function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $childposts = null)
{
    // default function call
    $rules = qa_page_q_post_rules_base($post, $parentpost, $siblingposts, $childposts);
    $userid = qa_get_logged_in_userid();
    $level = qa_get_logged_in_level();
    // do not show answer button if spam-limit exceeded (git-suggest)
    if (!qa_limits_remaining($userid, QA_LIMIT_ANSWERS)) {
        $rules['answerbutton'] = false;
    }
    // users are never allowed to hide posts
    $rules['hideable'] = false;
    // normal users are not allowed to edit posts after x min
    $timestamp = time();
    // edit time frame: 5 min (300s) for questions/comments + 20 min (1200s) for answers
    if ($post['type'] == 'A') {
        $rules['editable'] = $rules['editbutton'] = $rules['isbyuser'] && $timestamp - $post['created'] < 1200;
    } else {
        $rules['editable'] = $rules['editbutton'] = $rules['isbyuser'] && $timestamp - $post['created'] < 300;
    }
    // questions cannot be reopened, only admin
    $rules['reopenable'] = $rules['reopenable'] && $level >= QA_USER_LEVEL_ADMIN;
    // Moderator
    if ($level == QA_USER_LEVEL_EXPERT) {
        // allowed to edit own answers and all questions
        // time frame: allow edit after 5 min and up to 7 days (604800 sec), can edit his own answer immediately
        $rules['editable'] = $rules['editbutton'] = ($rules['isbyuser'] || $post['type'] == 'Q') && !isset($post['closedbyid']) && $post['userid'] != 1;
        // never allow question-posts of admin to be edited
    } else {
        if ($level == QA_USER_LEVEL_EDITOR) {
            // can edit all posts in forum, but not admin posts
            $rules['editable'] = $rules['editbutton'] = $post['userid'] != 1;
            // can clear flags
            $rules['clearflaggable'] = $post['flagcount'] >= (@$post['userflag'] ? 2 : 1);
        }
    }
    // && ( ($timestamp - $post['created'] > 300) || $rules['isbyuser'] ) // can edit question just after 5 min OR his own answer immediately
    // && ($timestamp - $post['created'] < 604800 || $level>=QA_USER_LEVEL_EDITOR) // do not allow edit of posts older than 7 days, Redakteur can
    // admin has all rights
    if ($level >= QA_USER_LEVEL_ADMIN) {
        $rules['editable'] = $rules['editbutton'] = $rules['hideable'] = true;
    }
    // experts, moderators, admins can close questions
    $rules['closeable'] = $level >= QA_USER_LEVEL_EXPERT && !$rules['closed'];
    // && ($timestamp - $post['created'] < 1209600) ); // within 7 days
    // do not show retag button as it does the same as edit button
    $rules['retagcatbutton'] = false;
    return $rules;
}
Ejemplo n.º 2
0
    // don't allow this page to be requested directly from browser
    header('Location: ../');
    exit;
}
//	Check we're not using Q2A's single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS) {
    qa_fatal_error('User login is handled by external code');
}
if (qa_is_logged_in()) {
    qa_redirect('');
}
//	Process submitted form after checking we haven't reached rate limit
$passwordsent = qa_get('ps');
if (qa_clicked('dologin')) {
    require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
    if (qa_limits_remaining(null, QA_LIMIT_LOGINS)) {
        require_once QA_INCLUDE_DIR . 'qa-db-users.php';
        require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
        qa_limits_increment(null, QA_LIMIT_LOGINS);
        $inemailhandle = qa_post_text('emailhandle');
        $inpassword = qa_post_text('password');
        $inremember = qa_post_text('remember');
        $errors = array();
        if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
            // handles can't contain @ symbols
            $matchusers = qa_db_user_find_by_email($inemailhandle);
        } else {
            $matchusers = qa_db_user_find_by_handle($inemailhandle);
        }
        if (count($matchusers) == 1) {
            // if matches more than one (should be impossible), don't log in
Ejemplo n.º 3
0
function qa_user_permit_error($permitoption = null, $limitaction = null)
{
    if (qa_to_override(__FUNCTION__)) {
        $args = func_get_args();
        return qa_call_override(__FUNCTION__, $args);
    }
    require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
    $userid = qa_get_logged_in_userid();
    $flags = qa_get_logged_in_flags();
    $error = qa_permit_error($permitoption, $userid, qa_get_logged_in_level(), $flags);
    if (!$error && qa_is_ip_blocked()) {
        $error = 'ipblock';
    }
    if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_CONFIRM) {
        $error = 'confirm';
    }
    if (isset($limitaction) && !$error) {
        if (qa_limits_remaining(qa_get_logged_in_userid(), $limitaction) <= 0) {
