Ejemplo n.º 1
0
function save_profile()
{
    global $db, $user, $current_user, $globals, $site_key;
    $errors = 0;
    // benjami: control added (2005-12-22)
    $pass_changed = false;
    $messages = '';
    $form_hash = md5($site_key . $user->id . mnminclude);
    if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) {
        return;
    }
    if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
        $messages .= '<p class="form-error">' . _('Falta la clave de control') . '</p>';
        $errors++;
    }
    if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
        if (strlen(trim($_POST['username'])) < 3) {
            $messages .= '<p class="form-error">' . _('nombre demasiado corto') . '</p>';
            $errors++;
        }
        if (!check_username($_POST['username'])) {
            $messages .= '<p class="form-error">' . _('nombre de usuario erróneo, caracteres no admitidos') . '</p>';
            $errors++;
        } elseif (user_exists(trim($_POST['username']))) {
            $messages .= '<p class="form-error">' . _('el usuario ya existe') . '</p>';
            $errors++;
        } else {
            $user->username = trim($_POST['username']);
        }
    }
    if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
        $messages .= '<p class="form-error">' . _('el correo electrónico no es correcto') . '</p>';
        $errors++;
    } elseif (trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
        $messages .= '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>';
        $errors++;
    }
    $user->url = htmlspecialchars(clean_input_url($_POST['url']));
    $user->names = clean_text($_POST['names']);
    if (!empty($_POST['password']) || !empty($_POST['password2'])) {
        if (!check_password($_POST["password"])) {
            $messages .= '<p class="form-error">' . _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números') . '</p>';
            $errors = 1;
        } else {
            if (trim($_POST['password']) !== trim($_POST['password2'])) {
                $messages .= '<p class="form-error">' . _('las claves no son iguales, no se ha modificado') . '</p>';
                $errors = 1;
            } else {
                $user->pass = md5(trim($_POST['password']));
                $messages .= '<p  class="form-error">' . _('La clave se ha cambiado') . '</p>';
                $pass_changed = true;
            }
        }
    }
    $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
    // Manage avatars upload
    if (!empty($_FILES['image']['tmp_name'])) {
        if (avatars_check_upload_size('image')) {
            $avatar_mtime = avatars_manage_upload($user->id, 'image');
            if (!$avatar_mtime) {
                $messages .= '<p class="form-error">' . _('error guardando la imagen') . '</p>';
                $errors = 1;
                $user->avatar = 0;
            } else {
                $user->avatar = $avatar_mtime;
            }
        } else {
            $messages .= '<p class="form-error">' . _('el tamaño de la imagen excede el límite') . '</p>';
            $errors = 1;
            $user->avatar = 0;
        }
    }
    if (!$errors) {
        if (empty($user->ip)) {
            $user->ip = $globals['user_ip'];
        }
        $user->store();
        $user->read();
        if ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $pass_changed) {
            $current_user->Authenticate($user->username, $user->pass);
        }
        $messages .= '<p class="form-error">' . _('datos actualizados') . '</p>';
    }
    return $messages;
}
Ejemplo n.º 2
0
function do_submit3()
{
    global $db, $current_user;
    $linkres = new Link();
    $linkres->id = $link_id = intval($_POST['id']);
    $linkres->read();
    // Check it is not in the queue already
    if ($linkres->votes == 0 && $linkres->status != 'queued') {
        $linkres->status = 'queued';
        $linkres->date = time();
        $linkres->get_uri();
        $linkres->store();
        $linkres->insert_vote($current_user->user_id, $current_user->user_karma);
        // Add the new link log/event
        require_once mnminclude . 'log.php';
        log_conditional_insert('link_new', $linkres->id, $linkres->author);
        $db->query("delete from links where link_author = {$linkres->author} and link_status='discard' and link_votes=0");
        if (!empty($_POST['trackback'])) {
            require_once mnminclude . 'trackback.php';
            $trackres = new Trackback();
            $trackres->url = clean_input_url($_POST['trackback']);
            $trackres->link = $linkres->id;
            $trackres->title = $linkres->title;
            $trackres->author = $linkres->author;
            $trackres->content = $linkres->content;
            $res = $trackres->send($linkres);
        }
    }
    header("Location: shakeit.php");
    die;
}
Ejemplo n.º 3
0
 function get()
 {
     // Check first in these server using *only* the URL
     $video_servers = array('youtube.com' => 'check_youtube', 'yfrog.com' => 'check_yfrog');
     $base_host = preg_replace('/^www\\./', '', $this->parsed_url['host']);
     if ($video_servers[$base_host]) {
         if ($this->debug) {
             echo "<!-- Check thumb by URL: {$video_servers[$base_host]} -->\n";
         }
         if ($this->{$video_servers}[$base_host]()) {
             if ($this->debug) {
                 echo "<!-- Selected thumb by URL: {$video_servers[$base_host]} -->\n";
             }
             $this->selected->video = true;
             return $this->selected;
         }
     }
     $res = get_url($this->url, $this->referer, null, false);
     if (!$res) {
         if ($this->debug) {
             echo "<!-- Error getting " . htmlentities($this->url) . "-->\n";
         }
         return;
     }
     if ($this->debug) {
         echo "<!-- Got {$this->url} (" . strlen($res['content']) . ") -->\n";
     }
     if ($res['location'] != $this->url) {
         $this->redirected = clean_input_url($res['location']);
         $this->parsed_redirected = parse_url($this->redirected);
         if ($this->debug) {
             echo "<!-- Redirected to URL: {$this->redirected} -->\n";
         }
     }
     if (preg_match('/^image/i', $res['content_type'])) {
         $img = new BasicThumb($this->url);
         if ($img->fromstring($res['content'])) {
             $img->type = 'local';
             $img->candidate = true;
             $this->selected = $img;
         }
     } elseif (preg_match('/text\\/html/i', $res['content_type'])) {
         $this->html = $res['content'];
         $this->title = get_html_title($this->html);
         if ($this->debug) {
             echo "<!-- HTML {$this->title} -->\n";
         }
         // First check for thumbnail head metas
         if ((preg_match('/<meta\\s+?property=[\'"]og:image[\'"]\\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match) || preg_match('/<meta\\s+?name=[\'"]product-image[\'"]\\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match) || preg_match('/<meta\\s+?name=[\'"]thumbnail_url[\'"]\\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match) || preg_match('/<link\\s+?rel=[\'"]image_src[\'"]\\s+?href=[\'"](.+?)[\'"].*?>/is', $this->html, $match)) && !preg_match('/favicon/i', $match[1])) {
             $url = $match[1];
             $url = build_full_url($url, $this->url);
             if ($this->debug) {
                 echo "<!-- Try to select from {$url} -->\n";
             }
             $img = new BasicThumb($url);
             if ($img->get() && $img->is_not_black()) {
                 $img->type = 'local';
                 $img->candidate = true;
                 if ($img->x > 150 && $img->y > 150) {
                     if ($this->debug) {
                         echo "<!-- Selected from {$img->url} -->\n";
                     }
                     $this->selected = $img;
                     return $this->selected;
                 } else {
                     if ($this->debug) {
                         echo "<!-- Failback {$img->url} -->\n";
                     }
                     $this->fallback = $img;
                 }
             }
         }
         // Analyze HTML <img's
         if (preg_match('/<base *href=["\'](.+?)["\']/i', $this->html, $match)) {
             $this->base = $match[1];
         }
         $html_short = $this->shorten_html($this->html);
         //	echo "<!-- $this->html -->\n";
         $this->parse_img($html_short);
         // If there is no image or image is slow
         // Check if there are players
         if ((!$this->selected || $this->selected->surface() < 120000) && preg_match('/(< *(?:embed|iframe|object|param))[^>]*>|\\.flv/i', $this->html)) {
             if ($this->debug) {
                 echo "<!-- Searching for video -->\n";
             }
             if ($this->check_youtube() || $this->check_yfrog() || $this->check_google_video() || $this->check_metacafe() || $this->check_vimeo() || $this->check_zapp_internet() || $this->check_daily_motion() || $this->check_elmundo_video()) {
                 $this->selected->video = true;
                 return $this->selected;
             }
         }
     }
     if (!$this->selected && $this->fallback != false) {
         $this->selected = $this->fallback;
     }
     if ($this->debug) {
         echo "<!-- FINAL selection: {$this->selected} -->\n";
     }
     return $this->selected;
 }
Ejemplo n.º 4
0
function save_profile()
{
    global $db, $user, $current_user, $globals, $admin_mode;
    $errors = 0;
    // benjami: control added (2005-12-22)
    $pass_changed = false;
    if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
        return;
    }
    if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
        if (strlen(trim($_POST['username'])) < 3) {
            echo '<p class="form-error">' . _('nombre demasiado corto') . '</p>';
            $errors++;
        }
        if (!check_username($_POST['username'])) {
            echo '<p class="form-error">' . _('Nombre de usuario erróneo, caracteres no admitidos') . '</p>';
            $errors++;
        } elseif (user_exists(trim($_POST['username']))) {
