function save_comment()
{
global $link, $db, $comment, $current_user, $globals, $site_key;
// Warning, trillion of checkings :-(
$user_id = intval($_POST['user_id']);
if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.1 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && strlen(trim($_POST['comment_content'])) > 2) {
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
if ($current_user->user_level == 'god') {
if ($_POST['type'] == 'admin') {
$comment->type = 'admin';
} else {
$comment->type = 'normal';
}
}
if (!$current_user->admin) {
$comment->get_links();
}
if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})");
echo _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
die;
}
if (strlen($comment->content) > 0) {
$comment->store();
}
header('Location: ' . $link->get_permalink() . '#c-' . $comment->order);
die;
} else {
echo _('error actualizando, probablemente tiempo de edición excedido');
die;
}
}
function save_post($message_id)
{
global $link, $db, $message, $current_user, $globals, $site_key;
$message = new PrivateMessage();
$to_user = User::get_valid_username($_POST['to_user']);
if (!$to_user) {
echo 'ERROR: ' . _('nombre de usuario erróneo');
die;
}
$to = User::get_user_id($to_user);
if (!$to > 0) {
echo 'ERROR: ' . _('usuario erróneo');
die;
}
if (!PrivateMessage::can_send($current_user->user_id, $to)) {
echo 'ERROR: ' . _('el destinatario no lo tiene amigado');
die;
}
$_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']);
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
echo 'ERROR: ' . $limit_exceded;
die;
}
}
if (mb_strlen($_POST['post']) < 2) {
echo 'ERROR: ' . _('texto muy corto');
die;
}
if ($current_user->user_id != intval($_POST['author'])) {
die;
}
// Check the post wasn't already stored
$message->randkey = intval($_POST['key']);
$message->author = $current_user->user_id;
$message->to = $to;
$message->content = $_POST['post'];
$db->transaction();
$dupe = intval($db->get_var("select count(*) from privates where user = {$current_user->user_id} and date > date_sub(now(), interval 5 minute) and randkey = {$message->randkey} FOR UPDATE"));
if (!$dupe) {
// Verify that there are a period of 1 minute between posts.
if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 15 second)")) > 0) {
echo 'ERROR: ' . _('debe esperar 15 segundos entre mensajes');
$db->rollback();
die;
}
// Verify that there less than X messages from the same user in a day
if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 1 day)")) > 160) {
echo 'ERROR: ' . _('demasiados mensajes en un día');
die;
}
$db->commit();
$message->store();
notify_user($current_user->user_id, $to, $message->content);
User::add_notification($message->to, 'private');
} else {
$db->commit();
echo 'ERROR: ' . _('mensaje grabado previamente');
die;
}
// Check image upload or delete
if ($_POST['image_delete']) {
$message->delete_image();
} else {
$message->store_image_from_form('image');
}
$message = PrivateMessage::from_db($message->id);
// Reread the object
$message->print_summary();
}
function check_chat()
{
global $db, $current_user, $now, $now_f, $globals, $events;
if (empty($_POST['chat'])) {
return;
}
$comment = trim(preg_replace("/[\r\n\t]/", ' ', $_REQUEST['chat']));
$comment = clear_whitespace($comment);
if ($current_user->user_id > 0 && strlen(strip_tags($comment)) > 2) {
// Sends a message back if the user has a very low karma
if ($globals['min_karma_for_sneaker'] > 0 && $current_user->user_karma < $globals['min_karma_for_sneaker']) {
$comment = _('no tienes suficiente karma para comentar en la fisgona') . ' (' . $current_user->user_karma . ' < ' . $globals['min_karma_for_sneaker'] . ')';
send_chat_warn($comment);
return;
}
$period = $now - 4;
$counter = intval($db->get_var("select count(*) from chats where chat_time > {$period} and chat_uid = {$current_user->user_id}"));
if ($counter > 0) {
$comment = _('tranquilo charlatán') . ' ;-)';
send_chat_warn($comment);
return;
}
if (check_ban_proxy()) {
send_chat_warn(_('proxy abierto no permitido'));
return;
}
if (preg_match('/^!/', $comment)) {
require_once 'sneaker-stats.php';
if (!($comment = check_stats($comment))) {
send_chat_warn(_('comando no reconocido'));
} else {
send_string($comment);
}
return;
} else {
$comment = clean_text_with_tags($comment);
$comment = preg_replace('/(^|[\\s\\.,¿#@])\\/me([\\s\\.,\\?]|$)/', "\$1<i>{$current_user->user_login}</i>\$2", $comment);
if (mb_strlen($comment) > 255) {
// Cut text longer that database, to avoid unclosed html tags
$comment = mb_substr($comment, 0, 1) . mb_substr($comment, -254, 254);
}
}
$from = $now - 1500;
$db->query("delete from chats where chat_time < {$from}");
if ((!empty($_REQUEST['admin']) || preg_match('/^#/', $comment)) && $current_user->admin) {
$room = 'admin';
