($query)) {
                        $_SESSION['transient_display'] = '<div class="warning">D&eacute;cision non valide</div>';
                    } else {
                        // On exécute la commande et note le résultat
                        if (@mysql_query($query)) {
                            $_SESSION['transient_display'] = '<div class="success">Propri&eacute;t&eacute;s de confidentialit&eacute; correctement mises &agrave; jour</div>';
                        } else {
                            $_SESSION['transient_display'] = '<div class="warning">Erreur durant la mise &agrave; jour des propri&eacute;t&eacute;s de confidentialit&eacute;</div>';
                        }
                    }
                } else {
                    $_SESSION['transient_display'] = '<div class="warning">Vous devez &ecirc;tre le propri&eacute;taire du message pour effectuer cette op&eacute;ration</div>';
                }
                @mysql_free_result($result);
            } else {
                $_SESSION['transient_display'] = '<div class="warning">Id de l\'objet invalide</div>';
            }
        }
    } else {
        $_SESSION['transient_display'] = '<div class="warning">Vous ne disposez pas des droits suffisants</div>';
    }
}
Beispiel #2
0
/**
 * inserts a new idea in the database
 *
 * @param  string    $title  title of the idea
 * @param  string    $message message of the idea
 * @param  string    $anonymization tells if idea is to be anonymized
 * @param  integer   $category id of the category for the idea
 * @param  string    $login  login of the poster
 * @param  integer   $valid says if the idea needs to be moderated (default 0 = needs moderation)
 * @return array     
 */
function post($title, $message, $anonymization, $category, $login, $valid = 0, $output = '', $latitude = 0, $longitude = 0)
{
    $action = new action();
    $action->set_result(False);
    $check_1 = isset($title) && !empty($title);
    $check_2 = isset($message) && !empty($message);
    $check_3 = !isset($anonymization) || $anonymization == "on";
    $check_4 = isset($category) && is_numeric($category) && $category > 0;
    // Vérification des arguments
    if ($check_1) {
        $title_prec = $title;
    } else {
        $action->add_warning(_('Incorrect title'));
    }
    if ($check_2) {
        $text_prec = $message;
    } else {
        $action->add_warning(_('Incorrect message'));
    }
    if ($check_3) {
        if (isset($anonymization)) {
            $anon_prec = "on";
        }
    } else {
        $action->add_warning(_('Incorrect anonymization value'));
    }
    if ($check_4) {
        $cate_prec = $category;
    } else {
        $action->add_warning(_('Incorrect category'));
    }
    if ($check_1 && $check_2 && $check_3 && $check_4) {
        $title_prec_sec = mysql_real_escape_string($title_prec);
        $text_prec_sec = mysql_real_escape_string($text_prec);
        $cate_prec_sec = mysql_real_escape_string($cate_prec);
        $rand_prop = mt_rand(0, 65535);
        $hash_prop = sha1($login . $rand_prop);
        if ($anon_prec == "on") {
            $name_print = "";
        } else {
            $name_print = mysql_real_escape_string(construct_name_from_session());
        }
        if ($latitude != 0 && $longitude != 0) {
            $geolocalization = ',`latitude`,`longitude`';
            $geolocalization_values = ",{$latitude},{$longitude}";
        } else {
            $geolocalization = '';
            $geolocalization_values = '';
        }
        if (@mysql_query("INSERT INTO `thread` (`thread_id`,`rand_prop`,`hash_prop`,`title`,`text`,`date`,`category`,`is_valid`,`already_mod`,`possibly_name`" . $geolocalization . ") VALUES (NULL, '{$rand_prop}', '{$hash_prop}','{$title_prec_sec}','{$text_prec_sec}',CURRENT_TIMESTAMP,'{$cate_prec_sec}',{$valid},{$valid},'{$name_print}'" . $geolocalization_values . ")")) {
            $action->add_success(_('The idea was added to Refresh and now has to be moderated'));
            $action->set_result(True);
        } else {
            $action->add_warning(_('The idea could not be added due to a database error'));
        }
    }
    $action->output_result($output);
    return $action;
}
/**
 * inserts a new idea in the database
 *
 * @param  string    $title  title of the idea
 * @param  string    $message message of the idea
 * @param  string    $anonymization tells if idea is to be anonymized
 * @param  integer   $category id of the category for the idea
 * @param  string    $login  login of the poster
 * @param  integer   $valid says if the idea needs to be moderated (default 0 = needs moderation)
 * @return array     
 */
function post($title, $message, $anonymization, $category, $login, $valid = 0)
{
    $action = new action();
    $action->result = False;
    $check_1 = isset($title) && !empty($title);
    $check_2 = isset($message) && !empty($message);
    $check_3 = !isset($anonymization) || $anonymization == "on";
    $check_4 = isset($category) && is_numeric($category) && $category > 0;
    // V�rification des arguments
    if ($check_1) {
        $title_prec = $title;
    } else {
        $action->add_warning(_('Titre incorrect'));
    }
    if ($check_2) {
        $text_prec = $message;
    } else {
        $action->add_warning(_('Message incorrect'));
    }
    if ($check_3) {
        if (isset($anonymization)) {
            $anon_prec = "on";
        }
    } else {
        $action->add_warning(_('Incorrect anonymization value'));
    }
    if ($check_4) {
        $cate_prec = $category;
    } else {
        $action->add_warning(_('Catégorie incorrecte'));
    }
    if ($check_1 && $check_2 && $check_3 && $check_4) {
        $title_prec_sec = mysql_real_escape_string($title_prec);
        $text_prec_sec = mysql_real_escape_string($text_prec);
        $cate_prec_sec = mysql_real_escape_string($cate_prec);
