} else { if ($commentTotals['hour'] >= $commentLimits['hour']) { $error = true; $errorMsg = 'You have exceeded your rate limit for commenting. Please try again in one hour.'; } else { if ($commentTotals['nickel'] >= $commentLimits['nickel']) { $error = true; $errorMsg = 'You have exceeded your rate limit for commenting. Please try again in 5 mins.'; } } } } // TODO: grab videoURL, validate it, stuff it in to the $comment structure if (isset($_POST['videoURL']) and $_POST['videoURL'] != '') { require_once PATH_CORE . '/classes/video.class.php'; $videoURL = videos::getVideoURLFromEmbedCodeOrURL(stripslashes($_POST['videoURL'])); if (videos::validateVideoURL($videoURL)) { $vt = new VideoTable($db); $videoid = $vt->createVideoForComment($userid, $videoURL, "Video Comment on story {$cid}"); } else { $error = true; $errorMsg = 'Unsupported or invalid video URL'; } } else { if (isset($_POST['commentMsg']) and $_POST['commentMsg'] != '') { $commentMsg = preg_replace("/([\\w]+:\\/\\/[\\w-?&;#~=\\.\\/\\@]+[\\w\\/])/i", "<a target=\"_blank\" href=\"\$1\">\$1</a>", $_POST['commentMsg']); //$commentMsg = strip_tags($_POST['commentMsg'], '<a><i><b><p>'); $commentMsg = strip_tags($commentMsg, '<a><i><b><p>'); $commentMsg = nl2br($commentMsg); // TODO: GET THIS WORKING. //$comments = mysql_real_escape_string($_POST['commentMsg'], $db->handle);
function createStoryContent($userinfo = NULL, $info = NULL, $mode = 'link') { // post a story from the post story form // build source from domain - to do : improve this with source objects table $urlParts = parse_url($info->url); $info->source = $urlParts['host']; // create permalink $info->permalink = $this->buildPermalink($info->title); //$this->db->log($info->permalink); // serialize the content // mode = link for third party web site story link and blog for blog posts if ($mode == 'link') { $isBlogEntry = 0; } else { $isBlogEntry = 1; } $story = $this->serialize(0, $info->title, $info->caption, $info->source, $info->url, $info->permalink, $userinfo->ncUid, $userinfo->u->name, $userinfo->userid, '', $userinfo->votePower, 0, 0, $info->imageUrl, 0, $isBlogEntry, $info->isFeatureCandidate); // post wire story to content $siteContentId = $this->add($story); if ($info->videoEmbed != '') { // add video if it exists require_once PATH_CORE . '/classes/video.class.php'; $videoURL = videos::getVideoURLFromEmbedCodeOrURL(stripslashes($info->videoEmbed)); if (videos::validateVideoURL($videoURL)) { $vt = new VideoTable($this->db); // create new video $videoid = $vt->createVideoForContent($userinfo->userid, $videoURL, "Video for story {$siteContentId}"); if (is_numeric($videoid)) { $this->db->update("Content", "videoid={$videoid}", "siteContentId={$siteContentId}"); } // store video id in content table } else { // error on video, should have been picked up by validate } } return $siteContentId; }
function processIdeaForm($userid = 0) { $resp = array(); $resp['error'] = false; $idea = $_POST['idea']; $details = $_POST['details']; $tagid = $_POST['tagid']; if ($idea == '') { $resp['error'] = true; $resp['msg'] = 'Sorry, we did not get your idea. Please try again.'; } if ($tagid == '' or $tagid == 0) { $resp['error'] = true; $resp['msg'] = 'Please specify a category. Please try again.'; } if (isset($_POST['videoURL']) and $_POST['videoURL'] != '') { require_once PATH_CORE . '/classes/video.class.php'; $videoURL = videos::getVideoURLFromEmbedCodeOrURL(stripslashes($_POST['videoURL'])); if (videos::validateVideoURL($videoURL)) { $vt = new VideoTable($db); $videoid = $vt->createVideoForIdea($userid, $videoURL, "Idea video by {$userid}"); } else { $resp['error'] = true; $resp['msg'] = 'Unsupported or invalid video URL'; } } else { $videoid = 0; } if (!