#!/usr/bin/perl use strict; use Date::Calc qw(Today); use Boofy::Main; use Boofy::Mail; use Boofy::Login; use Boofy::String qw(tune_textarea tune_form tune_html make_photo_dir scrub_html strip_html convert_html encode_post_key); use Boofy::Config qw(COMMENT_NEW ADMIN_NAME ADMIN_EMAIL LIMIT_DIARY_TIME LIMIT_DIARY_COUNT); use Boofy::HTML qw(make_monthly_calendar make_error make_diary_calendar make_option_sort); use Boofy::DB; use Boofy::Cache; use Boofy::Image; use Boofy::ImageCluster; use Boofy::Diary; #------------------------------------------------------------------------------ # functions #------------------------------------------------------------------------------ sub show_main { ## Vars my ($cc, $dbd, $tpl, $member_id, $href, $error) = @_; my %v = $href ? %{ $href } : (); ## Params $tpl->param("diary_title", tune_form($v{diary_title})); $tpl->param("diary_body", tune_textarea($v{diary_body})); $tpl->param("error", $error); $tpl->param("orig_size_checked", $v{orig_size} ? "checked" : ""); ## Calendar my $own_diary = 1; my @today = Today(); my $cal_cache = $cc->get_diary_calendar($member_id, $today[0], $today[1]); $tpl->param("calendar", make_diary_calendar($member_id, $own_diary, $today[0], $today[1], $dbd, $cal_cache)); ## Monthly $tpl->param("monthly_calendar", make_monthly_calendar($cc, $member_id, $own_diary)); } sub show_confirm { my ($tpl, $member_id, $member_type, $max_count, $packed, $sanitized, $href) = @_; my %v = ref($href) ? %{ $href } : (); $tpl->param("packed", $packed); ## Title $tpl->param("title_form", tune_form($v{diary_title})); $tpl->param("title_html", tune_html($v{diary_title})); ## Body $tpl->param("body_form", tune_form($v{diary_body})); if ($member_type == 2) { $tpl->param("body_html", $sanitized); } else { $tpl->param("body_html", tune_html($v{diary_body})); } my $orig_size = $v{orig_size} ? 1 : 0; $tpl->param("orig_size_checked", $orig_size); ## Photo my $count = 0; for (my $x = 1; $x <= $max_count; $x++) { my $photo_html = "photo_html" . $x; my $photo = "photo" . $x; $tpl->param($photo_html, tune_html($v{$photo})); ($v{$photo}) && ($count++) } if ($count) { my $compress = $v{orig_size} ? "オリジナルでアップロードする" : "圧縮してアップロードする"; $tpl->param("compress", $compress); } ## Link $tpl->param("add_diary_link", "add_diary.pl"); } sub mail_mixi { my ($member_id, $body) = @_; my $title = "[mixi] USER LIMIT"; my $line = "add_diary.pl\n"; $line .= "UserID = $member_id\n"; $line .= $body; my $m = Boofy::Mail::->new(); $m->load_data(ADMIN_NAME, ADMIN_EMAIL, "", ADMIN_EMAIL, $title, $line); $m->send(); } sub insert_diary_photo { my ($dbd, $member_id, $diary_id, $href) = @_; my %data = ref($href) ? %{ $href } : (); my $insert_sql = "INSERT INTO diary_photo (diary_id, seq, number, size)"; my $value_sql; my @value; my $total_size = 0; foreach my $seq (keys(%data)) { my ($number, $size) = @{ $data{$seq} }; $total_size += $size; $value_sql .= "(?,?,?,?),"; push(@value, $diary_id, $seq, $number, $size); } if (@value) { $value_sql = substr($value_sql, 0, -1); $dbd->begin_work(); my $sth = $dbd->prepare($insert_sql . " VALUES " . $value_sql); $sth->execute(@value); $sth = $dbd->prepare("UPDATE diary_quota SET diary_usage=diary_usage+? WHERE member_id=?"); $sth->execute($total_size, $member_id); $dbd->commit(); } } sub check_error { my ($href) = @_; my %v = ref($href) ? %{ $href } : (); my %error; my $diary_title = $v{diary_title}; my $diary_body = $v{diary_body}; $diary_title =~ s/[\s ]//g; $diary_body =~ s/[\s ]//g; if (!$diary_title) { $error{diary_title} = "タイトルを入力して下さい。"; } if (!$diary_body) { $error{diary_body} = "本文を入力して下さい。"