source: extensions/GuestBook/include/functions_comment.inc.php @ 24889

Last change on this file since 24889 was 24889, checked in by mistic100, 11 years ago

use my plugin architecture, add options to hide the page for guests, fix admin links in mails
File size: 8.4 KB
RevLine 
[15940]1<?php
2if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
[16000]4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5add_event_handler('user_comment_check_guestbook', 'user_comment_check',
6  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
7
[20181]8function insert_user_comment_guestbook( &$comm, $key )
[15940]9{
10  global $conf, $user, $page;
11
12  $comm = array_merge( $comm,
13    array(
14      'ip' => $_SERVER['REMOTE_ADDR'],
15      'agent' => $_SERVER['HTTP_USER_AGENT']
16    )
17   );
[20181]18 
[15940]19  if (!$conf['guestbook']['comments_validation'] or is_admin())
20  {
21    $comment_action='validate'; //one of validate, moderate, reject
22  }
23  else
24  {
25    $comment_action='moderate'; //one of validate, moderate, reject
26  }
27
28  // display author field if the user status is guest or generic
29  if (!is_classic_user())
30  {
31    if ( empty($comm['author']) )
32    {
33      array_push($page['errors'], l10n('Please enter your username'));
34      $comment_action='reject';
35    }
36    else
37    {
38      $comm['author_id'] = $conf['guest_id'];
39      // if a guest try to use the name of an already existing user, he must be
40      // rejected
41      $query = '
42SELECT COUNT(*) AS user_exists
43  FROM '.USERS_TABLE.'
44  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
45      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
46     
47      if ( $row['user_exists'] == 1 )
48      {
49        array_push($page['errors'], l10n('This login is already used by another user') );
50        $comment_action='reject';
51      }
52    }
53  }
54  else
55  {
56    $comm['author'] = addslashes($user['username']);
57    $comm['author_id'] = $user['id'];
58  }
59
60  if ( empty($comm['content']) )
61  { // empty comment content
62    $comment_action='reject';
63  }
64
65  if ( !verify_ephemeral_key(@$key) )
66  {
67    $comment_action='reject';
68    $_POST['cr'][] = 'key';
69  }
70 
71  // email
72  if ( empty($comm['email']) and is_classic_user() and !empty($user['email']) )
73  {
74    $comm['email'] = $user['email'];
75  }
[21542]76  else if ( !empty($comm['email']) and !email_check_format($comm['email']) )
[15940]77  {
78    array_push($page['errors'], l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));
79    $comment_action='reject';
80  }
81 
82  // website
83  if ( !empty($comm['website']) and !preg_match('/^(https?:\/\/)/i', $comm['website']) )
84  {
85    $comm['website'] = 'http://'.$comm['website'];
86  }
[21542]87  if ( !empty($comm['website']) and !url_check_format($comm['website']) )
[15940]88  {
89    array_push($page['errors'], l10n('invalid website address'));
90    $comment_action='reject';
91  }
92 
93  // anonymous id = ip address
94  $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
95  if (count($ip_components) > 3)
96  {
97    array_pop($ip_components);
98  }
99  $comm['anonymous_id'] = implode('.', $ip_components);
100 
101  // comment validation and anti-spam
102  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
103  {
104    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
105   
106    $query = '
107SELECT COUNT(1) FROM '.GUESTBOOK_TABLE.'
108  WHERE
109    date > '.$reference_date.'
