/**
* Helper function to create new comments
*/
public static function create($type, $owner, $msg, $private = false)
{
$session = SessionHandler::getInstance();
$c = new Comment();
$c->type = $type;
$c->owner = $owner;
$c->msg = $msg;
$c->private = $private;
$c->creator = $session->id;
$c->creator_ip = client_ip();
$c->time_created = sql_datetime(time());
return $c->store();
}
function insert_comment()
{
global $commentownerid, $link, $db, $current_user;
// Check if is a POST of a comment
if ($_POST['link_id'] == $link->id && $current_user->authenticated && $_POST['user_id'] == $current_user->user_id && $_POST['randkey'] > 0 && strlen($_POST['comment_content']) > 0) {
require_once mnminclude . 'comment.php';
$comment = new Comment();
$comment->id = $link->commentid;
$comment->read();
$comment->link = $link->id;
$comment->randkey = $_POST['randkey'];
$comment->author = $commentownerid;
//$_POST['user_id'];
$comment->content = $_POST['comment_content'];
$comment->store();
header('Location: ' . getmyurl('story', $_GET['id']));
die;
}
}
function handleSubmit($p)
{
$session = SessionHandler::getInstance();
$error = ErrorHandler::getInstance();
if (empty($p['comment'])) {
return false;
}
if (!$session->id) {
$error->add('Unauthorized submit');
return false;
}
$c = new Comment();
$c->type = $p['type'];
$c->msg = $p['comment'];
$c->private = 0;
$c->time_created = sql_datetime(time());
$c->owner = $p['owner'];
$c->creator = $session->id;
$c->creator_ip = client_ip();
$c->store();
redir($_SERVER['REQUEST_URI']);
}
function insert_comment()
{
global $commentownerid, $link, $db, $current_user;
// Check if is a POST of a comment
if (sanitize($_POST['link_id'], 3) == $link->id && $current_user->authenticated && sanitize($_POST['user_id'], 3) == $current_user->user_id && is_numeric(sanitize($_POST['randkey'], 3)) && sanitize($_POST['randkey'], 3) > 0 && sanitize($_POST['comment_content'], 4) != '') {
require_once mnminclude . 'comment.php';
$comment = new Comment();
$comment->id = $link->commentid;
$comment->read();
$comment->link = $link->id;
$comment->randkey = sanitize($_POST['randkey'], 3);
$comment->author = $commentownerid;
$comment->content = sanitize($_POST['comment_content'], 4);
$comment->store();
header('Location: ' . getmyurl('story', sanitize($_POST['link_id'], 3)));
die;
}
}
static function save_from_post($link) {
global $db, $current_user, $globals;
require_once(mnminclude.'ban.php');
$error = '';
if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida');
// Check if is a POST of a comment
if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 &&
$link->comments < $globals['max_comments'] &&
intval($_POST['link_id']) == $link->id && $current_user->authenticated &&
intval($_POST['user_id']) == $current_user->user_id &&
intval($_POST['randkey']) > 0
)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment;
$comment->link=$link->id;
$comment->ip = $db->escape($globals['user_ip']);
$comment->randkey=intval($_POST['randkey']);
$comment->author=intval($_POST['user_id']);
$comment->karma=round($current_user->user_karma);
$comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
$comment->parent=intval($_POST['parent_id']);
//get level
$parentComment = new Comment();
$parentComment->id = intval($comment->parent);
$parentComment->read_basic();
if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) {
return _('Chegache ao nivel límite de comentarios aniñados...');
}
$comment->nested_level = $parentComment->nested_level + 1;
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours+1);
if ( $clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
// Check the comment wasn't already stored
$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey"));
if ($already_stored) {
return _('comentario duplicado');
}
if (! $current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) $same_links_count *= 2;
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma/6, 2) * 2.5);
if ($comment_count > $comment_limit || $same_count > 2) {
$reduction = 0;
if ($comment_count > $comment_limit) {
$reduction += ($comment_count-3) * 0.1;
}
