Context Navigation

source: trunk/include/functions_comment.inc.php @ 2029

Last change on this file since 2029 was 2029, checked in by rub, 17 years ago

Resolved issue 0000697: with generic user a author name is necessary to comment picture.

+ Change way to determinate if user is a guest (use functions like is_admin)

Property svn:eol-style set to LF
Property svn:keywords set to Author Date Id Revision

File size: 6.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: functions_comment.inc.php 2029 2007-06-05 22:01:15Z rub $
8	// \| last update : $Date: 2007-06-05 22:01:15 +0000 (Tue, 05 Jun 2007) $
9	// \| last modifier : $Author: rub $
10	// \| revision : $Revision: 2029 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26
27	/**
28	* returns a "secret key" that is to be sent back when a user enters a comment
29	*/
30	function get_comment_post_key($image_id)
31	{
32	global $conf;
33
34	$time = time();
35
36	return sprintf(
37	'%s:%s',
38	$time,
39	hash_hmac(
40	'md5',
41	$time.':'.$image_id,
42	$conf['secret_key']
43	)
44	);
45	}
46
47	//returns string action to perform on a new comment: validate, moderate, reject
48	function user_comment_check($action, $comment)
49	{
50	global $conf,$user;
51
52	if ($action=='reject')
53	return $action;
54
55	$my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
56
57	if ($action==$my_action)
58	return $action;
59
60	// we do here only BASIC spam check (plugins can do more)
61	if ( !is_a_guest() )
62	return $action;
63
64	$link_count = preg_match_all( '/https?:\/\//',
65	$comment['content'], $matches);
66
67	if ( strpos($comment['author'], 'http://')!==false )
68	{
69	$link_count++;
70	}
71
72	if ( $link_count>$conf['comment_spam_max_links'] )
73	return $my_action;
74
75	if ( isset($comment['ip']) and $conf['comment_spam_check_ip']
76	and $_SERVER["SERVER_ADDR"] != $comment['ip']
77	)
78	{
79	$rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
80	$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
81	$res = gethostbyname( $lookup );
82	if ( $lookup != $res )
83	return $my_action;
84	}
85
86	return $action;
87	}
88
89
90	add_event_handler('user_comment_check', 'user_comment_check',
91	EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
92
93	/**
94	* Tries to insert a user comment in the database and returns one of :
95	* validate, moderate, reject
96	* @param array comm contains author, content, image_id
97	* @param string key secret key sent back to the browser
98	* @param array infos out array of messages
99	*/
100	function insert_user_comment( &$comm, $key, &$infos )
101	{
102	global $conf, $user;
103
104	$comm = array_merge( $comm,
105	array(
106	'ip' => $_SERVER['REMOTE_ADDR'],
107	'agent' => $_SERVER['HTTP_USER_AGENT']
108	)
109	);
110
111	$infos = array();
112	if (!$conf['comments_validation'] or is_admin())
113	{
114	$comment_action='validate'; //one of validate, moderate, reject
115	}
116	else
117	{
118	$comment_action='moderate'; //one of validate, moderate, reject
119	}
120
121	// display author field if the user status is guest or generic
122	if (!is_classic_user())
123	{
124	if ( empty($comm['author']) )
125	{
126	$comm['author'] = 'guest';
127	}
128	// if a guest try to use the name of an already existing user, he must be
129	// rejected
130	if ( $comm['author'] != 'guest' )
131	{
132	$query = '
133	SELECT COUNT(*) AS user_exists
134	FROM '.USERS_TABLE.'
135	WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
136	$row = mysql_fetch_assoc( pwg_query( $query ) );
137	if ( $row['user_exists'] == 1 )
138	{
139	array_push($infos, l10n('comment_user_exists') );
140	$comment_action='reject';
141	}
142	}
143	}
144	else
145	{
146	$comm['author'] = $user['username'];
147	}
148	if ( empty($comm['content']) )
149	{ // empty comment content
150	$comment_action='reject';
151	}
152
153	$key = explode( ':', @$key );
154	if ( count($key)!=2
155	or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
156	or $key[0]<time()-3600 // 60 minutes expiration
157	or hash_hmac(
158	'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
159	) != $key[1]
160	)
161	{
162	$comment_action='reject';
163	}
164
165	if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
166	{ // anti-flood system
167	$reference_date = time() - $conf['anti-flood_time'];
168	$query = '
169	SELECT id FROM '.COMMENTS_TABLE.'
170	WHERE date > FROM_UNIXTIME('.$reference_date.')
171	AND author = "'.addslashes($comm['author']).'"';
172	if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
173	{
174	array_push( $infos, l10n('comment_anti-flood') );
175	$comment_action='reject';
176	}
177	}
178
179	// perform more spam check
180	$comment_action = trigger_event('user_comment_check',
181	$comment_action, $comm
182	);
183
184	if ( $comment_action!='reject' )
185	{
186	$query = '
187	INSERT INTO '.COMMENTS_TABLE.'
188	(author, content, date, validated, validation_date, image_id)
189	VALUES (
190	"'.addslashes($comm['author']).'",
191	"'.addslashes($comm['content']).'",
192	NOW(),
193	"'.($comment_action=='validate' ? 'true':'false').'",
194	'.($comment_action=='validate' ? 'NOW()':'NULL').',
195	'.$comm['image_id'].'
196	)
197	';
198
199	pwg_query($query);
200
201	$comm['id'] = mysql_insert_id();
202
203	if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
204	or $conf['email_admin_on_comment_validation'] )
205	{
206	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
207
208	$del_url =
209	get_absolute_root_url().'comments.php?delete='.$comm['id'];
210
211	$keyargs_content = array
212	(
213	get_l10n_args('Author: %s', $comm['author']),
214	get_l10n_args('Comment: %s', $comm['content']),
215	get_l10n_args('', ''),
216	get_l10n_args('Delete: %s', $del_url)
217	);
218
219	if ($comment_action!='validate')
220	{
221	$keyargs_content[] =
222	get_l10n_args('', '');
223	$keyargs_content[] =
224	get_l10n_args('Validate: %s',
225	get_absolute_root_url().'comments.php?validate='.$comm['id']);
226	}
227
228	pwg_mail_notification_admins
229	(
230	get_l10n_args('Comment by %s', $comm['author']),
231	$keyargs_content
232	);
233	}
234	}
235	return $comment_action;
236	}
237
238	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: