<?php
required_params('note');
if (!empty(Request::$params->note['post_id'])) {
$note = Note::blank(array('post_id' => Request::$params->note['post_id']));
} elseif (!empty(Request::$params->id)) {
$note = Note::find(Request::$params->id);
}
if (!$note) {
exit_with_status(400);
}
if ($note->is_locked()) {
respond_to_error("Post is locked", array('post#show', 'id' => $note->post_id), array('status' => 422));
}
// $note->attributes = Request::$params->note;
$note->add_attributes(Request::$params->note);
$note->user_id = User::$current->id;
$note->ip_addr = Request::$remote_ip;
if ($note->save()) {
respond_to_success("Note updated", '#index', array('api' => array('new_id' => $note->id, 'old_id' => (int) Request::$params->id, 'formatted_body' => $note->formatted_body())));
} else {
respond_to_error($note, array('post#show', 'id' => $note->post_id));
}
<?php
set_title('Logout');
session_regenerate_id();
session_destroy();
$_SESSION = array();
session_start();
cookie_remove('login');
cookie_remove('pass_hash');
$dest = isset(Request::$params->from) ? Request::$params->from : '#home';
respond_to_success("You are now logged out", $dest);
<?php
if (Request::$params->commit == "Cancel") {
redirect_to('#show', array('id' => Request::$params->id));
}
$post = Post::find(Request::$params->id);
if (!$post) {
respond_to_error('Post doesn\'t exist', array('#show', array('id' => Request::$params->id)));
}
if (!$post->can_user_delete(User::$current)) {
access_denied();
}
if ($post->status == "deleted") {
if (!empty(Request::$params->destroy)) {
$post->delete_from_database();
respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id)));
} else {
respond_to_success("Post already deleted", array("#delete", array('id' => Request::$params->id)));
}
} else {
Post::static_destroy_with_reason($post->id, Request::$params->reason, User::$current);
# Destroy in one request.
if (!empty(Request::$params->destroy)) {
$post->delete_from_database();
respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id)));
}
respond_to_success("Post deleted", array("#show", array('id' => Request::$params->id)));
}
<?php
// vde(Request::$params);
required_params(array('id', 'post'));
if (!($post = Post::find(Request::$params->id))) {
render("#show_empty", array('status' => 404));
return;
}
Post::filter_api_changes(Request::$params->post);
Request::$params->post['updater_user_id'] = User::$current->id;
Request::$params->post['updater_ip_addr'] = Request::$remote_ip;
if ($post->update_attributes(Request::$params->post)) {
# Reload the post to send the new status back; not all changes will be reflected in
# @post due to after_save changes.
// $post->reload();
$api_data = Request::$format == "json" || Request::$format == "xml" ? $post->api_data() : array();
respond_to_success("Post updated", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), $api_data);
} else {
respond_to_error($post, array('#show', array('id' => Request::$params->id)));
}
<?php
empty(Request::$params->id) && access_denied();
$comment = Comment::find(Request::$params->id);
if (User::$current->has_permission($comment)) {
$comment->destroy();
respond_to_success("Comment deleted", array('post#show', 'id' => $comment->post_id));
} else {
access_denied();
}
} else {
$api_data = array('post_id' => $post->id, 'location' => url_for('post#show', array('id' => $post->id)));
if (CONFIG::dupe_check_on_upload && $post->is_image() && empty($post->parent_id)) {
// if (Request::$format == "xml" || Request::$format == "json") {
// $options = array('services' => SimilarImages::get_services('local'), 'type' => 'post', 'source' => $post);
// $res = SimilarImages::similar_images($options);
// if (!empty($res['posts'])) {
// $post->tags .= " possible_duplicate";
// $post->save();
// $api_data['has_similar_hits'] = true;
// }
// }
$api_data['similar_location'] = url_for('post#similar', array('id' => $post->id, 'initial' => 1));
respond_to_success("Post uploaded", array('#similar', array('id' => $post->id, 'initial' => 1)), array('api' => $api_data));
} else {
respond_to_success("Post uploaded", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), array('api' => $api_data));
}
}
} elseif ($post->record_errors->invalid('md5')) {
$p = Post::find_by_md5($post->md5);
if (!empty(Request::$params->post['tags'])) {
$p->old_tags = $p->tags;
$p->tags .= ' ' . Request::$params->post['tags'];
