static function check_clon_from_cookies() { global $current_user, $globals; // Check the cookies and store clones $clones = array_reverse($current_user->GetClones()); // First item is the current login, second is the previous if (count($clones) > 1 && $clones[0] != $clones[1]) { // Ignore if last two logins are the same user $visited = array(); foreach ($clones as $id) { if ($current_user->user_id != $id && !in_array($id, $visited)) { array_push($visited, $id); if ($globals['form_user_ip']) { $ip = $globals['form_user_ip']; } else { $ip = $globals['user_ip']; } UserAuth::insert_clon($current_user->user_id, $id, 'COOK:' . $ip); } } } }
static function save_from_post($link) { global $db, $current_user, $globals; require_once(mnminclude.'ban.php'); $error = ''; if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida'); // Check if is a POST of a comment if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0 )) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment; $comment->link=$link->id; $comment->ip = $db->escape($globals['user_ip']); $comment->randkey=intval($_POST['randkey']); $comment->author=intval($_POST['user_id']); $comment->karma=round($current_user->user_karma); $comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000); $comment->parent=intval($_POST['parent_id']); //get level $parentComment = new Comment(); $parentComment->id = intval($comment->parent); $parentComment->read_basic(); if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) { return _('Chegache ao nivel límite de comentarios aniñados...'); } $comment->nested_level = $parentComment->nested_level + 1; // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours+1); if ( $clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } // Check the comment wasn't already stored $already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey")); if ($already_stored) { return _('comentario duplicado'); } if (! $current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) $same_links_count *= 2; $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma/6, 2) * 2.5); if ($comment_count > $comment_limit || $same_count > 2) { $reduction = 0; if ($comment_count > $comment_limit) { $reduction += ($comment_count-3) * 0.1; } if($same_count > 1) { $reduction += $same_count * 0.25; } if ($reduction > 0) { $user = new User; $user->id = $current_user->user_id; $user->read(); $user->karma = $user->karma - $reduction; syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)"); $user->store(); $annotation = new Annotation("karma-$user->id"); $annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n"); $error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces'); } } $db->transaction(); $comment->store(); $comment->insert_vote(); $link->update_comments(); $db->commit(); // Comment stored, just redirect to it page header('Location: '.$link->get_permalink() . '#c-'.$comment->order); die; //return $error; }
static function save_from_post($link, $redirect = true) { global $db, $current_user, $globals; require_once mnminclude . 'ban.php'; if (check_ban_proxy()) { return _('dirección IP no permitida'); } // Check if is a POST of a comment if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment(); $comment->link = $link->id; $comment->ip = $globals['user_ip']; $comment->randkey = intval($_POST['randkey']); $comment->author = intval($_POST['user_id']); $comment->karma = round($current_user->user_karma); $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours + 1); if ($clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } if (!$current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) { $same_links_count *= 2; } $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5); $karma_penalty = 0; if ($comment_count > $comment_limit || $same_count > 2) { if ($comment_count > $comment_limit) { $karma_penalty += ($comment_count - 3) * 0.1; } if ($same_count > 1) { $karma_penalty += $same_count * 0.25; } } // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { return $limit_exceded; } } $db->transaction(); // Check the comment wasn't already stored $r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE")); $already_stored = intval($r); if ($already_stored) { $db->rollback(); return _('comentario duplicado'); } if ($karma_penalty > 0) { $db->rollback(); $user = new User($current_user->user_id); $user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios')); return _('penalización de karma por texto repetido o abuso de enlaces'); } if (!is_null($r) && $comment->store()) { $comment->insert_vote(); $link->update_comments(); $db->commit(); // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } else { $comment->store_image_from_form('image'); } if ($redirect) { // Comment stored, just redirect to it page header('HTTP/1.1 303 Load'); header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order); die; } else { return $comment; } } $db->rollback(); return _('error insertando comentario'); //return $error; }