/** * Returns true, if the active user can edit or delete this post. * * @param Board $board * @param Thread $thread * @return boolean */ public function canEditPost($board, $thread) { $isModerator = $board->getModeratorPermission('canEditPost') || $board->getModeratorPermission('canDeletePost'); $isAuthor = $this->userID && $this->userID == WCF::getUser()->userID; $canEditPost = $board->getModeratorPermission('canEditPost') || $isAuthor && $board->getPermission('canEditOwnPost'); $canDeletePost = $board->getModeratorPermission('canDeletePost') || $isAuthor && $board->getPermission('canDeleteOwnPost'); if (!$canEditPost && !$canDeletePost || !$isModerator && ($board->isClosed || $thread->isClosed || $this->isClosed)) { return false; } // check post edit timeout if (!$isModerator && WCF::getUser()->getPermission('user.board.postEditTimeout') != -1 && TIME_NOW - $this->time > WCF::getUser()->getPermission('user.board.postEditTimeout') * 60) { return false; } return true; }
/** * @see EventListener::execute() */ public function execute($eventObj, $className, $eventName) { if ($eventObj->poll->messageType == 'post') { // check permissions require_once WBB_DIR . 'lib/data/post/Post.class.php'; $post = new Post($eventObj->poll->messageID); if (!$post->postID) { throw new IllegalLinkException(); } require_once WBB_DIR . 'lib/data/thread/Thread.class.php'; $thread = new Thread($post->threadID); $thread->enter(); require_once WBB_DIR . 'lib/data/board/Board.class.php'; $board = new Board($thread->boardID); $eventObj->canVotePoll = $board->getPermission('canVotePoll'); // plug in breadcrumbs WCF::getTPL()->assign(array('board' => $board, 'thread' => $thread, 'showThread' => true)); WCF::getTPL()->append('specialBreadCrumbs', WCF::getTPL()->fetch('navigation')); // get other polls from this thread if ($thread->polls > 1) { require_once WCF_DIR . 'lib/data/message/poll/Poll.class.php'; $polls = array(); $sql = "SELECT \t\tpoll_vote.pollID AS voted,\n\t\t\t\t\t\t\tpoll_vote.isChangeable,\n\t\t\t\t\t\t\tpoll.*\n\t\t\t\t\tFROM \t\twcf" . WCF_N . "_poll poll\n\t\t\t\t\tLEFT JOIN \twcf" . WCF_N . "_poll_vote poll_vote\n\t\t\t\t\tON \t\t(poll_vote.pollID = poll.pollID\n\t\t\t\t\t\t\t" . (!WCF::getUser()->userID ? "AND poll_vote.ipAddress = '" . escapeString(WCF::getSession()->ipAddress) . "'" : '') . "\n\t\t\t\t\t\t\tAND poll_vote.userID = " . WCF::getUser()->userID . ")\n\t\t\t\t\tWHERE \t\tpoll.pollID IN (\n\t\t\t\t\t\t\t\tSELECT\tpollID\n\t\t\t\t\t\t\t\tFROM\twbb" . WBB_N . "_post\n\t\t\t\t\t\t\t\tWHERE\tthreadID = " . $thread->threadID . "\n\t\t\t\t\t\t\t\t\tAND isDeleted = 0\n\t\t\t\t\t\t\t\t\tAND isDisabled = 0\n\t\t\t\t\t\t\t\t\tAND pollID <> 0\n\t\t\t\t\t\t\t)\n\t\t\t\t\tORDER BY\tpoll.question"; $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { $polls[] = new Poll(null, $row, $eventObj->canVotePoll); } if (count($polls) > 1) { WCF::getTPL()->assign(array('polls' => $polls, 'pollID' => $eventObj->pollID)); WCF::getTPL()->append('additionalSidebarContent', WCF::getTPL()->fetch('pollOverviewSidebar')); } } } }
/** * Handles a rating request on this thread. */ public function handleRating() { if (isset($_POST['rating'])) { $rating = intval($_POST['rating']); // rating is disabled if (!$this->enableRating) { throw new IllegalLinkException(); } // user has already rated this thread and the rating is NOT changeable if ($this->thread->userRating !== null && !$this->thread->userRating) { throw new IllegalLinkException(); } // user has no permission to rate this thread if (!$this->board->getPermission('canRateThread')) { throw new IllegalLinkException(); } // illegal rating if ($rating < 1 || $rating > 5) { throw new IllegalLinkException(); } // user has already rated this thread and the rating is changeable // change rating if ($this->thread->userRating) { $sql = "UPDATE \twbb" . WBB_N . "_thread_rating\n\t\t\t\t\tSET \trating = " . $rating . "\n\t\t\t\t\tWHERE \tthreadID = " . $this->threadID . "\n\t\t\t\t\t\tAND " . (WCF::getUser()->userID ? "userID = " . WCF::getUser()->userID : "ipAddress = '" . escapeString(WCF::getSession()->ipAddress) . "'"); WCF::getDB()->registerShutdownUpdate($sql); $sql = "UPDATE \twbb" . WBB_N . "_thread\n\t\t\t\t\tSET \trating = (rating + " . $rating . ") - " . $this->thread->userRating . "\n\t\t\t\t\tWHERE \tthreadID = " . $this->threadID; WCF::getDB()->registerShutdownUpdate($sql); } else { $sql = "INSERT INTO\twbb" . WBB_N . "_thread_rating\n\t\t\t\t\t\t\t(threadID, rating, userID, ipAddress)\n\t\t\t\t\tVALUES\t\t(" . $this->threadID . ",\n\t\t\t\t\t\t\t" . $rating . ",\n\t\t\t\t\t\t\t" . WCF::getUser()->userID . ",\n\t\t\t\t\t\t\t'" . escapeString(WCF::getSession()->ipAddress) . "')"; WCF::getDB()->registerShutdownUpdate($sql); $sql = "UPDATE \twbb" . WBB_N . "_thread\n\t\t\t\t\tSET \tratings = ratings + 1,\n\t\t\t\t\t\trating = rating + " . $rating . "\n\t\t\t\t\tWHERE \tthreadID = " . $this->threadID; WCF::getDB()->registerShutdownUpdate($sql); } HeaderUtil::redirect('index.php?page=Thread&threadID=' . $this->threadID . '&pageNo=' . $this->pageNo . SID_ARG_2ND_NOT_ENCODED); exit; } }