}
# TODO: what are these attributes for?
$update = array('updater_user_id' => User::$current->id, 'updater_ip_addr' => Request::$remote_ip);
if (empty($p->source) && !empty($post->source)) {
$p->source = $post->source;
}
$p->save();
$api_data = array('location' => url_for("post#show", array('id' => $p->id)), 'post_id' => $p->id);
<?php
User::save_cookies(User::$current);
$path = empty(Request::$params->url) ? '/user/home' : Request::$url;
respond_to_success("You are now logged in", $path);
<?php
Tag::recalculate_post_count();
respond_to_success('Count fixed', '#index');
<?php
required_params(array('pool_id', 'post_id'));
$pool = Pool::find(Request::$params->pool_id);
$post = Post::find(Request::$params->post_id);
if (!$pool || !$post) {
return 404;
}
if (Request::$post) {
try {
$pool->remove_post(Request::$params->post_id, array('user' => User::$current));
} catch (Exception $e) {
if ($e->getMessage() == 'Access Denied') {
access_denied();
}
}
$api_data = Post::batch_api_data(array($post));
// response.headers["X-Post-Id"] = params[:post_id]
respond_to_success("Post removed", array('post#show', 'id' => Request::$params->post_id), array('api' => $api_data));
}
<?php
if (!($comment = Comment::find(Request::$params->id))) {
exit;
}
if (User::$current->has_permission($comment)) {
$comment->update_attributes(Request::$params->comment);
respond_to_success("Comment updated", "#index");
} else {
access_denied();
}
<?php
required_params('id');
$pool = Pool::find(Request::$params->id);
if (!$pool) {
return 404;
}
if (Request::$post) {
if ($pool->can_be_updated_by(User::$current)) {
$pool->destroy();
respond_to_success("Pool deleted", "#index");
} else {
access_denied();
}
}
<?php
if (Request::$post) {
required_params('pool');
$pool = Pool::create(array_merge(Request::$params->pool, array('user_id' => User::$current->id)));
if ($pool->record_errors->blank()) {
respond_to_success("Pool created", array("#show", array('id' => $pool->id)));
} else {
respond_to_error($pool, "#index");
}
} else {
$pool = Pool::blank(array('user_id' => User::$current->id));
}
<?php
required_params('id');
$post = Post::find(Request::$params->id);
$post->undelete();
$affected_posts = array($post);
if ($post->parent_id) {
$affected_posts[] = $post->get_parent();
}
if (Request::$format == "json" || Request::$format == "xml") {
$api_data = Post::batch_api_data($affected_posts);
} else {
$api_data = array();
}
respond_to_success("Post was undeleted", array('#show', array('id' => Request::$params->id), array('api' => $api_data)));
auto_set_params('reason');
if (!($post = Post::find(Request::$params->id))) {
exit_with_status(404);
}
if (!empty(Request::$params->unflag)) {
# Allow the user who flagged a post to unflag it.
#
# posts
# "approve" is used both to mean "unflag post" and "approve pending post".
if ($post->status != "flagged") {
respond_to_error("Can only unflag flagged posts", array("#show", 'id' => Request::$params->id));
}
if (!User::is('>=40') and User::$current->id != $post->flag_detail->user_id) {
access_denied();
}
$post->approve(User::$current->id);
$message = "Post approved";
} else {
if ($post->status != "active") {
respond_to_error("Can only flag active posts", array("#show", 'id' => Request::$params->id));
}
$post->flag(Request::$params->reason, User::$current->id);
$message = "Post flagged";
}
# Reload the post to pull in post.flag_reason.
$post->reload();
if (Request::$format == "json" || Request::$format == "xml") {
$api_data = Post::batch_api_data(array($post));
}
respond_to_success($message, array("#show", 'id' => Request::$params->id), array('api' => $api_data));
<?php
if (isset(Request::$params->commit) && Request::$params->commit == "Cancel") {
redirect_to('#home');
}
if (!empty(Request::$params->user) && User::$current->update_attributes(Request::$params->user)) {
User::save_cookies(User::$current);
respond_to_success("Account settings saved", "#edit");
} else {
respond_to_error(User::$current, "#edit");
}
$ids[] = $p->id;
# If an entry has only an ID, it was just included in the list to receive changes to
# a post without changing it (for example, to receive the parent's data after reparenting
# a post under it).
if (empty($post)) {
continue;
}
$old_parent_id = $p->parent_id;
Post::filter_api_changes($post);
if ($p->update_attributes(array_merge($post, array('updater_user_id' => $user_id, 'updater_ip_addr' => Request::$remote_ip)))) {
// post.merge(:updater_user_id => user_id, :updater_ip_addr => request.remote_ip))
