yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Ajax/Debug

Browse Source 
* be a lot more verbose when errors are occuring (to staff anyway)
 * made hardcoded error messages for comments localizable
 * add error messages from posting comments to session to be displayed on next page update
This commit is contained in:
Sarjuuk
2018-05-26 20:20:15 +02:00
parent 93a72013b8
commit adc1273b08
21 changed files with 290 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
includes/ajaxHandler/account.class.php
View File

@@ -51,7 +51,10 @@ class AjaxAccount extends AjaxHandler
$ids = $this->_post['id'];
if (!isset(Util::$typeStrings[$type]) || empty($ids))
{
trigger_error('AjaxAccount::handleExclude - invalid type #'.$type.(empty($ids) ? ' or id-list empty' : ''), E_USER_ERROR);
return;
}
// ready for some bullshit? here it comes!
// we don't get signaled whether an id should be added to or removed from either includes or excludes
@@ -84,14 +87,20 @@ class AjaxAccount extends AjaxHandler
if ($this->_post['save'])
{
if (!$this->_post['scale'])
{
trigger_error('AjaxAccount::handleWeightscales - scaleId empty', E_USER_ERROR);
return 0;
}
$id = 0;
if ($this->_post['id'] && ($id = $this->_post['id'][0]))
{
if (!DB::Aowow()->selectCell('SELECT 1 FROM ?_account_weightscales WHERE userId = ?d AND id = ?d', User::$id, $id))
{
trigger_error('AjaxAccount::handleWeightscales - scale #'.$id.' not in db or owned by user #'.User::$id, E_USER_ERROR);
return 0;
}
DB::Aowow()->query('UPDATE ?_account_weightscales SET `name` = ? WHERE id = ?d', $this->_post['name'], $id);
}
@@ -120,25 +129,37 @@ class AjaxAccount extends AjaxHandler
else if ($this->_post['delete'] && $this->_post['id'] && $this->_post['id'][0])
DB::Aowow()->query('DELETE FROM ?_account_weightscales WHERE id = ?d AND userId = ?d', $this->_post['id'][0], User::$id);
else
{
trigger_error('AjaxAccount::handleWeightscales - malformed request received', E_USER_ERROR);
return 0;
}
}
protected function handleFavorites()
{
// omit usage of sessionKey
if (count($this->_post['id']) != 1 || empty($this->_post['id'][0]))
{
trigger_error('AjaxAccount::handleFavorites - malformed request received', E_USER_ERROR);
return;
}
$typeId = $this->_post['id'][0];
if ($type = $this->_post['add'])
{
if (empty(Util::$typeClasses[$type]))
{
trigger_error('AjaxAccount::handleFavorites - invalid type #'.$type, E_USER_ERROR);
return;
}
$tc = new Util::$typeClasses[$type]([['id', $typeId]]);
if ($tc->error)
{
trigger_error('AjaxAccount::handleFavorites - invalid typeId #'.$typeId.' for type '.$tc::$brickFile, E_USER_ERROR);
return;
}
DB::Aowow()->query('INSERT INTO ?_account_favorites (`userId`, `type`, `typeId`) VALUES (?d, ?d, ?d)', User::$id, $type, $typeId);
}

27
includes/ajaxHandler/admin.class.php
View File

@@ -118,7 +118,10 @@ class AjaxAdmin extends AjaxHandler
protected function ssApprove()
{
if (!$this->_get['id'])
{
trigger_error('AjaxAdmin::ssApprove - screenshotId empty', E_USER_ERROR);
return '';
}
// create resized and thumb version of screenshot
$resized = [772, 618];
@@ -128,11 +131,14 @@ class AjaxAdmin extends AjaxHandler
foreach ($this->_get['id'] as $id)
{
// must not be already approved
if ($_ = DB::Aowow()->selectRow('SELECT userIdOwner, date, type, typeId FROM ?_screenshots WHERE (status & ?d) = 0 AND id = ?d', CC_FLAG_APPROVED, $id))
if ($ssEntry = DB::Aowow()->selectRow('SELECT userIdOwner, date, type, typeId FROM ?_screenshots WHERE (status & ?d) = 0 AND id = ?d', CC_FLAG_APPROVED, $id))
{
// should also error-log
if (!file_exists(sprintf($path, 'pending', $id)))
{
trigger_error('AjaxAdmin::ssApprove - screenshot #'.$id.' exists in db but not as file', E_USER_ERROR);
continue;
}
$srcImg = imagecreatefromjpeg(sprintf($path, 'pending', $id));
$srcW = imagesx($srcImg);
@@ -170,11 +176,13 @@ class AjaxAdmin extends AjaxHandler
// set as approved in DB and gain rep (once!)
DB::Aowow()->query('UPDATE ?_screenshots SET status = ?d, userIdApprove = ?d WHERE id = ?d', CC_FLAG_APPROVED, User::$id, $id);
Util::gainSiteReputation($_['userIdOwner'], SITEREP_ACTION_UPLOAD, ['id' => $id, 'what' => 1, 'date' => $_['date']]);
Util::gainSiteReputation($ssEntry['userIdOwner'], SITEREP_ACTION_UPLOAD, ['id' => $id, 'what' => 1, 'date' => $ssEntry['date']]);
// flag DB entry as having screenshots
if (Util::$typeClasses[$_['type']] && ($tbl = get_class_vars(Util::$typeClasses[$_['type']])['dataTable']))
DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_SCREENSHOT, $_['typeId']);
if (Util::$typeClasses[$ssEntry['type']] && ($tbl = get_class_vars(Util::$typeClasses[$ssEntry['type']])['dataTable']))
DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_SCREENSHOT, $ssEntry['typeId']);
}
else
trigger_error('AjaxAdmin::ssApprove - screenshot #'.$id.' not in db or already approved', E_USER_ERROR);
}
return '';
@@ -185,7 +193,10 @@ class AjaxAdmin extends AjaxHandler
protected function ssSticky()
{
if (!$this->_get['id'])
{
trigger_error('AjaxAdmin::ssSticky - screenshotId empty', E_USER_ERROR);
return '';
}
// approve soon to be sticky screenshots
$this->ssApprove();
@@ -211,7 +222,10 @@ class AjaxAdmin extends AjaxHandler
protected function ssDelete()
{
if (!$this->_get['id'])
{
trigger_error('AjaxAdmin::ssDelete - screenshotId empty', E_USER_ERROR);
return '';
}
$path = 'static/uploads/screenshots/%s/%d.jpg';
@@ -259,7 +273,10 @@ class AjaxAdmin extends AjaxHandler
protected function ssRelocate()
{
if (!$this->_get['id'] || !$this->_get['typeid'])
{
trigger_error('AjaxAdmin::ssRelocate - screenshotId or typeId empty', E_USER_ERROR);
return '';
}
$id = $this->_get['id'][0];
list($type, $oldTypeId) = array_values(DB::Aowow()->selectRow('SELECT type, typeId FROM ?_screenshots WHERE id = ?d', $id));
@@ -279,6 +296,8 @@ class AjaxAdmin extends AjaxHandler
if($ssInfo || !$ssInfo['hasMore'])
DB::Aowow()->query('UPDATE '.$tc::$dataTable.' SET cuFlags = cuFlags & ~?d WHERE id = ?d', CUSTOM_HAS_SCREENSHOT, $oldTypeId);
}
else
trigger_error('AjaxAdmin::ssRelocate - invalid typeId #'.$typeId.' for type '.$tc::$brickFile, E_USER_ERROR);
return '';
}

