function store()
{
require_once mnminclude . 'log.php';
global $db, $current_user, $globals;
if (!$this->date) {
$this->date = $globals['now'];
}
$comment_author = $this->author;
$comment_link = $this->link;
$comment_karma = $this->karma;
$comment_date = $this->date;
$comment_randkey = $this->randkey;
$comment_content = $db->escape(clean_lines($this->content));
if ($this->type == 'admin') {
$comment_type = 'admin';
} else {
$comment_type = 'normal';
}
if ($this->id === 0) {
$this->ip = $db->escape($globals['user_ip']);
$db->query("INSERT INTO comments (comment_user_id, comment_link_id, comment_type, comment_karma, comment_ip, comment_date, comment_randkey, comment_content) VALUES ({$comment_author}, {$comment_link}, '{$comment_type}', {$comment_karma}, '{$this->ip}', FROM_UNIXTIME({$comment_date}), {$comment_randkey}, '{$comment_content}')");
$this->id = $db->insert_id;
// Insert comment_new event into logs
log_insert('comment_new', $this->id, $current_user->user_id);
} else {
$db->query("UPDATE comments set comment_user_id={$comment_author}, comment_link_id={$comment_link}, comment_type='{$comment_type}', comment_karma={$comment_karma}, comment_ip = '{$this->ip}', comment_date=FROM_UNIXTIME({$comment_date}), comment_randkey={$comment_randkey}, comment_content='{$comment_content}' WHERE comment_id={$this->id}");
// Insert comment_new event into logs
log_conditional_insert('comment_edit', $this->id, $current_user->user_id, 30);
}
$this->update_order();
}
function store($full = true)
{
require_once mnminclude . 'log.php';
global $db, $current_user, $globals;
$db->transaction();
if (!$this->date) {
$this->date = time();
}
$post_author = $this->author;
$post_src = $this->src;
$post_karma = $this->karma;
$post_date = $this->date;
$post_randkey = $this->randkey;
$post_content = $db->escape($this->normalize_content());
if ($this->id === 0) {
$this->ip = $globals['user_ip_int'];
$db->query("INSERT INTO posts (post_user_id, post_karma, post_ip_int, post_date, post_randkey, post_src, post_content) VALUES ({$post_author}, {$post_karma}, {$this->ip}, FROM_UNIXTIME({$post_date}), {$post_randkey}, '{$post_src}', '{$post_content}')");
$this->id = $db->insert_id;
$this->insert_vote($post_author);
// Insert post_new event into logs
if ($full) {
log_insert('post_new', $this->id, $post_author);
}
} else {
$db->query("UPDATE posts set post_user_id={$post_author}, post_karma={$post_karma}, post_ip_int = '{$this->ip}', post_date=FROM_UNIXTIME({$post_date}), post_randkey={$post_randkey}, post_content='{$post_content}' WHERE post_id={$this->id}");
// Insert post_new event into logs
if ($full) {
log_conditional_insert('post_edit', $this->id, $post_author, 30);
}
}
if ($full) {
$this->update_conversation();
}
$db->commit();
}
function store($full = true) {
require_once(mnminclude.'log.php');
global $db, $current_user, $globals;
if(!$this->date) $this->date=$globals['now'];
$comment_author = $this->author;
$comment_link = $this->link;
$comment_karma = $this->karma;
$comment_date = $this->date;
$comment_randkey = $this->randkey;
$comment_content = $db->escape($this->normalize_content());
if ($this->type == 'admin') $comment_type = 'admin';
else $comment_type = 'normal';
$db->transaction();
if($this->id===0) {
$this->ip = $db->escape($globals['user_ip']);
$db->query("INSERT INTO comments (comment_user_id, comment_link_id, comment_type, comment_karma, comment_ip, comment_date, comment_randkey, comment_content) VALUES ($comment_author, $comment_link, '$comment_type', $comment_karma, '$this->ip', FROM_UNIXTIME($comment_date), $comment_randkey, '$comment_content')");
$this->id = $db->insert_id;
// Insert comment_new event into logs
if ($full) log_insert('comment_new', $this->id, $current_user->user_id);
} else {
$db->query("UPDATE comments set comment_user_id=$comment_author, comment_link_id=$comment_link, comment_type='$comment_type', comment_karma=$comment_karma, comment_ip = '$this->ip', comment_date=FROM_UNIXTIME($comment_date), comment_modified=now(), comment_randkey=$comment_randkey, comment_content='$comment_content' WHERE comment_id=$this->id");
// Insert comment_new event into logs
if ($full) log_conditional_insert('comment_edit', $this->id, $current_user->user_id, 60);
}
if ($full) {
$this->update_order();
$this->update_conversation();
}
$db->commit();
}
function log_conditional_insert($type, $ref_id, $user_id = 0, $seconds = 0)
{
global $db, $globals;
if (!log_get_date($type, $ref_id, $user_id, $seconds)) {
return log_insert($type, $ref_id, $user_id);
}
return false;
}
function log_user($user) {
// We want to know who the hell is this
$encoded_user = json_encode($user);
cache_set('user:'******'id'], $encoded_user);
// Log this usage
log_insert('user_hit');
}
function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
echo '<form action="' . get_auth_link() . 'login.php" id="xxxthisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
if ($_POST['persistent']) {
$persistent = 3600000;
// 1000 hours
} else {
$persistent = 0;
}
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto'));
} elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta'));
$previous_login_failed++;
} else {
UserAuth::check_clon_from_cookies();
if (!empty($_REQUEST['return'])) {
header('Location: ' . $_REQUEST['return']);
} else {
header('Location: ./');
}
die;
}
}
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" tabindex="4" />' . "\n";
echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</form>' . "\n";
echo '<div><strong><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></strong></div>' . "\n";
echo '<div style="margin-top: 30px">';
print_oauth_icons($_REQUEST['return']);
echo '</div>' . "\n";
}
function borrar_usuarios_no_activados_antiguos()
{
global $dbc;
// miro si se han borrado usuarios inactivos en las últimas 72 horas
$borrados_inactivos = log_get("users_inactives_deleted", 0, 0, 72 * 60 * 60);
if ($borrados_inactivos == 0) {
// si no se ha realizado borrado en las últimas 72 horas lo hago ahora
