misuzu/public-legacy/comments.php

210 lines
7.5 KiB
PHP
Raw Normal View History

2022-09-13 13:14:49 +00:00
<?php
namespace Misuzu;
2023-07-15 23:58:17 +00:00
use RuntimeException;
2022-09-13 13:14:49 +00:00
$usersCtx = $msz->getUsersContext();
$redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? url('index');
2022-09-13 13:14:49 +00:00
if(!is_local_url($redirect))
Template::displayInfo('Possible request forgery detected.', 403);
2022-09-13 13:14:49 +00:00
if(!CSRF::validateRequest())
Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403);
2022-09-13 13:14:49 +00:00
$authInfo = $msz->getAuthInfo();
if(!$authInfo->isLoggedIn())
Template::displayInfo('You must be logged in to manage comments.', 403);
2022-09-13 13:14:49 +00:00
$currentUserInfo = $authInfo->getUserInfo();
2022-09-13 13:14:49 +00:00
if($usersCtx->hasActiveBan($currentUserInfo))
Template::displayInfo('You have been banned, check your profile for more information.', 403);
2023-07-15 23:58:17 +00:00
$comments = $msz->getComments();
$perms = $authInfo->getPerms('global');
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
$commentId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
$commentMode = (string)filter_input(INPUT_GET, 'm');
2022-09-13 13:14:49 +00:00
$commentVote = (int)filter_input(INPUT_GET, 'v', FILTER_SANITIZE_NUMBER_INT);
2023-07-15 23:58:17 +00:00
if(!empty($commentId)) {
2022-09-13 13:14:49 +00:00
try {
$commentInfo = $comments->getPost($commentId);
2023-07-15 23:58:17 +00:00
} catch(RuntimeException $ex) {
Template::displayInfo('Post not found.', 404);
2022-09-13 13:14:49 +00:00
}
$categoryInfo = $comments->getCategory(postInfo: $commentInfo);
2023-07-15 23:58:17 +00:00
}
if($commentMode !== 'create' && empty($commentInfo))
Template::throwError(400);
2023-07-15 23:58:17 +00:00
2022-09-13 13:14:49 +00:00
switch($commentMode) {
case 'pin':
case 'unpin':
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($currentUserInfo))
Template::displayInfo("You're not allowed to pin comments.", 403);
2022-09-13 13:14:49 +00:00
if($commentInfo->isDeleted())
Template::displayInfo("This comment doesn't exist!", 400);
2022-09-13 13:14:49 +00:00
if($commentInfo->isReply())
Template::displayInfo("You can't pin replies!", 400);
2022-09-13 13:14:49 +00:00
$isPinning = $commentMode === 'pin';
2023-07-15 23:58:17 +00:00
if($isPinning) {
if($commentInfo->isPinned())
Template::displayInfo('This comment is already pinned.', 400);
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
$comments->pinPost($commentInfo);
} else {
if(!$commentInfo->isPinned())
Template::displayInfo("This comment isn't pinned yet.", 400);
2023-07-15 23:58:17 +00:00
$comments->unpinPost($commentInfo);
}
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
redirect($redirect . '#comment-' . $commentInfo->getId());
2022-09-13 13:14:49 +00:00
break;
case 'vote':
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($currentUserInfo))
Template::displayInfo("You're not allowed to vote on comments.", 403);
2022-09-13 13:14:49 +00:00
if($commentInfo->isDeleted())
Template::displayInfo("This comment doesn't exist!", 400);
2022-09-13 13:14:49 +00:00
if($commentVote > 0)
2023-07-15 23:58:17 +00:00
$comments->addPostPositiveVote($commentInfo, $currentUserInfo);
2022-09-13 13:14:49 +00:00
elseif($commentVote < 0)
2023-07-15 23:58:17 +00:00
$comments->addPostNegativeVote($commentInfo, $currentUserInfo);
2022-09-13 13:14:49 +00:00
else
2023-07-15 23:58:17 +00:00
$comments->removePostVote($commentInfo, $currentUserInfo);
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
redirect($redirect . '#comment-' . $commentInfo->getId());
2022-09-13 13:14:49 +00:00
break;
case 'delete':
2023-08-30 22:37:21 +00:00
$canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY);
if(!$canDelete && !$categoryInfo->isOwner($currentUserInfo))
Template::displayInfo("You're not allowed to delete comments.", 403);
2022-09-13 13:14:49 +00:00
2023-08-30 22:37:21 +00:00
$canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY);
if($commentInfo->isDeleted())
Template::displayInfo(
2023-08-30 22:37:21 +00:00
$canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
2022-09-13 13:14:49 +00:00
400
);