110    AND author_id = '.$comm['author_id'];
111    if (!is_classic_user())
112    {
113      $query.= '
114      AND anonymous_id = "'.$comm['anonymous_id'].'"';
115    }
116    $query.= '
117;';
118   
119    list($counter) = pwg_db_fetch_row(pwg_query($query));
120    if ($counter > 0)
121    {
[20181]122      array_push($page['errors'], l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
[15940]123      $comment_action='reject';
124    }
125  }
126 
[16000]127  // perform more spam check
128  $comment_action = trigger_event('user_comment_check_guestbook',
129      $comment_action, $comm
130    );
[15940]131
132  if ( $comment_action!='reject' )
133  {
134    $query = '
135INSERT INTO '.GUESTBOOK_TABLE.'(
136    author,
137    author_id,
138    anonymous_id,
139    content,
140    date,
141    validated,
142    validation_date,
143    website,
144    rate,
145    email
146  )
147  VALUES (
148    \''.$comm['author'].'\',
149    '.$comm['author_id'].',
150    \''.$comm['anonymous_id'].'\',
151    \''.$comm['content'].'\',
152    NOW(),
153    \''.($comment_action=='validate' ? 'true':'false').'\',
154    '.($comment_action=='validate' ? 'NOW()':'NULL').',
155    '.(!empty($comm['website']) ? '\''.$comm['website'].'\'' : 'NULL').',
156    '.(!empty($comm['rate']) ? $comm['rate'] : 'NULL').',
157    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
158  )
159';
160
161    pwg_query($query);
162
163    $comm['id'] = pwg_db_insert_id(GUESTBOOK_TABLE);
164
165    if ( ($conf['guestbook']['email_admin_on_comment'] and 'validate' == $comment_action)
166        or ($conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
167    {
168      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
169
[24889]170      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
[15940]171
172      $keyargs_content = array
173      (
174        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
175        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
176        get_l10n_args('', ''),
177        get_l10n_args('Manage this user comment: %s', $comment_url)
178      );
179
180      if ('moderate' == $comment_action)
181      {
182        $keyargs_content[] = get_l10n_args('', '');
183        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
184      }
185
186      pwg_mail_notification_admins
187      (
188        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
189        $keyargs_content
190      );
191    }
192  }
193  return $comment_action;
194}
195
196function update_user_comment_guestbook($comment, $post_key)
197{
198  global $conf;
199
200  $comment_action = 'validate';
201
202  if ( !verify_ephemeral_key($post_key) )
203  {
204    $comment_action='reject';
205  }
206  elseif (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated
207  {
208    $comment_action='validate'; //one of validate, moderate, reject
209  }
210  else
211  {
212    $comment_action='moderate'; //one of validate, moderate, reject
213  }
214
215  if ( $comment_action!='reject' )
216  {
217    $user_where_clause = '';
218    if (!is_admin())
219    {
220      $user_where_clause = '   AND author_id = \''.
221        $GLOBALS['user']['id'].'\'';
222    }
223
224    $query = '
225UPDATE '.GUESTBOOK_TABLE.'
226  SET content = \''.$comment['content'].'\',
227      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
228      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
229  WHERE id = '.$comment['comment_id'].
230$user_where_clause.'
231;';
232    $result = pwg_query($query);
233   
234    // mail admin and ask to validate the comment
235    if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
236    {
237      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
238     
[24889]239      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
[15940]240
241      $keyargs_content = array
242      (
243        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
244        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
245        get_l10n_args('', ''),
246        get_l10n_args('Manage this user comment: %s', $comment_url),
247        get_l10n_args('', ''),
248        get_l10n_args('(!) This comment requires validation', ''),
249      );
250
251      pwg_mail_notification_admins
252      (
253        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
254        $keyargs_content
255      );
256    }
257  }
258 
259  return $comment_action;
260}
261
262function get_comment_author_id_guestbook($comment_id, $die_on_error=true)
263{
264  $query = '
265SELECT
266    author_id
267  FROM '.GUESTBOOK_TABLE.'
268  WHERE id = '.$comment_id.'
269;';
270  $result = pwg_query($query);
271  if (pwg_db_num_rows($result) == 0)
272  {
273    if ($die_on_error)
274    {
275      fatal_error('Unknown comment identifier');
276    }
277    else
278    {
279      return false;
280    }
281  }
282 
283  list($author_id) = pwg_db_fetch_row($result);
284
285  return $author_id;
286}
287
288function delete_user_comment_guestbook($comment_id)
289{
290  $user_where_clause = '';
291  if (!is_admin())
292  {
293    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
294  }
295 
296  if (is_array($comment_id))
297    $where_clause = 'id IN('.implode(',', $comment_id).')';
298  else
299    $where_clause = 'id = '.$comment_id;
300   
301  $query = '
302DELETE FROM '.GUESTBOOK_TABLE.'
303  WHERE '.$where_clause.
304$user_where_clause.'
305;';
306  pwg_query($query);
307}
308
309function validate_user_comment_guestbook($comment_id)
310{
311  if (is_array($comment_id))
312    $where_clause = 'id IN('.implode(',', $comment_id).')';
313  else
314    $where_clause = 'id = '.$comment_id;
315   
316  $query = '
317UPDATE '.GUESTBOOK_TABLE.'
318  SET validated = \'true\'
319    , validation_date = NOW()
320  WHERE '.$where_clause.'
321;';
322  pwg_query($query);
[24889]323}
Note: See TracBrowser for help on using the repository browser.