$sql_delete = "DELETE from `users` WHERE `approved` = 0 AND `date` < now() - INTERVAL 3 DAY";
mysql_query($sql_delete, $dbc['link']) or die("Deletion Failed:" . mysql_error());
log_insert("users_inactives_deleted", 0, 0);
}
}
function deauthorize_page() {
// Remove user from the cache
global $data;
global $db;
$q = $db->prepare('DELETE FROM cache WHERE name = ?');
$name = 'user:'******'user_id'];
$q->bind_param('s', $name);
$q->execute();
// Log users that delete the app :( (just log the ID)
log_insert('user_removed_app', $data['user_id']);
}
function popularity_page() {
print theme_header(FALSE);
print <<<EOS
<h1>How do we calculate popularity?</h1>
<p>In Status Time Capsule, your popularity depends on:</p>
<ul>
<li>average number of comments per status,</li>
<li>average number of likes per status, and</li>
<li>variance of these numbers among your statuses.</li>
</ul>
<p>Therefore, someone that consistently attracts comments and likes to all of his/her statuses may be ranked as more popular, compared to someone that has occasional popular statuses (with lots of likes and comments).</p>
<p>Technically, we calculate the lower bound of Wilson score confidence interval for a Bernoulli parameter for each user of our app. Then, we rank these lower bound values and derive the top most popular users as well as the percentage of people ranked below yours. For more explanation about the algorithm, see <a href="http://www.evanmiller.org/how-not-to-sort-by-average-rating.html">the article by Evan Miller</a>.</p>
EOS;
print theme_links();
print theme_footer();
// Ugly error suppression
@log_insert('popularity_hit');
}
$link->negatives = $votes_neg;
$link->store_basic();
} else {
$karma_mess = '';
}
print "<tr><td class='tnumber{$imod}'>{$link->id}</td><td class='tnumber{$imod}'>" . $link->votes . "</td><td class='tnumber{$imod}'>" . $link->negatives . "</td><td class='tnumber{$imod}'>" . sprintf("%0.2f", $new_coef) . "</td><td class='tnumber{$imod}'>" . intval($link->karma) . "</td>";
echo "<td class='tdata{$imod}'><a href='" . $link->get_permalink() . "'>{$link->title}</a>\n";
echo "{$karma_mess}</td>\n";
if ($link->votes >= $min_votes && $dblink->karma >= $min_karma && $published < $max_to_publish) {
$published++;
$link->karma = $dblink->karma;
$link->status = 'published';
$link->published_date = time();
$link->store_basic();
// Add the publish event/log
log_insert('link_publish', $link->id, $link->author);
$changes = 3;
// to show a "published" later
}
echo "<td class='tnumber{$imod}'>";
switch ($changes) {
case 1:
echo '<img src="../img/common/sneak-problem01.png" width="20" height="16" alt="' . _('descenso') . '"/>';
break;
case 2:
echo '<img src="../img/common/sneak-vote01.png" width="20" height="16" alt="' . _('ascenso') . '"/>';
break;
case 3:
echo '<img src="../img/common/sneak-published01.png" width="20" height="16" alt="' . _('publicada') . '"/>';
break;
}
function do_register2() {
global $db, $current_user, $globals;
if ( !ts_is_human()) {
register_error(_('el código de seguridad no es correcto'));
return;
}
if (!check_user_fields()) return;
$username=clean_input_string(trim($_POST['username'])); // sanity check
$dbusername=$db->escape($username); // sanity check
$password=md5(trim($_POST['password']));
$email=clean_input_string(trim($_POST['email'])); // sanity check
$dbemail=$db->escape($email); // sanity check
$user_ip = $globals['form_user_ip'];
$standard = (int)$_POST['standard'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip, user_standard) VALUES ('$dbusername', '$dbusername', '$dbemail', '$dbemail', '$password', now(), '$user_ip', '$standard')")) {
echo '<fieldset>'."\n";
echo '<legend><span class="sign">'._("registro de usuario").'</span></legend>'."\n";
$user=new User();
$user->username=$username;
if(!$user->read()) {
register_error(_('error insertando usuario en la base de datos'));
} else {
require_once(mnminclude.'mail.php');
$sent = send_recover_mail($user);
$globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form
log_insert('user_new', $user->id, $user->id);
}
echo '</fieldset>'."\n";
} else {
register_error(_("error insertando usuario en la base de datos"));
}
} else {
register_error(_("el usuario ya existe"));
}
}
function lang_content_destroy($p_db, $p_table_name, $p_msg_id, $p_country_id)
{
$success = true;
$is_exist = false;
if (lang_content_exist($p_db, $p_table_name, $p_msg_id, $p_country_id)) {
$is_exist = true;
}
if ($is_exist) {
$qry_del = "DELETE FROM `{$p_table_name}`\r\n\t\tWHERE `msg_id`='{$p_msg_id}'\r\n\t\tLIMIT 1";
$res_del = mysql_query($qry_del, $p_db);
if (!$res_del) {
log_insert($p_db, "Error when deleting multilang table:" . mysql_error($p_db));
$success = false;
}
}
return $success;
}
function publish(&$link)
{
global $globals, $db;
global $users_karma_avg;
// Calculate votes average
// it's used to calculate and check future averages
$votes_avg = (double) $db->get_var("select SQL_NO_CACHE avg(vote_value) from votes, users where vote_type='links' AND vote_link_id={$link->id} and vote_user_id > 0 and vote_value > 0 and vote_user_id = user_id and user_level !='disabled'");
if ($votes_avg < $users_karma_avg) {
$link->votes_avg = max($votes_avg, $users_karma_avg * 0.97);
} else {
$link->votes_avg = $votes_avg;
}
$link->status = 'published';
$link->date = $link->published_date = time();
$link->store_basic();
// Increase user's karma
$user = new User();
$user->id = $link->author;
if ($user->read()) {
$user->karma = min(20, $user->karma + 1);
$user->store();
$annotation = new Annotation("karma-{$user->id}");
$annotation->append(_('Noticia publicada') . ": +1, karma: {$user->karma}\n");
}
// Add the publish event/log
log_insert('link_publish', $link->id, $link->author);
$short_url = fon_gs($link->get_permalink());
if ($globals['twitter_user'] && $globals['twitter_password']) {
twitter_post($link, $short_url);
}
if ($globals['jaiku_user'] && $globals['jaiku_key']) {
jaiku_post($link, $short_url);
}
}
if ($lang != $prev_lang) {