            $error = 'limit';
        }
    }
    return $error;
}
    qa_redirect('');
}
if (qa_opt('suspend_register_users')) {
    $qa_content = qa_content_prepare();
    $qa_content['error'] = qa_lang_html('users/register_suspended');
    return $qa_content;
}
if (qa_user_permit_error()) {
    $qa_content = qa_content_prepare();
    $qa_content['error'] = qa_lang_html('users/no_permission');
    return $qa_content;
}
//	Process submitted form
if (qa_clicked('doregister')) {
    require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
    if (qa_limits_remaining(null, QA_LIMIT_REGISTRATIONS)) {
        require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
        $inemail = qa_post_text('email');
        $inpassword = qa_post_text('password');
        $inhandle = qa_post_text('handle');
        $errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword));
        if (qa_opt('captcha_on_register')) {
            qa_captcha_validate_post($errors);
        }
        if (empty($errors)) {
            // register and redirect
            qa_limits_increment(null, QA_LIMIT_REGISTRATIONS);
            $userid = qa_create_new_user($inemail, $inpassword, $inhandle);
            qa_set_logged_in_user($userid, $inhandle);
            $topath = qa_get('to');
            /*				
function qa_page_q_edit_a_submit($answer, $question, $answers, $commentsfollows, &$in, &$errors)
{
    $answerid = $answer['postid'];
    $prefix = 'a' . $answerid . '_';
    $in = array('dotoc' => qa_post_text($prefix . 'dotoc'), 'commenton' => qa_post_text($prefix . 'commenton'));
    if ($answer['isbyuser']) {
        $in['notify'] = qa_post_text($prefix . 'notify') ? true : false;
        $in['email'] = qa_post_text($prefix . 'email');
    }
    qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']);
    $errors = array();
    $filtermodules = qa_load_modules_with('filter', 'filter_answer');
    foreach ($filtermodules as $filtermodule) {
        $oldin = $in;
        $filtermodule->filter_answer($in, $errors, $question, $answer);
        qa_update_post_text($in, $oldin);
    }
    if (empty($errors)) {
        $userid = qa_get_logged_in_userid();
        $handle = qa_get_logged_in_handle();
        $cookieid = qa_cookie_get();
        $setnotify = $answer['isbyuser'] ? qa_combine_notify_email($answer['userid'], $in['notify'], $in['email']) : $answer['notify'];
        if ($in['dotoc'] && ($in['commenton'] == $question['postid'] && $question['commentable'] || $in['commenton'] != $answerid && @$answers[$in['commenton']]['commentable'])) {
            // convert to a comment
            if (qa_limits_remaining($userid, QA_LIMIT_COMMENTS)) {
                // already checked 'permit_post_c'
                qa_answer_to_comment($answer, $in['commenton'], $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $answers, $commentsfollows);
                return 'C';
                // to signify that redirect should be to the comment
            } else {
                $errors['content'] = qa_lang_html('question/comment_limit');
            }
            // not really best place for error, but it will do
        } else {
            qa_answer_set_content($answer, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question);
            return 'A';
        }
    }
    return null;
}
function qa_page_q_single_click_c($comment, $question, $parent, &$error)
{
    $userid = qa_get_logged_in_userid();
    $handle = qa_get_logged_in_handle();
    $cookieid = qa_cookie_get();
    $prefix = 'c' . $comment['postid'] . '_';
    if (qa_page_q_clicked($prefix . 'dohide') && $comment['hideable'] || qa_page_q_clicked($prefix . 'doreject') && $comment['moderatable']) {
        qa_comment_set_hidden($comment, true, $userid, $handle, $cookieid, $question, $parent);
        return true;
    }
    if (qa_page_q_clicked($prefix . 'doreshow') && $comment['reshowable'] || qa_page_q_clicked($prefix . 'doapprove') && $comment['moderatable']) {
        qa_comment_set_hidden($comment, false, $userid, $handle, $cookieid, $question, $parent);
        return true;
    }
    if (qa_page_q_clicked($prefix . 'dodelete') && $comment['deleteable']) {
        qa_comment_delete($comment, $question, $parent, $userid, $handle, $cookieid);
        return true;
    }
    if (qa_page_q_clicked($prefix . 'doclaim') && $comment['claimable']) {
        if (qa_limits_remaining($userid, QA_LIMIT_COMMENTS)) {
            qa_comment_set_userid($comment, $userid, $handle, $cookieid);
            return true;
        } else {
            $error = qa_lang_html('question/comment_limit');
        }
    }
    if (qa_page_q_clicked($prefix . 'doflag') && $comment['flagbutton']) {
        require_once QA_INCLUDE_DIR . 'qa-app-votes.php';