$comment = preg_replace('/^# */', '', $comment);
} elseif (!empty($_REQUEST['friends']) || preg_match('/^@/', $comment)) {
$room = 'friends';
$comment = preg_replace('/^@ */', '', $comment);
} else {
$room = 'all';
}
if (strlen($comment) > 0) {
$comment = $db->escape(trim(normalize_smileys($comment)));
$db->query("insert into chats (chat_time, chat_uid, chat_room, chat_user, chat_text) values ({$now_f}, {$current_user->user_id}, '{$room}', '{$current_user->user_login}', '{$comment}')");
}
}
}
static function save_from_post($link) {
global $db, $current_user, $globals;
require_once(mnminclude.'ban.php');
$error = '';
if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida');
// Check if is a POST of a comment
if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 &&
$link->comments < $globals['max_comments'] &&
intval($_POST['link_id']) == $link->id && $current_user->authenticated &&
intval($_POST['user_id']) == $current_user->user_id &&
intval($_POST['randkey']) > 0
)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment;
$comment->link=$link->id;
$comment->ip = $db->escape($globals['user_ip']);
$comment->randkey=intval($_POST['randkey']);
$comment->author=intval($_POST['user_id']);
$comment->karma=round($current_user->user_karma);
$comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
$comment->parent=intval($_POST['parent_id']);
//get level
$parentComment = new Comment();
$parentComment->id = intval($comment->parent);
$parentComment->read_basic();
if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) {
return _('Chegache ao nivel límite de comentarios aniñados...');
}
$comment->nested_level = $parentComment->nested_level + 1;
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours+1);
if ( $clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
// Check the comment wasn't already stored
$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey"));
if ($already_stored) {
return _('comentario duplicado');
}
if (! $current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) $same_links_count *= 2;
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma/6, 2) * 2.5);
if ($comment_count > $comment_limit || $same_count > 2) {
$reduction = 0;
if ($comment_count > $comment_limit) {
$reduction += ($comment_count-3) * 0.1;
}
if($same_count > 1) {
$reduction += $same_count * 0.25;
}
if ($reduction > 0) {
$user = new User;
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)");
$user->store();
$annotation = new Annotation("karma-$user->id");
$annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n");
$error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces');
}
}
$db->transaction();
$comment->store();
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Comment stored, just redirect to it page
header('Location: '.$link->get_permalink() . '#c-'.$comment->order);
die;
//return $error;
}
public static function store_extended_properties($id = false, &$prefs)
{
if ($id == false) {
$id = self::my_id();
}
$dict = array();
$defaults = self::$extended_properties;
foreach ($prefs as $k => $v) {
if ($v !== '' && isset($defaults[$k]) && $defaults[$k] != $v) {
switch ($k) {
case 'rules':
case 'message':
$dict[$k] = clean_text_with_tags($v, 0, false, 300);
break;
default:
$dict[$k] = mb_substr(clean_input_string($v), 0, 100);
}
}
}
$key = self::PREFERENCES_KEY . $id;
$a = new Annotation($key);
if (!empty($dict)) {
$json = json_encode($dict);
$a->text = $json;
return $a->store();
}
return $a->delete();
}
function save_post($post_id)
{
global $link, $db, $post, $current_user, $globals, $site_key;
$post = new Post();
$_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']);
if (mb_strlen($_POST['post']) < 5) {
echo 'ERROR: ' . _('texto muy corto');
die;
}
if ($post_id > 0) {
$post->id = $post_id;
if (!$post->read()) {
die;
}
if ((intval($_POST['user_id']) == $current_user->user_id && $current_user->user_id == $post->author && time() - $post->date < 3600 || $current_user->user_level == 'god' && time() - $post->date < 864000) && $_POST['key'] == $post->randkey) {
$post->content = $_POST['post'];
if (strlen($post->content) > 0) {
$post->store();
}
} else {
echo 'ERROR: ' . _('no tiene permisos para grabar');
die;
}
} else {
if ($current_user->user_id != intval($_POST['user_id'])) {
die;
}
if ($current_user->user_karma < $globals['min_karma_for_posts']) {
echo 'ERROR: ' . _('el karma es muy bajo');
die;
}
// Check the post wasn't already stored
$post->randkey = intval($_POST['key']);
$post->author = $current_user->user_id;
$post->content = $_POST['post'];
$dupe = intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 1 hour) and post_randkey = {$post->randkey}"));
if (!$dupe && !$post->same_text_count()) {
// Verify that there are a period of 1 minute between posts.
