root/extensions/GuestBook/include/functions_comment.inc.php @ 16000

Revision 16000, 8.5 KB (checked in by mistic100, 11 months ago)

small enhancement for BBCode Bar and Smilies Support
Line 
1<?php
2if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5add_event_handler('user_comment_check_guestbook', 'user_comment_check',
6  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
7
8function insert_user_comment_guestbook( &$comm, $key, &$infos )
9{
10  global $conf, $user, $page;
11
12  $comm = array_merge( $comm,
13    array(
14      'ip' => $_SERVER['REMOTE_ADDR'],
15      'agent' => $_SERVER['HTTP_USER_AGENT']
16    )
17   );
18
19  $infos = array();
20  if (!$conf['guestbook']['comments_validation'] or is_admin())
21  {
22    $comment_action='validate'; //one of validate, moderate, reject
23  }
24  else
25  {
26    $comment_action='moderate'; //one of validate, moderate, reject
27  }
28
29  // display author field if the user status is guest or generic
30  if (!is_classic_user())
31  {
32    if ( empty($comm['author']) )
33    {
34      array_push($page['errors'], l10n('Please enter your username'));
35      $comment_action='reject';
36    }
37    else
38    {
39      $comm['author_id'] = $conf['guest_id'];
40      // if a guest try to use the name of an already existing user, he must be
41      // rejected
42      $query = '
43SELECT COUNT(*) AS user_exists
44  FROM '.USERS_TABLE.'
45  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
46      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
47     
48      if ( $row['user_exists'] == 1 )
49      {
50        array_push($page['errors'], l10n('This login is already used by another user') );
51        $comment_action='reject';
52      }
53    }
54  }
55  else
56  {
57    $comm['author'] = addslashes($user['username']);
58    $comm['author_id'] = $user['id'];
59  }
60
61  if ( empty($comm['content']) )
62  { // empty comment content
63    $comment_action='reject';
64  }
65
66  if ( !verify_ephemeral_key(@$key) )
67  {
68    $comment_action='reject';
69    $_POST['cr'][] = 'key';
70  }
71 
72  // email
73  if ( empty($comm['email']) and is_classic_user() and !empty($user['email']) )
74  {
75    $comm['email'] = $user['email'];
76  }
77  else if ( !empty($comm['email']) and !is_valid_email($comm['email']) )
78  {
79    array_push($page['errors'], l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));
80    $comment_action='reject';
81  }
82 
83  // website
84  if ( !empty($comm['website']) and !preg_match('/^(https?:\/\/)/i', $comm['website']) )
85  {
86    $comm['website'] = 'http://'.$comm['website'];
87  }
88  if ( !empty($comm['website']) and !is_valid_url($comm['website']) )
89  {
90    array_push($page['errors'], l10n('invalid website address'));
91    $comment_action='reject';
92  }
93 
94  // anonymous id = ip address
95  $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
96  if (count($ip_components) > 3)
97  {
98    array_pop($ip_components);
99  }
100  $comm['anonymous_id'] = implode('.', $ip_components);
101 
102  // comment validation and anti-spam
103  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
104  {
105    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
106   
107    $query = '
108SELECT COUNT(1) FROM '.GUESTBOOK_TABLE.'
109  WHERE
110    date > '.$reference_date.'
