static function check_clon_from_cookies()
{
global $current_user, $globals;
// Check the cookies and store clones
$clones = array_reverse($current_user->GetClones());
// First item is the current login, second is the previous
if (count($clones) > 1 && $clones[0] != $clones[1]) {
// Ignore if last two logins are the same user
$visited = array();
foreach ($clones as $id) {
if ($current_user->user_id != $id && !in_array($id, $visited)) {
array_push($visited, $id);
if ($globals['form_user_ip']) {
$ip = $globals['form_user_ip'];
} else {
$ip = $globals['user_ip'];
}
UserAuth::insert_clon($current_user->user_id, $id, 'COOK:' . $ip);
}
}
}
}
static function save_from_post($link) {
global $db, $current_user, $globals;
require_once(mnminclude.'ban.php');
$error = '';
if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida');
// Check if is a POST of a comment
if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 &&
$link->comments < $globals['max_comments'] &&
intval($_POST['link_id']) == $link->id && $current_user->authenticated &&
intval($_POST['user_id']) == $current_user->user_id &&
intval($_POST['randkey']) > 0
)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment;
$comment->link=$link->id;
$comment->ip = $db->escape($globals['user_ip']);
$comment->randkey=intval($_POST['randkey']);
$comment->author=intval($_POST['user_id']);
$comment->karma=round($current_user->user_karma);
$comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
$comment->parent=intval($_POST['parent_id']);
//get level
$parentComment = new Comment();
$parentComment->id = intval($comment->parent);
$parentComment->read_basic();
if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) {
return _('Chegache ao nivel límite de comentarios aniñados...');
}
$comment->nested_level = $parentComment->nested_level + 1;
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours+1);
if ( $clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
// Check the comment wasn't already stored
$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey"));
if ($already_stored) {
return _('comentario duplicado');
}
if (! $current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) $same_links_count *= 2;
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma/6, 2) * 2.5);
if ($comment_count > $comment_limit || $same_count > 2) {
$reduction = 0;
if ($comment_count > $comment_limit) {
$reduction += ($comment_count-3) * 0.1;
}
if($same_count > 1) {
$reduction += $same_count * 0.25;
}
if ($reduction > 0) {
$user = new User;
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)");
$user->store();
$annotation = new Annotation("karma-$user->id");
$annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n");
$error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces');
}
}
$db->transaction();
$comment->store();
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Comment stored, just redirect to it page
header('Location: '.$link->get_permalink() . '#c-'.$comment->order);
die;
//return $error;
}
static function save_from_post($link, $redirect = true)
{
global $db, $current_user, $globals;
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment();
$comment->link = $link->id;
$comment->ip = $globals['user_ip'];
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours + 1);
if ($clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) {
// Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
if (!$current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) {
$same_links_count *= 2;
}
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5);
$karma_penalty = 0;
if ($comment_count > $comment_limit || $same_count > 2) {
if ($comment_count > $comment_limit) {
$karma_penalty += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$karma_penalty += $same_count * 0.25;
}
}
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$db->transaction();
// Check the comment wasn't already stored
$r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE"));
$already_stored = intval($r);
if ($already_stored) {
$db->rollback();
return _('comentario duplicado');
}
if ($karma_penalty > 0) {
$db->rollback();
$user = new User($current_user->user_id);
$user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios'));
return _('penalización de karma por texto repetido o abuso de enlaces');
}
if (!is_null($r) && $comment->store()) {
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
if ($redirect) {
// Comment stored, just redirect to it page
header('HTTP/1.1 303 Load');
header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order);
die;
} else {
return $comment;
}
}
$db->rollback();
return _('error insertando comentario');
//return $error;
}