if (intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 1 minute)")) > 0) {
echo 'ERROR: ' . _('debe esperar 1 minuto entre notas');
die;
}
$same_links = $post->same_links_count();
if ($same_links > 2) {
$user = new User();
$user->id = $current_user->user_id;
$user->read();
$reduction = $same_links * 0.2;
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: post_edit decreasing {$reduction} of karma to {$user->username} (now {$user->karma})");
$user->store();
$annotation = new Annotation("karma-{$user->id}");
$annotation->append(_('demasiados enlaces al mismo dominio en las notas') . ": -{$reduction}, karma: {$user->karma}\n");
}
// Check again for last seconds, ajax calls sometimes add two posts
$dupe = intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 10 second) and post_randkey = {$post->randkey}"));
if (!$dupe) {
$post->store();
}
} else {
echo 'ERROR: ' . _('comentario grabado previamente');
die;
}
}
$post->print_summary();
}
function do_save() {
global $linkres, $dblang, $current_user;
$linkres->read_content_type_buttons($_POST['type']);
$linkres->category=intval($_POST['category']);
if ($current_user->admin) {
if (!empty($_POST['url'])) {
$linkres->url = clean_input_url($_POST['url']);
}
if ($_POST['thumb_delete']) {
$linkres->delete_thumb();
}
if ($_POST['thumb_get']) {
$linkres->get_thumb();
}
}
$linkres->title = clean_text($_POST['title'], 40);
$linkres->content = clean_text_with_tags($_POST['bodytext']);
$linkres->tags = tags_normalize_string($_POST['tags']);
// change the status
if ($_POST['status'] != $linkres->status
&& ($_POST['status'] == 'autodiscard' || $current_user->admin)
&& preg_match('/^[a-z]{4,}$/', $_POST['status'])
&& ( ! $linkres->is_discarded() || $current_user->admin)) {
if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
// Insert a log entry if the link has been manually discarded
$insert_discard_log = true;
}
$linkres->status = $_POST['status'];
}
// EVENTS
$d = $_POST["datepicker1"];
$linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
$d = $_POST["datepicker2"];
$linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
if (!link_edit_errors($linkres)) {
if (empty($linkres->uri)) $linkres->get_uri();
$linkres->store();
tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
// Insert edit log/event if the link it's newer than 15 days
if ($globals['now'] - $linkres->date < 86400*15) {
require_once(mnminclude.'log.php');
if ($insert_discard_log) {
// Insert always a link and discard event if the status has been changed to discard
log_insert('link_discard', $linkres->id, $current_user->user_id);
if ($linkres->author == $current_user->user_id) { // Don't save edit log if it's discarded by an admin
log_insert('link_edit', $linkres->id, $current_user->user_id);
}
} elseif ($linkres->votes > 0) {
log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
}
}
echo '<div class="form-error-submit"> '._("noticia actualizada").'</div>'."\n";
}
$linkres->read();
echo '<div class="formnotice">'."\n";
$linkres->print_summary('preview');
echo '</div>'."\n";
echo '<form class="note" method="GET" action="story.php" >';
echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
echo '<input class="button" type="button" onclick="window.history.go(-1)" value="« '._('modificar').'"> '."\n";;
echo '<input class="button" type="submit" value="'._('ir a la noticia').'" />'."\n";
echo '</form>'. "\n";
}
function do_submit2() {
global $db, $dblang, $globals;
$linkres=new Link;
$linkres->id=$link_id = intval($_POST['id']);
$linkres->read();