# Reload the post to send the new status back; not all changes will be reflected in
# @post due to after_save changes.
// $p->reload();
}
if ($p->parent_id != $old_parent_id) {
$p->parent_id && ($ids[] = $p->parent_id);
$old_parent_id && ($ids[] = $old_parent_id);
}
}
# Updates to one post may affect others, so only generate the return list after we've already
# updated everything.
# TODO: need better SQL functions.
$ids = implode(', ', $ids);
$posts = Post::find_all(array('conditions' => array("id IN ({$ids})")));
$api_data = Post::batch_api_data($posts);
$url = !empty(Request::$params->url) ? Request::$params->url : '#index';
// $url = Request::$params->url;
// $url = {:action => "index"} if not url
respond_to_success("Posts updated", $url, array('api' => $api_data));
$post->destroy_with_reason(Request::$params->reason ? Request::$params->reason : Request::$params->reason2, User::$current);
# Include post data for the parent: deleted posts aren't counted as children, so
# their has_children attribute may change.
if (!empty($post->parent_id)) {
$posts[] = $post->get_parent();
}
}
$post->reload();
$posts[] = $post;
}
}
$posts = array_unique($posts);
if (Request::$format == "json" || Request::$format == "xml") {
$api_data = Post::batch_api_data($posts);
} else {
$api_data = array();
}
if (Request::$params->commit == "Approve") {
respond_to_success("Post approved", "#moderate", array('api' => $api_data));
} elseif (Request::$params->commit == "Delete") {
respond_to_success("Post deleted", "#moderate", array('api' => $api_data));
}
} else {
if (!empty(Request::$params->query)) {
$pending_posts = Post::find_by_sql(Post::generate_sql(Request::$params->query, array('pending' => true, 'order' => "id desc")));
$flagged_posts = Post::find_by_sql(Post::generate_sql(Request::$params->query, array('flagged' => true, 'order' => "id desc")));
} else {
$pending_posts = Post::find('all', array('conditions' => "status = 'pending'", 'order' => "id desc"));
$flagged_posts = Post::find('all', array('conditions' => "status = 'flagged'", 'order' => "id desc"));
}
}
<?php
required_params('username');
// $user = new User('find_by_name', Request::$params->username);
$user = User::find_by_name(Request::$params->username);
// vde($user);
$ret['exists'] = false;
$ret['name'] = Request::$params->username;
if (!$user) {
$ret['response'] = "unknown-user";
respond_to_success("User does not exist", null, array('api' => $ret));
return;
}
# Return some basic information about the user even if the password isn't given, for
# UI cosmetics.
$ret['exists'] = true;
$ret['id'] = $user->id;
$ret['name'] = $user->name;
$ret['no_email'] = empty($user->email);
$pass = isset(Request::$params->password) ? Request::$params->password : "";
$user = User::authenticate(Request::$params->username, $pass);
if (!$user) {
$ret['response'] = "wrong-password";
respond_to_success("Wrong password", null, array('api' => $ret));
return;
}
$ret['pass_hash'] = $user->password_hash;
$ret['user_info'] = $user->user_info_cookie();
$ret['response'] = 'success';
respond_to_success("Successful", null, array('api' => $ret));
auto_set_params('pool_id');
if (Request::$post) {
if (!Request::$params->pool_id) {
return;
}
// $pool = new Pool('find', Request::$params->pool_id);
$pool = Pool::find(Request::$params->pool_id);
$_SESSION['last_pool_id'] = $pool->id;
if (isset(Request::$params->pool) && !empty(Request::$params->pool['sequence'])) {
$sequence = Request::$params->pool['sequence'];
} else {
$sequence = null;
}
try {
$pool->add_post(Request::$params->post_id, array('sequence' => $sequence, 'user' => User::$current->id));
respond_to_success('Post added', array('post#show', 'id' => Request::$params->post_id));
} catch (Exception $e) {
if ($e->getMessage() == 'Post already exists') {
respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)), array('status' => 423));
} elseif ($e->getMessage() == 'Access Denied') {
access_denied();
} else {
respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)));
}
}
} else {
if (User::$current->is_anonymous) {
$pools = Pool::find_all(array('order' => "name", 'conditions' => "is_active = TRUE AND is_public = TRUE"));
} else {
