/** * Adds a post to the database * @param Request $request The request object */ public function add($request) { // The topic id that this post belongs to $topic_id = (int) $request->get('topicId'); $response = new Response(); // Should never happen legit but just incase if (!$topic_id) { $response->setStatusCode(400); $response->setContent($this->app->trans('UNKNOWN_ERROR')); return $response; } // Get the topic so we can use it later $topic = $this->app['topic']->findById($topic_id); $forum = $this->app['forum']->findById($topic['forum']); if (!$forum) { return new Response($this->app->trans('UNKNOWN_ERROR'), 500); } // get the logged in user // @todo make a wrapper for this $user = $this->app['session']->get('user'); if (!$user) { $response->setStatusCode(400); $response->setContent($this->app->trans('MUST_BE_LOGGED_IN')); return $response; } // Should never happen legit but just incase if (!$topic) { return new Response($this->app->trans('UNKNOWN_ERROR'), 500); } // If the topic is locked and user cannot bypass it if ($topic['locked'] && !\ASF\Permissions::hasPermission('BYPASS_RESTRICTIONS')) { $response->setStatusCode(400); $response->setContent($this->app->trans('TOPIC_LOCKED')); return $response; } if (!\ASF\Permissions::hasPermission('CREATE_POST')) { $response->setStatusCode(400); $response->setContent($this->app->trans('NO_PERMISSION')); return $response; } $name = $request->get('name'); $content = $request->get('reply'); $attachments = $request->files->get('attachments'); if ($attachments[0] != null) { if (count($attachments) > 5) { $response->setStatusCode(400); $response->setContent($this->app->trans('TOO_MANY_ATTACHMENTS')); return $response; } foreach ($attachments as $attachment) { $attachment_name = $attachment->getClientOriginalName(); $size = $attachment->getClientSize(); $mime = $attachment->getClientMimeType(); if ($size >= $this->app['files']['maxSize']) { $response->setStatusCode(400); $response->setContent($this->app->trans('FILE_TOO_BIG', array($attachment_name, $this->app['files']['maxSize'] / 1024))); return $response; } $ext = pathinfo($attachment_name, PATHINFO_EXTENSION); if (!in_array($ext, $this->app['files']['types'])) { $response->setStatusCode(400); $response->setContent($this->app->trans('INVALID_FILE_EXT', array($ext, implode(', ', $this->app['files']['types'])))); return $response; } } } $constraints = new Assert\Collection(array('name' => array(new Assert\NotBlank(array('message' => 'FILL_ALL_FIELDS')), new Assert\Length(array('min' => 6, 'max' => 50, 'minMessage' => $this->app->trans('MIN_LENGTH', array('%field%' => 'body', '%min%' => 6)), 'maxMessage' => $this->app->trans('MAX_LENGTH', array('%field%' => 'title', '%max%' => 25))))), 'content' => array(new Assert\NotBlank(array('message' => 'FILL_ALL_FIELDS')), new Assert\Length(array('min' => 6, 'minMessage' => $this->app->trans('MIN_LENGTH', array('%field%' => 'body', '%min%' => 6))))))); // Temp variable which removes html to check actual length $content_string_test = strip_tags($content); $data = array('name' => $name, 'content' => $content_string_test); $errors = $this->app['validator']->validateValue($data, $constraints); if (count($errors) > 0) { $response->setStatusCode(400); $response->setContent($this->app->trans($errors[0]->getMessage())); return $response; } $content = strip_tags($content, implode(',', $this->allowed_html)); $content = str_replace('href=', 'target="_blank" rel="nofollow" href=', $content); $time = date('Y-m-d H:i:s'); $last = $this->app['db']->fetchAssoc('SELECT * FROM posts WHERE topic=? ORDER BY added DESC LIMIT 1', array($topic_id)); if ($last['author'] == $user['id']) { if ($this->app['board']['doublePost'] === 'merge') { preg_match('/<div class="update">(.*)<\\/div>/s', $last['content'], $matches); if (count($matches) > 0) { $content = preg_replace('/<div class="update">(.