if(report_dupe($linkres->url)) return;
$linkres->read_content_type_buttons($_POST['type']);
// Check if the title contains [IMG], [IMGs], (IMG)... and mark it as image
if (preg_match('/[\(\[](IMG|PICT*)s*[\)\]]/i', $_POST['title'])) {
$_POST['title'] = preg_replace('/[\(\[](IMG|PICT*)s*[\)\]]/i', ' ', $_POST['title']);
$linkres->content_type = 'image';
} elseif (preg_match('/[\(\[](VID|VIDEO|Vídeo*)s*[\)\]]/i', $_POST['title'])) {
$_POST['title'] = preg_replace('/[\(\[](VID|VIDEO|Vídeo*)s*[\)\]]/i', ' ', $_POST['title']);
$linkres->content_type = 'video';
}
$linkres->category=intval($_POST['category']);
$linkres->title = clean_text(preg_replace('/(\w) *[;.,] *$/', "$1", $_POST['title']), 40); // It also deletes punctuaction signs at the end
$linkres->tags = tags_normalize_string($_POST['tags']);
$linkres->content = clean_text_with_tags($_POST['bodytext']);
// EVENTS
$d = $_POST["datepicker1"];
$linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
$d = $_POST["datepicker2"];
$linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);
if (link_errors($linkres)) {
echo '<form class="genericform">'."\n";
echo '<p><input class="button" type=button onclick="window.history.go(-1)" value="« '._('retroceder').'"/></p>'."\n";
echo '</form>'."\n";
echo '</div>'."\n"; // opened in print_form_submit_error
return;
}
$linkres->store();
tags_insert_string($linkres->id, $dblang, $linkres->tags);
$linkres->read();
$edit = true;
$link_title = $linkres->title;
$link_content = $linkres->content;
preload_indicators();
echo '<div class="genericform">'."\n";
echo '<h2>'._('envío de una nueva noticia: paso 3 de 3').'</h2>'."\n";
echo '<form action="submit.php" method="post" class="genericform" onSubmit="$(\'#working\').html(\''._('enviando trackbacks').'... <img src=\\\'\'+img_src1+\'\\\'/>\'); return true;">'."\n";
echo '<fieldset><legend><span class="sign">'._('detalles de la noticia').'</span></legend>'."\n";
echo '<div class="genericformtxt"><label>'._('ATENCIÓN: esto es sólo una muestra!').'</label> <br/>'._('Ahora puedes 1) ').'<label>'._('retroceder').'</label>'._(' o 2) ').'<label>'._('enviar a la cola y finalizar').'</label>. '._('Cualquier otro clic convertirá tu noticia en comida para <del>gatos</del> elefantes (o no).').'</div>';
echo '<div class="formnotice">'."\n";
$linkres->print_summary('preview');
echo '</div>'."\n";
echo '<input type="hidden" name="phase" value="3" />'."\n";
echo '<input type="hidden" name="randkey" value="'.intval($_POST['randkey']).'" />'."\n";
echo '<input type="hidden" name="key" value="'.$_POST['key'].'" />'."\n";
echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
echo '<input type="hidden" name="trackback" value="'.htmlspecialchars(trim($_POST['trackback'])).'" />'."\n";
echo '<br style="clear: both;" /><br style="clear: both;" />'."\n";
echo '<input class="button" type="button" onclick="window.history.go(-1)" value="« '._('retroceder').'"/> '."\n";
echo '<input class="button" type="submit" value="'._('enviar a la cola y finalizar').' »" ';
echo '/> <span id="working"> </span>';
echo '</fieldset>'."\n";
echo '</form>'."\n";
echo '</div>'."\n";
}
static function save_from_post($link, $redirect = true)
{
global $db, $current_user, $globals;
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment();
$comment->link = $link->id;
$comment->ip = $globals['user_ip'];
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours + 1);
if ($clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) {
// Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