        $error = qa_flag_error_html($comment, $userid, qa_request());
        if (!$error) {
            if (qa_flag_set_tohide($comment, $userid, $handle, $cookieid, $question)) {
                qa_comment_set_hidden($comment, true, null, null, null, $question, $parent);
            }
            // hiding not really by this user so pass nulls
            return true;
        }
    }
    if (qa_page_q_clicked($prefix . 'dounflag') && $comment['unflaggable']) {
        require_once QA_INCLUDE_DIR . 'qa-app-votes.php';
        qa_flag_clear($comment, $userid, $handle, $cookieid);
        return true;
    }
    if (qa_page_q_clicked($prefix . 'doclearflags') && $comment['clearflaggable']) {
        require_once QA_INCLUDE_DIR . 'qa-app-votes.php';
        qa_flags_clear_all($comment, $userid, $handle, $cookieid);
        return true;
    }
    return false;
}
Ejemplo n.º 7
0
    header('Location: ../');
    exit;
}
// report that we entered this page
qa_report_event('page_enter', qa_get_logged_in_userid(), qa_get_logged_in_handle(), qa_cookie_get(), array('params' => $_SERVER['QUERY_STRING']));
//	Check we're not using Q2A's single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS) {
    qa_fatal_error('User login is handled by external code');
}
if (isset($qa_login_userid)) {
    qa_redirect('');
}
//	Process submitted form after checking we haven't reached rate limit
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
$passwordsent = qa_get('ps');
if (qa_limits_remaining(null, 'L') || 1) {
    if (qa_clicked('dologin')) {
        require_once QA_INCLUDE_DIR . 'qa-db-users.php';
        require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
        require_once QA_INCLUDE_DIR . 'mp-db-users.php';
        $inemailhandle = qa_post_text('emailhandle');
        $inpassword = qa_post_text('password');
        $inremember = qa_post_text('remember');
        // MICROPROBE
        $incategory = qa_post_text('category_2');
        $errors = array();
        // verify category provided
        if (strlen($incategory) <= 0) {
            $errors['category'] = qa_lang('question/category_required');
        }
        if (empty($errors)) {
Ejemplo n.º 8
0
function qa_user_permit_error($permitoption = null, $actioncode = null)
{
    require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
    $error = qa_permit_error($permitoption, qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags());
    if (!$error && qa_is_ip_blocked()) {
        $error = 'ipblock';
    }
    if (isset($actioncode) && !$error) {
        if (qa_limits_remaining(qa_get_logged_in_userid(), $actioncode) <= 0) {
            $error = 'limit';
        }
    }
    return $error;
}
     qa_comment_set_hidden($comment, true, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid, $question, $commentanswer);
     qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_hide', $questionid, $commentanswerid, $commentid);
     qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid']));
 }
 if (qa_clicked('doshowc_' . $commentid) && $comment['reshowable']) {
     qa_comment_set_hidden($comment, false, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid, $question, $commentanswer);
     qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_reshow', $questionid, $commentanswerid, $commentid);
     qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid']));
 }
 if (qa_clicked('dodeletec_' . $commentid) && $comment['deleteable']) {
     qa_comment_delete($comment, $question, $commentanswer, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid);
     qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_delete', $questionid, $commentanswerid, $commentid);
     qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid']));
 }
 if (qa_clicked('doclaimc_' . $commentid) && $comment['claimable']) {
     if (qa_limits_remaining($qa_login_userid, 'C')) {
         qa_comment_set_userid($comment, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid);
         qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_claim', $questionid, $commentanswerid, $commentid);
         qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid']));
     } else {
         $pageerror = qa_lang_html('question/comment_limit');
     }
 }
 if (qa_clicked('doflagc_' . $commentid) && $comment['flagbutton']) {
     require_once QA_INCLUDE_DIR . 'qa-app-votes.php';
     $pageerror = qa_flag_error_html($comment, $qa_login_userid, $qa_request);
     if (!$pageerror) {
         if (qa_flag_set_tohide($comment, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid, $question)) {
             qa_comment_set_hidden($comment, true, null, null, null, $question, $commentanswer);
         }
         // hiding not really by this user so pass nulls