$query = "update subs set lang_id={$lang} where subID={$id} and fversion={$rversion} and lang_id={$prev_lang}";
mysql_query($query);
$query = "update flangs set lang_id={$lang} where subID={$id} and fversion={$rversion} and lang_id={$prev_lang}";
mysql_query($query);
}
if (!isset($fversion)) {
if ($is_episode) {
$showname = bd_getShowTitle($showID);
if (strlen($season) < 2) {
$season = '0' . $season;
}
if (strlen($epnumber) < 2) {
$epnumber = '0' . $epnumber;
}
$title = $showname . ' - ' . $season . 'x' . $epnumber . ' - ' . $eptitle;
$title = addslashes($title);
$query = "update files set is_episode=1,title='{$title}',season={$season},season_number={$epnumber} where subID={$id}";
mysql_query($query);
} else {
$title = $movietitle . " ({$year})";
$tile = addslashes($title);
$query = "update files set is_episode=0,title='{$title}' where subID={$id}";
mysql_query($query);
}
}
$title = bd_getTitle($id);
log_insert(LOG_updateprop, '', $userID, $id, bd_userIsModerador());
$url = bd_getUrl($id);
location("{$url}");
bbdd_close();
function do_save() {
global $linkres, $dblang, $current_user;
$linkres->read_content_type_buttons($_POST['type']);
$linkres->category=intval($_POST['category']);
if ($current_user->admin) {
if (!empty($_POST['url'])) {
$linkres->url = clean_input_url($_POST['url']);
}
if ($_POST['thumb_delete']) {
$linkres->delete_thumb();
}
if ($_POST['thumb_get']) {
$linkres->get_thumb();
}
}
$linkres->title = clean_text($_POST['title'], 40);
$linkres->content = clean_text_with_tags($_POST['bodytext']);
$linkres->tags = tags_normalize_string($_POST['tags']);
// change the status
if ($_POST['status'] != $linkres->status
&& ($_POST['status'] == 'autodiscard' || $current_user->admin)
&& preg_match('/^[a-z]{4,}$/', $_POST['status'])
&& ( ! $linkres->is_discarded() || $current_user->admin)) {
if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
// Insert a log entry if the link has been manually discarded
$insert_discard_log = true;
}
$linkres->status = $_POST['status'];
}
// EVENTS
$d = $_POST["datepicker1"];
$linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
$d = $_POST["datepicker2"];
$linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
if (!link_edit_errors($linkres)) {
if (empty($linkres->uri)) $linkres->get_uri();
$linkres->store();
tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
// Insert edit log/event if the link it's newer than 15 days
if ($globals['now'] - $linkres->date < 86400*15) {
require_once(mnminclude.'log.php');
if ($insert_discard_log) {
// Insert always a link and discard event if the status has been changed to discard
log_insert('link_discard', $linkres->id, $current_user->user_id);
if ($linkres->author == $current_user->user_id) { // Don't save edit log if it's discarded by an admin
log_insert('link_edit', $linkres->id, $current_user->user_id);
}
} elseif ($linkres->votes > 0) {
log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
}
}
echo '<div class="form-error-submit"> '._("noticia actualizada").'</div>'."\n";
}
$linkres->read();
echo '<div class="formnotice">'."\n";
$linkres->print_summary('preview');
echo '</div>'."\n";
echo '<form class="note" method="GET" action="story.php" >';
echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
echo '<input class="button" type="button" onclick="window.history.go(-1)" value="« '._('modificar').'"> '."\n";;
echo '<input class="button" type="submit" value="'._('ir a la noticia').'" />'."\n";
echo '</form>'. "\n";
}
function do_register()
{
global $hasError, $data, $dbc, $globals, $mostrar_captcha;
borrar_usuarios_no_activados_antiguos();
if ($mostrar_captcha) {
validar_captcha($hasError);
}
$user_ip = $globals['ip'];
// hash sha1 de la clave
$sha1pass = PwdHash($data['Password']);
// Generamos el código de activación
$activ_code = rand(1000, 9999);
$usr_email = $data['Email'];
$user_name = $data['UserName'];
// Valido si existe ya el usuario
$rs_duplicate = mysql_query("select count(*) as total from users where user_name='{$user_name}'") or die(mysql_error());
list($total) = mysql_fetch_row($rs_duplicate);
if ($total > 0) {
$hasError[] = "El usuario ya está dado de alta.";
}
// Valido si existe ya el email
$parts = explode('@', $usr_email);
$subparts = explode('+', $parts[0]);
// se permiten direcciones del tipo user+extension@gmail.com, que debemos controlar para no permitir abusos
$rs_duplicate = mysql_query("select count(*) as total from users where user_email = '{$subparts['0']}@{$parts['1']}' or user_email LIKE '{$subparts['0']}+%@{$parts['1']}'") or die(mysql_error());
list($total) = mysql_fetch_row($rs_duplicate);
if ($total > 0) {
$hasError[] = "El email ya está dado de alta.";
}
if (empty($hasError)) {
// Insertamos el Nuevo Usuario
$sql_insert = "INSERT into `users`\n (`user_email`,`pwd`,`date`,`users_ip`,`activation_code`,`user_name`)\n VALUES\n ('{$usr_email}','{$sha1pass}',now(),'{$user_ip}','{$activ_code}','{$user_name}')\n ";
mysql_query($sql_insert, $dbc['link']) or die("Insertion Failed:" . mysql_error());
$user_id = mysql_insert_id($dbc['link']);
$md5_id = md5($user_id);
mysql_query("update users set md5_id='{$md5_id}' where id='{$user_id}'");
log_insert("register_ok", ip2long($globals['ip']));
$_SESSION['email_registro'] = $usr_email;
$_SESSION['email_registro_contador'] = 3;
$_SESSION['hasSuccess'] = null;
enviar_correo_registro($usr_email, $md5_id, $activ_code);
header("Location: thankyou.php");
exit;
}
}
<?php
include 'includes/includes.php';
$linkID = $_GET['linkid'];
$subID = bd_link_getSubID($linkID);
if (!bd_userIsModerador()) {
bbdd_close();
location(bd_getUrl($subID));
exit;
}
$query = "delete from links_data where linkID={$linkID}";
mysql_query($query);
$query = "delete from links where linkID={$linkID}";
mysql_query($query);
log_insert(LOG_deleteLink, bd_link_getFversion($linkID), $_SESSION['userID'], $subID, bd_userIsModerador());
location(bd_getUrl($subID));
bbdd_close();
while ($numresults > 0) {