if($same_count > 1) {
$reduction += $same_count * 0.25;
}
if ($reduction > 0) {
$user = new User;
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)");
$user->store();
$annotation = new Annotation("karma-$user->id");
$annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n");
$error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces');
}
}
$db->transaction();
$comment->store();
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Comment stored, just redirect to it page
header('Location: '.$link->get_permalink() . '#c-'.$comment->order);
die;
//return $error;
}
function insert_comment()
{
global $commentownerid, $link, $db, $current_user, $main_smarty, $the_template;
check_actions('story_edit_comment', $vars);
// Check if is a POST of a comment
if (sanitize($_POST['link_id'], 3) == $link->id && $current_user->authenticated && sanitize($_POST['user_id'], 3) == $current_user->user_id && is_numeric(sanitize($_POST['randkey'], 3)) && sanitize($_POST['randkey'], 3) > 0 && sanitize($_POST['comment_content'], 4) != '') {
require_once mnminclude . 'comment.php';
$comment = new Comment();
$comment->id = $link->commentid;
$comment->read();
$comment->link = $link->id;
$comment->randkey = sanitize($_POST['randkey'], 3);
$comment->author = $commentownerid;
$comment->content = sanitize($_POST['comment_content'], 4);
if (strlen($comment->content) > maxCommentLength) {
$main_smarty->assign('url', $_SERVER['REQUEST_URI']);
$main_smarty->assign('tpl_center', $the_template . '/comment_errors');
$main_smarty->display($the_template . '/pligg.tpl');
exit;
}
$vars['comment'] = $comment->id;
$vars = array('comment' => &$comment);
check_actions('after_comment_edit', $vars);
if ($vars['comment']->status) {
$comment->status = $vars['comment']->status;
}
$comment->store();
header('Location: ' . getmyurl('story', sanitize($_POST['link_id'], 3)));
die;
}
}
static function save_from_post($link, $redirect = true)
{
global $db, $current_user, $globals;
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment();
$comment->link = $link->id;
$comment->ip = $globals['user_ip'];
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours + 1);
if ($clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) {
// Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
if (!$current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) {
$same_links_count *= 2;
}
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5);
$karma_penalty = 0;
if ($comment_count > $comment_limit || $same_count > 2) {
if ($comment_count > $comment_limit) {
$karma_penalty += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$karma_penalty += $same_count * 0.25;
}
}
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$db->transaction();
// Check the comment wasn't already stored
$r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE"));
$already_stored = intval($r);
if ($already_stored) {
$db->rollback();
return _('comentario duplicado');
}
if ($karma_penalty > 0) {
$db->rollback();
$user = new User($current_user->user_id);
$user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios'));
return _('penalización de karma por texto repetido o abuso de enlaces');
}
if (!is_null($r) && $comment->store()) {
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
if ($redirect) {
// Comment stored, just redirect to it page
header('HTTP/1.1 303 Load');
header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order);
die;
} else {
return $comment;
}
}
$db->rollback();
return _('error insertando comentario');
//return $error;
}
function insert_comment()
{
global $link, $db, $current_user;
require_once mnminclude . 'comment.php';
$comment = new Comment();
$cancontinue = false;
if (sanitize($_POST['link_id'], 3) == $link->id && $current_user->authenticated && sanitize($_POST['user_id'], 3) == $current_user->user_id && sanitize($_POST['randkey'], 3) > 0) {
if (sanitize($_POST['comment_content'], 4) != '') {
$comment->content = sanitize($_POST['comment_content'], 4);
$cancontinue = true;
// this is a normal new comment
}
$comment_parent_id = isset($_POST['comment_parent_id']) ? sanitize($_POST['comment_parent_id'], 3) : 0;
