function qa_user_permit_error($permitoption = null, $limitaction = null, $userlevel = null, $checkblocks = true)
{
if (qa_to_override(__FUNCTION__)) {
$args = func_get_args();
return qa_call_override(__FUNCTION__, $args);
}
require_once QA_INCLUDE_DIR . 'app/limits.php';
$userid = qa_get_logged_in_userid();
if (!isset($userlevel)) {
$userlevel = qa_get_logged_in_level();
}
$flags = qa_get_logged_in_flags();
if (!$checkblocks) {
$flags &= ~QA_USER_FLAGS_USER_BLOCKED;
}
$error = qa_permit_error($permitoption, $userid, $userlevel, $flags);
if ($checkblocks && !$error && qa_is_ip_blocked()) {
$error = 'ipblock';
}
if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_CONFIRM && qa_opt('confirm_user_emails')) {
$error = 'confirm';
}
if (!$error && isset($userid) && $flags & QA_USER_FLAGS_MUST_APPROVE && qa_opt('moderate_users')) {
$error = 'approve';
}
if (isset($limitaction) && !$error) {
if (qa_user_limits_remaining($limitaction) <= 0) {
$error = 'limit';
}
}
return $error;
}
function qa_page_q_edit_a_submit($answer, $question, $answers, $commentsfollows, &$in, &$errors)
{
$answerid = $answer['postid'];
$prefix = 'a' . $answerid . '_';
$in = array('dotoc' => qa_post_text($prefix . 'dotoc'), 'commenton' => qa_post_text($prefix . 'commenton'));
if ($answer['isbyuser']) {
$in['name'] = qa_post_text($prefix . 'name');
$in['notify'] = qa_post_text($prefix . 'notify') ? true : false;
$in['email'] = qa_post_text($prefix . 'email');
}
if (!qa_user_post_permit_error('permit_edit_silent', $answer)) {
$in['silent'] = qa_post_text($prefix . 'silent');
}
qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']);
// here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters
$errors = array();
if (!qa_check_form_security_code('edit-' . $answerid, qa_post_text($prefix . 'code'))) {
$errors['content'] = qa_lang_html('misc/form_security_again');
} else {
$in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($answer));
$filtermodules = qa_load_modules_with('filter', 'filter_answer');
foreach ($filtermodules as $filtermodule) {
$oldin = $in;
$filtermodule->filter_answer($in, $errors, $question, $answer);
qa_update_post_text($in, $oldin);
}
if (empty($errors)) {
$userid = qa_get_logged_in_userid();
$handle = qa_get_logged_in_handle();
$cookieid = qa_cookie_get();
if (!isset($in['silent'])) {
$in['silent'] = false;
}
$setnotify = $answer['isbyuser'] ? qa_combine_notify_email($answer['userid'], $in['notify'], $in['email']) : $answer['notify'];
if ($in['dotoc'] && ($in['commenton'] == $question['postid'] && $question['commentable'] || $in['commenton'] != $answerid && @$answers[$in['commenton']]['commentable'])) {
// convert to a comment
if (qa_user_limits_remaining(QA_LIMIT_COMMENTS)) {
// already checked 'permit_post_c'
qa_answer_to_comment($answer, $in['commenton'], $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $answers, $commentsfollows, @$in['name'], $in['queued'], $in['silent']);
return 'C';
// to signify that redirect should be to the comment
} else {
$errors['content'] = qa_lang_html('question/comment_limit');
}
// not really best place for error, but it will do
} else {
qa_answer_set_content($answer, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, @$in['name'], $in['queued'], $in['silent']);
return 'A';
}
}
}
return null;
}
function qa_page_q_single_click_c($comment, $question, $parent, &$error)
{
$userid = qa_get_logged_in_userid();
$handle = qa_get_logged_in_handle();
$cookieid = qa_cookie_get();
$prefix = 'c' . $comment['postid'] . '_';
if (qa_clicked($prefix . 'dohide') && $comment['hideable'] || qa_clicked($prefix . 'doreject') && $comment['moderatable']) {
if (qa_page_q_click_check_form_code($parent, $error)) {
qa_comment_set_hidden($comment, true, $userid, $handle, $cookieid, $question, $parent);
return true;
}
}
if (qa_clicked($prefix . 'doreshow') && $comment['reshowable'] || qa_clicked($prefix . 'doapprove') && $comment['moderatable']) {
if (qa_page_q_click_check_form_code($parent, $error)) {
if ($comment['moderatable'] || $comment['reshowimmed']) {
$status = QA_POST_STATUS_NORMAL;
} else {
$in = qa_page_q_prepare_post_for_filters($comment);
$filtermodules = qa_load_modules_with('filter', 'filter_comment');
// run through filters but only for queued status
foreach ($filtermodules as $filtermodule) {
$tempin = $in;
// always pass original comment in because we aren't modifying anything else
