Esempio n. 1
0
 public function __construct(\Foolz\Foolframe\Model\Context $context)
 {
     parent::__construct($context);
     $this->logger = $context->getService('logger');
     $this->preferences = $context->getService('preferences');
     $this->radix_coll = $context->getService('foolfuuka.radix_collection');
     $this->media_factory = $context->getService('foolfuuka.media_factory');
 }
Esempio n. 2
0
 /**
  * @return bool
  */
 public function radix_submit()
 {
     // adapter
     if (!$this->getPost()) {
         return $this->error(_i('You aren\'t sending the required fields for creating a new message.'));
     }
     if (!$this->checkCsrfToken()) {
         return $this->error(_i('The security token wasn\'t found. Try resubmitting.'));
     }
     if ($this->getPost('reply_delete')) {
         foreach ($this->getPost('delete') as $idx => $doc_id) {
             try {
                 $comments = Board::forge($this->getContext())->getPost()->setOptions('doc_id', $doc_id)->setRadix($this->radix)->getComments();
                 $comment = current($comments);
                 $comment = new Comment($this->getContext(), $comment);
                 $comment->delete($this->getPost('delpass'));
             } catch (\Foolz\Foolfuuka\Model\BoardException $e) {
                 return $this->error($e->getMessage(), 404);
             } catch (\Foolz\Foolfuuka\Model\CommentDeleteWrongPassException $e) {
                 return $this->error($e->getMessage(), 404);
             }
         }
         $this->builder->createLayout('redirect')->getParamManager()->setParam('url', $this->uri->create([$this->radix->shortname, 'thread', $comment->comment->thread_num]));
         $this->builder->getProps()->addTitle(_i('Redirecting'));
         return new Response($this->builder->build());
     }
     if ($this->getPost('reply_report')) {
         foreach ($this->getPost('delete') as $idx => $doc_id) {
             try {
                 $this->getContext()->getService('foolfuuka.report_collection')->add($this->radix, $doc_id, $this->getPost('KOMENTO'), Inet::ptod($this->getRequest()->getClientIp()));
             } catch (\Foolz\Foolfuuka\Model\ReportException $e) {
                 return $this->error($e->getMessage(), 404);
             }
         }
         $this->builder->createLayout('redirect')->getParamManager()->setParam('url', $this->uri->create($this->radix->shortname . '/thread/' . $this->getPost('parent')));
         $this->builder->getProps()->addTitle(_i('Redirecting'));
         return new Response($this->builder->build());
     }
     // Determine if the invalid post fields are populated by bots.
     if (isset($post['name']) && mb_strlen($post['name'], 'utf-8') > 0) {
         return $this->error();
     }
     if (isset($post['reply']) && mb_strlen($post['reply'], 'utf-8') > 0) {
         return $this->error();
     }
     if (isset($post['email']) && mb_strlen($post['email'], 'utf-8') > 0) {
         return $this->error();
     }
     $data = [];
     $post = $this->getPost();
     if (isset($post['parent'])) {
         $data['thread_num'] = $post['parent'];
     }
     if (isset($post['NAMAE'])) {
         $data['name'] = $post['NAMAE'];
         $this->response->headers->setCookie(new Cookie($this->getContext(), 'reply_name', $data['name'], 60 * 60 * 24 * 30));
     }
     if (isset($post['MERU'])) {
         $data['email'] = $post['MERU'];
         $this->response->headers->setCookie(new Cookie($this->getContext(), 'reply_email', $data['email'], 60 * 60 * 24 * 30));
     }
     if (isset($post['subject'])) {
         $data['title'] = $post['subject'];
     }
     if (isset($post['KOMENTO'])) {
         $data['comment'] = $post['KOMENTO'];
     }
     if (isset($post['delpass'])) {
         // get the password needed for the reply field if it's not set yet
         if (!$post['delpass'] || strlen($post['delpass']) < 3) {
             $post['delpass'] = Util::randomString(7);
         }
         $data['delpass'] = $post['delpass'];
     }
     if (isset($post['reply_spoiler'])) {
         $data['spoiler'] = true;
     }
     if (isset($post['reply_postas'])) {
         $data['capcode'] = $post['reply_postas'];
     }
     if (isset($post['recaptcha_challenge_field']) && isset($post['recaptcha_response_field'])) {
         $data['recaptcha_challenge'] = $post['recaptcha_challenge_field'];
         $data['recaptcha_response'] = $post['recaptcha_response_field'];
     }
     $media = null;
     if ($this->getRequest()->files->count()) {
         try {
             $media = $this->media_factory->forgeFromUpload($this->getRequest(), $this->radix);
             $media->spoiler = isset($data['spoiler']) && $data['spoiler'];
         } catch (\Foolz\Foolfuuka\Model\MediaUploadNoFileException $e) {
             $media = null;
         } catch (\Foolz\Foolfuuka\Model\MediaUploadException $e) {
             return $this->error($e->getMessage());
         }
     }
     return $this->submit($data, $media);
 }
Esempio n. 3
0
 /**
  * Delete the post and eventually the entire thread if it's OP
  * Also deletes the images when it's the only post with that image
  *
  * @param null $password
  * @param bool $force
  * @param bool $thread
  * @throws CommentSendingDatabaseException
  * @throws CommentDeleteWrongPassException
  * @return array|bool
  */
 protected function p_delete($password = null, $force = false, $thread = false)
 {
     if (!$this->getAuth()->hasAccess('comment.passwordless_deletion') && $force !== true) {
         if (!password_verify($password, $this->comment->getDelpass())) {
             throw new CommentDeleteWrongPassException(_i('You did not provide the correct deletion password.'));
         }
     }
     try {
         $this->dc->getConnection()->beginTransaction();
         // check that the post isn't already in deleted
         $has_deleted = $this->dc->qb()->select('COUNT(*) as found')->from($this->radix->getTable('_deleted'), 'd')->where('doc_id = :doc_id')->setParameter(':doc_id', $this->comment->doc_id)->execute()->fetch();
         if (!$has_deleted['found']) {
             // throw into _deleted table