$reply_content = isset($_POST['reply_comment_content-' . $comment_parent_id]) ? sanitize($_POST['reply_comment_content-' . $comment_parent_id], 4) : '';
if ($reply_content != '') {
$comment->content = $reply_content;
$comment->parent = $comment_parent_id;
$cancontinue = true;
// this is a reply to an existing comment
}
if ($cancontinue == true) {
$comment->link = $link->id;
$comment->randkey = sanitize($_POST['randkey'], 3);
$comment->author = sanitize($_POST['user_id'], 3);
$comment->store();
//header('Location: '.$_SERVER['REQUEST_URI']);
//die;
}
}
}
function insert_comment()
{
global $link, $db, $current_user;
// Check if is a POST of a comment
//while(list($key, $value) = each($_POST))
//{
// echo "$key = $value<br />";
//}
//echo "<hr />$link->id";
//echo "<hr />$current_user->authenticated";
//echo "<hr />$current_user->user_id";
require_once mnminclude . 'comment.php';
$comment = new Comment();
$cancontinue = false;
if ($_POST['link_id'] == $link->id && $current_user->authenticated && $_POST['user_id'] == $current_user->user_id && $_POST['randkey'] > 0) {
if (strlen($_POST['comment_content']) > 0) {
$comment->content = $_POST['comment_content'];
$cancontinue = true;
// this is a normal new comment
}
if (strlen($_POST['reply_comment_content-' . $_POST['comment_parent_id']]) > 0) {
$comment->content = $_POST['reply_comment_content-' . $_POST['comment_parent_id']];
$comment->parent = $_POST['comment_parent_id'];
$cancontinue = true;
// this is a reply to an existing comment
}
if ($cancontinue == true) {
$comment->link = $link->id;
$comment->randkey = $_POST['randkey'];
$comment->author = $_POST['user_id'];
$comment->store();
header('Location: ' . $_SERVER['REQUEST_URI']);
die;
}
}
}
function insert_comment()
{
global $link, $db, $current_user;
check_actions('story_insert_comment', $vars);
require_once mnminclude . 'comment.php';
$comment = new Comment();
$cancontinue = false;
//anonymous comment
$cancontinue_anon = false;
$anon = $_POST['anon'];
if (sanitize($_POST['link_id'], 3) == $link->id && $current_user->authenticated && sanitize($_POST['user_id'], 3) == $current_user->user_id && sanitize($_POST['randkey'], 3) > 0) {
if (sanitize($_POST['comment_content'], 4) != '') {
$comment->content = sanitize($_POST['comment_content'], 4);
$cancontinue = true;
// this is a normal new comment
}
$comment_parent_id = isset($_POST['comment_parent_id']) ? sanitize($_POST['comment_parent_id'], 3) : 0;
$reply_content = isset($_POST['reply_comment_content-' . $comment_parent_id]) ? sanitize($_POST['reply_comment_content-' . $comment_parent_id], 4) : '';
if ($reply_content != '') {
$comment->content = $reply_content;
$comment->parent = $comment_parent_id;
$cancontinue = true;
// this is a reply to an existing comment
}
} elseif ($_POST['link_id'] == $link->id && $_POST['randkey'] > 0 && $anon == 1) {
if (strlen($_POST['comment_content']) > 0) {
$comment->content = sanitize($_POST['comment_content'], 4);
//$cancontinue_anon = true;
//anonymous comment insert
check_actions('register_check_errors', $vars);
if ($vars['error'] == true) {
$error = true;
} else {
if (!$current_user->authenticated) {
$vars = array('link_id' => $link->id, 'randkey' => $_POST['randkey'], 'user_id' => $_POST['user_id'], 'a_email' => $_POST['a_email'], 'a_username' => $_POST['a_username'], 'a_website' => $_POST['a_website'], 'comment_content' => $_POST['comment_content']);
check_actions('anonymous_comment', $vars);
}
//$comment->store();
}
}
}
if ($cancontinue == true) {
$comment->link = $link->id;
$comment->randkey = sanitize($_POST['randkey'], 3);
$comment->author = sanitize($_POST['user_id'], 3);
$comment->store();
$vars = '';
check_actions('after_comment_submit', $vars);
header('Location: ' . $_SERVER['REQUEST_URI']);
die;
}
}
function insert_comment () {
global $link, $db, $current_user;
// Check if is a POST of a comment
if(intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id &&
intval($_POST['randkey']) > 0 && strlen(trim($_POST['comment_content'])) > 2 ) {
require_once(mnminclude.'comment.php');
$comment = new Comment;
