function save_comment() { global $link, $db, $comment, $current_user, $globals, $site_key; // Warning, trillion of checkings :-( // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { echo $limit_exceded; die; } } $user_id = intval($_POST['user_id']); if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.5 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && strlen(trim($_POST['comment_content'])) > 2) { $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); if ($current_user->user_level == 'god') { if ($_POST['type'] == 'admin') { $comment->type = 'admin'; } else { $comment->type = 'normal'; } } if (!$current_user->admin) { $comment->get_links(); } if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})"); echo _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); die; } if (strlen($comment->content) > 0) { $comment->store(); } // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } elseif (!empty($_POST['tmp_filename']) && !empty($_POST['tmp_filetype'])) { $comment->move_tmp_image($_POST['tmp_filename'], $_POST['tmp_filetype']); } elseif (!empty($_FILES['image']['tmp_name'])) { $comment->store_image($_FILES['image']); } header('Location: ' . $link->get_permalink() . '/c0' . $comment->c_order . '#c-' . $comment->c_order); die; } else { echo _('error actualizando, probablemente tiempo de edición excedido'); die; } }
function from_tmp_upload($filename, $type) { global $current_user, $globals; $pathname = Upload::get_cache_dir() . '/tmp/' . $filename; if (!file_exists($pathname)) { return false; } // Check __again__ the limits Upload::current_user_limit_exceded(filesize($pathname)); $this->mime = $type; $this->user = $current_user->user_id; Upload::create_cache_dir($this->id); if (rename($pathname, $this->pathname())) { $this->check_size_and_rotation($this->pathname()); $this->delete_thumbs(); // Check if it exists a thumb adn save it in jpg $thumbname = Upload::get_cache_dir() . "/tmp/tmp_thumb-{$filename}"; if (file_exists($thumbname)) { @unlink($thumbname); } $this->create_thumbs(); return $this->store(); } else { syslog(LOG_INFO, "Meneame, error moving to " . $this->pathname()); } return false; }
function save_post($message_id) { global $link, $db, $message, $current_user, $globals, $site_key; $message = new PrivateMessage(); $to_user = User::get_valid_username($_POST['to_user']); if (!$to_user) { echo 'ERROR: ' . _('nombre de usuario erróneo'); die; } $to = User::get_user_id($to_user); if (!$to > 0) { echo 'ERROR: ' . _('usuario erróneo'); die; } if (!PrivateMessage::can_send($current_user->user_id, $to)) { echo 'ERROR: ' . _('el destinatario no lo tiene amigado'); die; } $_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']); if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { echo 'ERROR: ' . $limit_exceded; die; } } if (mb_strlen($_POST['post']) < 2) { echo 'ERROR: ' . _('texto muy corto'); die; } if ($current_user->user_id != intval($_POST['author'])) { die; } // Check the post wasn't already stored $message->randkey = intval($_POST['key']); $message->author = $current_user->user_id; $message->to = $to; $message->content = $_POST['post']; $db->transaction(); $dupe = intval($db->get_var("select count(*) from privates where user = {$current_user->user_id} and date > date_sub(now(), interval 5 minute) and randkey = {$message->randkey} FOR UPDATE")); if (!$dupe) { // Verify that there are a period of 1 minute between posts. if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 15 second)")) > 0) { echo 'ERROR: ' . _('debe esperar 15 segundos entre mensajes'); $db->rollback(); die; } // Verify that there less than X messages from the same user in a day if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 1 day)")) > 160) { echo 'ERROR: ' . _('demasiados mensajes en un día'); die; } $db->commit(); $message->store(); notify_user($current_user->user_id, $to, $message->content); User::add_notification($message->to, 'private'); } else { $db->commit(); echo 'ERROR: ' . _('mensaje grabado previamente'); die; } // Check image upload or delete if ($_POST['image_delete']) { $message->delete_image(); } else { $message->store_image_from_form('image'); } $message = PrivateMessage::from_db($message->id); // Reread the object $message->print_summary(); }
static function save_from_post($link, $redirect = true) { global $db, $current_user, $globals; require_once mnminclude . 'ban.php'; if (check_ban_proxy()) { return _('dirección IP no permitida'); } // Check if is a POST of a comment if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment(); $comment->link = $link->id; $comment->ip = $globals['user_ip']; $comment->randkey = intval($_POST['randkey']); $comment->author = intval($_POST['user_id']); $comment->karma = round($current_user->user_karma); $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours + 1); if ($clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } if (!