if (!$current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) {
$same_links_count *= 2;
}
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5);
$karma_penalty = 0;
if ($comment_count > $comment_limit || $same_count > 2) {
if ($comment_count > $comment_limit) {
$karma_penalty += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$karma_penalty += $same_count * 0.25;
}
}
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$db->transaction();
// Check the comment wasn't already stored
$r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE"));
$already_stored = intval($r);
if ($already_stored) {
$db->rollback();
return _('comentario duplicado');
}
if ($karma_penalty > 0) {
$db->rollback();
$user = new User($current_user->user_id);
$user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios'));
return _('penalización de karma por texto repetido o abuso de enlaces');
}
if (!is_null($r) && $comment->store()) {
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
if ($redirect) {
// Comment stored, just redirect to it page
header('HTTP/1.1 303 Load');
header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order);
die;
} else {
return $comment;
}
}
$db->rollback();
return _('error insertando comentario');
//return $error;
}
function check_and_save($comment, $link)
{
global $db, $current_user, $globals, $site_key;
// Warning, trillion of checkings :-(
// TODO: unify with Comment::save_from_post(), careful with the differences
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$user_id = intval($_POST['user_id']);
if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.5 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && mb_strlen(trim($_POST['comment_content'])) > 2) {
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
if ($current_user->user_level == 'god') {
if ($_POST['type'] == 'admin') {
$comment->type = 'admin';
} else {
$comment->type = 'normal';
}
}
if (!$current_user->admin) {
$comment->get_links();
}
if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
if (mb_strlen($comment->content) > 0) {
$comment->store();
}
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
return $comment;
}
return _('error actualizando, probablemente tiempo de edición excedido');
}
function save_post($post_id)
{
global $link, $db, $post, $current_user, $globals, $site_key;
$post = new Post();
$_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']);
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
echo 'ERROR: ' . $limit_exceded;
die;
}
}
if (mb_strlen($_POST['post']) < 5) {
echo 'ERROR: ' . _('texto muy corto');
die;
}
if ($post_id > 0) {
$post->id = $post_id;
if (!$post->read()) {
die;
}
if ((intval($_POST['user_id']) == $current_user->user_id && $current_user->user_id == $post->author && time() - $post->date < 3600 || $current_user->user_level == 'god' && time() - $post->date < $globals['posts_edit_time_admin'] * 1.5) && $_POST['key'] == $post->randkey) {
$post->content = $_POST['post'];
if (strlen($post->content) > 0) {
$post->store();
store_image($post);
}
} else {
echo 'ERROR: ' . _('no tiene permisos para grabar');
die;
}
} else {
if ($current_user->user_id != intval($_POST['user_id'])) {
die;
}
if ($current_user->user_karma < $globals['min_karma_for_posts']) {
echo 'ERROR: ' . _('el karma es muy bajo');
die;
}
// Check the post wasn't already stored
$post->randkey = intval($_POST['key']);
$post->author = $current_user->user_id;
$post->content = $_POST['post'];
// Verify that there are a period of 1 minute between posts.
