From adc1273b085b7efcd61ef067a13a1a8d55d7426a Mon Sep 17 00:00:00 2001 From: Sarjuuk Date: Sat, 26 May 2018 20:20:15 +0200 Subject: [PATCH] Ajax/Debug * be a lot more verbose when errors are occuring (to staff anyway) * made hardcoded error messages for comments localizable * add error messages from posting comments to session to be displayed on next page update --- includes/ajaxHandler/account.class.php | 21 +++ includes/ajaxHandler/admin.class.php | 27 +++- includes/ajaxHandler/comment.class.php | 145 ++++++++++++++++----- includes/ajaxHandler/contactus.class.php | 20 ++- includes/ajaxHandler/cookie.class.php | 8 +- includes/ajaxHandler/data.class.php | 9 +- includes/ajaxHandler/gotocomment.class.php | 4 +- includes/ajaxHandler/profile.class.php | 75 +++++++++-- includes/utilities.php | 2 +- localization/locale_dede.php | 4 + localization/locale_enus.php | 4 + localization/locale_eses.php | 4 + localization/locale_frfr.php | 4 + localization/locale_ruru.php | 4 + localization/locale_zhcn.php | 4 + template/localized/contrib_0.tpl.php | 2 + template/localized/contrib_2.tpl.php | 2 + template/localized/contrib_3.tpl.php | 2 + template/localized/contrib_4.tpl.php | 2 + template/localized/contrib_6.tpl.php | 2 + template/localized/contrib_8.tpl.php | 2 + 21 files changed, 290 insertions(+), 57 deletions(-) diff --git a/includes/ajaxHandler/account.class.php b/includes/ajaxHandler/account.class.php index dfd8df4d..42da1057 100644 --- a/includes/ajaxHandler/account.class.php +++ b/includes/ajaxHandler/account.class.php @@ -51,7 +51,10 @@ class AjaxAccount extends AjaxHandler $ids = $this->_post['id']; if (!isset(Util::$typeStrings[$type]) || empty($ids)) + { + trigger_error('AjaxAccount::handleExclude - invalid type #'.$type.(empty($ids) ? ' or id-list empty' : ''), E_USER_ERROR); return; + } // ready for some bullshit? here it comes! // we don't get signaled whether an id should be added to or removed from either includes or excludes @@ -84,14 +87,20 @@ class AjaxAccount extends AjaxHandler if ($this->_post['save']) { if (!$this->_post['scale']) + { + trigger_error('AjaxAccount::handleWeightscales - scaleId empty', E_USER_ERROR); return 0; + } $id = 0; if ($this->_post['id'] && ($id = $this->_post['id'][0])) { if (!DB::Aowow()->selectCell('SELECT 1 FROM ?_account_weightscales WHERE userId = ?d AND id = ?d', User::$id, $id)) + { + trigger_error('AjaxAccount::handleWeightscales - scale #'.$id.' not in db or owned by user #'.User::$id, E_USER_ERROR); return 0; + } DB::Aowow()->query('UPDATE ?_account_weightscales SET `name` = ? WHERE id = ?d', $this->_post['name'], $id); } @@ -120,25 +129,37 @@ class AjaxAccount extends AjaxHandler else if ($this->_post['delete'] && $this->_post['id'] && $this->_post['id'][0]) DB::Aowow()->query('DELETE FROM ?_account_weightscales WHERE id = ?d AND userId = ?d', $this->_post['id'][0], User::$id); else + { + trigger_error('AjaxAccount::handleWeightscales - malformed request received', E_USER_ERROR); return 0; + } } protected function handleFavorites() { // omit usage of sessionKey if (count($this->_post['id']) != 1 || empty($this->_post['id'][0])) + { + trigger_error('AjaxAccount::handleFavorites - malformed request received', E_USER_ERROR); return; + } $typeId = $this->_post['id'][0]; if ($type = $this->_post['add']) { if (empty(Util::$typeClasses[$type])) + { + trigger_error('AjaxAccount::handleFavorites - invalid type #'.$type, E_USER_ERROR); return; + } $tc = new Util::$typeClasses[$type]([['id', $typeId]]); if ($tc->error) + { + trigger_error('AjaxAccount::handleFavorites - invalid typeId #'.$typeId.' for type '.$tc::$brickFile, E_USER_ERROR); return; + } DB::Aowow()->query('INSERT INTO ?_account_favorites (`userId`, `type`, `typeId`) VALUES (?d, ?d, ?d)', User::$id, $type, $typeId); } diff --git a/includes/ajaxHandler/admin.class.php b/includes/ajaxHandler/admin.class.php index 0e12877e..9583a49e 100644 --- a/includes/ajaxHandler/admin.class.php +++ b/includes/ajaxHandler/admin.class.php @@ -118,7 +118,10 @@ class AjaxAdmin extends AjaxHandler protected function ssApprove() { if (!$this->_get['id']) + { + trigger_error('AjaxAdmin::ssApprove - screenshotId empty', E_USER_ERROR); return ''; + } // create resized and thumb version of screenshot $resized = [772, 618]; @@ -128,11 +131,14 @@ class AjaxAdmin extends AjaxHandler foreach ($this->_get['id'] as $id) { // must not be already approved - if ($_ = DB::Aowow()->selectRow('SELECT userIdOwner, date, type, typeId FROM ?_screenshots WHERE (status & ?d) = 0 AND id = ?d', CC_FLAG_APPROVED, $id)) + if ($ssEntry = DB::Aowow()->selectRow('SELECT userIdOwner, date, type, typeId FROM ?_screenshots WHERE (status & ?d) = 0 AND id = ?d', CC_FLAG_APPROVED, $id)) { // should also error-log if (!file_exists(sprintf($path, 'pending', $id))) + { + trigger_error('AjaxAdmin::ssApprove - screenshot #'.$id.' exists in db but not as file', E_USER_ERROR); continue; + } $srcImg = imagecreatefromjpeg(sprintf($path, 'pending', $id)); $srcW = imagesx($srcImg); @@ -170,11 +176,13 @@ class AjaxAdmin extends AjaxHandler // set as approved in DB and gain rep (once!) DB::Aowow()->query('UPDATE ?