viewgit/inc/functions.php:22 Function utf8_encode() is deprecated [8192]

Index » yioop : Commitdiff e2ffb9
Summary | Shortlog | Commit | Commitdiff | Tree |

Add code to do input checking of impression, user, visitor, and other model methods so postgres doesn't return errors, restores captcha time out code that had gone missing, a=chris

Chris Pollett [2016-11-09 19:Nov:th]
Add code to do input checking of impression, user, visitor, and other model methods so postgres doesn't return errors, restores captcha time out code that had gone missing, a=chris
Filename
src/controllers/RegisterController.php
src/library/CrawlConstants.php
src/library/media_jobs/FeedsUpdateJob.php
src/models/CrawlModel.php
src/models/ImpressionModel.php
src/models/UserModel.php
src/models/VisitorModel.php
 
diff --git a/src/controllers/RegisterController.php b/src/controllers/RegisterController.php
index 30146bb7d..1247ed69e 100755
--- a/src/controllers/RegisterController.php
+++ b/src/controllers/RegisterController.php
@@ -30,6 +30,7 @@
  */
 namespace seekquarry\yioop\controllers;

+use seekquarry\yioop as B;
 use seekquarry\yioop\configs as C;
 use seekquarry\yioop\library as L;
 use seekquarry\yioop\library\CrawlConstants;
@@ -168,6 +169,16 @@ class RegisterController extends Controller implements CrawlConstants
             $user = $_SERVER['REMOTE_ADDR'];
         }
         $visitor_check_names = ['captcha_time_out','suggest_day_exceeded'];
+        foreach($visitor_check_names as $name) {
+            $visitor = $visitor_model->getVisitor($_SERVER['REMOTE_ADDR'],
+                $name);
+            if(isset($visitor['END_TIME']) && $visitor['END_TIME'] > time()) {
+                $_SESSION['value'] = date('Y-m-d H:i:s', $visitor['END_TIME']);
+                $url = B\wikiUrl($visitor['PAGE_NAME']);
+                header("Location:" . $url);
+                exit();
+            }
+        }
         $data = [];
         $data['REFRESH'] = "register";
         $activity = isset($_REQUEST['a']) ?
diff --git a/src/library/CrawlConstants.php b/src/library/CrawlConstants.php
index 17834c693..cc60a1541 100755
--- a/src/library/CrawlConstants.php
+++ b/src/library/CrawlConstants.php
@@ -232,4 +232,5 @@ interface CrawlConstants
     const SCRAPER_LABEL = 'du';
     const SCRAPERS = 'dv';
     const IS_NEWS = "dw";
+    const QUESTION_TRIPLETS = 'dx';
 }
diff --git a/src/library/media_jobs/FeedsUpdateJob.php b/src/library/media_jobs/FeedsUpdateJob.php
index 3f677deea..04097cfee 100644
--- a/src/library/media_jobs/FeedsUpdateJob.php
+++ b/src/library/media_jobs/FeedsUpdateJob.php
@@ -606,10 +606,14 @@ class FeedsUpdateJob extends MediaJob
     public function addFeedItemIfNew($item, $source_name, $lang, $age,
         $unique_fields)
     {
-        if (!isset($item["link"]) || !isset($item["title"]) ||
-            !isset($item["description"])) {
+        if (empty($item["link"]) || empty($item["title"]) ||
+            empty($item["description"]) ||
+            strlen($item["link"]) > C\MAX_URL_LEN) {
             return false;
         }
+        $item["title"] = substr($item["title"], 0, C\TITLE_LEN);
+        $item["description"] = substr($item["description"], 0,
+            C\MAX_GROUP_POST_LEN);
         if (empty($item["guid"])) {
             $hash_string = "";
             foreach ($unique_fields as $field) {
@@ -619,7 +623,8 @@ class FeedsUpdateJob extends MediaJob
         } else {
             $item["guid"] = L\crawlHash($item["guid"]);
         }
-        if (!isset($item["image_link"])) {
+        if (!isset($item["image_link"]) ||
+            strlen($item["image_link"]) > C\MAX_URL_LEN) {
             $item["image_link"] = "";
         }
         $raw_guid = L\unbase64Hash($item["guid"]);
diff --git a/src/models/CrawlModel.php b/src/models/CrawlModel.php
index 6826af870..f613198e3 100755
--- a/src/models/CrawlModel.php
+++ b/src/models/CrawlModel.php
@@ -229,7 +229,10 @@ class CrawlModel extends ParallelModel
      */
     public function getMixList($user_id, $with_components = false)
     {