111    AND author_id = '.$comm['author_id'];
112    if (!is_classic_user())
113    {
114      $query.= '
115      AND anonymous_id = "'.$comm['anonymous_id'].'"';
116    }
117    $query.= '
118;';
119   
120    list($counter) = pwg_db_fetch_row(pwg_query($query));
121    if ($counter > 0)
122    {
123      array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
124      $comment_action='reject';
125    }
126  }
127 
128  // perform more spam check
129  $comment_action = trigger_event('user_comment_check_guestbook',
130      $comment_action, $comm
131    );
132
133  if ( $comment_action!='reject' )
134  {
135    $query = '
136INSERT INTO '.GUESTBOOK_TABLE.'(
137    author,
138    author_id,
139    anonymous_id,
140    content,
141    date,
142    validated,
143    validation_date,
144    website,
145    rate,
146    email
147  )
148  VALUES (
149    \''.$comm['author'].'\',
150    '.$comm['author_id'].',
151    \''.$comm['anonymous_id'].'\',
152    \''.$comm['content'].'\',
153    NOW(),
154    \''.($comment_action=='validate' ? 'true':'false').'\',
155    '.($comment_action=='validate' ? 'NOW()':'NULL').',
156    '.(!empty($comm['website']) ? '\''.$comm['website'].'\'' : 'NULL').',
157    '.(!empty($comm['rate']) ? $comm['rate'] : 'NULL').',
158    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
159  )
160';
161
162    pwg_query($query);
163
164    $comm['id'] = pwg_db_insert_id(GUESTBOOK_TABLE);
165
166    if ( ($conf['guestbook']['email_admin_on_comment'] and 'validate' == $comment_action)
167        or ($conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
168    {
169      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
170
171      $comment_url = get_absolute_root_url().add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
172
173      $keyargs_content = array
174      (
175        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
176        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
177        get_l10n_args('', ''),
178        get_l10n_args('Manage this user comment: %s', $comment_url)
179      );
180
181      if ('moderate' == $comment_action)
182      {
183        $keyargs_content[] = get_l10n_args('', '');
184        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
185      }
186
187      pwg_mail_notification_admins
188      (
189        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
190        $keyargs_content
191      );
192    }
193  }
194  return $comment_action;
195}
196
197function update_user_comment_guestbook($comment, $post_key)
198{
199  global $conf;
200
201  $comment_action = 'validate';
202
203  if ( !verify_ephemeral_key($post_key) )
204  {
205    $comment_action='reject';
206  }
207  elseif (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated
208  {
209    $comment_action='validate'; //one of validate, moderate, reject
210  }
211  else
212  {
213    $comment_action='moderate'; //one of validate, moderate, reject
214  }
215
216  if ( $comment_action!='reject' )
217  {
218    $user_where_clause = '';
219    if (!is_admin())
220    {
221      $user_where_clause = '   AND author_id = \''.
222        $GLOBALS['user']['id'].'\'';
223    }
224
225    $query = '
226UPDATE '.GUESTBOOK_TABLE.'
227  SET content = \''.$comment['content'].'\',
228      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
229      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
230  WHERE id = '.$comment['comment_id'].
231$user_where_clause.'
232;';
233    $result = pwg_query($query);
234   
235    // mail admin and ask to validate the comment
236    if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
237    {
238      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
239     
240      $comment_url = get_absolute_root_url().add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
241
242      $keyargs_content = array
243      (
244        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
245        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
246        get_l10n_args('', ''),
247        get_l10n_args('Manage this user comment: %s', $comment_url),
248        get_l10n_args('', ''),
249        get_l10n_args('(!) This comment requires validation', ''),
250      );
251
252      pwg_mail_notification_admins
253      (
254        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
255        $keyargs_content
256      );
257    }
258  }
259 
260  return $comment_action;
261}
262
263function get_comment_author_id_guestbook($comment_id, $die_on_error=true)
264{
265  $query = '
266SELECT
267    author_id
268  FROM '.GUESTBOOK_TABLE.'
269  WHERE id = '.$comment_id.'
270;';
271  $result = pwg_query($query);
272  if (pwg_db_num_rows($result) == 0)
273  {
274    if ($die_on_error)
275    {
276      fatal_error('Unknown comment identifier');
277    }
278    else
279    {
280      return false;
281    }
282  }
283 
284  list($author_id) = pwg_db_fetch_row($result);
285
286  return $author_id;
287}
288
289function delete_user_comment_guestbook($comment_id)
290{
291  $user_where_clause = '';
292  if (!is_admin())
293  {
294    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
295  }
296 
297  if (is_array($comment_id))
298    $where_clause = 'id IN('.implode(',', $comment_id).')';
299  else
300    $where_clause = 'id = '.$comment_id;
301   
302  $query = '
303DELETE FROM '.GUESTBOOK_TABLE.'
304  WHERE '.$where_clause.
305$user_where_clause.'
306;';
307  pwg_query($query);
308}
309
310function validate_user_comment_guestbook($comment_id)
311{
312  if (is_array($comment_id))
313    $where_clause = 'id IN('.implode(',', $comment_id).')';
314  else
315    $where_clause = 'id = '.$comment_id;
316   
317  $query = '
318UPDATE '.GUESTBOOK_TABLE.'
319  SET validated = \'true\'
320    , validation_date = NOW()
321  WHERE '.$where_clause.'
322;';
323  pwg_query($query);
324}
325
326?>
Note: See TracBrowser for help on using the browser.