public function __construct(\Foolz\Foolframe\Model\Context $context) { parent::__construct($context); $this->logger = $context->getService('logger'); $this->preferences = $context->getService('preferences'); $this->radix_coll = $context->getService('foolslide.radix_collection'); $this->media_factory = $context->getService('foolslide.media_factory'); }
/** * Send the comment and attached media to database * * @param Media $media * @param array $data extra data * @throws CommentSendingDatabaseException * @throws CommentSendingBannedException * @throws CommentSendingThreadWithoutMediaException * @throws CommentSendingSpamException * @throws CommentSendingImageInGhostException * @throws CommentSendingNoDelPassException * @throws CommentSendingThreadClosedException * @throws CommentSendingRequestCaptchaException * @throws CommentSendingTimeLimitException * @throws CommentSendingException * @throws CommentSendingTooManyCharactersException * @throws \RuntimeException * @throws CommentSendingDisplaysEmptyException * @throws CommentSendingTooManyLinesException * @throws CommentSendingSameCommentException * @throws CommentSendingWrongCaptchaException * @throws CommentSendingUnallowedCapcodeException * @return array error key with explanation to show to user, or success and post row */ public function p_insert(Media $media = null, $data = []) { if (isset($data['recaptcha_challenge'])) { $this->recaptcha_challenge = $data['recaptcha_challenge']; $this->recaptcha_response = $data['recaptcha_response']; } $this->ghost = false; $this->ghost_exist = false; $this->allow_media = true; // some users don't need to be limited, in here go all the ban and posting limitators if (!$this->getAuth()->hasAccess('comment.limitless_comment')) { // check if the user is banned if ($ban = $this->ban_factory->isBanned($this->comment->poster_ip, $this->radix)) { if ($ban->board_id == 0) { $banned_string = _i('It looks like you were banned on all boards.'); } else { $banned_string = _i('It looks like you were banned on /' . $this->radix->shortname . '/.'); } if ($ban->length) { $banned_string .= ' ' . _i('This ban will last until:') . ' ' . date(DATE_COOKIE, $ban->start + $ban->length) . '.'; } else { $banned_string .= ' ' . _i('This ban will last forever.'); } if ($ban->reason) { $banned_string .= ' ' . _i('The reason for this ban is:') . ' «' . $ban->reason . '».'; } if ($ban->appeal_status == Ban::APPEAL_NONE) { $banned_string .= ' ' . _i('If you\'d like to appeal to your ban, go to the %s page.', '<a href="' . $this->uri->create($this->radix->shortname . '/appeal') . '">' . _i('Appeal') . '</a>'); } elseif ($ban->appeal_status == Ban::APPEAL_PENDING) { $banned_string .= ' ' . _i('Your appeal is pending.'); } throw new CommentSendingBannedException($banned_string); } } // check if it's a thread and its status if ($this->comment->thread_num > 0) { try { $thread = Board::forge($this->getContext())->getThread($this->comment->thread_num)->setRadix($this->radix); $status = $thread->getThreadStatus(); } catch (BoardException $e) { throw new CommentSendingException($e->getMessage()); } if ($status['closed']) { throw new CommentSendingThreadClosedException(_i('The thread is closed.')); } $this->ghost = $status['dead']; $this->ghost_exist = $status['ghost_exist']; $this->allow_media = !$status['disable_image_upload']; } foreach (['name', 'email', 'title', 'comment', 'capcode'] as $key) { $this->comment->{$key} = trim((string) $this->comment->{$key}); } $this->comment->setDelpass(trim((string) $this->comment->getDelPass())); // some users don't need to be limited, in here go all the ban and posting limitators if (!$this->getAuth()->hasAccess('comment.limitless_comment')) { if ($this->comment->thread_num < 1) { // one can create a new thread only once every 5 minutes $check_op = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('r.poster_ip = :poster_ip')->andWhere('r.timestamp > :timestamp')->andWhere('r.op = :op')->setParameters([':poster_ip' => $this->comment->poster_ip, ':timestamp' => time() - $this->radix->getValue('cooldown_new_thread'), ':op' => true])->setMaxResults(1)->execute()->fetch(); if ($check_op) { throw new CommentSendingTimeLimitException(_i('You must wait up to %d minutes to make another new thread.', ceil($this->radix->getValue('cooldown_new_thread') / 60))); } } // check the latest posts by the user to see if he's posting the same message or if he's posting too fast $check = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('poster_ip = :poster_ip')->orderBy('timestamp', 'DESC')->setMaxResults(1)->setParameter(':poster_ip', $this->comment->poster_ip)->execute()->fetch(); if ($check) { if ($this->comment->comment !