Beispiel #1
0
<?php

required_params('note');
if (!empty(Request::$params->note['post_id'])) {
    $note = Note::blank(array('post_id' => Request::$params->note['post_id']));
} elseif (!empty(Request::$params->id)) {
    $note = Note::find(Request::$params->id);
}
if (!$note) {
    exit_with_status(400);
}
if ($note->is_locked()) {
    respond_to_error("Post is locked", array('post#show', 'id' => $note->post_id), array('status' => 422));
}
// $note->attributes = Request::$params->note;
$note->add_attributes(Request::$params->note);
$note->user_id = User::$current->id;
$note->ip_addr = Request::$remote_ip;
if ($note->save()) {
    respond_to_success("Note updated", '#index', array('api' => array('new_id' => $note->id, 'old_id' => (int) Request::$params->id, 'formatted_body' => $note->formatted_body())));
} else {
    respond_to_error($note, array('post#show', 'id' => $note->post_id));
}
Beispiel #2
0
<?php

set_title('Logout');
session_regenerate_id();
session_destroy();
$_SESSION = array();
session_start();
cookie_remove('login');
cookie_remove('pass_hash');
$dest = isset(Request::$params->from) ? Request::$params->from : '#home';
respond_to_success("You are now logged out", $dest);
Beispiel #3
0
<?php

if (Request::$params->commit == "Cancel") {
    redirect_to('#show', array('id' => Request::$params->id));
}
$post = Post::find(Request::$params->id);
if (!$post) {
    respond_to_error('Post doesn\'t exist', array('#show', array('id' => Request::$params->id)));
}
if (!$post->can_user_delete(User::$current)) {
    access_denied();
}
if ($post->status == "deleted") {
    if (!empty(Request::$params->destroy)) {
        $post->delete_from_database();
        respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id)));
    } else {
        respond_to_success("Post already deleted", array("#delete", array('id' => Request::$params->id)));
    }
} else {
    Post::static_destroy_with_reason($post->id, Request::$params->reason, User::$current);
    # Destroy in one request.
    if (!empty(Request::$params->destroy)) {
        $post->delete_from_database();
        respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id)));
    }
    respond_to_success("Post deleted", array("#show", array('id' => Request::$params->id)));
}
Beispiel #4
0
<?php

// vde(Request::$params);
required_params(array('id', 'post'));
if (!($post = Post::find(Request::$params->id))) {
    render("#show_empty", array('status' => 404));
    return;
}
Post::filter_api_changes(Request::$params->post);
Request::$params->post['updater_user_id'] = User::$current->id;
Request::$params->post['updater_ip_addr'] = Request::$remote_ip;
if ($post->update_attributes(Request::$params->post)) {
    # Reload the post to send the new status back; not all changes will be reflected in
    # @post due to after_save changes.
    // $post->reload();
    $api_data = Request::$format == "json" || Request::$format == "xml" ? $post->api_data() : array();
    respond_to_success("Post updated", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), $api_data);
} else {
    respond_to_error($post, array('#show', array('id' => Request::$params->id)));
}
Beispiel #5
0
<?php

empty(Request::$params->id) && access_denied();
$comment = Comment::find(Request::$params->id);
if (User::$current->has_permission($comment)) {
    $comment->destroy();
    respond_to_success("Comment deleted", array('post#show', 'id' => $comment->post_id));
} else {
    access_denied();
}
Beispiel #6
0
    } else {
        $api_data = array('post_id' => $post->id, 'location' => url_for('post#show', array('id' => $post->id)));
        if (CONFIG::dupe_check_on_upload && $post->is_image() && empty($post->parent_id)) {
            // if (Request::$format == "xml" || Request::$format == "json") {
            // $options = array('services' => SimilarImages::get_services('local'), 'type' => 'post', 'source' => $post);
            // $res = SimilarImages::similar_images($options);
            // if (!empty($res['posts'])) {
            // $post->tags .= " possible_duplicate";
            // $post->save();
            // $api_data['has_similar_hits'] = true;
            // }
            // }
            $api_data['similar_location'] = url_for('post#similar', array('id' => $post->id, 'initial' => 1));
            respond_to_success("Post uploaded", array('#similar', array('id' => $post->id, 'initial' => 1)), array('api' => $api_data));
        } else {
            respond_to_success("Post uploaded", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), array('api' => $api_data));
        }
    }
} elseif ($post->record_errors->invalid('md5')) {
    $p = Post::find_by_md5($post->md5);
    if (!empty(Request::$params->post['tags'])) {
        $p->old_tags = $p->tags;
        $p->tags .= ' ' . Request::$params->post['tags'];
    }
    # TODO: what are these attributes for?
    $update = array('updater_user_id' => User::$current->id, 'updater_ip_addr' => Request::$remote_ip);
    if (empty($p->source) && !empty($post->source)) {
        $p->source = $post->source;
    }
    $p->save();
    $api_data = array('location' => url_for("post#show", array('id' => $p->id)), 'post_id' => $p->id);
<?php