145
includes/ajaxHandler/comment.class.php
View File

@@ -78,30 +78,48 @@ class AjaxComment extends AjaxHandler
protected function handleCommentAdd()
{
if (!$this->_get['typeid'] || !$this->_get['type'] || !isset(Util::$typeClasses[$this->_get['type']]))
{
trigger_error('AjaxComment::handleCommentAdd - malforemd request received', E_USER_ERROR);
return; // whatever, we cant even send him back
}
// this type cannot be commented on
if (!(get_class_vars(Util::$typeClasses[$this->_get['type']])['contribute'] & CONTRIBUTE_CO))
{
trigger_error('AjaxComment::handleCommentAdd - tried to comment on unsupported type #'.$this->_get['type'], E_USER_ERROR);
return;
}
// trim to max length
if (!User::isInGroup(U_GROUP_MODERATOR) && mb_strlen($this->_post['commentbody']) > (self::COMMENT_LENGTH_MAX * (User::isPremium() ? 3 : 1)))
$this->post['commentbody'] = mb_substr($this->_post['commentbody'], 0, (self::COMMENT_LENGTH_MAX * (User::isPremium() ? 3 : 1)));
if (User::canComment() && !empty($this->_post['commentbody']) && mb_strlen($this->_post['commentbody']) >= self::COMMENT_LENGTH_MIN)
if (User::canComment())
{
if ($postIdx = DB::Aowow()->query('INSERT INTO ?_comments (type, typeId, userId, roles, body, date) VALUES (?d, ?d, ?d, ?d, ?, UNIX_TIMESTAMP())', $this->_get['type'], $this->_get['typeid'], User::$id, User::$groups, $this->_post['commentbody']))
if (!empty($this->_post['commentbody']) && mb_strlen($this->_post['commentbody']) >= self::COMMENT_LENGTH_MIN)
{
Util::gainSiteReputation(User::$id, SITEREP_ACTION_COMMENT, ['id' => $postIdx]);
if ($postIdx = DB::Aowow()->query('INSERT INTO ?_comments (type, typeId, userId, roles, body, date) VALUES (?d, ?d, ?d, ?d, ?, UNIX_TIMESTAMP())', $this->_get['type'], $this->_get['typeid'], User::$id, User::$groups, $this->_post['commentbody']))
{
Util::gainSiteReputation(User::$id, SITEREP_ACTION_COMMENT, ['id' => $postIdx]);
// every comment starts with a rating of +1 and i guess the simplest thing to do is create a db-entry with the system as owner
DB::Aowow()->query('INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, 0, 1)', $postIdx);
// every comment starts with a rating of +1 and i guess the simplest thing to do is create a db-entry with the system as owner
DB::Aowow()->query('INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, 0, 1)', $postIdx);
// flag target with hasComment
if ($tbl = get_class_vars(Util::$typeClasses[$this->_get['type']])['dataTable'])
DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $this->_get['typeid']);
// flag target with hasComment
if ($tbl = get_class_vars(Util::$typeClasses[$this->_get['type']])['dataTable'])
DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $this->_get['typeid']);
}
else
{
$_SESSION['error']['co'] = Lang::main('intError');
trigger_error('AjaxComment::handleCommentAdd - write to db failed', E_USER_ERROR);
}
}
else
$_SESSION['error']['co'] = Lang::main('textLength', [mb_strlen($this->_post['commentbody']), self::COMMENT_LENGTH_MIN, self::COMMENT_LENGTH_MAX]);
}
else
$_SESSION['error']['co'] = Lang::main('cannotComment');
$this->doRedirect = true;
return '?'.Util::$typeStrings[$this->_get['type']].'='.$this->_get['typeid'].'#comments';
@@ -109,11 +127,20 @@ class AjaxComment extends AjaxHandler
protected function handleCommentEdit()
{
if ((!User::canComment() && !User::isInGroup(U_GROUP_MODERATOR)) || !$this->_get['id'] || !$this->_post['body'])
if (!User::canComment() && !User::isInGroup(U_GROUP_MODERATOR))
{
trigger_error('AjaxComment::handleCommentEdit - user #'.User::$id.' not allowed to edit', E_USER_ERROR);
return;
}
if (!$this->_get['id'] || !$this->_post['body'])
{
trigger_error('AjaxComment::handleCommentEdit - malforemd request received', E_USER_ERROR);
return;
}
if (mb_strlen($this->_post['body']) < self::COMMENT_LENGTH_MIN)
return;
return; // no point in reporting this trifle
// trim to max length
if (!User::isInGroup(U_GROUP_MODERATOR) && mb_strlen($this->_post['body']) > (self::COMMENT_LENGTH_MAX * (User::isPremium() ? 3 : 1)))
@@ -138,7 +165,10 @@ class AjaxComment extends AjaxHandler
protected function handleCommentDelete()
{
if (!$this->_post['id'] || !User::$id)
{
trigger_error('AjaxComment::handleCommentDelete - commentId empty or user not logged in', E_USER_ERROR);
return;
}
// in theory, there is a username passed alongside... lets just use the current user (see user.js)
$ok = DB::Aowow()->query('UPDATE ?_comments SET flags = flags | ?d, deleteUserId = ?d, deleteDate = UNIX_TIMESTAMP() WHERE id IN (?a){ AND userId = ?d}',
@@ -159,12 +189,20 @@ class AjaxComment extends AjaxHandler
if (!$coInfo['hasMore'] && Util::$typeClasses[$coInfo['type']] && ($tbl = get_class_vars(Util::$typeClasses[$coInfo['type']])['dataTable']))
DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags & ~?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $coInfo['typeId']);
