예제 #1
0
파일: comment.php 프로젝트: rasomu/chuza
	static function save_from_post($link) {
		global $db, $current_user, $globals;

		require_once(mnminclude.'ban.php');

		$error = '';
		if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida');

		// Check if is a POST of a comment

		if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 && 
				$link->comments < $globals['max_comments'] &&
				intval($_POST['link_id']) == $link->id && $current_user->authenticated && 
				intval($_POST['user_id']) == $current_user->user_id &&
				intval($_POST['randkey']) > 0
				)) {
			return _('comentario o usuario incorrecto');
		}

		if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
			return _('karma demasiado bajo');
		}

		$comment = new Comment;

		$comment->link=$link->id;
		$comment->ip = $db->escape($globals['user_ip']);
		$comment->randkey=intval($_POST['randkey']);
		$comment->author=intval($_POST['user_id']);
		$comment->karma=round($current_user->user_karma);
		$comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
    $comment->parent=intval($_POST['parent_id']);

    //get level
    $parentComment = new Comment();
    $parentComment->id = intval($comment->parent);
    $parentComment->read_basic();
    if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) {
				return _('Chegache ao nivel límite de comentarios aniñados...');
    }
    $comment->nested_level = $parentComment->nested_level + 1;


		// Check if is an admin comment
		if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
			$comment->type = 'admin';
		} 

		// Don't allow to comment with a clone
		$hours = intval($globals['user_comments_clon_interval']);
		if ($hours > 0) {
			$clones = $current_user->get_clones($hours+1);
			if ( $clones) {
				$l = implode(',', $clones);
				$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)");
				if ($c > 0) {
					syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri");
					return _('ya hizo un comentario con usuarios clones');
				}
			}
		}

		// Basic check to avoid abuses from same IP
		if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma

			// Avoid astroturfing from the same link's author
			if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
				UserAuth::insert_clon($comment->author, $link->author, $link->ip);
				syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink());
				return _('no se puede comentar desde la misma IP del autor del envío');
			}

			// Avoid floods with clones from the same IP
			if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) {
				syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)");
				return _('demasiados comentarios desde la misma IP con usuarios diferentes');
			}
		}


		if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char
			return _('texto muy breve o caracteres no válidos');
		}


		// Check the comment wasn't already stored
		$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey"));
		if ($already_stored) {
			return _('comentario duplicado');
		}

		if (! $current_user->admin) {
			$comment->get_links();
			if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
				syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)");
				return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
			}

			// Lower karma to comments' spammers
			$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)");
			// Check the text is not the same
			$same_count = $comment->same_text_count();
			$same_links_count = $comment->same_links_count();
			if ($comment->banned) $same_links_count *= 2;
			$same_count += $same_links_count;
		} else {
			$comment_count  = $same_count = 0;
		}

		$comment_limit = round(min($current_user->user_karma/6, 2) * 2.5);
		if ($comment_count > $comment_limit || $same_count > 2) {
			$reduction = 0;
			if ($comment_count > $comment_limit) {
				$reduction += ($comment_count-3) * 0.1;
			}
			if($same_count > 1) {
				$reduction += $same_count * 0.25;
			}
			if ($reduction > 0) {
				$user = new User;
				$user->id = $current_user->user_id;
				$user->read();
				$user->karma = $user->karma - $reduction;
				syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)");
				$user->store();
				$annotation = new Annotation("karma-$user->id");
				$annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n");
				$error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces');
			}
		}
		$db->transaction();
		$comment->store();
		$comment->insert_vote();
		$link->update_comments();
		$db->commit();
		// Comment stored, just redirect to it page
		header('Location: '.$link->get_permalink() . '#c-'.$comment->order);
		die;
		//return $error;
	}
예제 #2
0
function insert_comment()
{
    global $link, $db, $current_user, $globals;
    $error = '';
    require_once mnminclude . 'ban.php';
    if (check_ban_proxy()) {
        return _('dirección IP no permitida');
    }
    // Check if is a POST of a comment
    if ($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && ($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) && intval($_POST['randkey']) > 0 && mb_strlen(trim($_POST['comment_content'])) > 2) {
        require_once mnminclude . 'comment.php';
        $comment = new Comment();
        $comment->link = $link->id;
        $comment->randkey = intval($_POST['randkey']);
        $comment->author = intval($_POST['user_id']);
        $comment->karma = round($current_user->user_karma);
        $comment->content = clean_text($_POST['comment_content'], 0, false, 10000);
        // Check if is an admin comment
        if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
            $comment->karma = 20;
            $comment->type = 'admin';
        }
        if (mb_strlen($comment->content) > 0 && preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
            // Check there are at least a valid char
            $already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey}"));
            // Check the comment wasn't already stored
            if (!$already_stored) {
                if ($comment->type != 'admin') {
                    // Lower karma to comments' spammers
                    $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
                    // Check the text is not the same
                    $same_count = $comment->same_text_count() + $comment->same_links_count();
                } else {
                    $comment_count = $same_count = 0;
                }
                if ($comment_count > 2 || $same_count > 2) {
                    require_once mnminclude . 'user.php';
                    $reduction = 0;
                    if ($comment_count > 3) {
                        $reduction += ($comment_count - 3) * 0.1;
                    }
                    if ($same_count > 1) {
                        $reduction += $same_count * 0.25;
                    }
                    if ($reduction > 0) {
                        $user = new User();
                        $user->id = $current_user->user_id;
                        $user->read();
                        $user->karma = $user->karma - $reduction;
                        syslog(LOG_NOTICE, "Meneame: story decreasing {$reduction} of karma to {$current_user->user_login} (now {$user->karma})");
                        $user->store();
                        $error .= ' ' . 'penalización de karma por texto repetido o abuso de enlaces';
                    }
                }
                $comment->store();
                $comment->insert_vote();
                $link->update_comments();
                // Re read link data
                $link->read();
            } else {
                $error .= ' ' . 'duplicado';
            }
        } else {
            $error .= ' ' . 'caracteres no válidos';
        }
        // We don't redirect, Firefox show cache data instead of the new data since we send lastmodification time.
        //header('Location: '.$link->get_permalink());
        //die;
    } else {
        $error .= ' ' . 'texto muy breve, karma bajo o usuario incorrecto';
    }
    return $error;
}
예제 #3
0
    	$user = new User;
    	$user->id = $current_user->user_id;
    	$user->read();
    	$user->karma = $user->karma - 0.2;
		$user->store();
		$annotation = new Annotation("karma-$user->id");
		$annotation->append(_('Voto cowboy a comentarios').": -0.2, karma: $user->karma\n");
		error(_('¡tranquilo cowboy!, tu karma ha bajado: ') . $user->karma);
	} else  {
		error(_('¡tranquilo cowboy!'));
	}
}