User::save_cookies(User::$current);
$path = empty(Request::$params->url) ? '/user/home' : Request::$url;
respond_to_success("You are now logged in", $path);
Beispiel #8
0
<?php

Tag::recalculate_post_count();
respond_to_success('Count fixed', '#index');
<?php

required_params(array('pool_id', 'post_id'));
$pool = Pool::find(Request::$params->pool_id);
$post = Post::find(Request::$params->post_id);
if (!$pool || !$post) {
    return 404;
}
if (Request::$post) {
    try {
        $pool->remove_post(Request::$params->post_id, array('user' => User::$current));
    } catch (Exception $e) {
        if ($e->getMessage() == 'Access Denied') {
            access_denied();
        }
    }
    $api_data = Post::batch_api_data(array($post));
    // response.headers["X-Post-Id"] = params[:post_id]
    respond_to_success("Post removed", array('post#show', 'id' => Request::$params->post_id), array('api' => $api_data));
}
Beispiel #10
0
<?php

if (!($comment = Comment::find(Request::$params->id))) {
    exit;
}
if (User::$current->has_permission($comment)) {
    $comment->update_attributes(Request::$params->comment);
    respond_to_success("Comment updated", "#index");
} else {
    access_denied();
}
Beispiel #11
0
<?php

required_params('id');
$pool = Pool::find(Request::$params->id);
if (!$pool) {
    return 404;
}
if (Request::$post) {
    if ($pool->can_be_updated_by(User::$current)) {
        $pool->destroy();
        respond_to_success("Pool deleted", "#index");
    } else {
        access_denied();
    }
}
Beispiel #12
0
<?php

if (Request::$post) {
    required_params('pool');
    $pool = Pool::create(array_merge(Request::$params->pool, array('user_id' => User::$current->id)));
    if ($pool->record_errors->blank()) {
        respond_to_success("Pool created", array("#show", array('id' => $pool->id)));
    } else {
        respond_to_error($pool, "#index");
    }
} else {
    $pool = Pool::blank(array('user_id' => User::$current->id));
}
Beispiel #13
0
<?php

required_params('id');
$post = Post::find(Request::$params->id);
$post->undelete();
$affected_posts = array($post);
if ($post->parent_id) {
    $affected_posts[] = $post->get_parent();
}
if (Request::$format == "json" || Request::$format == "xml") {
    $api_data = Post::batch_api_data($affected_posts);
} else {
    $api_data = array();
}
respond_to_success("Post was undeleted", array('#show', array('id' => Request::$params->id), array('api' => $api_data)));
Beispiel #14
0
auto_set_params('reason');
if (!($post = Post::find(Request::$params->id))) {
    exit_with_status(404);
}
if (!empty(Request::$params->unflag)) {
    # Allow the user who flagged a post to unflag it.
    #
    # posts
    # "approve" is used both to mean "unflag post" and "approve pending post".
    if ($post->status != "flagged") {
        respond_to_error("Can only unflag flagged posts", array("#show", 'id' => Request::$params->id));
    }
    if (!User::is('>=40') and User::$current->id != $post->flag_detail->user_id) {
        access_denied();
    }
    $post->approve(User::$current->id);
    $message = "Post approved";
} else {
    if ($post->status != "active") {
        respond_to_error("Can only flag active posts", array("#show", 'id' => Request::$params->id));
    }
    $post->flag(Request::$params->reason, User::$current->id);
    $message = "Post flagged";
}
# Reload the post to pull in post.flag_reason.
$post->reload();
if (Request::$format == "json" || Request::$format == "xml") {
    $api_data = Post::batch_api_data(array($post));
}
respond_to_success($message, array("#show", 'id' => Request::$params->id), array('api' => $api_data));
Beispiel #15
0
<?php

