function save_profile()
{
global $db, $user, $current_user, $globals, $site_key;
$errors = 0;
// benjami: control added (2005-12-22)
$pass_changed = false;
$messages = '';
$form_hash = md5($site_key . $user->id . mnminclude);
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
$messages .= '<p class="form-error">' . _('Falta la clave de control') . '</p>';
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
if (strlen(trim($_POST['username'])) < 3) {
$messages .= '<p class="form-error">' . _('nombre demasiado corto') . '</p>';
$errors++;
}
if (!check_username($_POST['username'])) {
$messages .= '<p class="form-error">' . _('nombre de usuario erróneo, caracteres no admitidos') . '</p>';
$errors++;
} elseif (user_exists(trim($_POST['username']))) {
$messages .= '<p class="form-error">' . _('el usuario ya existe') . '</p>';
$errors++;
} else {
$user->username = trim($_POST['username']);
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('el correo electrónico no es correcto') . '</p>';
$errors++;
} elseif (trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>';
$errors++;
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
$messages .= '<p class="form-error">' . _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números') . '</p>';
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
$messages .= '<p class="form-error">' . _('las claves no son iguales, no se ha modificado') . '</p>';
$errors = 1;
} else {
$user->pass = md5(trim($_POST['password']));
$messages .= '<p class="form-error">' . _('La clave se ha cambiado') . '</p>';
$pass_changed = true;
}
}
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
$messages .= '<p class="form-error">' . _('error guardando la imagen') . '</p>';
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
$messages .= '<p class="form-error">' . _('el tamaño de la imagen excede el límite') . '</p>';
$errors = 1;
$user->avatar = 0;
}
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $pass_changed) {
$current_user->Authenticate($user->username, $user->pass);
}
$messages .= '<p class="form-error">' . _('datos actualizados') . '</p>';
}
return $messages;
}
function do_submit3()
{
global $db, $current_user;
$linkres = new Link();
$linkres->id = $link_id = intval($_POST['id']);
$linkres->read();
// Check it is not in the queue already
if ($linkres->votes == 0 && $linkres->status != 'queued') {
$linkres->status = 'queued';
$linkres->date = time();
$linkres->get_uri();
$linkres->store();
$linkres->insert_vote($current_user->user_id, $current_user->user_karma);
// Add the new link log/event
require_once mnminclude . 'log.php';
log_conditional_insert('link_new', $linkres->id, $linkres->author);
$db->query("delete from links where link_author = {$linkres->author} and link_status='discard' and link_votes=0");
if (!empty($_POST['trackback'])) {
require_once mnminclude . 'trackback.php';
$trackres = new Trackback();
$trackres->url = clean_input_url($_POST['trackback']);
$trackres->link = $linkres->id;
$trackres->title = $linkres->title;
$trackres->author = $linkres->author;
$trackres->content = $linkres->content;
$res = $trackres->send($linkres);
}
}
header("Location: shakeit.php");
die;
}
function get()
{
// Check first in these server using *only* the URL
$video_servers = array('youtube.com' => 'check_youtube', 'yfrog.com' => 'check_yfrog');
$base_host = preg_replace('/^www\\./', '', $this->parsed_url['host']);
if ($video_servers[$base_host]) {
if ($this->debug) {
echo "<!-- Check thumb by URL: {$video_servers[$base_host]} -->\n";
}
if ($this->{$video_servers}[$base_host]()) {
if ($this->debug) {
echo "<!-- Selected thumb by URL: {$video_servers[$base_host]} -->\n";
}
$this->selected->video = true;
return $this->selected;
}
}
$res = get_url($this->url, $this->referer, null, false);
if (!$res) {
if ($this->debug) {
echo "<!-- Error getting " . htmlentities($this->url) . "-->\n";
}
return;
}
if ($this->debug) {
echo "<!-- Got {$this->url} (" . strlen($res['content']) . ") -->\n";
}
if ($res['location'] != $this->url) {
$this->redirected = clean_input_url($res['location']);
$this->parsed_redirected = parse_url($this->redirected);
if ($this->debug) {
echo "<!-- Redirected to URL: {$this->redirected} -->\n";
}
}
if (preg_match('/^image/i', $res['content_type'])) {
$img = new BasicThumb($this->url);
if ($img->fromstring($res['content'])) {
$img->type = 'local';
$img->candidate = true;
$this->selected = $img;
}
} elseif (preg_match('/text\\/html/i', $res['content_type'])) {
$this->html = $res['content'];
$this->title = get_html_title($this->html);
if ($this->debug) {
echo "<!-- HTML {$this->title} -->\n";
}
// First check for thumbnail head metas
if ((preg_match('/<meta\\s+?property=[\'"]og:image[\'"]\\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match) || preg_match('/<meta\\s+?name=[\'"]product-image[\'"]\\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match) || preg_match('/<meta\\s+?name=[\'"]thumbnail_url[\'"]\\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match) || preg_match('/<link\\s+?rel=[\'"]image_src[\'"]\\s+?href=[\'"](.+?)[\'"].*?>/is', $this->html, $match)) && !preg_match('/favicon/i', $match[1])) {
$url = $match[1];
$url = build_full_url($url, $this->url);
if ($this->debug) {
echo "<!-- Try to select from {$url} -->\n";
}
$img = new BasicThumb($url);
if ($img->get() && $img->is_not_black()) {
$img->type = 'local';
$img->candidate = true;
if ($img->x > 150 && $img->y > 150) {
if ($this->debug) {
echo "<!-- Selected from {$img->url} -->\n";
}
$this->selected = $img;
return $this->selected;
} else {
if ($this->debug) {
echo "<!-- Failback {$img->url} -->\n";
}
$this->fallback = $img;
}
}
}
// Analyze HTML <img's
if (preg_match('/<base *href=["\'](.+?)["\']/i', $this->html, $match)) {
$this->base = $match[1];
}
$html_short = $this->shorten_html($this->html);
// echo "<!-- $this->html -->\n";
$this->parse_img($html_short);
// If there is no image or image is slow
// Check if there are players
if ((!$this->selected || $this->selected->surface() < 120000) && preg_match('/(< *(?:embed|iframe|object|param))[^>]*>|\\.flv/i', $this->html)) {
if ($this->debug) {
echo "<!-- Searching for video -->\n";
}
if ($this->check_youtube() || $this->check_yfrog() || $this->check_google_video() || $this->check_metacafe() || $this->check_vimeo() || $this->check_zapp_internet() || $this->check_daily_motion() || $this->check_elmundo_video()) {
$this->selected->video = true;
return $this->selected;
}
}
}
if (!$this->selected && $this->fallback != false) {
$this->selected = $this->fallback;
}
if ($this->debug) {
echo "<!-- FINAL selection: {$this->selected} -->\n";
}
return $this->selected;
}
function save_profile()
{
global $db, $user, $current_user, $globals, $admin_mode;
$errors = 0;
// benjami: control added (2005-12-22)
$pass_changed = false;
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
return;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
if (strlen(trim($_POST['username'])) < 3) {
