function qa_user_permit_error($permitoption = null, $limitaction = null, $userlevel = null, $checkblocks = true) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } require_once QA_INCLUDE_DIR . 'app/limits.php'; $userid = qa_get_logged_in_userid(); if (!isset($userlevel)) { $userlevel = qa_get_logged_in_level(); } $flags = qa_get_logged_in_flags(); if (!$checkblocks) { $flags &= ~QA_USER_FLAGS_USER_BLOCKED; } $error = qa_permit_error($permitoption, $userid, $userlevel, $flags); if ($checkblocks && !$error && qa_is_ip_blocked()) { $error = 'ipblock'; } if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_CONFIRM && qa_opt('confirm_user_emails')) { $error = 'confirm'; } if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_APPROVE && qa_opt('moderate_users')) { $error = 'approve'; } if (isset($limitaction) && !$error) { if (qa_user_limits_remaining($limitaction) <= 0) { $error = 'limit'; } } return $error; }
function qa_page_q_edit_a_submit($answer, $question, $answers, $commentsfollows, &$in, &$errors) { $answerid = $answer['postid']; $prefix = 'a' . $answerid . '_'; $in = array('dotoc' => qa_post_text($prefix . 'dotoc'), 'commenton' => qa_post_text($prefix . 'commenton')); if ($answer['isbyuser']) { $in['name'] = qa_post_text($prefix . 'name'); $in['notify'] = qa_post_text($prefix . 'notify') ? true : false; $in['email'] = qa_post_text($prefix . 'email'); } if (!qa_user_post_permit_error('permit_edit_silent', $answer)) { $in['silent'] = qa_post_text($prefix . 'silent'); } qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']); // here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters $errors = array(); if (!qa_check_form_security_code('edit-' . $answerid, qa_post_text($prefix . 'code'))) { $errors['content'] = qa_lang_html('misc/form_security_again'); } else { $in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($answer)); $filtermodules = qa_load_modules_with('filter', 'filter_answer'); foreach ($filtermodules as $filtermodule) { $oldin = $in; $filtermodule->filter_answer($in, $errors, $question, $answer); qa_update_post_text($in, $oldin); } if (empty($errors)) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = qa_cookie_get(); if (!isset($in['silent'])) { $in['silent'] = false; } $setnotify = $answer['isbyuser'] ? qa_combine_notify_email($answer['userid'], $in['notify'], $in['email']) : $answer['notify']; if ($in['dotoc'] && ($in['commenton'] == $question['postid'] && $question['commentable'] || $in['commenton'] != $answerid && @$answers[$in['commenton']]['commentable'])) { // convert to a comment if (qa_user_limits_remaining(QA_LIMIT_COMMENTS)) { // already checked 'permit_post_c' qa_answer_to_comment($answer, $in['commenton'], $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $answers, $commentsfollows, @$in['name'], $in['queued'], $in['silent']); return 'C'; // to signify that redirect should be to the comment } else { $errors['content'] = qa_lang_html('question/comment_limit'); } // not really best place for error, but it will do } else { qa_answer_set_content($answer, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, @$in['name'], $in['queued'], $in['silent']); return 'A'; } } } return null; }
function qa_page_q_single_click_c($comment, $question, $parent, &$error) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = qa_cookie_get(); $prefix = 'c' . $comment['postid'] . '_'; if (qa_clicked($prefix . 'dohide') && $comment['hideable'] || qa_clicked($prefix . 'doreject') && $comment['moderatable']) { if (qa_page_q_click_check_form_code($parent, $error)) { qa_comment_set_hidden($comment, true, $userid, $handle, $cookieid, $question, $parent); return true; } } if (qa_clicked($prefix . 'doreshow') && $comment['reshowable'] || qa_clicked($prefix . 'doapprove') && $comment['moderatable']) { if (qa_page_q_click_check_form_code($parent, $error)) { if ($comment['moderatable'] || $comment['reshowimmed']) { $status = QA_POST_STATUS_NORMAL; } else { $in = qa_page_q_prepare_post_for_filters($comment); $filtermodules = qa_load_modules_with('filter', 'filter_comment'); // run through filters but only for queued status foreach ($filtermodules as $filtermodule) { $tempin = $in; // always pass original comment in because we aren't modifying anything else $filtermodule->filter_comment($tempin, $temperrors, $question, $parent, $comment); $in['queued'] = $tempin['queued']; // only preserve queued status in loop } $status = $in['queued'] ? QA_POST_STATUS_QUEUED : QA_POST_STATUS_NORMAL; } qa_comment_set_status($comment, $status, $userid, $handle, $cookieid, $question, $parent); return true; } } if (qa_clicked($prefix . 