== null && $check['comment'] === $this->comment->comment) { throw new CommentSendingSameCommentException(_i('You\'re sending the same comment as the last time')); } $check_time = $this->getRadixTime(); if ($check_time - $check['timestamp'] < $this->radix->getValue('cooldown_new_comment') && $check_time - $check['timestamp'] > 0) { throw new CommentSendingTimeLimitException(_i('You must wait up to %d seconds to post again.', $this->radix->getValue('cooldown_new_comment'))); } } // we want to know if the comment will display empty, and in case we won't let it pass $comment_parsed = $this->processComment(); if ($this->comment->comment !== '' && $comment_parsed === '') { throw new CommentSendingDisplaysEmptyException(_i('This comment would display empty.')); } // clean up to reset eventual auto-built entries $this->comment->clean(); if ($this->recaptcha_challenge && $this->recaptcha_response && $this->preferences->get('foolframe.auth.recaptcha_public', false)) { $recaptcha = ReCaptcha::create($this->preferences->get('foolframe.auth.recaptcha_public'), $this->preferences->get('foolframe.auth.recaptcha_private')); $recaptcha_result = $recaptcha->checkAnswer(Inet::dtop($this->comment->poster_ip), $this->recaptcha_challenge, $this->recaptcha_response); if (!$recaptcha_result->isValid()) { throw new CommentSendingWrongCaptchaException(_i('Incorrect CAPTCHA solution.')); } } elseif ($this->preferences->get('foolframe.auth.recaptcha_public')) { // if there wasn't a recaptcha input, let's go with heavier checks if (substr_count($this->comment->comment, 'http') >= $this->radix->getValue('captcha_comment_link_limit')) { throw new CommentSendingRequestCaptchaException(); } // bots usually fill all the fields if ($this->comment->comment && $this->comment->title && $this->comment->email) { throw new CommentSendingRequestCaptchaException(); } // bots usually try various BBC, this checks if there's unparsed BBC after parsing it if ($comment_parsed !== '' && substr_count($comment_parsed, '[') + substr_count($comment_parsed, ']') > 4) { throw new CommentSendingRequestCaptchaException(); } } // load the spam list and check comment, name, title and email $spam = array_filter(preg_split('/\\r\\n|\\r|\\n/', file_get_contents(ASSETSPATH . 'packages/anti-spam/databases/urls.dat'))); foreach ($spam as $s) { if (strpos($this->comment->comment, $s) !== false || strpos($this->comment->name, $s) !== false || strpos($this->comment->title, $s) !== false || strpos($this->comment->email, $s) !== false) { throw new CommentSendingSpamException(_i('Your post has undesidered content.')); } } // check entire length of comment if (mb_strlen($this->comment->comment, 'utf-8') > $this->radix->getValue('max_comment_characters_allowed')) { throw new CommentSendingTooManyCharactersException(_i('Your comment has too many characters')); } // check total numbers of lines in comment if (count(explode("\n", $this->comment->comment)) > $this->radix->getValue('max_comment_lines_allowed')) { throw new CommentSendingTooManyLinesException(_i('Your comment has too many lines.')); } } \Foolz\Plugin\Hook::forge('Foolz\\Foolslide\\Model\\CommentInsert::insert.call.after.input_checks')->setObject($this)->execute(); // process comment name+trip if ($this->comment->name === '') { $this->comment->name = $this->radix->getValue('anonymous_default_name'); $this->comment->trip = null; } else { $this->processName(); if ($this->comment->trip === '') { $this->comment->trip = null; } } foreach (['email', 'title', 'comment'] as $key) { if ($this->comment->{$key} === '') { $this->comment->{$key} = null; } } // process comment password if ($this->comment->getDelpass() === '') { throw new CommentSendingNoDelPassException(_i('You must submit a deletion password.')); } $pass = password_hash($this->comment->getDelpass(), PASSWORD_BCRYPT, ['cost' => 10]); if ($this->comment->getDelpass() === false) { throw