*)<\\/div>/s', '<div class="update">' . "\n" . '$1' . "\n" . $content . '</div>', $last['content']); } else { $content = $last['content'] . '<div class="update"><h2>Update</h2>' . "\n" . $content . '</div>'; } $this->app['db']->update('posts', array('content' => $content, 'updated' => $time), array('id' => $last['id'])); $this->app['db']->update('topics', array('updated' => $time), array('id' => $last['topic'])); $this->app['db']->update('forums', array('lastTopicId' => $topic['id'], 'lastAuthorId' => $user['id'], 'lastPostTime' => $time, 'lastPostId' => $last['id']), array('id' => $last['forum'])); $files = []; // Upload attachments if ($attachments[0] != null) { foreach ($attachments as $attachment) { $attachment_name = $attachment->getClientOriginalName(); $file_name = time() . '-' . $attachment_name; try { $attachment->move($upload_dir, $file_name); } catch (\Exception $e) { $response->setStatusCode(500); $response->setContent($this->app->trans('COULDNT_UPLOAD_FILE', array($attachment_name))); return $response; } $this->app['db']->insert('attachments', array('post_id' => $last['id'], 'name' => $attachment_name, 'file_name' => $file_name, 'size' => $attachment->getClientSize(), 'mime' => $attachment->getClientMimeType(), 'added' => $time)); $files[] = array('name' => $attachment_name, 'size' => $attachment->getClientSize(), 'mime' => $attachment->getClientMimeType()); } } $response->setContent(json_encode(array('id' => $last['id'], 'content' => $content, 'updated' => true, 'attachments' => json_encode($files)))); return $response; } else { if ($this->app['board']['doublePost'] === 'disallow') { $response->setStatusCode(400); $response->setContent($this->app->trans('NO_DOUBLE_POST')); return $response; } } } // Format mentions $mentions = $this->parseMentions($content); if ($mentions['has_mentions']) { $content = $mentions['content']; } $this->app['db']->insert('posts', array('topic' => $topic['id'], 'forum' => $topic['forum'], 'name' => $name, 'content' => $content, 'author' => $user['id'], 'added' => $time, 'updated' => $time)); $post_id = $this->app['db']->lastInsertId(); $post_url = '/' . $this->app['board']['base'] . urlencode($forum['name']) . '/' . urlencode($topic['name']) . '-' . $topic['id'] . '/#' . $post_id; if ($mentions['has_mentions']) { $content = $mentions['content']; foreach ($mentions['users'] as $mention) { $this->app['notification']->add(new Request(['user_id' => $mention['data']['id'], 'notification' => '<a href="/' . $this->app['board']['base'] . 'user/' . $user['username'] . '/" class="user-link">' . $user['username'] . '</a> mentioned you in a <a href="' . $post_url . '">post</a>'])); } } // Upload attachments if ($attachments[0] != null) { $upload_dir = dirname(dirname(__DIR__)) . '/public/uploads/attachments'; foreach ($attachments as $attachment) { $attachment_name = $attachment->getClientOriginalName(); $file_name = time() . '-' . $attachment_name; $attachment->move($upload_dir, $file_name); if ($attachment->getError()) { // Couldnt upload attachment, delete post $this->app['db']->delete('posts', array('id' => $post_id)); $response->setStatusCode(500); $response->setContent($this->app->trans('COULDNT_UPLOAD_FILE', array($attachment_name))); return $response; } $this->app['db']->insert('attachments', array('post_id' => $post_id, 'name' => $attachment_name, 'file_name' => $file_name, 'size' => $attachment->getClientSize(), 'mime' => $attachment->getClientMimeType(), 'added' => time())); } } $this->app['db']->update('topics', array('replies' => $topic['replies'] + 1, 'updated' => $time, 'lastAuthorId' => $user['id'], 'lastPostId' => $post_id), array('id' => $topic_id)); $this->app['db']->executeQuery('UPDATE forums SET posts=posts+1, lastTopicId=?,lastAuthorId=?, lastPostTime=?, lastPostId=? WHERE id=? LIMIT 1', array($topic['id'], $user['id'], $time, $post_id, $topic['forum'])); $post_count = $this->app['db']->fetchColumn('SELECT COUNT(id) FROM posts WHERE topic=?', array($topic_id)); $this->app['cache']->collection = $this->app['cache']->setCollection($this->app['database']['name'], 'posts'); $this->app['cache']->delete_group('topic-post-count-' . $topic_id); $this->app['cache']->delete_group('topic-posts-' . $topic_id); $this->app['cache']->collection = $this->app['cache']->setCollection($this->app['database']['name'], 'forums'); $this->app['cache']->delete_group('forum-' . $topic['forum']); $this->app['cache']->collection = $this->app['cache']->setCollection($this->app['database']['name'], 'topics'); $this->app['cache']->delete('topic-' . $topic_id); $page = (int) ceil($post_count / $this->app['board']['postsPerPage']); $this->app['db']->executeQuery('UPDATE users SET posts=posts+1 WHERE id=? LIMIT 1', array($user['id'])); return json_encode(array('id' => $post_id, 'username' => $user['username'], 'userId' => $user['id'], 'userGroup' => $user['group']['name'], 'userPosts' => $user['posts'], 'page' => $page)); }
public function deleteComment(Request $request) { $comment_id = (int) $request->get('commentId'); $response = new Response(); if (!$comment_id) { $response->setStatusCode(500); $response->setContent($this->app->trans('UNKNOWN_ERROR')); return $response; } $comment = $this->app['db']->fetchAssoc('SELECT * FROM profile_comments WHERE id=? LIMIT 1', array($comment_id)); if (!$comment) { $response->setStatusCode(500); $response->setContent($this->app->trans('MUST_BE_LOGGED_IN')); return $response; } $user = $this->app['session']->get('user'); if (!$user) { $response->setStatusCode(500); $response->setContent($this->app->trans('MUST_BE_LOGGED_IN')); return $response; } if ($user['id'] != $comment['author'] && !\ASF\Permissions::hasPermission('EDIT_POSTS')) { $response->setStatusCode(500); $response->setContent($this->app->trans('NO_PERMISSION')); return $response; } $this->app['db']->update('profile_comments', array('deleted' => 1), array('id' => $comment_id)); $this->app['cache']->collection = $this->app['cache']->setCollection($this->app['database']['name'], 'profiles'); $this->app['cache']->delete('profile-comment-' . $comment_id); $this->app['cache']->delete_group('profile-comments-' . $comment['profile']); return true; }
public function addTopic(Request $request) { $user = $this->app['session']->get('user'); $response = new Response(); if (!$user) { $response->setStatusCode(400); $response->setContent($this->app->trans('MUST_BE_LOGGED_IN')); return $response; } if (!\ASF\Permissions::hasPermission('CREATE_TOPIC')) { $response->setStatusCode(400); $response->setContent($this->app->trans('NO_PERMISSION')); return $response; } $forum_id = (int) $request->get('forumId'); if (!$forum_id) { $response->setStatusCode(500); $response->setContent($this->app->trans('UNKNOWN_ERROR')); return $response; } $forum = $this->app['forum']->findById($forum_id); if (!$forum) { $response->setStatusCode(500); $response->setContent($this->app->trans('UNKNOWN_ERROR')); return $response; } $name = $request->get('title'); $content = $request->get('content'); $locked = $request->get('locked'); $sticky = $request->get('sticky'); if (!$locked) { $locked = 0; } if (!$sticky) { $sticky = 0; } if (!$name || !$content) { $response->setStatusCode(400); $response->setContent($this->app->trans('FILL_ALL_FIELDS')); return $response; } $name = strip_tags($name); $content = strip_tags($content, implode(',', $this->allowed_html)); $attachments = $request->files->get('attachments'); if ($attachments[0] != null) { if (count($attachments) > 5) { $response->setStatusCode(400); $response->setContent($this->app->trans('TOO_MANY_ATTACHMENTS')); return $response; } foreach ($attachments as $attachment) { $attachment_name = $attachment->getClientOriginalName(); $size = $attachment->getClientSize(); $mime = $attachment->getClientMimeType(); if ($size >= $this->app['files']['maxSize']) { $response->setStatusCode(400); $response->setContent($this->app->trans('FILE_TOO_BIG', array($attachment_name, $this->app['files']['maxSize'] / 1024))); return $response; } $ext = pathinfo($attachment_name, PATHINFO_EXTENSION); if (!in_array($ext, $this->app['files']['types'])) { $response->setStatusCode(400); $response->setContent($this->app->trans('INVALID_FILE_EXT', array($ext, implode(', ', $this->app['files']['types'])))); return $response; } } } if (!