             $this->dc->getConnection()->executeUpdate('INSERT INTO ' . $this->radix->getTable('_deleted') . ' ' . $this->dc->qb()->select('*')->from($this->radix->getTable(), 't')->where('doc_id = ' . $this->dc->getConnection()->quote($this->comment->doc_id))->getSQL());
         }
         // delete post
         $this->dc->qb()->delete($this->radix->getTable())->where('doc_id = :doc_id')->setParameter(':doc_id', $this->comment->doc_id)->execute();
         // purge reports
         $this->dc->qb()->delete($this->dc->p('reports'))->where('board_id = :board_id')->andWhere('doc_id = :doc_id')->setParameter(':board_id', $this->radix->id)->setParameter(':doc_id', $this->comment->doc_id)->execute();
         // clear cache
         $this->radix_coll->clearCache();
         // remove image file
         if (isset($this->media)) {
             $media_sql = $this->dc->qb()->select('COUNT(*)')->from($this->radix->getTable(), 't')->where('media_id = :media_id')->setParameter(':media_id', $this->media->media_id)->getSQL();
             $this->dc->qb()->update($this->radix->getTable('_images'))->set('total', '(' . $media_sql . ')')->where('media_id = :media_id')->setParameter(':media_id', $this->media->media_id)->execute();
             $has_image = $this->dc->qb()->select('total')->from($this->radix->getTable('_images'), 'ti')->where('media_id = :media_id')->setParameter(':media_id', $this->media->media_id)->execute()->fetch();
             if (!$has_image || !$has_image['total']) {
                 $media = new Media($this->getContext(), $this->bulk);
                 $media->delete();
             }
         }
         // if this is OP, delete replies too
         if ($this->comment->op) {
             // delete thread data
             $this->dc->qb()->delete($this->radix->getTable('_threads'))->where('thread_num = :thread_num')->setParameter(':thread_num', $this->comment->thread_num)->execute();
             // process each comment
             $comments = $this->dc->qb()->select('doc_id')->from($this->radix->getTable(), 'b')->where('thread_num = :thread_num')->setParameter(':thread_num', $this->comment->thread_num)->execute()->fetchAll();
             foreach ($comments as $comment) {
                 $post = Board::forge($this->getContext())->getPost()->setOptions('doc_id', $comment['doc_id'])->setRadix($this->radix)->getComments();
                 $post = current($post);
                 $post = new Comment($this->getContext(), $post);
                 $post->delete(null, true, true);
             }
         } else {
             // if this is not triggered by a thread deletion, update the thread table
             if ($thread === false && !$this->radix->archive) {
                 $time_last = '
                 (
                     COALESCE(GREATEST(
                         time_op,
                         (
                             SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr
                             WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum = 0
                         )
                     ), time_op)
                 )';
                 $time_bump = '
                 (
                     COALESCE(GREATEST(
                         time_op,
                         (
                             SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr
                             WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum = 0
                                 AND (email <> \'sage\' OR email IS NULL)
                         )
                     ), time_op)
                 )';
                 $time_ghost = '
                 (
                     SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr
                     WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum <> 0
                 )';
                 $time_ghost_bump = '
                 (
                     SELECT MAX(timestamp) FROM ' . $this->radix->getTable() . ' xr
                     WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . ' AND subnum <> 0
                         AND (email <> \'sage\' OR email IS NULL)
                 )';
                 // update thread information
                 $this->dc->qb()->update($this->radix->getTable('_threads'))->set('time_last', $time_last)->set('time_bump', $time_bump)->set('time_ghost', $time_ghost)->set('time_ghost_bump', $time_ghost_bump)->set('time_last_modified', ':time')->set('nreplies', 'nreplies - 1')->set('nimages', $this->media === null ? 'nimages' : 'nimages - 1')->where('thread_num = :thread_num')->setParameter(':time', $this->getRadixTime())->setParameter(':thread_num', $this->comment->thread_num)->execute();
             }
         }
         $this->dc->getConnection()->commit();
         $this->clearCache();
         if ($thread === false) {
             $this->audit->log(Audit::AUDIT_DEL_POST, ['radix' => $this->radix->id, 'doc_id' => $this->comment->doc_id, 'thread_num' => $this->comment->thread_num, 'num' => $this->comment->num, 'subnum' => $this->comment->subnum]);
         }
     } catch (\Doctrine\DBAL\DBALException $e) {
         $this->logger->error('\\Foolz\\FoolFuuka\\Model\\CommentInsert: ' . $e->getMessage());
         $this->dc->getConnection()->rollBack();
         throw new CommentSendingDatabaseException(_i('Something went wrong when deleting the post in the database. Try again.'));
     }
     return $this;
 }
Esempio n. 4
0
 /**
  * Send the comment and attached media to database
  *
  * @param Media $media
  * @param array $data extra data
  * @throws CommentSendingDatabaseException
  * @throws CommentSendingBannedException
  * @throws CommentSendingThreadWithoutMediaException
  * @throws CommentSendingSpamException
  * @throws CommentSendingImageInGhostException
  * @throws CommentSendingNoDelPassException
  * @throws CommentSendingThreadClosedException
  * @throws CommentSendingRequestCaptchaException
  * @throws CommentSendingTimeLimitException
  * @throws CommentSendingException
  * @throws CommentSendingTooManyCharactersException
  * @throws \RuntimeException
  * @throws CommentSendingDisplaysEmptyException
  * @throws CommentSendingTooManyLinesException
  * @throws CommentSendingSameCommentException