            echo '<p class="form-error">' . _('El usuario ya existe') . '</p>';
            $errors++;
        } else {
            $user->username = trim($_POST['username']);
        }
    }
    if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
        echo '<p class="form-error">' . _('El correo electrónico no es correcto') . '</p>';
        $errors++;
    } elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
        echo '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>';
        $errors++;
    } else {
        $user->email = trim($_POST['email']);
    }
    $user->url = htmlspecialchars(clean_input_url($_POST['url']));
    // Verifies adsense code
    if ($globals['external_user_ads']) {
        $_POST['adcode'] = trim($_POST['adcode']);
        if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
            if (!preg_match('/^pub-[0-9]{16}$/', $_POST['adcode'])) {
                echo '<p class="form-error">' . _('código AdSense incorrecto, no se ha grabado') . '</p>';
                $_POST['adcode'] = '';
                $errors++;
            } else {
                $adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_adcode='" . $_POST['adcode'] . "'"));
                if ($adcode_count > 0) {
                    echo '<p class="form-error">' . _('ya hay otro usuario con la misma cuenta, no se ha grabado') . '</p>';
                    $_POST['adcode'] = '';
                    $errors++;
                }
            }
        }
        $user->adcode = $_POST['adcode'];
    }
    $user->names = trim($_POST['names']);
    if (!empty($_POST['password']) || !empty($_POST['password2'])) {
        if ($_POST['password'] !== $_POST['password2']) {
            echo '<p class="form-error">' . _('Las claves no son iguales, no se ha modificado') . '</p>';
            $errors = 1;
        } else {
            $user->pass = trim($_POST['password']);
            echo '<p>' . _('La clave se ha cambiado') . '</p>';
            $pass_changed = true;
        }
    }
    if ($admin_mode && !empty($_POST['user_level'])) {
        $user->level = $db->escape($_POST['user_level']);
    }
    if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
        $user->karma = $_POST['karma'];
    }
    $user->comment_pref = intval($_POST['comment_pref']);
    // Manage avatars upload
    if (!empty($_FILES['image']['tmp_name'])) {
        if (avatars_check_upload_size($user->id, 'image')) {
            if (!avatars_manage_upload($user->id, 'image')) {
                echo '<p class="form-error">' . _('Error guardando la imagen') . '</p>';
                $errors = 1;
                $user->avatar = 0;
            } else {
                $user->avatar = 1;
            }
        } else {
            echo '<p class="form-error">' . _('El tamaño de la imagen excede el límite') . '</p>';
            $errors = 1;
            $user->avatar = 0;
        }
    }
    if (!$errors) {
        // benjami: "if" added (2005-12-22)
        if (empty($user->ip)) {
            $user->ip = $globals['user_ip'];
        }
        $user->store();
        $user->read();
        if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $pass_changed)) {
            $current_user->Authenticate($user->username, $user->pass);
        }
        echo '<p class="form-act">' . _('Datos actualizados') . '</p>';
    }
}
Ejemplo n.º 5
0
	function pingback() {
		$url_components = @parse_url($this->url);
		// Now we use previous pingback or detect it
		if ((!empty($url_components['query']) || preg_match('|^/.*[\.-/]+|', $url_components['path']))) {
			if (!empty($this->pingback)) {
				$trackback = $this->pingback;
			} elseif (preg_match('/<link[^>]+rel="pingback"[^>]*>/i', $this->html, $matches)) {
				if (preg_match('/href="([^"]+)"/i', $matches[0], $matches2)) {
					$trackback='ping:'.trim($matches2[1]);
				}
			}
		}
		if (!empty($trackback)) {
			$this->trackback = clean_input_url($trackback);
			return true;
		}
		return false;
	}
Ejemplo n.º 6
0
function do_header($title)
{
    global $if_modified, $last_modified, $dblang, $globals;
    if (!$last_modified > 0) {
        if ($if_modified > 0) {
            $last_modified = $if_modified;
        } else {
            $last_modified = time();
        }
    }
    header('X-If-Modified: ' . gmdate('D, d M Y H:i:s', $if_modified));
    header('X-Last-Modified: ' . gmdate('D, d M Y H:i:s', $last_modified));
    if ($last_modified <= $if_modified) {
        header('HTTP/1.1 304 Not Modified');
        exit;
    }
    header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $last_modified) . ' GMT');
    header('Content-type: text/xml; charset=UTF-8', true);
    echo '<?xml version="1.0" encoding="UTF-8"?' . '>' . "\n";
    echo '<rss version="2.0" ' . "\n";
    echo '	xmlns:atom="http://www.w3.org/2005/Atom"' . "\n";
    echo '	xmlns:content="http://purl.org/rss/1.0/modules/content/"' . "\n";
    echo '	xmlns:wfw="http://wellformedweb.org/CommentAPI/"' . "\n";
    echo '	xmlns:dc="http://purl.org/dc/elements/1.1/"' . "\n";
    echo '	xmlns:georss="http://www.georss.org/georss"' . "\n";
    echo ' >' . "\n";
    echo '<channel>' . "\n";
    echo '	<title>' . $title . '</title>' . "\n";
    echo '	<atom:link href="http://' . get_server_name() . __(clean_input_url($_SERVER['REQUEST_URI'])) . '" rel="self" type="application/rss+xml" />' . "\n";
    echo '	<link>http://' . get_server_name() . post_get_base_url() . '</link>' . "\n";
    echo "\t<image><title>" . $title . "</title><link>http://" . get_server_name() . post_get_base_url() . "</link><url>http://" . get_static_server_name() . $globals['base_url'] . "img/common/eli-rss.png</url></image>\n";
    echo '	<description>' . _('Sitio colaborativo de publicación y comunicación entre blogs') . '</description>' . "\n";
    echo '	<pubDate>' . date("r", $last_modified) . '</pubDate>' . "\n";
    echo '	<generator>http://blog.meneame.net/</generator>' . "\n";
    echo '	<language>' . $dblang . '</language>' . "\n";
}
Ejemplo n.º 7
0
if ($tbs = $db->get_col("select trackback_id from trackbacks where trackback_link_id = {$link->id} and trackback_status='pendent'")) {
    foreach ($tbs as $tb_id) {
        $tb = new Trackback();
        $tb->id = $tb_id;
        if ($tb->read()) {
            $res = $tb->send($link);
        }
    }
}
// Send pingbacks for link inside the text
preg_match_all('/([\\(\\[:\\.\\s]|^)(https*:\\/\\/[^ \\t\\n\\r\\]\\(\\)\\&]{5,70}[^ \\t\\n\\r\\]\\(\\)]*[^ .\\t,\\n\\r\\(\\)\\"\'\\]\\?])/i', $link->content, $matches);
foreach ($matches[2] as $match) {
    $tb = new Trackback();
    $tb->link = clean_input_url($match);
    $tb->link_id = $link->id;
    $tb->author = $link->author;
    if (!$tb->read()) {
        $tmp = new Link();
        if (!$tmp->get($match, 2000, false)) {
            echo "couldn't get {$match}\n";
            next;
        }
        if (!$tmp->pingback()) {
            echo "couldn't get pingback {$match}\n";
            next;
        }
        $tb->link = clean_input_url($match);
        $tb->url = clean_input_url($tmp->trackback);
        $tb->send($link);
    }
}
Ejemplo n.º 8
0
 function send($link)
 {
     if (empty($this->url)) {
         return;
     }
     $this->title = clean_input_url($link->url);
     if (preg_match('/^ping:/', $this->url)) {
         // we got a pingback adress
         require_once mnminclude . 'IXR_Library.inc.php';
         $url = preg_replace('/^ping:/', '', $this->url);
         $client = new IXR_Client($url);
         $client->timeout = 3;
         $client->useragent .= ' -- Meneame/2';
         $client->debug = false;
         if ($client->query('pingback.ping', $link->get_permalink(), $this->link)) {
             $this->status = 'ok';
             $this->store();
             syslog(LOG_NOTICE, "Meneame, pingback sent: {$this->link}, {$this->url}");
             return true;
         } else {
             // Be quiet for pingbacks
             $this->status = 'error';
             $this->title = $client->getErrorMessage();
             $this->store();
             syslog(LOG_NOTICE, "Meneame, out pingback error: {$url} " . $link->get_permalink() . ': ' . $client->getErrorCode() . ' ' . $client->getErrorMessage());
             return false;
         }
     }
     // Send standard old trackback
     $title = urlencode($link->title);
     // Convert everything to HTML and the strip all html tags.
     $excerpt = urlencode(strip_tags(text_to_html($link->content)));
     $blog_name = urlencode(get_server_name());
     $tb_url = $this->url;
     $url = urlencode($link->get_permalink());
     $query_string = "charset=UTF-8&title={$title}&url={$url}&blog_name={$blog_name}&excerpt={$excerpt}";
     $trackback_url = parse_url($this->url);
     $http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?' . $trackback_url['query'] : '') . " HTTP/1.0\r\n";
     $http_request .= 'Host: ' . $trackback_url['host'] . "\r\n";
     $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' . "\r\n";
     $http_request .= 'Content-Length: ' . strlen($query_string) . "\r\n";
     $http_request .= "User-Agent: MNM (http://meneame.net) ";
     $http_request .= "\r\n\r\n";
     $http_request .= $query_string;
     if ('' == $trackback_url['port']) {
         $trackback_url['port'] = 80;
     }
     $fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 5);
     if ($fs && ($res = @fputs($fs, $http_request))) {
         /*********** DEBUG **********
                 $debug_file = '/tmp/trackback.log';
                 $fp = fopen($debug_file, 'a');
                 fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n");
                 while(!@feof($fs)) {
                         fwrite($fp, @fgets($fs, 4096));
                 }
                 fwrite($fp, "\n\n");
                 fclose($fp);
         		/*********** DEBUG ************/
         @fclose($fs);
         $this->status = 'ok';
         $this->store();
         syslog(LOG_NOTICE, "Meneame, trackback sent: {$this->link}, {$this->url}");
         return true;
     }
     $this->status = 'error';
     $this->store();
     return false;
 }
Ejemplo n.º 9
0
function do_submit3() {
	global $db, $current_user;