if (isset(Request::$params->commit) && Request::$params->commit == "Cancel") {
    redirect_to('#home');
}
if (!empty(Request::$params->user) && User::$current->update_attributes(Request::$params->user)) {
    User::save_cookies(User::$current);
    respond_to_success("Account settings saved", "#edit");
} else {
    respond_to_error(User::$current, "#edit");
}
    $ids[] = $p->id;
    # If an entry has only an ID, it was just included in the list to receive changes to
    # a post without changing it (for example, to receive the parent's data after reparenting
    # a post under it).
    if (empty($post)) {
        continue;
    }
    $old_parent_id = $p->parent_id;
    Post::filter_api_changes($post);
    if ($p->update_attributes(array_merge($post, array('updater_user_id' => $user_id, 'updater_ip_addr' => Request::$remote_ip)))) {
        // post.merge(:updater_user_id => user_id, :updater_ip_addr => request.remote_ip))
        # Reload the post to send the new status back; not all changes will be reflected in
        # @post due to after_save changes.
        // $p->reload();
    }
    if ($p->parent_id != $old_parent_id) {
        $p->parent_id && ($ids[] = $p->parent_id);
        $old_parent_id && ($ids[] = $old_parent_id);
    }
}
# Updates to one post may affect others, so only generate the return list after we've already
# updated everything.
# TODO: need better SQL functions.
$ids = implode(', ', $ids);
$posts = Post::find_all(array('conditions' => array("id IN ({$ids})")));
$api_data = Post::batch_api_data($posts);
$url = !empty(Request::$params->url) ? Request::$params->url : '#index';
// $url = Request::$params->url;
// $url = {:action => "index"} if not url
respond_to_success("Posts updated", $url, array('api' => $api_data));
Beispiel #17
0
                $post->destroy_with_reason(Request::$params->reason ? Request::$params->reason : Request::$params->reason2, User::$current);
                # Include post data for the parent: deleted posts aren't counted as children, so
                # their has_children attribute may change.
                if (!empty($post->parent_id)) {
                    $posts[] = $post->get_parent();
                }
            }
            $post->reload();
            $posts[] = $post;
        }
    }
    $posts = array_unique($posts);
    if (Request::$format == "json" || Request::$format == "xml") {
        $api_data = Post::batch_api_data($posts);
    } else {
        $api_data = array();
    }
    if (Request::$params->commit == "Approve") {
        respond_to_success("Post approved", "#moderate", array('api' => $api_data));
    } elseif (Request::$params->commit == "Delete") {
        respond_to_success("Post deleted", "#moderate", array('api' => $api_data));
    }
} else {
    if (!empty(Request::$params->query)) {
        $pending_posts = Post::find_by_sql(Post::generate_sql(Request::$params->query, array('pending' => true, 'order' => "id desc")));
        $flagged_posts = Post::find_by_sql(Post::generate_sql(Request::$params->query, array('flagged' => true, 'order' => "id desc")));
    } else {
        $pending_posts = Post::find('all', array('conditions' => "status = 'pending'", 'order' => "id desc"));
        $flagged_posts = Post::find('all', array('conditions' => "status = 'flagged'", 'order' => "id desc"));
    }
}
Beispiel #18
0
<?php

required_params('username');
// $user = new User('find_by_name', Request::$params->username);
$user = User::find_by_name(Request::$params->username);
// vde($user);
$ret['exists'] = false;
$ret['name'] = Request::$params->username;
if (!$user) {
    $ret['response'] = "unknown-user";
    respond_to_success("User does not exist", null, array('api' => $ret));
    return;
}
# Return some basic information about the user even if the password isn't given, for
# UI cosmetics.
$ret['exists'] = true;
$ret['id'] = $user->id;
$ret['name'] = $user->name;
$ret['no_email'] = empty($user->email);
$pass = isset(Request::$params->password) ? Request::$params->password : "";
$user = User::authenticate(Request::$params->username, $pass);
if (!$user) {
    $ret['response'] = "wrong-password";
    respond_to_success("Wrong password", null, array('api' => $ret));
    return;
}
$ret['pass_hash'] = $user->password_hash;
$ret['user_info'] = $user->user_info_cookie();
$ret['response'] = 'success';
respond_to_success("Successful", null, array('api' => $ret));
Beispiel #19
0
auto_set_params('pool_id');
if (Request::$post) {
    if (!Request::$params->pool_id) {
        return;
    }
    // $pool = new Pool('find', Request::$params->pool_id);
    $pool = Pool::find(Request::$params->pool_id);
    $_SESSION['last_pool_id'] = $pool->id;
    if (isset(Request::$params->pool) && !empty(Request::$params->pool['sequence'])) {
        $sequence = Request::$params->pool['sequence'];
    } else {
        $sequence = null;
    }
    try {
        $pool->add_post(Request::$params->post_id, array('sequence' => $sequence, 'user' => User::$current->id));
        respond_to_success('Post added', array('post#show', 'id' => Request::$params->post_id));
    } catch (Exception $e) {
        if ($e->getMessage() == 'Post already exists') {
            respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)), array('status' => 423));
        } elseif ($e->getMessage() == 'Access Denied') {
            access_denied();
        } else {
            respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)));
        }
    }
} else {
    if (User::$current->is_anonymous) {
        $pools = Pool::find_all(array('order' => "name", 'conditions' => "is_active = TRUE AND is_public = TRUE"));
    } else {
        $pools = Pool::find_all(array('order' => "name", 'conditions' => array("is_active = TRUE AND (is_public = TRUE OR user_id = ?)", User::$current->id)));
    }
Beispiel #20
0
<?php

