function change_post_confidentiality_status() { $thread_id = -1; $comment_id = -1; $choice = -1; // Récupération des arguments if (isset($_GET["thread_id"])) { $thread_id = $_GET["thread_id"]; } if (isset($_GET["comment_id"])) { $comment_id = $_GET["comment_id"]; } if (isset($_GET["order"])) { $choice = $_GET["order"]; } if (user_privilege_level() > 2) { if ($thread_id * $comment_id > 0) { $_SESSION['transient_display'] = '<div class="warning">Impossible de déterminer l\'objet auquel appliquer la commande de modération</div>'; } else { $result = ""; // Vérification de l'appartenance de l'ID au demandeur (pourraît être intégré à la requête SQL si nécessaire) if ($thread_id > 0) { $result = @mysql_query(sprintf("SELECT rand_prop,hash_prop FROM thread WHERE thread_id='%s'", mysql_real_escape_string($thread_id))); } else { $result = @mysql_query(sprintf("SELECT rand_prop,hash_prop FROM comment WHERE comment_id='%s'", mysql_real_escape_string($comment_id))); } // L'ID existe bien if ($result && ($row = mysql_fetch_assoc($result))) { // On vérifie l'appartenance au demandeur if (check_property($row["rand_prop"], $row["hash_prop"])) { $query = ""; // Commande de mise à jour if ($thread_id > 0) { if ($choice == 1) { $query = sprintf("UPDATE thread SET possibly_name='%s' WHERE thread_id='%s'", mysql_real_escape_string(construct_name_from_session()), mysql_real_escape_string($thread_id)); } elseif ($choice == 0) { $query = sprintf("UPDATE thread SET possibly_name='%s' WHERE thread_id='%s'", "", mysql_real_escape_string($thread_id)); } } else { $query = ""; if ($choice == 1) { $query = sprintf("UPDATE comment SET possibly_name='%s' WHERE comment_id='%s'", mysql_real_escape_string(construct_name_from_session()), mysql_real_escape_string($comment_id)); } elseif ($choice == 0) { $query = sprintf("UPDATE comment SET possibly_name='%s' WHERE comment_id='%s'", "", mysql_real_escape_string($comment_id)); } } // La décision n'était ni 0 ni 1 if (empty($query)) { $_SESSION['transient_display'] = '<div class="warning">Décision non valide</div>'; } else { // On exécute la commande et note le résultat if (@mysql_query($query)) { $_SESSION['transient_display'] = '<div class="success">Propriétés de confidentialité correctement mises à jour</div>'; } else { $_SESSION['transient_display'] = '<div class="warning">Erreur durant la mise à jour des propriétés de confidentialité</div>'; } } } else { $_SESSION['transient_display'] = '<div class="warning">Vous devez être le propriétaire du message pour effectuer cette opération</div>'; } @mysql_free_result($result); } else { $_SESSION['transient_display'] = '<div class="warning">Id de l\'objet invalide</div>'; } } } else { $_SESSION['transient_display'] = '<div class="warning">Vous ne disposez pas des droits suffisants</div>'; } }
/** * inserts a new idea in the database * * @param string $title title of the idea * @param string $message message of the idea * @param string $anonymization tells if idea is to be anonymized * @param integer $category id of the category for the idea * @param string $login login of the poster * @param integer $valid says if the idea needs to be moderated (default 0 = needs moderation) * @return array */ function post($title, $message, $anonymization, $category, $login, $valid = 0, $output = '', $latitude = 0, $longitude = 0) { $action = new action(); $action->set_result(False); $check_1 = isset($title) && !empty($title); $check_2 = isset($message) && !empty($message); $check_3 = !isset($anonymization) || $anonymization == "on"; $check_4 = isset($category) && is_numeric($category) && $category > 0; // Vérification des arguments if ($check_1) { $title_prec = $title; } else { $action->add_warning(_('Incorrect title')); } if ($check_2) { $text_prec = $message; } else { $action->add_warning(_('Incorrect message')); } if ($check_3) { if (isset($anonymization)) { $anon_prec = "on"; } } else { $action->add_warning(_('Incorrect anonymization value')); } if ($check_4) { $cate_prec = $category; } else { $action->add_warning(_('Incorrect category')); } if ($check_1 && $check_2 && $check_3 && $check_4) { $title_prec_sec = mysql_real_escape_string($title_prec); $text_prec_sec = mysql_real_escape_string($text_prec); $cate_prec_sec = mysql_real_escape_string($cate_prec); $rand_prop = mt_rand(0, 65535); $hash_prop = sha1($login . $rand_prop); if ($anon_prec == "on") { $name_print = ""; } else { $name_print = mysql_real_escape_string(construct_name_from_session()); } if ($latitude != 0 && $longitude != 0) { $geolocalization = ',`latitude`,`longitude`'; $geolocalization_values = ",{$latitude},{$longitude}"; } else { $geolocalization = ''; $geolocalization_values = ''; } if (@mysql_query("INSERT INTO `thread` (`thread_id`,`rand_prop`,`hash_prop`,`title`,`text`,`date`,`category`,`is_valid`,`already_mod`,`possibly_name`" . $geolocalization . ") VALUES (NULL, '{$rand_prop}', '{$hash_prop}','{$title_prec_sec}','{$text_prec_sec}',CURRENT_TIMESTAMP,'{$cate_prec_sec}',{$valid},{$valid},'{$name_print}'" . $geolocalization_values . ")")) { $action->add_success(_('The idea was added to Refresh and now has to be moderated')); $action->set_result(True); } else { $action->add_warning(_('The idea could not be added due to a database error')); } } $action->output_result($output); return $action; }
/** * inserts a new idea in the database * * @param string $title title of the idea * @param string $message message of the idea * @param string $anonymization tells if idea is to be anonymized * @param integer $category id of the category for the idea * @param string $login login of the poster * @param integer $valid says if the idea needs to be moderated (default 0 = needs moderation) * @return array */ function post($title, $message, $anonymization, $category, $login, $valid = 0) { $action = new action(); $action->result = False; $check_1 = isset($title) && !empty($title); $check_2 = isset($message) && !empty($message); $check_3 = !isset($anonymization) || $anonymization == "on"; $check_4 = isset($category) && is_numeric($category) && $category > 0; // V�rification des arguments if ($check_1) { $title_prec = $title; } else { $action->add_warning(_('Titre incorrect')); } if ($check_2) { $text_prec = $message; } else { $action->add_warning(_('Message incorrect')); } if ($check_3) { if (isset($anonymization)) { $anon_prec = "on"; } } else { $action->add_warning(_('Incorrect anonymization value')); } if ($check_4) { $cate_prec = $category; } else { $action->add_warning(_('Catégorie incorrecte')); } if ($check_1 && $check_2 && $check_3 && $check_4) { $title_prec_sec = mysql_real_escape_string($title_prec); $text_prec_sec = mysql_real_escape_string($text_prec); $cate_prec_sec = mysql_real_escape_string($cate_prec); $rand_prop = mt_rand(0, 65535); $hash_prop = sha1($login . $rand_prop); if ($anon_prec == "on") { $name_print = ""; } else { $name_print = mysql_real_escape_string(construct_name_from_session()); } if (@mysql_query("INSERT INTO `thread` (`thread_id`,`rand_prop`,`hash_prop`,`title`,`text`,`date`,`category`,`is_valid`,`possibly_name`) VALUES (NULL, '{$rand_prop}', '{$hash_prop}','{$title_prec_sec}','{$text_prec_sec}',CURRENT_TIMESTAMP,'{$cate_prec_sec}',{$valid},'{$name_print}')")) { $action->add_success(_('Ta proposition a bien été ajoutée et est en attente de modération')); $action->result = True; } else { $action->add_warning(_('Ta proposition n\'a pas pu être ajoutée suite à une erreur de transfert.')); } } return $action; }