$resp['error']) { $isDup = $this->isDup($idea); if ($isDup !== false) { // it is a duplicate $resp['error'] = true; $resp['msg'] = 'Sorry, <a href="?p=ideas&o=view&id=' . $isDup . '">that idea has already been added here</a>.'; } else { $iTable = new ideasTable($this->db); $ir = $iTable->getRowObject(); $ir->idea = $idea; $ir->details = $details; $ir->tagid = $tagid; $ir->userid = $userid; $ir->dt = date('Y-m-d H:i:s', time()); $ir->numLikes = 1; $ir->videoid = $videoid; $ir->insert(); // add like for this idea when user posts require_once PATH_CORE . '/classes/log.class.php'; $logObj = new log($this->db); $logItem = $logObj->serialize(0, $userid, 'likeIdea', $ir->id); $inLog = $logObj->update($logItem); $resp['id'] = $ir->id; } } return $resp; }
function validate($option = 'link') { $this->setupLibraries(); $fData = new stdClass(); $fData->result = true; $fData->state = 'validate'; $fData->url = $_POST['url']; $fData->imageUrl = $_POST['imageUrl']; $fData->videoEmbed = $_POST['videoEmbed']; // Remove microsoft quotes $bad = array('`', '’', '„', '‘', '’', '´'); $good = array('\'', '\'', ',', '\'', '\'', '\''); $title = str_replace($bad, $good, $_POST['title']); $fData->title = stripslashes(strip_tags($title)); // took out mysql_real_escape $fData->tags = $_POST['tags']; $fData->mediatype = $_POST['mediatype']; if (isset($_POST['isFeatureCandidate']) and $_POST['isFeatureCandidate'] == 'on') { $fData->isFeatureCandidate = 1; } else { $fData->isFeatureCandidate = 0; } $fData->isBookmarklet = true; $fData->showPreview = false; $fData->alert = ''; $fData->title = stripslashes(strip_tags($_POST['title'])); $fData->caption = stripslashes($_POST['caption']); //$fData->title=mysql_real_escape_string(addslashes(stripslashes(strip_tags($_POST['title'])))); //$fData->caption=mysql_real_escape_string(stripslashes($_POST['caption']), $this->db->handle); // begin option specific code and error checking switch ($option) { default: $fData->caption = stripslashes(strip_tags($_POST['caption'])); if ($fData->url == '') { $fData->alert = 'Please provide a Web address (URL) for your story.'; $fData->result = false; } if ($fData->caption == '') { $fData->alert = 'Please provide a short caption for your entry.'; $fData->result = false; } if (strlen($fData->caption) > LENGTH_LONG_CAPTION + 5) { $fData->alert = 'Please shorten your caption to ' . LENGTH_LONG_CAPTION . ' characters. Current length: ' . strlen($fData->caption); $fData->result = false; } break; case 'blog': if (isset($_POST['blogid'])) { $fData->blogid = $_POST['blogid']; } $fData->status = 'draft'; // only allowable html, fbml $fData->entry = stripslashes(strip_tags($_POST['entry'], '<p><a><i><br><em><strong><img>')); // <fb:photo><fb:mp3><fb:swf><fb:flv><fb:silverlight> $fData->caption = stripslashes(strip_tags($_POST['caption'])); if ($fData->entry == '' or strlen($fData->entry) < MIN_BLOG_LENGTH) { $fData->alert = 'Please compose a blog post of at least ' . MIN_BLOG_LENGTH . ' characters (not counting HTML tags). Current length: ' . strlen($fData->entry); $fData->result = false; $lengthError = true; } else { $lengthError = false; } if (strlen($fData->entry) > MAX_BLOG_LENGTH) { $fData->alert = 'Please shorten your blog entry to ' . MAX_BLOG_LENGTH . ' characters. Current length: ' . strlen($fData->entry); $fData->result = false; } if ($fData->caption != '') { // if it exists already, then check that it meets the minimum length requirements if (strlen($fData->caption) > LENGTH_LONG_CAPTION + 5) { $temp = $utilObj->shorten($_POST['caption'], LENGTH_LONG_CAPTION); $fData->caption = $temp; } } else { // if it doesn't exist, create require_once PATH_CORE . '/classes/utilities.class.php'; $utilObj = new utilities($this->db); $temp = $utilObj->shorten($fData->entry, CAPTION_LENGTH); if (!