}
else
{
trigger_error('AjaxComment::handleCommentDelete - user #'.User::$id.' could not flag comment #'.$this->_post['id'].' as deleted', E_USER_ERROR);
return;
}
}
protected function handleCommentUndelete()
{
if (!$this->_post['id'] || !User::$id)
{
trigger_error('AjaxComment::handleCommentUndelete - commentId empty or user not logged in', E_USER_ERROR);
return;
}
// in theory, there is a username passed alongside... lets just use the current user (see user.js)
$ok = DB::Aowow()->query('UPDATE ?_comments SET flags = flags & ~?d WHERE id IN (?a){ AND userId = deleteUserId AND deleteUserId = ?d}',
@@ -180,6 +218,11 @@ class AjaxComment extends AjaxHandler
if (Util::$typeClasses[$coInfo['type']] && ($tbl = get_class_vars(Util::$typeClasses[$coInfo['type']])['dataTable']))
DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $coInfo['typeId']);
}
else
{
trigger_error('AjaxComment::handleCommentUndelete - user #'.User::$id.' could not unflag comment #'.$this->_post['id'].' as deleted', E_USER_ERROR);
return;
}
}
protected function handleCommentRating()
@@ -232,7 +275,10 @@ class AjaxComment extends AjaxHandler
protected function handleCommentSticky()
{
if (!$this->_post['id'] || !User::isInGroup(U_GROUP_MODERATOR))
{
trigger_error('AjaxComment::handleCommentSticky - commentId empty or user #'.User::$id.' not moderator', E_USER_ERROR);
return;
}
if ($this->_post['sticky'])
DB::Aowow()->query('UPDATE ?_comments SET flags = flags | ?d WHERE id = ?d', CC_FLAG_STICKY, $this->_post['id'][0]);
@@ -245,7 +291,10 @@ class AjaxComment extends AjaxHandler
$this->contentType = 'text/plain';
if (!$this->_post['id'])
return 'The comment does not exist.';
{
trigger_error('AjaxComment::handleCommentOutOfDate - commentId empty', E_USER_ERROR);
return Lang::main('intError');
}
$ok = false;
if (User::isInGroup(U_GROUP_MODERATOR)) // directly mark as outdated
@@ -256,16 +305,18 @@ class AjaxComment extends AjaxHandler
$ok = DB::Aowow()->query('UPDATE ?_comments SET flags = flags & ~0x4 WHERE id = ?d', $this->_post['id'][0]);
}
else if (DB::Aowow()->selectCell('SELECT 1 FROM ?_reports WHERE `mode` = ?d AND `reason`= ?d AND `subject` = ?d AND `userId` = ?d', 1, 17, $this->_post['id'][0], User::$id))
return 'You\'ve already reported this.'; // ct_resp_error7
return Lang::main('alreadyReport');
else if (User::$id && !$this->_post['reason'] || mb_strlen($this->_post['reason']) < self::REPLY_LENGTH_MIN)
return 'Your message is too short.';
return Lang::main('textTooShort');
else if (User::$id) // only report as outdated
$ok = Util::createReport(1, 17, $this->_post['id'][0], '[Outdated Comment] '.$this->_post['reason']);
if ($ok) // this one is very special; as in: completely retarded
return 'ok'; // the script expects the actual characters 'ok' not some string like "ok"
else
trigger_error('AjaxComment::handleCommentOutOfDate - failed to update comment in db', E_USER_ERROR);
return Lang::main('genericError');
return Lang::main('intError');
}
protected function handleCommentShowReplies()
@@ -278,19 +329,22 @@ class AjaxComment extends AjaxHandler
$this->contentType = 'text/plain';
if (!User::canComment())
return 'You are not allowed to reply.';
return Lang::main('cannotComment');
else if (!$this->_post['commentId'] || !DB::Aowow()->selectCell('SELECT 1 FROM ?_comments WHERE id = ?d', $this->_post['commentId']))
return Lang::main('genericError');
if (!$this->_post['commentId'] || !DB::Aowow()->selectCell('SELECT 1 FROM ?_comments WHERE id = ?d', $this->_post['commentId']))
{
trigger_error('AjaxComment::handleReplyAdd - comment #'.$this->_post['commentId'].' does not exist', E_USER_ERROR);
return Lang::main('intError');
}
else if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX)
return 'Your reply has '.mb_strlen($this->_post['body']).' characters and must have at least '.self::REPLY_LENGTH_MIN.' and at most '.self::REPLY_LENGTH_MAX.'.';
if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX)
return Lang::main('textLength', [mb_strlen($this->_post['body']), self::REPLY_LENGTH_MIN, self::REPLY_LENGTH_MAX]);
else if (DB::Aowow()->query('INSERT INTO ?_comments (`userId`, `roles`, `body`, `date`, `replyTo`) VALUES (?d, ?d, ?, UNIX_TIMESTAMP(), ?d)', User::$id, User::$groups, $this->_post['body'], $this->_post['commentId']))
if (DB::Aowow()->query('INSERT INTO ?_comments (`userId`, `roles`, `body`, `date`, `replyTo`) VALUES (?d, ?d, ?, UNIX_TIMESTAMP(), ?d)', User::$id, User::$groups, $this->_post['body'], $this->_post['commentId']))
return Util::toJSON(CommunityContent::getCommentReplies($this->_post['commentId']));
else
return Lang::main('genericError');
trigger_error('AjaxComment::handleReplyAdd - write to db failed', E_USER_ERROR);
return Lang::main('intError');
}
protected function handleReplyEdit()
@@ -298,25 +352,32 @@ class AjaxComment extends AjaxHandler