	$linkres=new Link;

	$linkres->id=$link_id = intval($_POST['id']);

	if(!check_link_key() || !$linkres->read()) die;

	// Check it is not in the queue already
	if ($linkres->duplicates($linkres->url)) {
		// Write headers, they were not printed yet
		do_header(_("enviar noticia"), "post");
		echo '<div id="singlewrap">' . "\n";
		report_dupe($linkres->url);
		return;
	}

	// Check this one was not already queued
	if($linkres->votes == 0 && $linkres->status != 'queued') {
		$db->transaction();
		$linkres->status='queued';
		$linkres->sent_date = $linkres->date=time();
		$linkres->get_uri();
		$linkres->store();
		$linkres->insert_vote($current_user->user_karma);
		$db->commit();

		// Add the new link log/event
		require_once(mnminclude.'log.php');
		log_conditional_insert('link_new', $linkres->id, $linkres->author);

		$db->query("delete from links where link_author = $linkres->author and link_date > date_sub(now(), interval 30 minute) and link_status='discard' and link_votes=0");
		if(!empty($_POST['trackback'])) {
			$trackres = new Trackback;
			$trackres->url=clean_input_url($_POST['trackback']);
			$trackres->link_id=$linkres->id;
			$trackres->link=$linkres->url;
			$trackres->author=$linkres->author;
			$trackres->status = 'pendent';
			$trackres->store();
		}
		fork("backend/send_pingbacks.php?id=$linkres->id");
	}

	header('Location: '. $linkres->get_permalink());
	die;
	