$lengthError and strlen($temp) < 100) { $fData->alert = 'Please compose a blog entry for a caption of at least ' . MIN_BLOG_LENGTH . ' characters (not counting HTML tags). Current length: ' . strlen($temp); $fData->result = false; } $fData->caption = $temp; } break; } // tags /* if ($fData->tags=='') { $fData->alert='Please provide at least one tag.'; $fData->result=false; } * */ // check user has minimum # of friends - to prevent spam if (isset($_POST['fb_sig_friends']) and count(explode(',', $_POST['fb_sig_friends'])) < MIN_FRIENDS) { // suspiciously low # of friends to be posting $fData->alert = 'Please add more friends to your Facebook profile before you post stories here. This helps us minimize spam. Sorry for the inconvenience.'; $fData->result = false; } //title if (strcmp(strtoupper($fData->title), $fData->title) == 0) { $fData->title = $temp = ucwords(strtolower($fData->title)); $fData->alert = 'We\'ve modified your headline so that it\'s not all uppercase. Please check it.'; $fData->result = false; } if ($fData->title == '') { $fData->alert = 'Please provide a short headline for your entry.'; $fData->result = false; } if (strlen($fData->title) > $this->titleLimit) { $fData->alert = 'Please shorten your title to ' . $this->titleLimit . ' characters. Current length: ' . strlen($fData->title); $fData->result = false; } /* We might want this later if ($fData->imageUrl=='' ) { $fData->alert='Please provide a Web address (IMAGE URL) for your story image.'; $fData->result=false; } */ // url if ($fData->url != '') { $urlParts = parse_url($fData->url); // make sure url has http:// or other scheme in front of it if ($urlParts['scheme'] == '') { $fData->url = 'http://' . $fData->url; } if (($urlParts['path'] == '' or $urlParts['path'] == '/') and $urlParts['query'] == '') { $fData->alert = 'You seem to be writing about a Web site, not a particular story on a Web site. Please do not submit links to Web sites. Please only submit stories from Web sites and blogs.'; $fData->result = false; } if (preg_match('/^http:\\/\\/www.facebook.com\\/ext\\/share.php/', $fData->url)) { $fData->alert = 'You seem to be posting a shared story from facebook. Please go to the actual story page and post again from there.'; $fData->result = false; } } // Check for rate limits on post story if (!($this->session->u->isAdmin || $this->session->u->isModerator || $this->session->u->isSponser)) { $resp = $this->logObj->checkLimits($this->session->userid, "(action = 'postStory' OR action = 'postBlog')", 'posting'); if ($resp !== false) { $fData->alert = $resp['msg']; $fData->result = false; } } // validate the video if ($fData->videoEmbed != '') { require_once PATH_CORE . '/classes/video.class.php'; $videoURL = videos::getVideoURLFromEmbedCodeOrURL(stripslashes($fData->videoEmbed)); if (!videos::validateVideoURL($fData->videoEmbed)) { $fData->alert = 'Your video URL or embedding code is invalid. We only support Facebook and YouTube videos at this time.'; $fData->result = false; } } $this->fData =& $fData; return $fData; }