  * @throws CommentSendingWrongCaptchaException
  * @throws CommentSendingUnallowedCapcodeException
  * @return array error key with explanation to show to user, or success and post row
  */
 public function p_insert(Media $media = null, $data = [])
 {
     if (isset($data['recaptcha_challenge'])) {
         $this->recaptcha_challenge = $data['recaptcha_challenge'];
         $this->recaptcha_response = $data['recaptcha_response'];
     }
     $this->ghost = false;
     $this->ghost_exist = false;
     $this->allow_media = true;
     // some users don't need to be limited, in here go all the ban and posting limitators
     if (!$this->getAuth()->hasAccess('comment.limitless_comment')) {
         // check if the user is banned
         if ($ban = $this->ban_factory->isBanned($this->comment->poster_ip, $this->radix)) {
             if ($ban->board_id == 0) {
                 $banned_string = _i('It looks like you were banned on all boards.');
             } else {
                 $banned_string = _i('It looks like you were banned on /' . $this->radix->shortname . '/.');
             }
             if ($ban->length) {
                 $banned_string .= ' ' . _i('This ban will last until:') . ' ' . date(DATE_COOKIE, $ban->start + $ban->length) . '.';
             } else {
                 $banned_string .= ' ' . _i('This ban will last forever.');
             }
             if ($ban->reason) {
                 $banned_string .= ' ' . _i('The reason for this ban is:') . ' «' . $ban->reason . '».';
             }
             if ($ban->appeal_status == Ban::APPEAL_NONE) {
                 $banned_string .= ' ' . _i('If you\'d like to appeal to your ban, go to the %s page.', '<a href="' . $this->uri->create($this->radix->shortname . '/appeal') . '">' . _i('Appeal') . '</a>');
             } elseif ($ban->appeal_status == Ban::APPEAL_PENDING) {
                 $banned_string .= ' ' . _i('Your appeal is pending.');
             }
             throw new CommentSendingBannedException($banned_string);
         }
     }
     // check if it's a thread and its status
     if ($this->comment->thread_num > 0) {
         try {
             $thread = Board::forge($this->getContext())->getThread($this->comment->thread_num)->setRadix($this->radix);
             $status = $thread->getThreadStatus();
         } catch (BoardException $e) {
             throw new CommentSendingException($e->getMessage());
         }
         if ($status['closed']) {
             throw new CommentSendingThreadClosedException(_i('The thread is closed.'));
         }
         $this->ghost = $status['dead'];
         $this->ghost_exist = $status['ghost_exist'];
         $this->allow_media = !$status['disable_image_upload'];
     }
     foreach (['name', 'email', 'title', 'comment', 'capcode'] as $key) {
         $this->comment->{$key} = trim((string) $this->comment->{$key});
     }
     $this->comment->setDelpass(trim((string) $this->comment->getDelPass()));
     // some users don't need to be limited, in here go all the ban and posting limitators
     if (!$this->getAuth()->hasAccess('comment.limitless_comment')) {
         if ($this->comment->thread_num < 1) {
             // one can create a new thread only once every 5 minutes
             $check_op = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('r.poster_ip = :poster_ip')->andWhere('r.timestamp > :timestamp')->andWhere('r.op = :op')->setParameters([':poster_ip' => $this->comment->poster_ip, ':timestamp' => time() - $this->radix->getValue('cooldown_new_thread'), ':op' => true])->setMaxResults(1)->execute()->fetch();
             if ($check_op) {
                 throw new CommentSendingTimeLimitException(_i('You must wait up to %d minutes to make another new thread.', ceil($this->radix->getValue('cooldown_new_thread') / 60)));
             }
         }
         // check the latest posts by the user to see if he's posting the same message or if he's posting too fast
         $check = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('poster_ip = :poster_ip')->orderBy('timestamp', 'DESC')->setMaxResults(1)->setParameter(':poster_ip', $this->comment->poster_ip)->execute()->fetch();
         if ($check) {
             if ($this->comment->comment !== null && $check['comment'] === $this->comment->comment) {
                 throw new CommentSendingSameCommentException(_i('You\'re sending the same comment as the last time'));
             }
             $check_time = $this->getRadixTime();
             if ($check_time - $check['timestamp'] < $this->radix->getValue('cooldown_new_comment') && $check_time - $check['timestamp'] > 0) {
                 throw new CommentSendingTimeLimitException(_i('You must wait up to %d seconds to post again.', $this->radix->getValue('cooldown_new_comment')));
             }
         }
         // we want to know if the comment will display empty, and in case we won't let it pass
         $comment_parsed = $this->processComment();
         if ($this->comment->comment !== '' && $comment_parsed === '') {
             throw new CommentSendingDisplaysEmptyException(_i('This comment would display empty.'));
         }
         // clean up to reset eventual auto-built entries
         $this->comment->clean();
         if ($this->recaptcha_challenge && $this->recaptcha_response && $this->preferences->get('foolframe.auth.recaptcha_public', false)) {
             $recaptcha = ReCaptcha::create($this->preferences->get('foolframe.auth.recaptcha_public'), $this->preferences->get('foolframe.auth.recaptcha_private'));
             $recaptcha_result = $recaptcha->checkAnswer(Inet::dtop($this->comment->poster_ip), $this->recaptcha_challenge, $this->recaptcha_response);
             if (!$recaptcha_result->isValid()) {
                 throw new CommentSendingWrongCaptchaException(_i('Incorrect CAPTCHA solution.'));
             }
         } elseif ($this->preferences->get('foolframe.auth.recaptcha_public')) {
             // if there wasn't a recaptcha input, let's go with heavier checks
             if (substr_count($this->comment->comment, 'http') >= $this->radix->getValue('captcha_comment_link_limit')) {
                 throw new CommentSendingRequestCaptchaException();
