static function save_from_post($link) {
global $db, $current_user, $globals;
require_once(mnminclude.'ban.php');
$error = '';
if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida');
// Check if is a POST of a comment
if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 &&
$link->comments < $globals['max_comments'] &&
intval($_POST['link_id']) == $link->id && $current_user->authenticated &&
intval($_POST['user_id']) == $current_user->user_id &&
intval($_POST['randkey']) > 0
)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment;
$comment->link=$link->id;
$comment->ip = $db->escape($globals['user_ip']);
$comment->randkey=intval($_POST['randkey']);
$comment->author=intval($_POST['user_id']);
$comment->karma=round($current_user->user_karma);
$comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
$comment->parent=intval($_POST['parent_id']);
//get level
$parentComment = new Comment();
$parentComment->id = intval($comment->parent);
$parentComment->read_basic();
if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) {
return _('Chegache ao nivel límite de comentarios aniñados...');
}
$comment->nested_level = $parentComment->nested_level + 1;
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours+1);
if ( $clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
// Check the comment wasn't already stored
$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey"));
if ($already_stored) {
return _('comentario duplicado');
}
if (! $current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) $same_links_count *= 2;
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma/6, 2) * 2.5);
if ($comment_count > $comment_limit || $same_count > 2) {
$reduction = 0;
if ($comment_count > $comment_limit) {
$reduction += ($comment_count-3) * 0.1;
}
if($same_count > 1) {
$reduction += $same_count * 0.25;
}
if ($reduction > 0) {
$user = new User;
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)");
$user->store();
$annotation = new Annotation("karma-$user->id");
$annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n");
$error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces');
}
}
$db->transaction();
$comment->store();
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Comment stored, just redirect to it page
header('Location: '.$link->get_permalink() . '#c-'.$comment->order);
die;
//return $error;
}
function insert_comment()
{
global $link, $db, $current_user, $globals;
$error = '';
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if ($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && ($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) && intval($_POST['randkey']) > 0 && mb_strlen(trim($_POST['comment_content'])) > 2) {
require_once mnminclude . 'comment.php';
$comment = new Comment();
$comment->link = $link->id;
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->karma = 20;
$comment->type = 'admin';
}
if (mb_strlen($comment->content) > 0 && preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey}"));
// Check the comment wasn't already stored
if (!$already_stored) {
if ($comment->type != 'admin') {
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count() + $comment->same_links_count();
} else {
$comment_count = $same_count = 0;
}
if ($comment_count > 2 || $same_count > 2) {
require_once mnminclude . 'user.php';
$reduction = 0;
if ($comment_count > 3) {
$reduction += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$reduction += $same_count * 0.25;
}
if ($reduction > 0) {
$user = new User();
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: story decreasing {$reduction} of karma to {$current_user->user_login} (now {$user->karma})");
$user->store();
$error .= ' ' . 'penalización de karma por texto repetido o abuso de enlaces';
}
}
$comment->store();
$comment->insert_vote();
$link->update_comments();
// Re read link data
$link->read();
} else {
$error .= ' ' . 'duplicado';
}
} else {
$error .= ' ' . 'caracteres no válidos';
}
// We don't redirect, Firefox show cache data instead of the new data since we send lastmodification time.