$value = round($value * $current_user->user_karma);

$r = $comment->insert_vote($value);
if (!$r) {
	error(_('ya se votó antes con el mismo usuario o IP'));
} elseif (is_array($r)) { 

  if ($r[0] == "DELETE") { // only delete

    if ($value > 0) $i = $globals['base_static'].'img/common/vote-up-gy02.png';
    else $i = $globals['base_static'].'img/common/vote-down-gy02.png';

    if ($value > 0) {
      $dict['image'] = $i;
    } else {
      $dict['image2'] = $i;
    }
    $comment->votes -= 1;
예제 #4
0
 static function save_from_post($link, $redirect = true)
 {
     global $db, $current_user, $globals;
     require_once mnminclude . 'ban.php';
     if (check_ban_proxy()) {
         return _('dirección IP no permitida');
     }
     // Check if is a POST of a comment
     if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) {
         return _('comentario o usuario incorrecto');
     }
     if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
         return _('karma demasiado bajo');
     }
     $comment = new Comment();
     $comment->link = $link->id;
     $comment->ip = $globals['user_ip'];
     $comment->randkey = intval($_POST['randkey']);
     $comment->author = intval($_POST['user_id']);
     $comment->karma = round($current_user->user_karma);
     $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
     // Check if is an admin comment
     if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
         $comment->type = 'admin';
     }
     // Don't allow to comment with a clone
     $hours = intval($globals['user_comments_clon_interval']);
     if ($hours > 0) {
         $clones = $current_user->get_clones($hours + 1);
         if ($clones) {
             $l = implode(',', $clones);
             $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})");
             if ($c > 0) {
                 syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}");
                 return _('ya hizo un comentario con usuarios clones');
             }
         }
     }
     // Basic check to avoid abuses from same IP
     if (!$current_user->admin && $current_user->user_karma < 6.2) {
         // Don't check in case of admin comments or higher karma
         // Avoid astroturfing from the same link's author
         if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
             UserAuth::insert_clon($comment->author, $link->author, $link->ip);
             syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink());
             return _('no se puede comentar desde la misma IP del autor del envío');
         }
         // Avoid floods with clones from the same IP
         if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) {
             syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})");
             return _('demasiados comentarios desde la misma IP con usuarios diferentes');
         }
     }
     if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
         // Check there are at least a valid char
         return _('texto muy breve o caracteres no válidos');
     }
     if (!$current_user->admin) {
         $comment->get_links();
         if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
             syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})");
             return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
         }
         // Lower karma to comments' spammers
         $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
         // Check the text is not the same
         $same_count = $comment->same_text_count();
         $same_links_count = $comment->same_links_count();
         if ($comment->banned) {
             $same_links_count *= 2;
         }
         $same_count += $same_links_count;
     } else {
         $comment_count = $same_count = 0;
     }
     $comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5);
     $karma_penalty = 0;
     if ($comment_count > $comment_limit || $same_count > 2) {
         if ($comment_count > $comment_limit) {
             $karma_penalty += ($comment_count - 3) * 0.1;
         }
         if ($same_count > 1) {
             $karma_penalty += $same_count * 0.25;
         }
     }
     // Check image limits
     if (!empty($_FILES['image']['tmp_name'])) {
         $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
         if ($limit_exceded) {
             return $limit_exceded;
         }
     }
     $db->transaction();
     // Check the comment wasn't already stored
     $r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE"));
     $already_stored = intval($r);
     if ($already_stored) {
         $db->rollback();
         return _('comentario duplicado');
     }
     if ($karma_penalty > 0) {
         $db->rollback();
         $user = new User($current_user->user_id);
