function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $childposts = null) { // default function call $rules = qa_page_q_post_rules_base($post, $parentpost, $siblingposts, $childposts); $userid = qa_get_logged_in_userid(); $level = qa_get_logged_in_level(); // do not show answer button if spam-limit exceeded (git-suggest) if (!qa_limits_remaining($userid, QA_LIMIT_ANSWERS)) { $rules['answerbutton'] = false; } // users are never allowed to hide posts $rules['hideable'] = false; // normal users are not allowed to edit posts after x min $timestamp = time(); // edit time frame: 5 min (300s) for questions/comments + 20 min (1200s) for answers if ($post['type'] == 'A') { $rules['editable'] = $rules['editbutton'] = $rules['isbyuser'] && $timestamp - $post['created'] < 1200; } else { $rules['editable'] = $rules['editbutton'] = $rules['isbyuser'] && $timestamp - $post['created'] < 300; } // questions cannot be reopened, only admin $rules['reopenable'] = $rules['reopenable'] && $level >= QA_USER_LEVEL_ADMIN; // Moderator if ($level == QA_USER_LEVEL_EXPERT) { // allowed to edit own answers and all questions // time frame: allow edit after 5 min and up to 7 days (604800 sec), can edit his own answer immediately $rules['editable'] = $rules['editbutton'] = ($rules['isbyuser'] || $post['type'] == 'Q') && !isset($post['closedbyid']) && $post['userid'] != 1; // never allow question-posts of admin to be edited } else { if ($level == QA_USER_LEVEL_EDITOR) { // can edit all posts in forum, but not admin posts $rules['editable'] = $rules['editbutton'] = $post['userid'] != 1; // can clear flags $rules['clearflaggable'] = $post['flagcount'] >= (@$post['userflag'] ? 2 : 1); } } // && ( ($timestamp - $post['created'] > 300) || $rules['isbyuser'] ) // can edit question just after 5 min OR his own answer immediately // && ($timestamp - $post['created'] < 604800 || $level>=QA_USER_LEVEL_EDITOR) // do not allow edit of posts older than 7 days, Redakteur can // admin has all rights if ($level >= QA_USER_LEVEL_ADMIN) { $rules['editable'] = $rules['editbutton'] = $rules['hideable'] = true; } // experts, moderators, admins can close questions $rules['closeable'] = $level >= QA_USER_LEVEL_EXPERT && !$rules['closed']; // && ($timestamp - $post['created'] < 1209600) ); // within 7 days // do not show retag button as it does the same as edit button $rules['retagcatbutton'] = false; return $rules; }
// don't allow this page to be requested directly from browser header('Location: ../'); exit; } // Check we're not using Q2A's single-sign on integration and that we're not logged in if (QA_FINAL_EXTERNAL_USERS) { qa_fatal_error('User login is handled by external code'); } if (qa_is_logged_in()) { qa_redirect(''); } // Process submitted form after checking we haven't reached rate limit $passwordsent = qa_get('ps'); if (qa_clicked('dologin')) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_limits_remaining(null, QA_LIMIT_LOGINS)) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; qa_limits_increment(null, QA_LIMIT_LOGINS); $inemailhandle = qa_post_text('emailhandle'); $inpassword = qa_post_text('password'); $inremember = qa_post_text('remember'); $errors = array(); if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($inemailhandle); } else { $matchusers = qa_db_user_find_by_handle($inemailhandle); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in
function qa_user_permit_error($permitoption = null, $limitaction = null) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; $userid = qa_get_logged_in_userid(); $flags = qa_get_logged_in_flags(); $error = qa_permit_error($permitoption, $userid, qa_get_logged_in_level(), $flags); if (!$error && qa_is_ip_blocked()) { $error = 'ipblock'; } if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_CONFIRM) { $error = 'confirm'; } if (isset($limitaction) && !$error) { if (qa_limits_remaining(qa_get_logged_in_userid(), $limitaction) <= 0) { $error = 'limit'; } } return $error; }