'dodelete') && $comment['deleteable'] && qa_page_q_click_check_form_code($parent, $error)) { qa_comment_delete($comment, $question, $parent, $userid, $handle, $cookieid); return true; } if (qa_clicked($prefix . 'doclaim') && $comment['claimable'] && qa_page_q_click_check_form_code($parent, $error)) { if (qa_user_limits_remaining(QA_LIMIT_COMMENTS)) { qa_comment_set_userid($comment, $userid, $handle, $cookieid); return true; } else { $error = qa_lang_html('question/comment_limit'); } } if (qa_clicked($prefix . 'doflag') && $comment['flagbutton'] && qa_page_q_click_check_form_code($parent, $error)) { require_once QA_INCLUDE_DIR . 'app/votes.php'; $error = qa_flag_error_html($comment, $userid, qa_request()); if (!$error) { if (qa_flag_set_tohide($comment, $userid, $handle, $cookieid, $question)) { qa_comment_set_hidden($comment, true, null, null, null, $question, $parent); } // hiding not really by this user so pass nulls return true; } } if (qa_clicked($prefix . 'dounflag') && $comment['unflaggable'] && qa_page_q_click_check_form_code($parent, $error)) { require_once QA_INCLUDE_DIR . 'app/votes.php'; qa_flag_clear($comment, $userid, $handle, $cookieid); return true; } if (qa_clicked($prefix . 'doclearflags') && $comment['clearflaggable'] && qa_page_q_click_check_form_code($parent, $error)) { require_once QA_INCLUDE_DIR . 'app/votes.php'; qa_flags_clear_all($comment, $userid, $handle, $cookieid); return true; } return false; }
// Check we're not using Q2A's single-sign on integration and that we're not logged in if (QA_FINAL_EXTERNAL_USERS) { qa_fatal_error('User login is handled by external code'); } if (qa_is_logged_in()) { qa_redirect(''); } // Process submitted form after checking we haven't reached rate limit $passwordsent = qa_get('ps'); $emailexists = qa_get('ee'); $inemailhandle = qa_post_text('emailhandle'); $inpassword = qa_post_text('password'); $inremember = qa_post_text('remember'); if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword))) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; if (!qa_check_form_security_code('login', qa_post_text('code'))) { $pageerror = qa_lang_html('misc/form_security_again'); } else { qa_limits_increment(null, QA_LIMIT_LOGINS); $errors = array(); if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($inemailhandle); } else { $matchusers = qa_db_user_find_by_handle($inemailhandle); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in
} // Check we haven't suspended registration, and this IP isn't blocked if (qa_opt('suspend_register_users')) { $qa_content = qa_content_prepare(); $qa_content['error'] = qa_lang_html('users/register_suspended'); return $qa_content; } if (qa_user_permit_error()) { $qa_content = qa_content_prepare(); $qa_content['error'] = qa_lang_html('users/no_permission'); return $qa_content; } // Process submitted form if (qa_clicked('doregister')) { require_once QA_INCLUDE_DIR . 'app/limits.php'; if (qa_user_limits_remaining(QA_LIMIT_REGISTRATIONS)) { require_once QA_INCLUDE_DIR . 'app/users-edit.php'; $inemail = qa_post_text('email'); $inpassword = qa_post_text('password'); $inhandle = qa_post_text('handle'); $interms = (int) qa_post_text('terms'); $inprofile = array(); foreach ($userfields as $userfield) { $inprofile[$userfield['fieldid']] = qa_post_text('field_' . $userfield['fieldid']); } if (!qa_check_form_security_code('register', qa_post_text('code'))) { $pageerror = qa_lang_html('misc/form_security_again'); } else { // core validation $errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword)); // T&Cs validation
function core_login($username, $password, $remember = false) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; $errors = array(); if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($username); } else { $matchusers = qa_db_user_find_by_handle($username); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false); return $userinfo; } else { $this->error = new IXR_Error(1512, qa_lang('users/password_wrong')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/user_not_found')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/login_limit')); } qa_limits_increment(null, QA_LIMIT_LOGINS); // log on failure return false; }