        $rand_prop = mt_rand(0, 65535);
        $hash_prop = sha1($login . $rand_prop);
        if ($anon_prec == "on") {
            $name_print = "";
        } else {
            $name_print = mysql_real_escape_string(construct_name_from_session());
        }
        if (@mysql_query("INSERT INTO `thread` (`thread_id`,`rand_prop`,`hash_prop`,`title`,`text`,`date`,`category`,`is_valid`,`possibly_name`) VALUES (NULL, '{$rand_prop}', '{$hash_prop}','{$title_prec_sec}','{$text_prec_sec}',CURRENT_TIMESTAMP,'{$cate_prec_sec}',{$valid},'{$name_print}')")) {
            $action->add_success(_('Ta proposition a bien &eacute;t&eacute; ajout&eacute;e et est en attente de mod&eacute;ration'));
            $action->result = True;
        } else {
            $action->add_warning(_('Ta proposition n\'a pas pu être ajoutée suite à une erreur de transfert.'));
        }
    }
    return $action;
}
Beispiel #4
0
function new_comment()
{
    if (isset($_SESSION["text_new_comment_rest"])) {
        unset($_SESSION["text_new_comment_rest"]);
    }
    if (isset($_SESSION["text_anonymous_rest"])) {
        unset($_SESSION["text_anonymous_rest"]);
    }
    if (user_privilege_level() > 2) {
        $text_prec = "";
        $anon_prec = "";
        $succes_func = false;
        if (isset($_POST['form_name']) && $_POST['form_name'] == "create_comment") {
            $check_1 = isset($_POST["message"]) && is_string($_POST["message"]) && !empty($_POST["message"]);
            $check_2 = !isset($_POST["anonymization"]) || $_POST["anonymization"] == "on";
            if ($check_1) {
                $text_prec = trim($_POST["message"]);
            } else {
                $_SESSION['transient_display'] = '<div class="warning">Texte du nouveau commentaire incorrect</div>';
            }
            if ($check_2) {
                if (isset($_POST["anonymization"])) {
                    $anon_prec = "on";
                }
            } else {
                $_SESSION['transient_display'] = '<div class="warning">Valeur pour l\'anonymat du nouveau commentaire incorrecte</div>';
            }
            if ($check_1 && $check_2) {
                if (isset($_GET["thread_id"]) && is_numeric($_GET["thread_id"]) && $_GET["thread_id"] > 0) {
                    $thread_id = mysql_real_escape_string($_GET["thread_id"]);
                    $result = @mysql_query(sprintf("SELECT thread_id FROM thread WHERE thread_id='%s'", $thread_id));
                    if (!$result || mysql_num_rows($result) < 1) {
                        $_SESSION['transient_display'] = '<div class="warning">Proposition introuvable lors de l\'ajout du nouveau commentaire</div>';
                    } else {
                        $text_back = $text_prec;
                        $text_prec = mysql_real_escape_string($text_prec);
                        $rand_prop = mt_rand(0, 65535);
                        $hash_prop = sha1($_SESSION['login_c'] . $rand_prop);
                        // Anonymat relatif, car nombre d'adresses mails élèves dans l'école limité...
                        if ($anon_prec == "on") {
                            $name_print = "";
                        } else {
                            $name_print = mysql_real_escape_string(construct_name_from_session());
                        }
                        $chaine_conf = random_password(40);
                        $chaine_conf_hash = sha1($chaine_conf);
                        if (@mysql_query("INSERT INTO `comment` (`comment_id`,`thread_id`,`rand_prop`,`hash_prop`,`text`,`date`,`is_valid`,`possibly_name`,`chaine_moderation`) VALUES (NULL,'{$thread_id}','{$rand_prop}','{$hash_prop}','{$text_prec}',CURRENT_TIMESTAMP,0,'{$name_print}','{$chaine_conf_hash}')")) {
                            $_SESSION['transient_display'] = '<div class="success">Commentaire correctement plac&eacute; en attente de mod&eacute;ration</div>';
                            $succes_func = true;
                            $comment_id = mysql_insert_id();
                            /*
                            $nexp="Ponts ParisTech Refresh";
                            $email="*****@*****.**";
                            $subject="Modération - nouveau commentaire";
                            $header = "From: ". $nexp . " <" . $email . ">\r\n";
                            $text_backm=stripslashes($text_back);
                            $mail_body =$mail_body = "Bonjour,\n\nUn nouveau commentaire a été ajouté en réponse à la proposition #$thread_id [http://refresh.enpc.org/index.php?action=display_post&unique=$thread_id]. Voici son contenu :\n\n****************\n$text_backm\n****************\n\nVous pouvez approuver ce commentaire dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=comment&id=$comment_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh";
                            file_put_contents('fichier.tmp.txt',$subject."\n\n\n\n".$mail_body);
                            */
                        } else {
                            $_SESSION['transient_display'] = '<div class="warning">Erreur lors de la requ&ecirc;te d\'ajout du nouveau commentaire</div>';
                        }
                        @mysql_free_result($result);
                    }
                } else {
                    $_SESSION['transient_display'] = '<div class="warning">Proposition introuvable lors de l\'ajout du nouveau commentaire</div>';
                    return;
                }
            }
        }
        if (isset($_POST)) {
            unset($_POST);
        }
        if (!$succes_func) {
            $_SESSION["text_new_comment_rest"] = $text_back;
            if (!empty($anon_prec)) {
                $_SESSION["text_anonymous_rest"] = 1;
            }
        }
    } else {
        $_SESSION['transient_display'] = '<div class="warning">Droits insuffisants pour ajouter un commentaire</div>';
    }
}