function save_comment()
{
global $link, $db, $comment, $current_user, $globals, $site_key;
// Warning, trillion of checkings :-(
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
echo $limit_exceded;
die;
}
}
$user_id = intval($_POST['user_id']);
if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.5 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && strlen(trim($_POST['comment_content'])) > 2) {
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
if ($current_user->user_level == 'god') {
if ($_POST['type'] == 'admin') {
$comment->type = 'admin';
} else {
$comment->type = 'normal';
}
}
if (!$current_user->admin) {
$comment->get_links();
}
if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})");
echo _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
die;
}
if (strlen($comment->content) > 0) {
$comment->store();
}
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} elseif (!empty($_POST['tmp_filename']) && !empty($_POST['tmp_filetype'])) {
$comment->move_tmp_image($_POST['tmp_filename'], $_POST['tmp_filetype']);
} elseif (!empty($_FILES['image']['tmp_name'])) {
$comment->store_image($_FILES['image']);
}
header('Location: ' . $link->get_permalink() . '/c0' . $comment->c_order . '#c-' . $comment->c_order);
die;
} else {
echo _('error actualizando, probablemente tiempo de edición excedido');
die;
}
}
function from_tmp_upload($filename, $type)
{
global $current_user, $globals;
$pathname = Upload::get_cache_dir() . '/tmp/' . $filename;
if (!file_exists($pathname)) {
return false;
}
// Check __again__ the limits
Upload::current_user_limit_exceded(filesize($pathname));
$this->mime = $type;
$this->user = $current_user->user_id;
Upload::create_cache_dir($this->id);
if (rename($pathname, $this->pathname())) {
$this->check_size_and_rotation($this->pathname());
$this->delete_thumbs();
// Check if it exists a thumb adn save it in jpg
$thumbname = Upload::get_cache_dir() . "/tmp/tmp_thumb-{$filename}";
if (file_exists($thumbname)) {
@unlink($thumbname);
}
$this->create_thumbs();
return $this->store();
} else {
syslog(LOG_INFO, "Meneame, error moving to " . $this->pathname());
}
return false;
}
function save_post($message_id)
{
global $link, $db, $message, $current_user, $globals, $site_key;
$message = new PrivateMessage();
$to_user = User::get_valid_username($_POST['to_user']);
if (!$to_user) {
echo 'ERROR: ' . _('nombre de usuario erróneo');
die;
}
$to = User::get_user_id($to_user);
if (!$to > 0) {
echo 'ERROR: ' . _('usuario erróneo');
die;
}
if (!PrivateMessage::can_send($current_user->user_id, $to)) {
echo 'ERROR: ' . _('el destinatario no lo tiene amigado');
die;
}
$_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']);
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
echo 'ERROR: ' . $limit_exceded;
die;
}
}
if (mb_strlen($_POST['post']) < 2) {
echo 'ERROR: ' . _('texto muy corto');
die;
}
if ($current_user->user_id != intval($_POST['author'])) {
die;
}
// Check the post wasn't already stored
$message->randkey = intval($_POST['key']);
$message->author = $current_user->user_id;
$message->to = $to;
$message->content = $_POST['post'];
$db->transaction();
$dupe = intval($db->get_var("select count(*) from privates where user = {$current_user->user_id} and date > date_sub(now(), interval 5 minute) and randkey = {$message->randkey} FOR UPDATE"));
if (!$dupe) {
// Verify that there are a period of 1 minute between posts.
