public function process_event($event, $userid, $handle, $cookieid, $params)
{
// Don't increment limits or report user actions for events that were delayed. For example, a 'q_post'
// event sent when a post is approved by the admin, for which a 'q_queue' event was already sent.
if (isset($params['delayed'])) {
return;
}
require_once QA_INCLUDE_DIR . 'app/limits.php';
switch ($event) {
case 'q_queue':
case 'q_post':
case 'q_claim':
qa_limits_increment($userid, QA_LIMIT_QUESTIONS);
break;
case 'a_queue':
case 'a_post':
case 'a_claim':
qa_limits_increment($userid, QA_LIMIT_ANSWERS);
break;
case 'c_queue':
case 'c_post':
case 'c_claim':
case 'a_to_c':
qa_limits_increment($userid, QA_LIMIT_COMMENTS);
break;
case 'q_vote_up':
case 'q_vote_down':
case 'q_vote_nil':
case 'a_vote_up':
case 'a_vote_down':
case 'a_vote_nil':
qa_limits_increment($userid, QA_LIMIT_VOTES);
break;
case 'q_flag':
case 'a_flag':
case 'c_flag':
qa_limits_increment($userid, QA_LIMIT_FLAGS);
break;
case 'u_message':
qa_limits_increment($userid, QA_LIMIT_MESSAGES);
break;
case 'u_wall_post':
qa_limits_increment($userid, QA_LIMIT_WALL_POSTS);
break;
}
$writeactions = array('_approve', '_claim', '_clearflags', '_delete', '_edit', '_favorite', '_flag', '_hide', '_post', '_queue', '_reject', '_reshow', '_unfavorite', '_unflag', '_vote_down', '_vote_nil', '_vote_up', 'a_select', 'a_to_c', 'a_unselect', 'q_close', 'q_move', 'q_reopen', 'u_block', 'u_edit', 'u_level', 'u_message', 'u_password', 'u_save', 'u_unblock');
if (is_numeric(array_search(strstr($event, '_'), $writeactions)) || is_numeric(array_search($event, $writeactions))) {
if (isset($userid)) {
require_once QA_INCLUDE_DIR . 'app/users.php';
qa_user_report_action($userid, $event);
} elseif (isset($cookieid)) {
require_once QA_INCLUDE_DIR . 'app/cookies.php';
qa_cookie_report_action($cookieid, $event);
}
}
}
function process_event($event, $userid, $handle, $cookieid, $params)
{
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
switch ($event) {
case 'q_post':
case 'q_claim':
qa_limits_increment($userid, QA_LIMIT_QUESTIONS);
break;
case 'a_post':
case 'a_claim':
qa_limits_increment($userid, QA_LIMIT_ANSWERS);
break;
case 'c_post':
case 'c_claim':
case 'a_to_c':
qa_limits_increment($userid, QA_LIMIT_COMMENTS);
break;
case 'q_vote_up':
case 'q_vote_down':
case 'q_vote_nil':
case 'a_vote_up':
case 'a_vote_down':
case 'a_vote_nil':
qa_limits_increment($userid, QA_LIMIT_VOTES);
break;
case 'q_flag':
case 'a_flag':
case 'c_flag':
qa_limits_increment($userid, QA_LIMIT_FLAGS);
break;
case 'u_message':
qa_limits_increment($userid, QA_LIMIT_MESSAGES);
break;
case 'u_wall_post':
qa_limits_increment($userid, QA_LIMIT_WALL_POSTS);
break;
}
$writeactions = array('_approve', '_claim', '_clearflags', '_delete', '_edit', '_favorite', '_flag', '_hide', '_post', '_queue', '_reject', '_reshow', '_unfavorite', '_unflag', '_vote_down', '_vote_nil', '_vote_up', 'a_select', 'a_to_c', 'a_unselect', 'q_close', 'q_move', 'q_reopen', 'u_block', 'u_edit', 'u_level', 'u_message', 'u_password', 'u_save', 'u_unblock');
if (!isset($params['delayed']) && (is_numeric(array_search(strstr($event, '_'), $writeactions)) || is_numeric(array_search($event, $writeactions)))) {
if (isset($userid)) {
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_user_report_action($userid, $event);
} elseif (isset($cookieid)) {
require_once QA_INCLUDE_DIR . 'qa-app-cookies.php';
qa_cookie_report_action($cookieid, $event);
}
}
}
}
// Check we're not using Q2A's single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS) {
qa_fatal_error('User login is handled by external code');
}
if (qa_is_logged_in()) {
qa_redirect('');
}
// Process submitted form after checking we haven't reached rate limit
$passwordsent = qa_get('ps');
if (qa_clicked('dologin')) {
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_limits_remaining(null, QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
qa_limits_increment(null, QA_LIMIT_LOGINS);
$inemailhandle = qa_post_text('emailhandle');
$inpassword = qa_post_text('password');
$inremember = qa_post_text('remember');
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_handle($inemailhandle);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
