|
1 <?php |
|
2 |
|
3 $plugins->attachHook('session_started', 'ajim_page_init();'); |
|
4 |
|
5 function ajim_page_init() |
|
6 { |
|
7 global $db, $session, $paths, $template, $plugins; // Common objects |
|
8 |
|
9 $paths->add_page(array( |
|
10 'name' => 'AjIM JSON handler', |
|
11 'urlname' => 'AjimJson', |
|
12 'namespace' => 'Special', |
|
13 'visible' => 0, |
|
14 'special' => 1, |
|
15 'comments_on' => 0, |
|
16 'protected' => 0 |
|
17 )); |
|
18 } |
|
19 |
|
20 function page_Special_AjimJson() |
|
21 { |
|
22 global $db, $session, $paths, $template, $plugins; // Common objects |
|
23 global $lang; |
|
24 |
|
25 header('Content-type: text/javascript'); |
|
26 if ( !isset($_GET['r']) && !isset($_POST['r']) ) |
|
27 { |
|
28 return print enano_json_encode(array( |
|
29 'mode' => 'error', |
|
30 'error' => 'No request specified.' |
|
31 )); |
|
32 } |
|
33 $request = enano_json_decode($_REQUEST['r']); |
|
34 if ( !isset($request['mode']) ) |
|
35 { |
|
36 return print enano_json_encode(array( |
|
37 'mode' => 'error', |
|
38 'error' => 'No mode specified.' |
|
39 )); |
|
40 } |
|
41 switch($request['mode']) |
|
42 { |
|
43 case 'watch': |
|
44 @set_time_limit(0); |
|
45 $time = ( !empty($request['lastrefresh']) ) ? intval($request['lastrefresh']) : 0; |
|
46 $end = microtime_float() + 59; |
|
47 // run cron-ish stuff |
|
48 if ( intval(getConfig('ajim_last_cleanout', 0)) + 86400 < time() ) |
|
49 { |
|
50 $q = $db->sql_query('SELECT COUNT(message_id) FROM ' . table_prefix . "ajim2;"); |
|
51 if ( !$q ) |
|
52 $db->die_json(); |
|
53 |
|
54 list($count) = $db->fetchrow_num(); |
|
55 $db->free_result(); |
|
56 if ( intval($count) > 50 ) |
|
57 { |
|
58 // if there are more than 50 messages in the database, clean it out |
|
59 $limit = $count - 15; |
|
60 $q = $db->sql_query('DELETE FROM ' . table_prefix . "ajim2 ORDER BY message_time ASC LIMIT $limit;"); |
|
61 if ( !$q ) |
|
62 $db->die_json(); |
|
63 } |
|
64 |
|
65 setConfig('ajim_last_cleanout', time()); |
|
66 } |
|
67 |
|
68 while ( microtime_float() < $end ) |
|
69 { |
|
70 $q = $db->sql_query('SELECT * FROM ' . table_prefix . "ajim2 WHERE message_time >= $time OR message_update_time >= $time ORDER BY message_time DESC LIMIT 30;"); |
|
71 if ( !$q ) |
|
72 $db->die_json(); |
|
73 if ( $db->numrows() > 0 || $time == 0 ) |
|
74 break; |
|
75 $db->free_result(); |
|
76 usleep(500000); // 0.5s |
|
77 } |
|
78 if ( $q ) |
|
79 { |
|
80 $messages = array(); |
|
81 while ( $row = $db->fetchrow() ) |
|
82 { |
|
83 $row['rank_info'] = $session->get_user_rank($row['user_id']); |
|
84 $row['message_html'] = RenderMan::render($row['message']); |
|
85 $row['human_time'] = enano_date('n/j, g:ia', $row['message_time']); |
|
86 $messages[] = $row; |
|
87 } |
|
88 $response = array( |
|
89 'mode' => 'messages', |
|
90 'now' => time(), |
|
91 'messages' => $messages |
|
92 ); |
|
93 return print enano_json_encode($response); |
|
94 } |
|
95 else |
|
96 { |
|
97 return print enano_json_encode(array( |
|
98 'mode' => 'messages', |
|
99 'now' => time(), |
|
100 'messages' => array() |
|
101 )); |
|
102 } |
|
103 break; |
|
104 case 'submit': |
|
105 if ( !$session->get_permissions('ajim_post') ) |
|
106 { |
|
107 return print enano_json_encode(array( |
|
108 'mode' => 'error', |
|
109 'error' => $lang->get('ajim_err_post_denied') |
|
110 )); |
|
111 } |
|
112 $name = $session->user_logged_in ? $session->username : $request['user']; |
|
113 $content = trim($request['message']); |
|
114 if ( empty($content) ) |
|
115 { |
|
116 return print enano_json_encode(array( |
|
117 'mode' => 'error', |
|
118 'error' => $lang->get('ajim_err_no_post') |
|
119 )); |
|
120 } |
|
121 |
|
122 $now = time(); |
|
123 $content_db = $db->escape($content); |
|
124 $name_db = $db->escape($name); |
|
125 |
|
126 $sql = 'INSERT INTO ' . table_prefix . "ajim2(user_id, username, message, message_time, message_update_time) VALUES\n" |
|
127 . " ({$session->user_id}, '$name_db', '$content_db', $now, $now);"; |
|
128 if ( !$db->sql_query($sql) ) |
|
129 $db->die_json(); |
|
130 |
|
131 // workaround for no insert_id() on postgresql |
|
132 $q = $db->sql_query('SELECT message_id FROM ' . table_prefix . "ajim2 WHERE username = '$name_db' AND message = '$content_db' AND message_time = $now ORDER BY message_id DESC LIMIT 1;"); |