qa_redirect(''); } if (qa_opt('suspend_register_users')) { $qa_content = qa_content_prepare(); $qa_content['error'] = qa_lang_html('users/register_suspended'); return $qa_content; } if (qa_user_permit_error()) { $qa_content = qa_content_prepare(); $qa_content['error'] = qa_lang_html('users/no_permission'); return $qa_content; } // Process submitted form if (qa_clicked('doregister')) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_limits_remaining(null, QA_LIMIT_REGISTRATIONS)) { require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; $inemail = qa_post_text('email'); $inpassword = qa_post_text('password'); $inhandle = qa_post_text('handle'); $errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword)); if (qa_opt('captcha_on_register')) { qa_captcha_validate_post($errors); } if (empty($errors)) { // register and redirect qa_limits_increment(null, QA_LIMIT_REGISTRATIONS); $userid = qa_create_new_user($inemail, $inpassword, $inhandle); qa_set_logged_in_user($userid, $inhandle); $topath = qa_get('to'); /*
function qa_page_q_edit_a_submit($answer, $question, $answers, $commentsfollows, &$in, &$errors) { $answerid = $answer['postid']; $prefix = 'a' . $answerid . '_'; $in = array('dotoc' => qa_post_text($prefix . 'dotoc'), 'commenton' => qa_post_text($prefix . 'commenton')); if ($answer['isbyuser']) { $in['notify'] = qa_post_text($prefix . 'notify') ? true : false; $in['email'] = qa_post_text($prefix . 'email'); } qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']); $errors = array(); $filtermodules = qa_load_modules_with('filter', 'filter_answer'); foreach ($filtermodules as $filtermodule) { $oldin = $in; $filtermodule->filter_answer($in, $errors, $question, $answer); qa_update_post_text($in, $oldin); } if (empty($errors)) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = qa_cookie_get(); $setnotify = $answer['isbyuser'] ? qa_combine_notify_email($answer['userid'], $in['notify'], $in['email']) : $answer['notify']; if ($in['dotoc'] && ($in['commenton'] == $question['postid'] && $question['commentable'] || $in['commenton'] != $answerid && @$answers[$in['commenton']]['commentable'])) { // convert to a comment if (qa_limits_remaining($userid, QA_LIMIT_COMMENTS)) { // already checked 'permit_post_c' qa_answer_to_comment($answer, $in['commenton'], $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $answers, $commentsfollows); return 'C'; // to signify that redirect should be to the comment } else { $errors['content'] = qa_lang_html('question/comment_limit'); } // not really best place for error, but it will do } else { qa_answer_set_content($answer, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question); return 'A'; } } return null; }
function qa_page_q_single_click_c($comment, $question, $parent, &$error) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = qa_cookie_get(); $prefix = 'c' . $comment['postid'] . '_'; if (qa_page_q_clicked($prefix . 'dohide') && $comment['hideable'] || qa_page_q_clicked($prefix . 'doreject') && $comment['moderatable']) { qa_comment_set_hidden($comment, true, $userid, $handle, $cookieid, $question, $parent); return true; } if (qa_page_q_clicked($prefix . 'doreshow') && $comment['reshowable'] || qa_page_q_clicked($prefix . 'doapprove') && $comment['moderatable']) { qa_comment_set_hidden($comment, false, $userid, $handle, $cookieid, $question, $parent); return true; } if (qa_page_q_clicked($prefix . 'dodelete') && $comment['deleteable']) { qa_comment_delete($comment, $question, $parent, $userid, $handle, $cookieid); return true; } if (qa_page_q_clicked($prefix . 'doclaim') && $comment['claimable']) { if (qa_limits_remaining($userid, QA_LIMIT_COMMENTS)) { qa_comment_set_userid($comment, $userid, $handle, $cookieid); return true; } else { $error = qa_lang_html('question/comment_limit'); } } if (qa_page_q_clicked($prefix . 'doflag') && $comment['flagbutton']) { require_once QA_INCLUDE_DIR . 'qa-app-votes.php'; $error = qa_flag_error_html($comment, $userid, qa_request()); if (!$error) { if (qa_flag_set_tohide($comment, $userid, $handle, $cookieid, $question)) { qa_comment_set_hidden($comment, true, null, null, null, $question, $parent); } // hiding not really by this user so pass nulls return true; } } if (qa_page_q_clicked($prefix . 'dounflag') && $comment['unflaggable']) { require_once QA_INCLUDE_DIR . 'qa-app-votes.php'; qa_flag_clear($comment, $userid, $handle, $cookieid); return true; } if (qa_page_q_clicked($prefix . 'doclearflags') && $comment['clearflaggable']) { require_once QA_INCLUDE_DIR . 'qa-app-votes.php'; qa_flags_clear_all($comment, $userid, $handle, $cookieid); return true; } return false; }