             }
             // bots usually fill all the fields
             if ($this->comment->comment && $this->comment->title && $this->comment->email) {
                 throw new CommentSendingRequestCaptchaException();
             }
             // bots usually try various BBC, this checks if there's unparsed BBC after parsing it
             if ($comment_parsed !== '' && substr_count($comment_parsed, '[') + substr_count($comment_parsed, ']') > 4) {
                 throw new CommentSendingRequestCaptchaException();
             }
         }
         // load the spam list and check comment, name, title and email
         $spam = array_filter(preg_split('/\\r\\n|\\r|\\n/', file_get_contents(VENDPATH . '/foolz/foolfuuka/packages/anti-spam/databases/urls.dat')));
         foreach ($spam as $s) {
             if (strpos($this->comment->comment, $s) !== false || strpos($this->comment->name, $s) !== false || strpos($this->comment->title, $s) !== false || strpos($this->comment->email, $s) !== false) {
                 throw new CommentSendingSpamException(_i('Your post has undesidered content.'));
             }
         }
         // check entire length of comment
         if (mb_strlen($this->comment->comment, 'utf-8') > $this->radix->getValue('max_comment_characters_allowed')) {
             throw new CommentSendingTooManyCharactersException(_i('Your comment has too many characters'));
         }
         // check total numbers of lines in comment
         if (count(explode("\n", $this->comment->comment)) > $this->radix->getValue('max_comment_lines_allowed')) {
             throw new CommentSendingTooManyLinesException(_i('Your comment has too many lines.'));
         }
     }
     \Foolz\Plugin\Hook::forge('Foolz\\Foolfuuka\\Model\\CommentInsert::insert.call.after.input_checks')->setObject($this)->execute();
     // process comment name+trip
     if ($this->comment->name === '') {
         $this->comment->name = $this->radix->getValue('anonymous_default_name');
         $this->comment->trip = null;
     } else {
         $this->processName();
         if ($this->comment->trip === '') {
             $this->comment->trip = null;
         }
     }
     foreach (['email', 'title', 'comment'] as $key) {
         if ($this->comment->{$key} === '') {
             $this->comment->{$key} = null;
         }
     }
     // process comment password
     if ($this->comment->getDelpass() === '') {
         throw new CommentSendingNoDelPassException(_i('You must submit a deletion password.'));
     }
     $pass = password_hash($this->comment->getDelpass(), PASSWORD_BCRYPT, ['cost' => 10]);
     if ($this->comment->getDelpass() === false) {
         throw new \RuntimeException('Password hashing failed');
     }
     $this->comment->setDelpass($pass);
     if ($this->comment->capcode != '') {
         $allowed_capcodes = ['N'];
         if ($this->getAuth()->hasAccess('comment.mod_capcode')) {
             $allowed_capcodes[] = 'M';
         }
         if ($this->getAuth()->hasAccess('comment.admin_capcode')) {
             $allowed_capcodes[] = 'A';
         }
         if ($this->getAuth()->hasAccess('comment.dev_capcode')) {
             $allowed_capcodes[] = 'D';
         }
         if (!in_array($this->comment->capcode, $allowed_capcodes)) {
             throw new CommentSendingUnallowedCapcodeException(_i('You\'re not allowed to use this capcode.'));
         }
     } else {
         $this->comment->capcode = 'N';
     }
     $microtime = str_replace('.', '', (string) microtime(true));
     $this->comment->timestamp = substr($microtime, 0, 10);
     $this->comment->op = (bool) (!$this->comment->thread_num);
     if ($this->radix->getValue('enable_flags')) {
         $reader = new Reader($this->preferences->get('foolframe.maxmind.geoip2_db_path'));
         try {
             $record = $reader->country(Inet::dtop($this->comment->poster_ip));
             $this->comment->poster_country = strtolower($record->country->isoCode);
         } catch (AddressNotFoundException $e) {
             $this->comment->poster_country = 'xx';
         }
     }
     // process comment media
     if ($media !== null) {
         // if uploading an image with OP is prohibited
         if (!$this->comment->thread_num && $this->radix->getValue('op_image_upload_necessity') === 'never') {
             throw new CommentSendingException(_i('You can\'t start a new thread with an image.'));
         }
         if (!$this->allow_media) {
             if ($this->ghost) {
                 throw new CommentSendingImageInGhostException(_i('You can\'t post images when the thread is in ghost mode.'));
             } else {
                 throw new CommentSendingException(_i('This thread has reached its image limit.'));
             }
         }
         try {
             $media->insert($microtime, $this->comment->op);
             $this->media = $media->media;
         } catch (MediaInsertException $e) {
             throw new CommentSendingException($e->getMessage());
         }
     } else {
         // if the user is forced to upload an image when making a new thread
         if (!$this->comment->thread_num && $this->radix->getValue('op_image_upload_necessity') === 'always') {
             throw new CommentSendingThreadWithoutMediaException(_i('You can\'t start a new thread without an image.'));
         }
         // in case of no media, check comment field again for null
         if ($this->comment->comment === null) {
             throw new CommentSendingDisplaysEmptyException(_i('This comment would display empty.'));
         }
         $this->media = $this->bulk->media = new MediaData();
     }
     // 2ch-style codes, only if enabled
     if ($this->comment->thread_num && $this->radix->getValue('enable_poster_hash')) {
         $this->comment->poster_hash = substr(substr(crypt(md5($this->comment->poster_ip . 'id' . $this->comment->thread_num), 'id'), +3), 0, 8);
     }
     $this->comment->timestamp = $this->getRadixTime($this->comment->timestamp);
     \Foolz\Plugin\Hook::forge('Foolz\\Foolfuuka\\Model\\CommentInsert::insert.call.before.sql')->setObject($this)->execute();
     // being processing insert...
