Пример #1
0
function qa_user_permit_error($permitoption = null, $limitaction = null, $userlevel = null, $checkblocks = true)
{
    if (qa_to_override(__FUNCTION__)) {
        $args = func_get_args();
        return qa_call_override(__FUNCTION__, $args);
    }
    require_once QA_INCLUDE_DIR . 'app/limits.php';
    $userid = qa_get_logged_in_userid();
    if (!isset($userlevel)) {
        $userlevel = qa_get_logged_in_level();
    }
    $flags = qa_get_logged_in_flags();
    if (!$checkblocks) {
        $flags &= ~QA_USER_FLAGS_USER_BLOCKED;
    }
    $error = qa_permit_error($permitoption, $userid, $userlevel, $flags);
    if ($checkblocks && !$error && qa_is_ip_blocked()) {
        $error = 'ipblock';
    }
    if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_CONFIRM && qa_opt('confirm_user_emails')) {
        $error = 'confirm';
    }
    if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_APPROVE && qa_opt('moderate_users')) {
        $error = 'approve';
    }
    if (isset($limitaction) && !$error) {
        if (qa_user_limits_remaining($limitaction) <= 0) {
            $error = 'limit';
        }
    }
    return $error;
}
function qa_page_q_edit_a_submit($answer, $question, $answers, $commentsfollows, &$in, &$errors)
{
    $answerid = $answer['postid'];
    $prefix = 'a' . $answerid . '_';
    $in = array('dotoc' => qa_post_text($prefix . 'dotoc'), 'commenton' => qa_post_text($prefix . 'commenton'));
    if ($answer['isbyuser']) {
        $in['name'] = qa_post_text($prefix . 'name');
        $in['notify'] = qa_post_text($prefix . 'notify') ? true : false;
        $in['email'] = qa_post_text($prefix . 'email');
    }
    if (!qa_user_post_permit_error('permit_edit_silent', $answer)) {
        $in['silent'] = qa_post_text($prefix . 'silent');
    }
    qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']);
    // here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters
    $errors = array();
    if (!qa_check_form_security_code('edit-' . $answerid, qa_post_text($prefix . 'code'))) {
        $errors['content'] = qa_lang_html('misc/form_security_again');
    } else {
        $in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($answer));
        $filtermodules = qa_load_modules_with('filter', 'filter_answer');
        foreach ($filtermodules as $filtermodule) {
            $oldin = $in;
            $filtermodule->filter_answer($in, $errors, $question, $answer);
            qa_update_post_text($in, $oldin);
        }
        if (empty($errors)) {
            $userid = qa_get_logged_in_userid();
            $handle = qa_get_logged_in_handle();
            $cookieid = qa_cookie_get();
            if (!isset($in['silent'])) {
                $in['silent'] = false;
            }
            $setnotify = $answer['isbyuser'] ? qa_combine_notify_email($answer['userid'], $in['notify'], $in['email']) : $answer['notify'];
            if ($in['dotoc'] && ($in['commenton'] == $question['postid'] && $question['commentable'] || $in['commenton'] != $answerid && @$answers[$in['commenton']]['commentable'])) {
                // convert to a comment
                if (qa_user_limits_remaining(QA_LIMIT_COMMENTS)) {
                    // already checked 'permit_post_c'
                    qa_answer_to_comment($answer, $in['commenton'], $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $answers, $commentsfollows, @$in['name'], $in['queued'], $in['silent']);
                    return 'C';
                    // to signify that redirect should be to the comment
                } else {
                    $errors['content'] = qa_lang_html('question/comment_limit');
                }
                // not really best place for error, but it will do
            } else {
                qa_answer_set_content($answer, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, @$in['name'], $in['queued'], $in['silent']);
                return 'A';
            }
        }
    }
    return null;
}
Пример #3
0
function qa_page_q_single_click_c($comment, $question, $parent, &$error)
{
    $userid = qa_get_logged_in_userid();
    $handle = qa_get_logged_in_handle();
    $cookieid = qa_cookie_get();
    $prefix = 'c' . $comment['postid'] . '_';
    if (qa_clicked($prefix . 'dohide') && $comment['hideable'] || qa_clicked($prefix . 'doreject') && $comment['moderatable']) {
        if (qa_page_q_click_check_form_code($parent, $error)) {
            qa_comment_set_hidden($comment, true, $userid, $handle, $cookieid, $question, $parent);
            return true;
        }
    }
    if (qa_clicked($prefix . 'doreshow') && $comment['reshowable'] || qa_clicked($prefix . 'doapprove') && $comment['moderatable']) {
        if (qa_page_q_click_check_form_code($parent, $error)) {
            if ($comment['moderatable'] || $comment['reshowimmed']) {
                $status = QA_POST_STATUS_NORMAL;
            } else {
                $in = qa_page_q_prepare_post_for_filters($comment);
                $filtermodules = qa_load_modules_with('filter', 'filter_comment');
                // run through filters but only for queued status
                foreach ($filtermodules as $filtermodule) {
                    $tempin = $in;
                    // always pass original comment in because we aren't modifying anything else
                    $filtermodule->filter_comment($tempin, $temperrors, $question, $parent, $comment);
                    $in['queued'] = $tempin['queued'];
                    // only preserve queued status in loop
                }
                $status = $in['queued'] ? QA_POST_STATUS_QUEUED : QA_POST_STATUS_NORMAL;
            }
            qa_comment_set_status($comment, $status, $userid, $handle, $cookieid, $question, $parent);
            return true;
        }
    }
    if (qa_clicked($prefix . 'dodelete') && $comment['deleteable'] && qa_page_q_click_check_form_code($parent, $error)) {