new \RuntimeException('Password hashing failed'); } $this->comment->setDelpass($pass); if ($this->comment->capcode != '') { $allowed_capcodes = ['N']; if ($this->getAuth()->hasAccess('comment.mod_capcode')) { $allowed_capcodes[] = 'M'; } if ($this->getAuth()->hasAccess('comment.admin_capcode')) { $allowed_capcodes[] = 'A'; } if ($this->getAuth()->hasAccess('comment.dev_capcode')) { $allowed_capcodes[] = 'D'; } if (!in_array($this->comment->capcode, $allowed_capcodes)) { throw new CommentSendingUnallowedCapcodeException(_i('You\'re not allowed to use this capcode.')); } } else { $this->comment->capcode = 'N'; } $microtime = str_replace('.', '', (string) microtime(true)); $this->comment->timestamp = substr($microtime, 0, 10); $this->comment->op = (bool) (!$this->comment->thread_num); if ($this->radix->getValue('enable_flags')) { $reader = new Reader($this->preferences->get('foolframe.maxmind.geoip2_db_path')); try { $record = $reader->country(Inet::dtop($this->comment->poster_ip)); $this->comment->poster_country = strtolower($record->country->isoCode); } catch (AddressNotFoundException $e) { $this->comment->poster_country = 'xx'; } } // process comment media if ($media !== null) { // if uploading an image with OP is prohibited if (!$this->comment->thread_num && $this->radix->getValue('op_image_upload_necessity') === 'never') { throw new CommentSendingException(_i('You can\'t start a new thread with an image.')); } if (!$this->allow_media) { if ($this->ghost) { throw new CommentSendingImageInGhostException(_i('You can\'t post images when the thread is in ghost mode.')); } else { throw new CommentSendingException(_i('This thread has reached its image limit.')); } } try { $media->insert($microtime, $this->comment->op); $this->media = $media->media; } catch (MediaInsertException $e) { throw new CommentSendingException($e->getMessage()); } } else { // if the user is forced to upload an image when making a new thread if (!$this->comment->thread_num && $this->radix->getValue('op_image_upload_necessity') === 'always') { throw new CommentSendingThreadWithoutMediaException(_i('You can\'t start a new thread without an image.')); } // in case of no media, check comment field again for null if ($this->comment->comment === null) { throw new CommentSendingDisplaysEmptyException(_i('This comment would display empty.')); } $this->media = $this->bulk->media = new MediaData(); } // 2ch-style codes, only if enabled if ($this->comment->thread_num && $this->radix->getValue('enable_poster_hash')) { $this->comment->poster_hash = substr(substr(crypt(md5($this->comment->poster_ip . 'id' . $this->comment->thread_num), 'id'), +3), 0, 8); } $this->comment->timestamp = $this->getRadixTime($this->comment->timestamp); \Foolz\Plugin\Hook::forge('Foolz\\Foolslide\\Model\\CommentInsert::insert.call.before.sql')->setObject($this)->execute(); // being processing insert... if ($this->ghost) { $num = ' ( SELECT MAX(num) AS num FROM ( ( SELECT num FROM ' . $this->radix->getTable() . ' xr WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' ) UNION ( SELECT num FROM ' . $this->radix->getTable('_deleted') . ' xrd WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' ) ) x )'; $subnum = ' ( SELECT MAX(subnum) + 1 AS subnum FROM ( ( SELECT subnum FROM ' . $this->radix->getTable() . ' xxr WHERE num = ( SELECT MAX(num) FROM ( ( SELECT num FROM ' . $this->radix->getTable() . ' xxxr WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' ) UNION ( SELECT num FROM ' . $this->radix->getTable('_deleted') . ' xxxrd WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' ) ) xxx ) ) UNION ( SELECT subnum FROM ' . $this->radix->getTable('_deleted') . ' xxdr WHERE num = ( SELECT MAX(num) FROM ( ( SELECT num FROM ' . $this->radix->getTable() . ' xxxr WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' ) UNION ( SELECT num FROM ' . $this->radix->getTable('_deleted') . ' xxxdrd WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' ) ) xxxd ) ) ) xx )'; $thread_num = $this->comment->thread_num; } else { $num = ' ( SELECT MAX(num) + 1 AS num FROM ( ( SELECT COALESCE(MAX(num), 0) AS num FROM ' . $this->radix->getTable() . ' xr ) UNION ( SELECT COALESCE(MAX(num), 0) AS num FROM ' . $this->radix->getTable('_deleted') . ' xdr ) ) x )'; $subnum = 0; if ($this->comment->thread_num > 0) { $thread_num = $this->dc->getConnection()->quote($this->comment->thread_num); } else { $thread_num = ' ( SELECT MAX(thread_num) + 1 AS thread_num FROM ( ( SELECT COALESCE(MAX(num), 0) as thread_num FROM ' . $this->radix->getTable() . ' xxr ) UNION ( SELECT COALESCE(MAX(num), 0) as thread_num FROM ' . $this->radix->getTable('_deleted') . ' xxdr ) ) xx )'; } } try { $query_fields = ['num' => $num, 'subnum' => $subnum, 'thread_num' => $thread_num]; $fields = ['media_id' => $this->media->media_id ? $this->media->media_id : 0, 'op' => (int) $this->op, 'timestamp' => $this->comment->timestamp, 'capcode' => $this->comment->capcode, 'email' => $this->comment->email, 'name' => $this->comment->name, 'trip' => $this->comment->trip, 'title' => $this->comment->title, 'comment' => $this->comment->comment, 'delpass' => $this->comment->getDelpass(), 'spoiler' => (int) $this->media->spoiler, 'poster_ip' => $this->comment->poster_ip, 'poster_hash' => $this->comment->poster_hash, 'poster_country' => $this->comment->poster_country, 'preview_orig' => $this->media->preview_orig, 'preview_w' => $this->media->preview_w, 'preview_h' => $this->media->preview_h, 'media_filename' => $this->media->media_filename, 'media_w' => $this->media->media_w, 'media_h' => $this->media->media_h, 'media_size' => $this->media->media_size, 'media_hash' => $this->media->media_hash, 'media_orig' => $this->media->media_orig, 'exif' => $this->media->exif !== null ? @json_encode($this->media->exif) : null, 'timestamp_expired' => 0]; foreach ($fields as $key => $item) { if ($item === null) { $fields[$key] = 'null'; } else { $fields[$key] = $this->dc->getConnection()->quote($item); } } $fields = $query_fields + $fields; $this->dc->getConnection()->beginTransaction(); $this->dc->getConnection()->executeUpdate('INSERT INTO ' . $this->radix->getTable() . ' (' . implode(', ', array_keys($fields)) . ') VALUES (' . implode(', ', array_values($fields)) . ')'); $last_id = $this->dc->getConnection()->lastInsertId($this->radix->getTable('_doc_id_seq')); $comment = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('doc_id = :doc_id')->setParameter(':doc_id', $last_id)->execute()->fetchAll(); $this->bulk->import($comment[0], $this->radix); if (!$this->radix->archive) { $this->insertTriggerThreads(); $this->insertTriggerDaily(); $this->insertTriggerUsers(); } // update poster_hash for op posts if ($this->comment->op && $this->radix->getValue('enable_poster_hash')) { $this->comment->poster_hash = substr(substr(crypt(md5($this->comment->poster_ip . 'id' . $this->comment->thread_num), 'id'), 3), 0, 8); $this->dc->qb()->update($this->radix->getTable(), 'ph')->set('poster_hash', $this->dc->getConnection()->quote($this->comment->poster_hash))->where('doc_id = :doc_id')->setParameter(':doc_id', $this->comment->doc_id)->execute(); } $this->dc->getConnection()->commit(); // clean up some caches Cache::item('foolslide.model.board.getThreadComments.thread.' . md5(serialize([$this->radix->shortname, $this->comment->thread_num])))->delete(); // clean up the 10 first pages of index and gallery that are cached for ($i = 1; $i <= 10; $i++) { Cache::item('foolslide.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_post.' . $i)->delete(); Cache::item('foolslide.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_thread.' . $i)->delete(); Cache::item('foolslide.model.board.getThreadsComments.query.' . $this->radix->shortname . '.' . $i)->delete(); } } catch (\Doctrine\DBAL\DBALException $e) { $this->logger->error('\\Foolz\\Foolslide\\Model\\CommentInsert: ' . $e->getMessage()); $this->dc->getConnection()->rollBack(); throw new CommentSendingDatabaseException(_i('Something went wrong when inserting the post in the database. Try again.')); } return $this; }