$this->contentType = 'text/plain';
if (!User::canComment())
return 'You are not allowed to reply.';
return Lang::main('cannotComment');
else if (!$this->_post['replyId'] || !$this->_post['commentId'])
return Lang::main('genericError');
if ((!$this->_post['replyId'] || !$this->_post['commentId']) && DB::Aowow()->selectCell('SELECT COUNT(1) FROM ?_comments WHERE id IN (?a)', [$this->_post['replyId'], $this->_post['commentId']]))
{
trigger_error('AjaxComment::handleReplyEdit - comment #'.$this->_post['commentId'].' or reply #'.$this->_post['replyId'].' does not exist', E_USER_ERROR);
return Lang::main('intError');
}
else if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX)
return 'Your reply has '.mb_strlen($this->_post['body']).' characters and must have at least '.self::REPLY_LENGTH_MIN.' and at most '.self::REPLY_LENGTH_MAX.'.';
if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX)
return Lang::main('textLength', [mb_strlen($this->_post['body']), self::REPLY_LENGTH_MIN, self::REPLY_LENGTH_MAX]);
if (DB::Aowow()->query('UPDATE ?_comments SET body = ?, editUserId = ?d, editDate = UNIX_TIMESTAMP(), editCount = editCount + 1 WHERE id = ?d AND replyTo = ?d{ AND userId = ?d}',
$this->_post['body'], User::$id, $this->_post['replyId'], $this->_post['commentId'], User::isInGroup(U_GROUP_MODERATOR) ? DBSIMPLE_SKIP : User::$id))
return Util::toJSON(CommunityContent::getCommentReplies($this->_post['commentId']));
else
return Lang::main('genericError');
trigger_error('AjaxComment::handleReplyEdit - write to db failed', E_USER_ERROR);
return Lang::main('intError');
}
protected function handleReplyDetach()
{
if (!User::isInGroup(U_GROUP_MODERATOR) || !$this->_post['id'])
if (!$this->_post['id'] || !User::isInGroup(U_GROUP_MODERATOR))
{
trigger_error('AjaxComment::handleReplyDetach - commentId empty or user #'.User::$id.' not moderator', E_USER_ERROR);
return;
}
DB::Aowow()->query('UPDATE ?_comments c1, ?_comments c2 SET c1.replyTo = 0, c1.type = c2.type, c1.typeId = c2.typeId WHERE c1.replyTo = c2.id AND c1.id = ?d', $this->_post['id'][0]);
}
@@ -324,16 +385,24 @@ class AjaxComment extends AjaxHandler
protected function handleReplyDelete()
{
if (!User::$id || !$this->_post['id'])
{
trigger_error('AjaxComment::handleReplyDelete - commentId empty or user not logged in', E_USER_ERROR);
return;
}
if (DB::Aowow()->query('DELETE FROM ?_comments WHERE id = ?d{ AND userId = ?d}', $this->_post['id'][0], User::isInGroup(U_GROUP_MODERATOR) ? DBSIMPLE_SKIP : User::$id))
DB::Aowow()->query('DELETE FROM ?_comments_rates WHERE commentId = ?d', $this->_post['id'][0]);
else
trigger_error('AjaxComment::handleReplyDelete - deleting comment #'.$this->_post['id'][0].' by user #'.User::$id.' from db failed', E_USER_ERROR);
}
protected function handleReplyFlag()
{
if (!User::$id || !$this->_post['id'])
{
trigger_error('AjaxComment::handleReplyFlag - commentId empty or user not logged in', E_USER_ERROR);
return;
}
Util::createReport(1, 19, $this->_post['id'][0], '[General Reply Report]');
}
@@ -341,11 +410,17 @@ class AjaxComment extends AjaxHandler
protected function handleReplyUpvote()
{
if (!$this->_post['id'] || !User::canUpvote())
{
trigger_error('AjaxComment::handleReplyUpvote - commentId empty or user not allowed to vote', E_USER_ERROR);
return;
}
$owner = DB::Aowow()->selectCell('SELECT userId FROM ?_comments WHERE id = ?d', $this->_post['id'][0]);
if (!$owner)
{
trigger_error('AjaxComment::handleReplyUpvote - comment #'.$this->_post['id'][0].' not found in db', E_USER_ERROR);
return;
}
$ok = DB::Aowow()->query(
'INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, ?d, ?d)',
@@ -359,16 +434,24 @@ class AjaxComment extends AjaxHandler
Util::gainSiteReputation($owner, SITEREP_ACTION_UPVOTED, ['id' => $this->_post['id'][0], 'voterId' => User::$id]);
User::decrementDailyVotes();
}
else
trigger_error('AjaxComment::handleReplyUpvote - write to db failed', E_USER_ERROR);
}
protected function handleReplyDownvote()
{
if (!$this->_post['id'] || !User::canDownvote())
{
trigger_error('AjaxComment::handleReplyDownvote - commentId empty or user not allowed to vote', E_USER_ERROR);
return;
}
$owner = DB::Aowow()->selectCell('SELECT userId FROM ?_comments WHERE id = ?d', $this->_post['id'][0]);
if (!$owner)
{
trigger_error('AjaxComment::handleReplyDownvote - comment #'.$this->_post['id'][0].' not found in db', E_USER_ERROR);
return;
}
$ok = DB::Aowow()->query(
'INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, ?d, ?d)',
@@ -382,6 +465,8 @@ class AjaxComment extends AjaxHandler
Util::gainSiteReputation($owner, SITEREP_ACTION_DOWNVOTED, ['id' => $this->_post['id'][0], 'voterId' => User::$id]);
User::decrementDailyVotes();
}
else
trigger_error('AjaxComment::handleReplyDownvote - write to db failed', E_USER_ERROR);
}
protected function checkId($val)