function new_comment() { if (isset($_SESSION["text_new_comment_rest"])) { unset($_SESSION["text_new_comment_rest"]); } if (isset($_SESSION["text_anonymous_rest"])) { unset($_SESSION["text_anonymous_rest"]); } if (user_privilege_level() > 2) { $text_prec = ""; $anon_prec = ""; $succes_func = false; if (isset($_POST['form_name']) && $_POST['form_name'] == "create_comment") { $check_1 = isset($_POST["message"]) && is_string($_POST["message"]) && !empty($_POST["message"]); $check_2 = !isset($_POST["anonymization"]) || $_POST["anonymization"] == "on"; if ($check_1) { $text_prec = trim($_POST["message"]); } else { $_SESSION['transient_display'] = '<div class="warning">Texte du nouveau commentaire incorrect</div>'; } if ($check_2) { if (isset($_POST["anonymization"])) { $anon_prec = "on"; } } else { $_SESSION['transient_display'] = '<div class="warning">Valeur pour l\'anonymat du nouveau commentaire incorrecte</div>'; } if ($check_1 && $check_2) { if (isset($_GET["thread_id"]) && is_numeric($_GET["thread_id"]) && $_GET["thread_id"] > 0) { $thread_id = mysql_real_escape_string($_GET["thread_id"]); $result = @mysql_query(sprintf("SELECT thread_id FROM thread WHERE thread_id='%s'", $thread_id)); if (!$result || mysql_num_rows($result) < 1) { $_SESSION['transient_display'] = '<div class="warning">Proposition introuvable lors de l\'ajout du nouveau commentaire</div>'; } else { $text_back = $text_prec; $text_prec = mysql_real_escape_string($text_prec); $rand_prop = mt_rand(0, 65535); $hash_prop = sha1($_SESSION['login_c'] . $rand_prop); // Anonymat relatif, car nombre d'adresses mails élèves dans l'école limité... if ($anon_prec == "on") { $name_print = ""; } else { $name_print = mysql_real_escape_string(construct_name_from_session()); } $chaine_conf = random_password(40); $chaine_conf_hash = sha1($chaine_conf); if (@mysql_query("INSERT INTO `comment` (`comment_id`,`thread_id`,`rand_prop`,`hash_prop`,`text`,`date`,`is_valid`,`possibly_name`,`chaine_moderation`) VALUES (NULL,'{$thread_id}','{$rand_prop}','{$hash_prop}','{$text_prec}',CURRENT_TIMESTAMP,0,'{$name_print}','{$chaine_conf_hash}')")) { $_SESSION['transient_display'] = '<div class="success">Commentaire correctement placé en attente de modération</div>'; $succes_func = true; $comment_id = mysql_insert_id(); /* $nexp="Ponts ParisTech Refresh"; $email="*****@*****.**"; $subject="Modération - nouveau commentaire"; $header = "From: ". $nexp . " <" . $email . ">\r\n"; $text_backm=stripslashes($text_back); $mail_body =$mail_body = "Bonjour,\n\nUn nouveau commentaire a été ajouté en réponse à la proposition #$thread_id [http://refresh.enpc.org/index.php?action=display_post&unique=$thread_id]. Voici son contenu :\n\n****************\n$text_backm\n****************\n\nVous pouvez approuver ce commentaire dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=comment&id=$comment_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh"; file_put_contents('fichier.tmp.txt',$subject."\n\n\n\n".$mail_body); */ } else { $_SESSION['transient_display'] = '<div class="warning">Erreur lors de la requête d\'ajout du nouveau commentaire</div>'; } @mysql_free_result($result); } } else { $_SESSION['transient_display'] = '<div class="warning">Proposition introuvable lors de l\'ajout du nouveau commentaire</div>'; return; } } } if (isset($_POST)) { unset($_POST); } if (!$succes_func) { $_SESSION["text_new_comment_rest"] = $text_back; if (!empty($anon_prec)) { $_SESSION["text_anonymous_rest"] = 1; } } } else { $_SESSION['transient_display'] = '<div class="warning">Droits insuffisants pour ajouter un commentaire</div>'; } }