if (intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval " . $globals['posts_period'] . " second)")) > 0) {
echo 'ERROR: ' . _('debe esperar entre notas');
die;
}
$same_text = $post->same_text_count();
$same_links = $post->same_links_count(10);
$db->transaction();
$r = $db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 5 minute) and post_randkey = {$post->randkey} FOR UPDATE");
$dupe = intval($r);
if (!is_null($r) && !$dupe && !$same_text) {
if ($same_links > 2) {
$reduction = $same_links * 0.2;
$user = new User($current_user->user_id);
$user->add_karma(-$reduction, _('demasiados enlaces al mismo dominio en las notas'));
syslog(LOG_NOTICE, "Meneame: post_edit decreasing {$reduction} of karma to {$user->username} (now {$user->karma})");
}
$post->store();
$db->commit();
store_image($post);
} else {
$db->commit();
echo 'ERROR: ' . _('comentario grabado previamente');
die;
}
}
$post->print_summary();
}
function check_field_errors()
{
global $globals;
$errors = array();
if (!$this->sub_id > 0) {
$errors[] = _("sub no seleccionado");
$site_id = SitesMgr::my_id();
} else {
$site_id = $this->sub_id;
}
$properties = SitesMgr::get_extended_properties($site_id);
if (empty($this->url) && empty($properties['no_link'])) {
$errors[] = _("falta url enlace");
}
// Filter content and title
// It also deletes punctuaction marks at the end
$this->title = clean_text(preg_replace('/(\\w) *[.,] *$/', "\$1", $this->title), 50, true, 120);
if ($properties['allow_paragraphs']) {
$replace_nl = false;
} else {
$replace_nl = true;
}
$this->content = clean_text_with_tags($this->content, 0, $replace_nl, $properties['intro_max_len']);
if (mb_strlen($this->title) < 8) {
$errors[] = _("título incompleto");
}
if (get_uppercase_ratio($this->title) > 0.5) {
$errors[] = "demasiadas mayúsculas en el título";
}
/* The length is already constrained in clean_text()
if(mb_strlen(html_entity_decode($this->title, ENT_COMPAT, 'UTF-8'), 'UTF-8') > 120) {
$errors[] = ("título demasiado largo");
}
*/
if ($properties['intro_max_len'] > 0 && $properties['intro_min_len'] > 0 && mb_strlen($this->content) < $properties['intro_min_len']) {
$errors[] = _("texto incompleto");
}
if (get_uppercase_ratio($this->content) > 0.3) {
$errors[] = "demasiadas mayúsculas en el texto";
}
/* Already constrained in clean_text_with_tags()
if( $properties['intro_max_len'] > 0 && mb_strlen(html_entity_decode($this->content, ENT_COMPAT, 'UTF-8'), 'UTF-8') > $properties['intro_max_len'] ) {
$errors[] = ("texto demasiado largo");
}
*/
if (strlen($this->tags) < 3) {
$errors[] = "no has puesto etiquetas";
}
if (preg_match('/.*http:\\//', $this->title)) {
$errors[] = "no pongas URLs en el título, no ofrece información";
}
return $errors;
}
function do_save($link)
{
global $dblang, $globals, $current_user, $db;
// Store previous value for the log
$link_old = new stdClass();
$link_old->url = $link->url;
$link_old->title = $link->title;
$link_old->content = $link->content;
$link_old->category = $link->category_name;
$link_old->tags = $link->tags;
$link_old->status = $link->status;
$link->read_content_type_buttons($_POST['type']);
$link->category = intval($_POST['category']);
if ($current_user->admin || $current_user->user_level == 'blogger') {
if (!empty($_POST['url'])) {
$link->url = clean_input_url($_POST['url']);
}
if ($_POST['thumb_delete']) {
$link->delete_thumb();
}
if ($_POST['thumb_get']) {
$link->get_thumb();
} elseif (!empty($_POST['thumb_url'])) {
$url = clean_input_url($_POST['thumb_url']);
$link->get_thumb(false, $url);
}
}
$link->title = clean_text($_POST['title'], 50);
$link->content = clean_text_with_tags($_POST['bodytext']);
$link->tags = tags_normalize_string($_POST['tags']);
// change the status
if ($_POST['status'] != $link->status && ($_POST['status'] == 'autodiscard' || $current_user->admin) && preg_match('/^[a-z]{4,}$/', $_POST['status']) && (!$link->is_discarded() || $current_user->admin)) {
if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
// Insert a log entry if the link has been manually discarded
$insert_discard_log = true;
