search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added a real anti-lurker mechanism.
[specialops2.git] / detail.php
blob2198a5c688f84b93e5d6a5d12a69fbcc2e2d769b
1 <?php
2 /**
3 * Message Detail page
4 *
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://COPYING
7 * @version $Id$
8 */
9
10 $prefetch = array('`points`', '`msglist_layout`');
11 require 'con.php';
12
13 $page->title = 'Message Detail';
14
15 /* Error checks */
16 if ( ! ($user instanceof User_Authenticated) ) {
17 $page->errorfooter('login');
18 }
19 if ( ! $user->has_priv('moderate') ) {
20 $page->errorfooter('level');
21 }
22 if ( empty($_SERVER['QUERY_STRING']) || !is_numeric($_SERVER['QUERY_STRING']) ) {
23 $page->errorfooter('messageid');
24 }
25 if ( isset($_POST['action']) && !in_array($_POST['action'], array('add', 'sub')) ) {
26 $page->errorfooter('request');
27 }
28
29
30 /* Get topic metadata */
31 $topic = $DB->query('SELECT `board_name`, `boards`.`boardid`, `topic_title`, `view_restrict`, `topicid`
32 FROM `boards` NATURAL LEFT JOIN `topics`
33 WHERE `topicid` =
34 (SELECT `topicid` FROM `messages` WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']).')');
35
36
37 /* more error checks plz */
38 if ( 0 === $topic->num_rows ) {
39 $page->errorfooter('messageid');
40 } else {
41 $topic = $topic->fetch_assoc();
42 }
43
44 if ( ! $user->has_priv('viewboard', $topic['view_restrict']) ) {
45 $page->errorfooter('level');
46 }
47
48
49 /* Set header stuff */
50 $page->title .= ': '.$topic['topic_title'].' (msg#'.$_SERVER['QUERY_STRING'].')';
51 $page->nav['Topic List: '.$topic['board_name']] = 'topiclist?'.$topic['boardid'];
52 $page->nav['Message List: '.$topic['topic_title']] = 'messagelist?'.$topic['topicid'];
53
54
55 $query = 'SELECT `messages`.`userid`, `alias`, `mtime`, `mtext`, `replyto`,
56 `score`, `marks`, `messages`.`messageid`, INET_NTOA(`origin_ip`) AS `ip`
57 FROM `message-data`
58 NATURAL LEFT JOIN `messages`
59 NATURAL LEFT JOIN `users`
60 WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']);
61
62 define('HERE', $_SERVER['REQUEST_URI']);
63
64 if ( isset($_POST['action']) ) {
65
66 // Update message with new score
67 try {
68 $meta = $DB->query($query)->fetch_assoc();
69
70 $DB->autocommit(false);
71
72 // Score depends on how many points the user has (i.e. the number of digits in it)
73 $score = ( 'add' === $_POST['action'] ?
74 floor(log($user->points, 10))
75 :-(
76 floor(log($user->points, 10)))
77 );
78
79 if ( !isset($_SERVER['HTTP_REFERER']) || !preg_match('/messagelist|detail/', $_SERVER['HTTP_REFERER']) ||
80 strpos($_SERVER['HTTP_REFERER'], 'http://'.$_SERVER['HTTP_HOST']) !== 0 ) {
81 throw new InvalidInputException('Invalid HTTP referrer sent: make sure you\'re using the right links.');
82 }
83 if ( $DB->query('SELECT `messageid` FROM `marks`
84 WHERE `userid` = @userid AND `messageid` = '.intval($_SERVER['QUERY_STRING']))->num_rows ) {
85 throw new RateLimitException('You\'ve already marked/suggested this message.');
86 }
87 if ( $user->userid === $meta['userid'] ) {
88 $user->points -= 5;
89 throw new RateLimitException('No.');
90 }
91
92 // Update message score
93 $DB->query('UPDATE `messages` SET `score` = `score` + '.$score.', `marks` = `marks` + 1 WHERE `messageid` = '.$meta['messageid']);
94
95 // Update user score
96 $user2 = new User_Registered($meta['userid'], array('`points`'));
97 $user2->points += $score;
98
99 // Add to marked messages list
100 $DB->query('INSERT INTO `marks` VALUES ('.intval($_SERVER['QUERY_STRING']).', @userid, '.$score.', UNIX_TIMESTAMP())');
101
102 $DB->commit();
103
104 header('Refresh: 5; url='.$_SERVER['HTTP_REFERER']);
105 $user->userheader();
106 echo '<p class="notice">Message successfully rated! You will be dumped back wherever you came from in 5 seconds.</p>',"\n";
107
108 } catch ( Exception $e ) {
109 $DB->rollback();
110 $user->userheader();
111 echo '<p class="error">',$e->getMessage(),"</p>\n";
112 }
113 } else {
114 $user->userheader();
115 }
116
117 switch ( $user->msglist_style ) {
118 case Messagestyle_Frozenoven::ID:
119 $mo = new Messagestyle_Frozenoven; break;
120 case Messagestyle_IRC::ID:
121 $mo = new Messagestyle_IRC; break;
122 case Messagestyle_Plain::ID:
123 default:
124 $mo = new Messagestyle_Plain;
125 }
126
127 $message = $DB->query($query)->fetch_assoc();
128
129 echo '<div class="',get_class($mo),"\">\n";
130 $mo->display($message);
131 echo "</div>\n";
132
133 if ( !isset($_POST) && $user->userid != $message['userid'] ) {
134 echo '<p class="info">Click the +/- links on the message to give or take points from it.</p>';
135 }
136
137 $m_usrs = $DB->query('SELECT `marks`.`userid`, `alias`
138 FROM `marks` NATURAL LEFT JOIN `users`
139 WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']));
140
141 if ( $m_usrs->num_rows ) {
142 echo '<p class="info">People who rated this post: ',implode(', ', $user->fillnamecache($m_usrs)),"</p>\n";
143 }
144
145 $page->pagefooter();
146 ?>
Special Ops source code from the bad old days, 2nd generation