public function post_mod_actions() { if (!$this->checkCsrfToken()) { return $this->response->setData(['error' => _i('The security token was not found. Please try again.')]); } if (!$this->getAuth()->hasAccess('comment.mod_capcode')) { return $this->response->setData(['error' => _i('Access Denied.')])->setStatusCode(403); } if (!$this->check_board()) { return $this->response->setData(['error' => _i('No board was selected.')])->setStatusCode(422); } if ($this->getPost('action') === 'delete_report') { try { $this->report_coll->delete($this->getPost('id')); } catch (\Foolz\Foolslide\Model\ReportException $e) { return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404); } return $this->response->setData(['success' => _i('The report was deleted.')]); } if ($this->getPost('action') === 'delete_post') { try { $comments = Board::forge($this->getContext())->getPost()->setOptions('doc_id', $this->getPost('id'))->setRadix($this->radix)->getComments(); $comment = current($comments); $comment = new Comment($this->getContext(), $comment); $comment->delete(); } catch (\Foolz\Foolslide\Model\BoardException $e) { return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404); } return $this->response->setData(['success' => _i('This post was deleted.')]); } if ($this->getPost('action') === 'delete_image') { try { $media = $this->media_factory->getByMediaId($this->radix, $this->getPost('id')); $media = new Media($this->getContext(), CommentBulk::forge($this->radix, null, $media)); $media->delete(true, true, true); } catch (\Foolz\Foolslide\Model\MediaNotFoundException $e) { return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404); } return $this->response->setData(['success' => _i('This image was deleted.')]); } if ($this->getPost('action') === 'ban_image_local' || $this->getPost('action') === 'ban_image_global') { $global = false; if ($this->getPost('action') === 'ban_image_global') { $global = true; } try { $media = $this->media_factory->getByMediaId($this->radix, $this->getPost('id')); $media = new Media($this->getContext(), CommentBulk::forge($this->radix, null, $media)); $media->ban($global); } catch (\Foolz\Foolslide\Model\MediaNotFoundException $e) { return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404); } return $this->response->setData(['success' => _i('This image was banned.')]); } if ($this->getPost('action') === 'ban_user') { try { $this->ban_factory->add(Inet::ptod($this->getPost('ip')), $this->getPost('reason'), $this->getPost('length'), $this->getPost('board_ban') === 'global' ? array() : array($this->radix->id)); } catch (\Foolz\Foolslide\Model\BanException $e) { return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404); } return $this->response->setData(['success' => _i('This user was banned.')]); } }
/** * Returns the Comment by doc_id or the first Comment found with a matching media_id * * @return null|\Foolz\Foolslide\Model\CommentBulk * @throws \Foolz\Foolslide\Model\ReportMediaNotFoundException * @throws \Foolz\Foolslide\Model\ReportCommentNotFoundException */ public function p_getComment() { if ($this->media_id !== null) { // custom "get the first doc_id with the media" $doc_id_res = $this->dc->qb()->select('doc_id')->from($this->radix_coll->getById($this->board_id)->getTable(), 'a')->where('media_id = :media_id')->orderBy('timestamp', 'desc')->setParameter('media_id', $this->media_id)->execute()->fetch(); if ($doc_id_res !== null) { $this->doc_id = $doc_id_res->doc_id; } else { $this->report_coll->delete($this->id); return null; } } try { $comments = Board::forge($this->getContext())->getPost()->setRadix($this->radix)->setOptions('doc_id', $this->doc_id)->getComments(); $this->comment = current($comments); } catch (BoardException $e) { $this->report_coll->delete($this->id); return null; } return $this->comment; }
/** * Adds a new report to the database * * @param \Foolz\Foolslide\Model\Radix $radix The Radix to which the Report is referred to * @param int $id The ID of the object being reported (doc_id or media_id) * @param string $reason The reason for the report * @param string $ip_reporter The IP in decimal format * @param string $mode The type of column (doc_id or media_id) * * @return \Foolz\Foolslide\Model\Report The created report * @throws ReportMediaNotFoundException If the reported media_id doesn't exist * @throws ReportCommentNotFoundException If the reported doc_id doesn't exist * @throws ReportReasonTooLongException If the reason inserted was too long * @throws ReportSentTooManyException If the user sent too many moderation in a timeframe * @throws ReportReasonNullException If the report reason is null * @throws ReportAlreadySubmittedException If the reporter’s IP has already submitted a report for the post. * @throws