$current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) { $same_links_count *= 2; } $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5); $karma_penalty = 0; if ($comment_count > $comment_limit || $same_count > 2) { if ($comment_count > $comment_limit) { $karma_penalty += ($comment_count - 3) * 0.1; } if ($same_count > 1) { $karma_penalty += $same_count * 0.25; } } // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { return $limit_exceded; } } $db->transaction(); // Check the comment wasn't already stored $r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE")); $already_stored = intval($r); if ($already_stored) { $db->rollback(); return _('comentario duplicado'); } if ($karma_penalty > 0) { $db->rollback(); $user = new User($current_user->user_id); $user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios')); return _('penalización de karma por texto repetido o abuso de enlaces'); } if (!is_null($r) && $comment->store()) { $comment->insert_vote(); $link->update_comments(); $db->commit(); // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } else { $comment->store_image_from_form('image'); } if ($redirect) { // Comment stored, just redirect to it page header('HTTP/1.1 303 Load'); header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order); die; } else { return $comment; } } $db->rollback(); return _('error insertando comentario'); //return $error; }
} // If the header is available, chech the size if (isset($headers['X-File-Size']) && $headers['X-File-Size'] > 0 && Upload::current_user_limit_exceded($headers['X-File-Size'])) { $r->error = _("Límite de ficheros excedidos"); syslog(LOG_INFO, "File size exceeded " . $headers['X-File-Size']); echo json_encode($r); die; } $dir = Upload::get_cache_dir() . '/tmp'; if (!file_exists($dir)) { $old_mask = umask(0); $res = @mkdir($dir, 0777, true); umask($old_mask); } $source = file_get_contents('php://input'); if (Upload::current_user_limit_exceded(strlen($source))) { $r->error = _("Límite de ficheros excedidos"); echo json_encode($r); die; } // Delete old files first $older = time() - 1800; $iterator = new DirectoryIterator($dir); foreach ($iterator as $fileinfo) { if ($fileinfo->isFile()) { if ($fileinfo->getMTime() < $older) { @unlink($fileinfo->getPathname()); } } } $tmpfile = $dir . '/' . $current_user->user_id . '-' . $current_user->user_login . '-' . uniqid();
function check_and_save($comment, $link) { global $db, $current_user, $globals, $site_key; // Warning, trillion of checkings :-( // TODO: unify with Comment::save_from_post(), careful with the differences // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { return $limit_exceded; } } $user_id = intval($_POST['user_id']); if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.5 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && mb_strlen(trim($_POST['comment_content'])) > 2) { $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); if ($current_user->user_level == 'god') { if ($_POST['type'] == 'admin') { $comment->type = 'admin'; } else { $comment->type = 'normal'; } } if (!$current_user->admin) { $comment->get_links(); } if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } if (mb_strlen($comment->content) > 0) { $comment->store(); } // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } else { $comment->store_image_from_form('image'); } return $comment; } return _('error actualizando, probablemente tiempo de edición excedido'); }
function save_post($post_id) { global $link, $db, $post, $current_user, $globals, $site_key; $post = new Post(); $_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']); if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { echo 'ERROR: ' . $limit_exceded; die; } } if (mb_strlen($_POST['post']) < 5) { echo 'ERROR: ' . _('texto muy corto'); die; } if ($post_id > 0) { $post->id = $post_id; if (!$post->read()) { die; } if ((intval($_POST['user_id']) == $current_user->user_id && $current_user->user_id == $post->author && time() - $post->date < 3600 || $current_user->user_level == 'god' && time() - $post->date < $globals['posts_edit_time_admin'] * 1.5) && $_POST['key'] == $post->randkey) { $post->content = $_POST['post']; if (strlen($post->content) > 0) { $post->store(); store_image($post); } } else { echo 'ERROR: ' . _('no tiene permisos para grabar'); die; } } else { if ($current_user->user_id != intval($_POST['user_id'])) { die; } if ($current_user->user_karma < $globals['min_karma_for_posts']) { echo 'ERROR: ' . _('el karma es muy bajo'); die; } // Check the post wasn't already stored $post->randkey = intval($_POST['key']); $post->author = $current_user->user_id; $post->content = $_POST['post']; // Verify that there are a period of 1 minute between posts. if (intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval " . $globals['posts_period'] . " second)")) > 0) { echo 'ERROR: ' . _('debe esperar entre notas'); die; } $same_text = $post->same_text_count(); $same_links = $post->same_links_count(10); $db->transaction(); $r = $db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 5 minute) and post_randkey = {$post->randkey} FOR UPDATE"); $dupe = intval($r); if (!is_null($r) && !$dupe && !$same_text) { if ($same_links > 2) { $reduction = $same_links * 0.2; $user = new User($current_user->user_id); $user->add_karma(-$reduction, _('demasiados enlaces al mismo dominio en las notas')); syslog(LOG_NOTICE, "Meneame: post_edit decreasing {$reduction} of karma to {$user->username} (now {$user->karma})"); } $post->store(); $db->commit(); store_image($post); } else { $db->commit(); echo 'ERROR: ' . _('comentario grabado previamente'); die; } } $post->print_summary(); }