echo '<p class="form-error">' . _('nombre demasiado corto') . '</p>';
$errors++;
}
if (!check_username($_POST['username'])) {
echo '<p class="form-error">' . _('Nombre de usuario erróneo, caracteres no admitidos') . '</p>';
$errors++;
} elseif (user_exists(trim($_POST['username']))) {
echo '<p class="form-error">' . _('El usuario ya existe') . '</p>';
$errors++;
} else {
$user->username = trim($_POST['username']);
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
echo '<p class="form-error">' . _('El correo electrónico no es correcto') . '</p>';
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
echo '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>';
$errors++;
} else {
$user->email = trim($_POST['email']);
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
// Verifies adsense code
if ($globals['external_user_ads']) {
$_POST['adcode'] = trim($_POST['adcode']);
if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
if (!preg_match('/^pub-[0-9]{16}$/', $_POST['adcode'])) {
echo '<p class="form-error">' . _('código AdSense incorrecto, no se ha grabado') . '</p>';
$_POST['adcode'] = '';
$errors++;
} else {
$adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_adcode='" . $_POST['adcode'] . "'"));
if ($adcode_count > 0) {
echo '<p class="form-error">' . _('ya hay otro usuario con la misma cuenta, no se ha grabado') . '</p>';
$_POST['adcode'] = '';
$errors++;
}
}
}
$user->adcode = $_POST['adcode'];
}
$user->names = trim($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if ($_POST['password'] !== $_POST['password2']) {
echo '<p class="form-error">' . _('Las claves no son iguales, no se ha modificado') . '</p>';
$errors = 1;
} else {
$user->pass = trim($_POST['password']);
echo '<p>' . _('La clave se ha cambiado') . '</p>';
$pass_changed = true;
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level = $db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma = $_POST['karma'];
}
$user->comment_pref = intval($_POST['comment_pref']);
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size($user->id, 'image')) {
if (!avatars_manage_upload($user->id, 'image')) {
echo '<p class="form-error">' . _('Error guardando la imagen') . '</p>';
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = 1;
}
} else {
echo '<p class="form-error">' . _('El tamaño de la imagen excede el límite') . '</p>';
$errors = 1;
$user->avatar = 0;
}
}
if (!$errors) {
// benjami: "if" added (2005-12-22)
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $pass_changed)) {
$current_user->Authenticate($user->username, $user->pass);
}
echo '<p class="form-act">' . _('Datos actualizados') . '</p>';
}
}
function pingback() {
$url_components = @parse_url($this->url);
// Now we use previous pingback or detect it
if ((!empty($url_components['query']) || preg_match('|^/.*[\.-/]+|', $url_components['path']))) {
if (!empty($this->pingback)) {
$trackback = $this->pingback;
} elseif (preg_match('/<link[^>]+rel="pingback"[^>]*>/i', $this->html, $matches)) {
if (preg_match('/href="([^"]+)"/i', $matches[0], $matches2)) {
$trackback='ping:'.trim($matches2[1]);
}
}
}
if (!empty($trackback)) {
$this->trackback = clean_input_url($trackback);
return true;
}
return false;
}
function do_header($title)
{
global $if_modified, $last_modified, $dblang, $globals;
if (!$last_modified > 0) {
if ($if_modified > 0) {
$last_modified = $if_modified;
} else {
$last_modified = time();
}
}
header('X-If-Modified: ' . gmdate('D, d M Y H:i:s', $if_modified));
header('X-Last-Modified: ' . gmdate('D, d M Y H:i:s', $last_modified));
if ($last_modified <= $if_modified) {
header('HTTP/1.1 304 Not Modified');
exit;
}
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $last_modified) . ' GMT');
header('Content-type: text/xml; charset=UTF-8', true);
echo '<?xml version="1.0" encoding="UTF-8"?' . '>' . "\n";
echo '<rss version="2.0" ' . "\n";
echo ' xmlns:atom="http://www.w3.org/2005/Atom"' . "\n";
echo ' xmlns:content="http://purl.org/rss/1.0/modules/content/"' . "\n";
echo ' xmlns:wfw="http://wellformedweb.org/CommentAPI/"' . "\n";
echo ' xmlns:dc="http://purl.org/dc/elements/1.1/"' . "\n";
echo ' xmlns:georss="http://www.georss.org/georss"' . "\n";
echo ' >' . "\n";
echo '<channel>' . "\n";
echo ' <title>' . $title . '</title>' . "\n";
echo ' <atom:link href="http://' . get_server_name() . __(clean_input_url($_SERVER['REQUEST_URI'])) . '" rel="self" type="application/rss+xml" />' . "\n";
echo ' <link>http://' . get_server_name() . post_get_base_url() . '</link>' . "\n";
echo "\t<image><title>" . $title . "</title><link>http://" . get_server_name() . post_get_base_url() . "</link><url>http://" . get_static_server_name() . $globals['base_url'] . "img/common/eli-rss.png</url></image>\n";
echo ' <description>' . _('Sitio colaborativo de publicación y comunicación entre blogs') . '</description>' . "\n";
echo ' <pubDate>' . date("r", $last_modified) . '</pubDate>' . "\n";
echo ' <generator>http://blog.meneame.net/</generator>' . "\n";
echo ' <language>' . $dblang . '</language>' . "\n";
}
if ($tbs = $db->get_col("select trackback_id from trackbacks where trackback_link_id = {$link->id} and trackback_status='pendent'")) {
foreach ($tbs as $tb_id) {
$tb = new Trackback();
$tb->id = $tb_id;
if ($tb->read()) {
$res = $tb->send($link);
}
}
}
// Send pingbacks for link inside the text
preg_match_all('/([\\(\\[:\\.\\s]|^)(https*:\\/\\/[^ \\t\\n\\r\\]\\(\\)\\&]{5,70}[^ \\t\\n\\r\\]\\(\\)]*[^ .\\t,\\n\\r\\(\\)\\"\'\\]\\?])/i', $link->content, $matches);
foreach ($matches[2] as $match) {
$tb = new Trackback();
$tb->link = clean_input_url($match);
$tb->link_id = $link->id;
$tb->author = $link->author;
if (!$tb->read()) {
$tmp = new Link();
if (!$tmp->get($match, 2000, false)) {
echo "couldn't get {$match}\n";
next;
}
if (!$tmp->pingback()) {
echo "couldn't get pingback {$match}\n";
next;
}
$tb->link = clean_input_url($match);
$tb->url = clean_input_url($tmp->trackback);
$tb->send($link);
}
}
function send($link)
{
if (empty($this->url)) {
return;
}
$this->title = clean_input_url($link->url);
if (preg_match('/^ping:/', $this->url)) {
// we got a pingback adress
require_once mnminclude . 'IXR_Library.inc.php';
$url = preg_replace('/^ping:/', '', $this->url);
$client = new IXR_Client($url);
$client->timeout = 3;
$client->useragent .= ' -- Meneame/2';
$client->debug = false;
if ($client->query('pingback.ping', $link->get_permalink(), $this->link)) {
$this->status = 'ok';
$this->store();
syslog(LOG_NOTICE, "Meneame, pingback sent: {$this->link}, {$this->url}");
return true;
} else {
// Be quiet for pingbacks
$this->status = 'error';
$this->title = $client->getErrorMessage();
$this->store();
syslog(LOG_NOTICE, "Meneame, out pingback error: {$url} " . $link->get_permalink() . ': ' . $client->getErrorCode() . ' ' . $client->getErrorMessage());
return false;
}
}
// Send standard old trackback
$title = urlencode($link->title);
// Convert everything to HTML and the strip all html tags.