$query = "select entryID,edited_seq,version from subs where subID={$id} and fversion={$fversion} and lang_id={$lang} and authorID={$author} and last=1";
$result = mysql_query($query);
$numresults = mysql_affected_rows();
while ($row = mysql_fetch_assoc($result)) {
$entry = $row['entryID'];
$seq = $row['edited_seq'];
$version = $row['version'];
if (!$notoriginal) {
$query = "delete from subs where entryID={$entry}";
mysql_query($query);
}
if ($version > 0) {
if ($notoriginal) {
$query = "delete from subs where entryID={$entry}";
mysql_query($query);
}
$minver = $version - 1;
$query = "update subs set last=1 where subID={$id} and fversion={$fversion} and lang_id={$lang} and edited_seq={$seq} and version={$minver}";
mysql_query($query);
}
}
}
if (bd_getOriginalLang($id, $fversion) != $lang && !bd_isMerged($id, $fversion, $lang)) {
tn_check($id, $fversion, bd_getOriginalLang($id, $fversion), $lang);
bd_confirmTranslated($id, $fversion, $lang);
}
$authorName = bd_getUsername($authorName);
log_insert(LOG_troll, "User {$authorname}", $_SESSION['userID'], $id, bd_userIsModerador());
location("/antitroll.php?id={$id}&fversion={$fversion}&lang={$lang}");
bbdd_close();
function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
// Show menéame intro only if first try and the there were not previous logins
if ($previous_login_failed < 3 && empty($_POST["processlogin"]) && empty($_COOKIE['mnm_user'])) {
echo '<div class="faq" style="float:right; width:55%; margin-top: 10px;">' . "\n";
// Only prints if the user was redirected from submit.php
if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) {
echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n";
}
echo '<h3>' . _('¿Qué es menéame?') . '</h3>' . "\n";
echo '<p>' . _('Es un sitio que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal') . '.</p>' . "\n";
echo '<h3>' . _('¿Todavía no eres usuario de menéame?') . '</h3>' . "\n";
echo '<p>' . _('Como usuario registrado podrás, entre otras cosas') . ':</p>' . "\n";
echo '<ul style="margin-left: 1.5em">' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Enviar historias') . '</strong><br />' . "\n";
echo '<p>' . _('Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php">preguntas frecuentes sobre menéame</a>') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Escribir comentarios') . '</strong><br />' . "\n";
echo '<p>' . _('Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Perfil de usuario') . '</strong><br />' . "\n";
echo '<p>' . _('Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Chatear en tiempo real desde la fisgona') . '</strong><br />' . "\n";
echo '<p>' . _('Gracias a la <a href="sneak.php">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame') . '</p>' . "\n";
echo '</li>' . "\n";
echo '</ul>' . "\n";
echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n";
echo '</div>' . "\n";
echo '<div class="genericform" style="float:left; width:40%; margin: 0">' . "\n";
} else {
echo '<div class="genericform" style="float:auto;">' . "\n";
}
echo '<form action="' . get_auth_link() . 'login.php" id="thisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
if ($_POST['persistent']) {
$persistent = 3600000;
// 1000 hours
} else {
$persistent = 0;
}
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto'));
} elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta'));
$previous_login_failed++;
} else {
UserAuth::check_clon_from_cookies();
if (!empty($_REQUEST['return'])) {
header('Location: http://' . get_server_name() . $_REQUEST['return']);
} else {
header('Location: http://' . get_server_name() . $globals['base_url']);
}
die;
}
}
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">login</span></legend>' . "\n";
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" class="button" tabindex="4" />' . "\n";
echo '<div align="center">';
print_oauth_icons($_REQUEST['return']);
echo '</div>' . "\n";
echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</fieldset>' . "\n";
echo '</form>' . "\n";
echo '<div class="recoverpass" align="center"><h4><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></h4></div>' . "\n";
echo '</div>' . "\n";
echo '<br clear="all"/> ';
}
function do_login()
{
global $current_user, $globals;
// Start posavasos & ashacz code
$previous_login_failed = log_get_date('login_failed', $globals['original_user_ip_int'], 0, 90);
if ($previous_login_failed < 3 && empty($_POST["processlogin"])) {
echo '<div id="mini-faq" style="float:left; width:65%; margin-top: 10px;">' . "\n";
// gallir: Only prints if the user was redirected from submit.php
if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) {
echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n";
}
echo '<h3>¿Qué es menéame?</h3>' . "\n";
echo '<p>Es un web que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php" title="Cola de historias pendientes">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal.</p>' . "\n";
echo '<h3>¿Todavía no eres usuario de menéame?</h3>' . "\n";
echo '<p>Como usuario registrado podrás, entre otras cosas:</p>' . "\n";
echo '<ul>' . "\n";
echo '<li>' . "\n";
echo '<strong>Enviar historias</strong><br />' . "\n";
echo 'Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php" title="Acerca de meneame">preguntas frecuentes sobre menéame.</a>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>Escribir comentarios</strong><br />' . "\n";
echo 'Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos.' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>Perfil de usuario</strong><br />' . "\n";
echo 'Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil.' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>Chatear en tiempo real desde la fisgona</strong><br />' . "\n";
echo 'Gracias a la <a href="sneak.php" title="Fisgona">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame' . "\n";
echo '</li>' . "\n";
echo '</ul>' . "\n";
echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n";
echo '</div>' . "\n";
echo '<div id="genericform" style="float:right; width:30%;">' . "\n";
//End posavasos & ashacz code
