Newer, safer HTML filter stuff
[specialops2.git] / detail.php
blobacd1cc776ffb9c4c22b61d147541d732d4c8c775
1 <?php
2 /**
3 * Message Detail page
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://COPYING
7 * @version $Id$
8 */
10 $prefetch = array('`points`', '`msglist_layout`');
11 require 'conf.php';
13 $page->title = 'Message Detail';
15 /* Error checks */
16 if ( ! ($user instanceof authuser) ) {
17 $page->errorfooter('login');
19 if ( ! $user->has_priv('moderate') ) {
20 $page->errorfooter('level');
22 if ( empty($_SERVER['QUERY_STRING']) || !is_numeric($_SERVER['QUERY_STRING']) ) {
23 $page->errorfooter('messageid');
25 if ( isset($_POST['action']) && !in_array($_POST['action'], array('add', 'sub')) ) {
26 $page->errorfooter('request');
30 /* Get topic metadata */
31 $topic = $DB->query('SELECT `board_name`, `boards`.`boardid`, `topic_title`, `view_restrict`, `topicid`
32 FROM `boards` NATURAL LEFT JOIN `topics`
33 WHERE `topicid` =
34 (SELECT `topicid` FROM `messages` WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']).')');
37 /* more error checks plz */
38 if ( 0 === $topic->num_rows ) {
39 $page->errorfooter('messageid');
40 } else {
41 $topic = $topic->fetch_assoc();
44 if ( ! $user->has_priv('viewboard', $topic['view_restrict']) ) {
45 $page->errorfooter('level');
49 /* Set header stuff */
50 $page->title .= ': '.$topic['topic_title'].' (msg#'.$_SERVER['QUERY_STRING'].')';
51 $page->nav['Topic List: '.$topic['board_name']] = 'topiclist?'.$topic['boardid'];
52 $page->nav['Message List: '.$topic['topic_title']] = 'messagelist?'.$topic['topicid'];
55 $query = 'SELECT `messages`.`userid`, `alias`, `mtime`, `mtext`, `replyto`,
56 `score`, `marks`, `messages`.`messageid`, INET_NTOA(`origin_ip`) AS `ip`
57 FROM `message-data`
58 NATURAL LEFT JOIN `messages`
59 NATURAL LEFT JOIN `users`
60 WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']);
62 define('HERE', $_SERVER['REQUEST_URI']);
64 if ( isset($_POST['action']) ) {
66 // Update message with new score
67 try {
68 $meta = $DB->query($query)->fetch_assoc();
70 $DB->autocommit(false);
72 // Score depends on how many points the user has (i.e. the number of digits in it)
73 $score = ( 'add' === $_POST['action'] ? floor(log($user->points, 10)) : -(floor(log($user->points, 10))) ); // :-(
75 if ( !isset($_SERVER['HTTP_REFERER']) || !preg_match('/messagelist|detail/', $_SERVER['HTTP_REFERER']) ||
76 strpos($_SERVER['HTTP_REFERER'], 'http://'.$_SERVER['HTTP_HOST']) !== 0 ) {
77 throw new InvalidInputException('Invalid HTTP referrer sent: make sure you\'re using the right links.');
79 if ( $DB->query('SELECT `messageid` FROM `marks`
80 WHERE `userid` = @userid AND `messageid` = '.intval($_SERVER['QUERY_STRING']))->num_rows ) {
81 throw new RateLimitException('You\'ve already marked/suggested this message.');
83 if ( $user->userid === $meta['userid'] ) {
84 throw new RateLimitException('No self-gratification, kthx.');
87 // Update message score
88 $DB->query('UPDATE `messages` SET `score` = `score` + '.$score.', `marks` = `marks` + 1
89 WHERE `messageid` = '.$meta['messageid']);
91 // Update user score
92 $user2 = new reguser($meta['userid'], array('`points`'));
93 $user2->points += $score;
95 // Add to marked messages list
96 $DB->query('INSERT INTO `marks` VALUES
97 ('.intval($_SERVER['QUERY_STRING']).', @userid, '.$score.', UNIX_TIMESTAMP())');
99 $DB->commit();
101 header('Refresh: 5; url='.$_SERVER['HTTP_REFERER']);
102 $user->userheader();
103 echo '<p class="notice">Message successfully rated! You will be dumped back wherever you came from in 5 seconds.</p>',"\n";
105 } catch ( Exception $e ) {
106 $DB->rollback();
107 $user->userheader();
108 echo '<p class="error">',$e->getMessage(),"</p>\n";
110 } else
111 $user->userheader();
113 switch ( $user->msglist_style ) {
114 case messageoutput_frozenoven::ID:
115 $mo = new messageoutput_frozenoven; break;
116 case messageoutput_irc::ID:
117 $mo = new messageoutput_irc; break;
118 case messageoutput_plain::ID:
119 default:
120 $mo = new messageoutput_plain; break;
123 $message = $DB->query($query)->fetch_assoc();
125 echo '<div class="',get_class($mo),"\">\n";
126 $mo->display($message);
127 echo "</div>\n";
129 if ( !isset($_POST) && $user->userid != $message['userid'] ) {
130 echo '<p class="info">Click the +/- links on the message to give or take points from it.</p>';
133 $list = $DB->query('SELECT `marks`.`userid`, `alias`
134 FROM `marks` NATURAL LEFT JOIN `users`
135 WHERE `messageid` = '.intval($_SERVER['QUERY_STRING']));
137 if ( $list->num_rows ) {
138 echo '<p>Users who rated this message: ',implode(', ', $user->fillnamecache($list)),"</p>\n";
141 $page->pagefooter();