_screenshots SET status = ?d, userIdApprove = ?d WHERE id = ?d', CC_FLAG_APPROVED, User::$id, $id); - Util::gainSiteReputation($_['userIdOwner'], SITEREP_ACTION_UPLOAD, ['id' => $id, 'what' => 1, 'date' => $_['date']]); + Util::gainSiteReputation($ssEntry['userIdOwner'], SITEREP_ACTION_UPLOAD, ['id' => $id, 'what' => 1, 'date' => $ssEntry['date']]); // flag DB entry as having screenshots - if (Util::$typeClasses[$_['type']] && ($tbl = get_class_vars(Util::$typeClasses[$_['type']])['dataTable'])) - DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_SCREENSHOT, $_['typeId']); + if (Util::$typeClasses[$ssEntry['type']] && ($tbl = get_class_vars(Util::$typeClasses[$ssEntry['type']])['dataTable'])) + DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_SCREENSHOT, $ssEntry['typeId']); } + else + trigger_error('AjaxAdmin::ssApprove - screenshot #'.$id.' not in db or already approved', E_USER_ERROR); } return ''; @@ -185,7 +193,10 @@ class AjaxAdmin extends AjaxHandler protected function ssSticky() { if (!$this->_get['id']) + { + trigger_error('AjaxAdmin::ssSticky - screenshotId empty', E_USER_ERROR); return ''; + } // approve soon to be sticky screenshots $this->ssApprove(); @@ -211,7 +222,10 @@ class AjaxAdmin extends AjaxHandler protected function ssDelete() { if (!$this->_get['id']) + { + trigger_error('AjaxAdmin::ssDelete - screenshotId empty', E_USER_ERROR); return ''; + } $path = 'static/uploads/screenshots/%s/%d.jpg'; @@ -259,7 +273,10 @@ class AjaxAdmin extends AjaxHandler protected function ssRelocate() { if (!$this->_get['id'] || !$this->_get['typeid']) + { + trigger_error('AjaxAdmin::ssRelocate - screenshotId or typeId empty', E_USER_ERROR); return ''; + } $id = $this->_get['id'][0]; list($type, $oldTypeId) = array_values(DB::Aowow()->selectRow('SELECT type, typeId FROM ?_screenshots WHERE id = ?d', $id)); @@ -279,6 +296,8 @@ class AjaxAdmin extends AjaxHandler if($ssInfo || !$ssInfo['hasMore']) DB::Aowow()->query('UPDATE '.$tc::$dataTable.' SET cuFlags = cuFlags & ~?d WHERE id = ?d', CUSTOM_HAS_SCREENSHOT, $oldTypeId); } + else + trigger_error('AjaxAdmin::ssRelocate - invalid typeId #'.$typeId.' for type '.$tc::$brickFile, E_USER_ERROR); return ''; } diff --git a/includes/ajaxHandler/comment.class.php b/includes/ajaxHandler/comment.class.php index 941eb599..c04100f2 100644 --- a/includes/ajaxHandler/comment.class.php +++ b/includes/ajaxHandler/comment.class.php @@ -78,30 +78,48 @@ class AjaxComment extends AjaxHandler protected function handleCommentAdd() { if (!$this->_get['typeid'] || !$this->_get['type'] || !isset(Util::$typeClasses[$this->_get['type']])) + { + trigger_error('AjaxComment::handleCommentAdd - malforemd request received', E_USER_ERROR); return; // whatever, we cant even send him back + } // this type cannot be commented on if (!(get_class_vars(Util::$typeClasses[$this->_get['type']])['contribute'] & CONTRIBUTE_CO)) + { + trigger_error('AjaxComment::handleCommentAdd - tried to comment on unsupported type #'.$this->_get['type'], E_USER_ERROR); return; + } // trim to max length if (!User::isInGroup(U_GROUP_MODERATOR) && mb_strlen($this->_post['commentbody']) > (self::COMMENT_LENGTH_MAX * (User::isPremium() ? 3 : 1))) $this->post['commentbody'] = mb_substr($this->_post['commentbody'], 0, (self::COMMENT_LENGTH_MAX * (User::isPremium() ? 3 : 1))); - if (User::canComment() && !empty($this->_post['commentbody']) && mb_strlen($this->_post['commentbody']) >= self::COMMENT_LENGTH_MIN) + if (User::canComment()) { - if ($postIdx = DB::Aowow()->query('INSERT INTO ?_comments (type, typeId, userId, roles, body, date) VALUES (?d, ?d, ?d, ?d, ?, UNIX_TIMESTAMP())', $this->_get['type'], $this->_get['typeid'], User::$id, User::$groups, $this->_post['commentbody'])) + if (!empty($this->_post['commentbody']) && mb_strlen($this->_post['commentbody']) >= self::COMMENT_LENGTH_MIN) { - Util::gainSiteReputation(User::$id, SITEREP_ACTION_COMMENT, ['id' => $postIdx]); + if ($postIdx = DB::Aowow()->query('INSERT INTO ?_comments (type, typeId, userId, roles, body, date) VALUES (?d, ?d, ?d, ?d, ?, UNIX_TIMESTAMP())', $this->_get['type'], $this->_get['typeid'], User::$id, User::$groups, $this->_post['commentbody'])) + { + Util::gainSiteReputation(User::$id, SITEREP_ACTION_COMMENT, ['id' => $postIdx]); - // every comment starts with a rating of +1 and i guess the simplest thing to do is create a db-entry with the system as owner - DB::Aowow()->query('INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, 0, 1)', $postIdx); + // every comment starts with a rating of +1 and i guess the simplest thing to do is create a db-entry with the system as owner + DB::Aowow()->query('INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, 0, 1)', $postIdx); - // flag target with hasComment - if ($tbl = get_class_vars(Util::$typeClasses[$this->_get['type']])['dataTable']) - DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $this->_get['typeid']); + // flag target with hasComment + if ($tbl = get_class_vars(Util::$typeClasses[$this->_get['type']])['dataTable']) + DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $this->_get['typeid']); + } + else + { + $_SESSION['error']['co'] = Lang::main('intError'); + trigger_error('AjaxComment::handleCommentAdd - write to db failed', E_USER_ERROR); + } } + else + $_SESSION['error']['co'] = Lang::main('textLength', [mb_strlen($this->_post['commentbody']), self::COMMENT_LENGTH_MIN, self::COMMENT_LENGTH_MAX]); } + else + $_SESSION['error']['co'] = Lang::main('cannotComment'); $this->doRedirect = true; return '?'