$comment->link=$link->id;
$comment->randkey=intval($_POST['randkey']);
$comment->author=intval($_POST['user_id']);
$comment->content=trim(htmlspecialchars(strip_tags(trim($_POST['comment_content']))));
if (strlen($comment->content) > 0 )
$comment->store();
header('Location: '.$_SERVER['REQUEST_URI']);
die;
}
}
function insert_comment()
{
global $link, $db, $current_user, $globals;
// Check if is a POST of a comment
if ($link->votes > 0 && $link->date > time() - $globals['time_enabled_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && ($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) && intval($_POST['randkey']) > 0 && strlen(trim($_POST['comment_content'])) > 2) {
require_once mnminclude . 'comment.php';
$comment = new Comment();
$comment->link = $link->id;
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = intval($current_user->user_karma);
$comment->content = clean_text($_POST['comment_content'], 0, false, 10000);
if (strlen($comment->content) > 0) {
// Lower karma to comments' spammers
$comment_count = $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} && comment_date > date_sub(now(), interval 3 minute)");
if ($comment_count > 3) {
require_once mnminclude . 'user.php';
$user = new User();
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - 0.5;
$user->store();
}
$comment->store();
$comment->insert_vote();
$link->update_comments();
}
header('Location: ' . $link->get_permalink());
die;
}
}
function insert_comment()
{
global $link, $db, $current_user;
check_actions('story_insert_comment', $vars);
require_once mnminclude . 'comment.php';
$comment = new Comment();
$cancontinue = false;
if ($_POST['link_id'] == $link->id && $current_user->authenticated && $_POST['user_id'] == $current_user->user_id && $_POST['randkey'] > 0) {
if (strlen($_POST['comment_content']) > 0) {
$comment->content = $_POST['comment_content'];
$cancontinue = true;
// this is a normal new comment
}
if (strlen($_POST['reply_comment_content-' . $_POST['comment_parent_id']]) > 0) {
$comment->content = $_POST['reply_comment_content-' . $_POST['comment_parent_id']];
$comment->parent = $_POST['comment_parent_id'];
$cancontinue = true;
// this is a reply to an existing comment
}
if ($cancontinue == true) {
$comment->link = $link->id;
$comment->randkey = $_POST['randkey'];
$comment->author = $_POST['user_id'];
$comment->store();
header('Location: ' . $_SERVER['REQUEST_URI']);
die;
}
}
}
function insert_comment()
{
global $link, $db, $current_user, $globals;
$error = '';
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if ($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && ($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) && intval($_POST['randkey']) > 0 && mb_strlen(trim($_POST['comment_content'])) > 2) {
require_once mnminclude . 'comment.php';
$comment = new Comment();
$comment->link = $link->id;
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->karma = 20;
$comment->type = 'admin';
}
if (mb_strlen($comment->content) > 0 && preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey}"));
// Check the comment wasn't already stored
if (!$already_stored) {
if ($comment->type != 'admin') {
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count() + $comment->same_links_count();
} else {
$comment_count = $same_count = 0;
}
if ($comment_count > 2 || $same_count > 2) {
require_once mnminclude . 'user.php';
$reduction = 0;
if ($comment_count > 3) {
$reduction += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$reduction += $same_count * 0.25;
}
if ($reduction > 0) {
$user = new User();
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: story decreasing {$reduction} of karma to {$current_user->user_login} (now {$user->karma})");
$user->store();
$error .= ' ' . 'penalización de karma por texto repetido o abuso de enlaces';
}
}
$comment->store();
$comment->insert_vote();
$link->update_comments();
// Re read link data
$link->read();
} else {
$error .= ' ' . 'duplicado';
}
} else {
$error .= ' ' . 'caracteres no válidos';
}
// We don't redirect, Firefox show cache data instead of the new data since we send lastmodification time.