ReportSubmitterBannedException If the reporter’s IP has been banned. */ public function p_add($radix, $id, $reason, $ip_reporter, $mode = 'doc_id') { $new = new Report($this->getContext()); $new->radix = $radix; $new->board_id = $radix->id; if ($mode === 'media_id') { try { $this->media_factory->getByMediaId($new->radix, $id); } catch (MediaNotFoundException $e) { throw new ReportMediaNotFoundException(_i('The media file you are reporting could not be found.')); } $new->media_id = (int) $id; } else { try { Board::forge($this->getContext())->getPost()->setRadix($new->radix)->setOptions('doc_id', $id)->getComments(); } catch (BoardException $e) { throw new ReportCommentNotFoundException(_i('The post you are reporting could not be found.')); } $new->doc_id = (int) $id; } if (trim($reason) === null) { throw new ReportReasonNullException(_i('A reason must be included with your report.')); } if (mb_strlen($reason, 'utf-8') > 2048) { throw new ReportReasonTooLongException(_i('The reason for you report was too long.')); } $new->reason = $reason; $new->ip_reporter = $ip_reporter; // check how many moderation have been sent in the last hour to prevent spam $row = $this->dc->qb()->select('COUNT(*) as count')->from($this->dc->p('reports'), 'r')->where('created > :time')->andWhere('ip_reporter = :ip_reporter')->setParameter(':time', time() - 86400)->setParameter(':ip_reporter', $new->ip_reporter)->execute()->fetch(); if ($row['count'] > 25) { throw new ReportSentTooManyException(_i('You have submitted too many reports within an hour.')); } $reported = $this->dc->qb()->select('COUNT(*) as count')->from($this->dc->p('reports'), 'r')->where('board_id = :board_id')->andWhere('ip_reporter = :ip_reporter')->andWhere('doc_id = :doc_id')->setParameters([':board_id' => $new->board_id, ':doc_id' => $new->doc_id, ':ip_reporter' => $new->ip_reporter])->execute()->fetch(); if ($reported['count'] > 0) { throw new ReportSubmitterBannedException(_i('You can only submit one report per post.')); } if ($ban = $this->ban_factory->isBanned($new->ip_reporter, $new->radix)) { if ($ban->board_id == 0) { $banned_string = _i('It looks like you were banned on all boards.'); } else { $banned_string = _i('It looks like you were banned on /' . $new->radix->shortname . '/.'); } if ($ban->length) { $banned_string .= ' ' . _i('This ban will last until:') . ' ' . date(DATE_COOKIE, $ban->start + $ban->length) . '.'; } else { $banned_string .= ' ' . _i('This ban will last forever.'); } if ($ban->reason) { $banned_string .= ' ' . _i('The reason for this ban is:') . ' «' . $ban->reason . '».'; } if ($ban->appeal_status == Ban::APPEAL_NONE) { $banned_string .= ' ' . _i('If you\'d like to appeal to your ban, go to the :appeal page.', '<a href="' . $this->uri->create($new->radix->shortname . '/appeal') . '">' . _i('appeal') . '</a>'); } elseif ($ban->appeal_status == Ban::APPEAL_PENDING) { $banned_string .= ' ' . _i('Your appeal is pending.'); } throw new ReportSubmitterBannedException($banned_string); } $new->created = time(); $this->dc->getConnection()->insert($this->dc->p('reports'), ['board_id' => $new->board_id, 'doc_id' => $new->doc_id, 'media_id' => $new->media_id, 'reason' => $new->reason, 'ip_reporter' => $new->ip_reporter, 'created' => $new->created]); $this->clearCache(); return $new; }
/** * Delete the post and eventually the entire thread if it's OP * Also deletes the images when it's the only post with that image * * @param null $password * @param bool $force * @param bool $thread * @throws CommentSendingDatabaseException * @throws CommentDeleteWrongPassException * @return array|bool */ protected function p_delete($password = null, $force = false, $thread = false) { if (!$this->getAuth()->hasAccess('comment.passwordless_deletion') && $force !== true) { if (!password_verify($password, $this->comment->getDelpass())) { throw new CommentDeleteWrongPassException(_i('You did not provide the correct deletion password.')); } } try { $this->dc->getConnection()->beginTransaction(); // check that the post isn't already in deleted $has_deleted = $this->dc->qb()->select('COUNT(*) as found')->from($this->radix->getTable('_deleted'), 'd')->where('doc_id = :doc_id')->setParameter(':doc_id', $this->comment->doc_id)->execute()->fetch(); if (!