$excerpt = urlencode(strip_tags(text_to_html($link->content)));
$blog_name = urlencode(get_server_name());
$tb_url = $this->url;
$url = urlencode($link->get_permalink());
$query_string = "charset=UTF-8&title={$title}&url={$url}&blog_name={$blog_name}&excerpt={$excerpt}";
$trackback_url = parse_url($this->url);
$http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?' . $trackback_url['query'] : '') . " HTTP/1.0\r\n";
$http_request .= 'Host: ' . $trackback_url['host'] . "\r\n";
$http_request .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' . "\r\n";
$http_request .= 'Content-Length: ' . strlen($query_string) . "\r\n";
$http_request .= "User-Agent: MNM (http://meneame.net) ";
$http_request .= "\r\n\r\n";
$http_request .= $query_string;
if ('' == $trackback_url['port']) {
$trackback_url['port'] = 80;
}
$fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 5);
if ($fs && ($res = @fputs($fs, $http_request))) {
/*********** DEBUG **********
$debug_file = '/tmp/trackback.log';
$fp = fopen($debug_file, 'a');
fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n");
while(!@feof($fs)) {
fwrite($fp, @fgets($fs, 4096));
}
fwrite($fp, "\n\n");
fclose($fp);
/*********** DEBUG ************/
@fclose($fs);
$this->status = 'ok';
$this->store();
syslog(LOG_NOTICE, "Meneame, trackback sent: {$this->link}, {$this->url}");
return true;
}
$this->status = 'error';
$this->store();
return false;
}
function do_submit3() {
global $db, $current_user;
$linkres=new Link;
$linkres->id=$link_id = intval($_POST['id']);
if(!check_link_key() || !$linkres->read()) die;
// Check it is not in the queue already
if ($linkres->duplicates($linkres->url)) {
// Write headers, they were not printed yet
do_header(_("enviar noticia"), "post");
echo '<div id="singlewrap">' . "\n";
report_dupe($linkres->url);
return;
}
// Check this one was not already queued
if($linkres->votes == 0 && $linkres->status != 'queued') {
$db->transaction();
$linkres->status='queued';
$linkres->sent_date = $linkres->date=time();
$linkres->get_uri();
$linkres->store();
$linkres->insert_vote($current_user->user_karma);
$db->commit();
// Add the new link log/event
require_once(mnminclude.'log.php');
log_conditional_insert('link_new', $linkres->id, $linkres->author);
$db->query("delete from links where link_author = $linkres->author and link_date > date_sub(now(), interval 30 minute) and link_status='discard' and link_votes=0");
if(!empty($_POST['trackback'])) {
$trackres = new Trackback;
$trackres->url=clean_input_url($_POST['trackback']);
$trackres->link_id=$linkres->id;
$trackres->link=$linkres->url;
$trackres->author=$linkres->author;
$trackres->status = 'pendent';
$trackres->store();
}
fork("backend/send_pingbacks.php?id=$linkres->id");
}
header('Location: '. $linkres->get_permalink());
die;
}
function search_parse_query()
{
global $db;
// Check what should be searched
switch ($_REQUEST['w']) {
case 'posts':
case 'comments':
case 'links':
break;
default:
$_REQUEST['w'] = 'links';
}
$_REQUEST['words'] = $_REQUEST['q'] = trim(substr(strip_tags(stripslashes($_REQUEST['q'])), 0, 500));
if (!empty($_REQUEST['p'])) {
$_REQUEST['p'] = clean_input_url($_REQUEST['p']);
} elseif (preg_match('/^ *(\\w+): *(.*)/', $_REQUEST['q'], $matches)) {
$_REQUEST['words'] = $matches[2];
switch ($matches[1]) {
case 'http':
case 'https':
$_REQUEST['words'] = $_REQUEST['q'];
$_REQUEST['o'] = 'date';
$_REQUEST['p'] = 'url';
break;
case 'date':
$_REQUEST['o'] = 'date';
break;
case 'url':
$_REQUEST['p'] = 'url';
break;
case 'title':
$_REQUEST['p'] = 'title';
break;
case 'tag':
case 'tags':
$_REQUEST['p'] = 'tags';
break;
}
}
// Check filters and clean
if (isset($_REQUEST['h'])) {
$_REQUEST['h'] = intval($_REQUEST['h']);
}
if (isset($_REQUEST['p']) && !preg_match('/^(url|tags|title|site|url_db)$/', $_REQUEST['p'])) {
unset($_REQUEST['p']);
}
if (isset($_REQUEST['o']) && !preg_match('/^(date|relevance|pure)$/', $_REQUEST['o'])) {
unset($_REQUEST['o']);
}
}
function search_parse_query()
{
global $db;
// Check what should be searched
switch ($_REQUEST['w']) {
case 'posts':
case 'comments':
case 'links':
break;
default:
$_REQUEST['w'] = 'links';
}
$_REQUEST['words'] = $_REQUEST['q'] = trim(substr(strip_tags(stripslashes($_REQUEST['q'])), 0, 250));
if (!empty($_REQUEST['p'])) {
$_REQUEST['p'] = clean_input_url($_REQUEST['p']);
} elseif (preg_match('/^ *(\\w+): *(.*)/', $_REQUEST['q'], $matches)) {
$_REQUEST['words'] = $matches[2];
switch ($matches[1]) {
case 'http':
case 'https':
$_REQUEST['words'] = $_REQUEST['q'];
$_REQUEST['o'] = 'date';
$_REQUEST['p'] = 'url_db';
break;
case 'date':
$_REQUEST['o'] = 'date';
break;
case 'url':
$_REQUEST['p'] = 'url';
break;
case 'title':
$_REQUEST['p'] = 'title';
break;
case 'tag':
case 'tags':
$_REQUEST['p'] = 'tags';
break;
}
}
// Check filters and clean
if (isset($_REQUEST['h'])) {
$_REQUEST['h'] = intval($_REQUEST['h']);
}
if (isset($_REQUEST['p']) && !preg_match('/^(url|tags|title|site|url_db)$/', $_REQUEST['p'])) {
unset($_REQUEST['p']);
}
if (isset($_REQUEST['o']) && !preg_match('/^(date|relevance)$/', $_REQUEST['o'])) {
unset($_REQUEST['o']);
}
if ($_REQUEST['w'] == 'links' && isset($_REQUEST['s'])) {
// Retrieve available status values
$row = $db->get_row("SHOW COLUMNS FROM links like 'link_status'");
preg_match_all("/'(.*?)'/", $row->Type, $matches);
$i = array_search($_REQUEST['s'], $matches[1]);
if ($i !== false) {
$_REQUEST['s_id'] = $i + 1;
} else {
unset($_REQUEST['s']);
}
}
}
function enqueue()
{
global $db, $globals, $current_user;
// Check this one was not already queued
if ($this->votes == 0 && $this->author == $current_user->user_id && $this->status != 'queued') {
$this->status = 'queued';
$this->sent_date = $this->date = time();
$this->get_uri();
$db->transaction();
if (!$this->store()) {
$db->rollback();
return false;
}
$this->insert_vote($current_user->user_karma);
// Add the new link log/event
Log::conditional_insert('link_new', $this->id, $this->author);
$db->query("delete from links where link_author = {$this->author} and link_date > date_sub(now(), interval 30 minute) and link_status='discard' and link_votes=0");
if (!empty($_POST['trackback'])) {
$trackres = new Trackback();
$trackres->url = clean_input_url($_POST['trackback']);
$trackres->link_id = $this->id;
$trackres->link = $this->url;
$trackres->author = $this->author;
$trackres->status = 'pendent';
$trackres->store();
}
$db->commit();
fork("backend/send_pingbacks.php?id={$this->id}");
}
}
function do_submit1()
{
global $db, $dblang, $current_user, $globals, $errors;
$url = clean_input_url(urldecode($_POST['url']));
$url = preg_replace('/#[^\\/]*$/', '', $url);
// Remove the "#", people just abuse
$url = preg_replace('/^http:\\/\\/http:\\/\\//', 'http://', $url);
// Some users forget to delete the foo http://