if (qa_opt('mailing_enabled')) {
qa_db_user_set_flag($userid, QA_USER_FLAGS_NO_MAILINGS, !$inmailings);
}
qa_db_user_set_flag($userid, QA_USER_FLAGS_SHOW_AVATAR, $inavatar == 'uploaded');
qa_db_user_set_flag($userid, QA_USER_FLAGS_SHOW_GRAVATAR, $inavatar == 'gravatar');
if (is_array(@$_FILES['file']) && $_FILES['file']['size']) {
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) {
case 'limit':
$errors['avatar'] = qa_lang('main/upload_limit');
break;
default:
$errors['avatar'] = qa_lang('users/no_permission');
break;
case false:
qa_limits_increment($userid, QA_LIMIT_UPLOADS);
$toobig = qa_image_file_too_big($_FILES['file']['tmp_name'], qa_opt('avatar_store_size'));
if ($toobig) {
$errors['avatar'] = qa_lang_sub('main/image_too_big_x_pc', (int) ($toobig * 100));
} elseif (!qa_set_user_avatar($userid, file_get_contents($_FILES['file']['tmp_name']), $useraccount['avatarblobid'])) {
$errors['avatar'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
}
break;
}
}
if (count($inprofile)) {
$filtermodules = qa_load_modules_with('filter', 'filter_profile');
foreach ($filtermodules as $filtermodule) {
$filtermodule->filter_profile($inprofile, $errors, $useraccount, $userprofile);
}
}
function qa_report_write_action($userid, $cookieid, $action, $questionid, $answerid, $commentid)
{
switch ($action) {
case 'q_post':
case 'q_claim':
qa_limits_increment($userid, 'Q');
break;
case 'a_post':
case 'a_claim':
qa_limits_increment($userid, 'A');
break;
case 'c_post':
case 'c_claim':
case 'a_to_c':
qa_limits_increment($userid, 'C');
break;
case 'q_vote_up':
case 'q_vote_down':
case 'q_vote_nil':
case 'a_vote_up':
case 'a_vote_down':
case 'a_vote_nil':
qa_limits_increment($userid, 'V');
break;
case 'q_flag':
case 'a_flag':
case 'c_flag':
qa_limits_increment($userid, 'F');
break;
}
if (isset($userid)) {
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_user_report_action($userid, $action, $questionid, $answerid, $commentid);
}
if (isset($cookieid)) {
require_once QA_INCLUDE_DIR . 'qa-app-cookies.php';
qa_cookie_report_action($cookieid, $action, $questionid, $answerid, $commentid);
}
}
function qa_upload_file($localfilename, $sourcefilename, $maxfilesize = null, $onlyimage = false, $imagemaxwidth = null, $imagemaxheight = null)
{
if (qa_to_override(__FUNCTION__)) {
$args = func_get_args();
return qa_call_override(__FUNCTION__, $args);
}
$result = array();
// Check per-user upload limits
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) {
case 'limit':
$result['error'] = qa_lang('main/upload_limit');
return $result;
case false:
qa_limits_increment(qa_get_logged_in_userid(), QA_LIMIT_UPLOADS);
break;
default:
$result['error'] = qa_lang('users/no_permission');
return $result;
}
// Check the uploaded file is not too large
$filesize = filesize($localfilename);
if (isset($maxfilesize)) {
$maxfilesize = min($maxfilesize, qa_get_max_upload_size());
} else {
$maxfilesize = qa_get_max_upload_size();
}
if ($filesize <= 0 || $filesize > $maxfilesize) {
// if file was too big for PHP, $filesize will be zero
$result['error'] = qa_lang_sub('main/max_upload_size_x', number_format($maxfilesize / 1048576, 1) . 'MB');
return $result;
}
// Find out what type of source file was uploaded and if appropriate, check it's an image and get preliminary size measure
$pathinfo = pathinfo($sourcefilename);
$format = strtolower(@$pathinfo['extension']);
$isimage = $format == 'png' || $format == 'gif' || $format == 'jpeg' || $format == 'jpg';
// allowed image extensions
if ($isimage) {
$imagesize = @getimagesize($localfilename);
if (is_array($imagesize)) {
$result['width'] = $imagesize[0];
$result['height'] = $imagesize[1];
switch ($imagesize['2']) {
// reassign format based on actual content, if we can
case IMAGETYPE_GIF:
$format = 'gif';
break;
case IMAGETYPE_JPEG:
$format = 'jpeg';
break;
case IMAGETYPE_PNG:
$format = 'png';
break;
}
}
}
$result['format'] = $format;
if ($onlyimage) {
if (!$isimage || !is_array($imagesize)) {
$result['error'] = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG');
return $result;
}
}
// Read in the raw file contents
$content = file_get_contents($localfilename);