//header('Location: '.$link->get_permalink());
//die;
} else {
$error .= ' ' . 'texto muy breve, karma bajo o usuario incorrecto';
}
return $error;
}
$user = new User;
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - 0.2;
$user->store();
$annotation = new Annotation("karma-$user->id");
$annotation->append(_('Voto cowboy a comentarios').": -0.2, karma: $user->karma\n");
error(_('¡tranquilo cowboy!, tu karma ha bajado: ') . $user->karma);
} else {
error(_('¡tranquilo cowboy!'));
}
}
$value = round($value * $current_user->user_karma);
$r = $comment->insert_vote($value);
if (!$r) {
error(_('ya se votó antes con el mismo usuario o IP'));
} elseif (is_array($r)) {
if ($r[0] == "DELETE") { // only delete
if ($value > 0) $i = $globals['base_static'].'img/common/vote-up-gy02.png';
else $i = $globals['base_static'].'img/common/vote-down-gy02.png';
if ($value > 0) {
$dict['image'] = $i;
} else {
$dict['image2'] = $i;
}
$comment->votes -= 1;
static function save_from_post($link, $redirect = true)
{
global $db, $current_user, $globals;
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment();
$comment->link = $link->id;
$comment->ip = $globals['user_ip'];
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours + 1);
if ($clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) {
// Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
if (!$current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) {
$same_links_count *= 2;
}
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5);
$karma_penalty = 0;
if ($comment_count > $comment_limit || $same_count > 2) {
if ($comment_count > $comment_limit) {
$karma_penalty += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$karma_penalty += $same_count * 0.25;
}
}
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$db->transaction();
// Check the comment wasn't already stored
$r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE"));
$already_stored = intval($r);
if ($already_stored) {
$db->rollback();
return _('comentario duplicado');
}
if ($karma_penalty > 0) {
$db->rollback();
$user = new User($current_user->user_id);
$user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios'));
return _('penalización de karma por texto repetido o abuso de enlaces');
}
if (!is_null($r) && $comment->store()) {
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
if ($redirect) {
// Comment stored, just redirect to it page
header('HTTP/1.1 303 Load');
header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order);
die;
} else {
return $comment;
}
}
$db->rollback();
return _('error insertando comentario');
//return $error;
}
check_referrer();
$comment = new Comment();
$comment->id = sanitize($_POST['id'], 3);
if (!is_numeric($comment->id)) {
die;
}
$comment->read();
if ($current_user->user_id == 0 && !anonnymous_vote) {
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_NoAnon'));
}
if ($current_user->user_id != sanitize($_POST['user'], 3)) {
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_BadUser') . $current_user->user_id . '-' . sanitize($_POST['user'], 3));
}
$md5 = md5(sanitize($_POST['user'], 3) . $comment->randkey);
if ($md5 !== sanitize($_POST['md5'], 3)) {
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_BadKey'));
}
if ($comment->votes($current_user->user_id) != 0 || votes_per_ip > 0 && $comment->votes_from_ip() >= votes_per_ip) {
/////
error($main_smarty->get_config_vars('PLIGG_Visual_Vote_AlreadyVoted'));
}
$value = sanitize($_POST['value'], 3);
if ($value < -10 || $value > 10) {
error('Invalid vote value');
}
$votes = $comment->insert_vote($current_user->user_id, $value);
$comment->votes = $votes;
$comment->store();
$count = $comment->votes;
echo "{$count} ~--~" . sanitize($_POST['id'], 3);
}
$votes_freq = intval($db->get_var("select count(*) from votes where vote_type='comments' and vote_user_id={$current_user->user_id} and vote_date > subtime(now(), '0:0:30') and vote_value <= 0 and vote_ip_int = " . $globals['user_ip_int']));
$freq = 5;
}
if ($votes_freq > $freq) {
if ($current_user->user_id > 0 && $current_user->user_karma > 4) {
// Crazy votes attack, decrease karma
// she does not deserve it :-)
$user = new User($current_user->user_id);
$user->add_karma(-0.2, _('Voto cowboy a comentarios'));
error(_('¡tranquilo cowboy!, tu karma ha bajado: ') . $user->karma);
} else {
error(_('¡tranquilo cowboy!'));
}
}
$value = round($value * $current_user->user_karma);
if (!$comment->insert_vote($value)) {
error(_('ya se votó antes con el mismo usuario o IP'));
}
$comment->votes++;
$comment->karma += $value;
$dict = array();
$dict['id'] = $id;
$dict['votes'] = $comment->votes;
$dict['value'] = $value;
$dict['karma'] = $comment->karma;
echo json_encode($dict);
function error($mess)
{
$dict['error'] = $mess;
echo json_encode($dict);
die;
function insert_comment()
{
global $link, $db, $current_user, $globals;
// Check if is a POST of a comment
if ($link->votes > 0 && $link->date > time() - $globals['time_enabled_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && ($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) && intval($_POST['randkey']) > 0 && strlen(trim($_POST['comment_content'])) > 2) {
require_once mnminclude . 'comment.php';
$comment = new Comment();
$comment->link = $link->id;
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = intval($current_user->user_karma);
$comment->content = clean_text($_POST['comment_content'], 0, false, 10000);
if (strlen($comment->content) > 0) {
// Lower karma to comments' spammers
$comment_count = $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} && comment_date > date_sub(now(), interval 3 minute)");
if ($comment_count > 3) {
require_once mnminclude . 'user.php';
$user = new User();
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - 0.5;
$user->store();
}
$comment->store();
$comment->insert_vote();
$link->update_comments();
}
header('Location: ' . $link->get_permalink());
die;
}
}