function insert_comment() { global $link, $db, $current_user, $globals; $error = ''; require_once mnminclude . 'ban.php'; if (check_ban_proxy()) { return _('dirección IP no permitida'); } // Check if is a POST of a comment if ($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && ($current_user->user_karma > $globals['min_karma_for_comments'] || $current_user->user_id == $link->author) && intval($_POST['randkey']) > 0 && mb_strlen(trim($_POST['comment_content'])) > 2) { require_once mnminclude . 'comment.php'; $comment = new Comment(); $comment->link = $link->id; $comment->randkey = intval($_POST['randkey']); $comment->author = intval($_POST['user_id']); $comment->karma = round($current_user->user_karma); $comment->content = clean_text($_POST['comment_content'], 0, false, 10000); // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->karma = 20; $comment->type = 'admin'; } if (mb_strlen($comment->content) > 0 && preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char $already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey}")); // Check the comment wasn't already stored if (!$already_stored) { if ($comment->type != 'admin') { // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count() + $comment->same_links_count(); } else { $comment_count = $same_count = 0; } if ($comment_count > 2 || $same_count > 2) { require_once mnminclude . 'user.php'; $reduction = 0; if ($comment_count > 3) { $reduction += ($comment_count - 3) * 0.1; } if ($same_count > 1) { $reduction += $same_count * 0.25; } if ($reduction > 0) { $user = new User(); $user->id = $current_user->user_id; $user->read(); $user->karma = $user->karma - $reduction; syslog(LOG_NOTICE, "Meneame: story decreasing {$reduction} of karma to {$current_user->user_login} (now {$user->karma})"); $user->store(); $error .= ' ' . 'penalización de karma por texto repetido o abuso de enlaces'; } } $comment->store(); $comment->insert_vote(); $link->update_comments(); // Re read link data $link->read(); } else { $error .= ' ' . 'duplicado'; } } else { $error .= ' ' . 'caracteres no válidos'; } // We don't redirect, Firefox show cache data instead of the new data since we send lastmodification time. //header('Location: '.$link->get_permalink()); //die; } else { $error .= ' ' . 'texto muy breve, karma bajo o usuario incorrecto'; } return $error; }
function check_chat() { global $db, $current_user, $now, $now_f, $globals, $events; if (empty($_POST['chat'])) { return; } $comment = trim(preg_replace("/[\r\n\t]/", ' ', $_REQUEST['chat'])); $comment = clear_whitespace($comment); if ($current_user->user_id > 0 && strlen(strip_tags($comment)) > 2) { // Sends a message back if the user has a very low karma if ($globals['min_karma_for_sneaker'] > 0 && $current_user->user_karma < $globals['min_karma_for_sneaker']) { $comment = _('no tienes suficiente karma para comentar en la fisgona') . ' (' . $current_user->user_karma . ' < ' . $globals['min_karma_for_sneaker'] . ')'; send_chat_warn($comment); return; } $period = $now - 4; $counter = intval($db->get_var("select count(*) from chats where chat_time > {$period} and chat_uid = {$current_user->user_id}")); if ($counter > 0) { $comment = _('tranquilo charlatán') . ' ;-)'; send_chat_warn($comment); return; } if (check_ban_proxy()) { send_chat_warn(_('proxy abierto no permitido')); return; } if (preg_match('/^!/', $comment)) { require_once 'sneaker-stats.php'; if (!($comment = check_stats($comment))) { send_chat_warn(_('comando no reconocido')); } else { send_string($comment); } return; } else { $comment = clean_text_with_tags($comment); $comment = preg_replace('/(^|[\\s\\.,¿#@])\\/me([\\s\\.,\\?]|$)/', "\$1<i>{$current_user->user_login}</i>\$2", $comment); if (mb_strlen($comment) > 255) { // Cut text longer that database, to avoid unclosed html tags $comment = mb_substr($comment, 0, 1) . mb_substr($comment, -254, 254); } } $from = $now - 1500; $db->query("delete from chats where chat_time < {$from}"); if ((!empty($_REQUEST['admin']) || preg_match('/^#/', $comment)) && $current_user->admin) { $room = 'admin'; $comment = preg_replace('/^# */', '', $comment); } elseif (!empty($_REQUEST['friends']) || preg_match('/^@/', $comment)) { $room = 'friends'; $comment = preg_replace('/^@ */', '', $comment); } else { $room = 'all'; } if (strlen($comment) > 0) { $comment = $db->escape(trim(normalize_smileys($comment))); $db->query("insert into chats (chat_time, chat_uid, chat_room, chat_user, chat_text) values ({$now_f}, {$current_user->user_id}, '{$room}', '{$current_user->user_login}', '{$comment}')"); } } }
<?php // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include '../config.php'; include_once mnminclude . 'ban.php'; header('Content-Type: application/json; charset=UTF-8'); if (check_ban_proxy()) { error(_('IP no permitida')); } if (!($id = check_integer('id'))) { error(_('falta el ID del comentario')); } if (empty($_REQUEST['user'])) { error(_('falta el código de usuario')); } if ($current_user->user_id != $_REQUEST['user']) { error(_('usuario incorrecto') . $current_user->user_id . '-' . htmlspecialchars($_REQUEST['user'])); } if (!check_security_key($_REQUEST['key'])) { error(_('clave de control incorrecta')); } if (empty($_REQUEST['value']) || !is_numeric($_REQUEST['value'])) { error(_('falta valor del voto')); } if ($current_user->user_karma < $globals['min_karma_for_post_votes']) { error(_('karma bajo para votar comentarios'));
<? // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include('../config.php'); include(mnminclude.'ban.php'); header('Content-Type: application/json; charset=UTF-8'); array_push($globals['cache-control'], 'no-cache'); http_cache(); if(!$globals["development"] && check_ban_proxy()) { error(_('IP no permitida')); } if(!($id=check_integer('id'))) { error(_('falta el ID del comentario')); } if(empty($_REQUEST['user'])) { error(_('falta el código de usuario')); } if($current_user->user_id != $_REQUEST['user']) { error(_('usuario incorrecto')); }
static function save_from_post($link) { global $db, $current_user, $globals; require_once(mnminclude.'ban.php'); $error = ''; if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida'); // Check if is a POST of a comment if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0 )) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment; $comment->link=$link->id; $comment->ip = $db->escape($globals['user_ip']); $comment->randkey=intval($_POST['randkey']); $comment->author=intval($_POST['user_id']); $comment->karma=round($current_user->user_karma); $comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000); $comment->parent=intval($_POST['parent_id']); //get level $parentComment = new Comment(); $parentComment->id = intval($comment->parent); $parentComment->read_basic(); if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) { return _('Chegache ao nivel límite de comentarios aniñados...'); } $comment->nested_level = $parentComment->nested_level + 1; // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours+1); if ( $clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } // Check the comment wasn't already stored $already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey")); if ($already_stored) { return _('comentario duplicado'); } if (! $current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) $same_links_count *= 2; $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma/6, 2) * 2.5); if ($comment_count > $comment_limit || $same_count > 2) { $reduction = 0; if ($comment_count > $comment_limit) { $reduction += ($comment_count-3) * 0.1; } if($same_count > 1) { $reduction += $same_count * 0.25; } if ($reduction > 0) { $user = new User; $user->id = $current_user->user_id; $user->read(); $user->karma = $user->karma - $reduction; syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)"); $user->store(); $annotation = new Annotation("karma-$user->id"); $annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n"); $error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces'); } } $db->transaction(); $comment->store(); $comment->insert_vote(); $link->update_comments(); $db->commit(); // Comment stored, just redirect to it page header('Location: '.$link->get_permalink() . '#c-'.$comment->order); die; //return $error; }
function do_submit1() { global $db, $dblang, $current_user, $globals; $url = clean_input_url($_POST['url']); $url = preg_replace('/^http:\/\/http:\/\//', 'http://', $url); // Some users forget to delete the foo http:// if (! preg_match('/^\w{3,6}:\/\//', $url)) { // http:// forgotten, add it $url = 'http://'.$url; } $url = preg_replace('/#[^\/]*$/', '', $url); // Remove the "#", people just abuse echo '<div>'."\n"; $new_user = false; if (!check_link_key()) { echo '<p class="error"><strong>'._('clave incorrecta').'</strong></p> '; echo '</div>'. "\n"; return; } if ($globals['min_karma_for_links'] > 0 && $current_user->user_karma < $globals['min_karma_for_links'] ) { echo '<p class="error"><strong>'._('no tienes el mínimo de karma para enviar una nueva historia').'</strong></p> '; echo '</div>'. "\n"; return; } // Don't allow to send a link by a clone $hours = intval($globals['user_links_clon_interval']); $clones = $current_user->get_clones($hours+1); if ($hours > 0 && $clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval $hours hour) and link_author in ($l)"); if ($c > 0) { echo '<p class="error">'._('ya se envió con otro usuario «clon» en las últimas horas'). ", "._('disculpa las molestias'). ' </p>'; syslog(LOG_NOTICE, "Meneame, clon submit ($current_user->user_login): $_POST[url]"); echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } } // Check the number of links sent by a user $queued_24_hours = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval 24 hour) and link_author=$current_user->user_id"); if (!