if (!preg_match('/^\\w{3,6}:\\/\\//', $url)) {
// http:// forgotten, add it
$url = 'http://' . $url;
}
$new_user = false;
if (!check_link_key()) {
add_submit_error(_('clave incorrecta'));
return false;
}
if ($globals['min_karma_for_links'] > 0 && $current_user->user_karma < $globals['min_karma_for_links']) {
add_submit_error(_('no tienes el mínimo de karma para enviar una nueva historia'));
return false;
}
// Don't allow to send a link by a clone
$hours = intval($globals['user_links_clon_interval']);
$clones = $current_user->get_clones($hours + 1);
if ($hours > 0 && $clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval {$hours} hour) and link_author in ({$l})");
if ($c > 0) {
add_submit_error(_('ya se envió con otro usuario «clon» en las últimas horas') . ", " . _('disculpa las molestias'));
syslog(LOG_NOTICE, "Meneame, clon submit ({$current_user->user_login}): " . $_REQUEST['url']);
return false;
}
}
// Check the number of links sent by a user
$queued_24_hours = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval 24 hour) and link_author={$current_user->user_id}");
if ($globals['limit_user_24_hours'] && $queued_24_hours > $globals['limit_user_24_hours']) {
add_submit_error(_('debes esperar, tienes demasiados envíos en cola de las últimas 24 horas') . " ({$queued_24_hours}), " . _('disculpa las molestias'));
syslog(LOG_NOTICE, "Meneame, too many queued in 24 hours ({$current_user->user_login}): " . $_REQUEST['url']);
return false;
}
// check the URL is OK and that it resolves
$url_components = @parse_url($url);
if (!$url_components || !$url_components['host'] || gethostbyname($url_components['host']) == $url_components['host']) {
add_submit_error(_('URL o nombre de servidor erróneo'), _('el nombre del servidor es incorrecto o éste tiene problemas para resolver el nombre'));
syslog(LOG_NOTICE, "Meneame, hostname error ({$current_user->user_login}): {$url}");
return false;
}
$enqueued_last_minutes = (int) $db->get_var("select count(*) from links where link_status='queued' and link_date > date_sub(now(), interval 3 minute)");
if ($current_user->user_karma > $globals['limit_3_minutes_karma']) {
$enqueued_limit = $globals['limit_3_minutes'] * 1.5;
} else {
$enqueued_limit = $globals['limit_3_minutes'];
}
if ($enqueued_last_minutes > $enqueued_limit) {
//echo '<p class="error"><strong>'._('exceso de envíos').':</strong></p>';
//echo '<p>'._('se han enviado demasiadas historias en los últimos 3 minutos'). " ($enqueued_last_minutes > $enqueued_limit), "._('disculpa las molestias'). ' </p>';
//echo '</div>'. "\n";
add_submit_error(_('exceso de envíos'), _('se han enviado demasiadas historias en los últimos 3 minutos') . " ({$enqueued_last_minutes} > {$enqueued_limit}), " . _('disculpa las molestias'));
syslog(LOG_NOTICE, "Meneame, too many queued ({$current_user->user_login}): " . $_REQUEST['url']);
return false;
}
// Check the user does not have too many drafts
$minutes = intval($globals['draft_time'] / 60) + 10;
$drafts = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval {$minutes} minute) and link_status='discard' and link_votes = 0");
if ($drafts > $globals['draft_limit']) {
add_submit_error(_('demasiados borradores'), _('has hecho demasiados intentos, debes esperar o continuar con ellos desde la') . ' <a href="shakeit.php?meta=_discarded">' . _('cola de descartadas') . '</a></p>');
syslog(LOG_NOTICE, "Meneame, too many drafts ({$current_user->user_login}): " . $_REQUEST['url']);
return false;
}
// Delete dangling drafts
if ($drafts > 0) {
$db->query("delete from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 30 minute) and link_date < date_sub(now(), interval 10 minute) and link_status='discard' and link_votes = 0");
}
// Check for banned IPs
if (($ban = check_ban($globals['user_ip'], 'ip', true)) || ($ban = check_ban_proxy())) {
if ($ban['expire'] > 0) {
$expires = _('caduca') . ': ' . get_date_time($ban['expire']);
} else {
$expires = '';
}
add_submit_error(_('dirección IP no permitida para enviar'), $expires);
syslog(LOG_NOTICE, "Meneame, banned IP " . $globals['user_ip'] . " ({$current_user->user_login}): {$url}");
return false;
}
// Number of links sent by the user
$total_sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id}") - $drafts;
if ($total_sents > 0) {
$sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)") - $drafts;
} else {
$new_user = true;
$sents = 0;
}
$register_date = $current_user->Date();
if ($globals['now'] - $register_date < $globals['new_user_time']) {
$new_user = true;
}
// check that a new user also votes, not only sends links
// it requires $globals['min_user_votes'] votes
if ($new_user && $globals['min_user_votes'] > 0 && $current_user->user_karma < $globals['new_user_karma']) {
$user_votes_total = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_user_id={$current_user->user_id}");
$user_votes = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_date > date_sub(now(), interval 72 hour) and vote_user_id={$current_user->user_id}");
$user_links = 1 + $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 24 hour) and link_status != 'discard'");
$total_links = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 24 hour) and link_status = 'queued'");
if ($sents == 0) {
// If is a new user, requires more votes, to avoid spam
$min_votes = $globals['min_user_votes'];
} else {
$min_votes = min(4, intval($total_links / 20)) * $user_links;
}
if (!$current_user->admin && $user_votes < $min_votes) {
$needed = $min_votes - $user_votes;
if ($new_user) {
add_submit_error(_('¿es la primera vez que envías una historia?'), _('necesitas como mínimo') . " {$needed} " . _('votos'));
} else {
add_submit_error(_('no tienes el mínimo de votos necesarios para enviar una nueva historia'), _('necesitas votar como mínimo a') . " {$needed} " . _('envíos'));
}
add_submit_error(_('no votes de forma apresurada, penaliza el karma'), '<a href="' . $globals['base_url'] . 'shakeit.php" target="_blank">' . _('haz clic aquí para ir a votar') . '</a>');
return false;
}
}
// avoid spams, an extra security check
// it counts the numbers of links in the last hours
if ($new_user) {
$user_links_limit = $globals['new_user_links_limit'];
$user_links_interval = intval($globals['new_user_links_interval'] / 3600);
} else {
$user_links_limit = $globals['user_links_limit'];
$user_links_interval = intval($globals['user_links_interval'] / 3600);
}
$same_user = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author={$current_user->user_id}") - $drafts;
$same_ip = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_ip = '" . $globals['user_ip'] . "'") - $drafts;
if ($same_user > $user_links_limit || $same_ip > $user_links_limit) {
add_submit_error(_('debes esperar, ya se enviaron varias con el mismo usuario o dirección IP'));