        qa_comment_delete($comment, $question, $parent, $userid, $handle, $cookieid);
        return true;
    }
    if (qa_clicked($prefix . 'doclaim') && $comment['claimable'] && qa_page_q_click_check_form_code($parent, $error)) {
        if (qa_user_limits_remaining(QA_LIMIT_COMMENTS)) {
            qa_comment_set_userid($comment, $userid, $handle, $cookieid);
            return true;
        } else {
            $error = qa_lang_html('question/comment_limit');
        }
    }
    if (qa_clicked($prefix . 'doflag') && $comment['flagbutton'] && qa_page_q_click_check_form_code($parent, $error)) {
        require_once QA_INCLUDE_DIR . 'app/votes.php';
        $error = qa_flag_error_html($comment, $userid, qa_request());
        if (!$error) {
            if (qa_flag_set_tohide($comment, $userid, $handle, $cookieid, $question)) {
                qa_comment_set_hidden($comment, true, null, null, null, $question, $parent);
            }
            // hiding not really by this user so pass nulls
            return true;
        }
    }
    if (qa_clicked($prefix . 'dounflag') && $comment['unflaggable'] && qa_page_q_click_check_form_code($parent, $error)) {
        require_once QA_INCLUDE_DIR . 'app/votes.php';
        qa_flag_clear($comment, $userid, $handle, $cookieid);
        return true;
    }
    if (qa_clicked($prefix . 'doclearflags') && $comment['clearflaggable'] && qa_page_q_click_check_form_code($parent, $error)) {
        require_once QA_INCLUDE_DIR . 'app/votes.php';
        qa_flags_clear_all($comment, $userid, $handle, $cookieid);
        return true;
    }
    return false;
}
Пример #4
0
//	Check we're not using Q2A's single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS) {
    qa_fatal_error('User login is handled by external code');
}
if (qa_is_logged_in()) {
    qa_redirect('');
}
//	Process submitted form after checking we haven't reached rate limit
$passwordsent = qa_get('ps');
$emailexists = qa_get('ee');
$inemailhandle = qa_post_text('emailhandle');
$inpassword = qa_post_text('password');
$inremember = qa_post_text('remember');
if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword))) {
    require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
    if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
        require_once QA_INCLUDE_DIR . 'qa-db-users.php';
        require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
        if (!qa_check_form_security_code('login', qa_post_text('code'))) {
            $pageerror = qa_lang_html('misc/form_security_again');
        } else {
            qa_limits_increment(null, QA_LIMIT_LOGINS);
            $errors = array();
            if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
                // handles can't contain @ symbols
                $matchusers = qa_db_user_find_by_email($inemailhandle);
            } else {
                $matchusers = qa_db_user_find_by_handle($inemailhandle);
            }
            if (count($matchusers) == 1) {
                // if matches more than one (should be impossible), don't log in
Пример #5
0
}
//	Check we haven't suspended registration, and this IP isn't blocked
if (qa_opt('suspend_register_users')) {
    $qa_content = qa_content_prepare();
    $qa_content['error'] = qa_lang_html('users/register_suspended');
    return $qa_content;
}
if (qa_user_permit_error()) {
    $qa_content = qa_content_prepare();
    $qa_content['error'] = qa_lang_html('users/no_permission');
    return $qa_content;
}
//	Process submitted form
if (qa_clicked('doregister')) {
    require_once QA_INCLUDE_DIR . 'app/limits.php';
    if (qa_user_limits_remaining(QA_LIMIT_REGISTRATIONS)) {
        require_once QA_INCLUDE_DIR . 'app/users-edit.php';
        $inemail = qa_post_text('email');
        $inpassword = qa_post_text('password');
        $inhandle = qa_post_text('handle');
        $interms = (int) qa_post_text('terms');
        $inprofile = array();
        foreach ($userfields as $userfield) {
            $inprofile[$userfield['fieldid']] = qa_post_text('field_' . $userfield['fieldid']);
        }
        if (!qa_check_form_security_code('register', qa_post_text('code'))) {
            $pageerror = qa_lang_html('misc/form_security_again');
        } else {
            // core validation
            $errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword));
            // T&Cs validation
Пример #6
0
 function core_login($username, $password, $remember = false)
 {
     require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
     if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
         require_once QA_INCLUDE_DIR . 'qa-db-users.php';
         require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
         $errors = array();
         if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) {
             // handles can't contain @ symbols
             $matchusers = qa_db_user_find_by_email($username);
         } else {
             $matchusers = qa_db_user_find_by_handle($username);
         }
         if (count($matchusers) == 1) {
             // if matches more than one (should be impossible), don't log in
             $inuserid = $matchusers[0];
             $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
             if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
                 // login
                 require_once QA_INCLUDE_DIR . 'qa-app-users.php';
                 qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false);
                 return $userinfo;
             } else {
                 $this->error = new IXR_Error(1512, qa_lang('users/password_wrong'));
             }
         } else {
             $this->error = new IXR_Error(1512, qa_lang('users/user_not_found'));
         }
     } else {
         $this->error = new IXR_Error(1512, qa_lang('users/login_limit'));
     }
     qa_limits_increment(null, QA_LIMIT_LOGINS);
     // log on failure
     return false;
 }