} else {
echo '<div id="genericform" style="float:auto;">' . "\n";
}
echo '<form action="login.php" id="thisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
$persistent = $_POST['persistent'];
if ($previous_login_failed > 2 && !ts_is_human()) {
log_insert('login_failed', $globals['original_user_ip_int'], 0);
recover_error(_('El código de seguridad no es correcto!'));
} elseif ($current_user->Authenticate($username, $password, $persistent) == false) {
log_insert('login_failed', $globals['original_user_ip_int'], 0);
recover_error(_('usuario inexistente, sin validar, o clave incorrecta'));
$previous_login_failed++;
} else {
if (!empty($_REQUEST['return'])) {
header('Location: ' . $_REQUEST['return']);
} else {
header('Location: ./');
}
die;
}
}
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">login</span></legend>' . "\n";
echo '<p class="l-top"><label for="name">' . _('usuario') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p class="l-mid"><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p class="l-mid"><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
if ($previous_login_failed > 2) {
ts_print_form();
}
echo '<p class="l-bot"><input type="submit" value="login" class="genericsubmit" tabindex="4" />' . "\n";
echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</fieldset>' . "\n";
echo '</form>' . "\n";
echo '<div class="recoverpass" align="center"><h4><a href="login.php?op=recover">' . _('¿Has olvidado la contraseña?') . '</a></h4></div>' . "\n";
echo '</div>' . "\n";
echo '<br clear="all"/> ';
}
mysql_query($query);
$query = "select max(fversion) from fversions where subID={$id}";
$result = mysql_query($query);
if (mysql_result($result, 0) > $fversion) {
$query = "update fversions set fversion = fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
$query = "update flangs set fversion = fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
$query = "update subs set fversion = fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
}
$url = bd_getUrl($id);
location("{$url}");
log_insert(LOG_deleteVersion, "version {$fversion}", $_SESSION['userID'], $id, bd_userIsModerador());
} else {
$query = "delete from fversions where subID={$id}";
mysql_query($query);
$query = "delete from flangs where subID={$id}";
mysql_query($query);
$query = "delete from subs where subID={$id}";
mysql_query($query);
$query = "delete from translating where subID={$id}";
mysql_query($query);
$query = "delete from files where subID={$id}";
mysql_query($query);
$query = "delete from lasttranslated where subID={$id}";
mysql_query($query);
location("/index.php");
log_insert(LOG_deleteFile, $title, $_SESSION['userID'], $id, bd_userIsModerador());
}
bbdd_close();
function store_user()
{
global $db, $globals;
$user = $this->user;
if (!$this->secret) {
$this->secret = $this->service . "-" . $globals['now'];
}
if (user_exists($this->username)) {
$i = 1;
while (user_exists($this->username . "_{$i}")) {
$i++;
}
$user->username = $this->username . "_{$i}";
} else {
$user->username = $this->username;
}
$user->username_register = $user->username;
if (!$user->pass || preg_match('/$\\$/', $user->pass)) {
$user->pass = "******";
}
if (!$user->names && $this->names) {
$user->names = $this->names;
}
if (!$user->url && $this->url) {
$user->url = $this->url;
}
if ($user->id == 0) {
$user->date = $globals['now'];
$user->ip = $globals['user_ip'];
$user->email = $this->username . '@' . $this->service;
$user->email_register = $this->username . '@' . $this->service;
}
syslog(LOG_NOTICE, "Meneame new user from {$this->service}: {$user->username}, {$user->names}");
$user->store();
include_once mnminclude . 'log.php';
log_insert('user_new', $user->id, $user->id);
$db->query("update users set user_validated_date = now() where user_id = {$user->id} and user_validated_date is null");
if ($this->avatar) {
require_once mnminclude . 'avatars.php';
avatars_get_from_url($user->id, $this->avatar);
}
}
function save_profile() {
global $db, $user, $current_user, $globals, $admin_mode, $site_key;
$errors = 0; // benjami: control added (2005-12-22)
$pass_changed=false;
$messages = '';
$form_hash = md5($site_key.$user->id.mnminclude);
if(isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id ) {
$old_user_login = $user->username;
$old_user_id = $user->id;
$user->disable(true);
require_once(mnminclude.'log.php');
log_insert('user_delete', $old_user_id, $old_user_id );
syslog(LOG_NOTICE, "Meneame, disabling $old_user_id ($old_user_login) by $current_user->user_login -> $user->username ");
$current_user->Logout(get_user_uri($user->username));
die;
}
if(!isset($_POST['save_profile']) || !isset($_POST['process']) ||
($_POST['user_id'] != $current_user->user_id && !$admin_mode) ) return;
if ( empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash ) {
$messages .= '<p class="form-error">'._('Falta la clave de control').'</p>';
$errors++;
}
if(!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
if (strlen(trim($_POST['username']))<3) {
$messages .= '<p class="form-error">'._('nombre demasiado corto').'</p>';
$errors++;
}
if(!check_username($_POST['username'])) {
$messages .= '<p class="form-error">'._('nombre de usuario erróneo, caracteres no admitidos').'</p>';
$errors++;
} elseif (user_exists(trim($_POST['username'])) ) {
$messages .= '<p class="form-error">'._('el usuario ya existe').'</p>';
$errors++;
} else {
$user->username=trim($_POST['username']);
}
}
if($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
$messages .= '<p class="form-error">'._('el correo electrónico no es correcto').'</p>';
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
$messages .= '<p class="form-error">'. _('ya existe otro usuario con esa dirección de correo'). '</p>';
$errors++;
} else {
$user->email=trim($_POST['email']);
}
$user->url=htmlspecialchars(clean_input_url($_POST['url']));
// Check IM address
if (!empty($_POST['public_info'])) {
$_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