.Util::$typeStrings[$this->_get['type']].'='.$this->_get['typeid'].'#comments'; @@ -109,11 +127,20 @@ class AjaxComment extends AjaxHandler protected function handleCommentEdit() { - if ((!User::canComment() && !User::isInGroup(U_GROUP_MODERATOR)) || !$this->_get['id'] || !$this->_post['body']) + if (!User::canComment() && !User::isInGroup(U_GROUP_MODERATOR)) + { + trigger_error('AjaxComment::handleCommentEdit - user #'.User::$id.' not allowed to edit', E_USER_ERROR); return; + } + + if (!$this->_get['id'] || !$this->_post['body']) + { + trigger_error('AjaxComment::handleCommentEdit - malforemd request received', E_USER_ERROR); + return; + } if (mb_strlen($this->_post['body']) < self::COMMENT_LENGTH_MIN) - return; + return; // no point in reporting this trifle // trim to max length if (!User::isInGroup(U_GROUP_MODERATOR) && mb_strlen($this->_post['body']) > (self::COMMENT_LENGTH_MAX * (User::isPremium() ? 3 : 1))) @@ -138,7 +165,10 @@ class AjaxComment extends AjaxHandler protected function handleCommentDelete() { if (!$this->_post['id'] || !User::$id) + { + trigger_error('AjaxComment::handleCommentDelete - commentId empty or user not logged in', E_USER_ERROR); return; + } // in theory, there is a username passed alongside... lets just use the current user (see user.js) $ok = DB::Aowow()->query('UPDATE ?_comments SET flags = flags | ?d, deleteUserId = ?d, deleteDate = UNIX_TIMESTAMP() WHERE id IN (?a){ AND userId = ?d}', @@ -159,12 +189,20 @@ class AjaxComment extends AjaxHandler if (!$coInfo['hasMore'] && Util::$typeClasses[$coInfo['type']] && ($tbl = get_class_vars(Util::$typeClasses[$coInfo['type']])['dataTable'])) DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags & ~?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $coInfo['typeId']); } + else + { + trigger_error('AjaxComment::handleCommentDelete - user #'.User::$id.' could not flag comment #'.$this->_post['id'].' as deleted', E_USER_ERROR); + return; + } } protected function handleCommentUndelete() { if (!$this->_post['id'] || !User::$id) + { + trigger_error('AjaxComment::handleCommentUndelete - commentId empty or user not logged in', E_USER_ERROR); return; + } // in theory, there is a username passed alongside... lets just use the current user (see user.js) $ok = DB::Aowow()->query('UPDATE ?_comments SET flags = flags & ~?d WHERE id IN (?a){ AND userId = deleteUserId AND deleteUserId = ?d}', @@ -180,6 +218,11 @@ class AjaxComment extends AjaxHandler if (Util::$typeClasses[$coInfo['type']] && ($tbl = get_class_vars(Util::$typeClasses[$coInfo['type']])['dataTable'])) DB::Aowow()->query('UPDATE '.$tbl.' SET cuFlags = cuFlags | ?d WHERE id = ?d', CUSTOM_HAS_COMMENT, $coInfo['typeId']); } + else + { + trigger_error('AjaxComment::handleCommentUndelete - user #'.User::$id.' could not unflag comment #'.$this->_post['id'].' as deleted', E_USER_ERROR); + return; + } } protected function handleCommentRating() @@ -232,7 +275,10 @@ class AjaxComment extends AjaxHandler protected function handleCommentSticky() { if (!$this->_post['id'] || !User::isInGroup(U_GROUP_MODERATOR)) + { + trigger_error('AjaxComment::handleCommentSticky - commentId empty or user #'.User::$id.' not moderator', E_USER_ERROR); return; + } if ($this->_post['sticky']) DB::Aowow()->query('UPDATE ?_comments SET flags = flags | ?d WHERE id = ?d', CC_FLAG_STICKY, $this->_post['id'][0]); @@ -245,7 +291,10 @@ class AjaxComment extends AjaxHandler $this->contentType = 'text/plain'; if (!$this->_post['id']) - return 'The comment does not exist.'; + { + trigger_error('AjaxComment::handleCommentOutOfDate - commentId empty', E_USER_ERROR); + return Lang::main('intError'); + } $ok = false; if (User::isInGroup(U_GROUP_MODERATOR)) // directly mark as outdated @@ -256,16 +305,18 @@ class AjaxComment extends AjaxHandler $ok = DB::Aowow()->query('UPDATE ?_comments SET flags = flags & ~0x4 WHERE id = ?d', $this->_post['id'][0]); } else if (DB::Aowow()->selectCell('SELECT 1 FROM ?_reports WHERE `mode` = ?d AND `reason`= ?d AND `subject` = ?d AND `userId` = ?d', 1, 17, $this->_post['id'][0], User::$id)) - return 'You\'ve already reported this.'; // ct_resp_error7 + return Lang::main('alreadyReport'); else if (User::$id && !$this->_post['reason'] || mb_strlen($this->_post['reason']) < self::REPLY_LENGTH_MIN) - return 'Your message is too short.'; + return Lang::main('textTooShort'); else if (User::$id) // only report as outdated $ok = Util::createReport(1, 17, $this->_post['id'][0], '[Outdated Comment] '.$this->_post['reason']); if ($ok) // this one is very special; as in: completely retarded return 'ok'; // the script expects the actual characters 'ok' not some string like "ok" + else + trigger_error('AjaxComment::handleCommentOutOfDate - failed to update comment in db', E_USER_ERROR); - return Lang::main('genericError'); + return Lang::main('intError'); } protected function handleCommentShowReplies() @@ -278,19 +329,22 @@ class AjaxComment extends AjaxHandler $this->contentType = 'text/plain'; if (!User::canComment()) - return 'You are not allowed to reply.'; + return Lang::main('cannotComment'); - else if (!$this->_post['commentId'] || !DB::Aowow()->selectCell('SELECT 1 FROM ?_comments WHERE id = ?d', $this->_post['commentId'])) - return Lang::main('genericError'); + if (!$this->_post['commentId'] || !DB::Aowow()->selectCell('SELECT 1 FROM ?_comments WHERE id = ?d', $this->_post['commentId'])) + { + trigger_error('AjaxComment::handleReplyAdd - comment #'.$this->_post['commentId'].' does not exist', E_USER_ERROR); + return Lang::main('intError'); + } - else if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX) - return 'Your reply has '.mb_strlen($this->_post['body']).' characters and must have at least '.self::REPLY_LENGTH_MIN.' and at most '.self::REPLY_LENGTH_MAX.'.'; + if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX) + return Lang::main('textLength', [mb_strlen($this->_post['body']), self::REPLY_LENGTH_MIN, self::REPLY_LENGTH_MAX]); - else if (DB::Aowow()->query('INSERT INTO ?_comments (`userId`, `roles`, `body`, `date`, `replyTo`) VALUES (?d, ?d, ?, UNIX_TIMESTAMP(), ?d)', User::$id, User::$groups, $this->_post['body'], $this->_post['commentId'])) + if (DB::Aowow()->query('INSERT INTO ?_comments (`userId`, `roles`, `body`, `date`, `replyTo`) VALUES (?d, ?d, ?, UNIX_TIMESTAMP(), ?d)', User::$id, User::$groups, $this->_post['body'], $this->_post['commentId'])) return Util::toJSON(CommunityContent::getCommentReplies($this->_post['commentId'])); - else - return Lang::main('genericError'); + trigger_error('AjaxComment::handleReplyAdd - write to db failed', E_USER_ERROR); + return Lang::main('intError'); } protected function handleReplyEdit() @@ -298,25 +352,32 @@ class AjaxComment extends AjaxHandler $this->contentType = 'text/plain'; if (!User::canComment()) - return 'You are not allowed to reply.'; + return Lang::main('cannotComment'); - else if (!$this->_post['replyId'] || !$this->_post['commentId']) - return Lang::main('genericError'); + if ((!$this->_post['replyId'] || !$this->_post['commentId']) && DB::Aowow()->selectCell('SELECT COUNT(1) FROM ?_comments WHERE id IN (?a)', [$this->_post['replyId'], $this->_post['commentId']])) + { + trigger_error('AjaxComment::handleReplyEdit - comment #'.$this->_post['commentId'].' or reply #'.$this->_post['replyId'].' does not exist', E_USER_ERROR); + return Lang::main('intError'); + } - else if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX) - return 'Your reply has '.mb_strlen($this->_post['body']).' characters and must have at least '.self::REPLY_LENGTH_MIN.' and at most '.self::REPLY_LENGTH_MAX.'.'; + if (!$this->_post['body'] || mb_strlen($this->_post['body']) < self::REPLY_LENGTH_MIN || mb_strlen($this->_post['body']) > self::REPLY_LENGTH_MAX) + return Lang::main('textLength', [mb_strlen($this->_post['body']), self::REPLY_LENGTH_MIN, self::REPLY_LENGTH_MAX]); if (DB::Aowow()->query('UPDATE ?_comments SET body = ?, editUserId = ?d, editDate = UNIX_TIMESTAMP(), editCount = editCount + 1 WHERE id = ?d AND replyTo = ?d{ AND userId = ?d}', $this->_post['body'], User::$id, $this->_post['replyId'], $this->_post['commentId'], User::isInGroup(U_GROUP_MODERATOR) ? DBSIMPLE_SKIP : User::$id)) return Util::toJSON(CommunityContent::getCommentReplies($this->_post['commentId'])); - else - return Lang::main('genericError'); + + trigger_error('AjaxComment::handleReplyEdit - write to db failed', E_USER_ERROR); + return Lang::main('intError'); } protected function handleReplyDetach() { - if (!User::isInGroup(U_GROUP_MODERATOR) || !$this->_post['id']) + if (!$this->_post['id'] || !User::isInGroup(U_GROUP_MODERATOR)) + { + trigger_error('AjaxComment::handleReplyDetach - commentId empty or user #'.User::$id.' not moderator', E_USER_ERROR); return; + } DB::Aowow()->query('UPDATE ?_comments c1, ?_comments c2 SET c1.replyTo = 0, c1.type = c2.type, c1.typeId = c2.typeId WHERE c1.replyTo = c2.id AND c1.id = ?d', $this->_post['id'][0]); } @@ -324,16 +385,24 @@ class AjaxComment extends AjaxHandler protected function handleReplyDelete() { if (!User::$id || !$this->_post['id']) + { + trigger_error('AjaxComment::handleReplyDelete - commentId empty or user not logged in', E_USER_ERROR); return; + } if (DB::Aowow()->query('DELETE FROM ?_comments WHERE id = ?d{ AND userId = ?d}', $this->_post['id'][0], User::isInGroup(U_GROUP_MODERATOR) ? DBSIMPLE_SKIP : User::$id)) DB::Aowow()->query('DELETE FROM ?_comments_rates WHERE commentId = ?d', $this->_post['id'][0]); + else + trigger_error('AjaxComment::handleReplyDelete - deleting comment #'.$this->_post['id'][0].' by user #'.User::$id.' from db failed', E_USER_ERROR); } protected function handleReplyFlag() { if (!User::$id || !