; } return %error; } sub convert_html_old { ## Vars my ($member_id, $html) = @_; my (@line, $line, $owner_id, $album_id, $number, $pattern, $photo_url, $thumb_url); my %data = ( 1 => '', 3 => '_', 4 => '.jpg' ); ## Convert my $db = Boofy::DB::->new(); my $im = Boofy::Image::->new(type => "album", member_id => $member_id); $im->set_type_id($album_id); my @chip = split(/:/, $html); foreach my $chip (@chip) { push(@line, $chip); $line = "$line[-3]:$line[-2]:$line[-1]"; if ($line =~ /()/) { $pattern = "$1$2$3$4$5$6$7"; $album_id = $4; $number = $6; $owner_id = $db->select_album_owner_id($4); if ($member_id == $owner_id) { $photo_url = $im->make_image_url($number); $thumb_url = $im->make_thumb_url($number); $html =~ s/$pattern/$data{1}$photo_url$data{2}$album_id$data{3}$number$data{4}$thumb_url$data{5}/g; } else { $html =~ s/$pattern//g; } } } $html =~ s/\n/
/g; return $html; } sub show_diary_quota { my ($tpl, $diary_usage, $diary_limit) = @_; $diary_usage = sprintf("%.1f", $diary_usage / (1024 * 1024)); $diary_limit = sprintf("%.1f", $diary_limit / (1024 * 1024)); $tpl->param("diary_usage", $diary_usage); $tpl->param("diary_limit", $diary_limit); } #------------------------------------------------------------------------------ # main #------------------------------------------------------------------------------ my $mn = Boofy::Main::->new(); my $cgi = $mn->load_cgi(); my $lg = Boofy::Login::->new($cgi); ## Need to change to cgi => $cgi ## Login my $member_status = $lg->get_member_status(); my $member_id = $member_status->{id}; my $member_type = $member_status->{type}; if (!$member_id) { $lg->show_login($mn); exit; } ## Maintenance #my $tpl = $mn->load_tpl("header.tmpl"); #$mn->show_header(); #$mn->show_alert("

現在メンテナンス中です。ご迷惑をおかけいたしますが、今しばらくお待ちいただきますようお願い申し上げます。"); #print $tpl->output(); #exit; my $diary = Boofy::Diary->new($member_id); if ($diary->is_readonly) { my $tpl = $mn->load_tpl("header.tmpl"); $mn->show_header(); $mn->show_alert('

現在、日記の作成・編集機能にエラーが発生しています。
誠に申し訳ございません。しばらく時間が経ってからアクセスしてください。

'); print $tpl->output(); exit; } ## TODO: キャッシュに移動! ## Block my $cc = Boofy::Cache->new(); if ($cc->get_limit($member_id, "diary") >= LIMIT_DIARY_COUNT) { my $tpl = $mn->load_tpl("add_diary_block.tmpl"); $mn->show_header(); $mn->show_banner($member_id); $mn->show_premium($member_type); print $tpl->output(); exit; } ## Check Diary Quota my $diary_quota = $cc->get_diary_quota($member_id); my ($diary_usage, $diary_limit) = split(/:/, $diary_quota); if ($diary_usage >= $diary_limit) { $diary_limit = ($diary_limit / (1024 * 1024)); my $message_title = "日記を書く"; my $message_body = " 申し訳ございませんが$diary_limitメガを超えられている場合は、新たな記事を作成
することが出来ません。"; if ($member_type == 1) { $message_body .= "$diary_limitメガ未満まで容量を空けていただくか、容量拡大
のお手続きをおこなっていただけば作成可能になります。
日記容量拡大はmixiプレミアムにご登録いただければ可能です。詳細は こちら"; } else { $message_body .= "$diary_limitメガ未満まで容量を空けてください。"; } my $tpl = $mn->load_tpl("message.tmpl"); $mn->show_header(); $mn->show_banner($member_id); $mn->show_premium($member_type); $mn->show_message($message_title, $message_body); print $tpl->output(); exit; } my %v = $cgi->Vars(); $v{diary_title} =~ s/[\n\r]//g; if (!$v{submit} || $cgi->url_param("submit")) { $v{orig_size} = 1; my $tpl = $mn->load_tpl("add_diary_main.tmpl"); $mn->show_header(); $mn->show_banner($member_id); $mn->show_premium($member_type); show_main($cc, $diary->get_dbh(), $tpl, $member_id, \%v); show_diary_quota($tpl, $diary_usage, $diary_limit); print $tpl->output(); } elsif ($v{submit} eq "cancel") { my $im = Boofy::Image::->new(type => "diary", member_id => $member_id); my @tmp_ftp = split(":", $v{packed}); if (scalar(@tmp_ftp) > (4 * $im->get_max_img_count())) { die "add_diary.pl: POST value has been tampered by $member_id.\n"; } $im->delete_tmp_file(@tmp_ftp); ## Display my $tpl = $mn->load_tpl("add_diary_main.tmpl"); $mn->show_header(); $mn->show_banner($member_id); $mn->show_premium($member_type); show_main($cc, $diary->get_dbh, $tpl, $member_id, \%v); show_diary_quota($tpl, $diary_usage, $diary_limit); print $tpl->output(); } elsif ($v{submit} eq "main") { my %error; my $sanitized; if ($member_type == 2) { $sanitized = scrub_html($v{diary_body}); if ($sanitized) { $sanitized = convert_html($member_id, $sanitized, 1); if ($v{diary_body} && !