function validate_post()
{
// check if the user's nick name is too long
if (!isset($_POST['nick']) || strlen($_POST['nick']) > 30) {
return 'bad_nick';
}
$nick = trim($_POST['nick']);
// check if their trip code secret is too long (could be a pass phrase)
if (!isset($_POST['trip']) || mb_strlen($_POST['trip']) > 140) {
return 'bad_trip';
}
$trip = trim($_POST['trip']);
// if there actually is a trip code at all, salt it
if ($trip != '') {
$trip = tt::trip_encode($trip);
// trip code gets salted
}
// the final write to the database depends on these two flags
// we toggle these as we validate the existence of portions of the request
// if the data in the request is malformed/invalid in any way, we throw an
// error with fail()
$quote_present = false;
$comment_present = false;
// what page is the user trying to post to?
if (!isset($_POST['page'])) {
return 'no_page';
}
$page = $_POST['page'];
// what thread on the page is the user posting to?
if (!isset($_POST['thread'])) {
return 'no_thread';
}
$thread = $_POST['thread'];
// was the post in response to another post; does it have a parent?
if (!isset($_POST['parent'])) {
return 'no_parent';
}
$parent = $_POST['parent'];
// validate the quote
// mind that a quote on truth.ee is matched via the left-size context and/or
// the right-side context as well, and those flanking pieces of text can
// only be so large
$quote_present = isset($_POST['quote']);
if ($quote_present && (!isset($_POST['quote']['quote']) || !isset($_POST['quote']['cleft']) || !isset($_POST['quote']['cright']) || mb_strlen($_POST['quote']['quote']) > 1200 || mb_strlen($_POST['quote']['cleft']) > 100 || mb_strlen($_POST['quote']['cright']) > 100)) {
return 'invalid_quote';
}
// validate the subject of the comment
if (!isset($_POST['subject']) || mb_strlen($_POST['subject']) > 140) {
return 'invalid_subj';
}
// trim the flanking whitespace on the subject if any
$subj = trim($_POST['subject']);
// note that we're not setting $comment_present yet, even though $subj is a
// factor for that flag, it will be set below after the comment is validated
// validate comment
if (!isset($_POST['comment']) || mb_strlen($_POST['comment']) > 10000) {
return 'invalid_comment';
}
$body = trim($_POST['comment']);
$comment_present = $subj != '' || $body != '';
// if we're at this point, it looks like a valid request of some sort
// but we'll check the presence flags to verify we can continue
if (!$quote_present && !$comment_present) {
return 'invalid';
}
$o = new stdClass();
// parent is checked (by the caller) for existence/modified as is
// appropriate when comment and quote are present, (a comment might become
// the child of a new quote, and might need its parent set anew)
$o->parent = $parent;
// page and thread are common between both the quote and the comment (for a
// single post request if both of them exist) so they're set here
$o->page = $page;
$o->thread = $thread;
// also the date
$o->date = time();
// server time should be UTC
if ($quote_present) {
// quote uniqueness is based on the quote itself, along with the page and
// parent (they're prefixed and postfixed so I don't have to 0-pad them)
$hash = hash('sha256', $page . $_POST['quote']['quote'] . $_POST['quote']['cleft'] . $_POST['quote']['cright'] . $parent);
$o->quote = (object) array('hash' => $hash, 'quote' => $_POST['quote']['quote'], 'cleft' => $_POST['quote']['cleft'], 'cright' => $_POST['quote']['cright']);
}
if ($comment_present) {
// post uniqueness is based on the comment itself, along with the page and
// parent, similar to a quote
$hash = hash('sha256', $page . $subj . $body . $parent);
$o->comment = (object) array('hash' => $hash, 'nick' => $nick, 'trip' => $trip, 'subj' => $subj, 'body' => $body);
}
return $o;
}
protected function setMemoryLimit()
{
$inimem = ini_get('memory_limit');
$inibytes = tt::returnBytes($inimem);
$ourbytes = tt::returnBytes(MEMORY_LIMIT);
if ($inibytes < $ourbytes) {
ini_set('memory_limit', MEMORY_LIMIT);
$this->debug(3, "Increased memory from {$inimem} to " . MEMORY_LIMIT);
} else {
$this->debug(3, "Not adjusting memory size because the current setting is " . $inimem . " and our size of " . MEMORY_LIMIT . " is smaller.");
}
}
function fail($reason)
{
echo tt::json(array('_type' => 'fail', 'code' => $reason));
exit;
}
