source: trunk/include/picture_comment.inc.php @ 1750

Last change on this file since 1750 was 1750, checked in by rvelices, 17 years ago
  • plugins with own independent scripts work now (cookie_path and url root are

correct)

  • prepare a bit some url functions so that later we can fully embed pwg in

scripts located outside pwg

  • remove some unnecessary language strings
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 10.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $Id: picture_comment.inc.php 1750 2007-01-24 05:07:08Z rvelices $
9// | last update   : $Date: 2007-01-24 05:07:08 +0000 (Wed, 24 Jan 2007) $
10// | last modifier : $Author: rvelices $
11// | revision      : $Revision: 1750 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28/**
29 * This file is included by the picture page to manage user comments
30 *
31 */
32
33//returns string action to perform on a new comment: validate, moderate, reject
34function user_comment_check($action, $comment, $picture)
35{
36  global $conf,$user;
37
38  if ($action=='reject')
39    return $action;
40
41  $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
42  if ($action==$my_action)
43    return $action;
44
45  // we do here only BASIC spam check (plugins can do more)
46  if ( !$user['is_the_guest'] )
47    return $action;
48
49  $link_count = preg_match_all( '/https?:\/\//',
50    $comment['content'], $matches);
51
52  if ( $link_count>$conf['comment_spam_max_links'] )
53    return $my_action;
54
55  if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] )
56  {
57    $rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
58    $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
59    $res = gethostbyname( $lookup );
60    if ( $lookup != $res )
61      return $my_action;
62  }
63
64  return $action;
65}
66
67
68
69add_event_handler('user_comment_check', 'user_comment_check',
70  EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
71
72
73// the picture is commentable if it belongs at least to one category which
74// is commentable
75$page['show_comments'] = false;
76foreach ($related_categories as $category)
77{
78  if ($category['commentable'] == 'true')
79  {
80    $page['show_comments'] = true;
81    break;
82  }
83}
84
85if ( $page['show_comments'] and isset( $_POST['content'] ) )
86{
87  if ( $user['is_the_guest'] and !$conf['comments_forall'] )
88  {
89    die ('Session expired');
90  }
91  if (!$conf['comments_validation'] or is_admin())
92  {
93    $comment_action='validate'; //one of validate, moderate, reject
94  }
95  else
96  {
97    $comment_action='moderate'; //one of validate, moderate, reject
98  }
99
100  $_POST['content'] = trim( stripslashes($_POST['content']) );
101
102  if ( $user['is_the_guest'] )
103  {
104    $author = empty($_POST['author'])?'guest':$_POST['author'];
105    // if a guest try to use the name of an already existing user, he must be
106    // rejected
107    if ( $author != 'guest' )
108    {
109      $query = 'SELECT COUNT(*) AS user_exists';
110      $query.= ' FROM '.USERS_TABLE;
111      $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
112      $query.= ';';
113      $row = mysql_fetch_assoc( pwg_query( $query ) );
114      if ( $row['user_exists'] == 1 )
115      {
116        $template->assign_block_vars(
117          'information',
118          array('INFORMATION'=>$lang['comment_user_exists']));
119        $comment_action='reject';
120      }
121    }
122  }
123  else
124  {
125    $author = $user['username'];
126  }
127
128  $comm = array(
129    'author' => $author,
130    'content' => $_POST['content'],
131    'image_id' => $page['image_id'],
132    'ip' => $_SERVER['REMOTE_ADDR'],
133    'agent' => $_SERVER['HTTP_USER_AGENT']
134   );
135
136  if ($comment_action!='reject' and empty($comm['content']) )
137  { // empty comment content
138    $comment_action='reject';
139  }
140
141  $key = explode(':', @$_POST['key']);
142  if ( count($key)!=2
143        or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
144        or $key[0]<time()-3600 // 60 minutes expiration
145        or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1]
146      )
147  {
148    $comment_action='reject';
149  }
150 
151  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
152  { // anti-flood system
153    $reference_date = time() - $conf['anti-flood_time'];
154    $query = 'SELECT id FROM '.COMMENTS_TABLE;
155    $query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
156    $query.= " AND author = '".$comm['author']."'";
157    $query.= ';';
158    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
159    {
160      $template->assign_block_vars(
161        'information',
162        array('INFORMATION'=>$lang['comment_anti-flood']));
163      $comment_action='reject';
164    }
165  }
166
167  // perform more spam check
168  $comment_action = trigger_event('user_comment_check',
169      $comment_action, $comm, $picture['current']
170    );
171