     if ($this->ghost) {
         $num = '
         (
             SELECT MAX(num) AS num
             FROM (
                 (
                     SELECT num
                     FROM ' . $this->radix->getTable() . ' xr
                     WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
                 )
                 UNION
                 (
                     SELECT num
                     FROM ' . $this->radix->getTable('_deleted') . ' xrd
                     WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
                 )
             ) x
         )';
         $subnum = '
         (
             SELECT MAX(subnum) + 1 AS subnum
             FROM (
                 (
                     SELECT subnum
                     FROM ' . $this->radix->getTable() . ' xxr
                     WHERE num = (
                         SELECT MAX(num)
                         FROM (
                             (
                                 SELECT num
                                 FROM ' . $this->radix->getTable() . ' xxxr
                                 WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
                             )
                             UNION
                             (
                                 SELECT num
                                 FROM ' . $this->radix->getTable('_deleted') . ' xxxrd
                                 WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
                             )
                         ) xxx
                     )
                 )
                 UNION
                 (
                     SELECT subnum
                     FROM ' . $this->radix->getTable('_deleted') . ' xxdr
                     WHERE num = (
                         SELECT MAX(num)
                         FROM (
                             (
                                 SELECT num
                                 FROM ' . $this->radix->getTable() . ' xxxr
                                 WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
                             )
                             UNION
                             (
                                 SELECT num
                                 FROM ' . $this->radix->getTable('_deleted') . ' xxxdrd
                                 WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
                             )
                         ) xxxd
                     )
                 )
             ) xx
         )';
         $thread_num = $this->comment->thread_num;
     } else {
         $num = '
         (
             SELECT MAX(num) + 1 AS num
             FROM (
                 (
                     SELECT COALESCE(MAX(num), 0) AS num
                     FROM ' . $this->radix->getTable() . ' xr
                 )
                 UNION
                 (
                     SELECT COALESCE(MAX(num), 0) AS num
                     FROM ' . $this->radix->getTable('_deleted') . ' xdr
                 )
             ) x
         )';
         $subnum = 0;
         if ($this->comment->thread_num > 0) {
             $thread_num = $this->dc->getConnection()->quote($this->comment->thread_num);
         } else {
             $thread_num = '
             (
                 SELECT MAX(thread_num) + 1 AS thread_num
                 FROM (
                     (
                         SELECT COALESCE(MAX(num), 0) as thread_num
                         FROM ' . $this->radix->getTable() . ' xxr
                     )
                     UNION
                     (
                         SELECT COALESCE(MAX(num), 0) as thread_num
                         FROM ' . $this->radix->getTable('_deleted') . ' xxdr
                     )
                 ) xx
             )';
         }
     }
     try {
         $query_fields = ['num' => $num, 'subnum' => $subnum, 'thread_num' => $thread_num];
         $fields = ['media_id' => $this->media->media_id ? $this->media->media_id : 0, 'op' => (int) $this->op, 'timestamp' => $this->comment->timestamp, 'capcode' => $this->comment->capcode, 'email' => $this->comment->email, 'name' => $this->comment->name, 'trip' => $this->comment->trip, 'title' => $this->comment->title, 'comment' => $this->comment->comment, 'delpass' => $this->comment->getDelpass(), 'spoiler' => (int) $this->media->spoiler, 'poster_ip' => $this->comment->poster_ip, 'poster_hash' => $this->comment->poster_hash, 'poster_country' => $this->comment->poster_country, 'preview_orig' => $this->media->preview_orig, 'preview_w' => $this->media->preview_w, 'preview_h' => $this->media->preview_h, 'media_filename' => $this->media->media_filename, 'media_w' => $this->media->media_w, 'media_h' => $this->media->media_h, 'media_size' => $this->media->media_size, 'media_hash' => $this->media->media_hash, 'media_orig' => $this->media->media_orig, 'exif' => $this->media->exif !== null ? @json_encode($this->media->exif) : null, 'timestamp_expired' => 0];
         foreach ($fields as $key => $item) {
             if ($item === null) {
                 $fields[$key] = 'null';
             } else {
                 $fields[$key] = $this->dc->getConnection()->quote($item);
             }
         }
         $fields = $query_fields + $fields;
         $this->dc->getConnection()->beginTransaction();
         $this->dc->getConnection()->executeUpdate('INSERT INTO ' . $this->radix->getTable() . ' (' . implode(', ', array_keys($fields)) . ') VALUES (' . implode(', ', array_values($fields)) . ')');
         $last_id = $this->dc->getConnection()->lastInsertId($this->radix->getTable('_doc_id_seq'));
         $comment = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('doc_id = :doc_id')->setParameter(':doc_id', $last_id)->execute()->fetchAll();
         $this->bulk->import($comment[0], $this->radix);
         if (!$this->radix->archive) {
             $this->insertTriggerThreads();
             $this->insertTriggerDaily();
             $this->insertTriggerUsers();
         }
         // update poster_hash for op posts
         if ($this->comment->op && $this->radix->getValue('enable_poster_hash')) {
             $this->comment->poster_hash = substr(substr(crypt(md5($this->comment->poster_ip . 'id' . $this->comment->thread_num), 'id'), 3), 0, 8);