$globals['development']) if ($globals['limit_user_24_hours'] && $queued_24_hours > $globals['limit_user_24_hours']) { echo '<p class="error">'._('debes esperar, tienes demasiados envíos en cola de las últimas 24 horas'). " ($queued_24_hours), "._('disculpa las molestias'). ' </p>'; syslog(LOG_NOTICE, "Meneame, too many queued in 24 hours ($current_user->user_login): $_POST[url]"); echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } // check the URL is OK and that it resolves $url_components = @parse_url($url); if (!$url_components || ! $url_components['host'] || gethostbyname($url_components['host']) == $url_components['host']) { echo '<p class="error"><strong>'._('URL o nombre de servidor erróneo').'</strong></p> '; echo '<p>'._('el nombre del servidor es incorrecto o éste tiene problemas para resolver el nombre'). ' </p>'; syslog(LOG_NOTICE, "Meneame, hostname error ($current_user->user_login): $url"); print_empty_submit_form(); echo '</div>'. "\n"; return; } $enqueued_last_minutes = (int) $db->get_var("select count(*) from links where link_status='queued' and link_date > date_sub(now(), interval 3 minute)"); if ($current_user->user_karma > $globals['limit_3_minutes_karma']) $enqueued_limit = $globals['limit_3_minutes'] * 1.5; else $enqueued_limit = $globals['limit_3_minutes']; if ($enqueued_last_minutes > $enqueued_limit) { echo '<p class="error"><strong>'._('exceso de envíos').':</strong></p>'; echo '<p>'._('se han enviado demasiadas historias en los últimos 3 minutos'). " ($enqueued_last_minutes > $enqueued_limit), "._('disculpa las molestias'). ' </p>'; syslog(LOG_NOTICE, "Meneame, too many queued ($current_user->user_login): $_POST[url]"); echo '</div>'. "\n"; return; } // Check the user does not have too many drafts $minutes = intval($globals['draft_time'] / 60) + 10; $drafts = (int) $db->get_var("select count(*) from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval $minutes minute) and link_status='discard' and link_votes = 0"); if (!$globals['development']) if ($drafts > $globals['draft_limit']) { echo '<p class="error"><strong>'._('demasiados borradores').':</strong></p>'; echo '<p>'._('has hecho demasiados intentos, debes esperar o continuar con ellos desde la'). ' <a href="shakeit.php?meta=_discarded">'. _('cola de descartadas').'</a></p>'; syslog(LOG_NOTICE, "Meneame, too many drafts ($current_user->user_login): $_POST[url]"); echo '</div>'. "\n"; return; } // Delete dangling drafts if ($drafts > 0) { $db->query("delete from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval 30 minute) and link_date < date_sub(now(), interval 10 minute) and link_status='discard' and link_votes = 0"); } // Check for banned IPs if (!$globals['development']) if(($ban = check_ban($globals['user_ip'], 'ip', true)) || ($ban = check_ban_proxy())) { echo '<p class="error"><strong>'._('dirección IP no permitida para enviar').':</strong> '.$globals['user_ip'].'</p>'; echo '<p><strong>'._('Razón').'</strong>: '.$ban['comment'].'</p>'; if ($ban['expire'] > 0) { echo '<p class="note"><strong>'._('caduca').'</strong>: '.get_date_time($ban['expire']).'</p>'; } syslog(LOG_NOTICE, "Meneame, banned IP $globals[user_ip] ($current_user->user_login): $url"); print_empty_submit_form(); echo '</div>'. "\n"; return; } // Number of links sent by the user $total_sents = (int) $db->get_var("select count(*) from links where link_author=$current_user->user_id") - $drafts; if ($total_sents > 0) { $sents = (int) $db->get_var("select count(*) from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval 60 day)") - $drafts; } else { $new_user = true; $sents = 0; } $register_date = $current_user->Date(); if ($globals['now'] - $register_date < $globals['new_user_time'] ) { $new_user = true; } // check that a new user also votes, not only sends links // it requires $globals['min_user_votes'] votes if ($new_user && $globals['min_user_votes'] > 0 && $current_user->user_karma < $globals['new_user_karma']) { $user_votes_total = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_user_id=$current_user->user_id"); $user_votes = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_date > date_sub(now(), interval 72 hour) and vote_user_id=$current_user->user_id"); $user_links = 1 + $db->get_var("select count(*) from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval 24 hour) and link_status != 'discard'"); $total_links = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 24 hour) and link_status = 'queued'"); echo "<!-- $user_votes_total, $user_links, $total_links -->\n"; if ($sents == 0) { // If is a new user, requires more votes, to avoid spam $min_votes = $globals['min_user_votes']; } else { $min_votes = min(4, intval($total_links/20)) * $user_links; } if (!$current_user->admin && $user_votes < $min_votes) { $needed = $min_votes - $user_votes; echo '<p class="error">'; if ($new_user) { echo '<strong>'._('¿es la primera vez que envías una noticia?').'</strong></p> '; echo '<p class="error-text">'._('necesitas como mínimo'). " <strong>$needed " . _('votos') . '</strong><br/>'; } else { echo '<strong>'._('no tienes el mínimo de votos necesarios para enviar una nueva historia').'</strong></p> '; echo '<p class="error-text">'._('necesitas votar como mínimo a'). " <strong>$needed " . _('envíos') . '</strong><br/>'; } echo '<strong>'._('no votes de forma apresurada, penaliza el karma').'</strong><br/>'; echo '<a href="'.$globals['base_url'].'shakeit.php" target="_blank">'._('haz clic aquí para ir a votar').'</a></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } } // avoid spams, an extra security check // it counts the numbers of links in the last hours if ($new_user) { $user_links_limit = $globals['new_user_links_limit']; $user_links_interval = intval($globals['new_user_links_interval'] / 3600); } else { $user_links_limit = $globals['user_links_limit']; $user_links_interval = intval($globals['user_links_interval'] / 3600); } $same_user = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval $user_links_interval hour) and link_author=$current_user->user_id") - $drafts; $same_ip = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval $user_links_interval hour) and link_ip = '".$globals['user_ip']."'") - $drafts; if ($same_user > $user_links_limit || $same_ip > $user_links_limit ) { echo '<p class="error"><strong>'._('debes esperar, ya se enviaron varias con el mismo usuario o dirección IP'). '</strong></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } // avoid users sending continuous "rubbish" or "propaganda", specially new users // it takes in account the number of positive votes in the last six hours if ($same_user > 1 && $current_user->user_karma < $globals['karma_propaganda']) { $positives_received = $db->get_var("select sum(link_votes) from links where link_date > date_sub(now(), interval $user_links_interval hour) and link_author = $current_user->user_id"); $negatives_received = $db->get_var("select sum(link_negatives) from links where link_date > date_sub(now(), interval $user_links_interval hour) and link_author = $current_user->user_id"); if ($negatives_received > 10 && $negatives_received > $positives_received * 1.5) { echo '<p class="error"><strong>'._('debes esperar, has tenido demasiados votos negativos en tus últimos envíos'). '</strong></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } } $linkres=new Link; $linkres->url = $url; $edit = false; if(report_dupe($url)) return; if(!$linkres->check_url($url, true, true) || !$linkres->get($url)) { echo '<p class="error"><strong>'._('URL erróneo o no permitido').'</strong>: '; if ($linkres->ban && $linkres->ban['match']) { echo $linkres->ban['match']; } else { echo $linkres->url; } echo '</p>'; echo '<p><strong>'._('Razón').':</strong> '. $linkres->ban['comment'].'</p>'; if ($linkres->ban['expire'] > 0) { echo '<p class="note"><strong>'._('caduca').'</strong>: '.get_date_time($linkres->ban['expire']).'</p>'; } print_empty_submit_form(); echo '</div>'. "\n"; return; } // If the URL has changed, check again is not dupe if($linkres->url != $url && report_dupe($linkres->url)) return; $linkres->randkey = intval($_POST['randkey']); if(!$linkres->valid) { echo '<p class="error"><strong>'._('error leyendo el url').':</strong> '.htmlspecialchars($url).'</p>'; // Dont allow new users with low karma to post wrong URLs if ($current_user->user_karma < 8 && $current_user->user_level == 'normal') { echo '<p>'._('URL inválido, incompleto o no permitido. Está fuera de línea, o tiene mecanismos antibots.').'</p>'; print_empty_submit_form(); return; } echo '<p>'._('no es válido, está fuera de línea, o tiene mecanismos antibots. <strong>Continúa</strong>, pero asegúrate que sea correcto').'</p>'; } $linkres->status='discard'; $linkres->author=$current_user->user_id; if (!$linkres->pingback()) { $linkres->trackback(); } $trackback=htmlspecialchars($linkres->trackback); $linkres->create_blog_entry(); $blog = new Blog; $blog->id = $linkres->blog; $blog->read(); $blog_url_components = @parse_url($blog->url); $blog_url = $blog_url_components['host'].$blog_url_components['path']; // Now we check again against the blog table // it's done because there could be banned blogs like http://lacotelera.com/something if(($ban = check_ban($blog->url, 'hostname', false, true))) { echo '<p class="error"><strong>'._('URL inválido').':</strong> '.htmlspecialchars($url).'</p>'; echo '<p>'._('el sitio').' '.$ban['match'].' '. _('está deshabilitado'). ' ('. $ban['comment'].') </p>'; if ($ban['expire'] > 0) { echo '<p class="note"><strong>'._('caduca').'</strong>: '.get_date_time($ban['expire']).'