-        $sql = "SELECT TIMESTAMP, NAME FROM CRAWL_MIXES WHERE OWNER_ID=?";
+        $sql = "SELECT TIMESTAMP, NAME FROM CRAWL_MIXES WHERE OWNER_ID = ?";
+        if (intval($user_id) != $user_id) {
+            return false; //keep postgres error log cleaner by doing check
+        }
         $result = $this->db->execute($sql, [$user_id]);
         $rows = [];
         while ($row = $this->db->fetchArray($result)) {
@@ -343,6 +346,9 @@ class CrawlModel extends ParallelModel
         $db = $this->db;
         $sql = "SELECT TIMESTAMP, NAME FROM CRAWL_MIXES WHERE ".
             " TIMESTAMP = ? and OWNER_ID = ?";
+        if (intval($user_id) != $user_id) {
+            return false;
+        }
         $result = $db->execute($sql, [$timestamp, $user_id]);
         if ($result) {
             if ($mix = $db->fetchArray($result)) {
diff --git a/src/models/ImpressionModel.php b/src/models/ImpressionModel.php
index 67100c5e2..b9739b791 100644
--- a/src/models/ImpressionModel.php
+++ b/src/models/ImpressionModel.php
@@ -101,7 +101,7 @@ class ImpressionModel extends Model
             $sql = "INSERT INTO QUERY_ITEM(QUERY_HASH, QUERY, CREATION)
                 VALUES (?, ?, ?)";
             $result = $db->execute($sql, [$query_hash, $query, time()]);
-            $this->initWithDb(C\PUBLIC_USER_ID, $db->insertID(),
+            $this->initWithDb(C\PUBLIC_USER_ID, $db->insertID("QUERY_ITEM"),
                 C\QUERY_IMPRESSION, $db);
         } else {
             $this->addWithDb(C\PUBLIC_USER_ID, $row['ID'],
diff --git a/src/models/UserModel.php b/src/models/UserModel.php
index 2e165d05b..739d1b0c8 100755
--- a/src/models/UserModel.php
+++ b/src/models/UserModel.php
@@ -221,12 +221,15 @@ class UserModel extends Model
      * Get a username by user_id
      *
      * @param string $user_id id of the user
-     * @return string
+     * @return string the name of the user corrseponding to that id
      */
     public function getUsername($user_id)
     {
         $db = $this->db;
-        $sql = "SELECT USER_NAME FROM USERS WHERE USER_ID=?";
+        if (intval($user_id) != $user_id) {
+            return false; //keep postgres error log cleaner by doing check
+        }
+        $sql = "SELECT USER_NAME FROM USERS WHERE USER_ID = ?";
         $result = $db->execute($sql, [$user_id]);
         $row = $db->fetchArray($result);
         return $row['USER_NAME'];
@@ -235,12 +238,16 @@ class UserModel extends Model
      * Get the status of user by user_id
      *
      * @param string $user_id id of the user
-     * @return array
+     * @return int the status flag of the user: ACTIVE, INACTIVE, INVITED,
+     *      SUSPENDED
      */
     public function getUserStatus($user_id)
     {
         $db = $this->db;
-        $sql = "SELECT STATUS FROM USERS WHERE USER_ID=?";
+        if (intval($user_id) != $user_id) {
+            return false; //keep postgres error log cleaner by doing check
+        }
+        $sql = "SELECT STATUS FROM USERS WHERE USER_ID = ?";
         $result = $db->execute($sql, [$user_id]);
         $row = $db->fetchArray($result);
         return $row['STATUS'];
diff --git a/src/models/VisitorModel.php b/src/models/VisitorModel.php
index 4ee85269c..6601f3e80 100644
--- a/src/models/VisitorModel.php
+++ b/src/models/VisitorModel.php
@@ -64,7 +64,7 @@ class VisitorModel extends Model
             AND PAGE_NAME=:page_name " . $db->limitOffset(1);
         $result = $this->db->execute($sql, [":address" => $ip_address,
             ":page_name" => $page_name]);
-        if (!$result || !$row = $this->db->fetchArray($result)) {
+        if (!$result || !$row = $db->fetchArray($result)) {
             return false;
         }
         $now = time();
@@ -117,7 +117,7 @@ class VisitorModel extends Model
         }
         $access_count = $visitor['ACCESS_COUNT'];
         if ($access_count >= $count_till_double) {
-            $delay = 2 * $visitor['DELAY'];
+            $delay = min(2 * $visitor['DELAY'], $forget_age);
             $end_time = time() + $delay;
         } else {
             $access_count++;
ViewGit