$this->_post['id']) + { + trigger_error('AjaxComment::handleReplyFlag - commentId empty or user not logged in', E_USER_ERROR); return; + } Util::createReport(1, 19, $this->_post['id'][0], '[General Reply Report]'); } @@ -341,11 +410,17 @@ class AjaxComment extends AjaxHandler protected function handleReplyUpvote() { if (!$this->_post['id'] || !User::canUpvote()) + { + trigger_error('AjaxComment::handleReplyUpvote - commentId empty or user not allowed to vote', E_USER_ERROR); return; + } $owner = DB::Aowow()->selectCell('SELECT userId FROM ?_comments WHERE id = ?d', $this->_post['id'][0]); if (!$owner) + { + trigger_error('AjaxComment::handleReplyUpvote - comment #'.$this->_post['id'][0].' not found in db', E_USER_ERROR); return; + } $ok = DB::Aowow()->query( 'INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, ?d, ?d)', @@ -359,16 +434,24 @@ class AjaxComment extends AjaxHandler Util::gainSiteReputation($owner, SITEREP_ACTION_UPVOTED, ['id' => $this->_post['id'][0], 'voterId' => User::$id]); User::decrementDailyVotes(); } + else + trigger_error('AjaxComment::handleReplyUpvote - write to db failed', E_USER_ERROR); } protected function handleReplyDownvote() { if (!$this->_post['id'] || !User::canDownvote()) + { + trigger_error('AjaxComment::handleReplyDownvote - commentId empty or user not allowed to vote', E_USER_ERROR); return; + } $owner = DB::Aowow()->selectCell('SELECT userId FROM ?_comments WHERE id = ?d', $this->_post['id'][0]); if (!$owner) + { + trigger_error('AjaxComment::handleReplyDownvote - comment #'.$this->_post['id'][0].' not found in db', E_USER_ERROR); return; + } $ok = DB::Aowow()->query( 'INSERT INTO ?_comments_rates (commentId, userId, value) VALUES (?d, ?d, ?d)', @@ -382,6 +465,8 @@ class AjaxComment extends AjaxHandler Util::gainSiteReputation($owner, SITEREP_ACTION_DOWNVOTED, ['id' => $this->_post['id'][0], 'voterId' => User::$id]); User::decrementDailyVotes(); } + else + trigger_error('AjaxComment::handleReplyDownvote - write to db failed', E_USER_ERROR); } protected function checkId($val) diff --git a/includes/ajaxHandler/contactus.class.php b/includes/ajaxHandler/contactus.class.php index 2da7fd57..5319f52e 100644 --- a/includes/ajaxHandler/contactus.class.php +++ b/includes/ajaxHandler/contactus.class.php @@ -54,10 +54,16 @@ class AjaxContactus extends AjaxHandler ); if ($mode === null || $rsn === null || $ua === null || $app === null || $url === null) - return 'required field missing'; + { + trigger_error('AjaxContactus::handleContactUs - malformed contact request received', E_USER_ERROR); + return Lang::main('intError'); + } if (!isset($contexts[$mode]) || !in_array($rsn, $contexts[$mode])) - return 'mode invalid'; + { + trigger_error('AjaxContactus::handleContactUs - report has invalid context (mode:'.$mode.' / reason:'.$rsn.')', E_USER_ERROR); + return Lang::main('intError'); + } if (!$desc) return 3; @@ -66,7 +72,10 @@ class AjaxContactus extends AjaxHandler return 2; if (!User::$id && !User::$ip) - return 'your ip could not be determined'; + { + trigger_error('AjaxContactus::handleContactUs - could not determine IP for anonymous user', E_USER_ERROR); + return Lang::main('intError'); + } // check already reported $field = User::$id ? 'userId' : 'ip'; @@ -76,6 +85,7 @@ class AjaxContactus extends AjaxHandler if (Util::createReport($mode, $rsn, $subj, $desc, $ua, $app, $url, $this->_post['relatedurl'], $this->_post['email'])) return 0; - return 'save to db unsuccessful'; + trigger_error('AjaxContactus::handleContactUs - write to db failed', E_USER_ERROR); + return Lang::main('intError'); } -} \ No newline at end of file +} diff --git a/includes/ajaxHandler/cookie.class.php b/includes/ajaxHandler/cookie.class.php index a1ac8b81..da2f2b47 100644 --- a/includes/ajaxHandler/cookie.class.php +++ b/includes/ajaxHandler/cookie.class.php @@ -29,9 +29,15 @@ class AjaxCookie extends AjaxHandler protected function handleCookie() { if (User::$id && $this->params && $this->_get[$this->params[0]]) + { if (DB::Aowow()->query('REPLACE INTO ?_account_cookies VALUES (?d, ?, ?)', User::$id, $this->params[0], $this->_get[$this->params[0]])) return 0; + else + trigger_error('AjaxCookie::handleCookie - write to db failed', E_USER_ERROR); + } + else + trigger_error('AjaxCookie::handleCookie - malformed request received', E_USER_ERROR); return null; } -} \ No newline at end of file +} diff --git a/includes/ajaxHandler/data.class.php b/includes/ajaxHandler/data.class.php index cd1c666d..fa008e40 100644 --- a/includes/ajaxHandler/data.class.php +++ b/includes/ajaxHandler/data.class.php @@ -36,9 +36,11 @@ class AjaxData extends AjaxHandler foreach ($this->params as $set) { // requires valid token to hinder automated access - if ($set != 'item-scaling') - if (!$this->_get['t'] || empty($_SESSION['dataKey']) || $this->_get['t'] != $_SESSION['dataKey']) - continue; + if ($set != 'item-scaling' && (!