</p>'; } syslog(LOG_NOTICE, "Meneame, banned site ($current_user->user_login): $blog->url <- $_POST[url]"); print_empty_submit_form(); echo '</div>'. "\n"; /* // If the domain is banned, decrease user's karma if ($linkres->banned && $current_user->user_level == 'normal') { $db->query("update users set user_karma = user_karma - 0.05 where user_id = $current_user->user_id"); } */ return; } // check for users spamming several sites and networks // it does not allow a low "entropy" // DISABLED BY MANEL: let the user send news from the same sources /* if ($sents > 30) { $ratio = (float) $db->get_var("select count(distinct link_blog)/count(*) from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval 60 day)"); $threshold = 1/log($sents, 2); if ($ratio < $threshold ) { if ($db->get_var("select count(*) from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval 60 day) and link_blog = $blog->id") > 2) { syslog(LOG_NOTICE, "Meneame, forbidden due to low entropy: $ratio < $threshold ($current_user->user_login): $linkres->url"); echo '<p class="error"><strong>'._('ya has enviado demasiados enlaces a los mismos sitios').'</strong></p> '; echo '<p class="error-text">'._('varía las fuentes, podría ser considerado spam').'</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } } } */ // Check the user does not send too many images or vídeos // they think this is a fotolog // DISABLED BY MANEL: this could be a fotolog /* if ($sents > 5 && ($linkres->content_type == 'image' || $linkres->content_type == 'video')) { $image_links = intval($db->get_var("select count(*) from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval 60 day) and link_content_type in ('image', 'video')")); if ($image_links > $sents * 0.7) { syslog(LOG_NOTICE, "Meneame, forbidden due to too many images or video sent by user ($current_user->user_login): $linkres->url"); echo '<p class="error"><strong>'._('ya has enviado demasiadas imágenes o vídeos').'</strong></p> '; //echo '<p class="error-text">'._('disculpa, no es un fotolog').'</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } } */ // Avoid users sending too many links to the same site in last hours // DISABLED BY MANEL /* $hours = 24; $same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval $hours hour) and link_author=$current_user->user_id and link_blog=$linkres->blog and link_votes > 0"); if ($same_blog > 2) { syslog(LOG_NOTICE, "Meneame, forbidden due to too many links to the same site in last $hours hours ($current_user->user_login): $linkres->url"); echo '<p class="error"><strong>'._('demasiados enlaces al mismo sitio en las últimas horas').'</strong></p> '; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } */ // avoid auto-promotion (autobombo) // DISABLED BY MANEL: autobombo permitido /* $minutes = 30; $same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval $minutes minute) and link_author=$current_user->user_id and link_blog=$linkres->blog and link_votes > 0"); if ($same_blog > 0 && $current_user->user_karma < 12) { syslog(LOG_NOTICE, "Meneame, forbidden due to short period between links to same site ($current_user->user_login): $linkres->url"); echo '<p class="error"><strong>'._('ya has enviado un enlace al mismo sitio hace poco tiempo').'</strong></p> '; echo '<p class="error-text">'._('debes esperar'). " $minutes " . _('minutos entre cada envío al mismo sitio.') . ', '; echo '<a href="'.$globals['base_url'].'faq-'.$dblang.'.php">'._('lee el FAQ').'</a></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } */ // Avoid spam (autobombo), count links in last two months // DISABLED BY MANEL: autobombo permitido /* $same_blog = $db->get_var("select count(*) from links where link_author=$current_user->user_id and link_date > date_sub(now(), interval 60 day) and link_blog=$linkres->blog"); $check_history = $sents > 3 && $same_blog > 0 && ($ratio = $same_blog/$sents) > 0.5; if ($check_history) { echo '<p class="error"><strong>'._('has enviado demasiados enlaces a')." $blog->url".'</strong></p> '; if ($sents > 5 && $ratio > 0.75) { echo '<p class="error-text">'._('has superado los límites de envíos de este sitio').'</p>'; // don't allow to continue syslog(LOG_NOTICE, "Meneame, warn, high ratio, process interrumped ($current_user->user_login): $linkres->url"); return; } else { echo '<p class="error-text">'._('continúa, pero ten en cuenta podría recibir votos negativos').', '; echo '<a href="'.$globals['base_url'].'legal.php">'._('condiciones de uso').'</a>, '; echo '<a href="'.$globals['base_url'].'faq-'.$dblang.'.php">'._('el FAQ').'</a></p>'; syslog(LOG_NOTICE, "Meneame, warn, high ratio, continue ($current_user->user_login): $linkres->url"); } } */ $links_12hs = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour)"); // check there is no an "overflow" from the same site // DISABLED BY MANEL: could be an overflow /* $site_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_blog=$linkres->blog and link_status in ('queued')")); if ($site_links > 8 && $site_links > $links_12hs * 0.04) { // Only 4% from the same site syslog(LOG_NOTICE, "Meneame, forbidden due to overflow to the same site ($current_user->user_login): $linkres->url"); echo '<p class="error"><strong>'._('ya se han enviado demasiadas artículos del mismo sitio, espera unos minutos por favor').'</strong></p> '; echo '<p class="error-text">'._('total en 12 horas').": $site_links , ". _('el máximo actual es'). ': ' . intval($links_12hs * 0.04). '</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } */ // check there is no an "overflow" of images // DISABLED BY MANEL: let the overflow begin /* if ($linkres->content_type == 'image' || $linkres->content_type == 'video') { $image_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_content_type in ('image', 'video')")); if ($image_links > 5 && $image_links > $links_12hs * 0.08) { // Only 8% images and videos syslog(LOG_NOTICE, "Meneame, forbidden due to overflow images ($current_user->user_login): $linkres->url"); echo '<p class="error"><strong>'._('ya se han enviado demasiadas imágenes o vídeos, espera unos minutos por favor').'</strong></p> '; echo '<p class="error-text">'._('total en 12 horas').": $image_links , ". _('el máximo actual es'). ': ' . intval($links_12hs * 0.05). '</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>'. "\n"; return; } } */ if(($ban = check_ban($linkres->url, 'punished_hostname', false, true))) { echo '<p class="error"><strong>'._('Aviso').' '.$ban['match']. ':</strong> <em>'.$ban['comment'].'</em></p>'; echo '<p>'._('mejor enviar el enlace a la fuente original, sino será penalizado').'</p>'; } // Now stores new draft $linkres->ip = $globals['user_ip']; $linkres->sent_date = $linkres->date=time(); $linkres->store(); echo '<h2>'._('envío de una nueva noticia: paso 2 de 3').'</h2>'."\n"; echo '<div class="genericform">'."\n"; echo '<form action="submit.php" method="post" id="thisform" name="thisform">'."\n"; echo '<input type="hidden" name="url" id="url" value="'.htmlspecialchars($linkres->url).'" />'."\n"; echo '<input type="hidden" name="phase" value="2" />'."\n"; echo '<input type="hidden" name="randkey" value="'.intval($_POST['randkey']).'" />'."\n"; echo '<input type="hidden" name="key" value="'.$_POST['key'].'" />'."\n"; echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n"; echo '<fieldset><legend><span class="sign">'._('información del enlace').'</span></legend>'."\n"; echo '<p class="genericformtxt"><strong>'; echo mb_substr($linkres->url_title, 0, 200); echo '</strong><br/>'; echo htmlspecialchars($linkres->url); echo '</p> '."\n"; echo '</fieldset>'."\n"; echo '<fieldset><legend><span class="sign">'._('detalles de la noticia').'</span></legend>'."\n"; echo '<label for="title" accesskey="1">'._('título de la noticia').':</label>'."\n"; echo '<p><span class="note">'._('título de la noticia. máximo: 120 caracteres').'</span>'."\n"; // Is it an image or video? echo ' '; $linkres->print_content_type_buttons(); echo '<br/><input type="text" id="title" name="title" value="'.$link_title.'" size="80" maxlength="120" />'; echo '</p>'."\n"; echo '<label for="tags" accesskey="2">'._('etiquetas').':</label>'."\n"; echo '<p><span class="note"><strong>'._('pocas palabras, genéricas, cortas y separadas por «,» (coma)').'</strong> Ejemplo: <em>web, programación, software libre</em></span>'."\n"; echo '<br/><input type="text" id="tags" name="tags" value="'.$link_tags.'" size="70" maxlength="70" /></p>'."\n"; echo '<link rel="stylesheet" type="text/css" media="all" href="'.$globals['base_static'].'css/ui-lightness/jquery-ui-1.8.16.custom.css"/>' . "\n"; echo '<script src="'.$globals['base_url'].'js/jquery-ui-1.8.16.custom.min.js" type="text/javascript" charset="utf-8"></script>' . "\n"; echo '<script type="text/javascript"> $(document).ready( function() { '; echo "$.datepicker.regional['pt-BR'] = { closeText: 'Fechar', prevText: '<Anterior', nextText: 'Próximo>', currentText: 'Hoje', monthNames: ['Janeiro','Fevereiro','Março','Abril','Maio','Junho', 'Julho','Agosto','Setembro','Outubro','Novembro','Dezembro'], monthNamesShort: ['Jan','Fev','Mar','Abr','Mai','Jun', 'Jul','Ago','Set','Out','Nov','Dez'], dayNames: ['Domingo','Segunda-feira','Terça-feira','Quarta-feira','Quinta-feira','Sexta-feira','Sabado'], dayNamesShort: ['Dom','Seg','Ter','Qua','Qui','Sex','Sab'], dayNamesMin: ['Dom','Seg','Ter','Qua','Qui','Sex','Sab'], dateFormat: 'dd/mm/yy', firstDay: 0, isRTL: false}; $.datepicker.setDefaults($.datepicker.regional['pt-BR']); "; echo ' $("[name=datepicker1]").datepicker(); $("[name=datepicker2]").datepicker(); }); </script>'; echo '<label>'._('Datas do Evento').'</label> <span class="note">(opcional) desde </span> '; echo '<input type="text" name="datepicker1" size="8"><span class="note"> '._('ata').'