}
Ejemplo n.º 10
0
function search_parse_query()
{
    global $db;
    // Check what should be searched
    switch ($_REQUEST['w']) {
        case 'posts':
        case 'comments':
        case 'links':
            break;
        default:
            $_REQUEST['w'] = 'links';
    }
    $_REQUEST['words'] = $_REQUEST['q'] = trim(substr(strip_tags(stripslashes($_REQUEST['q'])), 0, 500));
    if (!empty($_REQUEST['p'])) {
        $_REQUEST['p'] = clean_input_url($_REQUEST['p']);
    } elseif (preg_match('/^ *(\\w+): *(.*)/', $_REQUEST['q'], $matches)) {
        $_REQUEST['words'] = $matches[2];
        switch ($matches[1]) {
            case 'http':
            case 'https':
                $_REQUEST['words'] = $_REQUEST['q'];
                $_REQUEST['o'] = 'date';
                $_REQUEST['p'] = 'url';
                break;
            case 'date':
                $_REQUEST['o'] = 'date';
                break;
            case 'url':
                $_REQUEST['p'] = 'url';
                break;
            case 'title':
                $_REQUEST['p'] = 'title';
                break;
            case 'tag':
            case 'tags':
                $_REQUEST['p'] = 'tags';
                break;
        }
    }
    // Check filters and clean
    if (isset($_REQUEST['h'])) {
        $_REQUEST['h'] = intval($_REQUEST['h']);
    }
    if (isset($_REQUEST['p']) && !preg_match('/^(url|tags|title|site|url_db)$/', $_REQUEST['p'])) {
        unset($_REQUEST['p']);
    }
    if (isset($_REQUEST['o']) && !preg_match('/^(date|relevance|pure)$/', $_REQUEST['o'])) {
        unset($_REQUEST['o']);
    }
}
Ejemplo n.º 11
0
function search_parse_query()
{
    global $db;
    // Check what should be searched
    switch ($_REQUEST['w']) {
        case 'posts':
        case 'comments':
        case 'links':
            break;
        default:
            $_REQUEST['w'] = 'links';
    }
    $_REQUEST['words'] = $_REQUEST['q'] = trim(substr(strip_tags(stripslashes($_REQUEST['q'])), 0, 250));
    if (!empty($_REQUEST['p'])) {
        $_REQUEST['p'] = clean_input_url($_REQUEST['p']);
    } elseif (preg_match('/^ *(\\w+): *(.*)/', $_REQUEST['q'], $matches)) {
        $_REQUEST['words'] = $matches[2];
        switch ($matches[1]) {
            case 'http':
            case 'https':
                $_REQUEST['words'] = $_REQUEST['q'];
                $_REQUEST['o'] = 'date';
                $_REQUEST['p'] = 'url_db';
                break;
            case 'date':
                $_REQUEST['o'] = 'date';
                break;
            case 'url':
                $_REQUEST['p'] = 'url';
                break;
            case 'title':
                $_REQUEST['p'] = 'title';
                break;
            case 'tag':
            case 'tags':
                $_REQUEST['p'] = 'tags';
                break;
        }
    }
    // Check filters and clean
    if (isset($_REQUEST['h'])) {
        $_REQUEST['h'] = intval($_REQUEST['h']);
    }
    if (isset($_REQUEST['p']) && !preg_match('/^(url|tags|title|site|url_db)$/', $_REQUEST['p'])) {
        unset($_REQUEST['p']);
    }
    if (isset($_REQUEST['o']) && !preg_match('/^(date|relevance)$/', $_REQUEST['o'])) {
        unset($_REQUEST['o']);
    }
    if ($_REQUEST['w'] == 'links' && isset($_REQUEST['s'])) {
        // Retrieve available status values
        $row = $db->get_row("SHOW COLUMNS FROM links like 'link_status'");
        preg_match_all("/'(.*?)'/", $row->Type, $matches);
        $i = array_search($_REQUEST['s'], $matches[1]);
        if ($i !== false) {
            $_REQUEST['s_id'] = $i + 1;
        } else {
            unset($_REQUEST['s']);
        }
    }
}
Ejemplo n.º 12
0
 function enqueue()
 {
     global $db, $globals, $current_user;
     // Check this one was not already queued
     if ($this->votes == 0 && $this->author == $current_user->user_id && $this->status != 'queued') {
         $this->status = 'queued';
         $this->sent_date = $this->date = time();
         $this->get_uri();
         $db->transaction();
         if (!$this->store()) {
             $db->rollback();
             return false;
         }
         $this->insert_vote($current_user->user_karma);
         // Add the new link log/event
         Log::conditional_insert('link_new', $this->id, $this->author);
         $db->query("delete from links where link_author = {$this->author} and link_date > date_sub(now(), interval 30 minute) and link_status='discard' and link_votes=0");
         if (!empty($_POST['trackback'])) {
             $trackres = new Trackback();
             $trackres->url = clean_input_url($_POST['trackback']);
             $trackres->link_id = $this->id;
             $trackres->link = $this->url;
             $trackres->author = $this->author;
             $trackres->status = 'pendent';
             $trackres->store();
         }
         $db->commit();
         fork("backend/send_pingbacks.php?id={$this->id}");
     }
 }
Ejemplo n.º 13
0
function do_submit1()
{
    global $db, $dblang, $current_user, $globals, $errors;
    $url = clean_input_url(urldecode($_POST['url']));
    $url = preg_replace('/#[^\\/]*$/', '', $url);
    // Remove the "#", people just abuse
    $url = preg_replace('/^http:\\/\\/http:\\/\\//', 'http://', $url);
    // Some users forget to delete the foo http://
    if (!preg_match('/^\\w{3,6}:\\/\\//', $url)) {
        // http:// forgotten, add it
        $url = 'http://' . $url;
    }
    $new_user = false;
    if (!check_link_key()) {
        add_submit_error(_('clave incorrecta'));
        return false;
    }
    if ($globals['min_karma_for_links'] > 0 && $current_user->user_karma < $globals['min_karma_for_links']) {
        add_submit_error(_('no tienes el mínimo de karma para enviar una nueva historia'));
        return false;
    }
    // Don't allow to send a link by a clone
    $hours = intval($globals['user_links_clon_interval']);
    $clones = $current_user->get_clones($hours + 1);
    if ($hours > 0 && $clones) {
        $l = implode(',', $clones);
        $c = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval {$hours} hour) and link_author in ({$l})");
        if ($c > 0) {
            add_submit_error(_('ya se envió con otro usuario «clon» en las últimas horas') . ", " . _('disculpa las molestias'));
            syslog(LOG_NOTICE, "Meneame, clon submit ({$current_user->user_login}): " . $_REQUEST['url']);
            return false;
        }
    }
    // Check the number of links sent by a user
    $queued_24_hours = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval 24 hour) and link_author={$current_user->user_id}");
    if ($globals['limit_user_24_hours'] && $queued_24_hours > $globals['limit_user_24_hours']) {
        add_submit_error(_('debes esperar, tienes demasiados envíos en cola de las últimas 24 horas') . " ({$queued_24_hours}), " . _('disculpa las molestias'));
        syslog(LOG_NOTICE, "Meneame, too many queued in 24 hours ({$current_user->user_login}): " . $_REQUEST['url']);
        return false;
    }
    // check the URL is OK and that it resolves
    $url_components = @parse_url($url);
    if (!$url_components || !$url_components['host'] || gethostbyname($url_components['host']) == $url_components['host']) {
        add_submit_error(_('URL o nombre de servidor erróneo'), _('el nombre del servidor es incorrecto o éste tiene problemas para resolver el nombre'));
        syslog(LOG_NOTICE, "Meneame, hostname error ({$current_user->user_login}): {$url}");
        return false;
    }
    $enqueued_last_minutes = (int) $db->get_var("select count(*) from links where link_status='queued' and link_date > date_sub(now(), interval 3 minute)");
    if ($current_user->user_karma > $globals['limit_3_minutes_karma']) {
        $enqueued_limit = $globals['limit_3_minutes'] * 1.5;
    } else {
        $enqueued_limit = $globals['limit_3_minutes'];
    }
    if ($enqueued_last_minutes > $enqueued_limit) {
        //echo '<p class="error"><strong>'._('exceso de envíos').':</strong></p>';
        //echo '<p>'._('se han enviado demasiadas historias en los últimos 3 minutos'). " ($enqueued_last_minutes > $enqueued_limit), "._('disculpa las molestias'). ' </p>';
        //echo '</div>'. "\n";
        add_submit_error(_('exceso de envíos'), _('se han enviado demasiadas historias en los últimos 3 minutos') . " ({$enqueued_last_minutes} > {$enqueued_limit}), " . _('disculpa las molestias'));
        syslog(LOG_NOTICE, "Meneame, too many queued ({$current_user->user_login}): " . $_REQUEST['url']);
        return false;
    }
    // Check the user does not have too many drafts
    $minutes = intval($globals['draft_time'] / 60) + 10;
    $drafts = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id}  and link_date > date_sub(now(), interval {$minutes} minute) and link_status='discard' and link_votes = 0");
    if ($drafts > $globals['draft_limit']) {
        add_submit_error(_('demasiados borradores'), _('has hecho demasiados intentos, debes esperar o continuar con ellos desde la') . ' <a href="shakeit.php?meta=_discarded">' . _('cola de descartadas') . '</a></p>');
        syslog(LOG_NOTICE, "Meneame, too many drafts ({$current_user->user_login}): " . $_REQUEST['url']);
        return false;
    }
    // Delete dangling drafts
    if ($drafts > 0) {
        $db->query("delete from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 30 minute) and link_date < date_sub(now(), interval 10 minute) and link_status='discard' and link_votes = 0");
