// The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; header('Content-Type: application/json; charset=UTF-8'); if (!($id = intval($_POST['id']))) { error(_('falta el ID') . " {$id}"); } if (!$current_user->user_id) { error(_('usuario incorrecto')); } $user = $current_user->user_id; if (!check_security_key($_POST['key'])) { error(_('clave de control incorrecta')); } $db->transaction(); $exists = User::get_pref($user, 'sub_follow', $id); if (empty($_POST['change'])) { $dict['value'] = $exists; $globals['access_log'] = false; // Don't log it, to avoid IP blocks } else { if ($exists) { User::delete_pref($user, 'sub_follow', $id); $dict['value'] = 0; } else { User::set_pref($user, 'sub_follow', $id); $dict['value'] = 1;
include '../config.php'; include_once mnminclude . 'ban.php'; header('Content-Type: application/json; charset=UTF-8'); if (check_ban_proxy()) { error(_('IP no permitida')); } if (!($id = check_integer('id'))) { error(_('falta el ID del comentario')); } if (empty($_REQUEST['user'])) { error(_('falta el código de usuario')); } if ($current_user->user_id != $_REQUEST['user']) { error(_('usuario incorrecto') . $current_user->user_id . '-' . htmlspecialchars($_REQUEST['user'])); } if (!check_security_key($_REQUEST['key'])) { error(_('clave de control incorrecta')); } if (empty($_REQUEST['value']) || !is_numeric($_REQUEST['value'])) { error(_('falta valor del voto')); } if ($current_user->user_karma < $globals['min_karma_for_post_votes']) { error(_('karma bajo para votar comentarios')); } $value = intval($_REQUEST['value']); if ($value != -1 && $value != 1) { error(_('valor del voto incorrecto')); } $vote = new Vote('posts', $id, $current_user->user_id); $vote->link = $id; if ($vote->exists()) {
function add_click() { global $globals, $db; if (!$globals['bot'] && !Link::visited($this->id) && $globals['click_counter'] && isset($_COOKIE['k']) && check_security_key($_COOKIE['k']) && $this->ip != $globals['user_ip']) { // Delay storing self::$clicked = $this->id; } }
function add_click() { global $globals, $db; $issues = array(); $go = true; if (!$globals['disable_add_click_checks']) { if ($globals['bot']) { $issues[] = 'globals[bot]'; $go = false; } if (Link::visited($this->id)) { $issues[] = 'link visited'; $go = false; } if (!$globals['click_counter']) { $issues[] = 'not click counter'; $go = false; } if (!isset($_COOKIE['k'])) { $issues[] = 'not set _COOKIE[k]'; $go = false; } if (!check_security_key($_COOKIE['k'])) { $issues[] = 'not check_security_key(_COOKIE[k]'; $go = false; } if (!($this->ip != $globals['user_ip'])) { $issues[] = 'this->ip == globals[user_ip]'; $go = false; } } /* if (! $globals['bot'] && ! Link::visited($this->id) && $globals['click_counter'] && isset($_COOKIE['k']) && check_security_key($_COOKIE['k']) && $this->ip != $globals['user_ip']) { // Delay storing self::$clicked = $this->id; } else { } */ if ($go) { self::$clicked = $this->id; } }
function do_register2() { global $db, $current_user, $globals; if (!ts_is_human()) { register_error(_('el código de seguridad no es correcto')); return; } if (!check_user_fields()) { return; } // Extra check if (!check_security_key($_POST['base_key'])) { register_error(_('código incorrecto o pasó demasiado tiempo')); return; } $username = clean_input_string(trim($_POST['username'])); // sanity check $dbusername = $db->escape($username); // sanity check $password = UserAuth::hash(trim($_POST['password'])); $email = clean_input_string(trim($_POST['email'])); // sanity check $dbemail = $db->escape($email); // sanity check $user_ip = $globals['form_user_ip']; if (!user_exists($username)) { if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) { echo '<fieldset>' . "\n"; echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n"; $user = new User(); $user->username = $username; if (!$user->read()) { register_error(_('error insertando usuario en la base de datos')); } else { require_once mnminclude . 'mail.php'; $sent = send_recover_mail($user); if ($sent) { $globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form Log::insert('user_new', $user->id, $user->id); syslog(LOG_INFO, "new user {$user->id} {$user->username} {$email} {$user_ip}"); } else { register_error(_("error enviando el correo electrónico, seguramente está bloqueado")); } } echo '</fieldset>' . "\n"; } else { register_error(_("error insertando usuario en la base de datos")); } } else { register_error(_("el usuario ya existe")); } }