$isOwnComment = $commentInfo->getUserId() === $currentUserInfo->getId();
2023-08-30 22:37:21 +00:00
$isModAction = $canDeleteAny && !$isOwnComment;
2022-09-13 13:14:49 +00:00
if(!$isModAction && !$isOwnComment)
Template::displayInfo("You're not allowed to delete comments made by others.", 403);
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
$comments->deletePost($commentInfo);
2022-09-13 13:14:49 +00:00
if($isModAction) {
$msz->createAuditLog('COMMENT_ENTRY_DELETE_MOD', [
2023-07-15 23:58:17 +00:00
$commentInfo->getId(),
$commentUserId = $commentInfo->getUserId(),
'<username>',
2022-09-13 13:14:49 +00:00
]);
} else {
$msz->createAuditLog('COMMENT_ENTRY_DELETE', [$commentInfo->getId()]);
2022-09-13 13:14:49 +00:00
}
redirect($redirect);
2022-09-13 13:14:49 +00:00
break;
case 'restore':
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY))
Template::displayInfo("You're not allowed to restore deleted comments.", 403);
2022-09-13 13:14:49 +00:00
if(!$commentInfo->isDeleted())
Template::displayInfo("This comment isn't in a deleted state.", 400);
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
$comments->restorePost($commentInfo);
2022-09-13 13:14:49 +00:00
$msz->createAuditLog('COMMENT_ENTRY_RESTORE', [
2023-07-15 23:58:17 +00:00
$commentInfo->getId(),
$commentUserId = $commentInfo->getUserId(),
'<username>',
2022-09-13 13:14:49 +00:00
]);
2023-07-15 23:58:17 +00:00
redirect($redirect . '#comment-' . $commentInfo->getId());
2022-09-13 13:14:49 +00:00
break;
case 'create':
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($currentUserInfo))
Template::displayInfo("You're not allowed to post comments.", 403);
2022-09-13 13:14:49 +00:00
if(empty($_POST['comment']) || !is_array($_POST['comment']))
Template::displayInfo('Missing data.', 400);
2022-09-13 13:14:49 +00:00
try {
2023-07-15 23:58:17 +00:00
$categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category'])
? (int)$_POST['comment']['category']
: 0;
$categoryInfo = $comments->getCategory(categoryId: $categoryId);
2023-07-15 23:58:17 +00:00
} catch(RuntimeException $ex) {
Template::displayInfo('This comment category doesn\'t exist.', 404);
2022-09-13 13:14:49 +00:00
}
2023-08-30 22:37:21 +00:00
$canLock = $perms->check(Perm::G_COMMENTS_LOCK);
if($categoryInfo->isLocked() && !$canLock)
Template::displayInfo('This comment category has been locked.', 403);
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
$commentText = !empty($_POST['comment']['text']) && is_string($_POST['comment']['text']) ? $_POST['comment']['text'] : '';
$commentReply = (string)(!empty($_POST['comment']['reply']) && is_string($_POST['comment']['reply']) ? (int)$_POST['comment']['reply'] : 0);
2023-08-30 22:37:21 +00:00
$commentLock = !empty($_POST['comment']['lock']) && $canLock;
$commentPin = !empty($_POST['comment']['pin']) && $perms->check(Perm::G_COMMENTS_PIN);
2022-09-13 13:14:49 +00:00
if($commentLock) {
2023-07-15 23:58:17 +00:00
if($categoryInfo->isLocked())
$comments->unlockCategory($categoryInfo);
else
$comments->lockCategory($categoryInfo);
2022-09-13 13:14:49 +00:00
}
if(strlen($commentText) > 0) {
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
} else {
2023-08-30 22:37:21 +00:00
if($canLock) {
Template::displayInfo('The action has been processed.', 400);
2022-09-13 13:14:49 +00:00
} else {
Template::displayInfo('Your comment is too short.', 400);
2022-09-13 13:14:49 +00:00
}
break;
}
if(mb_strlen($commentText) > 5000)
Template::displayInfo('Your comment is too long.', 400);
2022-09-13 13:14:49 +00:00
if($commentReply > 0) {
try {
$parentInfo = $comments->getPost($commentReply);
2023-07-15 23:58:17 +00:00
} catch(RuntimeException $ex) {}
2022-09-13 13:14:49 +00:00
if(!isset($parentInfo) || $parentInfo->isDeleted())
Template::displayInfo('The comment you tried to reply to does not exist.', 404);
2022-09-13 13:14:49 +00:00
}
2023-07-15 23:58:17 +00:00
$commentInfo = $comments->createPost(
$categoryInfo,
$parentInfo ?? null,
$currentUserInfo,
$commentText,
$commentPin
);
2022-09-13 13:14:49 +00:00
2023-07-15 23:58:17 +00:00
redirect($redirect . '#comment-' . $commentInfo->getId());
2022-09-13 13:14:49 +00:00
break;
default:
Template::displayInfo('Not found.', 404);
2022-09-13 13:14:49 +00:00
}