$pools = Pool::find_all(array('order' => "name", 'conditions' => array("is_active = TRUE AND (is_public = TRUE OR user_id = ?)", User::$current->id)));
}
<?php
required_params('tag_name');
$tag = Tag::find_by_name(Request::$params->tag_name);
if ($tag) {
$tag->delete();
}
unset(Request::$get_params['tag_name']);
respond_to_success('Tag deleted', array('#index', Request::$get_params));
<?php
if (!isset(Request::$params->score)) {
$vote = PostVotes::find_by_user_id_and_post_id(User::$current->id, Request::$params->id);
$score = $vote ? $vote->score : 0;
respond_to_success("", array(), array('vote' => $score));
return;
}
$p = Post::find(Request::$params->id);
$score = (int) Request::$params->score;
if (!User::is('>=40') && ($score < 0 || $score > 3)) {
respond_to_error("Invalid score", "#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title(), 'status' => 424));
return;
}
$vote_successful = $p->vote($score, User::$current);
$api_data = Post::batch_api_data(array($p));
$api_data['voted_by'] = $p->voted_by();
if ($vote_successful) {
respond_to_success("Vote saved", array("#show", 'id' => Request::$params->id, 'tag_title' => $p->tag_title()), array('api' => $api_data));
} else {
respond_to_error("Already voted", array("#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title())), array('api' => $api_data, 'status' => 423));
}
<?php
required_params('id');
required_params('pool', 'only', 'post');
$pool = Pool::find(Request::$params->id);
if (!$pool->can_be_updated_by(User::$current)) {
access_denied();
}
if (Request::$post) {
$pool->update_attributes(Request::$params->pool);
respond_to_success("Pool updated", array('#show', array('id' => Request::$params->id)));
}
<?php
if (User::is('<=20') && Request::$params->commit == "Post" && Comment::count(array('conditions' => array("user_id = ? AND created_at > ?", User::$current->id, gmd_math('sub', '1H'))) >= CONFIG::member_comment_limit)) {
# TODO: move this to the model
respond_to_error("Hourly limit exceeded", "#index", array('status' => 421));
}
$user_id = User::$current->id;
Request::$params->comment = array_merge(Request::$params->comment, array('ip_addr' => Request::$remote_ip, 'user_id' => $user_id));
// $comment = new Comment('empty', Request::$params->comment);
$comment = Comment::blank(Request::$params->comment);
// vde(Request::$params->comment);
// vde($comment);
if (Request::$params->commit == "Post without bumping") {
$comment->do_not_bump_post = true;
}
if ($comment->save()) {
respond_to_success("Comment created", "#index");
} else {
respond_to_error($comment, "#index");
}
<?php
$ids = Request::$params->post_ids;
$changed = Post::batch_activate(User::is('>=40') ? null : User::$current->id, $ids);
respond_to_success("Posts activated", "#moderate", array('api' => array('count' => $changed)));
<?php
if (!empty(Request::$params->tag['name'])) {
$tag = Tag::find_by_name(Request::$params->tag['name']);
if ($tag) {
$tag->update_attributes(Request::$params->tag);
}
}
respond_to_success("Tag updated", '#index');
<?php
$added_tags = !empty(Request::$params->add) ? Request::$params->add : array();
$removed_tags = !empty(Request::$params->remove) ? Request::$params->remove : array();
$tags = User::$current->blacklisted_tags_array();
foreach ($added_tags as $tag) {
!in_array($tag, $tags) && ($tags[] = $tag);
}
$tags = array_diff($tags, $removed_tags);
if (User::$current->user_blacklisted_tag->update_attribute('tags', implode("\r\n", $tags))) {
respond_to_success("Tag blacklist updated", "#home", array('api' => array('result' => User::$current->blacklisted_tags_array())));
} else {
respond_to_error(User::$current, "#edit");
}
<?php
required_params('user');
$user = User::create(Request::$params->user);
if ($user->record_errors->blank()) {
User::save_cookies($user);
$ret = array('exists' => false);
$ret['name'] = $user->name;
$ret['id'] = $user->id;
$ret['pass_hash'] = $user->password_hash;
$ret['user_info'] = $user->user_info_cookie;
$ret['response'] = 'success';
respond_to_success("New account created", "#home", array('api' => $ret));
} else {
$error = implode(', ', $user->record_errors->full_messages());
respond_to_success("Error: " . $error, "#signup", array('api' => array('response' => "error", 'errors' => $user->record_errors->full_messages())));
}