return false;
}
// avoid users sending continuous "rubbish" or "propaganda", specially new users
// it takes in account the number of positive votes in the last six hours
if ($same_user > 1 && $current_user->user_karma < $globals['karma_propaganda']) {
$positives_received = $db->get_var("select sum(link_votes) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}");
$negatives_received = $db->get_var("select sum(link_negatives) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}");
if ($negatives_received > 10 && $negatives_received > $positives_received * 1.5) {
add_submit_error(_('debes esperar, has tenido demasiados votos negativos en tus últimos envíos'));
return false;
}
}
$link = new Link();
$link->url = $url;
$link->is_new = true;
// Disable several options in the editing form
$edit = false;
if (report_duplicated($url)) {
return true;
}
// Don't output error messages
if (!$link->check_url($url, true, true) || !$link->get($url)) {
$e = _('URL erróneo o no permitido') . ': ';
if ($link->ban && $link->ban['match']) {
$e .= $link->ban['match'];
} else {
$e .= $link->url;
}
add_submit_error($e, _('Razón') . ': ' . $link->ban['comment']);
if ($link->ban['expire'] > 0) {
add_submit_error($e, _('caduca') . ': ' . get_date_time($link->ban['expire']));
}
return false;
}
// If the URL has changed, check again is not dupe
if ($link->url != $url && report_duplicated($link->url)) {
return;
}
$link->randkey = intval($_POST['randkey']);
if (!$link->valid) {
//echo '<p class="error"><strong>'._('error leyendo el url').':</strong> '.htmlspecialchars($url).'</p>';
$e = _('error leyendo el url') . ': ' . htmlspecialchars($url);
// Dont allow new users with low karma to post wrong URLs
if ($current_user->user_karma < 8 && $current_user->user_level == 'normal') {
add_submit_error($e, _('URL inválido, incompleto o no permitido. Está fuera de línea, o tiene mecanismos antibots.'));
return false;
}
add_submit_error($e, _('no es válido, está fuera de línea, o tiene mecanismos antibots. <strong>Continúa</strong>, pero asegúrate que sea correcto'));
}
$link->status = 'discard';
$link->author = $current_user->user_id;
if (!$link->pingback()) {
$link->trackback();
}
$link->trackback = htmlspecialchars($link->trackback);
$link->create_blog_entry();
$blog = new Blog();
$blog->id = $link->blog;
$blog->read();
$blog_url_components = @parse_url($blog->url);
$blog_url = $blog_url_components['host'] . $blog_url_components['path'];
// Now we check again against the blog table
// it's done because there could be banned blogs like http://lacotelera.com/something
if ($ban = check_ban($blog->url, 'hostname', false, true)) {
$e = _('URL inválido') . ': ' . htmlspecialchars($url);
add_submit_error($e, _('el sitio') . ' ' . $ban['match'] . ' ' . _('está deshabilitado') . ' (' . $ban['comment'] . ')');
if ($ban['expire'] > 0) {
add_submit_error($e, _('caduca') . ': ' . get_date_time($ban['expire']));
}
syslog(LOG_NOTICE, "Meneame, banned site ({$current_user->user_login}): {$blog->url} <- " . $_REQUEST['url']);
return false;
}
// check for users spamming several sites and networks
// it does not allow a low "entropy"
if ($sents > 30) {
$ratio = (double) $db->get_var("select count(distinct link_blog)/count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)");
$threshold = 1 / log($sents, 2);
if ($ratio < $threshold) {
if ($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog = {$blog->id}") > 2) {
syslog(LOG_NOTICE, "Meneame, forbidden due to low entropy: {$ratio} < {$threshold} ({$current_user->user_login}): {$link->url}");
add_submit_error(_('ya has enviado demasiados enlaces a los mismos sitios'), _('varía las fuentes, podría ser considerado spam'));
return false;
}
}
}
// Check the user does not send too many images or vídeos
// they think this is a fotolog
if ($sents > 5 && ($link->content_type == 'image' || $link->content_type == 'video')) {
$image_links = intval($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_content_type in ('image', 'video')"));
if ($image_links > $sents * 0.8) {
syslog(LOG_NOTICE, "Meneame, forbidden due to too many images or video sent by user ({$current_user->user_login}): {$link->url}");
add_submit_error(_('ya has enviado demasiadas imágenes o vídeos'));
return false;
}
}
// Avoid users sending too many links to the same site in last hours
$hours = 24;
$same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$hours} hour) and link_author={$current_user->user_id} and link_blog={$link->blog} and link_votes > 0");
if ($same_blog >= $globals['limit_same_site_24_hours']) {
syslog(LOG_NOTICE, "Meneame, forbidden due to too many links to the same site in last {$hours} hours ({$current_user->user_login}): {$link->url}");
add_submit_error(_('demasiados enlaces al mismo sitio en las últimas horas'));
return false;
}
// avoid auto-promotion (autobombo)
$minutes = 30;
$same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$minutes} minute) and link_author={$current_user->user_id} and link_blog={$link->blog} and link_votes > 0");
if ($same_blog > 0 && $current_user->user_karma < 12) {
syslog(LOG_NOTICE, "Meneame, forbidden due to short period between links to same site ({$current_user->user_login}): {$link->url}");
add_submit_error(_('ya has enviado un enlace al mismo sitio hace poco tiempo'), _('debes esperar') . " {$minutes} " . _('minutos entre cada envío al mismo sitio.') . ', ' . '<a href="' . $globals['base_url'] . 'faq-' . $dblang . '.php">' . _('lee el FAQ') . '</a>');
return false;
}
// Avoid spam (autobombo), count links in last two months
$same_blog = $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog={$link->blog}");
$check_history = $sents > 3 && $same_blog > 0 && ($ratio = $same_blog / $sents) > 0.5;
if ($check_history) {
$e = _('has enviado demasiados enlaces a') . " {$blog->url}";
if ($sents > 5 && $ratio > 0.75) {
add_submit_error($e, _('has superado los límites de envíos de este sitio'));
// don't allow to continue
syslog(LOG_NOTICE, "Meneame, warn, high ratio, process interrumped ({$current_user->user_login}): {$link->url}");
return false;
} else {
add_submit_error($e, _('continúa, pero ten en cuenta podría recibir votos negativos') . ', ' . '<a href="' . $globals['base_url'] . $globals['legal'] . '">' . _('condiciones de uso') . '</a>');
syslog(LOG_NOTICE, "Meneame, warn, high ratio, continue ({$current_user->user_login}): {$link->url}");
}
}
$links_12hs = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour)");
// check there is no an "overflow" from the same site
$site_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_blog={$link->blog} and link_status in ('queued')"));
if ($site_links > 10 && $site_links > $links_12hs * 0.05) {
// Only 5% from the same site