// If appropriate, get more accurate image size and apply constraints to it
require_once QA_INCLUDE_DIR . 'qa-util-image.php';
if ($isimage && qa_has_gd_image()) {
$image = @imagecreatefromstring($content);
if (is_resource($image)) {
$result['width'] = $width = imagesx($image);
$result['height'] = $height = imagesy($image);
if (isset($imagemaxwidth) || isset($imagemaxheight)) {
if (qa_image_constrain($width, $height, isset($imagemaxwidth) ? $imagemaxwidth : $width, isset($imagemaxheight) ? $imagemaxheight : $height)) {
qa_gd_image_resize($image, $width, $height);
if (is_resource($image)) {
$content = qa_gd_image_jpeg($image);
$result['format'] = $format = 'jpeg';
$result['width'] = $width;
$result['height'] = $height;
}
}
}
if (is_resource($image)) {
// might have been lost
imagedestroy($image);
}
}
}
// Create the blob and return
require_once QA_INCLUDE_DIR . 'qa-app-blobs.php';
$userid = qa_get_logged_in_userid();
$cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create();
$result['blobid'] = qa_create_blob($content, $format, $sourcefilename, $userid, $cookieid, qa_remote_ip_address());
if (!isset($result['blobid'])) {
$result['error'] = qa_lang('main/general_error');
return $result;
}
$result['bloburl'] = qa_get_blob_url($result['blobid'], true);
return $result;
}
$inmessage = qa_post_text('message');
if (empty($inmessage)) {
$errors['message'] = qa_lang('misc/message_empty');
}
if (empty($errors)) {
require_once QA_INCLUDE_DIR . 'qa-app-emails.php';
$fromhandle = qa_get_logged_in_handle();
$canreply = !(qa_get_logged_in_flags() & QA_USER_FLAGS_NO_MESSAGES);
$more = strtr(qa_lang($canreply ? 'emails/private_message_reply' : 'emails/private_message_info'), array('^f_handle' => $fromhandle, '^url' => qa_path($canreply ? 'message/' . $fromhandle : 'user/' . $fromhandle, null, qa_opt('site_url'))));
$subs = array('^message' => $inmessage, '^f_handle' => $fromhandle, '^f_url' => qa_path('user/' . $fromhandle, null, qa_opt('site_url')), '^more' => $more, '^a_url' => qa_path_html('account', null, qa_opt('site_url')));
if (qa_send_notification($useraccount['userid'], $useraccount['email'], $useraccount['handle'], qa_lang('emails/private_message_subject'), qa_lang('emails/private_message_body'), $subs)) {
$messagesent = true;
} else {
$page_error = qa_lang_html('main/general_error');
}
qa_limits_increment($qa_login_userid, 'M');
qa_report_event('u_message', $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid, array('userid' => $useraccount['userid'], 'handle' => $useraccount['handle'], 'message' => $inmessage));
}
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html('misc/private_message_title');
$qa_content['error'] = @$page_error;
$qa_content['form'] = array('tags' => 'METHOD="POST" ACTION="' . qa_self_html() . '"', 'style' => 'tall', 'fields' => array('message' => array('type' => $messagesent ? 'static' : '', 'label' => qa_lang_html_sub('misc/message_for_x', qa_get_one_user_html($handle, false)), 'tags' => 'NAME="message" ID="message"', 'value' => qa_html(@$inmessage, $messagesent), 'rows' => 16, 'note' => qa_lang_html_sub('misc/message_explanation', qa_html(qa_opt('site_title'))), 'error' => qa_html(@$errors['message']))), 'buttons' => array('send' => array('label' => qa_lang_html('main/send_button'))), 'hidden' => array('domessage' => '1'));
$qa_content['focusid'] = 'message';
if ($messagesent) {
$qa_content['form']['ok'] = qa_lang_html('misc/message_sent');
unset($qa_content['form']['fields']['message']['note']);
unset($qa_content['form']['buttons']);
}
return $qa_content;
}
// Process submitted form
if (qa_clicked('doregister')) {
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_limits_remaining(null, QA_LIMIT_REGISTRATIONS)) {
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$inemail = qa_post_text('email');
$inpassword = qa_post_text('password');
$inhandle = qa_post_text('handle');
$errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword));
if (qa_opt('captcha_on_register')) {
qa_captcha_validate_post($errors);
}
if (empty($errors)) {
// register and redirect
qa_limits_increment(null, QA_LIMIT_REGISTRATIONS);