$this->_get['t'] || empty($_SESSION['dataKey']) || $this->_get['t'] != $_SESSION['dataKey'])) + { + trigger_error('AjaxData::handleData - session data key empty or expired', E_USER_ERROR); + continue; + } switch ($set) { @@ -107,6 +109,7 @@ class AjaxData extends AjaxHandler $result .= "\n\n"; break; default: + trigger_error('AjaxData::handleData - invalid file "'.$set.'" in request', E_USER_ERROR); break; } } diff --git a/includes/ajaxHandler/gotocomment.class.php b/includes/ajaxHandler/gotocomment.class.php index b5e1a02e..9baf2ebf 100644 --- a/includes/ajaxHandler/gotocomment.class.php +++ b/includes/ajaxHandler/gotocomment.class.php @@ -29,7 +29,9 @@ class AjaxGotocomment extends AjaxHandler if ($_ = DB::Aowow()->selectRow('SELECT IFNULL(c2.id, c1.id) AS id, IFNULL(c2.type, c1.type) AS type, IFNULL(c2.typeId, c1.typeId) AS typeId FROM ?_comments c1 LEFT JOIN ?_comments c2 ON c1.replyTo = c2.id WHERE c1.id = ?d', $this->_get['id'])) return '?'.Util::$typeStrings[$_['type']].'='.$_['typeId'].'#comments:id='.$_['id'].($_['id'] != $this->_get['id'] ? ':reply='.$this->_get['id'] : null); else - exit; + trigger_error('AjaxGotocomment::handleGoToComment - could not find comment #'.$this->get['id'], E_USER_ERROR); + + exit; } } diff --git a/includes/ajaxHandler/profile.class.php b/includes/ajaxHandler/profile.class.php index 04e65a1d..b703e5dd 100644 --- a/includes/ajaxHandler/profile.class.php +++ b/includes/ajaxHandler/profile.class.php @@ -102,20 +102,36 @@ class AjaxProfile extends AjaxHandler protected function handleLink() // links char with account { if (!User::$id || empty($this->_get['id'])) + { + trigger_error('AjaxProfile::handleLink - profileId empty or user not logged in', E_USER_ERROR); return; + } $uid = User::$id; if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU)) - $uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']); - else if ($this->_get['user']) - return; + { + if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']))) + { + trigger_error('AjaxProfile::handleLink - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR); + return; + } + } if ($this->undo) DB::Aowow()->query('DELETE FROM ?_account_profiles WHERE accountId = ?d AND profileId IN (?a)', $uid, $this->_get['id']); else + { foreach ($this->_get['id'] as $prId) // only link characters, not custom profiles + { if ($prId = DB::Aowow()->selectCell('SELECT id FROM ?_profiler_profiles WHERE id = ?d AND realm IS NOT NULL', $prId)) DB::Aowow()->query('INSERT IGNORE INTO ?_account_profiles VALUES (?d, ?d, 0)', $uid, $prId); + else + { + trigger_error('AjaxProfile::handleLink - profile #'.$prId.' is custom or does not exist', E_USER_ERROR); + return; + } + } + } } /* params @@ -126,17 +142,24 @@ class AjaxProfile extends AjaxHandler protected function handlePin() // (un)favorite { if (!User::$id || empty($this->_get['id'][0])) + { + trigger_error('AjaxProfile::handlePin - profileId empty or user not logged in', E_USER_ERROR); return; + } $uid = User::$id; if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU)) - $uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']); - else if ($this->_get['user']) - return; + { + if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']))) + { + trigger_error('AjaxProfile::handlePin - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR); + return; + } + } // since only one character can be pinned at a time we can reset everything DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags & ?d WHERE accountId = ?d', ~PROFILER_CU_PINNED, $uid); - // and set a single char if nesecary + // and set a single char if necessary if (!$this->undo) DB::Aowow()->query('UPDATE ?_account_profiles SET extraFlags = extraFlags | ?d WHERE profileId = ?d AND accountId = ?d', PROFILER_CU_PINNED, $this->_get['id'][0], $uid); } @@ -149,13 +172,20 @@ class AjaxProfile extends AjaxHandler protected function handlePrivacy() // public visibility { if (!User::$id || empty($this->_get['id'][0])) + { + trigger_error('AjaxProfile::handlePrivacy - profileId empty or user not logged in', E_USER_ERROR); return; + } $uid = User::$id; if ($this->_get['user'] && User::isInGroup(U_GROUP_ADMIN | U_GROUP_BUREAU)) - $uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']); - else if ($this->_get['user']) - return; + { + if (!($uid = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE user = ?', $this->_get['user']))) + { + trigger_error('AjaxProfile::handlePrivacy - user "'.$this->_get['user'].'" does not exist', E_USER_ERROR); + return; + } + } if ($this->undo) { @@ -182,7 +212,10 @@ class AjaxProfile extends AjaxHandler $s = $this->_get['size'] ?: 'medium'; if (!$this->_get['id'] || !preg_match('/^([0-9]+)\.(jpg|gif)$/', $this->_get['id'][0], $matches) || !in_array($s, array_keys($sizes))) + { + trigger_error('AjaxProfile::handleAvatar - malformed request received', E_USER_ERROR); return; + } $this->contentType = 'image/'.$matches[2]; @@ -206,6 +239,8 @@ class AjaxProfile extends AjaxHandler $src = imageCreateFromJpeg(printf($aPath, $id)); imagecopymerge($dest, $src, 0, 0, $offsetX, $offsetY, $sizes[$s], $sizes[$s], 100); } + else + trigger_error('AjaxProfile::handleAvatar - avatar file #'.