\ASF\Permissions::hasPermission('BYPASS_RESTRICTIONS')) { $user_last = $this->app['db']->fetchAssoc('SELECT forum, added FROM topics WHERE author=? AND forum=? ORDER BY added DESC LIMIT 1', array($user['id'], $forum_id)); $time_since_last = time() - (int) $user_last['added']; if ($time_since_last < 300) { $seconds = 300 - $time_since_last; $minutes = round($seconds / 60); $seconds = $seconds % 60; $response->setStatusCode(403); $response->setContent($this->app->trans('TOPIC_POST_LIMIT', array($minutes, $seconds))); return $response; } } $time = date('Y-m-d H:i:s'); $this->app['db']->insert('topics', array('forum' => $forum_id, 'name' => $name, 'author' => $user['id'], 'locked' => $locked, 'sticky' => $sticky, 'added' => $time, 'updated' => $time, 'lastPostId' => 0, 'lastAuthorId' => $user['id'])); $topic_id = $this->app['db']->lastInsertId(); // Format mentions $mentions = $this->app['post']->parseMentions($content); if ($mentions['has_mentions']) { $content = $mentions['content']; } $this->app['db']->insert('posts', array('topic' => $topic_id, 'forum' => $forum_id, 'name' => $name, 'content' => $content, 'author' => $user['id'], 'added' => $time, 'updated' => $time)); $post_id = $this->app['db']->lastInsertId(); $post_url = '/' . $this->app['board']['base'] . urlencode($forum['name']) . '/' . urlencode($name) . '-' . $topic_id . '/#' . $post_id; if ($mentions['has_mentions']) { $content = $mentions['content']; foreach ($mentions['users'] as $mention) { $this->app['notification']->add(new Request(['user_id' => $mention['data']['id'], 'notification' => '<a href="/' . $this->app['board']['base'] . 'user/' . $user['username'] . '/" class="user-link">' . $user['username'] . '</a> mentioned you in a <a href="' . $post_url . '">post</a>'])); } } // Upload attachments if ($attachments[0] != null) { $upload_dir = dirname(dirname(__DIR__)) . '/public/uploads/attachments'; foreach ($attachments as $attachment) { $attachment_name = $attachment->getClientOriginalName(); $file_name = time() . '-' . $attachment_name; $attachment->move($upload_dir, $file_name); if ($attachment->getError()) { // Couldnt upload attachment, delete post $this->app['db']->delete('posts', array('id' => $post_id)); $response->setStatusCode(500); $response->setContent($this->app->trans('COULDNT_UPLOAD_FILE', array($attachment_name))); return $response; } $this->app['db']->insert('attachments', array('post_id' => $post_id, 'name' => $attachment_name, 'file_name' => $file_name, 'size' => $attachment->getClientSize(), 'mime' => $attachment->getClientMimeType(), 'added' => time())); } } $this->app['db']->update('topics', array('lastPostId' => $post_id), array('id' => $topic_id)); $this->app['db']->executeQuery('UPDATE forums SET topics=topics+1, posts=posts+1, lastTopicId=?, lastAuthorId=?, lastPostTime=?, lastPostId=?, updated=? WHERE id=? LIMIT 1', array($topic_id, $user['id'], $time, $post_id, $time, $forum_id)); $this->app['db']->executeQuery('UPDATE users SET topics=topics+1, posts=posts+1 WHERE id=? LIMIT 1', array($user['id'])); $this->app['cache']->collection = $this->collection; $this->app['cache']->delete_group('topics-recent'); $this->app['cache']->delete_group('topics-forum-' . $forum_id); $this->app['cache']->setCollection($this->app['database']['name'], 'forums'); $this->app['cache']->delete('forum-' . $forum_id); $this->app['cache']->delete('forums.all'); return json_encode(array('id' => $topic_id, 'topic_id' => $topic_id, 'post_id' => $post_id, 'content' => $content, 'author' => $user['username'], 'forum_name' => $forum['name'], 'locked' => $locked, 'sticky' => $sticky)); }