// The source code packaged with this file is Free Software, Copyright (C) 2005 by
// Ricardo Galli <gallir at uib dot es>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include '../config.php';
header('Content-Type: application/json; charset=UTF-8');
if (!($id = intval($_POST['id']))) {
error(_('falta el ID') . " {$id}");
}
if (!$current_user->user_id) {
error(_('usuario incorrecto'));
}
$user = $current_user->user_id;
if (!check_security_key($_POST['key'])) {
error(_('clave de control incorrecta'));
}
$db->transaction();
$exists = User::get_pref($user, 'sub_follow', $id);
if (empty($_POST['change'])) {
$dict['value'] = $exists;
$globals['access_log'] = false;
// Don't log it, to avoid IP blocks
} else {
if ($exists) {
User::delete_pref($user, 'sub_follow', $id);
$dict['value'] = 0;
} else {
User::set_pref($user, 'sub_follow', $id);
$dict['value'] = 1;
include '../config.php';
include_once mnminclude . 'ban.php';
header('Content-Type: application/json; charset=UTF-8');
if (check_ban_proxy()) {
error(_('IP no permitida'));
}
if (!($id = check_integer('id'))) {
error(_('falta el ID del comentario'));
}
if (empty($_REQUEST['user'])) {
error(_('falta el código de usuario'));
}
if ($current_user->user_id != $_REQUEST['user']) {
error(_('usuario incorrecto') . $current_user->user_id . '-' . htmlspecialchars($_REQUEST['user']));
}
if (!check_security_key($_REQUEST['key'])) {
error(_('clave de control incorrecta'));
}
if (empty($_REQUEST['value']) || !is_numeric($_REQUEST['value'])) {
error(_('falta valor del voto'));
}
if ($current_user->user_karma < $globals['min_karma_for_post_votes']) {
error(_('karma bajo para votar comentarios'));
}
$value = intval($_REQUEST['value']);
if ($value != -1 && $value != 1) {
error(_('valor del voto incorrecto'));
}
$vote = new Vote('posts', $id, $current_user->user_id);
$vote->link = $id;
if ($vote->exists()) {
function add_click()
{
global $globals, $db;
if (!$globals['bot'] && !Link::visited($this->id) && $globals['click_counter'] && isset($_COOKIE['k']) && check_security_key($_COOKIE['k']) && $this->ip != $globals['user_ip']) {
// Delay storing
self::$clicked = $this->id;
}
}
function add_click()
{
global $globals, $db;
$issues = array();
$go = true;
if (!$globals['disable_add_click_checks']) {
if ($globals['bot']) {
$issues[] = 'globals[bot]';
$go = false;
}
if (Link::visited($this->id)) {
$issues[] = 'link visited';
$go = false;
}
if (!$globals['click_counter']) {
$issues[] = 'not click counter';
$go = false;
}
if (!isset($_COOKIE['k'])) {
$issues[] = 'not set _COOKIE[k]';
$go = false;
}
if (!check_security_key($_COOKIE['k'])) {
$issues[] = 'not check_security_key(_COOKIE[k]';
$go = false;
}
if (!($this->ip != $globals['user_ip'])) {
$issues[] = 'this->ip == globals[user_ip]';
$go = false;
}
}
/*
if (! $globals['bot']
&& ! Link::visited($this->id)
&& $globals['click_counter']
&& isset($_COOKIE['k'])
&& check_security_key($_COOKIE['k'])
&& $this->ip != $globals['user_ip']) {
// Delay storing
self::$clicked = $this->id;
} else {
}
*/
if ($go) {
self::$clicked = $this->id;
}
}
function do_register2()
{
global $db, $current_user, $globals;
if (!ts_is_human()) {
register_error(_('el código de seguridad no es correcto'));
return;
}
if (!check_user_fields()) {
return;
}
// Extra check
if (!check_security_key($_POST['base_key'])) {
register_error(_('código incorrecto o pasó demasiado tiempo'));
return;
}
$username = clean_input_string(trim($_POST['username']));
// sanity check
$dbusername = $db->escape($username);
// sanity check
$password = UserAuth::hash(trim($_POST['password']));
$email = clean_input_string(trim($_POST['email']));
// sanity check
$dbemail = $db->escape($email);
// sanity check
$user_ip = $globals['form_user_ip'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) {
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n";
$user = new User();
$user->username = $username;
if (!$user->read()) {
register_error(_('error insertando usuario en la base de datos'));
} else {
require_once mnminclude . 'mail.php';
$sent = send_recover_mail($user);
if ($sent) {
$globals['user_ip'] = $user_ip;