if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 15 second)")) > 0) {
echo 'ERROR: ' . _('debe esperar 15 segundos entre mensajes');
$db->rollback();
die;
}
// Verify that there less than X messages from the same user in a day
if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 1 day)")) > 160) {
echo 'ERROR: ' . _('demasiados mensajes en un día');
die;
}
$db->commit();
$message->store();
notify_user($current_user->user_id, $to, $message->content);
User::add_notification($message->to, 'private');
} else {
$db->commit();
echo 'ERROR: ' . _('mensaje grabado previamente');
die;
}
// Check image upload or delete
if ($_POST['image_delete']) {
$message->delete_image();
} else {
$message->store_image_from_form('image');
}
$message = PrivateMessage::from_db($message->id);
// Reread the object
$message->print_summary();
}
static function save_from_post($link, $redirect = true)
{
global $db, $current_user, $globals;
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment();
$comment->link = $link->id;
$comment->ip = $globals['user_ip'];
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours + 1);
if ($clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) {
// Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
if (!$current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) {
$same_links_count *= 2;
}
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5);
$karma_penalty = 0;
if ($comment_count > $comment_limit || $same_count > 2) {
if ($comment_count > $comment_limit) {
$karma_penalty += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$karma_penalty += $same_count * 0.25;
}
}
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$db->transaction();
// Check the comment wasn't already stored
$r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE"));
$already_stored = intval($r);
if ($already_stored) {
$db->rollback();
return _('comentario duplicado');
}
if ($karma_penalty > 0) {
$db->rollback();
$user = new User($current_user->user_id);
$user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios'));
return _('penalización de karma por texto repetido o abuso de enlaces');
}
if (!is_null($r) && $comment->store()) {
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
if ($redirect) {
// Comment stored, just redirect to it page
header('HTTP/1.1 303 Load');
header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order);
die;
} else {
return $comment;
}
}
$db->rollback();
return _('error insertando comentario');
//return $error;
}
}
// If the header is available, chech the size
if (isset($headers['X-File-Size']) && $headers['X-File-Size'] > 0 && Upload::current_user_limit_exceded($headers['X-File-Size'])) {
$r->error = _("Límite de ficheros excedidos");
syslog(LOG_INFO, "File size exceeded " . $headers['X-File-Size']);
echo json_encode($r);
die;
}
$dir = Upload::get_cache_dir() . '/tmp';
if (!file_exists($dir)) {
$old_mask = umask(0);
$res = @mkdir($dir, 0777, true);
umask($old_mask);
}
$source = file_get_contents('php://input');
if (Upload::current_user_limit_exceded(strlen($source))) {
$r->error = _("Límite de ficheros excedidos");
echo json_encode($r);
die;
}
// Delete old files first
$older = time() - 1800;
$iterator = new DirectoryIterator($dir);
foreach ($iterator as $fileinfo) {
if ($fileinfo->isFile()) {
if ($fileinfo->getMTime() < $older) {
@unlink($fileinfo->getPathname());
}
}
}
$tmpfile = $dir . '/' . $current_user->user_id . '-' . $current_user->user_login . '-' . uniqid();
function check_and_save($comment, $link)
{
global $db, $current_user, $globals, $site_key;
// Warning, trillion of checkings :-(
// TODO: unify with Comment::save_from_post(), careful with the differences
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$user_id = intval($_POST['user_id']);
if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.5 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && mb_strlen(trim($_POST['comment_content'])) > 2) {
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
if ($current_user->user_level == 'god') {
if ($_POST['type'] == 'admin') {
$comment->type = 'admin';
} else {
$comment->type = 'normal';
}
}
if (!$current_user->admin) {
$comment->get_links();
}
if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
if (mb_strlen($comment->content) > 0) {
$comment->store();
}
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
return $comment;
}
return _('error actualizando, probablemente tiempo de edición excedido');
}
function save_post($post_id)
{
global $link, $db, $post, $current_user, $globals, $site_key;
$post = new Post();
$_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']);
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
echo 'ERROR: ' . $limit_exceded;
die;
}
}
if (mb_strlen($_POST['post']) < 5) {
echo 'ERROR: ' . _('texto muy corto');
die;
}
if ($post_id > 0) {
$post->id = $post_id;
if (!$post->read()) {
die;
}
if ((intval($_POST['user_id']) == $current_user->user_id && $current_user->user_id == $post->author && time() - $post->date < 3600 || $current_user->user_level == 'god' && time() - $post->date < $globals['posts_edit_time_admin'] * 1.5) && $_POST['key'] == $post->randkey) {
$post->content = $_POST['post'];
if (strlen($post->content) > 0) {
$post->store();
store_image($post);
}
} else {
echo 'ERROR: ' . _('no tiene permisos para grabar');
die;
}
} else {
if ($current_user->user_id != intval($_POST['user_id'])) {
die;
}
if ($current_user->user_karma < $globals['min_karma_for_posts']) {
echo 'ERROR: ' . _('el karma es muy bajo');
die;
}
// Check the post wasn't already stored
$post->randkey = intval($_POST['key']);
$post->author = $current_user->user_id;
$post->content = $_POST['post'];
// Verify that there are a period of 1 minute between posts.
if (intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval " . $globals['posts_period'] . " second)")) > 0) {
echo 'ERROR: ' . _('debe esperar entre notas');
die;
}
$same_text = $post->same_text_count();
$same_links = $post->same_links_count(10);
$db->transaction();
$r = $db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 5 minute) and post_randkey = {$post->randkey} FOR UPDATE");
$dupe = intval($r);
if (!is_null($r) && !$dupe && !$same_text) {
if ($same_links > 2) {
$reduction = $same_links * 0.2;
$user = new User($current_user->user_id);
$user->add_karma(-$reduction, _('demasiados enlaces al mismo dominio en las notas'));
syslog(LOG_NOTICE, "Meneame: post_edit decreasing {$reduction} of karma to {$user->username} (now {$user->karma})");
}
$post->store();
$db->commit();
store_image($post);
} else {
$db->commit();
echo 'ERROR: ' . _('comentario grabado previamente');
die;
}
}
$post->print_summary();
}