20
includes/ajaxHandler/contactus.class.php
View File

@@ -54,10 +54,16 @@ class AjaxContactus extends AjaxHandler
);
if ($mode === null || $rsn === null || $ua === null || $app === null || $url === null)
return 'required field missing';
{
trigger_error('AjaxContactus::handleContactUs - malformed contact request received', E_USER_ERROR);
return Lang::main('intError');
}
if (!isset($contexts[$mode]) || !in_array($rsn, $contexts[$mode]))
return 'mode invalid';
{
trigger_error('AjaxContactus::handleContactUs - report has invalid context (mode:'.$mode.' / reason:'.$rsn.')', E_USER_ERROR);
return Lang::main('intError');
}
if (!$desc)
return 3;
@@ -66,7 +72,10 @@ class AjaxContactus extends AjaxHandler
return 2;
if (!User::$id && !User::$ip)
return 'your ip could not be determined';
{
trigger_error('AjaxContactus::handleContactUs - could not determine IP for anonymous user', E_USER_ERROR);
return Lang::main('intError');
}
// check already reported
$field = User::$id ? 'userId' : 'ip';
@@ -76,6 +85,7 @@ class AjaxContactus extends AjaxHandler
if (Util::createReport($mode, $rsn, $subj, $desc, $ua, $app, $url, $this->_post['relatedurl'], $this->_post['email']))
return 0;
return 'save to db unsuccessful';
trigger_error('AjaxContactus::handleContactUs - write to db failed', E_USER_ERROR);
return Lang::main('intError');
}
}
}

8
includes/ajaxHandler/cookie.class.php
View File

@@ -29,9 +29,15 @@ class AjaxCookie extends AjaxHandler
protected function handleCookie()
{
if (User::$id && $this->params && $this->_get[$this->params[0]])
{
if (DB::Aowow()->query('REPLACE INTO ?_account_cookies VALUES (?d, ?, ?)', User::$id, $this->params[0], $this->_get[$this->params[0]]))
return 0;
else
trigger_error('AjaxCookie::handleCookie - write to db failed', E_USER_ERROR);
}
else
trigger_error('AjaxCookie::handleCookie - malformed request received', E_USER_ERROR);
return null;
}
}
}

9
includes/ajaxHandler/data.class.php
View File

@@ -36,9 +36,11 @@ class AjaxData extends AjaxHandler
foreach ($this->params as $set)
{
// requires valid token to hinder automated access
if ($set != 'item-scaling')
if (!$this->_get['t'] || empty($_SESSION['dataKey']) || $this->_get['t'] != $_SESSION['dataKey'])
continue;
if ($set != 'item-scaling' && (!$this->_get['t'] || empty($_SESSION['dataKey']) || $this->_get['t'] != $_SESSION['dataKey']))
{
trigger_error('AjaxData::handleData - session data key empty or expired', E_USER_ERROR);
continue;
}
switch ($set)
{
@@ -107,6 +109,7 @@ class AjaxData extends AjaxHandler
$result .= "\n\n";
break;
default:
trigger_error('AjaxData::handleData - invalid file "'.$set.'" in request', E_USER_ERROR);
break;
}
}