function admin_bans($ban_type) { global $db, $globals, $offset, $page_size, $ban_text_length, $ban_comment_length, $current_user; require_once mnminclude . 'ban.php'; $key = get_security_key(); if ($current_user->user_level == "god" && check_security_key($_REQUEST["key"])) { if (!empty($_REQUEST["new_ban"])) { insert_ban($ban_type, $_POST["ban_text"], $_POST["ban_comment"], $_POST["ban_expire"]); } elseif (!empty($_REQUEST["edit_ban"])) { insert_ban($ban_type, $_POST["ban_text"], $_POST["ban_comment"], $_POST["ban_expire"], $_POST["ban_id"]); } elseif (!empty($_REQUEST["new_bans"])) { $array = preg_split("/\\s+/", $_POST["ban_text"]); $size = count($array); for ($i = 0; $i < $size; $i++) { insert_ban($ban_type, $array[$i], $_POST["ban_comment"], $_POST["ban_expire"]); } } elseif (!empty($_REQUEST["del_ban"])) { del_ban($_REQUEST["del_ban"]); } } // ex container-wide echo '<div class="genericform" style="margin:0">'; echo '<div style="float:right;">' . "\n"; echo '<form method="get" action="' . $globals['base_url'] . 'admin/bans.php">'; echo '<input type="hidden" name="admin" value="' . $ban_type . '" />'; echo '<input type="hidden" name="key" value="' . $key . '" />'; echo '<input type="text" name="s" '; if ($_REQUEST["s"]) { $_REQUEST["s"] = clean_text($_REQUEST["s"]); echo ' value="' . $_REQUEST["s"] . '" '; } else { echo ' value="' . _('buscar') . '..." '; } echo 'onblur="if(this.value==\'\') this.value=\'' . _('buscar') . '...\';" onfocus="if(this.value==\'' . _('buscar') . '...\') this.value=\'\';" />'; echo ' <input style="padding:2px;" type="image" align="top" value="' . _('buscar') . '" alt="' . _('buscar') . '" src="' . $globals['base_static'] . 'img/common/search-03.png" />'; echo '</form>'; echo '</div>'; if ($current_user->user_level == "god") { echo ' [ <a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&op=new">' . _('Nuevo ban') . '</a> ]'; echo ' [ <a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&op=news">' . _('Múltiples bans') . '</a> ]'; } if (!empty($_REQUEST["op"])) { echo '<form method="post" name="newban" action="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '">'; echo '<input type="hidden" name="key" value="' . $key . '" />'; } echo '<table class="decorated" style="font-size: 10pt">'; echo '<tr><th width="25%"><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&'; if ($_REQUEST["s"]) { echo 's=' . $_REQUEST["s"] . '&'; } echo 'orderby=ban_text">' . $ban_type . '</a></th>'; echo '<th width="30%"><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&'; if ($_REQUEST["s"]) { echo 's=' . $_REQUEST["s"] . '&'; } echo 'orderby=ban_comment">' . _('comentario') . '</a></th>'; echo '<th><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&'; if ($_REQUEST["s"]) { echo 's=' . $_REQUEST["s"] . '&'; } echo 'orderby=ban_date">' . _('fecha creación') . '</a></th>'; echo '<th><a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&'; if ($_REQUEST["s"]) { echo 's=' . $_REQUEST["s"] . '&'; } echo 'orderby=ban_expire">' . _('fecha caducidad') . '</a></th>'; echo '<th>' . _('Editar / Borrar') . '</th></tr>'; switch ($_REQUEST["op"]) { case 'new': echo '<tr><td>'; echo '<input type="text" id="ban_text" name="ban_text" size="30" maxlength="' . $ban_text_length . '" value="" />'; echo ' <span id="checkit"><input type="button" id="checkbutton1" value="' . _('verificar') . '" onclick="checkfield(\'ban_' . $ban_type . '\', this.form, this.form.ban_text)"/></span>' . "\n"; echo '<br /><span id="ban_' . $ban_type . 