0
+ − 1
<?php
+ − 2
+ − 3
$plugins->attachHook('session_started', 'ajim_page_init();');
+ − 4
+ − 5
function ajim_page_init()
+ − 6
{
+ − 7
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 8
+ − 9
$paths->add_page(array(
+ − 10
'name' => 'AjIM JSON handler',
+ − 11
'urlname' => 'AjimJson',
+ − 12
'namespace' => 'Special',
+ − 13
'visible' => 0,
+ − 14
'special' => 1,
+ − 15
'comments_on' => 0,
+ − 16
'protected' => 0
+ − 17
));
+ − 18
}
+ − 19
+ − 20
function page_Special_AjimJson()
+ − 21
{
+ − 22
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 23
global $lang;
+ − 24
+ − 25
header('Content-type: text/javascript');
+ − 26
if ( !isset($_GET['r']) && !isset($_POST['r']) )
+ − 27
{
+ − 28
return print enano_json_encode(array(
+ − 29
'mode' => 'error',
+ − 30
'error' => 'No request specified.'
+ − 31
));
+ − 32
}
+ − 33
$request = enano_json_decode($_REQUEST['r']);
+ − 34
if ( !isset($request['mode']) )
+ − 35
{
+ − 36
return print enano_json_encode(array(
+ − 37
'mode' => 'error',
+ − 38
'error' => 'No mode specified.'
+ − 39
));
+ − 40
}
+ − 41
switch($request['mode'])
+ − 42
{
+ − 43
case 'watch':
+ − 44
@set_time_limit(0);
+ − 45
$time = ( !empty($request['lastrefresh']) ) ? intval($request['lastrefresh']) : 0;
+ − 46
$end = microtime_float() + 59;
+ − 47
// run cron-ish stuff
+ − 48
if ( intval(getConfig('ajim_last_cleanout', 0)) + 86400 < time() )
+ − 49
{
+ − 50
$q = $db->sql_query('SELECT COUNT(message_id) FROM ' . table_prefix . "ajim2;");
+ − 51
if ( !$q )
+ − 52
$db->die_json();
+ − 53
+ − 54
list($count) = $db->fetchrow_num();
+ − 55
$db->free_result();
+ − 56
if ( intval($count) > 50 )
+ − 57
{
+ − 58
// if there are more than 50 messages in the database, clean it out
+ − 59
$limit = $count - 15;
+ − 60
$q = $db->sql_query('DELETE FROM ' . table_prefix . "ajim2 ORDER BY message_time ASC LIMIT $limit;");
+ − 61
if ( !$q )
+ − 62
$db->die_json();
+ − 63
}
+ − 64
+ − 65
setConfig('ajim_last_cleanout', time());
+ − 66
}
+ − 67
+ − 68
while ( microtime_float() < $end )
+ − 69
{
+ − 70
$q = $db->sql_query('SELECT * FROM ' . table_prefix . "ajim2 WHERE message_time >= $time OR message_update_time >= $time ORDER BY message_time DESC LIMIT 30;");
+ − 71
if ( !$q )
+ − 72
$db->die_json();
+ − 73
if ( $db->numrows() > 0 || $time == 0 )
+ − 74
break;
+ − 75
$db->free_result();
+ − 76
usleep(500000); // 0.5s
+ − 77
}
+ − 78
if ( $q )
+ − 79
{
+ − 80
$messages = array();
+ − 81
while ( $row = $db->fetchrow() )
+ − 82
{
+ − 83
$row['rank_info'] = $session->get_user_rank($row['user_id']);
1
+ − 84
$row['rank_info']['rank_title'] = $lang->get($row['rank_info']['rank_title']);
0
+ − 85
$row['message_html'] = RenderMan::render($row['message']);
+ − 86
$row['human_time'] = enano_date('n/j, g:ia', $row['message_time']);
+ − 87
$messages[] = $row;
+ − 88
}
+ − 89
$response = array(
+ − 90
'mode' => 'messages',
+ − 91
'now' => time(),
+ − 92
'messages' => $messages
+ − 93
);
+ − 94
return print enano_json_encode($response);
+ − 95
}
+ − 96
else
+ − 97
{
+ − 98
return print enano_json_encode(array(
+ − 99
'mode' => 'messages',
+ − 100
'now' => time(),
+ − 101
'messages' => array()
+ − 102
));
+ − 103
}
+ − 104
break;
+ − 105
case 'submit':
+ − 106
if ( !$session->get_permissions('ajim_post') )
+ − 107
{
+ − 108
return print enano_json_encode(array(
+ − 109
'mode' => 'error',
+ − 110
'error' => $lang->get('ajim_err_post_denied')
+ − 111
));
+ − 112
}
+ − 113
$name = $session->user_logged_in ? $session->username : $request['user'];
+ − 114
$content = trim($request['message']);
+ − 115
if ( empty($content) )
+ − 116
{
+ − 117
return print enano_json_encode(array(
+ − 118
'mode' => 'error',
+ − 119
'error' => $lang->get('ajim_err_no_post')
+ − 120
));
+ − 121
}
+ − 122
1
+ − 123
$content = RenderMan::preprocess_text($content, true, false);
+ − 124
0
+ − 125
$now = time();
+ − 126
$content_db = $db->escape($content);
+ − 127
$name_db = $db->escape($name);
+ − 128
+ − 129
$sql = 'INSERT INTO ' . table_prefix . "ajim2(user_id, username, message, message_time, message_update_time) VALUES\n"
+ − 130
. " ({$session->user_id}, '$name_db', '$content_db', $now, $now);";
+ − 131
if ( !$db->sql_query($sql) )
+ − 132
$db->die_json();
+ − 133
+ − 134
// workaround for no insert_id() on postgresql
+ − 135
$q = $db->sql_query('SELECT message_id FROM ' . table_prefix . "ajim2 WHERE username = '$name_db' AND message = '$content_db' AND message_time = $now ORDER BY message_id DESC LIMIT 1;");
+ − 136
if ( !$q )
+ − 137
$db->die_json();
+ − 138
+ − 139
list($message_id) = $db->fetchrow_num();
+ − 140
$db->free_result();
+ − 141
+ − 142
return print enano_json_encode(array(
+ − 143
'mode' => 'messages',
+ − 144
'messages' => array(array(
+ − 145
'rank_info' => $session->get_user_rank($session->user_id),
+ − 146
'human_time' => enano_date('n/j, g:ia'),
+ − 147
'message' => $content,
+ − 148
'username' => $name,
+ − 149
'user_id' => $session->user_id,
+ − 150
'message_time' => time(),
+ − 151
'message_update_time' => time(),
+ − 152
'message_id' => $message_id,
+ − 153
'message_html' => RenderMan::render($content)
+ − 154
))
+ − 155
));
+ − 156
break;
+ − 157
case 'delete':
+ − 158
if ( empty($request['message_id']) )
+ − 159
{
+ − 160
return print enano_json_encode(array(
+ − 161
'mode' => 'error',
+ − 162
'error' => 'No message_id specified.'