</span> <input type="text" name="datepicker2" size="8"></span>'; print_simpleformat_buttons('bodytext'); echo '<label for="bodytext" accesskey="3">'._('descripción de la noticia').':</label>'."\n"; echo '<p><span class="note"><strong>'._('describe la noticia en castellano. entre dos y cinco frases es suficiente. no deformes el contenido.').'</strong></span>'."\n"; echo '<br /><textarea name="bodytext" rows="10" cols="60" id="bodytext" onKeyDown="textCounter(document.thisform.bodytext,document.thisform.bodycounter,550)" onKeyUp="textCounter(document.thisform.bodytext,document.thisform.bodycounter,550)">'; if (mb_strlen($linkres->url_description) > 40) { echo $linkres->url_description; } echo '</textarea>'."\n"; echo '<div style="margin-top:-7px"><input readonly type="text" name="bodycounter" size="3" maxlength="3" value="550" /> <span class="note">' . _('caracteres libres') . '</span></div>'; echo '</p>'."\n"; print_categories_form(); echo '<p><label for="trackback">'._('trackback').':</label><br />'."\n"; if (empty($trackback)) { echo '<span class="note">'._('puedes agregar o cambiar el trackback si ha sido detectado automáticamente').'</span>'."\n"; echo '<input type="text" name="trackback" id="trackback" value="'.$trackback.'" class="form-full" /></p>'."\n"; } else { echo '<span class="note">'.$trackback.'</span>'."\n"; echo '<input type="hidden" name="trackback" id="trackback" value="'.$trackback.'"/></p>'."\n"; } echo '<input class="button" type="button" onclick="window.history.go(-1)" value="« '._('retroceder').'" /> '."\n"; echo '<input class="button" type="submit" value="'._('continuar').' »" />'."\n"; echo '</fieldset>'."\n"; echo '</form>'."\n"; echo '</div>'."\n"; echo '</div>'."\n"; }
$title .= " -{$user_login}-"; if ($categories) { $cats = implode(',', $categories); $from_where .= " AND link_category in ({$cats}) "; } } $order_by = " ORDER BY {$order_field} DESC "; $last_modified = $db->get_var("SELECT UNIX_TIMESTAMP({$order_field}) {$from_where} {$order_by} LIMIT 1"); if ($if_modified > 0) { $from_where .= " AND {$order_field} > FROM_UNIXTIME({$if_modified})"; } $sql = "SELECT link_id {$from_where} {$order_by} LIMIT {$rows}"; } do_header($title); // Don't allow banned IPs o proxies if (!check_ban($globals['user_ip'], 'ip', true) && !check_ban_proxy()) { $links = $db->get_col($sql); } else { $links = false; } if ($links) { foreach ($links as $link_id) { $link = Link::from_db($link_id); if (!$link) { continue; } $category_name = $db->get_var("SELECT category_name FROM categories WHERE category_id = {$link->category} AND category_lang='{$dblang}'"); $content = text_to_html(htmlentities2unicodeentities($link->content)); $permalink = $link->get_short_permalink(); /* if (isset($_REQUEST['local']) || $globals['bot']) {
static function save_from_post($link, $redirect = true) { global $db, $current_user, $globals; require_once mnminclude . 'ban.php'; if (check_ban_proxy()) { return _('dirección IP no permitida'); } // Check if is a POST of a comment if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment(); $comment->link = $link->id; $comment->ip = $globals['user_ip']; $comment->randkey = intval($_POST['randkey']); $comment->author = intval($_POST['user_id']); $comment->karma = round($current_user->user_karma); $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours + 1); if ($clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } if (!$current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) { $same_links_count *= 2; } $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5); $karma_penalty = 0; if ($comment_count > $comment_limit || $same_count > 2) { if ($comment_count > $comment_limit) { $karma_penalty += ($comment_count - 3) * 0.1; } if ($same_count > 1) { $karma_penalty += $same_count * 0.25; } } // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { return $limit_exceded; } } $db->transaction(); // Check the comment wasn't already stored $r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE")); $already_stored = intval($r); if ($already_stored) { $db->rollback(); return _('comentario duplicado'); } if ($karma_penalty > 0) { $db->rollback(); $user = new User($current_user->user_id); $user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios')); return _('penalización de karma por texto repetido o abuso de enlaces'); } if (!is_null($r) && $comment->store()) { $comment->insert_vote(); $link->update_comments(); $db->commit(); // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } else { $comment->store_image_from_form('image'); } if ($redirect) { // Comment stored, just redirect to it page header('HTTP/1.1 303 Load'); header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order); die; } else { return $comment; } } $db->rollback(); return _('error insertando comentario'); //return $error; }
function check_user_fields() { global $globals, $db; $error = false; if(check_ban_proxy()) { register_error(_("IP no permitida")); $error=true; } if(!isset($_POST["username"]) || strlen($_POST["username"]) < 3) { register_error(_("nombre de usuario erróneo, debe ser de 3 o más caracteres alfanuméricos")); $error=true; } if(!check_username($_POST["username"])) { register_error(_("nombre de usuario erróneo, caracteres no admitidos o no comienzan con una letra")); $error=true; } if(user_exists(trim($_POST["username"])) ) { register_error(_("el usuario ya existe")); $error=true; } if(!check_email(trim($_POST["email"]))) { register_error(_("el correo electrónico no es correcto")); $error=true; } if(email_exists(trim($_POST["email"])) ) { register_error(_("dirección de correo duplicada, o fue usada recientemente")); $error=true; } if(preg_match('/[ \']/', $_POST["password"]) || preg_match('/[ \']/', $_POST["password2"]) ) { register_error(_("caracteres inválidos en la clave")); $error=true; } if(! check_password($_POST["password"])) { register_error(_("clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números")); $error=true; } if($_POST["password"] !== $_POST["password2"] ) { register_error(_("las claves no coinciden")); $error=true; } $hasStandard = false; foreach ($globals['standards'] as &$val) { if ($val['id'] == $_POST['standard']) { $hasStandard = true; } } if (!$hasStandard) { print_r($_POST); register_error("A norma enviada non coincide"); $error=true; } // Check registers from the same IP network $user_ip = $globals['form_user_ip']; $ip_classes = explode(".", $user_ip); // From the same IP $registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 24 hour) and log_type in ('user_new', 'user_delete') and log_ip = '$user_ip'"); if($registered > 0) { syslog(LOG_NOTICE, "Meneame, register not accepted by IP address ($_POST[username]) $user_ip"); register_error(_("para registrar otro usuario desde la misma dirección debes esperar 24 horas")); $error=true; } if ($error) return false; // Check class // nnn.nnn.nnn $ip_class = $ip_classes[0] . '.' . $ip_classes[1] . '.' . $ip_classes[2] . '.%'; $registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 6 hour) and log_type in ('user_new', 'user_delete') and log_ip like '$ip_class'"); if($registered > 0) { syslog(LOG_NOTICE, "Meneame, register not accepted by IP class ($_POST[username]) $ip_class"); register_error(_("para registrar otro usuario desde la misma red debes esperar 6 horas"). " ($ip_class)"); $error=true; } if ($error) return false; // Check class // nnn.nnn $ip_class = $ip_classes[0] . '.' . $ip_classes[1] . '.%'; $registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 1 hour) and log_type in ('user_new', 'user_delete') and log_ip like '$ip_class'"); if($registered > 2) { syslog(LOG_NOTICE, "Meneame, register not accepted by IP class ($_POST[username]) $ip_class"); register_error(_("para registrar otro usuario desde la misma red debes esperar unos minutos") . " ($ip_class)"); $error=true; } if ($error) return false; return true; }
function do_submit1() { global $db, $dblang, $current_user, $globals, $errors; $url = clean_input_url(urldecode($_POST['url'])); $url = preg_replace('/#[^\\/]*$/', '', $url); // Remove the "#", people just abuse $url = preg_replace('/^http:\\/\\/http:\\/\\//', 'http://', $url); // Some users forget to delete the foo http:// if (!preg_match('/^\\w{3,6}:\\/\\//', $url)) { // http:// forgotten, add it $url = 'http://' . $url; } $new_user = false; if (!check_link_key()) { add_submit_error(_('clave incorrecta')); return false; } if ($globals['min_karma_for_links'] > 0 && $current_user->user_karma < $globals['min_karma_for_links']) { add_submit_error(_('no tienes el mínimo de karma para enviar una nueva historia')); return false; } // Don't allow to send a link by a clone $hours = intval($globals['user_links_clon_interval']); $clones = $current_user->get_clones($hours + 1); if ($hours > 0 && $clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval {$hours} hour) and link_author in ({$l})"); if ($c > 0) { add_submit_error(_('ya se envió con otro usuario «clon» en las últimas horas') . ", " . _('disculpa las molestias')); syslog(LOG_NOTICE, "Meneame, clon submit ({$current_user->user_login}): " . $_REQUEST['url']); return false; } } // Check the number of links sent by a user $queued_24_hours = (int) $db->get_var("select count(*) from links where link_status!='published' and link_date > date_sub(now(), interval 24 hour) and link_author={$current_user->user_id}"); if ($globals['limit_user_24_hours'] && $queued_24_hours > $globals['limit_user_24_hours']) { add_submit_error(_('debes esperar, tienes demasiados envíos en cola de las últimas 24 horas') . " ({$queued_24_hours}), " . _('disculpa las molestias')); syslog(LOG_NOTICE, "Meneame, too many queued in 24 hours ({$current_user->user_login}): " . $_REQUEST['url']); return false; } // check the URL is OK and that it resolves $url_components = @parse_url($url); if (!