    }
    // Check for banned IPs
    if (($ban = check_ban($globals['user_ip'], 'ip', true)) || ($ban = check_ban_proxy())) {
        if ($ban['expire'] > 0) {
            $expires = _('caduca') . ': ' . get_date_time($ban['expire']);
        } else {
            $expires = '';
        }
        add_submit_error(_('dirección IP no permitida para enviar'), $expires);
        syslog(LOG_NOTICE, "Meneame, banned IP " . $globals['user_ip'] . " ({$current_user->user_login}): {$url}");
        return false;
    }
    // Number of links sent by the user
    $total_sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id}") - $drafts;
    if ($total_sents > 0) {
        $sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)") - $drafts;
    } else {
        $new_user = true;
        $sents = 0;
    }
    $register_date = $current_user->Date();
    if ($globals['now'] - $register_date < $globals['new_user_time']) {
        $new_user = true;
    }
    // check that a new user also votes, not only sends links
    // it requires $globals['min_user_votes'] votes
    if ($new_user && $globals['min_user_votes'] > 0 && $current_user->user_karma < $globals['new_user_karma']) {
        $user_votes_total = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_user_id={$current_user->user_id}");
        $user_votes = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_date > date_sub(now(), interval 72 hour) and vote_user_id={$current_user->user_id}");
        $user_links = 1 + $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 24 hour) and link_status != 'discard'");
        $total_links = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 24 hour) and link_status = 'queued'");
        if ($sents == 0) {
            // If is a new user, requires more votes, to avoid spam
            $min_votes = $globals['min_user_votes'];
        } else {
            $min_votes = min(4, intval($total_links / 20)) * $user_links;
        }
        if (!$current_user->admin && $user_votes < $min_votes) {
            $needed = $min_votes - $user_votes;
            if ($new_user) {
                add_submit_error(_('¿es la primera vez que envías una historia?'), _('necesitas como mínimo') . " {$needed} " . _('votos'));
            } else {
                add_submit_error(_('no tienes el mínimo de votos necesarios para enviar una nueva historia'), _('necesitas votar como mínimo a') . " {$needed} " . _('envíos'));
            }
            add_submit_error(_('no votes de forma apresurada, penaliza el karma'), '<a href="' . $globals['base_url'] . 'shakeit.php" target="_blank">' . _('haz clic aquí para ir a votar') . '</a>');
            return false;
        }
    }
    // avoid spams, an extra security check
    // it counts the numbers of links in the last hours
    if ($new_user) {
        $user_links_limit = $globals['new_user_links_limit'];
        $user_links_interval = intval($globals['new_user_links_interval'] / 3600);
    } else {
        $user_links_limit = $globals['user_links_limit'];
        $user_links_interval = intval($globals['user_links_interval'] / 3600);
    }
    $same_user = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author={$current_user->user_id}") - $drafts;
    $same_ip = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_ip = '" . $globals['user_ip'] . "'") - $drafts;
    if ($same_user > $user_links_limit || $same_ip > $user_links_limit) {
        add_submit_error(_('debes esperar, ya se enviaron varias con el mismo usuario o dirección IP'));
        return false;
    }
    // avoid users sending continuous "rubbish" or "propaganda", specially new users
    // it takes in account the number of positive votes in the last six hours
    if ($same_user > 1 && $current_user->user_karma < $globals['karma_propaganda']) {
        $positives_received = $db->get_var("select sum(link_votes) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}");
        $negatives_received = $db->get_var("select sum(link_negatives) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}");
        if ($negatives_received > 10 && $negatives_received > $positives_received * 1.5) {
            add_submit_error(_('debes esperar, has tenido demasiados votos negativos en tus últimos envíos'));
            return false;
        }
    }
    $link = new Link();
    $link->url = $url;
    $link->is_new = true;
    // Disable several options in the editing form
    $edit = false;
    if (report_duplicated($url)) {
        return true;
    }
    // Don't output error messages
    if (!$link->check_url($url, true, true) || !$link->get($url)) {
        $e = _('URL erróneo o no permitido') . ': ';
        if ($link->ban && $link->ban['match']) {
            $e .= $link->ban['match'];
        } else {
            $e .= $link->url;
        }
        add_submit_error($e, _('Razón') . ': ' . $link->ban['comment']);
        if ($link->ban['expire'] > 0) {
            add_submit_error($e, _('caduca') . ': ' . get_date_time($link->ban['expire']));
        }
        return false;
    }
    // If the URL has changed, check again is not dupe
    if ($link->url != $url && report_duplicated($link->url)) {
        return;
    }
    $link->randkey = intval($_POST['randkey']);
    if (!$link->valid) {
        //echo '<p class="error"><strong>'._('error leyendo el url').':</strong> '.htmlspecialchars($url).'</p>';
        $e = _('error leyendo el url') . ': ' . htmlspecialchars($url);
        // Dont allow new users with low karma to post wrong URLs
        if ($current_user->user_karma < 8 && $current_user->user_level == 'normal') {
            add_submit_error($e, _('URL inválido, incompleto o no permitido. Está fuera de línea, o tiene mecanismos antibots.'));
            return false;
        }
        add_submit_error($e, _('no es válido, está fuera de línea, o tiene mecanismos antibots. <strong>Continúa</strong>, pero asegúrate que sea correcto'));
    }
    $link->status = 'discard';
    $link->author = $current_user->user_id;
    if (!$link->pingback()) {
        $link->trackback();
    }
    $link->trackback = htmlspecialchars($link->trackback);
    $link->create_blog_entry();
    $blog = new Blog();
    $blog->id = $link->blog;
    $blog->read();
    $blog_url_components = @parse_url($blog->url);
    $blog_url = $blog_url_components['host'] . $blog_url_components['path'];
    // Now we check again against the blog table
    // it's done because there could be banned blogs like http://lacotelera.com/something
    if ($ban = check_ban($blog->url, 'hostname', false, true)) {
        $e = _('URL inválido') . ': ' . htmlspecialchars($url);
        add_submit_error($e, _('el sitio') . ' ' . $ban['match'] . ' ' . _('está deshabilitado') . ' (' . $ban['comment'] . ')');
        if ($ban['expire'] > 0) {
            add_submit_error($e, _('caduca') . ': ' . get_date_time($ban['expire']));
        }
        syslog(LOG_NOTICE, "Meneame, banned site ({$current_user->user_login}): {$blog->url} <- " . $_REQUEST['url']);
        return false;
    }
    // check for users spamming several sites and networks
    // it does not allow a low "entropy"
    if ($sents > 30) {
        $ratio = (double) $db->get_var("select count(distinct link_blog)/count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)");
        $threshold = 1 / log($sents, 2);
        if ($ratio < $threshold) {
            if ($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog = {$blog->id}") > 2) {
                syslog(LOG_NOTICE, "Meneame, forbidden due to low entropy: {$ratio} <  {$threshold}  ({$current_user->user_login}): {$link->url}");
                add_submit_error(_('ya has enviado demasiados enlaces a los mismos sitios'), _('varía las fuentes, podría ser considerado spam'));
                return false;
            }
        }
    }
    // Check the user does not send too many images or vídeos
    // they think this is a fotolog
    if ($sents > 5 && ($link->content_type == 'image' || $link->content_type == 'video')) {
        $image_links = intval($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60  day) and link_content_type in ('image', 'video')"));
        if ($image_links > $sents * 0.8) {
            syslog(LOG_NOTICE, "Meneame, forbidden due to too many images or video sent by user ({$current_user->user_login}): {$link->url}");
            add_submit_error(_('ya has enviado demasiadas imágenes o vídeos'));
            return false;
        }
    }
    // Avoid users sending too many links to the same site in last hours
    $hours = 24;
    $same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$hours} hour) and link_author={$current_user->user_id} and link_blog={$link->blog} and link_votes > 0");
    if ($same_blog >= $globals['limit_same_site_24_hours']) {
        syslog(LOG_NOTICE, "Meneame, forbidden due to too many links to the same site in last {$hours} hours ({$current_user->user_login}): {$link->url}");
        add_submit_error(_('demasiados enlaces al mismo sitio en las últimas horas'));
        return false;
    }
    // avoid auto-promotion (autobombo)
    $minutes = 30;
    $same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$minutes} minute) and link_author={$current_user->user_id} and link_blog={$link->blog} and link_votes > 0");
    if ($same_blog > 0 && $current_user->user_karma < 12) {
        syslog(LOG_NOTICE, "Meneame, forbidden due to short period between links to same site ({$current_user->user_login}): {$link->url}");