//we force to insert de log with the same IP as the form
Log::insert('user_new', $user->id, $user->id);
syslog(LOG_INFO, "new user {$user->id} {$user->username} {$email} {$user_ip}");
} else {
register_error(_("error enviando el correo electrónico, seguramente está bloqueado"));
}
}
echo '</fieldset>' . "\n";
} else {
register_error(_("error insertando usuario en la base de datos"));
}
} else {
register_error(_("el usuario ya existe"));
}
}
function admin_bans($ban_type)
{
global $db, $globals, $offset, $page_size, $ban_text_length, $ban_comment_length, $current_user;
require_once mnminclude . 'ban.php';
$key = get_security_key();
if ($current_user->user_level == "god" && check_security_key($_REQUEST["key"])) {
if (!empty($_REQUEST["new_ban"])) {
insert_ban($ban_type, $_POST["ban_text"], $_POST["ban_comment"], $_POST["ban_expire"]);
} elseif (!empty($_REQUEST["edit_ban"])) {
insert_ban($ban_type, $_POST["ban_text"], $_POST["ban_comment"], $_POST["ban_expire"], $_POST["ban_id"]);
} elseif (!empty($_REQUEST["new_bans"])) {
$array = preg_split("/\\s+/", $_POST["ban_text"]);
$size = count($array);
for ($i = 0; $i < $size; $i++) {
insert_ban($ban_type, $array[$i], $_POST["ban_comment"], $_POST["ban_expire"]);
}
} elseif (!empty($_REQUEST["del_ban"])) {
del_ban($_REQUEST["del_ban"]);
}
}
// ex container-wide
echo '<div class="genericform" style="margin:0">';
echo '<div style="float:right;">' . "\n";
echo '<form method="get" action="' . $globals['base_url'] . 'admin/bans.php">';
echo '<input type="hidden" name="admin" value="' . $ban_type . '" />';
echo '<input type="hidden" name="key" value="' . $key . '" />';
echo '<input type="text" name="s" ';
if ($_REQUEST["s"]) {
$_REQUEST["s"] = clean_text($_REQUEST["s"]);
echo ' value="' . $_REQUEST["s"] . '" ';
} else {
echo ' value="' . _('buscar') . '..." ';
}
echo 'onblur="if(this.value==\'\') this.value=\'' . _('buscar') . '...\';" onfocus="if(this.value==\'' . _('buscar') . '...\') this.value=\'\';" />';
echo ' <input style="padding:2px;" type="image" align="top" value="' . _('buscar') . '" alt="' . _('buscar') . '" src="' . $globals['base_static'] . 'img/common/search-03.png" />';
echo '</form>';
echo '</div>';
if ($current_user->user_level == "god") {
echo ' [ <a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&op=new">' . _('Nuevo ban') . '</a> ]';
echo ' [ <a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&op=news">' . _('Múltiples bans') . '</a> ]';
}
if (!empty($_REQUEST["op"])) {
echo '<form method="post" name="newban" action="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '">';
echo '<input type="hidden" name="key" value="' . $key . '" />';
}
echo '<table class="decorated" style="font-size: 10pt">';
echo '<tr><th width="25%"><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&';
if ($_REQUEST["s"]) {
echo 's=' . $_REQUEST["s"] . '&';
}
echo 'orderby=ban_text">' . $ban_type . '</a></th>';
echo '<th width="30%"><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&';
if ($_REQUEST["s"]) {
echo 's=' . $_REQUEST["s"] . '&';
}
echo 'orderby=ban_comment">' . _('comentario') . '</a></th>';
echo '<th><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&';
if ($_REQUEST["s"]) {
echo 's=' . $_REQUEST["s"] . '&';
}
echo 'orderby=ban_date">' . _('fecha creación') . '</a></th>';
echo '<th><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&';
if ($_REQUEST["s"]) {
echo 's=' . $_REQUEST["s"] . '&';
}
echo 'orderby=ban_expire">' . _('fecha caducidad') . '</a></th>';
echo '<th>' . _('Editar / Borrar') . '</th></tr>';
switch ($_REQUEST["op"]) {
case 'new':
echo '<tr><td>';
echo '<input type="text" id="ban_text" name="ban_text" size="30" maxlength="' . $ban_text_length . '" value="" />';
echo ' <span id="checkit"><input type="button" id="checkbutton1" value="' . _('verificar') . '" onclick="checkfield(\'ban_' . $ban_type . '\', this.form, this.form.ban_text)"/></span>' . "\n";
echo '<br /><span id="ban_' . $ban_type . 'checkitvalue"></span>' . "\n";
echo '</td><td>';
echo '<input class="form-full" type="text" name="ban_comment" id="ban_comment" />';
echo '</td><td>';
echo '</td><td>';
echo '<select name="ban_expire" id="ban_expire">';