$url_components || !$url_components['host'] || gethostbyname($url_components['host']) == $url_components['host']) { add_submit_error(_('URL o nombre de servidor erróneo'), _('el nombre del servidor es incorrecto o éste tiene problemas para resolver el nombre')); syslog(LOG_NOTICE, "Meneame, hostname error ({$current_user->user_login}): {$url}"); return false; } $enqueued_last_minutes = (int) $db->get_var("select count(*) from links where link_status='queued' and link_date > date_sub(now(), interval 3 minute)"); if ($current_user->user_karma > $globals['limit_3_minutes_karma']) { $enqueued_limit = $globals['limit_3_minutes'] * 1.5; } else { $enqueued_limit = $globals['limit_3_minutes']; } if ($enqueued_last_minutes > $enqueued_limit) { //echo '<p class="error"><strong>'._('exceso de envíos').':</strong></p>'; //echo '<p>'._('se han enviado demasiadas historias en los últimos 3 minutos'). " ($enqueued_last_minutes > $enqueued_limit), "._('disculpa las molestias'). ' </p>'; //echo '</div>'. "\n"; add_submit_error(_('exceso de envíos'), _('se han enviado demasiadas historias en los últimos 3 minutos') . " ({$enqueued_last_minutes} > {$enqueued_limit}), " . _('disculpa las molestias')); syslog(LOG_NOTICE, "Meneame, too many queued ({$current_user->user_login}): " . $_REQUEST['url']); return false; } // Check the user does not have too many drafts $minutes = intval($globals['draft_time'] / 60) + 10; $drafts = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval {$minutes} minute) and link_status='discard' and link_votes = 0"); if ($drafts > $globals['draft_limit']) { add_submit_error(_('demasiados borradores'), _('has hecho demasiados intentos, debes esperar o continuar con ellos desde la') . ' <a href="shakeit.php?meta=_discarded">' . _('cola de descartadas') . '</a></p>'); syslog(LOG_NOTICE, "Meneame, too many drafts ({$current_user->user_login}): " . $_REQUEST['url']); return false; } // Delete dangling drafts if ($drafts > 0) { $db->query("delete from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 30 minute) and link_date < date_sub(now(), interval 10 minute) and link_status='discard' and link_votes = 0"); } // Check for banned IPs if (($ban = check_ban($globals['user_ip'], 'ip', true)) || ($ban = check_ban_proxy())) { if ($ban['expire'] > 0) { $expires = _('caduca') . ': ' . get_date_time($ban['expire']); } else { $expires = ''; } add_submit_error(_('dirección IP no permitida para enviar'), $expires); syslog(LOG_NOTICE, "Meneame, banned IP " . $globals['user_ip'] . " ({$current_user->user_login}): {$url}"); return false; } // Number of links sent by the user $total_sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id}") - $drafts; if ($total_sents > 0) { $sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)") - $drafts; } else { $new_user = true; $sents = 0; } $register_date = $current_user->Date(); if ($globals['now'] - $register_date < $globals['new_user_time']) { $new_user = true; } // check that a new user also votes, not only sends links // it requires $globals['min_user_votes'] votes if ($new_user && $globals['min_user_votes'] > 0 && $current_user->user_karma < $globals['new_user_karma']) { $user_votes_total = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_user_id={$current_user->user_id}"); $user_votes = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_date > date_sub(now(), interval 72 hour) and vote_user_id={$current_user->user_id}"); $user_links = 1 + $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 24 hour) and link_status != 'discard'"); $total_links = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 24 hour) and link_status = 'queued'"); if ($sents == 0) { // If is a new user, requires more votes, to avoid spam $min_votes = $globals['min_user_votes']; } else { $min_votes = min(4, intval($total_links / 20)) * $user_links; } if (!$current_user->admin && $user_votes < $min_votes) { $needed = $min_votes - $user_votes; if ($new_user) { add_submit_error(_('¿es la primera vez que envías una historia?'), _('necesitas como mínimo') . " {$needed} " . _('votos')); } else { add_submit_error(_('no tienes el mínimo de votos necesarios para enviar una nueva historia'), _('necesitas votar como mínimo a') . " {$needed} " . _('envíos')); } add_submit_error(_('no votes de forma apresurada, penaliza el karma'), '<a href="' . $globals['base_url'] . 'shakeit.php" target="_blank">' . _('haz clic aquí para ir a votar') . '</a>'); return false; } } // avoid spams, an extra security check // it counts the numbers of links in the last hours if ($new_user) { $user_links_limit = $globals['new_user_links_limit']; $user_links_interval = intval($globals['new_user_links_interval'] / 3600); } else { $user_links_limit = $globals['user_links_limit']; $user_links_interval = intval($globals['user_links_interval'] / 3600); } $same_user = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author={$current_user->user_id}") - $drafts; $same_ip = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_ip = '" . $globals['user_ip'] . "'") - $drafts; if ($same_user > $user_links_limit || $same_ip > $user_links_limit) { add_submit_error(_('debes esperar, ya se enviaron varias con el mismo usuario o dirección IP')); return false; } // avoid users sending continuous "rubbish" or "propaganda", specially new users // it takes in account the number of positive votes in the last six hours if ($same_user > 1 && $current_user->user_karma < $globals['karma_propaganda']) { $positives_received = $db->get_var("select sum(link_votes) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}"); $negatives_received = $db->get_var("select sum(link_negatives) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}"); if ($negatives_received > 10 && $negatives_received > $positives_received * 1.5) { add_submit_error(_('debes esperar, has tenido demasiados votos negativos en tus últimos envíos')); return false; } } $link = new Link(); $link->url = $url; $link->is_new = true; // Disable several options in the editing form $edit = false; if (report_duplicated($url)) { return true; } // Don't output error messages if (!$link->check_url($url, true, true) || !$link->get($url)) { $e = _('URL erróneo o no permitido') . ': '; if ($link->ban && $link->ban['match']) { $e .= $link->ban['match']; } else { $e .= $link->url; } add_submit_error($e, _('Razón') . ': ' . $link->ban['comment']); if ($link->ban['expire'] > 0) { add_submit_error($e, _('caduca') . ': ' . get_date_time($link->ban['expire'])); } return false; } // If the URL has changed, check again is not dupe if ($link->url != $url && report_duplicated($link->url)) { return; } $link->randkey = intval($_POST['randkey']); if (!$link->valid) { //echo '<p class="error"><strong>'._('error leyendo el url').':</strong> '.htmlspecialchars($url).'</p>'; $e = _('error leyendo el url') . ': ' . htmlspecialchars($url); // Dont allow new users with low karma to post wrong URLs if ($current_user->user_karma < 8 && $current_user->user_level == 'normal') { add_submit_error($e, _('URL inválido, incompleto o no permitido. Está fuera de línea, o tiene mecanismos antibots.')); return false; } add_submit_error($e, _('no es válido, está fuera de línea, o tiene mecanismos antibots. <strong>Continúa</strong>, pero asegúrate que sea correcto')); } $link->status = 'discard'; $link->author = $current_user->user_id; if (!$link->pingback()) { $link->trackback(); } $link->trackback = htmlspecialchars($link->trackback); $link->create_blog_entry(); $blog = new Blog(); $blog->id = $link->blog; $blog->read(); $blog_url_components = @parse_url($blog->url); $blog_url = $blog_url_components['host'] . $blog_url_components['path']; // Now we check again against the blog table // it's done because there could be banned blogs like http://lacotelera.com/something if ($ban = check_ban($blog->url, 'hostname', false, true)) { $e = _('URL inválido') . ': ' . htmlspecialchars($url); add_submit_error($e, _('el sitio') . ' ' . $ban['match'] . ' ' . _('está deshabilitado') . ' (' . $ban['comment'] . ')'); if ($ban['expire'] > 0) { add_submit_error($e, _('caduca') . ': ' . get_date_time($ban['expire'])); } syslog(LOG_NOTICE, "Meneame, banned site ({$current_user->user_login}): {$blog->url} <- " . $_REQUEST['url']); return false; } // check for users spamming several sites and networks // it does not allow a low "entropy" if ($sents > 30) { $ratio = (double) $db->get_var("select count(distinct link_blog)/count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)"); $threshold = 1 / log($sents, 2); if ($ratio < $threshold) { if ($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog = {$blog->id}") > 2) { syslog(LOG_NOTICE, "Meneame, forbidden due to low entropy: {$ratio} < {$threshold} ({$current_user->user_login}): {$link->url}"); add_submit_error(_('ya has enviado demasiados enlaces a los mismos sitios'), _('varía las fuentes, podría ser considerado spam')); return false; } } } // Check the user does not send too many images or vídeos // they think this is a fotolog if ($sents > 5 && ($link->content_type == 'image' || $link->content_type == 'video')) { $image_links = intval($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_content_type in ('image', 'video')")); if ($image_links > $sents * 0.8) { syslog(LOG_NOTICE, "Meneame, forbidden due to too many images or video sent by user ({$current_user->user_login}): {$link->url}"); add_submit_error(_('ya has enviado demasiadas imágenes o vídeos')); return false; } } // Avoid users sending too many links to the same site in last hours $hours = 24; $same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$hours} hour) and link_author={$current_user->user_id} and link_blog={$link->blog} and link_votes > 0"); if ($same_blog >= $globals['limit_same_site_24_hours']) { syslog(LOG_NOTICE, "Meneame, forbidden due to too many links to the same site in last {$hours} hours ({$current_user->user_login}): {$link->url}"); add_submit_error(_('demasiados enlaces al mismo sitio en las últimas horas')); return false; } // avoid auto-promotion (autobombo) $minutes = 30; $same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$minutes} minute) and link_author={$current_user->user_id} and link_blog={$link->blog} and link_votes > 0"); if ($same_blog > 0 && $current_user->user_karma < 12) { syslog(LOG_NOTICE, "Meneame, forbidden due to short period between links to same site ({$current_user->user_login}): {$link->url}"); add_submit_error(_('ya has enviado un enlace al mismo sitio hace poco tiempo'), _('debes esperar') . " {$minutes} " . _('minutos entre cada envío al mismo sitio.') . ', ' . '<a href="' . $globals['base_url'] . 