        add_submit_error(_('ya has enviado un enlace al mismo sitio hace poco tiempo'), _('debes esperar') . " {$minutes} " . _('minutos entre cada envío al mismo sitio.') . ', ' . '<a href="' . $globals['base_url'] . 'faq-' . $dblang . '.php">' . _('lee el FAQ') . '</a>');
        return false;
    }
    // Avoid spam (autobombo), count links in last two months
    $same_blog = $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog={$link->blog}");
    $check_history = $sents > 3 && $same_blog > 0 && ($ratio = $same_blog / $sents) > 0.5;
    if ($check_history) {
        $e = _('has enviado demasiados enlaces a') . " {$blog->url}";
        if ($sents > 5 && $ratio > 0.75) {
            add_submit_error($e, _('has superado los límites de envíos de este sitio'));
            // don't allow to continue
            syslog(LOG_NOTICE, "Meneame, warn, high ratio, process interrumped ({$current_user->user_login}): {$link->url}");
            return false;
        } else {
            add_submit_error($e, _('continúa, pero ten en cuenta podría recibir votos negativos') . ', ' . '<a href="' . $globals['base_url'] . $globals['legal'] . '">' . _('condiciones de uso') . '</a>');
            syslog(LOG_NOTICE, "Meneame, warn, high ratio, continue ({$current_user->user_login}): {$link->url}");
        }
    }
    $links_12hs = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour)");
    // check there is no an "overflow" from the same site
    $site_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_blog={$link->blog} and link_status in ('queued')"));
    if ($site_links > 10 && $site_links > $links_12hs * 0.05) {
        // Only 5% from the same site
        syslog(LOG_NOTICE, "Meneame, forbidden due to overflow to the same site ({$current_user->user_login}): {$link->url}");
        add_submit_error(_('ya se han enviado demasiadas artículos del mismo sitio, espera unos minutos por favor'), _('total en 12 horas') . ": {$site_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.05));
        return false;
    }
    // check there is no an "overflow" of images
    if ($link->content_type == 'image' || $link->content_type == 'video') {
        $image_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_content_type in ('image', 'video')"));
        if ($image_links > 5 && $image_links > $links_12hs * 0.15) {
            // Only 15% images and videos
            syslog(LOG_NOTICE, "Meneame, forbidden due to overflow images ({$current_user->user_login}): {$link->url}");
            add_submit_error(_('ya se han enviado demasiadas imágenes o vídeos, espera unos minutos por favor'), _('total en 12 horas') . ": {$image_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.05));
            return false;
        }
    }
    if ($ban = check_ban($link->url, 'punished_hostname', false, true)) {
        add_submit_error(_('Aviso') . ' ' . $ban['match'] . ': <em>' . $ban['comment'] . '</em>', _('mejor enviar el enlace a la fuente original, si no, será penalizado'));
    }
    // Now stores new draft
    $link->sent_date = $link->date = time();
    $link->key = $_POST['key'];
    $link->randkey = $_POST['randkey'];
    $link->store();
    $link->url_title = mb_substr($link->url_title, 0, 200);
    if (mb_strlen($link->url_description) > 40) {
        $link->content = $link->url_description;
    }
    $link->chars_left = 550 - mb_strlen(html_entity_decode($link->content, ENT_COMPAT, 'UTF-8'), 'UTF-8');
    Haanga::Load('link/submit1.html', compact('link', 'errors'));
    return true;
}
Ejemplo n.º 14
0
function do_submit3()
{
    global $db, $current_user;
    $linkres = new Link();
    $linkres->id = $link_id = intval($_POST['id']);
    if (!check_link_key() || !$linkres->read()) {
        die;
    }
    // Check it is not in the queue already
    if ($linkres->votes == 0 && $linkres->status != 'queued') {
        $linkres->status = 'queued';
        $linkres->sent_date = $linkres->date = time();
        $linkres->get_uri();
        $linkres->store();
        $linkres->insert_vote($current_user->user_id, $current_user->user_karma);
        // Add the new link log/event
        require_once mnminclude . 'log.php';
        log_conditional_insert('link_new', $linkres->id, $linkres->author);
        $db->query("delete from links where link_author = {$linkres->author} and link_date > date_sub(now(), interval 30 minute) and link_status='discard' and link_votes=0");
        if (!empty($_POST['trackback'])) {
            require_once mnminclude . 'trackback.php';
            $trackres = new Trackback();
            $trackres->url = clean_input_url($_POST['trackback']);
            $trackres->link_id = $linkres->id;
            $trackres->link = $linkres->url;
            //$trackres->title=$linkres->title;
            $trackres->author = $linkres->author;
            //$trackres->content=$linkres->content;
            $res = $trackres->send($linkres);
        }
        fork("backend/send_pingbacks.php?id={$linkres->id}");
    }
    header('Location: ' . $linkres->get_permalink());
    die;
}
Ejemplo n.º 15
0
function save_profile()
{
    global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max;
    $errors = 0;
    // benjami: control added (2005-12-22)
    $new_pass = false;
    $messages = array();
    $form_hash = md5($site_key . $user->id . $current_user->user_id);
    if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) {
        $old_user_login = $user->username;
        $old_user_id = $user->id;
        $user->disable(true);
        Log::insert('user_delete', $old_user_id, $old_user_id);
        syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} ");
        $current_user->Logout(get_user_uri($user->username));
        die;
    }
    if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
        return;
    }
    if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
        array_push($messages, _('Falta la clave de control'));
        $errors++;
    }
    if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
        $newname = trim($_POST['username']);
        if (strlen($newname) < 3) {
            array_push($messages, _('nombre demasiado corto'));
            $errors++;
        }
        if (!check_username($newname)) {
            array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos'));
            $errors++;
        } elseif (user_exists($newname, $user->id)) {
            array_push($messages, _('el usuario ya existe'));
            $errors++;
        } else {
            $user->username = $newname;
        }
    }
    if (!empty($_POST['bio']) || $user->bio) {
        $bio = clean_text($_POST['bio'], 0, false, $bio_max);
        if ($bio != $user->bio) {
            $user->bio = $bio;
        }
    }
    if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
        array_push($messages, _('el correo electrónico no es correcto'));
        $errors++;
    } elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
        array_push($messages, _('ya existe otro usuario con esa dirección de correo'));
        $errors++;
    } else {
        $user->email = trim($_POST['email']);
    }
    $user->url = htmlspecialchars(clean_input_url($_POST['url']));
    // Check IM address
    if (!empty($_POST['public_info'])) {
        $_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
        $public = $db->escape($_POST['public_info']);
        $im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'"));
        if ($im_count > 0) {
            array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'));
            $_POST['public_info'] = '';
            $errors++;
        }
    }
    $user->phone = $_POST['phone'];
    $user->public_info = htmlspecialchars(clean_input_url($_POST['public_info']));
    // End check IM address
    if ($user->id == $current_user->user_id) {
        // Check phone number
        if (!empty($_POST['phone'])) {
            if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) {
                array_push($messages, _('número telefónico erróneo, no se ha grabado'));
                $_POST['phone'] = '';
                $errors++;
            } else {
                $phone = $db->escape($_POST['phone']);
                $phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'"));
                if ($phone_count > 0) {
                    array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado'));
                    $_POST['phone'] = '';
                    $errors++;
                }
            }
        }
        $user->phone = $_POST['phone'];
        // End check phone number
    }
    // Verifies adsense code
    if ($globals['external_user_ads']) {
        $_POST['adcode'] = trim($_POST['adcode']);
        $_POST['adchannel'] = trim($_POST['adchannel']);
        if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
            if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) {
                array_push($messages, _('código AdSense incorrecto, no se ha grabado'));
                $_POST['adcode'] = '';
                $errors++;
            } else {
                $adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'"));
                if ($adcode_count > 0) {
                    array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado'));
                    $_POST['adcode'] = '';
                    $errors++;
                }
            }
        }
        if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