$sanitized) { $error{diary_body} = "自分の写真を使って下さい。"; } } else { $v{diary_body} = undef(); } } %error = check_error(\%v); my %upload; my $im = Boofy::Image::->new(type => "diary", member_id => $member_id); my $ic = Boofy::ImageCluster->new('diary'); my $max_count = $im->get_max_img_count(); if (!$v{orig_size}) { $im->set_compress(1); } for (my $seq = 1; $seq <= $max_count; $seq++) { my $photo = "photo" . $seq; if (!$v{$photo}) { next; } if ($v{$photo} !~ /\.(jpg|jpeg|jpe)$/i) { $error{photo} = "画像$seqはJPG形式にして下さい。"; last; } if ($im->get_error()) { last; } my $fh = $cgi->upload($photo); my $id = $ic->prepare( blob => $fh, id => $member_id, compress => $v{orig_size} ? 0 : 1 ); $error{photo} = "画像$seqのアップロードに失敗しました。" unless $id; $upload{$seq} = $id; } my $image_error = $im->get_error(); if ($image_error) { $error{photo} = $image_error; } ## Display (Error) if (%error) { $im->delete_tmp_file(); my @sort = ("diary_title", "diary_body", "photo"); my $error = make_error(\@sort, \%error); my $tpl = $mn->load_tpl("add_diary_main.tmpl"); $mn->show_header(); $mn->show_banner($member_id); $mn->show_premium($member_type); show_main($cc, $diary->get_dbh, $tpl, $member_id, \%v, $error); show_diary_quota($tpl, $diary_usage, $diary_limit); print $tpl->output(); exit; } ## Display (Confirm) my $packed = $im->pack(\%upload); my $tpl = $mn->load_tpl("add_diary_confirm.tmpl"); $mn->show_header(); $mn->show_banner($member_id); $mn->show_premium($member_type); show_confirm($tpl, $member_id, $member_type, $max_count, $packed, $sanitized, \%v); $tpl->param("post_key", encode_post_key($member_id)); print $tpl->output(); } elsif ($v{submit} eq "confirm") { if (encode_post_key($member_id) ne $v{post_key}) { my $tpl = $mn->load_tpl("header.tmpl"); $mn->show_header(); $mn->show_alert(); print $tpl->output(); exit; } ## Check sanitized once more my %error = check_error(\%v); my $sanitized; if ($member_type == 2) { $sanitized = scrub_html($v{diary_body}); $sanitized = convert_html($member_id, $v{diary_body}, 1); if (!$sanitized) { $error{diary_body} = "自分の写真を使って下さい。"; } } if (%error) { die "add_diary.pl: $member_id try to tamper value\n"; } ## Vars my $photo_size_total = 0; ## Add to DB my $diary_id = $diary->add($member_type, \%v); my $count = $cc->add_limit($member_id, "diary", LIMIT_DIARY_TIME); if ($count >= LIMIT_DIARY_COUNT) { mail_mixi($member_id, $v{body}); } my $im = Boofy::Image::->new(type => "diary", member_id => $member_id); $im->set_type_id($diary_id); my $ic = Boofy::ImageCluster->new('diary'); my %ftp_tmp = $im->unpack($v{packed}); ## Built-in protection my $total_size = 0; my %photo_data; for my $seq (keys(%ftp_tmp)) { my $img_name = $ftp_tmp{$seq}->{img}; my $thumb_name = $ftp_tmp{$seq}->{thumb}; my $number = $im->_get_random; my $uri = sprintf '/photo/diary/%s/%s_%s.%s', $im->_get_inner_dir, $diary_id, $number, 'jpg'; my $uri_s = sprintf '/photo/diary/%s/%s_%ss.%s', $im->_get_inner_dir, $diary_id, $number, 'jpg'; my $size = $ic->put($img_name, $uri, $member_id); if ($ic->errstr) { die "add_diary.pl: $member_id cannot put image: $uri: ". $ic->errstr; } $size += $ic->put($thumb_name, $uri_s, $member_id); if ($ic->errstr) { die "add_diary.pl: $member_id cannot put image: $uri_s: ". $ic->errstr; } $photo_data{$seq} = [ $number, $size ]; } ## DB Insert insert_diary_photo($diary->get_dbh, $member_id, $diary_id, \%photo_data); $cc->delete_own_diary($member_id); $cc->delete_diary_calendar($member_id); my $tpl = $mn->load_tpl("add_diary_finish.tmpl"); $mn->show_header(); $mn->show_banner($member_id); $mn->show_premium($member_type); print $tpl->output(); } else { my $tpl = $mn->load_tpl("header.tmpl"); $mn->show_header(); $mn->show_alert('不正な入力です。'); print $tpl->output(); exit; }