//header('Location: '.$link->get_permalink());
//die;
} else {
$error .= ' ' . 'texto muy breve, karma bajo o usuario incorrecto';
}
return $error;
}
check_referrer();
$comment = new Comment();
$comment->id = sanitize($_POST['id'], 3);
if (!is_numeric($comment->id)) {
die;
}
$comment->read();
if ($current_user->user_id == 0 && !anonnymous_vote) {
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_NoAnon'));
}
if ($current_user->user_id != sanitize($_POST['user'], 3)) {
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_BadUser') . $current_user->user_id . '-' . sanitize($_POST['user'], 3));
}
$md5 = md5(sanitize($_POST['user'], 3) . $comment->randkey);
if ($md5 !== sanitize($_POST['md5'], 3)) {
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_BadKey'));
}
if ($comment->votes($current_user->user_id) != 0 || votes_per_ip > 0 && $comment->votes_from_ip() >= votes_per_ip) {
/////
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_AlreadyVoted'));
}
$value = sanitize($_POST['value'], 3);
if ($value < -10 || $value > 10) {
error('Invalid vote value');
}
$votes = $comment->insert_vote($current_user->user_id, $value);
$comment->votes = $votes;
$comment->store();
$count = $comment->votes;
echo "{$count} ~--~" . sanitize($_POST['id'], 3);
}
function insert_comment()
{
global $link, $db, $current_user, $main_smarty, $the_template, $story_url;
$main_smarty->assign('TheComment', $_POST['comment_content']);
if ($vars['error'] == true) {
$error = true;
return;
}
require_once mnminclude . 'comment.php';
$comment = new Comment();
$cancontinue = false;
//anonymous comment
$cancontinue_anon = false;
$anon = $_POST['anon'];
$comment->content = sanitize($_POST['comment_content'], 4);
if (strlen($comment->content) > maxCommentLength) {
$main_smarty->assign('url', $_SERVER['REQUEST_URI']);
$main_smarty->assign('tpl_center', $the_template . '/comment_errors');
$main_smarty->display($the_template . '/pligg.tpl');
exit;
}
if (sanitize($_POST['link_id'], 3) == $link->id && $current_user->authenticated && sanitize($_POST['user_id'], 3) == $current_user->user_id && sanitize($_POST['randkey'], 3) > 0) {
if (sanitize($_POST['comment_content'], 4) != '') {
// this is a normal new comment
$cancontinue = true;
}
if (is_array($_POST['reply_comment_content'])) {
// comment replies
foreach ($_POST['reply_comment_content'] as $id => $value) {
if ($id > 0 && $value) {
$comment->content = sanitize($value, 4);
$comment->parent = $id;
$cancontinue = true;
break;
}
}
}
} elseif ($_POST['link_id'] == $link->id && $_POST['randkey'] > 0 && $anon == 1) {
if (strlen($_POST['comment_content']) > 0) {
check_actions('register_check_errors', $vars);
if ($vars['error'] == true) {
$error = true;
} elseif (!$current_user->authenticated) {
$vars = array('link_id' => $link->id, 'randkey' => $_POST['randkey'], 'user_id' => $_POST['user_id'], 'a_email' => $_POST['a_email'], 'a_username' => $_POST['a_username'], 'a_website' => $_POST['a_website'], 'comment_content' => sanitize($_POST['comment_content'], 4));
check_actions('anonymous_comment', $vars);
}
}
}
$parrent_comment_id = sanitize($_POST['parrent_comment_id'], 3);
if ($cancontinue == true) {
$comment->link = $link->id;
if ($parrent_comment_id != 0) {
$comment->parent = $parrent_comment_id;
} else {
$comment->parent = 0;
}
$comment->randkey = sanitize($_POST['randkey'], 3);
$comment->author = sanitize($_POST['user_id'], 3);
$vars = array('comment' => &$comment);
check_actions('story_insert_comment', $vars);
if ($vars['comment']->status) {
$comment->status = $vars['comment']->status;
}
$comment->store();
$vars['comment'] = $comment->id;
check_actions('after_comment_submit', $vars);
$story_url = getmyurl("storyURL", $link->category_safe_names(), urlencode($link->title_url), $link->id);
//$story_url;
header('Location: ' . $story_url . "#comment-reply-" . $comment->id);
die;
}
}
function insert_comment () {
global $link, $db, $current_user, $globals;
// Check if is a POST of a comment
if(intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id &&
($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) &&
intval($_POST['randkey']) > 0 && strlen(trim($_POST['comment_content'])) > 2 ) {
require_once(mnminclude.'comment.php');
$comment = new Comment;
$comment->link=$link->id;
$comment->randkey=intval($_POST['randkey']);
$comment->author=intval($_POST['user_id']);
//$comment->content=trim(htmlspecialchars(strip_tags(substr(trim($_POST['comment_content']), 0, 10000))));
$comment->content=htmlspecialchars(substr(trim($_POST['comment_content']), 0, 10000));
if (strlen($comment->content) > 0 ) {
// Lower karma to comments' spammers
$comment_count = $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id && comment_date > date_sub(now(), interval 10 minute)");
if ($comment_count > 7) {
require_once(mnminclude.'user.php');
$user = new User;
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - 0.5;
$user->store();
}
$comment->store();
}
header('Location: '.$link->get_permalink());
die;
}
}