            if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
                array_push($messages, _('canal AdSense incorrecto, no se ha grabado'));
                $_POST['adchannel'] = '';
                $errors++;
            }
        }
        $user->adcode = $_POST['adcode'];
        $user->adchannel = $_POST['adchannel'];
    }
    $user->names = clean_text($_POST['names']);
    if (!empty($_POST['password']) || !empty($_POST['password2'])) {
        if (!check_password($_POST["password"])) {
            array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números'));
            $errors = 1;
        } else {
            if (trim($_POST['password']) !== trim($_POST['password2'])) {
                array_push($messages, _('las claves no son iguales, no se ha modificado'));
                $errors = 1;
            } else {
                $new_pass = trim($_POST['password']);
                $user->pass = UserAuth::hash($new_pass);
                array_push($messages, _('La clave se ha cambiado'));
                $pass_changed = true;
            }
        }
    }
    if ($admin_mode && !empty($_POST['user_level'])) {
        $user->level = $db->escape($_POST['user_level']);
    }
    if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
        $user->karma = $_POST['karma'];
    }
    $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
    // Manage avatars upload
    if (!empty($_FILES['image']['tmp_name'])) {
        if (avatars_check_upload_size('image')) {
            $avatar_mtime = avatars_manage_upload($user->id, 'image');
            if (!$avatar_mtime) {
                array_push($messages, _('error guardando la imagen'));
                $errors = 1;
                $user->avatar = 0;
            } else {
                $user->avatar = $avatar_mtime;
            }
        } else {
            array_push($messages, _('el tamaño de la imagen excede el límite'));
            $errors = 1;
            $user->avatar = 0;
        }
    } elseif ($_POST['avatar_delete']) {
        $user->avatar = 0;
        avatars_remove($user->id);
    }
    // Reset avatar for the logged user
    if ($current_user->user_id == $user->id) {
        $current_user->user_avatar = $user->avatar;
    }
    if (!$errors) {
        if (empty($user->ip)) {
            $user->ip = $globals['user_ip'];
        }
        $user->store();
        $user->read();
        if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) {
            $current_user->Authenticate($user->username, $new_pass);
        }
        array_push($messages, _('datos actualizados'));
    }
    return $messages;
}
Ejemplo n.º 16
0
	function same_links_count($min=30) {
		global $db;
		$count = 0;
		$localdomain = preg_quote(get_server_name(), '/');
		preg_match_all('/([\(\[:\.\s]|^)(https*:\/\/[^ \t\n\r\]\(\)\&]{5,70}[^ \t\n\r\]\(\)]*[^ .\t,\n\r\(\)\"\'\]\?])/i', $this->content, $matches);
		foreach ($matches[2] as $match) {
			$link=clean_input_url($match);
			$components = parse_url($link);
			if (! preg_match("/.*$localdomain$/", $components[host])) {
				$link = "//$components[host]$components[path]";
				$link=preg_replace('/(_%)/', "\$1", $link);
				$link=$db->escape($link);
				$count = max($count, (int) $db->get_var("select count(*) from posts where post_user_id = $this->author and post_date > date_sub(now(), interval $min minute) and post_content like '%$link%'"));
			}
		}
		return $count;
    }
Ejemplo n.º 17
0
function do_save()
{
    global $linkres, $dblang, $current_user;
    $linkres->read_content_type_buttons($_POST['type']);
    $linkres->category = intval($_POST['category']);
    if (!empty($_POST['url']) && ($current_user->user_level == 'admin' || $current_user->user_level == 'god')) {
        $linkres->url = clean_input_url($_POST['url']);
    }
    $linkres->title = clean_text($_POST['title'], 40);
    $linkres->content = clean_text($_POST['bodytext']);
    $linkres->tags = tags_normalize_string($_POST['tags']);
    // change the status
    if (($current_user->user_level == 'god' || $linkres->status != 'published') && ($_POST['status'] == 'queued' || $_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
        if (!$linkres->is_discarded() && ($_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
            // Insert a log entry if the link has been manually discarded
            $insert_discard_log = true;
        }
        $linkres->status = $_POST['status'];
    }
    if (!link_edit_errors($linkres)) {
        if (empty($linkres->uri)) {
            $linkres->get_uri();
        }
        $linkres->store();
        tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
        // Insert edit log/event
        require_once mnminclude . 'log.php';
        if ($insert_discard_log) {
            // Insert always a link and discard event if the status has been changed to discard
            log_insert('link_discard', $linkres->id, $current_user->user_id);
            log_insert('link_edit', $linkres->id, $current_user->user_id);
        } else {
            log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
        }
        echo '<div class="form-error-submit">&nbsp;&nbsp;' . _("noticia actualizada") . '</div>' . "\n";
    }
    $linkres->read();
    echo '<div class="formnotice">' . "\n";
    $linkres->print_summary('preview');
    echo '</div>' . "\n";
    echo '<form id="genericform" method="GET" action="story.php" >';
    echo '<input type="hidden" name="id" value="' . $linkres->id . '" />' . "\n";
    echo '<input class="genericsubmit" type="button" onclick="window.history.go(-1)" value="' . _('&#171; modificar') . '">&nbsp;&nbsp;' . "\n";
    echo '<input class="genericsubmit" type="submit" value="' . _('ir a la noticia') . '" />' . "\n";
    echo '</form>' . "\n";
}
Ejemplo n.º 18
0
function do_save($link)
{
    global $dblang, $globals, $current_user, $db;
    $link->status = $link->sub_status;
    $site_properties = SitesMgr::get_extended_properties();
    // Store previous value for the log
    $link_old = new stdClass();
    $link_old->url = $link->url;
    $link_old->title = $link->title;
    $link_old->content = $link->content;
    $link_old->tags = $link->tags;
    $link_old->status = $link->status;
    $link_old->sub_id = $link->sub_id;
    $link->read_content_type_buttons($_POST['type']);
    $link->sub_id = intval($_POST['sub_id']);
    if ($link->sub_id != $link_old->sub_id) {
        $link->sub_changed = true;
        // To force to delete old statuses with another origin
    }
    if ($current_user->admin || $current_user->user_level == 'blogger' || SitesMgr::is_owner()) {
        if (!empty($_POST['url'])) {
            $link->url = clean_input_url($_POST['url']);
        }
        if ($_POST['thumb_delete']) {
            $link->delete_thumb();
        }
        if ($_POST['uri_update']) {
            $link->get_uri();
        }
        if ($_POST['thumb_get']) {
            $link->get_thumb();
        } elseif (!empty($_POST['thumb_url'])) {
            $url = clean_input_url($_POST['thumb_url']);
            $link->get_thumb(false, $url);
        }
    }
    $link->title = $_POST['title'];
    $link->content = $_POST['bodytext'];
    $link->tags = tags_normalize_string($_POST['tags']);
    $errors = link_edit_errors($link);
    // change the status
    if ($_POST['status'] != $link->status && ($_POST['status'] == 'autodiscard' || $current_user->admin || SitesMgr::is_owner()) && preg_match('/^[a-z]{4,}$/', $_POST['status']) && (!$link->is_discarded() || $current_user->admin || SitesMgr::is_owner())) {
        if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
            // Insert a log entry if the link has been manually discarded
            $insert_discard_log = true;
        }
        $link->status = $_POST['status'];
    }
    if (!$errors) {
        if (empty($link->uri)) {
            $link->get_uri();
        }
        // Check the blog_id
        $blog_id = Blog::find_blog($link->url, $link->id);
        if ($blog_id > 0 && $blog_id != $link->blog) {
            $link->blog = $blog_id;
        }
        $db->transaction();
        $link->store();
        // Disabled table tags
        // tags_insert_string($link->id, $dblang, $link->tags, $link->date);
        // Insert edit log/event if the link it's newer than 15 days
        if ($globals['now'] - $link->date < 86400 * 15) {
            if ($insert_discard_log) {
                // Insert always a link and discard event if the status has been changed to discard
                Log::insert('link_discard', $link->id, $current_user->user_id);
                if ($link->author == $current_user->user_id) {
                    // Don't save edit log if it's discarded by an admin
                    Log::insert('link_edit', $link->id, $current_user->user_id);
                }
            } elseif ($link->votes > 0) {
                Log::conditional_insert('link_edit', $link->id, $current_user->user_id, 60, serialize($link_old));
            }
        }
        // Check this one is a draft, allows the user to save and send it to the queue
        if ($link->votes == 0 && $link->status != 'queued' && $link->author == $current_user->user_id) {
            $link->enqueue();
        }
        $db->commit();
    }
    $link->read();
    $link->permalink = $link->get_permalink();
    Haanga::Load('link/edit_result.html', compact('link', 'errors'));
}
Ejemplo n.º 19
0
	function get_links() {
		global $current_user;