             $this->dc->qb()->update($this->radix->getTable(), 'ph')->set('poster_hash', $this->dc->getConnection()->quote($this->comment->poster_hash))->where('doc_id = :doc_id')->setParameter(':doc_id', $this->comment->doc_id)->execute();
         }
         $this->dc->getConnection()->commit();
         // clean up some caches
         Cache::item('foolfuuka.model.board.getThreadComments.thread.' . md5(serialize([$this->radix->shortname, $this->comment->thread_num])))->delete();
         // clean up the 10 first pages of index and gallery that are cached
         for ($i = 1; $i <= 10; $i++) {
             Cache::item('foolfuuka.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_post.' . $i)->delete();
             Cache::item('foolfuuka.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_thread.' . $i)->delete();
             Cache::item('foolfuuka.model.board.getThreadsComments.query.' . $this->radix->shortname . '.' . $i)->delete();
         }
     } catch (\Doctrine\DBAL\DBALException $e) {
         $this->logger->error('\\Foolz\\Foolfuuka\\Model\\CommentInsert: ' . $e->getMessage());
         $this->dc->getConnection()->rollBack();
         throw new CommentSendingDatabaseException(_i('Something went wrong when inserting the post in the database. Try again.'));
     }
     return $this;
 }
Esempio n. 5
0
 public function submit($data, $media)
 {
     // some beginners' validation, while through validation will happen in the Comment model
     $validator = new Validator();
     $validator->add('thread_num', _i('Thread Number'), [new Assert\NotBlank()])->add('name', _i('Name'), [new Assert\Length(['max' => 64])])->add('email', _i('Email'), [new Assert\Length(['max' => 64])])->add('title', _i('Title'), [new Assert\Length(['max' => 64])])->add('delpass', _i('Deletion pass'), [new Assert\Length(['min' => 3, 'max' => 32])]);
     // no empty posts without images
     if ($media === null) {
         $validator->add('comment', _i('Comment'), [new Assert\NotBlank(), new Assert\Length(['min' => 3])]);
     }
     // this is for redirecting, not for the database
     $limit = false;
     if (isset($data['last_limit'])) {
         $limit = intval($data['last_limit']);
         unset($data['last_limit']);
     }
     $validator->validate($data);
     if (!$validator->getViolations()->count()) {
         try {
             $data['poster_ip'] = Inet::ptod($this->getRequest()->getClientIp());
             $bulk = new CommentBulk();
             $bulk->import($data, $this->radix);
             $comment = new CommentInsert($this->getContext(), $bulk);
             $comment->insert($media, $data);
         } catch (\Foolz\Foolfuuka\Model\CommentSendingRequestCaptchaException $e) {
             if ($this->getRequest()->isXmlHttpRequest()) {
                 return $this->response->setData(['captcha' => true]);
             } else {
                 return $this->error(_i('Your message looked like spam. Make sure you have JavaScript enabled to display the reCAPTCHA to submit the comment.'));
             }
         } catch (\Foolz\Foolfuuka\Model\CommentSendingException $e) {
             if ($this->getRequest()->isXmlHttpRequest()) {
                 return $this->response->setData(['error' => $e->getMessage()]);
             } else {
                 return $this->error($e->getMessage());
             }
         }
     } else {
         if ($this->getRequest()->isXmlHttpRequest()) {
             return $this->response->setData(['error' => $validator->getViolations()->getText()]);
         } else {
             return $this->error($validator->getViolations()->getHtml());
         }
     }
     if ($this->request->isXmlHttpRequest()) {
         $latest_doc_id = $this->getPost('latest_doc_id');
         if ($latest_doc_id && ctype_digit((string) $latest_doc_id)) {
             try {
                 $board = Board::forge($this->getContext())->getThread($comment->comment->thread_num)->setRadix($this->radix)->setOptions(['type' => 'from_doc_id', 'latest_doc_id' => $latest_doc_id]);
                 $comments = $board->getComments();
             } catch (\Foolz\Foolfuuka\Model\BoardThreadNotFoundException $e) {
                 return $this->error(_i('Thread not found.'));
             } catch (\Foolz\Foolfuuka\Model\BoardException $e) {
                 return $this->error(_i('Unknown error.'));
             }
             $comment_obj = new Comment($this->getContext());
             $comment_obj->setControllerMethod($limit ? 'last/' . $limit : 'thread');
             $media_obj = new Media($this->getContext());
             $m = null;
             foreach ($board->getCommentsUnsorted() as $bulk) {
                 $comment_obj->setBulk($bulk, $this->radix);
                 if ($bulk->media) {
                     $media_obj->setBulk($bulk, $this->radix);
                     $m = $media_obj;
                 } else {
                     $m = null;
                 }
                 if ($this->builder) {
                     $this->param_manager->setParam('controller_method', $limit ? 'last/' . $limit : 'thread');
                     $partial = $this->builder->createPartial('board_comment', 'board_comment');
                     $partial->getParamManager()->setParam('p', $comment_obj)->setParam('p_media', $m);
                     $bulk->comment->formatted = $partial->build();
                     $partial->clearBuilt();
                 }
             }
             $this->response->setData(['success' => _i('Message sent.')] + $comments);
         } else {
             if ($this->builder) {
                 $this->param_manager->setParam('controller_method', $limit ? 'last/' . $limit : 'thread');
                 $partial = $this->builder->createPartial('board_comment', 'board_comment');
                 $partial->getParamManager()->setParam('p', new Comment($this->getContext(), $comment->bulk))->setParam('p_media', new Media($this->getContext(), $comment->bulk));
                 $bulk->comment->formatted = $partial->build();
                 $partial->clearBuilt();
             }
             $this->response->setData(['success' => _i('Message sent.'), 'thread_num' => $comment->comment->thread_num, $comment->comment->thread_num => ['posts' => [$comment->bulk]]]);
         }
     } else {