syslog(LOG_NOTICE, "Meneame, forbidden due to overflow to the same site ({$current_user->user_login}): {$link->url}");
add_submit_error(_('ya se han enviado demasiadas artículos del mismo sitio, espera unos minutos por favor'), _('total en 12 horas') . ": {$site_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.05));
return false;
}
// check there is no an "overflow" of images
if ($link->content_type == 'image' || $link->content_type == 'video') {
$image_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_content_type in ('image', 'video')"));
if ($image_links > 5 && $image_links > $links_12hs * 0.15) {
// Only 15% images and videos
syslog(LOG_NOTICE, "Meneame, forbidden due to overflow images ({$current_user->user_login}): {$link->url}");
add_submit_error(_('ya se han enviado demasiadas imágenes o vídeos, espera unos minutos por favor'), _('total en 12 horas') . ": {$image_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.05));
return false;
}
}
if ($ban = check_ban($link->url, 'punished_hostname', false, true)) {
add_submit_error(_('Aviso') . ' ' . $ban['match'] . ': <em>' . $ban['comment'] . '</em>', _('mejor enviar el enlace a la fuente original, si no, será penalizado'));
}
// Now stores new draft
$link->sent_date = $link->date = time();
$link->key = $_POST['key'];
$link->randkey = $_POST['randkey'];
$link->store();
$link->url_title = mb_substr($link->url_title, 0, 200);
if (mb_strlen($link->url_description) > 40) {
$link->content = $link->url_description;
}
$link->chars_left = 550 - mb_strlen(html_entity_decode($link->content, ENT_COMPAT, 'UTF-8'), 'UTF-8');
Haanga::Load('link/submit1.html', compact('link', 'errors'));
return true;
}
function do_submit3()
{
global $db, $current_user;
$linkres = new Link();
$linkres->id = $link_id = intval($_POST['id']);
if (!check_link_key() || !$linkres->read()) {
die;
}
// Check it is not in the queue already
if ($linkres->votes == 0 && $linkres->status != 'queued') {
$linkres->status = 'queued';
$linkres->sent_date = $linkres->date = time();
$linkres->get_uri();
$linkres->store();
$linkres->insert_vote($current_user->user_id, $current_user->user_karma);
// Add the new link log/event
require_once mnminclude . 'log.php';
log_conditional_insert('link_new', $linkres->id, $linkres->author);
$db->query("delete from links where link_author = {$linkres->author} and link_date > date_sub(now(), interval 30 minute) and link_status='discard' and link_votes=0");
if (!empty($_POST['trackback'])) {
require_once mnminclude . 'trackback.php';
$trackres = new Trackback();
$trackres->url = clean_input_url($_POST['trackback']);
$trackres->link_id = $linkres->id;
$trackres->link = $linkres->url;
//$trackres->title=$linkres->title;
$trackres->author = $linkres->author;
//$trackres->content=$linkres->content;
$res = $trackres->send($linkres);
}
fork("backend/send_pingbacks.php?id={$linkres->id}");
}
header('Location: ' . $linkres->get_permalink());
die;
}
function save_profile()
{
global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max;
$errors = 0;
// benjami: control added (2005-12-22)
$new_pass = false;
$messages = array();
$form_hash = md5($site_key . $user->id . $current_user->user_id);
if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) {
$old_user_login = $user->username;
$old_user_id = $user->id;
$user->disable(true);
Log::insert('user_delete', $old_user_id, $old_user_id);
syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} ");
$current_user->Logout(get_user_uri($user->username));
die;
}
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
array_push($messages, _('Falta la clave de control'));
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
$newname = trim($_POST['username']);
if (strlen($newname) < 3) {
array_push($messages, _('nombre demasiado corto'));
$errors++;
}
if (!check_username($newname)) {
array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos'));
$errors++;
} elseif (user_exists($newname, $user->id)) {
array_push($messages, _('el usuario ya existe'));
$errors++;
} else {
$user->username = $newname;
}
}
if (!empty($_POST['bio']) || $user->bio) {
$bio = clean_text($_POST['bio'], 0, false, $bio_max);
if ($bio != $user->bio) {
$user->bio = $bio;
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
array_push($messages, _('el correo electrónico no es correcto'));
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
array_push($messages, _('ya existe otro usuario con esa dirección de correo'));
$errors++;
} else {
$user->email = trim($_POST['email']);
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
// Check IM address
if (!empty($_POST['public_info'])) {
$_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
$public = $db->escape($_POST['public_info']);
$im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'"));
if ($im_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'));
$_POST['public_info'] = '';
$errors++;
}
}
$user->phone = $_POST['phone'];
$user->public_info = htmlspecialchars(clean_input_url($_POST['public_info']));
// End check IM address
if ($user->id == $current_user->user_id) {
// Check phone number
if (!empty($_POST['phone'])) {
if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) {
array_push($messages, _('número telefónico erróneo, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
} else {
$phone = $db->escape($_POST['phone']);
$phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'"));
if ($phone_count > 0) {
array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
}
}
}
$user->phone = $_POST['phone'];
// End check phone number
}
// Verifies adsense code
if ($globals['external_user_ads']) {
$_POST['adcode'] = trim($_POST['adcode']);
$_POST['adchannel'] = trim($_POST['adchannel']);
if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) {
array_push($messages, _('código AdSense incorrecto, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
} else {
$adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'"));
if ($adcode_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
}
}
}
if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
array_push($messages, _('canal AdSense incorrecto, no se ha grabado'));
$_POST['adchannel'] = '';
$errors++;
}
}
$user->adcode = $_POST['adcode'];
$user->adchannel = $_POST['adchannel'];
}
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números'));
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
array_push($messages, _('las claves no son iguales, no se ha modificado'));
$errors = 1;
} else {
$new_pass = trim($_POST['password']);
$user->pass = UserAuth::hash($new_pass);
array_push($messages, _('La clave se ha cambiado'));
$pass_changed = true;
}
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level = $db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma = $_POST['karma'];
