0
|
1 |
<?php
|
|
2 |
|
|
3 |
$plugins->attachHook('session_started', 'ajim_page_init();');
|
|
4 |
|
|
5 |
function ajim_page_init()
|
|
6 |
{
|
|
7 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
8 |
|
|
9 |
$paths->add_page(array(
|
|
10 |
'name' => 'AjIM JSON handler',
|
|
11 |
'urlname' => 'AjimJson',
|
|
12 |
'namespace' => 'Special',
|
|
13 |
'visible' => 0,
|
|
14 |
'special' => 1,
|
|
15 |
'comments_on' => 0,
|
|
16 |
'protected' => 0
|
|
17 |
));
|
|
18 |
}
|
|
19 |
|
|
20 |
function page_Special_AjimJson()
|
|
21 |
{
|
|
22 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
23 |
global $lang;
|
|
24 |
|
|
25 |
header('Content-type: text/javascript');
|
|
26 |
if ( !isset($_GET['r']) && !isset($_POST['r']) )
|
|
27 |
{
|
|
28 |
return print enano_json_encode(array(
|
|
29 |
'mode' => 'error',
|
|
30 |
'error' => 'No request specified.'
|
|
31 |
));
|
|
32 |
}
|
|
33 |
$request = enano_json_decode($_REQUEST['r']);
|
|
34 |
if ( !isset($request['mode']) )
|
|
35 |
{
|
|
36 |
return print enano_json_encode(array(
|
|
37 |
'mode' => 'error',
|
|
38 |
'error' => 'No mode specified.'
|
|
39 |
));
|
|
40 |
}
|
|
41 |
switch($request['mode'])
|
|
42 |
{
|
|
43 |
case 'watch':
|
|
44 |
@set_time_limit(0);
|
|
45 |
$time = ( !empty($request['lastrefresh']) ) ? intval($request['lastrefresh']) : 0;
|
|
46 |
$end = microtime_float() + 59;
|
|
47 |
// run cron-ish stuff
|
|
48 |
if ( intval(getConfig('ajim_last_cleanout', 0)) + 86400 < time() )
|
|
49 |
{
|
|
50 |
$q = $db->sql_query('SELECT COUNT(message_id) FROM ' . table_prefix . "ajim2;");
|
|
51 |
if ( !$q )
|
|
52 |
$db->die_json();
|
|
53 |
|
|
54 |
list($count) = $db->fetchrow_num();
|
|
55 |
$db->free_result();
|
|
56 |
if ( intval($count) > 50 )
|
|
57 |
{
|
|
58 |
// if there are more than 50 messages in the database, clean it out
|
|
59 |
$limit = $count - 15;
|
|
60 |
$q = $db->sql_query('DELETE FROM ' . table_prefix . "ajim2 ORDER BY message_time ASC LIMIT $limit;");
|
|
61 |
if ( !$q )
|
|
62 |
$db->die_json();
|
|
63 |
}
|
|
64 |
|
|
65 |
setConfig('ajim_last_cleanout', time());
|
|
66 |
}
|
|
67 |
|
|
68 |
while ( microtime_float() < $end )
|
|
69 |
{
|
|
70 |
$q = $db->sql_query('SELECT * FROM ' . table_prefix . "ajim2 WHERE message_time >= $time OR message_update_time >= $time ORDER BY message_time DESC LIMIT 30;");
|
|
71 |
if ( !$q )
|
|
72 |
$db->die_json();
|
|
73 |
if ( $db->numrows() > 0 || $time == 0 )
|
|
74 |
break;
|
|
75 |
$db->free_result();
|
|
76 |
usleep(500000); // 0.5s
|
|
77 |
}
|
|
78 |
if ( $q )
|
|
79 |
{
|
|
80 |
$messages = array();
|
|
81 |
while ( $row = $db->fetchrow() )
|
|
82 |
{
|
|
83 |
$row['rank_info'] = $session->get_user_rank($row['user_id']);
|
|
84 |
$row['message_html'] = RenderMan::render($row['message']);
|
|
85 |
$row['human_time'] = enano_date('n/j, g:ia', $row['message_time']);
|
|
86 |
$messages[] = $row;
|
|
87 |
}
|
|
88 |
$response = array(