         $this->builder->createLayout('redirect')->getParamManager()->setParam('url', $this->uri->create([$this->radix->shortname, !$limit ? 'thread' : 'last/' . $limit, $comment->comment->thread_num]) . '#' . $comment->comment->num);
         $this->builder->getProps()->addTitle(_i('Redirecting'));
         $this->response->setContent($this->builder->build());
     }
     return $this->response;
 }
Esempio n. 6
0
 /**
  * Returns the Comment by doc_id or the first Comment found with a matching media_id
  *
  * @return  null|\Foolz\FoolFuuka\Model\CommentBulk
  * @throws  \Foolz\FoolFuuka\Model\ReportMediaNotFoundException
  * @throws  \Foolz\FoolFuuka\Model\ReportCommentNotFoundException
  */
 public function p_getComment()
 {
     if ($this->media_id !== null) {
         // custom "get the first doc_id with the media"
         $doc_id_res = $this->dc->qb()->select('doc_id')->from($this->radix_coll->getById($this->board_id)->getTable(), 'a')->where('media_id = :media_id')->orderBy('timestamp', 'desc')->setParameter('media_id', $this->media_id)->execute()->fetch();
         if ($doc_id_res !== null) {
             $this->doc_id = $doc_id_res->doc_id;
         } else {
             $this->report_coll->delete($this->id);
             return null;
         }
     }
     try {
         $comments = Board::forge($this->getContext())->getPost()->setRadix($this->radix)->setOptions('doc_id', $this->doc_id)->getComments();
         $this->comment = current($comments);
     } catch (BoardException $e) {
         $this->report_coll->delete($this->id);
         return null;
     }
     return $this->comment;
 }
Esempio n. 7
0
 /**
  * Adds a new report to the database
  *
  * @param   \Foolz\FoolFuuka\Model\Radix  $radix  The Radix to which the Report is referred to
  * @param   int     $id           The ID of the object being reported (doc_id or media_id)
  * @param   string  $reason       The reason for the report
  * @param   string  $ip_reporter  The IP in decimal format
  * @param   string  $mode         The type of column (doc_id or media_id)
  *
  * @return  \Foolz\FoolFuuka\Model\Report   The created report
  * @throws  ReportMediaNotFoundException    If the reported media_id doesn't exist
  * @throws  ReportCommentNotFoundException  If the reported doc_id doesn't exist
  * @throws  ReportReasonTooLongException    If the reason inserted was too long
  * @throws  ReportSentTooManyException      If the user sent too many moderation in a timeframe
  * @throws  ReportReasonNullException       If the report reason is null
  * @throws  ReportAlreadySubmittedException If the reporter’s IP has already submitted a report for the post.
  * @throws  ReportSubmitterBannedException  If the reporter’s IP has been banned.
  */
 public function p_add($radix, $id, $reason, $ip_reporter, $mode = 'doc_id')
 {
     if (trim($reason) === '') {
         throw new ReportReasonNullException(_i('A reason must be included with your report.'));
     }
     if (mb_strlen($reason, 'utf-8') > 2048) {
         throw new ReportReasonTooLongException(_i('The reason for you report was too long.'));
     }
     $report = new Report($this->getContext());
     $report->radix = $radix;
     $report->board_id = $radix->id;
     $report->reason = $reason;
     $report->ip_reporter = $ip_reporter;
     switch ($mode) {
         case 'media_id':
             try {
                 $this->media_factory->getByMediaId($report->radix, $id);
                 $report->media_id = (int) $id;
             } catch (MediaNotFoundException $e) {
                 throw new ReportMediaNotFoundException(_i('The media file you are reporting could not be found.'));
             }
             break;
         default:
             try {
                 Board::forge($this->getContext())->getPost()->setRadix($report->radix)->setOptions('doc_id', $id)->getComments();
                 $report->doc_id = (int) $id;
             } catch (BoardException $e) {
                 throw new ReportCommentNotFoundException(_i('The post you are reporting could not be found.'));
             }
     }
     $report = $this->validateUserReport($report);
     $report->created = time();
     $this->dc->getConnection()->insert($this->dc->p('reports'), ['board_id' => $report->board_id, 'doc_id' => $report->doc_id, 'media_id' => $report->media_id, 'reason' => $report->reason, 'ip_reporter' => $report->ip_reporter, 'created' => $report->created]);
     $this->clearCache();
     return $report;
 }
Esempio n. 8
0
 public function post_mod_actions()
 {
     if (!$this->checkCsrfToken()) {
         return $this->response->setData(['error' => _i('The security token was not found. Please try again.')]);
     }
     if (!$this->getAuth()->hasAccess('comment.mod_capcode')) {
         return $this->response->setData(['error' => _i('Access Denied.')])->setStatusCode(403);
     }
     if (!$this->check_board()) {
         return $this->response->setData(['error' => _i('No board was selected.')])->setStatusCode(422);
     }
     if ($this->getPost('action') === 'delete_report') {
         try {
             $this->report_coll->delete($this->getPost('id'));
         } catch (\Foolz\Foolfuuka\Model\ReportException $e) {
             return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404);
         }
         return $this->response->setData(['success' => _i('The report was deleted.')]);
     }
     if ($this->getPost('action') === 'delete_post') {
         try {
             $comments = Board::forge($this->getContext())->getPost()->setOptions('doc_id', $this->getPost('id'))->setRadix($this->radix)->getComments();
             $comment = current($comments);
             $comment = new Comment($this->getContext(), $comment);
             $comment->delete();
         } catch (\Foolz\Foolfuuka\Model\BoardException $e) {
             return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404);
         }
         return $this->response->setData(['success' => _i('This post was deleted.')]);
     }
     if ($this->getPost('action') === 'delete_image') {
         try {
             $media = $this->media_factory->getByMediaId($this->radix, $this->getPost('id'));
             $media = new Media($this->getContext(), CommentBulk::forge($this->radix, null, $media));
             $media->delete(true, true, true);
         } catch (\Foolz\Foolfuuka\Model\MediaNotFoundException $e) {