print_expiration_dates();
echo '</select>';
echo '</td><td>';
echo '<input type="hidden" name="new_ban" value="1" />';
echo '<input type="submit" name="submit" value="' . _('Crear ban') . '" />';
echo '</td></tr>';
break;
case 'news':
echo '<tr><td>';
echo '<textarea id="ban_text" name="ban_text" /></textarea>';
echo '</td><td>';
echo '<input class="form-full" type="text" name="ban_comment" id="ban_comment" />';
echo '</td><td>';
echo '</td><td>';
echo '<select name="ban_expire" id="ban_expire">';
print_expiration_dates();
echo '</select>';
echo '</td><td>';
echo '<input type="hidden" name="new_bans" value="1" />';
echo '<input type="submit" name="submit" value="' . _('Crear bans') . '" />';
echo '</td></tr>';
break;
case 'edit':
$ban = new Ban();
$ban->ban_id = (int) $_REQUEST["id"];
$ban->read();
echo '<tr><td>';
echo '<input type="text" name="ban_text" id="ban_text" size="30" maxlength="' . $ban_text_length . '" value="' . $ban->ban_text . '" />';
echo '</td><td>';
echo '<input type="text" class="form-full" name="ban_comment" id="ban_comment" value="' . $ban->ban_comment . '" />';
echo '</td><td>';
echo $ban->ban_date;
echo '</td><td>';
echo '<select name="ban_expire" id="ban_expire">';
echo '<option value="' . $ban->ban_expire . '">' . $ban->ban_expire . '</option>';
print_expiration_dates();
echo '</select>';
echo '</td><td>';
echo '<input type="hidden" name="ban_id" value="' . $ban->ban_id . '" />';
echo '<input type="submit" name="edit_ban" value="' . _('Editar ban') . '" />';
echo '</td></tr>';
break;
}
if (empty($_REQUEST["op"])) {
//listado de bans
if (empty($_REQUEST["orderby"])) {
$_REQUEST["orderby"] = "ban_text";
} else {
$_REQUEST["orderby"] = preg_replace('/[^a-z_]/i', '', $_REQUEST["orderby"]);
if ($_REQUEST["orderby"] == 'ban_date') {
$order = "DESC";
}
}
$where = "WHERE ban_type='" . $ban_type . "'";
if ($_REQUEST["s"]) {
$search_text = $db->escape($_REQUEST["s"]);
$where .= " AND (ban_text LIKE '%{$search_text}%' OR ban_comment LIKE '%{$search_text}%')";
}
$bans = $db->get_col("SELECT ban_id FROM bans " . $where . " ORDER BY " . $_REQUEST["orderby"] . " {$order} LIMIT {$offset},{$page_size}");
$rows = $db->get_var("SELECT count(*) FROM bans " . $where);
if ($bans) {
$ban = new Ban();
foreach ($bans as $ban_id) {
$ban->ban_id = $ban_id;
$ban->read();
echo '<tr>';
echo '<td onmouseover="return tooltip.ajax_delayed(event, \'get_ban_info.php\', ' . $ban->ban_id . ');" onmouseout="tooltip.clear(event);" >' . clean_text($ban->ban_text) . '</td>';
echo '<td style="overflow: hidden;white-space: nowrap;" onmouseover="return tooltip.ajax_delayed(event, \'get_ban_info.php\', ' . $ban->ban_id . ');" onmouseout="tooltip.clear(event);">' . clean_text(txt_shorter($ban->ban_comment, 50)) . '</td>';
echo '<td>' . $ban->ban_date . '</td>';
echo '<td>' . $ban->ban_expire . '</td>';
echo '<td>';
if ($current_user->user_level == "god") {
echo '<a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&op=edit&id=' . $ban->ban_id . '" title="' . _('Editar') . '"><img src="' . $globals['base_static'] . 'img/common/sneak-edit-notice01.png" alt="' . 'Editar' . '" /></a>';
echo ' / ';
echo '<a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&del_ban=' . $ban->ban_id . '&key=' . $key . '" title="' . _('Eliminar') . '"><img src="' . $globals['base_static'] . 'img/common/sneak-reject01.png" alt="' . 'Eliminar' . '" /></a>';
}
echo '</td>';
echo '</tr>';
}
}
}
echo '</table>';
if (!empty($_REQUEST["op"])) {
echo "</form>\n";
}
do_pages($rows, $page_size, false);
}
<?php
// The source code packaged with this file is Free Software, Copyright (C) 2011 by
// Ricardo Galli <gallir at gmail.com>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include '../config.php';
if (!check_security_key($_POST['control_key'])) {
die;
}
$user = intval($_POST['id']);
$key = $_POST['key'];
$value = intval($_POST['value']);
if (!$value) {
$value = false;
}
if (!$user || $user != $current_user->user_id) {
die;
}
if (empty($key)) {
die;
}
if (!empty($_POST['set'])) {
$value = intval($_POST['value']);
if (User::set_pref($user, $key, $value)) {
$res = $value;
} else {
$res = false;
}