'faq-' . $dblang . '.php">' . _('lee el FAQ') . '</a>'); return false; } // Avoid spam (autobombo), count links in last two months $same_blog = $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog={$link->blog}"); $check_history = $sents > 3 && $same_blog > 0 && ($ratio = $same_blog / $sents) > 0.5; if ($check_history) { $e = _('has enviado demasiados enlaces a') . " {$blog->url}"; if ($sents > 5 && $ratio > 0.75) { add_submit_error($e, _('has superado los límites de envíos de este sitio')); // don't allow to continue syslog(LOG_NOTICE, "Meneame, warn, high ratio, process interrumped ({$current_user->user_login}): {$link->url}"); return false; } else { add_submit_error($e, _('continúa, pero ten en cuenta podría recibir votos negativos') . ', ' . '<a href="' . $globals['base_url'] . $globals['legal'] . '">' . _('condiciones de uso') . '</a>'); syslog(LOG_NOTICE, "Meneame, warn, high ratio, continue ({$current_user->user_login}): {$link->url}"); } } $links_12hs = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour)"); // check there is no an "overflow" from the same site $site_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_blog={$link->blog} and link_status in ('queued')")); if ($site_links > 10 && $site_links > $links_12hs * 0.05) { // Only 5% from the same site syslog(LOG_NOTICE, "Meneame, forbidden due to overflow to the same site ({$current_user->user_login}): {$link->url}"); add_submit_error(_('ya se han enviado demasiadas artículos del mismo sitio, espera unos minutos por favor'), _('total en 12 horas') . ": {$site_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.05)); return false; } // check there is no an "overflow" of images if ($link->content_type == 'image' || $link->content_type == 'video') { $image_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_content_type in ('image', 'video')")); if ($image_links > 5 && $image_links > $links_12hs * 0.15) { // Only 15% images and videos syslog(LOG_NOTICE, "Meneame, forbidden due to overflow images ({$current_user->user_login}): {$link->url}"); add_submit_error(_('ya se han enviado demasiadas imágenes o vídeos, espera unos minutos por favor'), _('total en 12 horas') . ": {$image_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.05)); return false; } } if ($ban = check_ban($link->url, 'punished_hostname', false, true)) { add_submit_error(_('Aviso') . ' ' . $ban['match'] . ': <em>' . $ban['comment'] . '</em>', _('mejor enviar el enlace a la fuente original, si no, será penalizado')); } // Now stores new draft $link->sent_date = $link->date = time(); $link->key = $_POST['key']; $link->randkey = $_POST['randkey']; $link->store(); $link->url_title = mb_substr($link->url_title, 0, 200); if (mb_strlen($link->url_description) > 40) { $link->content = $link->url_description; } $link->chars_left = 550 - mb_strlen(html_entity_decode($link->content, ENT_COMPAT, 'UTF-8'), 'UTF-8'); Haanga::Load('link/submit1.html', compact('link', 'errors')); return true; }
function do_submit1() { global $db, $dblang, $current_user, $globals; $url = clean_input_url($_POST['url']); $url = preg_replace('/^http:\\/\\/http:\\/\\//', 'http://', $url); // Some users forget to delete the foo http:// $url = preg_replace('/#.*$/', '', $url); // Remove the "#", people just abuse do_banner_top(); echo '<div id="container-wide">' . "\n"; echo '<div id="genericform-contents">' . "\n"; $new_user = false; if (!check_link_key()) { echo '<p class="error"><strong>' . _('clave incorrecta') . '</strong></p> '; echo '</div>' . "\n"; return; } if ($globals['min_karma_for_links'] > 0 && $current_user->user_karma < $globals['min_karma_for_links']) { echo '<p class="error"><strong>' . _('no tienes el mínimo de karma para enviar una nueva historia') . '</strong></p> '; echo '</div>' . "\n"; return; } $enqueued_last_minutes = (int) $db->get_var("select count(*) from links where link_status='queued' and link_date > date_sub(now(), interval 3 minute)"); if ($current_user->user_karma > 10) { $enqueued_limit = $globals['limit_3_minutes'] * 1.5; } else { $enqueued_limit = $globals['limit_3_minutes']; } if ($enqueued_last_minutes > $enqueued_limit) { echo '<p class="error"><strong>' . _('Exceso de envíos') . ':</strong></p>'; echo '<p>' . _('Se han enviado demasiadas noticias en los últimos 3 minutos') . " ({$enqueued_last_minutes} > {$enqueued_limit}), " . _('disculpa las molestias') . ' </p>'; syslog(LOG_NOTICE, "Meneame, too many queued ({$current_user->user_login}): {$_POST['url']}"); echo '</div>' . "\n"; return; } // Check the user does not have too many drafts $drafts = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 30 minute) and link_status='discard' and link_votes = 0"); if ($drafts > 3) { echo '<p class="error"><strong>' . _('Demasiados borradores') . ':</strong></p>'; echo '<p>' . _('Has hecho demasiados intentos, debes esperar o continuar con ellos desde la') . ' <a href="shakeit.php?meta=_discarded">' . _('cola de descartadas') . '</a></p>'; syslog(LOG_NOTICE, "Meneame, too many drafts ({$current_user->user_login}): {$_POST['url']}"); echo '</div>' . "\n"; return; } // Delete dangling drafts if ($drafts > 0) { $db->query("delete from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 30 minute) and link_date < date_sub(now(), interval 10 minute) and link_status='discard' and link_votes = 0"); } // Check for banned IPs if (check_ban($globals['user_ip'], 'ip', true) || check_ban_proxy()) { echo '<p class="error"><strong>' . _('Dirección IP no permitida para enviar') . ':</strong> ' . $globals['user_ip'] . ' (' . $globals['ban_message'] . ')</p>'; syslog(LOG_NOTICE, "Meneame, banned IP {$globals['user_ip']} ({$current_user->user_login}): {$url}"); print_empty_submit_form(); echo '</div>' . "\n"; return; } // Number of links sent by the user $total_sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id}") - $drafts; if ($total_sents > 0) { $sents = (int) $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)") - $drafts; } else { $new_user = true; $sents = 0; } $register_date = $current_user->Date(); if ($globals['now'] - $register_date < 86400 * 3) { $new_user = true; } // check that a new user also votes, not only sends links // it requires $globals['min_user_votes'] votes if ($new_user && $globals['min_user_votes'] > 0 && $current_user->user_karma < 6.1) { $user_votes_total = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_user_id={$current_user->user_id}"); $user_votes = (int) $db->get_var("select count(*) from votes where vote_type='links' and vote_date > date_sub(now(), interval 72 hour) and vote_user_id={$current_user->user_id}"); $user_links = 1 + $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 24 hour) and link_status != 'discard'"); $total_links = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 24 hour) and link_status = 'queued'"); echo "<!-- {$user_votes_total}, {$user_links}, {$total_links} -->\n"; if ($sents == 0) { // If is a new user, requires more votes, to avoid spam $min_votes = $globals['min_user_votes']; } else { $min_votes = min(4, intval($total_links / 20)) * $user_links; } if ($current_user->user_level != 'god' && $current_user->user_level != 'admin' && $user_votes < $min_votes) { $needed = $min_votes - $user_votes; echo '<p class="error">'; if ($new_user) { echo '<strong>' . _('¿es la primera vez que envías una noticia?') . '</strong></p> '; echo '<p class="error-text">' . _('necesitas como mínimo') . " <strong>{$needed} " . _('votos') . '</strong><br/>'; } else { echo '<strong>' . _('no tienes el mínimo de votos necesarios para enviar una nueva historia') . '</strong></p> '; echo '<p class="error-text">' . _('necesitas votar como mínimo a') . " <strong>{$needed} " . _('noticias') . '</strong><br/>'; } echo '<strong>' . _('no votes de forma apresurada, penaliza el karma') . '</strong><br/>'; echo '<a href="' . $globals['base_url'] . 'shakeit.php" target="_blank">' . _('haz clic aquí para ir a votar') . '</a></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } } // avoid spams, an extra security check // it counts the numbers of links in the last hours if ($new_user) { $user_links_limit = 1; $user_links_interval = 1; } else { $user_links_limit = 5; $user_links_interval = 2; } $same_user = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author={$current_user->user_id}") - $drafts; $same_ip = (int) $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_ip = '" . $globals['user_ip'] . "'") - $drafts; if ($same_user > $user_links_limit || $same_ip > $user_links_limit) { echo '<p class="error"><strong>' . _('debes esperar, ya se enviaron varias con el mismo usuario o dirección IP') . '</strong></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } // avoid users sending continuous "rubbsih" or "propaganda", specially new users // it takes in account the number of positive votes in the last six hours if ($same_user > 1 && $current_user->user_karma < 12) { $positives_received = $db->get_var("select sum(link_votes) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}"); $negatives_received = $db->get_var("select sum(link_negatives) from links where link_date > date_sub(now(), interval {$user_links_interval} hour) and link_author = {$current_user->user_id}"); echo "<!