|
|
89 |
'mode' => 'messages',
|
|
90 |
'now' => time(),
|
|
91 |
'messages' => $messages
|
|
92 |
);
|
|
93 |
return print enano_json_encode($response);
|
|
94 |
}
|
|
95 |
else
|
|
96 |
{
|
|
97 |
return print enano_json_encode(array(
|
|
98 |
'mode' => 'messages',
|
|
99 |
'now' => time(),
|
|
100 |
'messages' => array()
|
|
101 |
));
|
|
102 |
}
|
|
103 |
break;
|
|
104 |
case 'submit':
|
|
105 |
if ( !$session->get_permissions('ajim_post') )
|
|
106 |
{
|
|
107 |
return print enano_json_encode(array(
|
|
108 |
'mode' => 'error',
|
|
109 |
'error' => $lang->get('ajim_err_post_denied')
|
|
110 |
));
|
|
111 |
}
|
|
112 |
$name = $session->user_logged_in ? $session->username : $request['user'];
|
|
113 |
$content = trim($request['message']);
|
|
114 |
if ( empty($content) )
|
|
115 |
{
|
|
116 |
return print enano_json_encode(array(
|
|
117 |
'mode' => 'error',
|
|
118 |
'error' => $lang->get('ajim_err_no_post')
|
|
119 |
));
|
|
120 |
}
|
|
121 |
|
|
122 |
$now = time();
|
|
123 |
$content_db = $db->escape($content);
|
|
124 |
$name_db = $db->escape($name);
|
|
125 |
|
|
126 |
$sql = 'INSERT INTO ' . table_prefix . "ajim2(user_id, username, message, message_time, message_update_time) VALUES\n"
|
|
127 |
. " ({$session->user_id}, '$name_db', '$content_db', $now, $now);";
|
|
128 |
if ( !$db->sql_query($sql) )
|
|
129 |
$db->die_json();
|
|
130 |
|
|
131 |
// workaround for no insert_id() on postgresql
|
|
132 |
$q = $db->sql_query('SELECT message_id FROM ' . table_prefix . "ajim2 WHERE username = '$name_db' AND message = '$content_db' AND message_time = $now ORDER BY message_id DESC LIMIT 1;");
|
|
133 |
if ( !$q )
|
|
134 |
$db->die_json();
|
|
135 |
|
|
136 |
list($message_id) = $db->fetchrow_num();
|
|
137 |
$db->free_result();
|
|
138 |
|
|
139 |
return print enano_json_encode(array(
|
|
140 |
'mode' => 'messages',
|
|
141 |
'messages' => array(array(
|
|
142 |
'rank_info' => $session->get_user_rank($session->user_id),
|
|
143 |
'human_time' => enano_date('n/j, g:ia'),
|
|
144 |
'message' => $content,
|
|
145 |
'username' => $name,
|
|
146 |
'user_id' => $session->user_id,
|
|
147 |
'message_time' => time(),
|
|
148 |
'message_update_time' => time(),
|
|
149 |
'message_id' => $message_id,
|
|
150 |
'message_html' => RenderMan::render($content)
|
|
151 |
))
|
|
152 |
));
|
|
153 |
break;
|
|
154 |
case 'delete':
|
|
155 |
if ( empty($request['message_id']) )
|
|
156 |
{
|
|
157 |
return print enano_json_encode(array(
|
|
158 |
'mode' => 'error',
|
|
159 |
'error' => 'No message_id specified.'
|
|
160 |
));
|
|
161 |
}
|
|
162 |
|
|
163 |
$message_id = intval($request['message_id']);
|
|
164 |
|
|
165 |
if ( ( !$session->get_permissions('ajim_mod') || $session->auth_level < USER_LEVEL_CHPREF ) )
|
|
166 |
{
|
|
167 |
// we don't have permission according to ACLs, but try to see if we can edit our
|
|
168 |
// own posts. if so, we can allow this to continue.