		$this->links = array();
		$this->banned = false;

		$localdomain = preg_quote(get_server_name(), '/');
		preg_match_all('/([\(\[:\.\s]|^)(https*:\/\/[^ \t\n\r\]\(\)\&]{5,70}[^ \t\n\r\]\(\)]*[^ .\t,\n\r\(\)\"\'\]\?])/i', $this->content, $matches);
		foreach ($matches[2] as $match) {
			require_once(mnminclude.'ban.php');
			$link=clean_input_url($match);
			$components = parse_url($link);
			if ($components && ! preg_match("/.*$localdomain$/", $components['host'])) {
				$link_ban = check_ban($link, 'hostname', false, true); // Mark this comment as containing a banned link
				$this->banned |= $link_ban;
				if ($link_ban) { 	
					syslog(LOG_NOTICE, "Meneame: banned link in comment: $match ($current_user->user_login)");
				}
				if (array_search($components['host'], $this->links) === false)
					array_push($this->links, $components['host']);
			}
		}
	}
Ejemplo n.º 20
0
function do_save() {
	global $linkres, $dblang, $current_user;

	$linkres->read_content_type_buttons($_POST['type']);

	$linkres->category=intval($_POST['category']);
	if ($current_user->admin) {
		if (!empty($_POST['url'])) {
			$linkres->url = clean_input_url($_POST['url']);
		}
		if ($_POST['thumb_delete']) {
			$linkres->delete_thumb();
		}
		if ($_POST['thumb_get']) {
			$linkres->get_thumb();
		}
	}
	$linkres->title = clean_text($_POST['title'], 40);
	$linkres->content = clean_text_with_tags($_POST['bodytext']);
	$linkres->tags = tags_normalize_string($_POST['tags']);
	// change the status
	if ($_POST['status'] != $linkres->status
		&& ($_POST['status'] == 'autodiscard' || $current_user->admin)
		&& preg_match('/^[a-z]{4,}$/', $_POST['status'])
		&& ( ! $linkres->is_discarded() || $current_user->admin)) {
		if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
			// Insert a log entry if the link has been manually discarded
			$insert_discard_log = true;
		}
		$linkres->status = $_POST['status'];
	}

  // EVENTS
  $d = $_POST["datepicker1"];
  $linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);

  $d = $_POST["datepicker2"];
  $linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);


	if (!link_edit_errors($linkres)) {
		if (empty($linkres->uri)) $linkres->get_uri();
		$linkres->store();
		tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);

		// Insert edit log/event if the link it's newer than 15 days
		if ($globals['now'] - $linkres->date < 86400*15) {
			require_once(mnminclude.'log.php');
			if ($insert_discard_log) {
				// Insert always a link and discard event if the status has been changed to discard
				log_insert('link_discard', $linkres->id, $current_user->user_id);
				if ($linkres->author == $current_user->user_id) { // Don't save edit log if it's discarded by an admin
					log_insert('link_edit', $linkres->id, $current_user->user_id);
				}
			} elseif ($linkres->votes > 0) {
				log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
			}
		}

		echo '<div class="form-error-submit">&nbsp;&nbsp;'._("noticia actualizada").'</div>'."\n";
	}

	$linkres->read();

	echo '<div class="formnotice">'."\n";
	$linkres->print_summary('preview');
	echo '</div>'."\n";

	echo '<form class="note" method="GET" action="story.php" >';
	echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
	echo '<input class="button" type="button" onclick="window.history.go(-1)" value="&#171; '._('modificar').'">&nbsp;&nbsp;'."\n";;
	echo '<input class="button" type="submit" value="'._('ir a la noticia').'" />'."\n";
	echo '</form>'. "\n";
}
Ejemplo n.º 21
0
 function same_links_count($min = 30)
 {
     global $db;
     $count = 0;
     $localdomain = preg_quote(get_server_name(), '/');
     preg_match_all('/([\\(\\[:\\.\\s]|^)(https*:\\/\\/[^ \\t\\n\\r\\]\\(\\)\\&]{5,70}[^ \\t\\n\\r\\]\\(\\)]*[^ .\\t,\\n\\r\\(\\)\\"\'\\]\\?])/i', $this->content, $matches);
     foreach ($matches[2] as $match) {
         $link = clean_input_url($match);
         $components = parse_url($link);
         if (!preg_match("/.*{$localdomain}\$/", $components[host])) {
             $link = "//{$components['host']}{$components['path']}";
             $link = preg_replace('/(_%)/', "\$1", $link);
             $link = $db->escape($link);
             $count = max($count, (int) $db->get_var("select count(*) from posts where post_user_id = {$this->author} and post_date > date_sub(now(), interval {$min} minute) and post_content like '%{$link}%'"));
         }
     }
     return $count;
 }
Ejemplo n.º 22
0
	function get() {

		// Check first in these server using *only* the URL
		$video_servers = array(
						// 'video.google.com' => 'check_google_video',
						'youtube.com' => 'check_youtube',
						// 'metacafe.com' => 'check_metacafe',
						// 'vimeo.com' => 'check_vimeo', 
						// 'zappinternet.com' => 'check_zapp_internet',
						// 'dailymotion.com' => 'check_daily_motion',
				);
		$base_host = preg_replace('/^www\./', '', $this->parsed_url['host']);
		if ($video_servers[$base_host]) {
			if ($this->debug) echo "<!-- Check video by URL: $video_servers[$base_host] -->\n";
			if($this->$video_servers[$base_host]()) {
				if ($this->debug) echo "<!-- Selected video by URL: $video_servers[$base_host] -->\n";
				$this->selected->video = true;
			}
			return $this->selected;
		}

		$res = get_url($this->url, $this->referer);
		if (!$res) {
			echo "<!-- Error getting " . htmlentities($this->url) . "-->\n";
			return;
		}
		if ($this->debug) echo "<!-- Got $this->url (". strlen($res['content']) .") -->\n";
		if ($res['location'] != $this->url) {
			$this->redirected = clean_input_url($res['location']);
			$this->parsed_redirected = parse_url($this->redirected);
			if ($this->debug)
				echo "<!-- Redirected to URL: $this->redirected -->\n";
		}

		if (preg_match('/^image/i', $res['content_type'])) {
			$img = new BasicThumb($this->url);
			if ($img->fromstring($res['content'])) {
				$img->type = 'local';
				$img->candidate = true;
				$this->selected = $img;
			}
		} elseif (preg_match('/text\/html/i', $res['content_type'])) {
			$this->html = $res['content'];
			$this->title = get_html_title($this->html);
			if ($this->debug) echo "<!-- HTML $this->title -->\n";

			// First check for thumbnail head metas
			if ((preg_match('/<link\s+?rel=[\'"]image_src[\'"]\s+?href=[\'"](.+?)[\'"].*?>/is', $this->html, $match) ||
				preg_match('/<meta\s+?name=[\'"]thumbnail_url[\'"]\s+?content=[\'"](.+?)[\'"].*?>/is', $this->html, $match))
				&& ! preg_match('/meneame/i', $match[1])) { // a bad thumbnail meta in aldea-irreductible
				$url = $match[1];
				if ($this->debug)
					echo "<!-- Try to select from $url -->\n";
				$img = new BasicThumb($url);
				if ($img->get()) {
					$img->type = 'local';
					$img->candidate = true;
					$this->selected = $img;
					if ($this->debug)
						echo "<!-- Selected from $img->url -->\n";
					return $this->selected;
				}
			}


			// Analyze HTML <img's
			if (preg_match('/<base *href=["\'](.+?)["\']/i', $this->html, $match)) {
				$this->base = $match[1];
			}
			$html_short = $this->shorten_html($this->html);
			//  echo "<!-- $this->html -->\n";
			$this->parse_img($html_short);

			// If there is no image or image is slow
			// Check if there are players
			if ((!$this->selected || $this->selected->surface() < 120000)
					&& $this->other_html 
					&& preg_match('/(< *(?:embed|iframe|object|param))|\.flv/i', $this->html)) {
				if ($this->debug)
					echo "<!-- Searching for video -->\n";
				if ($this->check_youtube() || 
						$this->check_google_video() ||
						$this->check_metacafe() ||
						$this->check_vimeo() ||
						$this->check_zapp_internet() ||
						$this->check_daily_motion() ||
						$this->check_elmundo_video() ) {
					$this->selected->video = true;
					return $this->selected;
				}
			}

		}
		return $this->selected;
	}