|
133 if ( !$q ) |
|
134 $db->die_json(); |
|
135 |
|
136 list($message_id) = $db->fetchrow_num(); |
|
137 $db->free_result(); |
|
138 |
|
139 return print enano_json_encode(array( |
|
140 'mode' => 'messages', |
|
141 'messages' => array(array( |
|
142 'rank_info' => $session->get_user_rank($session->user_id), |
|
143 'human_time' => enano_date('n/j, g:ia'), |
|
144 'message' => $content, |
|
145 'username' => $name, |
|
146 'user_id' => $session->user_id, |
|
147 'message_time' => time(), |
|
148 'message_update_time' => time(), |
|
149 'message_id' => $message_id, |
|
150 'message_html' => RenderMan::render($content) |
|
151 )) |
|
152 )); |
|
153 break; |
|
154 case 'delete': |
|
155 if ( empty($request['message_id']) ) |
|
156 { |
|
157 return print enano_json_encode(array( |
|
158 'mode' => 'error', |
|
159 'error' => 'No message_id specified.' |
|
160 )); |
|
161 } |
|
162 |
|
163 $message_id = intval($request['message_id']); |
|
164 |
|
165 if ( ( !$session->get_permissions('ajim_mod') || $session->auth_level < USER_LEVEL_CHPREF ) ) |
|
166 { |
|
167 // we don't have permission according to ACLs, but try to see if we can edit our |
|
168 // own posts. if so, we can allow this to continue. |
|
169 $perm_override = false; |
|
170 if ( $session->get_permissions('ajim_edit') && $session->user_logged_in ) |
|
171 { |
|
172 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix . "ajim2 WHERE message_id = $message_id;"); |
|
173 if ( !$q ) |
|
174 $db->die_json(); |
|
175 |
|
176 list($user_id) = $db->fetchrow_num(); |
|
177 $db->free_result(); |
|
178 if ( $user_id === $session->user_id ) |
|
179 { |
|
180 $perm_override = true; |
|
181 } |
|
182 } |
|
183 if ( !$perm_override ) |
|
184 { |
|
185 return print enano_json_encode(array( |
|
186 'mode' => 'error', |
|
187 'error' => $lang->get('ajim_err_access_denied') |
|
188 )); |
|
189 } |
|
190 } |
|
191 |
|
192 $now = time(); |
|
193 $q = $db->sql_query('UPDATE ' . table_prefix . "ajim2 SET message = '', message_update_time = $now WHERE message_id = $message_id;"); |
|
194 if ( !$q ) |
|
195 $db->die_json(); |
|
196 |
|
197 return print enano_json_encode(array( |
|
198 'mode' => 'delete', |
|
199 'message_id' => $message_id |
|
200 )); |
|
201 break; |
|
202 case 'update': |
|
203 if ( empty($request['message_id']) ) |
|
204 { |
|
205 return print enano_json_encode(array( |
|
206 'mode' => 'error', |
|
207 'error' => 'No message_id specified.' |
|
208 )); |
|
209 } |
|
210 |
|
211 $message_id = intval($request['message_id']); |
|
212 |
|
213 if ( ( !$session->get_permissions('ajim_mod') || $session->auth_level < USER_LEVEL_CHPREF ) ) |
|
214 { |
|
215 // we don't have permission according to ACLs, but try to see if we can edit our |
|
216 // own posts. if so, we can allow this to continue. |
|
217 $perm_override = false; |
|
218 if ( $session->get_permissions('ajim_edit') && $session->user_logged_in ) |
|
219 { |
|
220 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix . "ajim2 WHERE message_id = $message_id;"); |
|
221 if ( !$q ) |
|
222 $db->die_json(); |
|
223 |
|
224 list($user_id) = $db->fetchrow_num(); |
|
225 $db->free_result(); |
|
226 if ( $user_id === $session->user_id ) |
|
227 { |
|
228 $perm_override = true; |
|
229 } |
|
230 } |
|
231 if ( !$perm_override ) |
|
232 { |
|
233 return print enano_json_encode(array( |
|
234 'mode' => 'error', |
|
235 'error' => $lang->get('ajim_err_access_denied') |
|
236 )); |
|
237 } |
|
238 } |
|
239 |
|
240 $message = trim(@$request['message']); |
|
241 if ( empty($message) ) |
|
242 { |
|
243 return print enano_json_encode(array( |
|
244 'mode' => 'error', |
|
245 'error' => $lang->get('ajim_err_no_post') |
|
246 )); |
|
247 } |
|
248 |
|
249 $message_db = $db->escape($message); |
|
250 $now = time(); |
|
251 $q = $db->sql_query('UPDATE ' . table_prefix . "ajim2 SET message = '{$message_db}', message_update_time = $now WHERE message_id = $message_id;"); |
|
252 if ( !$q ) |
|
253 $db->die_json(); |
|
254 |
|
255 return print enano_json_encode(array( |
|
256 'mode' => 'update', |
|
257 'message_id' => $message_id, |
|
258 'message' => $message, |
|
259 'message_html' => RenderMan::render($message) |
|
260 )); |
|
261 break; |
|
262 } |
|
263 } |
|
264 |