$public = $db->escape($_POST['public_info']);
$im_count = intval($db->get_var("select count(*) from users where user_id != $user->id and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='$public'"));
if ($im_count > 0) {
$messages .= '<p class="form-error">'. _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'). '</p>';
$_POST['public_info'] = '';
$errors++;
}
}
$user->phone = $_POST['phone'];
$user->public_info=htmlspecialchars(clean_input_url($_POST['public_info']));
// End check IM address
if ($user->id == $current_user->user_id) {
// Check phone number
if (!empty($_POST['phone'])) {
if ( !preg_match('/^\+[0-9]{9,16}$/', $_POST['phone'])) {
$messages .= '<p class="form-error">'. _('número telefónico erróneo, no se ha grabado'). '</p>';
$_POST['phone'] = '';
$errors++;
} else {
$phone = $db->escape($_POST['phone']);
$phone_count = intval($db->get_var("select count(*) from users where user_id != $user->id and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='$phone'"));
if ($phone_count > 0) {
$messages .= '<p class="form-error">'. _('ya hay otro usuario con el mismo número, no se ha grabado'). '</p>';
$_POST['phone'] = '';
$errors++;
}
}
}
$user->phone = $_POST['phone'];
// End check phone number
}
// Verifies adsense code
if ($globals['external_user_ads']) {
$_POST['adcode'] = trim($_POST['adcode']);
$_POST['adchannel'] = trim($_POST['adchannel']);
if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
if ( !preg_match('/^pub-[0-9]{16}$/', $_POST['adcode'])) {
$messages .= '<p class="form-error">'. _('código AdSense incorrecto, no se ha grabado'). '</p>';
$_POST['adcode'] = '';
$errors++;
} else {
$adcode_count = intval($db->get_var("select count(*) from users where user_id != $user->id and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='".$_POST['adcode']."'"));
if ($adcode_count > 0) {
$messages .= '<p class="form-error">'. _('ya hay otro usuario con la misma cuenta, no se ha grabado'). '</p>';
$_POST['adcode'] = '';
$errors++;
}
}
}
if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
if ( !preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
$messages .= '<p class="form-error">'. _('canal AdSense incorrecto, no se ha grabado'). '</p>';
$_POST['adchannel'] = '';
$errors++;
}
}
$user->adcode = $_POST['adcode'];
$user->adchannel = $_POST['adchannel'];
}
$user->names=clean_text($_POST['names']);
if(!empty($_POST['password']) || !empty($_POST['password2'])) {
if(! check_password($_POST["password"]) ) {
$messages .= '<p class="form-error">'._('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números').'</p>';
$errors=1;
} else if(trim($_POST['password']) !== trim($_POST['password2'])) {
$messages .= '<p class="form-error">'._('las claves no son iguales, no se ha modificado').'</p>';
$errors = 1;
} else {
$user->pass=md5(trim($_POST['password']));
$messages .= '<p class="form-error">'._('La clave se ha cambiado').'</p>';
$pass_changed = true;
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level=$db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma=$_POST['karma'];
}
$user->comment_pref=intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name']) ) {
if(avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
$messages .= '<p class="form-error">'._('error guardando la imagen').'</p>';
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
$messages .= '<p class="form-error">'._('el tamaño de la imagen excede el límite').'</p>';
$errors = 1;
$user->avatar = 0;
}
} elseif ($_POST['avatar_delete']) {
$user->avatar = 0;
avatars_remove($user->id);
}
// Reset avatar for the logged user
if ($current_user->user_id == $user->id) $current_user->user_avatar = $user->avatar;
// norma ortografica
if ($_POST['standard']) {
$user->standard = (int)$_POST['standard'];
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip=$globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode && ($current_user->user_login != $user->username ||
$current_user->user_email != $user->email || $pass_changed)) {
$current_user->Authenticate($user->username, $user->pass);
}
$messages .= '<p class="form-error">'._('datos actualizados').'</p>';
}
return $messages;
}
<?php
include_once 'includes/includes.php';
if (!bd_userIsModerador()) {
bbdd_close();
exit;
}
$id = $_GET['id'];
$fversion = $_GET['fversion'];
$prevv = $fversion - 1;
$query = "update subs set original=0,fversion={$prevv} where subID={$id} and fversion={$fversion}";
mysql_query($query);
$query = "update flangs set merged=1,original=0,fversion={$prevv} where subID={$id} and fversion={$fversion}";
mysql_query($query);
$query = "delete from fversions where subID={$id} and fversion={$fversion}";
mysql_query($query);
$query = "delete from flangs where subID = {$id} and fversion={$fversion}";
mysql_query($query);
$query = "select max(fversion) from fversions where subID={$id}";
$result = mysql_query($query);
if (mysql_result($result, 0) > $fversion) {
$query = "update fversions set fversion=fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
$query = "update flangs set fversion=fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
}
log_insert(LOG_merge, "Merged from version {$fversion} to {$prevv}", $_SESSION['userID'], $id, bd_userIsModerador());
$url = bd_getUrl($id);
location($url);
bbdd_close();
function privacy_page() {
print theme_header(FALSE);
print <<<EOS
<h1>Privacy Policy</h1>
<p>This Privacy Policy describes how users' personal information is handled in order to
engage in the services available on our application. It applies generally to web pages
where this policy appears in the footer. By accepting the Privacy Policy, you express
consent to our collection, storage, use and disclosure of your personal information as
described in this Privacy Policy. This Privacy Policy is effective upon acceptance for
new users and is otherwise effective on August 08, 2011.</p>
<h2>Definitions</h2>
<ol>
<li>References to "Our", "We", "Us" and Status Time Capsule shall be references
to Status Time Capsule.</li>