$has_deleted['found']) { // throw into _deleted table $this->dc->getConnection()->executeUpdate('INSERT INTO ' . $this->radix->getTable('_deleted') . ' ' . $this->dc->qb()->select('*')->from($this->radix->getTable(), 't')->where('doc_id = ' . $this->dc->getConnection()->quote($this->comment->doc_id))->getSQL()); } // delete post $this->dc->qb()->delete($this->radix->getTable())->where('doc_id = :doc_id')->setParameter(':doc_id', $this->comment->doc_id)->execute(); // purge reports $this->dc->qb()->delete($this->dc->p('reports'))->where('board_id = :board_id')->andWhere('doc_id = :doc_id')->setParameter(':board_id', $this->radix->id)->setParameter(':doc_id', $this->comment->doc_id)->execute(); // clear cache $this->radix_coll->clearCache(); // remove image file if (isset($this->media)) { $media_sql = $this->dc->qb()->select('COUNT(*)')->from($this->radix->getTable(), 't')->where('media_id = :media_id')->setParameter(':media_id', $this->media->media_id)->getSQL(); $this->dc->qb()->update($this->radix->getTable('_images'))->set('total', '(' . $media_sql . ')')->where('media_id = :media_id')->setParameter(':media_id', $this->media->media_id)->execute(); $has_image = $this->dc->qb()->select('total')->from($this->radix->getTable('_images'), 'ti')->where('media_id = :media_id')->setParameter(':media_id', $this->media->media_id)->execute()->fetch(); if (!$has_image || !$has_image['total']) { $media = new Media($this->getContext(), $this->bulk); $media->delete(); } } // if this is OP, delete replies too if ($this->comment->op) { // delete thread data $this->dc->qb()->delete($this->radix->getTable('_threads'))->where('thread_num = :thread_num')->setParameter(':thread_num', $this->comment->thread_num)->execute(); // process each comment $comments = $this->dc->qb()->select('doc_id')->from($this->radix->getTable(), 'b')->where('thread_num = :thread_num')->setParameter(':thread_num', $this->comment->thread_num)->execute()->fetchAll(); foreach ($comments as $comment) { $post = Board::forge($this->getContext())->getPost()->setOptions('doc_id', $comment['doc_id'])->setRadix($this->radix)->getComments(); $post = current($post); $post = new Comment($this->getContext(), $post); $post->delete(null, true, true); } } else { // if this is not triggered by a thread deletion, update the thread table if ($thread === false && !$this->radix->archive) { $time_last = ' ( COALESCE(GREATEST( time_op, ( SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum = 0 ) ), time_op) )'; $time_bump = ' ( COALESCE(GREATEST( time_op, ( SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum = 0 AND (email <> \'sage\' OR email IS NULL) ) ), time_op) )'; $time_ghost = ' ( SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum <> 0 )'; $time_ghost_bump = ' ( SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum <> 0 AND (email <> \'sage\' OR email IS NULL) )'; // update thread information $this->dc->qb()->update($this->radix->getTable('_threads'))->set('time_last', $time_last)->set('time_bump', $time_bump)->set('time_ghost', $time_ghost)->set('time_ghost_bump', $time_ghost_bump)->set('time_last_modified', ':time')->set('nreplies', 'nreplies - 1')->set('nimages', $this->media === null ? 'nimages' : 'nimages - 1')->where('thread_num = :thread_num')->setParameter(':time', $this->getRadixTime())->setParameter(':thread_num', $this->comment->thread_num)->execute(); } } $this->dc->getConnection()->commit(); // clean up some caches Cache::item('foolslide.model.board.getThreadComments.thread.' . md5(serialize([$this->radix->shortname, $this->comment->thread_num])))->delete(); // clean up the 10 first pages of index and gallery that are cached for ($i = 1; $i <= 10; $i++) { Cache::item('foolslide.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_post.' . $i)->delete(); Cache::item('foolslide.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_thread.' . $i)->delete(); Cache::item('foolslide.model.board.getThreadsComments.query.' . $this->radix->shortname . '.' . $i)->delete(); } } catch (\Doctrine\DBAL\DBALException $e) { $this->logger->error('\\Foolz\\Foolslide\\Model\\CommentInsert: ' . $e->getMessage()); $this->dc->getConnection()->rollBack(); throw new CommentSendingDatabaseException(_i('Something went wrong when deleting the post in the database. Try again.')); } return $this; }