-- Positives: {$positives_received} -->\n"; echo "<!-- Negatives: {$negatives_received} -->\n"; if ($negatives_received > 10 && $negatives_received > $positives_received * 1.5) { echo '<p class="error"><strong>' . _('debes esperar, has tenido demasiados votos negativos en tus últimos envíos') . '</strong></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } } $linkres = new Link(); $linkres->url = $url; $edit = false; if (report_dupe($url)) { return; } if (!$linkres->check_url($url, true, true) || !$linkres->get($url)) { echo '<p class="error"><strong>' . _('URL erróneo o no permitido') . '</strong>: '; if (!empty($globals['ban_match'])) { echo $globals['ban_match']; } else { echo $linkres->url; } echo '</p>'; echo '<p><strong>' . _('Razón') . ':</strong> ' . $globals['ban_message'] . '</p>'; // If the domain is banned, decrease user's karma if ($linkres->banned) { $db->query("update users set user_karma = user_karma - 0.05 where user_id = {$current_user->user_id}"); } print_empty_submit_form(); echo '</div>' . "\n"; return; } // If the URL has changed, check again is not dupe if ($linkres->url != $url && report_dupe($linkres->url)) { return; } $linkres->randkey = intval($_POST['randkey']); if (!$linkres->valid) { echo '<p class="error"><strong>' . _('error leyendo el url') . ':</strong> ' . htmlspecialchars($url) . '</p>'; // Dont allow new users with low karma to post wrong URLs if ($current_user->user_karma < 12 && $current_user->user_level == 'normal') { echo '<p>' . _('URL inválido, incompleto o no permitido') . '</p>'; print_empty_submit_form(); return; } echo '<p>' . _('No es válido, está fuera de línea, o tiene mecanismos antibots. <strong>Continúa</strong>, pero asegúrate que sea correcto') . '</p>'; } $linkres->status = 'discard'; $linkres->author = $current_user->user_id; if (!$linkres->trackback()) { $linkres->pingback(); } $trackback = htmlspecialchars($linkres->trackback); $linkres->create_blog_entry(); $blog = new Blog(); $blog->id = $linkres->blog; $blog->read(); $blog_url_components = @parse_url($blog->url); $blog_url = $blog_url_components[host] . $blog_url_components[path]; // Now we check again against the blog table // it's done because there could be banned blogs like http://lacotelera.com/something if (check_ban($blog->url, 'hostname', false, true)) { echo '<p class="error"><strong>' . _('URL inválido') . ':</strong> ' . htmlspecialchars($url) . '</p>'; echo '<p>' . _('El sitio') . " {$globals['ban_match']} " . _('está deshabilitado') . ' (' . $globals['ban_message'] . ') </p>'; syslog(LOG_NOTICE, "Meneame, banned site ({$current_user->user_login}): {$blog->url} <- {$_POST['url']}"); print_empty_submit_form(); echo '</div>' . "\n"; return; } // check for users spamming several sites and networks // it does not allow a low "entropy" if ($sents > 30) { $ratio = (double) $db->get_var("select count(distinct link_blog)/count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day)"); $threshold = 1 / log($sents, 2); if ($ratio < $threshold) { if ($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog = {$blog->id}") > 2) { syslog(LOG_NOTICE, "Meneame, forbidden due to low entropy: {$ratio} < {$threshold} ({$current_user->user_login}): {$linkres->url}"); echo '<p class="error"><strong>' . _('ya has enviado demasiados enlaces a los mismos sitios') . '</strong></p> '; echo '<p class="error-text">' . _('varía las fuentes, podría ser considerado spam') . '</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } } } // Check the user does not send too many images or vídeos // they think this is a fotolog if ($sents > 5 && ($linkres->content_type == 'image' || $linkres->content_type == 'video')) { $image_links = intval($db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_content_type in ('image', 'video')")); if ($image_links > $sents * 0.3) { syslog(LOG_NOTICE, "Meneame, forbidden due to too many images or video sent by user ({$current_user->user_login}): {$linkres->url}"); echo '<p class="error"><strong>' . _('ya has enviado demasiadas imágenes o vídeos') . '</strong></p> '; echo '<p class="error-text">' . _('disculpa, no es un fotolog') . '</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } } // avoid auto-promotion (autobombo) $minutes = 30; $same_blog = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval {$minutes} minute) and link_author={$current_user->user_id} and link_blog={$linkres->blog} and link_votes > 0"); if ($same_blog > 0 && $current_user->user_karma < 12) { syslog(LOG_NOTICE, "Meneame, forbidden due to short period between links to same site ({$current_user->user_login}): {$linkres->url}"); echo '<p class="error"><strong>' . _('ya has enviado un enlace al mismo sitio hace poco tiempo') . '</strong></p> '; echo '<p class="error-text">' . _('debes esperar') . " {$minutes} " . _(' minutos entre cada envío al mismo sitio.') . ', '; echo '<a href="' . $globals['base_url'] . 'faq-' . $dblang . '.php">' . _('lee el FAQ') . '</a></p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } // Avoid spam, count links in last three months $same_blog = $db->get_var("select count(*) from links where link_author={$current_user->user_id} and link_date > date_sub(now(), interval 60 day) and link_blog={$linkres->blog}"); // Check if the domain should be banned $check_history = $sents > 2 && $same_blog > 0 && ($ratio = $same_blog / $sents) > 0.5; // check clones also for new users if ($sents == 0 || $check_history) { // Count unique users // TODO: we should discard users with the same IP (clones) $unique_users = (int) $db->get_var("select count(distinct link_author) from links, users, votes where link_blog={$blog->id} and link_date > date_sub(now(), interval 30 day) and user_id = link_author and user_level != 'disabled' and vote_type='links' and vote_link_id = link_id and vote_user_id = link_author and vote_ip_int != " . $globals['user_ip_int']); // Check for user clones $clones = $db->get_var("select count(distinct link_author) from links, votes where link_author!={$current_user->user_id} and link_date > date_sub(now(), interval 20 day) and link_blog={$linkres->blog} link_votes > 0 and vote_type='links' and vote_link_id=link_id and link_author = vote_user_id and vote_ip_int = " . $globals['user_ip_int']); if ($clones > 0 && $unique_users < 3) { // we detected that another user has sent to the same URL from the same IP echo '<p class="error"><strong>' . _('se han detectado usuarios clones que envían al sitio') . " {$blog->url}" . '</strong></p> '; $ban_period_txt = _('un mes'); $ban = insert_ban('hostname', $blog_url, _('usuarios clones') . " {$current_user->user_login} ({$blog_url})", time() + 86400 * 30); $banned_host = $ban->ban_text; echo '<p class="error-text"><strong>' . _('el dominio') . " '{$banned_host}' " . _('ha sido baneado por') . " {$ban_period_txt}</strong>, "; echo '<a href="' . $globals['base_url'] . 'libs/ads/legal-meneame.php">' . _('normas de uso del menáme') . '</a></p>'; syslog(LOG_NOTICE, "Meneame, banned '{$ban_period_txt}' due to user clones ({$current_user->user_login}): {$banned_host} <- {$linkres->url}"); echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } // end clones } if ($check_history) { // Calculate ban period according to previous karma $avg_karma = (int) $db->get_var("select avg(link_karma) from links where link_blog={$blog->id} and link_date > date_sub(now(), interval 30 day)"); // This is the case of unique/few users sending just their site and take care of choosing goog titles and text // the condition is stricter, more links and higher ratio if ($sents > 3 && $ratio > 0.9 || $sents > 6 && $ratio > 0.8 || $sents > 12 && $ratio > 0.6) { if ($unique_users < 3) { if ($avg_karma < -10) { $ban_period = 86400 * 30; $ban_period_txt = _('un mes'); } else { $ban_period = 86400 * 7; $ban_period_txt = _('una semana'); } syslog(LOG_NOTICE, "Meneame, high ratio ({$ratio}) and few users ({$unique_users}), going to ban {$blog->url} ({$current_user->user_login})"); } // Otherwise check previous karma } elseif ($sents > 4 && $avg_karma < 30) { if ($avg_karma < -40) { $ban_period = 86400 * 30; $ban_period_txt = _('un mes'); } elseif ($avg_karma < -10) { $ban_period = 86400 * 7; $ban_period_txt = _('una semana'); } elseif ($avg_karma < 10) { $ban_period = 86400; $ban_period_txt = _('un día'); } else { $ban_period = 7200; $ban_period_txt = _('dos horas'); } syslog(LOG_NOTICE, "Meneame, high ratio ({$ratio}) and low karma ({$avg_karma}), going to ban {$blog->url} ({$current_user->user_login})"); } if ($ban_period > 0) { echo '<p class="error"><strong>' . _('ya has enviado demasiados enlaces a') . " {$blog->url}" . '</strong></p> '; echo '<p class="error-text">' . _('varía tus fuentes, es para evitar abusos y enfados por votos negativos') . ', '; echo '<a href="' . $globals['base_url'] . 'libs/ads/legal-meneame.php">' . _('normas de uso del menáme') . '</a>, '; echo '<a href="' . $globals['base_url'] . 