Example #1
0
function message_on_send(&$api)
{
    include dirname(__FILE__) . '/message_controller.class.php';
    $parent_id = (int) $_POST['parent_id'];
    $may_quote = (int) $_POST['may_quote'];
    $controller = new MessageController($api);
    $user = $api->user();
    $forum_id = $api->forum()->get_id();
    $forumdb = $api->forumdb();
    $api->group()->assert_may('write');
    // Check whether editing is allowed per configuration.
    if ($_POST['msg_id'] && !cfg('postings_editable')) {
        die('Postings may not be changed as per configuration.');
    }
    // Fetch the posting from the database (when editing an existing one) or
    // create a new one from the POST data.
    if ($_POST['msg_id']) {
        $posting = $forumdb->get_posting_from_id($_POST['msg_id']);
        $old_hash = $posting->get_hash();
        $posting->set_subject($_POST['subject']);
        $posting->set_body($_POST['body']);
        $new_hash = $posting->get_hash();
        // Was the content changed?
        if ($old_hash === $new_hash) {
            $api->refer_to_posting($posting);
        } else {
            // Processing without labeling as modified after creation for xx seconds.
            $marker_delay = (int) cfg('posting_marker_delay', 10);
            $created_on = (int) $posting->get_created_unixtime();
            $updated_on = time();
            if ($created_on + $marker_delay < $updated_on) {
                $posting->set_updated_unixtime($updated_on);
            }
        }
    } else {
        $posting = message_get_new_posting($api);
        message_init_posting_from_post_data($posting);
    }
    // Make sure that the user is not trying to spoof a name.
    if (!$user->is_anonymous() && $user->get_name() !== $posting->get_username()) {
        die('Username does not match currently logged in user');
    }
    // Check the posting for completeness.
    $err = $posting->check_complete();
    if ($err) {
        $controller->add_hint(new \hint\Error($err));
        return $controller->show_compose($posting, $parent_id, $may_quote);
    }
    // Make sure that the username is not in use.
    if ($user->is_anonymous() && !$api->userdb()->username_is_available($posting->get_username())) {
        $err = _('The entered username is not available.');
        $controller->add_hint(new \hint\Error($err));
        return $controller->show_compose($posting, $parent_id, $may_quote);
    }
    if ($posting->get_id() <= 0) {
        // If the posting a new one (not an edited one), check for duplicates.
        $duplicate_id = $forumdb->get_duplicate_id_from_posting($posting);
        if ($duplicate_id) {
            $api->refer_to_posting_id($duplicate_id);
        }
        // Check whether too many messages were sent.
        $blocked_until = $api->forumdb()->get_flood_blocked_until($posting);
        if ($blocked_until) {
            $err = sprintf(_('You have sent too many messages.' . ' %d seconds until your message may be sent.'), $blocked_until - time());
            $controller->add_hint(new \hint\Error($err));
            return $controller->show_compose($posting, $parent_id, $may_quote);
        }
        // Check whether the user or IP is spam-locked.
        if ($api->forumdb()->is_spam($posting)) {
            $controller->add_hint(new \hint\Error(_('Message rejected by spamblocker.')));
            return $controller->show_compose($posting, $parent_id, $may_quote);
        }
    }
    // Save the posting.
    $eventbus = $api->eventbus();
    if ($posting->get_id()) {
        $forumdb->save($forum_id, $parent_id, $posting);
        /* Plugin hook: on_message_edit_after
         *   Called after a message was edited.
         *   Args: parent: The parent message id or NULL.
         *         posting: The posting that was saved.
         */
        $eventbus->emit('on_message_edit_after', $api, $parent_id, $posting);
    } else {
        $forumdb->insert($forum_id, $parent_id, $posting);
        /* Plugin hook: on_message_insert_after
         *   Called after a new message was posted.
         *   Args: parent: The parent message id or NULL.
         *         posting: The posting that was sent.
         */
        $eventbus->emit('on_message_insert_after', $api, $parent_id, $posting);
    }
    if (!$posting->get_id()) {
        $controller->add_hint(new \hint\Error(_('Failed to save the posting.')));
        return $controller->show_compose($posting, $parent_id, $may_quote);
    }
    // Success! Refer to the new item.
    $api->refer_to_posting($posting);
}