$filtermodule->filter_comment($tempin, $temperrors, $question, $parent, $comment);
$in['queued'] = $tempin['queued'];
// only preserve queued status in loop
}
$status = $in['queued'] ? QA_POST_STATUS_QUEUED : QA_POST_STATUS_NORMAL;
}
qa_comment_set_status($comment, $status, $userid, $handle, $cookieid, $question, $parent);
return true;
}
}
if (qa_clicked($prefix . 'dodelete') && $comment['deleteable'] && qa_page_q_click_check_form_code($parent, $error)) {
qa_comment_delete($comment, $question, $parent, $userid, $handle, $cookieid);
return true;
}
if (qa_clicked($prefix . 'doclaim') && $comment['claimable'] && qa_page_q_click_check_form_code($parent, $error)) {
if (qa_user_limits_remaining(QA_LIMIT_COMMENTS)) {
qa_comment_set_userid($comment, $userid, $handle, $cookieid);
return true;
} else {
$error = qa_lang_html('question/comment_limit');
}
}
if (qa_clicked($prefix . 'doflag') && $comment['flagbutton'] && qa_page_q_click_check_form_code($parent, $error)) {
require_once QA_INCLUDE_DIR . 'app/votes.php';
$error = qa_flag_error_html($comment, $userid, qa_request());
if (!$error) {
if (qa_flag_set_tohide($comment, $userid, $handle, $cookieid, $question)) {
qa_comment_set_hidden($comment, true, null, null, null, $question, $parent);
}
// hiding not really by this user so pass nulls
return true;
}
}
if (qa_clicked($prefix . 'dounflag') && $comment['unflaggable'] && qa_page_q_click_check_form_code($parent, $error)) {
require_once QA_INCLUDE_DIR . 'app/votes.php';
qa_flag_clear($comment, $userid, $handle, $cookieid);
return true;
}
if (qa_clicked($prefix . 'doclearflags') && $comment['clearflaggable'] && qa_page_q_click_check_form_code($parent, $error)) {
require_once QA_INCLUDE_DIR . 'app/votes.php';
qa_flags_clear_all($comment, $userid, $handle, $cookieid);
return true;
}
return false;
}
// Check we're not using Q2A's single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS) {
qa_fatal_error('User login is handled by external code');
}
if (qa_is_logged_in()) {
qa_redirect('');
}
// Process submitted form after checking we haven't reached rate limit
$passwordsent = qa_get('ps');
$emailexists = qa_get('ee');
$inemailhandle = qa_post_text('emailhandle');
$inpassword = qa_post_text('password');
$inremember = qa_post_text('remember');
if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword))) {
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
if (!qa_check_form_security_code('login', qa_post_text('code'))) {
$pageerror = qa_lang_html('misc/form_security_again');
} else {
qa_limits_increment(null, QA_LIMIT_LOGINS);
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_handle($inemailhandle);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
}
// Check we haven't suspended registration, and this IP isn't blocked
if (qa_opt('suspend_register_users')) {
$qa_content = qa_content_prepare();
$qa_content['error'] = qa_lang_html('users/register_suspended');
return $qa_content;
}
if (qa_user_permit_error()) {
$qa_content = qa_content_prepare();
$qa_content['error'] = qa_lang_html('users/no_permission');
return $qa_content;
}
// Process submitted form
if (qa_clicked('doregister')) {
require_once QA_INCLUDE_DIR . 'app/limits.php';
if (qa_user_limits_remaining(QA_LIMIT_REGISTRATIONS)) {
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
$inemail = qa_post_text('email');
$inpassword = qa_post_text('password');
$inhandle = qa_post_text('handle');
$interms = (int) qa_post_text('terms');
$inprofile = array();
foreach ($userfields as $userfield) {
$inprofile[$userfield['fieldid']] = qa_post_text('field_' . $userfield['fieldid']);
}
if (!qa_check_form_security_code('register', qa_post_text('code'))) {
$pageerror = qa_lang_html('misc/form_security_again');
} else {
// core validation
$errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword));
// T&Cs validation
function core_login($username, $password, $remember = false)
{
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($username);
} else {
$matchusers = qa_db_user_find_by_handle($username);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false);
return $userinfo;
} else {
$this->error = new IXR_Error(1512, qa_lang('users/password_wrong'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/user_not_found'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/login_limit'));
}
qa_limits_increment(null, QA_LIMIT_LOGINS);
// log on failure
return false;
}