$userid = qa_create_new_user($inemail, $inpassword, $inhandle);
qa_set_logged_in_user($userid, $inhandle);
$topath = qa_get('to');
/*
if (isset($topath))
qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
else
qa_redirect('');
*/
qa_redirect('welcome');
}
} else {
$pageerror = qa_lang('users/register_limit');
}
}
function core_login($username, $password, $remember = false)
{
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($username);
} else {
$matchusers = qa_db_user_find_by_handle($username);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false);
return $userinfo;
} else {
$this->error = new IXR_Error(1512, qa_lang('users/password_wrong'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/user_not_found'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/login_limit'));
}
qa_limits_increment(null, QA_LIMIT_LOGINS);
// log on failure
return false;
}
function process_request($request)
{
$message = '';
$url = '';
if (is_array($_FILES) && count($_FILES)) {
// Check that we're allowed to upload images (if not, no other uploads are allowed either)
if (!qa_opt('wysiwyg_editor_upload_images')) {
$message = qa_lang('users/no_permission');
}
// Check that we haven't reached the upload limit and are not blocked
if (empty($message)) {
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) {
case 'limit':
$message = qa_lang('main/upload_limit');
break;
case false:
qa_limits_increment(qa_get_logged_in_userid(), QA_LIMIT_UPLOADS);
break;
default:
$message = qa_lang('users/no_permission');
break;
}
}
// Find out some information about the uploaded file and check it's not too large
if (empty($message)) {
require_once QA_INCLUDE_DIR . 'qa-app-blobs.php';
$file = reset($_FILES);
$pathinfo = pathinfo($file['name']);
$extension = strtolower(@$pathinfo['extension']);
$filesize = $file['size'];
$maxsize = min(qa_opt('wysiwyg_editor_upload_max_size'), qa_get_max_upload_size());
if ($filesize <= 0 || $filesize > $maxsize) {
// if file was too big for PHP, $filesize will be zero
$message = qa_lang_sub('main/max_upload_size_x', number_format($maxsize / 1048576, 1) . 'MB');
}
}
// If it's only allowed to be an image, check it's an image
if (empty($message)) {
if (qa_get('qa_only_image') || !qa_opt('wysiwyg_editor_upload_all')) {
// check if we need to confirm it's an image
switch ($extension) {
case 'png':
// these are allowed image extensions
// these are allowed image extensions
case 'gif':
case 'jpeg':
case 'jpg':
if (function_exists('getimagesize')) {
// getimagesize() does not require GD library
if (!is_array(@getimagesize($file['tmp_name']))) {
$message = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG');
}
}
break;
default:
$message = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG');
break;
}
}
}
// If there have been no errors, looks like we're all set...
if (empty($message)) {
require_once QA_INCLUDE_DIR . 'qa-db-blobs.php';
$userid = qa_get_logged_in_userid();
$cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create();
$blobid = qa_db_blob_create(file_get_contents($file['tmp_name']), $extension, @$file['name'], $userid, $cookieid, qa_remote_ip_address());
if (isset($blobid)) {
$url = qa_get_blob_url($blobid, true);
} else {
$message = 'Failed to create object in database - please try again';
}
}
}
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . qa_js(qa_get('CKEditorFuncNum')) . ", " . qa_js($url) . ", " . qa_js($message) . ");</script>";
return null;
}
} elseif ($passwordsent) {
qa_redirect('account');
} else {
qa_redirect('');
}
} else {
$errors['password'] = qa_lang('users/password_wrong');
}
} else {
$errors['category'] = 'Your userid is not registered for this category';
}
} else {
$errors['emailhandle'] = qa_lang('users/user_not_found');
}
}
qa_limits_increment(null, 'L');
// only get here if we didn't log in successfully
} else {
$inemailhandle = qa_get('e');
}
} else {
$pageerror = qa_lang('users/login_limit');
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html('users/login_title');
$qa_content['error'] = @$pageerror;
if (empty($inemailhandle) || isset($errors['emailhandle'])) {
$forgotpath = qa_path('forgot');
} else {
$forgotpath = qa_path('forgot', array('e' => $inemailhandle));