header('Location: ../'); exit; } // report that we entered this page qa_report_event('page_enter', qa_get_logged_in_userid(), qa_get_logged_in_handle(), qa_cookie_get(), array('params' => $_SERVER['QUERY_STRING'])); // Check we're not using Q2A's single-sign on integration and that we're not logged in if (QA_FINAL_EXTERNAL_USERS) { qa_fatal_error('User login is handled by external code'); } if (isset($qa_login_userid)) { qa_redirect(''); } // Process submitted form after checking we haven't reached rate limit require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; $passwordsent = qa_get('ps'); if (qa_limits_remaining(null, 'L') || 1) { if (qa_clicked('dologin')) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; require_once QA_INCLUDE_DIR . 'mp-db-users.php'; $inemailhandle = qa_post_text('emailhandle'); $inpassword = qa_post_text('password'); $inremember = qa_post_text('remember'); // MICROPROBE $incategory = qa_post_text('category_2'); $errors = array(); // verify category provided if (strlen($incategory) <= 0) { $errors['category'] = qa_lang('question/category_required'); } if (empty($errors)) {
function qa_user_permit_error($permitoption = null, $actioncode = null) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; $error = qa_permit_error($permitoption, qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags()); if (!$error && qa_is_ip_blocked()) { $error = 'ipblock'; } if (isset($actioncode) && !$error) { if (qa_limits_remaining(qa_get_logged_in_userid(), $actioncode) <= 0) { $error = 'limit'; } } return $error; }
qa_comment_set_hidden($comment, true, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid, $question, $commentanswer); qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_hide', $questionid, $commentanswerid, $commentid); qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid'])); } if (qa_clicked('doshowc_' . $commentid) && $comment['reshowable']) { qa_comment_set_hidden($comment, false, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid, $question, $commentanswer); qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_reshow', $questionid, $commentanswerid, $commentid); qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid'])); } if (qa_clicked('dodeletec_' . $commentid) && $comment['deleteable']) { qa_comment_delete($comment, $question, $commentanswer, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid); qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_delete', $questionid, $commentanswerid, $commentid); qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid'])); } if (qa_clicked('doclaimc_' . $commentid) && $comment['claimable']) { if (qa_limits_remaining($qa_login_userid, 'C')) { qa_comment_set_userid($comment, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid); qa_report_write_action($qa_login_userid, $qa_cookieid, 'c_claim', $questionid, $commentanswerid, $commentid); qa_redirect($qa_request, null, null, null, qa_anchor($commentparenttype, $comment['parentid'])); } else { $pageerror = qa_lang_html('question/comment_limit'); } } if (qa_clicked('doflagc_' . $commentid) && $comment['flagbutton']) { require_once QA_INCLUDE_DIR . 'qa-app-votes.php'; $pageerror = qa_flag_error_html($comment, $qa_login_userid, $qa_request); if (!$pageerror) { if (qa_flag_set_tohide($comment, $qa_login_userid, qa_get_logged_in_handle(), $qa_cookieid, $question)) { qa_comment_set_hidden($comment, true, null, null, null, $question, $commentanswer); } // hiding not really by this user so pass nulls