}
$link->status = $_POST['status'];
}
$errors = link_edit_errors($link);
if (!$errors) {
if (empty($link->uri)) {
$link->get_uri();
}
// Check the blog_id
$blog_id = Blog::find_blog($link->url, $link->id);
if ($blog_id > 0 && $blog_id != $link->blog) {
$link->blog = $blog_id;
}
$db->transaction();
$link->store();
// Disabled table tags
// tags_insert_string($link->id, $dblang, $link->tags, $link->date);
// Insert edit log/event if the link it's newer than 15 days
if ($globals['now'] - $link->date < 86400 * 15) {
if ($insert_discard_log) {
// Insert always a link and discard event if the status has been changed to discard
Log::insert('link_discard', $link->id, $current_user->user_id);
if ($link->author == $current_user->user_id) {
// Don't save edit log if it's discarded by an admin
Log::insert('link_edit', $link->id, $current_user->user_id);
}
} elseif ($link->votes > 0) {
Log::conditional_insert('link_edit', $link->id, $current_user->user_id, 60, serialize($link_old));
}
}
// Check this one is a draft, allows the user to save and send it to the queue
if ($link->votes == 0 && $link->status != 'queued' && $link->author == $current_user->user_id) {
$link->enqueue();
}
$db->commit();
}
$link->read();
Haanga::Load('link/edit_result.html', compact('link', 'errors'));
}
function get($url, $maxlen = 150000, $check_ban = true)
{
global $globals, $current_user;
$url = trim($url);
$url_components = @parse_url($url);
$this->noiframe = false;
if ($response = get_url($url)) {
$this->content_type = preg_replace('#^(\\w+).+#', '$1', $response['content_type']);
// Check if it has pingbacks
if (preg_match('/X-Pingback: *(.+)/i', $response['header'], $match)) {
$this->pingback = 'ping:' . clean_input_url($match[1]);
}
/* Were we redirected? */
if ($response['redirect_count'] > 0) {
/* update $url with where we were redirected to */
$new_url = clean_input_url($response['location']);
}
if (!empty($new_url) && $new_url != $url) {
syslog(LOG_NOTICE, "Meneame, redirected ({$current_user->user_login}): {$url} -> {$new_url}");
/* Check again the url */
if (!$this->check_url($new_url, $check_ban, true)) {
$this->url = $new_url;
return false;
}
// Change the url if we were directed to another host
if (strlen($new_url) < 300 && ($new_url_components = @parse_url($new_url))) {
if ($url_components['host'] != $new_url_components['host']) {
syslog(LOG_NOTICE, "Meneame, changed source URL ({$current_user->user_login}): {$url} -> {$new_url}");
$url = $new_url;
$url_components = $new_url_components;
}
}
}
$this->html = $response['content'];
$url_ok = true;
} else {
syslog(LOG_NOTICE, "Meneame, error getting ({$current_user->user_login}): {$url}");
$url_ok = false;
}
$this->url = $url;
// Fill content type if empty
// Right now only check for typical image extensions
if (empty($this->content_type)) {
if (preg_match('/(jpg|jpeg|gif|png)(\\?|#|$)/i', $this->url)) {
$this->content_type = 'image';
}
}
// NO more to do
if (!$url_ok || !preg_match('/html/', $response['content_type'])) {
return true;
}
// Check if it forbides including in an iframe
if (preg_match('/X-Frame-Options: *(.+)/i', $response['header']) || preg_match('/top\\.location\\.href *=/', $response['content'])) {
$this->noiframe = true;
}
if (preg_match('/charset=([a-zA-Z0-9-_]+)/i', $this->html, $matches)) {
$this->encoding = trim($matches[1]);
if (strcasecmp($this->encoding, 'utf-8') != 0) {
$this->html = iconv($this->encoding, 'UTF-8//IGNORE', $this->html);
}
}
// Check if the author doesn't want to share
if (preg_match('/<!-- *noshare *-->/', $this->html)) {
$this->ban = array();
$this->ban['comment'] = _('el autor no desea que se envíe el artículo, respeta sus deseos');
syslog(LOG_NOTICE, "Meneame, noshare ({$current_user->user_login}): {$url}");
return false;
}
// Now we analyse the html to find links to banned domains
// It avoids the trick of using google or technorati
// Ignore it if the link has a rel="nofollow" to ignore comments in blogs
if (!preg_match('/content="[^"]*(vBulletin|phpBB)/i', $this->html)) {