<li>References to "You", "Users" and "Your" shall mean references to user(s) visiting this web site, as the context requires.</li>
</ol>
<h2>Information Collection</h2>
<p>Browsing our websites does not require your identities to be revealed. However,
under the following circumstances, you are not anonymous to us.</p>
<h2>User</h2>
<p>We will ask for your personal information. The personal information collected includes but not restricting to the following:</p>
<ol>
<li>Private information such as name and birthdate</li>
<li>Contact information such as email address, mobile number and physical address</li>
<li>Additional information which we may ask for if we believe the site policies are
violated</li>
</ol>
<p>Once you log into the account, your identity will be revealed to us.</p>
<h2>Information Usage</h2>
<p>The primary purpose in collecting personal information is to provide the users with
a smooth and customized experience.</p>
<p>We will use the information collected for the following purposes</p>
<ol>
<li>To provide its intended services</li>
<li>To resolve disputes, and troubleshoot problems and errors</li>
<li>To assist in law enforcement purposes and prevent/restrict the occurrences of
potentially illegal or prohibited activities</li>
</ol>
<h2>Disclosure of information</h2>
<p>We may share information with governmental agencies or other companies assisting us
in fraud prevention or investigation. We may do so when:</p>
<ol>
<li>permitted or required by law; or,</li>
<li>trying to protect against or prevent actual or potential fraud or unauthorized
transactions; or,</li>
<li>investigating fraud which has already taken place.</li>
</ol>
<p>The information is not provided to these companies for marketing purposes.</p>
<h2>Usage of Cookies</h2>
<p>Cookies are small files placed in your computer hard drives. We use it to analyse
our site traffic. We have also used cookies to maintain your signed in status when you
login to our websites.</p>
<h2>Commitment to Data Security</h2>
<p>Your personally identifiable information is kept secure. Only authorized employees,
agents and contractors (who have agreed to keep information secure and confidential)
have access to this information. All emails and newsletters from this site allow you to
opt out of further mailings.</p>
<h2>Changes to the policies</h2>
<p>We reserved the rights to amend this Privacy Policy at any time. Upon posting of new
policies, it will take immediate effect. We may notify you should there be any major
changes to the policies.</p>
EOS;
print theme_links();
print theme_footer();
// Ugly error suppression
@log_insert('tos_hit');
}
function do_register()
{
global $hasError, $data, $dbc, $globals, $mostrar_captcha;
if ($mostrar_captcha) {
if (!validar_captcha($hasError)) {
return;
}
// si no introduce correctamente el código de seguridad no debemos mirar nada más... porque podría sacar por fuerza bruta usuario/clave.
}
$user_email = $data['UserNameEmail'];
$pass = $data['Password'];
if (strpos($user_email, '@') === false) {
$user_cond = "user_name='{$user_email}'";
} else {
$parts = explode('@', $user_email);
$subparts = explode('+', $parts[0]);
// se permiten direcciones del tipo user+extension@gmail.com, que debemos controlar para no permitir abusos
$user_cond = "(user_email='{$subparts['0']}@{$parts['1']}' or user_email LIKE '{$subparts['0']}+%@{$parts['1']}')";
}
$result = mysql_query("SELECT `id`,`pwd`,`user_name`,`approved`,`banned`,`user_level` FROM users WHERE {$user_cond} limit 1") or die(mysql_error());
$num = mysql_num_rows($result);
if ($num > 0) {
list($id, $pwd, $user_name, $approved, $banned, $user_level) = mysql_fetch_row($result);
if ($banned) {
$hasError[] = "Cuenta anulada.";
return;
}
if (!$approved) {
$hasError[] = "Cuenta registrada pero aún no activada. Revisa tu buzón de correo y sigue el enlace que allí aparece.";
return;
}
if ($pwd === PwdHash($pass, substr($pwd, 0, 9))) {
log_insert("login_ok", $id, $id);
session_regenerate_id(true);
//prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id'] = $id;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='{$stamp}', `ckey` = '{$ckey}' where id='{$id}'") or die(mysql_error());
//set a cookie
if (isset($_POST['remember'])) {
setcookie("user_id", $_SESSION['user_id'], time() + 60 * 60 * 24 * COOKIE_TIME_OUT, "/");
setcookie("user_key", sha1($ckey), time() + 60 * 60 * 24 * COOKIE_TIME_OUT, "/");
setcookie("user_name", $_SESSION['user_name'], time() + 60 * 60 * 24 * COOKIE_TIME_OUT, "/");
}
header("Location: myaccount.php");
exit;
} else {
$hasError[] = "Contraseña incorrecta. Vuelve a intentarlo.";
}
} else {
$hasError[] = "Usuario o correo electrónico inexistente.";
}
}
function do_save()
{
global $linkres, $dblang, $current_user;
$linkres->read_content_type_buttons($_POST['type']);
$linkres->category = intval($_POST['category']);
if (!empty($_POST['url']) && ($current_user->user_level == 'admin' || $current_user->user_level == 'god')) {
$linkres->url = clean_input_url($_POST['url']);
}
$linkres->title = clean_text($_POST['title'], 40);
$linkres->content = clean_text($_POST['bodytext']);
$linkres->tags = tags_normalize_string($_POST['tags']);
// change the status
if (($current_user->user_level == 'god' || $linkres->status != 'published') && ($_POST['status'] == 'queued' || $_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
if (!$linkres->is_discarded() && ($_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
// Insert a log entry if the link has been manually discarded
$insert_discard_log = true;
}
$linkres->status = $_POST['status'];
}
if (!link_edit_errors($linkres)) {
if (empty($linkres->uri)) {
$linkres->get_uri();
}
$linkres->store();
tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
// Insert edit log/event
require_once mnminclude . 'log.php';
if ($insert_discard_log) {
// Insert always a link and discard event if the status has been changed to discard
log_insert('link_discard', $linkres->id, $current_user->user_id);