|
|
169 |
$perm_override = false;
|
|
170 |
if ( $session->get_permissions('ajim_edit') && $session->user_logged_in )
|
|
171 |
{
|
|
172 |
$q = $db->sql_query('SELECT user_id FROM ' . table_prefix . "ajim2 WHERE message_id = $message_id;");
|
|
173 |
if ( !$q )
|
|
174 |
$db->die_json();
|
|
175 |
|
|
176 |
list($user_id) = $db->fetchrow_num();
|
|
177 |
$db->free_result();
|
|
178 |
if ( $user_id === $session->user_id )
|
|
179 |
{
|
|
180 |
$perm_override = true;
|
|
181 |
}
|
|
182 |
}
|
|
183 |
if ( !$perm_override )
|
|
184 |
{
|
|
185 |
return print enano_json_encode(array(
|
|
186 |
'mode' => 'error',
|
|
187 |
'error' => $lang->get('ajim_err_access_denied')
|
|
188 |
));
|
|
189 |
}
|
|
190 |
}
|
|
191 |
|
|
192 |
$now = time();
|
|
193 |
$q = $db->sql_query('UPDATE ' . table_prefix . "ajim2 SET message = '', message_update_time = $now WHERE message_id = $message_id;");
|
|
194 |
if ( !$q )
|
|
195 |
$db->die_json();
|
|
196 |
|
|
197 |
return print enano_json_encode(array(
|
|
198 |
'mode' => 'delete',
|
|
199 |
'message_id' => $message_id
|
|
200 |
));
|
|
201 |
break;
|
|
202 |
case 'update':
|
|
203 |
if ( empty($request['message_id']) )
|
|
204 |
{
|
|
205 |
return print enano_json_encode(array(
|
|
206 |
'mode' => 'error',
|
|
207 |
'error' => 'No message_id specified.'
|
|
208 |
));
|
|
209 |
}
|
|
210 |
|
|
211 |
$message_id = intval($request['message_id']);
|
|
212 |
|
|
213 |
if ( ( !$session->get_permissions('ajim_mod') || $session->auth_level < USER_LEVEL_CHPREF ) )
|
|
214 |
{
|
|
215 |
// we don't have permission according to ACLs, but try to see if we can edit our
|
|
216 |
// own posts. if so, we can allow this to continue.
|
|
217 |
$perm_override = false;
|
|
218 |
if ( $session->get_permissions('ajim_edit') && $session->user_logged_in )
|
|
219 |
{
|
|
220 |
$q = $db->sql_query('SELECT user_id FROM ' . table_prefix . "ajim2 WHERE message_id = $message_id;");
|
|
221 |
if ( !$q )
|
|
222 |
$db->die_json();
|
|
223 |
|
|
224 |
list($user_id) = $db->fetchrow_num();
|
|
225 |
$db->free_result();
|
|
226 |
if ( $user_id === $session->user_id )
|
|
227 |
{
|
|
228 |
$perm_override = true;
|
|
229 |
}
|
|
230 |
}
|
|
231 |
if ( !$perm_override )
|
|
232 |
{
|
|
233 |
return print enano_json_encode(array(
|
|
234 |
'mode' => 'error',
|
|
235 |
'error' => $lang->get('ajim_err_access_denied')
|
|
236 |
));
|
|
237 |
}
|
|
238 |
}
|
|
239 |
|
|
240 |
$message = trim(@$request['message']);
|
|
241 |
if ( empty($message) )
|
|
242 |
{
|
|
243 |
return print enano_json_encode(array(
|
|
244 |
'mode' => 'error',
|
|
245 |
'error' => $lang->get('ajim_err_no_post')
|
|
246 |
));
|
|
247 |
}
|
|
248 |
|
|
249 |
$message_db = $db->escape($message);
|
|
250 |
$now = time();
|
|
251 |
$q = $db->sql_query('UPDATE ' . table_prefix . "ajim2 SET message = '{$message_db}', message_update_time = $now WHERE message_id = $message_id;");
|
|
252 |
if ( !$q )
|
|
253 |
$db->die_json();
|
|
254 |
|
|
255 |
return print enano_json_encode(array(
|
|
256 |
'mode' => 'update',
|
|
257 |
'message_id' => $message_id,
|
|
258 |
'message' => $message,
|
|
259 |
'message_html' => RenderMan::render($message)
|
|
260 |
));
|
|
261 |
break;
|
|
262 |
}
|
|
263 |
}
|
|
264 |
|