         $user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios'));
         return _('penalización de karma por texto repetido o abuso de enlaces');
     }
     if (!is_null($r) && $comment->store()) {
         $comment->insert_vote();
         $link->update_comments();
         $db->commit();
         // Check image upload or delete
         if ($_POST['image_delete']) {
             $comment->delete_image();
         } else {
             $comment->store_image_from_form('image');
         }
         if ($redirect) {
             // Comment stored, just redirect to it page
             header('HTTP/1.1 303 Load');
             header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order);
             die;
         } else {
             return $comment;
         }
     }
     $db->rollback();
     return _('error insertando comentario');
     //return $error;
 }
예제 #5
0
    check_referrer();
    $comment = new Comment();
    $comment->id = sanitize($_POST['id'], 3);
    if (!is_numeric($comment->id)) {
        die;
    }
    $comment->read();
    if ($current_user->user_id == 0 && !anonnymous_vote) {
        error($main_smarty->get_config_vars('PLIGG_Visual_Vote_NoAnon'));
    }
    if ($current_user->user_id != sanitize($_POST['user'], 3)) {
        error($main_smarty->get_config_vars('PLIGG_Visual_Vote_BadUser') . $current_user->user_id . '-' . sanitize($_POST['user'], 3));
    }
    $md5 = md5(sanitize($_POST['user'], 3) . $comment->randkey);
    if ($md5 !== sanitize($_POST['md5'], 3)) {
        error($main_smarty->get_config_vars('PLIGG_Visual_Vote_BadKey'));
    }
    if ($comment->votes($current_user->user_id) != 0 || votes_per_ip > 0 && $comment->votes_from_ip() >= votes_per_ip) {
        /////
        error($main_smarty->get_config_vars('PLIGG_Visual_Vote_AlreadyVoted'));
    }
    $value = sanitize($_POST['value'], 3);
    if ($value < -10 || $value > 10) {
        error('Invalid vote value');
    }
    $votes = $comment->insert_vote($current_user->user_id, $value);
    $comment->votes = $votes;
    $comment->store();
    $count = $comment->votes;
    echo "{$count} ~--~" . sanitize($_POST['id'], 3);
}
예제 #6
0
    $votes_freq = intval($db->get_var("select count(*) from votes where vote_type='comments' and vote_user_id={$current_user->user_id} and vote_date > subtime(now(), '0:0:30') and vote_value <= 0 and vote_ip_int = " . $globals['user_ip_int']));
    $freq = 5;
}
if ($votes_freq > $freq) {
    if ($current_user->user_id > 0 && $current_user->user_karma > 4) {
        // Crazy votes attack, decrease karma
        // she does not deserve it :-)
        $user = new User($current_user->user_id);
        $user->add_karma(-0.2, _('Voto cowboy a comentarios'));
        error(_('¡tranquilo cowboy!, tu karma ha bajado: ') . $user->karma);
    } else {
        error(_('¡tranquilo cowboy!'));
    }
}
$value = round($value * $current_user->user_karma);
if (!$comment->insert_vote($value)) {
    error(_('ya se votó antes con el mismo usuario o IP'));
}
$comment->votes++;
$comment->karma += $value;
$dict = array();
$dict['id'] = $id;
$dict['votes'] = $comment->votes;
$dict['value'] = $value;
$dict['karma'] = $comment->karma;
echo json_encode($dict);
function error($mess)
{
    $dict['error'] = $mess;
    echo json_encode($dict);
    die;
예제 #7
0
function insert_comment()
{
    global $link, $db, $current_user, $globals;
    // Check if is a POST of a comment
    if ($link->votes > 0 && $link->date > time() - $globals['time_enabled_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && ($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) && intval($_POST['randkey']) > 0 && strlen(trim($_POST['comment_content'])) > 2) {
        require_once mnminclude . 'comment.php';
        $comment = new Comment();
        $comment->link = $link->id;
        $comment->randkey = intval($_POST['randkey']);
        $comment->author = intval($_POST['user_id']);
        $comment->karma = intval($current_user->user_karma);
        $comment->content = clean_text($_POST['comment_content'], 0, false, 10000);
        if (strlen($comment->content) > 0) {
            // Lower karma to comments' spammers
            $comment_count = $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} && comment_date > date_sub(now(), interval 3 minute)");
            if ($comment_count > 3) {
                require_once mnminclude . 'user.php';
                $user = new User();
                $user->id = $current_user->user_id;
                $user->read();
                $user->karma = $user->karma - 0.5;
                $user->store();
            }
            $comment->store();
            $comment->insert_vote();
            $link->update_comments();
        }
        header('Location: ' . $link->get_permalink());
        die;
    }
}