log_insert('link_edit', $linkres->id, $current_user->user_id);
} else {
log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
}
echo '<div class="form-error-submit"> ' . _("noticia actualizada") . '</div>' . "\n";
}
$linkres->read();
echo '<div class="formnotice">' . "\n";
$linkres->print_summary('preview');
echo '</div>' . "\n";
echo '<form id="genericform" method="GET" action="story.php" >';
echo '<input type="hidden" name="id" value="' . $linkres->id . '" />' . "\n";
echo '<input class="genericsubmit" type="button" onclick="window.history.go(-1)" value="' . _('« modificar') . '"> ' . "\n";
echo '<input class="genericsubmit" type="submit" value="' . _('ir a la noticia') . '" />' . "\n";
echo '</form>' . "\n";
}
function publish($link) {
global $globals, $db, $client;
//return;
if (DEBUG) return;
// Calculate votes average
// it's used to calculate and check future averages
$votes_avg = (float) $db->get_var("select SQL_NO_CACHE avg(vote_value) from votes, users where vote_type='links' AND vote_link_id=$link->id and vote_user_id > 0 and vote_value > 0 and vote_user_id = user_id and user_level !='disabled'");
if ($votes_avg < $globals['users_karma_avg']) $link->votes_avg = max($votes_avg, $globals['users_karma_avg']*0.97);
else $link->votes_avg = $votes_avg;
$link->status = 'published';
$link->date = $link->published_date=time();
$db->query("update links set link_status='published', link_date=now(), link_votes_avg=$link->votes_avg where link_id=$link->id");
// Increase user's karma
$user = new User;
$user->id = $link->author;
if ($user->read()) {
$user->karma = min(20, $user->karma + $globals['instant_karma_per_published']);
$user->store();
$annotation = new Annotation("karma-$user->id");
$annotation->append(_('noticia publicada').": +". $globals['instant_karma_per_published'] .", karma: $user->karma\n");
}
// Add the publish event/log
log_insert('link_publish', $link->id, $link->author);
$link->annotation .= _('publicación'). "<br/>";
$link->save_annotation('link-karma');
if ($globals['url_shortener']) {
$short_url = $link->get_short_permalink();
} else {
$short_url = fon_gs($link->get_permalink());
}
if ($globals['twitter_user'] && $globals['twitter_password']) {
twitter_post($link->title, $short_url);
}
if ($globals['jaiku_user'] && $globals['jaiku_key']) {
jaiku_post($link->title, $short_url);
}
if ($globals['pubsub']) {
pubsub_post();
}
if ($link->start_date) {
createEvent($client, $link->title, $link->content, $link->start_date, $link->end_date);
}
}
exit;
}
$id = $_GET['id'];
$fversion = $_GET['fversion'];
$lang = $_GET['lang'];
$query = "delete from flangs where subID={$id} and fversion={$fversion} and lang_id={$lang}";
mysql_query($query);
$query = "delete from subs where subID={$id} and fversion={$fversion} and lang_id={$lang}";
mysql_query($query);
$query = "select count(*) from flangs where subID={$id} and fversion={$fversion}";
$result = mysql_query($query);
if (mysql_result($result, 0) < 1) {
$query = "delete from fversions where subID={$id} and fversion={$fversion}";
mysql_query($query);
$query = "delete from translating where subID={$id} and fversion={$fversion}";
mysql_query($query);
$query = "select max(fversion) from fversions where subID={$id}";
$result = mysql_query($query);
if (mysql_result($result, 0) > $fversion) {
$query = "update fversions set fversion = fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
$query = "update flangs set fversion = fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
$query = "update subs set fversion = fversion -1 where subID={$id} and fversion>{$fversion}";
mysql_query($query);
}
}
log_insert(LOG_deleteLanguage, bd_getLangName($lang), $_SESSION['userID'], $id, bd_userIsModerador());
$url = bd_getUrl($id);
location($url);
bbdd_close();
header("Content-Type: text/plain");
$now = time();
$max_date = "date_sub(now(), interval 15 minute)";
$min_date = "date_sub(now(), interval 20 hour)";
// Delete old bad links
$from = $now - 900;
$db->query("delete from links where link_status='discard' and link_date < from_unixtime({$from}) and link_votes = 0");
$negatives = $db->get_results("select SQL_NO_CACHE link_id, link_karma, link_votes, link_negatives, link_author from links where link_date < {$max_date} and link_date > {$min_date} and link_status = 'queued' and link_karma < link_votes*2 and link_negatives > 3 order by link_negatives desc limit 10 ");
//$db->debug();
if (!$negatives) {
echo "no negatives to analyze\n";
die;
}
foreach ($negatives as $negative) {
$linkid = $negative->link_id;
$positive_users_count = $db->get_var("select SQL_NO_CACHE count(*) from votes where vote_type='links' and vote_link_id = {$linkid} and vote_user_id > 0 and vote_value > 0");
$positive_users = intval($db->get_var("select SQL_NO_CACHE sum(vote_value) from votes where vote_type='links' and vote_link_id = {$linkid} and vote_user_id > 0 and vote_value > 0"));
$negative_users_count = $db->get_var("select SQL_NO_CACHE count(*) from votes, users where vote_type='links' and vote_link_id = {$linkid} and vote_user_id > 0 and vote_value < 0 and user_id = vote_user_id");
$negative_users = intval($db->get_var("select SQL_NO_CACHE sum(vote_value-user_karma/2) from votes, users where vote_type='links' and vote_link_id = {$linkid} and vote_user_id > 0 and vote_value < 0 and user_id = vote_user_id"));
//if ($negative_users_count > 2 && ($negative_users_count + $negative_annonymous_count) > $positive_count &&
// $positive < abs($negative_annonymous) + abs($negative_users) ) {
if ($negative_users_count > 2 && $negative_users_count > $positive_users_count && $positive_users < abs($negative_users)) {
$status = "DISCARD";
$db->query("update links set link_status='discard' where link_id = {$linkid}");
// Add the discard to log/event
log_insert('link_discard', $linkid, $negative->link_author);
} else {
$status = "OK";
}
echo "{$linkid}: {$negative->link_karma} ({$negative->link_votes}, {$negative->link_negatives}), {$negative_users} ({$negative_users_count}) {$status}\n";
}