public function submit($data, $media) { // some beginners' validation, while through validation will happen in the Comment model $validator = new Validator(); $validator->add('thread_num', _i('Thread Number'), [new Assert\NotBlank()])->add('name', _i('Name'), [new Assert\Length(['max' => 64])])->add('email', _i('Email'), [new Assert\Length(['max' => 64])])->add('title', _i('Title'), [new Assert\Length(['max' => 64])])->add('delpass', _i('Deletion pass'), [new Assert\Length(['min' => 3, 'max' => 32])]); // no empty posts without images if ($media === null) { $validator->add('comment', _i('Comment'), [new Assert\NotBlank(), new Assert\Length(['min' => 3])]); } // this is for redirecting, not for the database $limit = false; if (isset($data['last_limit'])) { $limit = intval($data['last_limit']); unset($data['last_limit']); } $validator->validate($data); if (!$validator->getViolations()->count()) { try { $data['poster_ip'] = Inet::ptod($this->getRequest()->getClientIp()); $bulk = new CommentBulk(); $bulk->import($data, $this->radix); $comment = new CommentInsert($this->getContext(), $bulk); $comment->insert($media, $data); } catch (\Foolz\Foolslide\Model\CommentSendingRequestCaptchaException $e) { if ($this->getRequest()->isXmlHttpRequest()) { return $this->response->setData(['captcha' => true]); } else { return $this->error(_i('Your message looked like spam. Make sure you have JavaScript enabled to display the reCAPTCHA to submit the comment.')); } } catch (\Foolz\Foolslide\Model\CommentSendingException $e) { if ($this->getRequest()->isXmlHttpRequest()) { return $this->response->setData(['error' => $e->getMessage()]); } else { return $this->error($e->getMessage()); } } } else { if ($this->getRequest()->isXmlHttpRequest()) { return $this->response->setData(['error' => $validator->getViolations()->getText()]); } else { return $this->error($validator->getViolations()->getHtml()); } } if ($this->request->isXmlHttpRequest()) { $latest_doc_id = $this->getPost('latest_doc_id'); if ($latest_doc_id && ctype_digit((string) $latest_doc_id)) { try { $board = Board::forge($this->getContext())->getThread($comment->comment->thread_num)->setRadix($this->radix)->setOptions(['type' => 'from_doc_id', 'latest_doc_id' => $latest_doc_id]); $comments = $board->getComments(); } catch (\Foolz\Foolslide\Model\BoardThreadNotFoundException $e) { return $this->error(_i('Thread not found.')); } catch (\Foolz\Foolslide\Model\BoardException $e) { return $this->error(_i('Unknown error.')); } $comment_obj = new Comment($this->getContext()); $comment_obj->setControllerMethod($limit ? 'last/' . $limit : 'thread'); $media_obj = new Media($this->getContext()); $m = null; foreach ($board->getCommentsUnsorted() as $bulk) { $comment_obj->setBulk($bulk, $this->radix); if ($bulk->media) { $media_obj->setBulk($bulk, $this->radix); $m = $media_obj; } else { $m = null; } if ($this->builder) { $this->param_manager->setParam('controller_method', $limit ? 'last/' . $limit : 'thread'); $partial = $this->builder->createPartial('board_comment', 'board_comment'); $partial->getParamManager()->setParam('p', $comment_obj)->setParam('p_media', $m); $bulk->comment->formatted = $partial->build(); $partial->clearBuilt(); } } $this->response->setData(['success' => _i('Message sent.')] + $comments); } else { if ($this->builder) { $this->param_manager->setParam('controller_method', $limit ? 'last/' . $limit : 'thread'); $partial = $this->builder->createPartial('board_comment', 'board_comment'); $partial->getParamManager()->setParam('p', new Comment($this->getContext(), $comment->bulk))->setParam('p_media', new Media($this->getContext(), $comment->bulk)); $bulk->comment->formatted = $partial->build(); $partial->clearBuilt(); } $this->response->setData(['success' => _i('Message sent.'), 'thread_num' => $comment->comment->thread_num, $comment->comment->thread_num => ['posts' => [$comment->bulk]]]); } } else { $this->builder->createLayout('redirect')->getParamManager()->setParam('url', $this->uri->create([$this->radix->shortname, !$limit ? 'thread' : 'last/' . $limit, $comment->comment->thread_num]) . '#' . $comment->comment->num); $this->builder->getProps()->addTitle(_i('Redirecting')); $this->response->setContent($this->builder->build()); } return $this->response; }