+ − 163
));
+ − 164
}
+ − 165
+ − 166
$message_id = intval($request['message_id']);
+ − 167
+ − 168
if ( ( !$session->get_permissions('ajim_mod') || $session->auth_level < USER_LEVEL_CHPREF ) )
+ − 169
{
+ − 170
// we don't have permission according to ACLs, but try to see if we can edit our
+ − 171
// own posts. if so, we can allow this to continue.
+ − 172
$perm_override = false;
+ − 173
if ( $session->get_permissions('ajim_edit') && $session->user_logged_in )
+ − 174
{
+ − 175
$q = $db->sql_query('SELECT user_id FROM ' . table_prefix . "ajim2 WHERE message_id = $message_id;");
+ − 176
if ( !$q )
+ − 177
$db->die_json();
+ − 178
+ − 179
list($user_id) = $db->fetchrow_num();
+ − 180
$db->free_result();
+ − 181
if ( $user_id === $session->user_id )
+ − 182
{
+ − 183
$perm_override = true;
+ − 184
}
+ − 185
}
+ − 186
if ( !$perm_override )
+ − 187
{
+ − 188
return print enano_json_encode(array(
+ − 189
'mode' => 'error',
+ − 190
'error' => $lang->get('ajim_err_access_denied')
+ − 191
));
+ − 192
}
+ − 193
}
+ − 194
+ − 195
$now = time();
+ − 196
$q = $db->sql_query('UPDATE ' . table_prefix . "ajim2 SET message = '', message_update_time = $now WHERE message_id = $message_id;");
+ − 197
if ( !$q )
+ − 198
$db->die_json();
+ − 199
+ − 200
return print enano_json_encode(array(
+ − 201
'mode' => 'delete',
+ − 202
'message_id' => $message_id
+ − 203
));
+ − 204
break;
+ − 205
case 'update':
+ − 206
if ( empty($request['message_id']) )
+ − 207
{
+ − 208
return print enano_json_encode(array(
+ − 209
'mode' => 'error',
+ − 210
'error' => 'No message_id specified.'
+ − 211
));
+ − 212
}
+ − 213
+ − 214
$message_id = intval($request['message_id']);
+ − 215
+ − 216
if ( ( !$session->get_permissions('ajim_mod') || $session->auth_level < USER_LEVEL_CHPREF ) )
+ − 217
{
+ − 218
// we don't have permission according to ACLs, but try to see if we can edit our
+ − 219
// own posts. if so, we can allow this to continue.
+ − 220
$perm_override = false;
+ − 221
if ( $session->get_permissions('ajim_edit') && $session->user_logged_in )
+ − 222
{
+ − 223
$q = $db->sql_query('SELECT user_id FROM ' . table_prefix . "ajim2 WHERE message_id = $message_id;");
+ − 224
if ( !$q )
+ − 225
$db->die_json();
+ − 226
+ − 227
list($user_id) = $db->fetchrow_num();
+ − 228
$db->free_result();
+ − 229
if ( $user_id === $session->user_id )
+ − 230
{
+ − 231
$perm_override = true;
+ − 232
}
+ − 233
}
+ − 234
if ( !$perm_override )
+ − 235
{
+ − 236
return print enano_json_encode(array(
+ − 237
'mode' => 'error',
+ − 238
'error' => $lang->get('ajim_err_access_denied')
+ − 239
));
+ − 240
}
+ − 241
}
+ − 242
+ − 243
$message = trim(@$request['message']);
+ − 244
if ( empty($message) )
+ − 245
{
+ − 246
return print enano_json_encode(array(
+ − 247
'mode' => 'error',
+ − 248
'error' => $lang->get('ajim_err_no_post')
+ − 249
));
+ − 250
}
+ − 251
+ − 252
$message_db = $db->escape($message);
+ − 253
$now = time();
+ − 254
$q = $db->sql_query('UPDATE ' . table_prefix . "ajim2 SET message = '{$message_db}', message_update_time = $now WHERE message_id = $message_id;");
+ − 255
if ( !$q )
+ − 256
$db->die_json();
+ − 257
+ − 258
return print enano_json_encode(array(
+ − 259
'mode' => 'update',
+ − 260
'message_id' => $message_id,
+ − 261
'message' => $message,
+ − 262
'message_html' => RenderMan::render($message)
+ − 263
));
+ − 264
break;
+ − 265
}
+ − 266
}
+ − 267