'faq-' . $dblang . '.php">' . _('el FAQ') . '</a></p>'; if (!empty($blog_url)) { $ban = insert_ban('hostname', $blog_url, _('envíos excesivos de') . " {$current_user->user_login}", time() + $ban_period); $banned_host = $ban->ban_text; echo '<p class="error-text"><strong>' . _('el dominio') . " '{$banned_host}' " . _('ha sido baneado por') . " {$ban_period_txt}</strong></p> "; syslog(LOG_NOTICE, "Meneame, banned '{$ban_period_txt}' due to high ratio ({$current_user->user_login}): {$banned_host} <- {$linkres->url}"); } else { syslog(LOG_NOTICE, "Meneame, error parsing during ban: {$blog->id}, {$blog->url} ({$current_user->user_login})"); } echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } elseif ($sents > 0) { // Just in case check again sent (paranoia setting) echo '<p class="error"><strong>' . _('ya has enviado demasiados enlaces a') . " {$blog->url}" . '</strong></p> '; echo '<p class="error-text">' . _('el sitio podría ser baneado automáticamente si continúas enviando') . ', '; echo '<a href="' . $globals['base_url'] . 'libs/ads/legal-meneame.php">' . _('normas de uso del menáme') . '</a>, '; echo '<a href="' . $globals['base_url'] . 'faq-' . $dblang . '.php">' . _('el FAQ') . '</a></p>'; if ($sents > 5 && $ratio > 0.75) { // don't allow to continue syslog(LOG_NOTICE, "Meneame, warn, high ratio, process interrumped ({$current_user->user_login}): {$linkres->url}"); return; } else { syslog(LOG_NOTICE, "Meneame, warn, high ratio, continue ({$current_user->user_login}): {$linkres->url}"); } } } $links_12hs = $db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_status in ('published', 'queued', 'discard')"); // check there is no an "overflow" from the same site if ($current_user->user_karma < 18) { $site_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_status in ('published', 'queued', 'discard') and link_blog={$linkres->blog}")); if ($site_links > 5 && $site_links > $links_12hs * 0.04) { // Only 4% from the same site syslog(LOG_NOTICE, "Meneame, forbidden due to overflow to the same site ({$current_user->user_login}): {$linkres->url}"); echo '<p class="error"><strong>' . _('ya se han enviado demasiadas noticias del mismo sitio, espera unos minutos por favor') . '</strong></p> '; echo '<p class="error-text">' . _('total en 12 horas') . ": {$site_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.04) . '</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } } // check there is no an "overflow" of images if ($linkres->content_type == 'image' || $linkres->content_type == 'video') { $image_links = intval($db->get_var("select count(*) from links where link_date > date_sub(now(), interval 12 hour) and link_status in ('published', 'queued', 'discard') and link_content_type in ('image', 'video')")); if ($image_links > 5 && $image_links > $links_12hs * 0.08) { // Only 8% images and videos syslog(LOG_NOTICE, "Meneame, forbidden due to overflow images ({$current_user->user_login}): {$linkres->url}"); echo '<p class="error"><strong>' . _('ya se han enviado demasiadas imágenes o vídeos, espera unos minutos por favor') . '</strong></p> '; echo '<p class="error-text">' . _('total en 12 horas') . ": {$image_links} , " . _('el máximo actual es') . ': ' . intval($links_12hs * 0.05) . '</p>'; echo '<br style="clear: both;" />' . "\n"; echo '</div>' . "\n"; return; } } if (check_ban($linkres->url, 'punished_hostname', false, true)) { echo '<p class="error"><strong>' . _('Aviso') . ' ' . $globals['ban_match'] . ':</strong> <em>' . $globals['ban_message'] . '</em></p>'; echo '<p>' . _('mejor enviar el enlace a la fuente original, sino será penalizado') . '</p>'; } // Now stores new draft $linkres->ip = $globals['user_ip']; $linkres->sent_date = $linkres->date = time(); $linkres->store(); echo '<h2>' . _('envío de una nueva noticia: paso 2 de 3') . '</h2>' . "\n"; echo '<div id="genericform">' . "\n"; echo '<form action="submit.php" method="post" id="thisform" name="thisform">' . "\n"; echo '<input type="hidden" name="url" id="url" value="' . htmlspecialchars($linkres->url) . '" />' . "\n"; echo '<input type="hidden" name="phase" value="2" />' . "\n"; echo '<input type="hidden" name="randkey" value="' . intval($_POST['randkey']) . '" />' . "\n"; echo '<input type="hidden" name="key" value="' . $_POST['key'] . '" />' . "\n"; echo '<input type="hidden" name="id" value="' . $linkres->id . '" />' . "\n"; echo '<fieldset><legend><span class="sign">' . _('información del enlace') . '</span></legend>' . "\n"; echo '<p class="genericformtxt"><strong>'; echo mb_substr($linkres->url_title, 0, 200); echo '</strong><br/>'; echo htmlspecialchars($linkres->url); echo '</p> ' . "\n"; echo '</fieldset>' . "\n"; echo '<fieldset><legend><span class="sign">' . _('detalles de la noticia') . '</span></legend>' . "\n"; echo '<label for="title" accesskey="1">' . _('título de la noticia') . ':</label>' . "\n"; echo '<p><span class="genericformnote">' . _('título de la noticia. máximo: 120 caracteres') . '</span>' . "\n"; // Is it an image or video? echo ' '; $linkres->print_content_type_buttons(); echo '<br/><input type="text" id="title" name="title" value="' . $link_title . '" size="80" maxlength="120" />'; echo '</p>' . "\n"; echo '<label for="tags" accesskey="2">' . _('etiquetas') . ':</label>' . "\n"; echo '<p><span class="genericformnote"><strong>' . _('pocas palabras, genéricas, cortas y separadas por "," (coma)') . '</strong> Ejemplo: <em>web, programación, software libre</em></span>' . "\n"; echo '<br/><input type="text" id="tags" name="tags" value="' . $link_tags . '" size="70" maxlength="70" /></p>' . "\n"; print_simpleformat_buttons('bodytext'); echo '<p><label for="bodytext" accesskey="3">' . _('descripción de la noticia') . ':</label>' . "\n"; echo '<br /><span class="genericformnote">' . _('describe la noticia con tus palabras. entre dos y cinco frases es suficiente. sé cuidadoso.') . '</span>' . "\n"; echo '<br /><textarea name="bodytext" rows="10" cols="60" id="bodytext" onKeyDown="textCounter(document.thisform.bodytext,document.thisform.bodycounter,550)" onKeyUp="textCounter(document.thisform.bodytext,document.thisform.bodycounter,550)"></textarea>' . "\n"; echo '<br /><input readonly type="text" name="bodycounter" size="3" maxlength="3" value="550" /> <span class="genericformnote">' . _('caracteres libres') . '</span>'; echo '</p>' . "\n"; print_categories_form(); echo '<p><label for="trackback">' . _('trackback') . ':</label><br />' . "\n"; if (empty($trackback)) { echo '<span class="genericformnote">' . _('puedes agregar o cambiar el trackback si ha sido detectado automáticamente') . '</span>' . "\n"; echo '<input type="text" name="trackback" id="trackback" value="' . $trackback . '" class="form-full" /></p>' . "\n"; } else { echo '<span class="genericformnote">' . $trackback . '</span>' . "\n"; echo '<input type="hidden" name="trackback" id="trackback" value="' . $trackback . '"/></p>' . "\n"; } echo '<input class="genericsubmit" type="button" onclick="window.history.go(-1)" value="' . _('« retroceder') . '" /> ' . "\n"; echo '<input class="genericsubmit" type="submit" value="' . _('continuar »') . '" />' . "\n"; echo '</fieldset>' . "\n"; echo '</form>' . "\n"; echo '</div>' . "\n"; echo '</div>' . "\n"; }
function check_user_fields() { global $globals, $db; $error = false; if (check_ban_proxy()) { register_error(_("IP no permitida")); $error = true; } if (!isset($_POST["username"]) || strlen($_POST["username"]) < 3) { register_error(_("Nombre de usuario erróneo, debe ser de 3 o más caracteres alfanuméricos")); $error = true; } if (!check_username($_POST["username"])) { register_error(_("Nombre de usuario erróneo, caracteres no admitidos o no comienzan con una letra")); $error = true; } if (user_exists(trim($_POST["username"]))) { register_error(_("El usuario ya existe")); $error = true; } if (!check_email(trim($_POST["email"]))) { register_error(_("El correo electrónico no es correcto")); $error = true; } if (email_exists(trim($_POST["email"]))) { register_error(_("Ya existe otro usuario con esa dirección de correo")); $error = true; } if (preg_match('/[ \']/', $_POST["password"]) || preg_match('/[ \']/', $_POST["password2"])) { register_error(_("Caracteres inválidos en la clave")); $error = true; } if (strlen($_POST["password"]) < 5) { register_error(_("Clave demasiado corta, debe ser de 5 o más caracteres")); $error = true; } if ($_POST["password"] !== $_POST["password2"]) { register_error(_("Las claves no coinciden")); $error = true; } // Check registers from the same IP network $user_ip = $globals['user_ip']; $ip_classes = explode(".", $user_ip); // From the same IP $registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 24 hour) and log_type in ('user_new', 'user_delete') and log_ip = '{$user_ip}'"); if ($registered > 0) { syslog(LOG_NOTICE, "Meneame, register not accepted by IP address ({$_POST['username']}) {$user_ip}"); register_error(_("Para registrar otro usuario desde la misma dirección debes esperar 24 horas.")); $error = true; } if ($error) { return false; } // Check class // nnn.nnn.nnn $ip_class = $ip_classes[0] . '.' . $ip_classes[1] . '.' . $ip_classes[2] . '.%'; $registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 6 hour) and log_type in ('user_new', 'user_delete') and log_ip like '{$ip_class}'"); if ($registered > 0) { syslog(LOG_NOTICE, "Meneame, register not accepted by IP class ({$_POST['username']}) {$ip_class}"); register_error(_("Para registrar otro usuario desde la misma red debes esperar 6 horas.") . " ({$ip_class})"); $error = true; } if ($error) { return false; } // Check class // nnn.nnn $ip_class = $ip_classes[0] . '.' . $ip_classes[1] . '.%'; $registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 1 hour) and log_type in ('user_new', 'user_delete') and log_ip like '{$ip_class}'"); if ($registered > 2) { syslog(LOG_NOTICE, "Meneame, register not accepted by IP class ({$_POST['username']}) {$ip_class}"); register_error(_("Para registrar otro usuario desde la misma red debes esperar unos minutos.") . " ({$ip_class})"); $error = true; } if ($error) { return false; } return true; }