$id.' not found', E_USER_ERROR); if ($matches[2] == 'gif') imageGif($dest); @@ -223,8 +258,12 @@ class AjaxProfile extends AjaxHandler protected function handleResync() { if ($chars = DB::Aowow()->select('SELECT realm, realmGUID FROM ?_profiler_profiles WHERE id IN (?a)', $this->_get['id'])) + { foreach ($chars as $c) Profiler::scheduleResync(TYPE_PROFILE, $c['realm'], $c['realmGUID']); + } + else + trigger_error('AjaxProfile::handleResync - profiles '.implode(', ', $this->_get['id']).' not found in db', E_USER_ERROR); return '1'; } @@ -262,6 +301,12 @@ class AjaxProfile extends AjaxHandler else $ids = $this->_get['id']; + if (!$ids) + { + trigger_error('AjaxProfile::handleStatus - no profileIds to resync'.($this->_get['guild'] ? ' for guild #'.$this->_get['guild'] : ($this->_get['arena-team'] ? ' for areana team #'.$this->_get['arena-team'] : '')), E_USER_ERROR); + return Util::toJSON([1, [PR_QUEUE_STATUS_ERROR, 0, 0, PR_QUEUE_ERROR_CHAR]]); + } + $response = Profiler::resyncStatus(TYPE_PROFILE, $ids); return Util::toJSON($response); } @@ -407,8 +452,11 @@ class AjaxProfile extends AjaxHandler */ protected function handleDelete() // kill a profile { - if (!$this->_get['id']) + if (!User::$id || !$this->_get['id']) + { + trigger_error('AjaxProfile::handleDelete - profileId empty or user not logged in', E_USER_ERROR); return; + } // only flag as deleted; only custom profiles DB::Aowow()->query( @@ -434,12 +482,15 @@ class AjaxProfile extends AjaxHandler // everything else goes through data.php .. strangely enough if (!$this->_get['id']) + { + trigger_error('AjaxProfile::handleLoad - profileId empty', E_USER_ERROR); return; + } $pBase = DB::Aowow()->selectRow('SELECT pg.name AS guildname, p.* FROM ?_profiler_profiles p LEFT JOIN ?_profiler_guild pg ON pg.id = p.guild WHERE p.id = ?d', $this->_get['id'][0]); if (!$pBase) { - trigger_error('Profiler::handleLoad() - called with invalid profileId #'.$this->_get['id'][0], E_USER_WARNING); + trigger_error('Profiler::handleLoad - called with invalid profileId #'.$this->_get['id'][0], E_USER_WARNING); return; } diff --git a/includes/utilities.php b/includes/utilities.php index bfcef81e..82797231 100644 --- a/includes/utilities.php +++ b/includes/utilities.php @@ -1427,7 +1427,7 @@ class Util 'createDate' => time(), 'mode' => $mode, 'reason' => $reason, - 'subject' => $subject, + 'subject' => $subject ?: 0, // not set for utility, tools and misc pages 'ip' => User::$ip, 'description' => $desc, 'userAgent' => $userAgent ?: $_SERVER['HTTP_USER_AGENT'], diff --git a/localization/locale_dede.php b/localization/locale_dede.php index 60e73e44..4a60e2c7 100644 --- a/localization/locale_dede.php +++ b/localization/locale_dede.php @@ -129,6 +129,10 @@ $lang = array( 'genericError' => "Ein Fehler trat auf; aktualisiert die Seite und versucht es nochmal. Wenn der Fehler bestehen bleibt, bitte meldet es bei feedback", # LANG.genericerror 'bannedRating' => "Ihr wurdet davon gesperrt, Kommentare zu bewerten.", # LANG.tooltip_banned_rating 'tooManyVotes' => "Ihr habt die tägliche Grenze für erlaubte Bewertungen erreicht. Kommt morgen mal wieder!", # LANG.tooltip_too_many_votes + 'alreadyReport' => "Ihr habt dies bereits gemeldet.", # LANG.ct_resp_error7 + 'textTooShort' => "Eure Nachricht ist zu kurz.", + 'cannotComment' => "Ihr wurdet davon gesperrt, Kommentare zu verfassen.", + 'textLength' => "Euer Kommentar ist %d Zeichen lang und muss mindestens %d Zeichen und höchstens %d Zeichen lang sein.", 'moreTitles' => array( 'reputation' => "Benutzerruf", diff --git a/localization/locale_enus.php b/localization/locale_enus.php index 1cf74a13..a4ccad2b 100644 --- a/localization/locale_enus.php +++ b/localization/locale_enus.php @@ -129,6 +129,10 @@ $lang = array( 'genericError' => "An error has occurred; refresh the page and try again. If the error persists email feedback", # LANG.genericerror 'bannedRating' => "You have been banned from rating comments.", # LANG.tooltip_banned_rating 'tooManyVotes' => "You have reached the daily voting cap. Come back tomorrow!", # LANG.tooltip_too_many_votes + 'alreadyReport' => "You've already reported this.", # LANG.ct_resp_error7 + 'textTooShort' => "Your message is too short.", + 'cannotComment' => "You have been banned from writing comments.", + 'textLength' => "Your comment has %d characters and must have at least %d and at most %d characters.", 'moreTitles' => array( 'reputation' => "Website Reputation", diff --git a/localization/locale_eses.php b/localization/locale_eses.php index b1462167..9dfd8ff5 100644 --- a/localization/locale_eses.php +++ b/localization/locale_eses.php @@ -129,6 +129,10 @@ $lang = array( 'genericError' => "Ha ocurrido un error; refresca la página e inténtalo de nuevo. Si el error persiste manda un correo a feedback", # LANG.genericerror 'bannedRating' => "Has sido baneado y no podrás valorar comentarios.", # LANG.tooltip_banned_rating 'tooManyVotes' => "Has alcanzado el límite diario de votos. Vuelve mañana.", # LANG.tooltip_too_many_votes + 'alreadyReport' => "Ya has reportado esto.", # LANG.ct_resp_error7 + 'textTooShort' => "[Your message is