4
includes/ajaxHandler/gotocomment.class.php
View File

@@ -29,7 +29,9 @@ class AjaxGotocomment extends AjaxHandler
if ($_ = DB::Aowow()->selectRow('SELECT IFNULL(c2.id, c1.id) AS id, IFNULL(c2.type, c1.type) AS type, IFNULL(c2.typeId, c1.typeId) AS typeId FROM ?_comments c1 LEFT JOIN ?_comments c2 ON c1.replyTo = c2.id WHERE c1.id = ?d', $this->_get['id']))
return '?'.Util::$typeStrings[$_['type']].'='.$_['typeId'].'#comments:id='.$_['id'].($_['id'] != $this->_get['id'] ? ':reply='.$this->_get['id'] : null);
else
exit;
trigger_error('AjaxGotocomment::handleGoToComment - could not find comment #'.$this->get['id'], E_USER_ERROR);
exit;
}
}

75
includes/ajaxHandler/profile.class.php
View File

@@ -102,20 +102,36 @@ class AjaxProfile extends AjaxHandler
protected function handleLink() // links char with account
{
if (!User::$id || empty($this->_get['id']))
{
trigger_error('AjaxProfile::handleLink - profileId empty or user not logged in', E_USER_ERROR);
return;
}
$uid = User::$id;
if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU))
$uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']);
else if ($this->_get['user'])
return;
{
if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user'])))
{
trigger_error('AjaxProfile::handleLink - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR);
return;
}
}
if ($this->undo)
DB::Aowow()->query('DELETE FROM ?_account_profiles WHERE accountId = ?d AND profileId IN (?a)', $uid, $this->_get['id']);
else
{
foreach ($this->_get['id'] as $prId) // only link characters, not custom profiles
{
if ($prId = DB::Aowow()->selectCell('SELECT id FROM ?_profiler_profiles WHERE id = ?d AND realm IS NOT NULL', $prId))
DB::Aowow()->query('INSERT IGNORE INTO ?_account_profiles VALUES (?d, ?d, 0)', $uid, $prId);
else
{
trigger_error('AjaxProfile::handleLink - profile #'.$prId.' is custom or does not exist', E_USER_ERROR);
return;
}
}
}
}
/* params
@@ -126,17 +142,24 @@ class AjaxProfile extends AjaxHandler
protected function handlePin() // (un)favorite
{
if (!User::$id || empty($this->_get['id'][0]))
{
trigger_error('AjaxProfile::handlePin - profileId empty or user not logged in', E_USER_ERROR);
return;
}
$uid = User::$id;
if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU))
$uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']);
else if ($this->_get['user'])
return;
{
if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user'])))
{
trigger_error('AjaxProfile::handlePin - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR);
return;
}
}
// since only one character can be pinned at a time we can reset everything
DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags & ?d WHERE accountId = ?d', ~PROFILER_CU_PINNED, $uid);
// and set a single char if nesecary
// and set a single char if necessary
if (!$this->undo)
DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags | ?d WHERE profileId = ?d AND accountId = ?d', PROFILER_CU_PINNED, $this->_get['id'][0], $uid);
}
@@ -149,13 +172,20 @@ class AjaxProfile extends AjaxHandler
protected function handlePrivacy() // public visibility
{
if (!User::$id || empty($this->_get['id'][0]))
{
trigger_error('AjaxProfile::handlePrivacy - profileId empty or user not logged in', E_USER_ERROR);
return;
}
$uid = User::$id;
if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU))
$uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']);
else if ($this->_get['user'])
return;
{
if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user'])))
{
trigger_error('AjaxProfile::handlePrivacy - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR);
return;
}
}
if ($this->undo)
{
@@ -182,7 +212,10 @@ class AjaxProfile extends AjaxHandler
$s = $this->_get['size'] ?: 'medium';
if (!$this->_get['id'] || !preg_match('/^([0-9]+)\.(jpg|gif)$/', $this->_get['id'][0], $matches) || !in_array($s, array_keys($sizes)))
{
trigger_error('AjaxProfile::handleAvatar - malformed request received', E_USER_ERROR);
return;
}
$this->contentType = 'image/'.$matches[2];
@@ -206,6 +239,8 @@ class AjaxProfile extends AjaxHandler
$src = imageCreateFromJpeg(printf($aPath, $id));
imagecopymerge($dest, $src, 0, 0, $offsetX, $offsetY, $sizes[$s], $sizes[$s], 100);
}
else
trigger_error('AjaxProfile::handleAvatar - avatar file #'.$id.' not found', E_USER_ERROR);
if ($matches[2] == 'gif')
imageGif($dest);
@@ -223,8 +258,12 @@ class AjaxProfile extends AjaxHandler
protected function handleResync()
{
if ($chars = DB::Aowow()->select('SELECT realm, realmGUID FROM ?_profiler_profiles WHERE id IN (?a)', $this->_get['id']))
{
foreach ($chars as $c)
Profiler::scheduleResync(TYPE_PROFILE, $c['realm'], $c['realmGUID']);
}
else
trigger_error('AjaxProfile::handleResync - profiles '.implode(', ', $this->_get['id']).' not found in db', E_USER_ERROR);
return '1';
}
@@ -262,6 +301,12 @@ class AjaxProfile extends AjaxHandler
else
$ids = $this->_get['id'];
if (!$ids)
{
trigger_error('AjaxProfile::handleStatus - no profileIds to resync'.($this->_get['guild'] ? ' for guild #'.$this->_get['guild'] : ($this->_get['arena-team'] ? ' for areana team #'.$this->_get['arena-team'] : '')), E_USER_ERROR);
return Util::toJSON([1, [PR_QUEUE_STATUS_ERROR, 0, 0, PR_QUEUE_ERROR_CHAR]]);
}
$response = Profiler::resyncStatus(TYPE_PROFILE, $ids);
return Util::toJSON($response);
}
@@ -407,8 +452,11 @@ class AjaxProfile extends AjaxHandler
*/
protected function handleDelete() // kill a profile
{
if (!$this->_get['id'])
if (!User::$id || !$this->_get['id'])
{
trigger_error('AjaxProfile::handleDelete - profileId empty or user not logged in', E_USER_ERROR);
return;
}
// only flag as deleted; only custom profiles
DB::Aowow()->query(
@@ -434,12 +482,15 @@ class AjaxProfile extends AjaxHandler
// everything else goes through data.php .. strangely enough
if (!$this->_get['id'])
{
trigger_error('AjaxProfile::handleLoad - profileId empty', E_USER_ERROR);
return;
}
$pBase = DB::Aowow()->selectRow('SELECT pg.name AS guildname, p.* FROM ?_profiler_profiles p LEFT JOIN ?_profiler_guild pg ON pg.id = p.guild WHERE p.id = ?d', $this->_get['id'][0]);
if (!$pBase)
{
trigger_error('Profiler::handleLoad() - called with invalid profileId #'.$this->_get['id'][0], E_USER_WARNING);
trigger_error('Profiler::handleLoad - called with invalid profileId #'.$this->_get['id'][0], E_USER_WARNING);
return;
}

