function sendFromJournal()
{
// Check that all required parameters exist
if (empty($_POST['caller']) || empty($_POST['from']) || empty($_POST['to']) || empty($_POST['why'])) {
$rsp['error'] = SL_BAD_CALL;
respond($rsp);
}
// Prepare received data
$to = mysql_real_escape_string(trim(setEncoding($_POST['to'])));
$from = mysql_real_escape_string(trim(setEncoding($_POST['from'])));
$why = smart_strip_tags(mysql_real_escape_string(trim(setEncoding($_POST['why']))));
$private = isset($_POST['priv']) && (int) $_POST['priv'] > 0;
// Can't send love to self
if (strtolower($to) == strtolower($from)) {
$rsp['error'] = SL_NOT_COWORKER;
respond($rsp);
}
// Check that to and from nicknames exist and find their data
foreach (array('from', 'to') as $v) {
$query = "select id, fb_id, username, nickname, company_id, skill, team " . "from " . USERS . " where nickname='" . ${$v} . "' and removed = 0";
$res = mysql_query($query);
$line = mysql_fetch_array($res, MYSQL_ASSOC);
if ($res && $line) {
${$v} = $line;
} else {
$rsp['error'] = SL_UNKNOWN_USER;
respond($rsp);
}
}
// Check rate limit
if (enforceRateLimit('love', $from['id'])) {
error_log("User " . $from['id'] . " send love was rate limited.");
$rsp['error'] = SL_RATE_LIMIT;
respond($rsp);
}
// Send love
if (!sl_send_love($from['username'], $from['nickname'], $from['id'], $from['company_id'], $to['username'], $why, false, $private)) {
$rsp['error'] = SL_SEND_FAILED;
respond($rsp);
}
// Record love in database
$company = $to['company_id'] == $from['company_id'] ? ", company_id={$to['company_id']}" : "";
$priv_str = $private ? ', private=1' : '';
$query = "insert into " . LOVE . " set giver='{$from['username']}', receiver='{$to['username']}', " . "skill='{$from['skill']}', team='{$from['team']}', why='{$why}', at=now()" . $company . $priv_str;
$rsp['status'] = SL_OK;
$rsp['error'] = SL_NO_ERROR;
$rsp['info'] = $query;
if (!mysql_query($query)) {
error_log("Add Love.err:" . mysql_error());
$rsp['error'] = SL_DB_FAILURE;
respond($rsp);
}
// See if the recipient is has a facebook id, if so we'll return a value so it can be handled.
// if (!empty($to['fb_id'])) {
// $rc = array('facebook', $to['username'], $why, $to['fb_id']);
// }
// Make love notice in journal
if ($to['company_id'] == JOURNAL_API_COMPANY && !$private) {
$data = array('user' => JOURNAL_API_USER, 'pwd' => sha1(JOURNAL_API_PWD), 'message' => "{$from['nickname']} to {$to['nickname']}: {$why}");
$journal_rsp = postRequest(JOURNAL_API_URL, $data);
$journal_rsp = trim($journal_rsp);
if ($journal_rsp != 'ok') {
$rsp['status'] = SL_WARNING;
$rsp['error'] = SL_JOURNAL_FAILED;
$rsp['info'] = $journal_rsp;
respond($rsp);
}
}
}
}
}
// Replace dropped +'s, urldecodes to space.
$to = str_replace(" ", '+', $_POST['to']);
if (!filter_var($to, FILTER_VALIDATE_EMAIL)) {
if ($fromMarklet) {
$message = '<div class="LV_invalid">Error sending love - invalid request</div>';
} else {
error_log("sendlove.php: email failed validation filter");
echo json_encode(array('error' => 1, 'messages' => 'invalid request'));
die;
}
}
// params are: $userid, $username, $isSuper, $nickname, $to, $for, $priv
$isSuper = isSuperAdmin();
$for_stripped = smart_strip_tags($_POST['for1']);
$for = mysql_real_escape_string($for_stripped);
if ($_SESSION['username'] == $to) {
if ($fromMarklet) {
$message = '<div class="LV_invalid">You cannot send love to yourself.</div>';
} else {
die("Love sent: self");
}
}
$rc = sendlove_toanother($_SESSION['userid'], $_SESSION['username'], $_SESSION['nickname'], $isSuper, $to, $for, (int) $_POST["priv"] > 0);
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
echo json_encode(array('response' => $rc));
exit;
// The following section is not executed due the preceeding speedup workaround. - GJ - Aug 12, 2011
// return a json array containing updated Love counts for dynamic page update
$front = new Frontend();