required_params('tag_name');
$tag = Tag::find_by_name(Request::$params->tag_name);
if ($tag) {
    $tag->delete();
}
unset(Request::$get_params['tag_name']);
respond_to_success('Tag deleted', array('#index', Request::$get_params));
Beispiel #21
0
<?php

if (!isset(Request::$params->score)) {
    $vote = PostVotes::find_by_user_id_and_post_id(User::$current->id, Request::$params->id);
    $score = $vote ? $vote->score : 0;
    respond_to_success("", array(), array('vote' => $score));
    return;
}
$p = Post::find(Request::$params->id);
$score = (int) Request::$params->score;
if (!User::is('>=40') && ($score < 0 || $score > 3)) {
    respond_to_error("Invalid score", "#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title(), 'status' => 424));
    return;
}
$vote_successful = $p->vote($score, User::$current);
$api_data = Post::batch_api_data(array($p));
$api_data['voted_by'] = $p->voted_by();
if ($vote_successful) {
    respond_to_success("Vote saved", array("#show", 'id' => Request::$params->id, 'tag_title' => $p->tag_title()), array('api' => $api_data));
} else {
    respond_to_error("Already voted", array("#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title())), array('api' => $api_data, 'status' => 423));
}
Beispiel #22
0
<?php

required_params('id');
required_params('pool', 'only', 'post');
$pool = Pool::find(Request::$params->id);
if (!$pool->can_be_updated_by(User::$current)) {
    access_denied();
}
if (Request::$post) {
    $pool->update_attributes(Request::$params->pool);
    respond_to_success("Pool updated", array('#show', array('id' => Request::$params->id)));
}
Beispiel #23
0
<?php

if (User::is('<=20') && Request::$params->commit == "Post" && Comment::count(array('conditions' => array("user_id = ? AND created_at > ?", User::$current->id, gmd_math('sub', '1H'))) >= CONFIG::member_comment_limit)) {
    # TODO: move this to the model
    respond_to_error("Hourly limit exceeded", "#index", array('status' => 421));
}
$user_id = User::$current->id;
Request::$params->comment = array_merge(Request::$params->comment, array('ip_addr' => Request::$remote_ip, 'user_id' => $user_id));
// $comment = new Comment('empty', Request::$params->comment);
$comment = Comment::blank(Request::$params->comment);
// vde(Request::$params->comment);
// vde($comment);
if (Request::$params->commit == "Post without bumping") {
    $comment->do_not_bump_post = true;
}
if ($comment->save()) {
    respond_to_success("Comment created", "#index");
} else {
    respond_to_error($comment, "#index");
}
Beispiel #24
0
<?php

$ids = Request::$params->post_ids;
$changed = Post::batch_activate(User::is('>=40') ? null : User::$current->id, $ids);
respond_to_success("Posts activated", "#moderate", array('api' => array('count' => $changed)));
Beispiel #25
0
<?php

if (!empty(Request::$params->tag['name'])) {
    $tag = Tag::find_by_name(Request::$params->tag['name']);
    if ($tag) {
        $tag->update_attributes(Request::$params->tag);
    }
}
respond_to_success("Tag updated", '#index');
<?php

$added_tags = !empty(Request::$params->add) ? Request::$params->add : array();
$removed_tags = !empty(Request::$params->remove) ? Request::$params->remove : array();
$tags = User::$current->blacklisted_tags_array();
foreach ($added_tags as $tag) {
    !in_array($tag, $tags) && ($tags[] = $tag);
}
$tags = array_diff($tags, $removed_tags);
if (User::$current->user_blacklisted_tag->update_attribute('tags', implode("\r\n", $tags))) {
    respond_to_success("Tag blacklist updated", "#home", array('api' => array('result' => User::$current->blacklisted_tags_array())));
} else {
    respond_to_error(User::$current, "#edit");
}
Beispiel #27
0
<?php

required_params('user');
$user = User::create(Request::$params->user);
if ($user->record_errors->blank()) {
    User::save_cookies($user);
    $ret = array('exists' => false);
    $ret['name'] = $user->name;
    $ret['id'] = $user->id;
    $ret['pass_hash'] = $user->password_hash;
    $ret['user_info'] = $user->user_info_cookie;
    $ret['response'] = 'success';
    respond_to_success("New account created", "#home", array('api' => $ret));
} else {
    $error = implode(', ', $user->record_errors->full_messages());
    respond_to_success("Error: " . $error, "#signup", array('api' => array('response' => "error", 'errors' => $user->record_errors->full_messages())));
}