2
includes/utilities.php
View File

@@ -1427,7 +1427,7 @@ class Util
'createDate' => time(),
'mode' => $mode,
'reason' => $reason,
'subject' => $subject,
'subject' => $subject ?: 0, // not set for utility, tools and misc pages
'ip' => User::$ip,
'description' => $desc,
'userAgent' => $userAgent ?: $_SERVER['HTTP_USER_AGENT'],

4
localization/locale_dede.php
View File

@@ -129,6 +129,10 @@ $lang = array(
'genericError' => "Ein Fehler trat auf; aktualisiert die Seite und versucht es nochmal. Wenn der Fehler bestehen bleibt, bitte meldet es bei <a href='#contact'>feedback</a>", # LANG.genericerror
'bannedRating' => "Ihr wurdet davon gesperrt, Kommentare zu bewerten.", # LANG.tooltip_banned_rating
'tooManyVotes' => "Ihr habt die tägliche Grenze für erlaubte Bewertungen erreicht. Kommt morgen mal wieder!", # LANG.tooltip_too_many_votes
'alreadyReport' => "Ihr habt dies bereits gemeldet.", # LANG.ct_resp_error7
'textTooShort' => "Eure Nachricht ist zu kurz.",
'cannotComment' => "Ihr wurdet davon gesperrt, Kommentare zu verfassen.",
'textLength' => "Euer Kommentar ist %d Zeichen lang und muss mindestens %d Zeichen und höchstens %d Zeichen lang sein.",
'moreTitles' => array(
'reputation' => "Benutzerruf",

4
localization/locale_enus.php
View File

@@ -129,6 +129,10 @@ $lang = array(
'genericError' => "An error has occurred; refresh the page and try again. If the error persists email <a href=\"#contact\">feedback</a>", # LANG.genericerror
'bannedRating' => "You have been banned from rating comments.", # LANG.tooltip_banned_rating
'tooManyVotes' => "You have reached the daily voting cap. Come back tomorrow!", # LANG.tooltip_too_many_votes
'alreadyReport' => "You've already reported this.", # LANG.ct_resp_error7
'textTooShort' => "Your message is too short.",
'cannotComment' => "You have been banned from writing comments.",
'textLength' => "Your comment has %d characters and must have at least %d and at most %d characters.",
'moreTitles' => array(
'reputation' => "Website Reputation",

4
localization/locale_eses.php
View File

@@ -129,6 +129,10 @@ $lang = array(
'genericError' => "Ha ocurrido un error; refresca la página e inténtalo de nuevo. Si el error persiste manda un correo a <a href='#contact'>feedback</a>", # LANG.genericerror
'bannedRating' => "Has sido baneado y no podrás valorar comentarios.", # LANG.tooltip_banned_rating
'tooManyVotes' => "Has alcanzado el límite diario de votos. Vuelve mañana.", # LANG.tooltip_too_many_votes
'alreadyReport' => "Ya has reportado esto.", # LANG.ct_resp_error7
'textTooShort' => "[Your message is too short.]",
'cannotComment' => "[You have been banned from writing comments.]",
'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]",
'moreTitles' => array(
'reputation' => "Reputación de la web",

