source: trunk/include/functions_comment.inc.php @ 2297

Last change on this file since 2297 was 2297, checked in by plg, 16 years ago

Modification: new header on PHP files, PhpWebGallery renamed Piwigo.
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 8.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23// +-----------------------------------------------------------------------+
24// | PhpWebGallery - a PHP based picture gallery                           |
25// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
26// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
27// +-----------------------------------------------------------------------+
28// | file          : $Id: functions_comment.inc.php 2297 2008-04-04 22:57:23Z plg $
29// | last update   : $Date: 2008-04-04 22:57:23 +0000 (Fri, 04 Apr 2008) $
30// | last modifier : $Author: plg $
31// | revision      : $Revision: 2297 $
32// +-----------------------------------------------------------------------+
33// | This program is free software; you can redistribute it and/or modify  |
34// | it under the terms of the GNU General Public License as published by  |
35// | the Free Software Foundation                                          |
36// |                                                                       |
37// | This program is distributed in the hope that it will be useful, but   |
38// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
39// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
40// | General Public License for more details.                              |
41// |                                                                       |
42// | You should have received a copy of the GNU General Public License     |
43// | along with this program; if not, write to the Free Software           |
44// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
45// | USA.                                                                  |
46// +-----------------------------------------------------------------------+
47
48/**
49 * returns a "secret key" that is to be sent back when a user enters a comment
50 */
51function get_comment_post_key($image_id)
52{
53  global $conf;
54
55  $time = time();
56
57  return sprintf(
58    '%s:%s',
59    $time,
60    hash_hmac(
61      'md5',
62      $time.':'.$image_id,
63      $conf['secret_key']
64      )
65    );
66}
67
68//returns string action to perform on a new comment: validate, moderate, reject
69function user_comment_check($action, $comment)
70{
71  global $conf,$user;
72
73  if ($action=='reject')
74    return $action;
75
76  $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
77
78  if ($action==$my_action)
79    return $action;
80
81  // we do here only BASIC spam check (plugins can do more)
82  if ( !is_a_guest() )
83    return $action;
84
85  $link_count = preg_match_all( '/https?:\/\//',
86    $comment['content'], $matches);
87
88  if ( strpos($comment['author'], 'http://')!==false )
89  {
90    $link_count++;
91  }
92
93  if ( $link_count>$conf['comment_spam_max_links'] )
94    return $my_action;
95
96  return $action;
97}
98
99
100add_event_handler('user_comment_check', 'user_comment_check',
101  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
102
103/**
104 * Tries to insert a user comment in the database and returns one of :
105 * validate, moderate, reject
106 * @param array comm contains author, content, image_id
107 * @param string key secret key sent back to the browser
108 * @param array infos out array of messages
109 */
110function insert_user_comment( &$comm, $key, &$infos )
111{
112  global $conf, $user;
113
114  $comm = array_merge( $comm,
115    array(
116      'ip' => $_SERVER['REMOTE_ADDR'],
117      'agent' => $_SERVER['HTTP_USER_AGENT']
118    )
119   );
120
121  $infos = array();
122  if (!$conf['comments_validation'] or is_admin())
123  {
124    $comment_action='validate'; //one of validate, moderate, reject
125  }
126  else
127  {
128    $comment_action='moderate'; //one of validate, moderate, reject
129  }
130
131  // display author field if the user status is guest or generic
132  if (!is_classic_user())
133  {
134    if ( empty($comm['author']) )
135    {
136      $comm['author'] = 'guest';
137    }
138    // if a guest try to use the name of an already existing user, he must be
139    // rejected
140    if ( $comm['author'] != 'guest' )
141    {
142      $query = '
143SELECT COUNT(*) AS user_exists
144  FROM '.USERS_TABLE.'
145  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
146      $row = mysql_fetch_assoc( pwg_query( $query ) );
147      if ( $row['user_exists'] == 1 )
148      {
149        array_push($infos, l10n('comment_user_exists') );
150        $comment_action='reject';
151      }
152    }
153  }
154  else
155  {
156    $comm['author'] = $user['username'];
157  }
158  if ( empty($comm['content']) )
159  { // empty comment content
160    $comment_action='reject';
161  }
162
163  $key = explode( ':', @$key );
164  if ( count($key)!=2
165        or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
166        or $key[0]<time()-3600 // 60 minutes expiration
167        or hash_hmac(
168              'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
169            ) != $key[1]
170      )
171  {
172    $comment_action='reject';
173  }
174
175  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
176  { // anti-flood system
177    $reference_date = time() - $conf['anti-flood_time'];
178    $query = '
179SELECT id FROM '.COMMENTS_TABLE.'
180  WHERE date > FROM_UNIXTIME('.$reference_date.')
181    AND author = "'.addslashes($comm['author']).'"';
182    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
183    {
184      array_push( $infos, l10n('comment_anti-flood') );
185      $comment_action='reject';
186    }
187  }
188
189  // perform more spam check
190  $comment_action = trigger_event('user_comment_check',
191      $comment_action, $comm
192    );
193
194  if ( $comment_action!='reject' )
195  {
196    $query = '
197INSERT INTO '.COMMENTS_TABLE.'
198  (author, content, date, validated, validation_date, image_id)
199  VALUES (
200    "'.addslashes($comm['author']).'",
201    "'.addslashes($comm['content']).'",
202    NOW(),
203    "'.($comment_action=='validate' ? 'true':'false').'",
204    '.($comment_action=='validate' ? 'NOW()':'NULL').',
205    '.$comm['image_id'].'
206  )
207';
208
209    pwg_query($query);
210
211    $comm['id'] = mysql_insert_id();
212
213    if
214      (
215        ($comment_action=='validate' and $conf['email_admin_on_comment'])
216        or 
217        ($comment_action!='validate' and $conf['email_admin_on_comment_validation'])
218      )
219    {
220      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
221
222      $del_url =
223          get_absolute_root_url().'comments.php?delete='.$comm['id'];
224
225      $keyargs_content = array
226      (
227        get_l10n_args('Author: %s', $comm['author']),
228        get_l10n_args('Comment: %s', $comm['content']),
229        get_l10n_args('', ''),
230        get_l10n_args('Delete: %s', $del_url)
231      );
232
233      if ($comment_action!='validate')
234      {
235        $keyargs_content[] =
236          get_l10n_args('', '');
237        $keyargs_content[] =
238          get_l10n_args('Validate: %s',
239            get_absolute_root_url().'comments.php?validate='.$comm['id']);
240      }
241
242      pwg_mail_notification_admins
243      (
244        get_l10n_args('Comment by %s', $comm['author']),
245        $keyargs_content
246      );
247    }
248  }
249  return $comment_action;
250}
251
252?>
Note: See TracBrowser for help on using the repository browser.