detail.php

   1 <?php
   2 // $Id$
   3
   4 $prefetch = array('`points`', '`msglist_layout`');
   5 require 'con.php';
   6
   7 $page->title = 'Message Detail';
   8
   9 /* Error checks */
  10 if ( ! ($user instanceof authuser) ) {
  11         $page->errorfooter('login');
  12 }
  13 if ( ! $user->has_priv('moderate') ) {
  14         $page->errorfooter('level');
  15 }
  16 if ( empty($_SERVER['QUERY_STRING']) || !is_numeric($_SERVER['QUERY_STRING']) ) {
  17         $page->errorfooter('messageid');
  18 }
  19 if ( isset($_POST['action']) && !in_array($_POST['action'], array('add', 'sub')) ) {
  20         $page->errorfooter('request');
  21 }
  22
  23
  24 /* Get topic metadata */
  25 $topic = $DB->query('SELECT `board_name`, `boards`.`boardid`, `topic_title`, `restrict`, `topicid`
  26                                         FROM `boards`
  27                                         NATURAL LEFT JOIN `topics`
  28                                         WHERE `topicid` = (SELECT `topicid` FROM `messages`
  29                                         WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']).')');
  30
  31
  32 /* more error checks plz */
  33 if ( 0 === $topic->num_rows ) {
  34         $page->errorfooter('messageid');
  35 } else {
  36         $topic = $topic->fetch_assoc();
  37 }
  38
  39 if ( 3 == $topic['restrict'] && !defined('DEVELOPER') ) {
  40         $page->errorfooter('level', $topic['restrict']);
  41 }
  42
  43
  44 /* Set header stuff */
  45 $page->title .= ': '.$topic['topic_title'].' (msg#'.$_SERVER['QUERY_STRING'].')';
  46 $page->nav['Topic List: '.$topic['board_name']] = 'topiclist?'.$topic['boardid'];
  47 $page->nav['Message List: '.$topic['topic_title']] = 'messagelist?'.$topic['topicid'];
  48
  49
  50 $query = 'SELECT `messages`.`userid`, `alias`, `mtime`, `mtext`, `replyto`,
  51                         `score`, `messages`.`messageid`, INET_NTOA(`origin_ip`) AS `ip`
  52                 FROM `message-data`
  53                 NATURAL LEFT JOIN `messages`
  54                 NATURAL LEFT JOIN `users`
  55                 WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']);
  56
  57 define('HERE', $_SERVER['REQUEST_URI']);
  58
  59 if ( isset($_POST['action']) ) {
  60
  61         // Update message with new score
  62         try {
  63                 $meta = $DB->query($query)->fetch_assoc();
  64
  65                 // Score depends on how many points the user has (i.e. the number of digits in it)
  66                 $score = ( 'add' === $_POST['action'] ? floor(log($user->points, 10)) : -(floor(log($user->points, 10))) ); // :-(
  67
  68                 if ( !isset($_SERVER['HTTP_REFERER']) || !preg_match('/messagelist|detail/', $_SERVER['HTTP_REFERER'])
  69                          || strpos($_SERVER['HTTP_REFERER'], 'http://'.$_SERVER['HTTP_HOST']) !== 0 ) {
  70                         throw new InvalidInputException;
  71                 }
  72                 if ( $DB->query('SELECT `messageid` FROM `marks`
  73                                                 WHERE `userid` = @userid AND `messageid` = '.intval($_SERVER['QUERY_STRING']))->num_rows ) {
  74                         throw new RateLimitException('You\'ve already marked/suggested this message.');
  75                 }
  76                 if ( $user->userid === $meta['userid'] ) {
  77                         throw new RateLimitException('No self-gratification, kthx.');
  78                 }
  79
  80                 $DB->autocommit(false);
  81
  82                 // Update message score
  83                 $DB->query('UPDATE `messages` SET `score` = `score` + '.$score.' WHERE `messageid` = '.$meta['messageid']);
  84
  85                 // Update user score
  86                 $user2 = new reguser($meta['userid'], array('`points`'));
  87                 $user2->points += $score;
  88
  89                 // Add to marked messages list
  90                 $DB->query('INSERT INTO `marks` VALUES
  91                                         ('.intval($_SERVER['QUERY_STRING']).', @userid, b\''.intval('add' === $_POST['action']).'\', UNIX_TIMESTAMP())');
  92
  93                 $DB->commit();
  94
  95                 header('Refresh: 5; url='.$_SERVER['HTTP_REFERER']);
  96                 $user->userheader();
  97                 echo '<p class="notice">Message successfully rated! You will be dumped back wherever you came from in 5 seconds.</p>',"\n";
  98
  99         } catch ( RateLimitException $e ) {
 100                 $DB->rollback();
 101                 $user->userheader();
 102                 echo '<p class="error">',$e->getMessage(),"</p>\n";
 103         } catch ( InvalidInputException $e ) {
 104                 $user->userheader();
 105                 echo '<p class="error">Invalid HTTP referrer sent: make sure you\'re using the right links.</p>',"\n";
 106         }
 107 } else
 108         $user->userheader();
 109
 110 switch ( $user->msglist_layout ) {
 111         case messagelist_irc::ID:
 112                 $message = new messagelist_irc; break;
 113         default:
 114                 $message = new messagelist_flat; break;
 115 }
 116
 117 $msg_sql = $DB->query($query);
 118
 119 echo '<div id="',get_class($message),"\">\n";
 120         $message->display($msg_sql);
 121 echo "</div>\n";
 122
 123 $msg_sql->data_seek(0);
 124 $meta = $msg_sql->fetch_assoc();
 125
 126 if ( !isset($_POST) && $user->userid != $meta['userid'] ) {
 127         echo '<p class="info">Click the +/- links on the message to give or take points from it.</p>';
 128 }
 129
 130 $list = $DB->query('SELECT `marks`.`userid`, `alias`
 131                                         FROM `marks` NATURAL LEFT JOIN `users`
 132                                         WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']));
 133
 134 if ( $list->num_rows ) {
 135         echo '<p>Users who rated this message: ',implode(', ', $user->fillnamecache($list)),"</p>\n";
 136 }
 137
 138 $page->pagefooter();
 139 ?>