'checkitvalue"></span>' . "\n"; echo '</td><td>'; echo '<input class="form-full" type="text" name="ban_comment" id="ban_comment" />'; echo '</td><td>'; echo '</td><td>'; echo '<select name="ban_expire" id="ban_expire">'; print_expiration_dates(); echo '</select>'; echo '</td><td>'; echo '<input type="hidden" name="new_ban" value="1" />'; echo '<input type="submit" name="submit" value="' . _('Crear ban') . '" />'; echo '</td></tr>'; break; case 'news': echo '<tr><td>'; echo '<textarea id="ban_text" name="ban_text" /></textarea>'; echo '</td><td>'; echo '<input class="form-full" type="text" name="ban_comment" id="ban_comment" />'; echo '</td><td>'; echo '</td><td>'; echo '<select name="ban_expire" id="ban_expire">'; print_expiration_dates(); echo '</select>'; echo '</td><td>'; echo '<input type="hidden" name="new_bans" value="1" />'; echo '<input type="submit" name="submit" value="' . _('Crear bans') . '" />'; echo '</td></tr>'; break; case 'edit': $ban = new Ban(); $ban->ban_id = (int) $_REQUEST["id"]; $ban->read(); echo '<tr><td>'; echo '<input type="text" name="ban_text" id="ban_text" size="30" maxlength="' . $ban_text_length . '" value="' . $ban->ban_text . '" />'; echo '</td><td>'; echo '<input type="text" class="form-full" name="ban_comment" id="ban_comment" value="' . $ban->ban_comment . '" />'; echo '</td><td>'; echo $ban->ban_date; echo '</td><td>'; echo '<select name="ban_expire" id="ban_expire">'; echo '<option value="' . $ban->ban_expire . '">' . $ban->ban_expire . '</option>'; print_expiration_dates(); echo '</select>'; echo '</td><td>'; echo '<input type="hidden" name="ban_id" value="' . $ban->ban_id . '" />'; echo '<input type="submit" name="edit_ban" value="' . _('Editar ban') . '" />'; echo '</td></tr>'; break; } if (empty($_REQUEST["op"])) { //listado de bans if (empty($_REQUEST["orderby"])) { $_REQUEST["orderby"] = "ban_text"; } else { $_REQUEST["orderby"] = preg_replace('/[^a-z_]/i', '', $_REQUEST["orderby"]); if ($_REQUEST["orderby"] == 'ban_date') { $order = "DESC"; } } $where = "WHERE ban_type='" . $ban_type . "'"; if ($_REQUEST["s"]) { $search_text = $db->escape($_REQUEST["s"]); $where .= " AND (ban_text LIKE '%{$search_text}%' OR ban_comment LIKE '%{$search_text}%')"; } $bans = $db->get_col("SELECT ban_id FROM bans " . $where . " ORDER BY " . $_REQUEST["orderby"] . " {$order} LIMIT {$offset},{$page_size}"); $rows = $db->get_var("SELECT count(*) FROM bans " . $where); if ($bans) { $ban = new Ban(); foreach ($bans as $ban_id) { $ban->ban_id = $ban_id; $ban->read(); echo '<tr>'; echo '<td onmouseover="return tooltip.ajax_delayed(event, \'get_ban_info.php\', ' . $ban->ban_id . ');" onmouseout="tooltip.clear(event);" >' . clean_text($ban->ban_text) . '</td>'; echo '<td style="overflow: hidden;white-space: nowrap;" onmouseover="return tooltip.ajax_delayed(event, \'get_ban_info.php\', ' . $ban->ban_id . ');" onmouseout="tooltip.clear(event);">' . clean_text(txt_shorter($ban->ban_comment, 50)) . '</td>'; echo '<td>' . $ban->ban_date . '</td>'; echo '<td>' . $ban->ban_expire . '</td>'; echo '<td>'; if ($current_user->user_level == "god") { echo '<a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&op=edit&id=' . $ban->ban_id . '" title="' . _('Editar') . '"><img src="' . $globals['base_static'] . 'img/common/sneak-edit-notice01.png" alt="' . 'Editar' . '" /></a>'; echo ' / '; echo '<a href="' . $globals['base_url'] . 'admin/bans.php?admin=' . $ban_type . '&del_ban=' . $ban->ban_id . '&key=' . $key . '" title="' . _('Eliminar') . '"><img src="' . $globals['base_static'] . 'img/common/sneak-reject01.png" alt="' . 'Eliminar' . '" /></a>'; } echo '</td>'; echo '</tr>'; } } } echo '</table>'; if (!empty($_REQUEST["op"])) { echo "</form>\n"; } do_pages($rows, $page_size, false); }
<?php // The source code packaged with this file is Free Software, Copyright (C) 2011 by // Ricardo Galli <gallir at gmail.com>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; if (!check_security_key($_POST['control_key'])) { die; } $user = intval($_POST['id']); $key = $_POST['key']; $value = intval($_POST['value']); if (!$value) { $value = false; } if (!$user || $user != $current_user->user_id) { die; } if (empty($key)) { die; } if (!empty($_POST['set'])) { $value = intval($_POST['value']); if (User::set_pref($user, $key, $value)) { $res = $value; } else { $res = false; }