too short.]", + 'cannotComment' => "[You have been banned from writing comments.]", + 'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]", 'moreTitles' => array( 'reputation' => "Reputación de la web", diff --git a/localization/locale_frfr.php b/localization/locale_frfr.php index cfb523cd..39bef899 100644 --- a/localization/locale_frfr.php +++ b/localization/locale_frfr.php @@ -129,6 +129,10 @@ $lang = array( 'genericError' => "Une erreur est survenue; Actualisez la page et essayez à nouveau. Si l'erreur persiste, envoyez un email à feedback", # LANG.genericerror 'bannedRating' => "Vous avez été banni du score des commentaires.", # LANG.tooltip_banned_rating 'tooManyVotes' => "Vous avez voté trop souvent aujourd'hui! Revenez demain.", # LANG.tooltip_too_many_votes + 'alreadyReport' => "Vous avez déjà rapporté ceci.", # LANG.ct_resp_error7 + 'textTooShort' => "[Your message is too short.]", + 'cannotComment' => "[You have been banned from writing comments.]", + 'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]", 'moreTitles' => array( 'reputation' => "Réputation du site", diff --git a/localization/locale_ruru.php b/localization/locale_ruru.php index b5ea76b1..673c0ca0 100644 --- a/localization/locale_ruru.php +++ b/localization/locale_ruru.php @@ -129,6 +129,10 @@ $lang = array( 'genericError' => "Произошла ошибка; обновите страницу и попробуйте снова. Если ситуация повторяется, отправьте сообщение на feedback", # LANG.genericerror 'bannedRating' => "Вам была заблокирована возможность оценивать комментарии.", # LANG.tooltip_banned_rating 'tooManyVotes' => "Вы сегодня проголосовали слишком много раз! Вы сможете продолжить завтра.", # LANG.tooltip_too_many_votes + 'alreadyReport' => "Вы уже подали на это жалобу.", # LANG.ct_resp_error7 + 'textTooShort' => "[Your message is too short.]", + 'cannotComment' => "[You have been banned from writing comments.]", + 'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]", 'moreTitles' => array( 'reputation' => "Репутация на сайте", diff --git a/localization/locale_zhcn.php b/localization/locale_zhcn.php index 7240bb6e..3b7ece13 100644 --- a/localization/locale_zhcn.php +++ b/localization/locale_zhcn.php @@ -130,6 +130,10 @@ $lang = array( 'genericError' => "发生错误,请刷新页面再试一次。如果错误持续存在,请联系反馈。", # LANG.genericerror 'bannedRating' => "你评级评论的权力已被冻结。", # LANG.tooltip_banned_rating 'tooManyVotes' => "你已经达到每日投票上限。请明天再来!", # LANG.tooltip_too_many_votes + 'alreadyReport' => "您已报告。", # LANG.ct_resp_error7 + 'textTooShort' => "[Your message is too short.]", + 'cannotComment' => "[You have been banned from writing comments.]", + 'textLength' => "[Your comment has %d characters and must have at least %d and at most %d characters.]", 'moreTitles' => array( 'reputation' => "网站声望", diff --git a/template/localized/contrib_0.tpl.php b/template/localized/contrib_0.tpl.php index 45e05530..16006935 100644 --- a/template/localized/contrib_0.tpl.php +++ b/template/localized/contrib_0.tpl.php @@ -7,6 +7,8 @@
  • You might want to proof-read your comments before posting them.
    • coError ? '
    '.$this->coError."
    \n
    \n" : ''; + if (User::canComment()): ?>
    diff --git a/template/localized/contrib_2.tpl.php b/template/localized/contrib_2.tpl.php index 51655aaa..e297342a 100644 --- a/template/localized/contrib_2.tpl.php +++ b/template/localized/contrib_2.tpl.php @@ -7,6 +7,8 @@
  • Il serait avisé de corriger vos fautes avant de soumettre vos commentaires.
    • coError ? '
    '.$this->coError."
    \n
    \n" : ''; + if (User::canComment()): ?> diff --git a/template/localized/contrib_3.tpl.php b/template/localized/contrib_3.tpl.php index fcff50d8..975fc59e 100644 --- a/template/localized/contrib_3.tpl.php +++ b/template/localized/contrib_3.tpl.php @@ -7,6 +7,8 @@
  • Stellt Eure Fragen bitte in unseren Foren, wenn Ihr eine schnellere Antwort wünscht.
    • coError ? '
    '.$this->coError."
    \n
    \n" : ''; + if (User::canComment()): ?> diff --git a/template/localized/contrib_4.tpl.php b/template/localized/contrib_4.tpl.php index ae39d44d..e2baf939 100644 --- a/template/localized/contrib_4.tpl.php +++ b/template/localized/contrib_4.tpl.php @@ -7,6 +7,8 @@
  • 你在发表前最好先预览下你的评论。
    • coError ? '
    '.$this->coError."
    \n
    \n" : ''; + if (User::canComment()): ?> diff --git a/template/localized/contrib_6.tpl.php b/template/localized/contrib_6.tpl.php index 313bba38..b19e8edb 100644 --- a/template/localized/contrib_6.tpl.php +++ b/template/localized/contrib_6.tpl.php @@ -7,6 +7,8 @@
  • Deberías corregir tus comentarios antes de enviarlos.
    • coError ? '
    '.$this->coError."
    \n
    \n" : ''; + if (User::canComment()): ?> diff --git a/template/localized/contrib_8.tpl.php b/template/localized/contrib_8.tpl.php index ae9e0ef4..e5b38118 100644 --- a/template/localized/contrib_8.tpl.php +++ b/template/localized/contrib_8.tpl.php @@ -7,6 +7,8 @@
  • У вас может возникнуть желание проверить написание своего комментария перед тем, как поместить его на сайт.
    • coError ? '
    '.$this->coError."
    \n
    \n" : ''; + if (User::canComment()): ?>