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
array_push($messages, _('error guardando la imagen'));
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
array_push($messages, _('el tamaño de la imagen excede el límite'));
$errors = 1;
$user->avatar = 0;
}
} elseif ($_POST['avatar_delete']) {
$user->avatar = 0;
avatars_remove($user->id);
}
// Reset avatar for the logged user
if ($current_user->user_id == $user->id) {
$current_user->user_avatar = $user->avatar;
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) {
$current_user->Authenticate($user->username, $new_pass);
}
array_push($messages, _('datos actualizados'));
}
return $messages;
}
function same_links_count($min=30) {
global $db;
$count = 0;
$localdomain = preg_quote(get_server_name(), '/');
preg_match_all('/([\(\[:\.\s]|^)(https*:\/\/[^ \t\n\r\]\(\)\&]{5,70}[^ \t\n\r\]\(\)]*[^ .\t,\n\r\(\)\"\'\]\?])/i', $this->content, $matches);
foreach ($matches[2] as $match) {
$link=clean_input_url($match);
$components = parse_url($link);
if (! preg_match("/.*$localdomain$/", $components[host])) {
$link = "//$components[host]$components[path]";
$link=preg_replace('/(_%)/', "\$1", $link);
$link=$db->escape($link);
$count = max($count, (int) $db->get_var("select count(*) from posts where post_user_id = $this->author and post_date > date_sub(now(), interval $min minute) and post_content like '%$link%'"));
}
}
return $count;
}
function do_save()
{
global $linkres, $dblang, $current_user;
$linkres->read_content_type_buttons($_POST['type']);
$linkres->category = intval($_POST['category']);
if (!empty($_POST['url']) && ($current_user->user_level == 'admin' || $current_user->user_level == 'god')) {
$linkres->url = clean_input_url($_POST['url']);
}
$linkres->title = clean_text($_POST['title'], 40);
$linkres->content = clean_text($_POST['bodytext']);
$linkres->tags = tags_normalize_string($_POST['tags']);
// change the status
if (($current_user->user_level == 'god' || $linkres->status != 'published') && ($_POST['status'] == 'queued' || $_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
if (!$linkres->is_discarded() && ($_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
// Insert a log entry if the link has been manually discarded
$insert_discard_log = true;
}
$linkres->status = $_POST['status'];
}
if (!link_edit_errors($linkres)) {
if (empty($linkres->uri)) {
$linkres->get_uri();
}
$linkres->store();
tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
// Insert edit log/event
require_once mnminclude . 'log.php';
if ($insert_discard_log) {
// Insert always a link and discard event if the status has been changed to discard
log_insert('link_discard', $linkres->id, $current_user->user_id);
log_insert('link_edit', $linkres->id, $current_user->user_id);
} else {
log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
}
echo '<div class="form-error-submit"> ' . _("noticia actualizada") . '</div>' . "\n";
}
$linkres->read();
echo '<div class="formnotice">' . "\n";
$linkres->print_summary('preview');
echo '</div>' . "\n";
echo '<form id="genericform" method="GET" action="story.php" >';
echo '<input type="hidden" name="id" value="' . $linkres->id . '" />' . "\n";
echo '<input class="genericsubmit" type="button" onclick="window.history.go(-1)" value="' . _('« modificar') . '"> ' . "\n";
echo '<input class="genericsubmit" type="submit" value="' . _('ir a la noticia') . '" />' . "\n";
echo '</form>' . "\n";
}
function do_save($link)
{
global $dblang, $globals, $current_user, $db;
$link->status = $link->sub_status;
$site_properties = SitesMgr::get_extended_properties();
// Store previous value for the log
$link_old = new stdClass();
$link_old->url = $link->url;
$link_old->title = $link->title;
$link_old->content = $link->content;
$link_old->tags = $link->tags;
$link_old->status = $link->status;
$link_old->sub_id = $link->sub_id;
$link->read_content_type_buttons($_POST['type']);
$link->sub_id = intval($_POST['sub_id']);
if ($link->sub_id != $link_old->sub_id) {
$link->sub_changed = true;
// To force to delete old statuses with another origin
}
if ($current_user->admin || $current_user->user_level == 'blogger' || SitesMgr::is_owner()) {
if (!empty($_POST['url'])) {
$link->url = clean_input_url($_POST['url']);
}
if ($_POST['thumb_delete']) {
$link->delete_thumb();
}
if ($_POST['uri_update']) {
$link->get_uri();
}
if ($_POST['thumb_get']) {
$link->get_thumb();
} elseif (!empty($_POST['thumb_url'])) {
$url = clean_input_url($_POST['thumb_url']);
$link->get_thumb(false, $url);
}
}
$link->title = $_POST['title'];
$link->content = $_POST['bodytext'];
$link->tags = tags_normalize_string($_POST['tags']);
$errors = link_edit_errors($link);
// change the status
if ($_POST['status'] != $link->status && ($_POST['status'] == 'autodiscard' || $current_user->admin || SitesMgr::is_owner()) && preg_match('/^[a-z]{4,}$/', $_POST['status']) && (!$link->is_discarded() || $current_user->admin || SitesMgr::is_owner())) {
if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
// Insert a log entry if the link has been manually discarded
$insert_discard_log = true;
}
$link->status = $_POST['status'];
}
if (!$errors) {
if (empty($link->uri)) {
$link->get_uri();
}
// Check the blog_id
$blog_id = Blog::find_blog($link->url, $link->id);
if ($blog_id > 0 && $blog_id != $link->blog) {
$link->blog = $blog_id;
}
$db->transaction();
$link->store();
// Disabled table tags
// tags_insert_string($link->id, $dblang, $link->tags, $link->date);
// Insert edit log/event if the link it's newer than 15 days
if ($globals['now'] - $link->date < 86400 * 15) {
if ($insert_discard_log) {
// Insert always a link and discard event if the status has been changed to discard
Log::insert('link_discard', $link->id, $current_user->user_id);
if ($link->author == $current_user->user_id) {
// Don't save edit log if it's discarded by an admin
Log::insert('link_edit', $link->id, $current_user->user_id);
}
} elseif ($link->votes > 0) {
Log::conditional_insert('link_edit', $link->id, $current_user->user_id, 60, serialize($link_old));
}
}
// Check this one is a draft, allows the user to save and send it to the queue
if ($link->votes == 0 && $link->status != 'queued' && $link->author == $current_user->user_id) {
$link->enqueue();
}
$db->commit();
}
$link->read();
$link->permalink = $link->get_permalink();
Haanga::Load('link/edit_result.html', compact('link', 'errors'));
}
function get_links() {
global $current_user;
$this->links = array();
$this->banned = false;
$localdomain = preg_quote(get_server_name(), '/');
preg_match_all('/([\(\[:\.\s]|^)(https*:\/\/[^ \t\n\r\]\(\)\&]{5,70}[^ \t\n\r\]\(\)]*[^ .\t,\n\r\(\)\"\'\]\?])/i', $this->content, $matches);
foreach ($matches[2] as $match) {
require_once(mnminclude.'ban.php');
