function sendFromJournal() { // Check that all required parameters exist if (empty($_POST['caller']) || empty($_POST['from']) || empty($_POST['to']) || empty($_POST['why'])) { $rsp['error'] = SL_BAD_CALL; respond($rsp); } // Prepare received data $to = mysql_real_escape_string(trim(setEncoding($_POST['to']))); $from = mysql_real_escape_string(trim(setEncoding($_POST['from']))); $why = smart_strip_tags(mysql_real_escape_string(trim(setEncoding($_POST['why'])))); $private = isset($_POST['priv']) && (int) $_POST['priv'] > 0; // Can't send love to self if (strtolower($to) == strtolower($from)) { $rsp['error'] = SL_NOT_COWORKER; respond($rsp); } // Check that to and from nicknames exist and find their data foreach (array('from', 'to') as $v) { $query = "select id, fb_id, username, nickname, company_id, skill, team " . "from " . USERS . " where nickname='" . ${$v} . "' and removed = 0"; $res = mysql_query($query); $line = mysql_fetch_array($res, MYSQL_ASSOC); if ($res && $line) { ${$v} = $line; } else { $rsp['error'] = SL_UNKNOWN_USER; respond($rsp); } } // Check rate limit if (enforceRateLimit('love', $from['id'])) { error_log("User " . $from['id'] . " send love was rate limited."); $rsp['error'] = SL_RATE_LIMIT; respond($rsp); } // Send love if (!sl_send_love($from['username'], $from['nickname'], $from['id'], $from['company_id'], $to['username'], $why, false, $private)) { $rsp['error'] = SL_SEND_FAILED; respond($rsp); } // Record love in database $company = $to['company_id'] == $from['company_id'] ? ", company_id={$to['company_id']}" : ""; $priv_str = $private ? ', private=1' : ''; $query = "insert into " . LOVE . " set giver='{$from['username']}', receiver='{$to['username']}', " . "skill='{$from['skill']}', team='{$from['team']}', why='{$why}', at=now()" . $company . $priv_str; $rsp['status'] = SL_OK; $rsp['error'] = SL_NO_ERROR; $rsp['info'] = $query; if (!mysql_query($query)) { error_log("Add Love.err:" . mysql_error()); $rsp['error'] = SL_DB_FAILURE; respond($rsp); } // See if the recipient is has a facebook id, if so we'll return a value so it can be handled. // if (!empty($to['fb_id'])) { // $rc = array('facebook', $to['username'], $why, $to['fb_id']); // } // Make love notice in journal if ($to['company_id'] == JOURNAL_API_COMPANY && !$private) { $data = array('user' => JOURNAL_API_USER, 'pwd' => sha1(JOURNAL_API_PWD), 'message' => "{$from['nickname']} to {$to['nickname']}: {$why}"); $journal_rsp = postRequest(JOURNAL_API_URL, $data); $journal_rsp = trim($journal_rsp); if ($journal_rsp != 'ok') { $rsp['status'] = SL_WARNING; $rsp['error'] = SL_JOURNAL_FAILED; $rsp['info'] = $journal_rsp; respond($rsp); } } }
} } // Replace dropped +'s, urldecodes to space. $to = str_replace(" ", '+', $_POST['to']); if (!filter_var($to, FILTER_VALIDATE_EMAIL)) { if ($fromMarklet) { $message = '<div class="LV_invalid">Error sending love - invalid request</div>'; } else { error_log("sendlove.php: email failed validation filter"); echo json_encode(array('error' => 1, 'messages' => 'invalid request')); die; } } // params are: $userid, $username, $isSuper, $nickname, $to, $for, $priv $isSuper = isSuperAdmin(); $for_stripped = smart_strip_tags($_POST['for1']); $for = mysql_real_escape_string($for_stripped); if ($_SESSION['username'] == $to) { if ($fromMarklet) { $message = '<div class="LV_invalid">You cannot send love to yourself.</div>'; } else { die("Love sent: self"); } } $rc = sendlove_toanother($_SESSION['userid'], $_SESSION['username'], $_SESSION['nickname'], $isSuper, $to, $for, (int) $_POST["priv"] > 0); if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { echo json_encode(array('response' => $rc)); exit; // The following section is not executed due the preceeding speedup workaround. - GJ - Aug 12, 2011 // return a json array containing updated Love counts for dynamic page update $front = new Frontend();