4
localization/locale_frfr.php
View File

@@ -129,6 +129,10 @@ $lang = array(
'genericError' => "Une erreur est survenue; Actualisez la page et essayez à nouveau. Si l'erreur persiste, envoyez un email à <a href='#contact'>feedback</a>", # LANG.genericerror
'bannedRating' => "Vous avez été banni du score des commentaires.", # LANG.tooltip_banned_rating
'tooManyVotes' => "Vous avez voté trop souvent aujourd'hui! Revenez demain.", # LANG.tooltip_too_many_votes
'alreadyReport' => "Vous avez déjà rapporté ceci.", # LANG.ct_resp_error7
'textTooShort' => "[Your message is too short.]",
'cannotComment' => "[You have been banned from writing comments.]",
'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]",
'moreTitles' => array(
'reputation' => "Réputation du site",

4
localization/locale_ruru.php
View File

@@ -129,6 +129,10 @@ $lang = array(
'genericError' => "Произошла ошибка; обновите страницу и попробуйте снова. Если ситуация повторяется, отправьте сообщение на <a href='#contact'>feedback</a>", # LANG.genericerror
'bannedRating' => "Вам была заблокирована возможность оценивать комментарии.", # LANG.tooltip_banned_rating
'tooManyVotes' => "Вы сегодня проголосовали слишком много раз! Вы сможете продолжить завтра.", # LANG.tooltip_too_many_votes
'alreadyReport' => "Вы уже подали на это жалобу.", # LANG.ct_resp_error7
'textTooShort' => "[Your message is too short.]",
'cannotComment' => "[You have been banned from writing comments.]",
'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]",
'moreTitles' => array(
'reputation' => "Репутация на сайте",

4
localization/locale_zhcn.php
View File

@@ -130,6 +130,10 @@ $lang = array(
'genericError' => "发生错误,请刷新页面再试一次。如果错误持续存在,请联系<a href=\"#contact\">反馈</a>。", # LANG.genericerror
'bannedRating' => "你评级评论的权力已被冻结。", # LANG.tooltip_banned_rating
'tooManyVotes' => "你已经达到每日投票上限。请明天再来!", # LANG.tooltip_too_many_votes
'alreadyReport' => "您已报告。", # LANG.ct_resp_error7
'textTooShort' => "[Your message is too short.]",
'cannotComment' => "[You have been banned from writing comments.]",
'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]",
'moreTitles' => array(
'reputation' => "网站声望",

2
template/localized/contrib_0.tpl.php
View File

@@ -7,6 +7,8 @@
<li><div>You might want to proof-read your comments before posting them.</div></li>
</ul>
<?php
echo $this->coError ? ' <div class="msg-failure">'.$this->coError."</div>\n <div class=\"pad\"></div>\n" : '';
if (User::canComment()):
?>
<form name="addcomment" action="?comment=add&amp;type=<?php echo $this->type.'&amp;typeid='.$this->typeId; ?>" method="post" onsubmit="return co_validateForm(this)">

2
template/localized/contrib_2.tpl.php
View File

@@ -7,6 +7,8 @@
<li><div>Il serait avisé de corriger vos fautes avant de soumettre vos commentaires.</div></li>
</ul>
<?php
echo $this->coError ? ' <div class="msg-failure">'.$this->coError."</div>\n <div class=\"pad\"></div>\n" : '';
if (User::canComment()):
?>
<form name="addcomment" action="?comment=add&amp;type=<?php echo $this->type.'&amp;typeid='.$this->typeId; ?>" method="post" onsubmit="return co_validateForm(this)">

2
template/localized/contrib_3.tpl.php
View File

@@ -7,6 +7,8 @@
<li><div>Stellt Eure Fragen bitte in unseren <a href="?forums">Foren</a>, wenn Ihr eine schnellere Antwort wünscht.</div></li>
</ul>
<?php
echo $this->coError ? ' <div class="msg-failure">'.$this->coError."</div>\n <div class=\"pad\"></div>\n" : '';
if (User::canComment()):
?>
<form name="addcomment" action="?comment=add&amp;type=<?php echo $this->type.'&amp;typeid='.$this->typeId; ?>" method="post" onsubmit="return co_validateForm(this)">

2
template/localized/contrib_4.tpl.php
View File

@@ -7,6 +7,8 @@
<li><div>你在发表前最好先预览下你的评论。</div></li>
</ul>
<?php
echo $this->coError ? ' <div class="msg-failure">'.$this->coError."</div>\n <div class=\"pad\"></div>\n" : '';
if (User::canComment()):
?>
<form name="addcomment" action="?comment=add&amp;type=<?php echo $this->type.'&amp;typeid='.$this->typeId; ?>" method="post" onsubmit="return co_validateForm(this)">

2
template/localized/contrib_6.tpl.php
View File

@@ -7,6 +7,8 @@
<li><div>Deberías corregir tus comentarios antes de enviarlos.</div></li>
</ul>
<?php
echo $this->coError ? ' <div class="msg-failure">'.$this->coError."</div>\n <div class=\"pad\"></div>\n" : '';
if (User::canComment()):
?>
<form name="addcomment" action="?comment=add&amp;type=<?php echo $this->type.'&amp;typeid='.$this->typeId; ?>" method="post" onsubmit="return co_validateForm(this)">

2
template/localized/contrib_8.tpl.php
View File

@@ -7,6 +7,8 @@
<li><div>У вас может возникнуть желание проверить написание своего комментария перед тем, как поместить его на сайт.</div></li>
</ul>
<?php
echo $this->coError ? ' <div class="msg-failure">'.$this->coError."</div>\n <div class=\"pad\"></div>\n" : '';
if (User::canComment()):
?>
<form name="addcomment" action="?comment=add&amp;type=<?php echo $this->type.'&amp;typeid='.$this->typeId; ?>" method="post" onsubmit="return co_validateForm(this)">