$link=clean_input_url($match);
$components = parse_url($link);
if ($components && ! preg_match("/.*$localdomain$/", $components['host'])) {
$link_ban = check_ban($link, 'hostname', false, true); // Mark this comment as containing a banned link
$this->banned |= $link_ban;
if ($link_ban) {
syslog(LOG_NOTICE, "Meneame: banned link in comment: $match ($current_user->user_login)");
}
if (array_search($components['host'], $this->links) === false)
array_push($this->links, $components['host']);
}
}
}
function do_save() {
global $linkres, $dblang, $current_user;
$linkres->read_content_type_buttons($_POST['type']);
$linkres->category=intval($_POST['category']);
if ($current_user->admin) {
if (!empty($_POST['url'])) {
$linkres->url = clean_input_url($_POST['url']);
}
if ($_POST['thumb_delete']) {
$linkres->delete_thumb();
}
if ($_POST['thumb_get']) {
$linkres->get_thumb();
}
}
$linkres->title = clean_text($_POST['title'], 40);
$linkres->content = clean_text_with_tags($_POST['bodytext']);
$linkres->tags = tags_normalize_string($_POST['tags']);
// change the status
if ($_POST['status'] != $linkres->status
&& ($_POST['status'] == 'autodiscard' || $current_user->admin)
&& preg_match('/^[a-z]{4,}$/', $_POST['status'])
&& ( ! $linkres->is_discarded() || $current_user->admin)) {
if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
// Insert a log entry if the link has been manually discarded
$insert_discard_log = true;
}
$linkres->status = $_POST['status'];
}
// EVENTS
$d = $_POST["datepicker1"];
$linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
$d = $_POST["datepicker2"];
$linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
if (!link_edit_errors($linkres)) {
if (empty($linkres->uri)) $linkres->get_uri();
$linkres->store();
tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
// Insert edit log/event if the link it's newer than 15 days
if ($globals['now'] - $linkres->date < 86400*15) {
require_once(mnminclude.'log.php');
if ($insert_discard_log) {
// Insert always a link and discard event if the status has been changed to discard
log_insert('link_discard', $linkres->id, $current_user->user_id);
if ($linkres->author == $current_user->user_id) { // Don't save edit log if it's discarded by an admin
log_insert('link_edit', $linkres->id, $current_user->user_id);
}
} elseif ($linkres->votes > 0) {
log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
}
}
echo '<div class="form-error-submit"> '._("noticia actualizada").'</div>'."\n";
}
$linkres->read();
echo '<div class="formnotice">'."\n";
$linkres->print_summary('preview');
echo '</div>'."\n";
echo '<form class="note" method="GET" action="story.php" >';
echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
echo '<input class="button" type="button" onclick="window.history.go(-1)" value="« '._('modificar').'"> '."\n";;
echo '<input class="button" type="submit" value="'._('ir a la noticia').'" />'."\n";
echo '</form>'. "\n";
}
function same_links_count($min = 30)
{
global $db;
$count = 0;
$localdomain = preg_quote(get_server_name(), '/');
preg_match_all('/([\\(\\[:\\.\\s]|^)(https*:\\/\\/[^ \\t\\n\\r\\]\\(\\)\\&]{5,70}[^ \\t\\n\\r\\]\\(\\)]*[^ .\\t,\\n\\r\\(\\)\\"\'\\]\\?])/i', $this->content, $matches);
foreach ($matches[2] as $match) {
$link = clean_input_url($match);
$components = parse_url($link);
if (!preg_match("/.*{$localdomain}\$/", $components[host])) {
$link = "//{$components['host']}{$components['path']}";
$link = preg_replace('/(_%)/', "\$1", $link);
$link = $db->escape($link);
$count = max($count, (int) $db->get_var("select count(*) from posts where post_user_id = {$this->author} and post_date > date_sub(now(), interval {$min} minute) and post_content like '%{$link}%'"));
}
}
return $count;
}
function get() {
// Check first in these server using *only* the URL
$video_servers = array(
// 'video.google.com' => 'check_google_video',
'youtube.com' => 'check_youtube',
// 'metacafe.com' => 'check_metacafe',
// 'vimeo.com' => 'check_vimeo',
// 'zappinternet.com' => 'check_zapp_internet',
// 'dailymotion.com' => 'check_daily_motion',
);
$base_host = preg_replace('/^www\./', '', $this->parsed_url['host']);
if ($video_servers[$base_host]) {
if ($this->debug) echo "<!-- Check video by URL: $video_servers[$base_host] -->\n";
if($this->$video_servers[$base_host]()) {
if ($this->debug) echo "<!-- Selected video by URL: $video_servers[$base_host] -->\n";
$this->selected->video = true;
}
return $this->selected;
}
$res = get_url($this->url, $this->referer);
if (!$res) {
echo "<!-- Error getting " . htmlentities($this->url) . "-->\n";
return;
}
if ($this->debug) echo "<!-- Got $this->url (". strlen($res['content']) .") -->\n";
if ($res['location'] != $this->url) {
$this->redirected = clean_input_url($res['location']);
$this->parsed_redirected = parse_url($this->redirected);
if ($this->debug)
echo "<!-- Redirected to URL: $this->redirected -->\n";
}
if (preg_match('/^image/i', $res['content_type'])) {
$img = new BasicThumb($this->url);
if ($img->fromstring($res['content'])) {
$img->type = 'local';
$img->candidate = true;
$this->selected = $img;
}
} elseif (preg_match('/text\/html/i', $res['content_type'])) {
$this->html = $res['content'];
$this->title = get_html_title($this->html);
if ($this->debug) echo "<!-- HTML $this->title -->\n";
// First check for thumbnail head metas
if ((preg_match('/<link\s+?rel=[\'"]image_src[\'"]\s+?href=[\'"](.+?)[\'"].*?>/is', $this->html, $match) ||
preg_match('/<meta\s+?name=[\'"]thumbnail_url[\'"]\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match))
&& ! preg_match('/meneame/i', $match[1])) { // a bad thumbnail meta in aldea-irreductible
$url = $match[1];
if ($this->debug)
echo "<!-- Try to select from $url -->\n";
$img = new BasicThumb($url);
if ($img->get()) {
$img->type = 'local';
$img->candidate = true;
$this->selected = $img;
if ($this->debug)
echo "<!-- Selected from $img->url -->\n";
return $this->selected;
}
}
// Analyze HTML <img's
if (preg_match('/<base *href=["\'](.+?)["\']/i', $this->html, $match)) {
$this->base = $match[1];
}
$html_short = $this->shorten_html($this->html);
// echo "<!-- $this->html -->\n";
$this->parse_img($html_short);
// If there is no image or image is slow
// Check if there are players
if ((!$this->selected || $this->selected->surface() < 120000)
&& $this->other_html
&& preg_match('/(< *(?:embed|iframe|object|param))|\.flv/i', $this->html)) {
if ($this->debug)
echo "<!-- Searching for video -->\n";
if ($this->check_youtube() ||
$this->check_google_video() ||
$this->check_metacafe() ||
$this->check_vimeo() ||
$this->check_zapp_internet() ||
$this->check_daily_motion() ||
$this->check_elmundo_video() ) {
$this->selected->video = true;
return $this->selected;
}
}
}
return $this->selected;
}