             return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404);
         }
         return $this->response->setData(['success' => _i('This image was deleted.')]);
     }
     if ($this->getPost('action') === 'ban_image_local' || $this->getPost('action') === 'ban_image_global') {
         $global = false;
         if ($this->getPost('action') === 'ban_image_global') {
             $global = true;
         }
         try {
             $media = $this->media_factory->getByMediaId($this->radix, $this->getPost('id'));
             $media = new Media($this->getContext(), CommentBulk::forge($this->radix, null, $media));
             $media->ban($global);
         } catch (\Foolz\Foolfuuka\Model\MediaNotFoundException $e) {
             return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404);
         }
         return $this->response->setData(['success' => _i('This image was banned.')]);
     }
     if ($this->getPost('action') === 'ban_user') {
         try {
             $this->ban_factory->add(Inet::ptod($this->getPost('ip')), $this->getPost('reason'), $this->getPost('length'), $this->getPost('board_ban') === 'global' ? array() : array($this->radix->id));
         } catch (\Foolz\Foolfuuka\Model\BanException $e) {
             return $this->response->setData(['error' => $e->getMessage()])->setStatusCode(404);
         }
         return $this->response->setData(['success' => _i('This user was banned.')]);
     }
 }
Esempio n. 9
0
 /**
  * Adds a new report to the database
  *
  * @param   \Foolz\Foolfuuka\Model\Radix  $radix  The Radix to which the Report is referred to
  * @param   int     $id           The ID of the object being reported (doc_id or media_id)
  * @param   string  $reason       The reason for the report
  * @param   string  $ip_reporter  The IP in decimal format
  * @param   string  $mode         The type of column (doc_id or media_id)
  *
  * @return  \Foolz\Foolfuuka\Model\Report   The created report
  * @throws  ReportMediaNotFoundException    If the reported media_id doesn't exist
  * @throws  ReportCommentNotFoundException  If the reported doc_id doesn't exist
  * @throws  ReportReasonTooLongException    If the reason inserted was too long
  * @throws  ReportSentTooManyException      If the user sent too many moderation in a timeframe
  * @throws  ReportReasonNullException       If the report reason is null
  * @throws  ReportAlreadySubmittedException If the reporter’s IP has already submitted a report for the post.
  * @throws  ReportSubmitterBannedException  If the reporter’s IP has been banned.
  */
 public function p_add($radix, $id, $reason, $ip_reporter, $mode = 'doc_id')
 {
     $new = new Report($this->getContext());
     $new->radix = $radix;
     $new->board_id = $radix->id;
     if ($mode === 'media_id') {
         try {
             $this->media_factory->getByMediaId($new->radix, $id);
         } catch (MediaNotFoundException $e) {
             throw new ReportMediaNotFoundException(_i('The media file you are reporting could not be found.'));
         }
         $new->media_id = (int) $id;
     } else {
         try {
             Board::forge($this->getContext())->getPost()->setRadix($new->radix)->setOptions('doc_id', $id)->getComments();
         } catch (BoardException $e) {
             throw new ReportCommentNotFoundException(_i('The post you are reporting could not be found.'));
         }
         $new->doc_id = (int) $id;
     }
     if (trim($reason) === null) {
         throw new ReportReasonNullException(_i('A reason must be included with your report.'));
     }
     if (mb_strlen($reason, 'utf-8') > 2048) {
         throw new ReportReasonTooLongException(_i('The reason for you report was too long.'));
     }
     $new->reason = $reason;
     $new->ip_reporter = $ip_reporter;
     // check how many moderation have been sent in the last hour to prevent spam
     $row = $this->dc->qb()->select('COUNT(*) as count')->from($this->dc->p('reports'), 'r')->where('created > :time')->andWhere('ip_reporter = :ip_reporter')->setParameter(':time', time() - 86400)->setParameter(':ip_reporter', $new->ip_reporter)->execute()->fetch();
     if ($row['count'] > 25) {
         throw new ReportSentTooManyException(_i('You have submitted too many reports within an hour.'));
     }
     $reported = $this->dc->qb()->select('COUNT(*) as count')->from($this->dc->p('reports'), 'r')->where('board_id = :board_id')->andWhere('ip_reporter = :ip_reporter')->andWhere('doc_id = :doc_id')->setParameters([':board_id' => $new->board_id, ':doc_id' => $new->doc_id, ':ip_reporter' => $new->ip_reporter])->execute()->fetch();
     if ($reported['count'] > 0) {
         throw new ReportSubmitterBannedException(_i('You can only submit one report per post.'));
     }
     if ($ban = $this->ban_factory->isBanned($new->ip_reporter, $new->radix)) {
         if ($ban->board_id == 0) {
             $banned_string = _i('It looks like you were banned on all boards.');
         } else {
             $banned_string = _i('It looks like you were banned on /' . $new->radix->shortname . '/.');
         }
         if ($ban->length) {
             $banned_string .= ' ' . _i('This ban will last until:') . ' ' . date(DATE_COOKIE, $ban->start + $ban->length) . '.';
         } else {
             $banned_string .= ' ' . _i('This ban will last forever.');
         }
         if ($ban->reason) {
             $banned_string .= ' ' . _i('The reason for this ban is:') . ' «' . $ban->reason . '».';
         }
         if ($ban->appeal_status == Ban::APPEAL_NONE) {
             $banned_string .= ' ' . _i('If you\'d like to appeal to your ban, go to the :appeal page.', '<a href="' . $this->uri->create($new->radix->shortname . '/appeal') . '">' . _i('appeal') . '</a>');
         } elseif ($ban->appeal_status == Ban::APPEAL_PENDING) {
             $banned_string .= ' ' . _i('Your appeal is pending.');
         }
         throw new ReportSubmitterBannedException($banned_string);
     }
     $new->created = time();
     $this->dc->getConnection()->insert($this->dc->p('reports'), ['board_id' => $new->board_id, 'doc_id' => $new->doc_id, 'media_id' => $new->media_id, 'reason' => $new->reason, 'ip_reporter' => $new->ip_reporter, 'created' => $new->created]);
     $this->clearCache();
     return $new;
 }