preg_match_all('/(< *meta +http-equiv|< *frame[^<]*>|window\\.|document.\\|parent\\.|top\\.|self\\.)[^><]*(url|src|replace) *[=\\(] *[\'"]{0,1}https*:\\/\\/[^\\s "\'>]+[\'"\\;\\)]{0,1}[^>]*>/i', $this->html, $matches);
} else {
preg_match_all('/(<* meta +http-equiv|<* iframe|<* frame[^<]*>|window\\.|document.\\|parent\\.|top\\.|self\\.)[^><]*(href|url|src|replace) *[=\\(] *[\'"]{0,1}https*:\\/\\/[^\\s "\'>]+[\'"\\;\\)]{0,1}[^>]*>/i', $this->html, $matches);
}
$check_counter = 0;
$second_level = preg_quote(preg_replace('/^(.+\\.)*([^\\.]+)\\.[^\\.]+$/', "\$2", $url_components['host']));
foreach ($matches[0] as $match) {
if (!preg_match('/<a.+rel=.*nofollow.*>/', $match)) {
preg_match('/(href|url|src|replace) *[=\\(] *[\'"]{0,1}(https*:\\/\\/[^\\s "\'>]+)[\'"\\;\\)]{0,1}/i', $match, $url_a);
$embeded_link = $url_a[2];
$new_url_components = @parse_url($embeded_link);
if (!empty($embeded_link) && $check_counter < 5 && !$checked_links[$new_url_components['host']]) {
if (!preg_match("/{$second_level}\\.[^\\.]+\$/", $new_url_components['host'])) {
$check_counter++;
}
$checked_links[$new_url_components['host']] = true;
if (!$this->check_url($embeded_link, false) && $this->banned) {
return false;
}
}
}
}
// The URL has been checked
$this->valid = true;
if (preg_match('/<title[^<>]*>([^<>]*)<\\/title>/si', $this->html, $matches)) {
$url_title = clean_text($matches[1]);
if (mb_strlen($url_title) > 3) {
$this->url_title = $url_title;
}
}
if (preg_match('/< *meta +name=[\'"]description[\'"] +content=[\'"]([^<>]+)[\'"] *\\/*>/si', $this->html, $matches)) {
$this->url_description = clean_text_with_tags($matches[1], 0, false, 400);
}
return true;
}
function do_submit2()
{
global $db, $dblang, $globals, $errors;
$link = new Link();
$link->id = $link_id = intval($_POST['id']);
$link->read();
if (report_duplicated($link->url)) {
return true;
}
$link->read_content_type_buttons($_POST['type']);
// Check if the title contains [IMG], [IMGs], (IMG)... and mark it as image
if (preg_match('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', $_POST['title'])) {
$_POST['title'] = preg_replace('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', ' ', $_POST['title']);
$link->content_type = 'image';
} elseif (preg_match('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', $_POST['title'])) {
$_POST['title'] = preg_replace('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', ' ', $_POST['title']);
$link->content_type = 'video';
}
$link->category = intval($_POST['category']);
$link->title = clean_text(preg_replace('/(\\w) *[;.,] *$/', "\$1", $_POST['title']), 40);
// It also deletes punctuaction signs at the end
$link->tags = tags_normalize_string($_POST['tags']);
$link->key = $_POST['key'];
$link->content = clean_text_with_tags($_POST['bodytext']);
if (link_errors($link)) {
// Show the edit form again
$link->is_new = true;
// Disable several options in the editing form
Haanga::Load('link/submit1.html', compact('link', 'errors'));
return true;
}
$link->store();
// Disabled table tags
// tags_insert_string($link->id, $dblang, $link->tags);
$link->read();
$link->randkey = $_POST['randkey'];
$related = $link->get_related(6);
Haanga::Load('link/submit2.html', compact('link', 'errors', 'related'));
return true;
}
public static function store_extended_properties($id = false, &$prefs)
{
if ($id == false) {
$id = self::my_id();
}
$dict = array();
$defaults = array_merge(self::$extended_properties, self::$extra_extended_properties);
foreach ($prefs as $k => $v) {
if ($v !== '' && isset($defaults[$k]) && $defaults[$k] != $v) {
switch ($k) {
case 'rules':
case 'message':
$dict[$k] = clean_text_with_tags($v, 0, false, 3000);
break;
case 'post_html':
// TODO: validate the HTML
$dict[$k] = $v;
break;
default:
if (isset($defaults[$k]) && is_int($defaults[$k])) {
$dict[$k] = intval($v);
} else {
$dict[$k] = mb_substr(clean_input_string($v), 0, 140);
}
}
}
}
$key = self::PREFERENCES_KEY . $id;
$a = new Annotation($key);
if (!empty($dict)) {
$json = json_encode($dict);
$a->text = $json;
return $a->store();
}
return $a->delete();
}