172  if ( $comment_action!='reject' )
173  {
174    list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
175
176    $data = $comm;
177    $data['date'] = $dbnow;
178    $data['content'] = addslashes(
179        // this htmlpsecialchars is not good here
180        htmlspecialchars($comm['content'],ENT_QUOTES)
181      );
182
183    if ($comment_action=='validate')
184    {
185      $data['validated'] = 'true';
186      $data['validation_date'] = $dbnow;
187    }
188    else
189    {
190      $data['validated'] = 'false';
191    }
192
193    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
194    $fields = array('author', 'date', 'image_id', 'content', 'validated',
195                    'validation_date');
196    mass_inserts(COMMENTS_TABLE, $fields, array($data));
197    $comm['id'] = mysql_insert_id();
198
199    // information message
200    $message = $lang['comment_added'];
201    if ($comment_action!='validate')
202    {
203      $message.= '<br />'.$lang['comment_to_validate'];
204    }
205    $template->assign_block_vars('information',
206                                 array('INFORMATION'=>$message));
207    if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
208      or $conf['email_admin_on_comment_validation'] )
209    {
210      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
211
212      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
213
214      $content =
215        'Author: '.$comm['author']."\n"
216        .'Comment: '.$comm['content']."\n"
217        .'IP: '.$comm['ip']."\n"
218        .'Browser: '.$comm['agent']."\n\n"
219        .'Delete: '.$del_url."\n";
220      if ($comment_action!='validate')
221      {
222        $content .=
223          'Validate: '.get_absolute_root_url()
224          .'comments.php?validate='.$comm['id'];
225      }
226      pwg_mail( get_webmaster_mail_address(), '',
227          'PWG comment by '.$comm['author'],
228          $content
229          );
230    }
231  }
232  else
233  {
234    set_status_header(403);
235    $template->assign_block_vars('information',
236          array('INFORMATION'=>l10n('comment_not_added') )
237        );
238  }
239
240  // allow plugins to notify what's going on
241  trigger_action( 'user_comment_insertion',
242      array_merge($comm, array('action'=>$comment_action) )
243    );
244}
245
246
247if ($page['show_comments'])
248{
249  // number of comment for this picture
250  $query = 'SELECT COUNT(*) AS nb_comments';
251  $query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$page['image_id'];
252  $query.= " AND validated = 'true'";
253  $query.= ';';
254  $row = mysql_fetch_array( pwg_query( $query ) );
255
256  // navigation bar creation
257  if (!isset($page['start']))
258  {
259    $page['start'] = 0;
260  }
261
262  $page['navigation_bar'] = create_navigation_bar(
263    duplicate_picture_url(array(), array('start')),
264    $row['nb_comments'],
265    $page['start'],
266    $conf['nb_comment_page'],
267    true // We want a clean URL
268    );
269
270  $template->assign_block_vars(
271    'comments',
272    array(
273      'NB_COMMENT' => $row['nb_comments'],
274      'NAV_BAR' => $page['navigation_bar'],
275      )
276    );
277
278  if ($row['nb_comments'] > 0)
279  {
280    $query = '
281SELECT id,author,date,image_id,content
282  FROM '.COMMENTS_TABLE.'
283  WHERE image_id = '.$page['image_id'].'
284    AND validated = \'true\'
285  ORDER BY date ASC
286  LIMIT '.$page['start'].', '.$conf['nb_comment_page'].'
287;';
288    $result = pwg_query( $query );
289
290    while ($row = mysql_fetch_array($result))
291    {
292      $template->assign_block_vars(
293        'comments.comment',
294        array(
295          'COMMENT_AUTHOR' => empty($row['author'])
296            ? $lang['guest']
297            : $row['author'],
298
299          'COMMENT_DATE' => format_date(
300            $row['date'],
301            'mysql_datetime',
302            true),
303
304          'COMMENT' => trigger_event('render_comment_content',$row['content']),
305          )
306        );
307
308      if (is_admin())
309      {
310        $template->assign_block_vars(
311          'comments.comment.delete',
312          array(
313            'U_COMMENT_DELETE' =>
314              add_url_params(
315                    $url_self,
316                    array(
317                      'action'=>'delete_comment',
318                      'comment_to_delete'=>$row['id']
319                    )
320                )
321            )
322          );
323      }
324    }
325  }
326
327  if (!$user['is_the_guest']
328      or ($user['is_the_guest'] and $conf['comments_forall']))
329  {
330    $key = time();
331    $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']);
332    $content = '';
333    if ('reject'===@$comment_action)
334    {
335      $content = htmlspecialchars($comm['content']);
336    }
337    $template->assign_block_vars('comments.add_comment',
338        array(
339          'KEY' => $key,
340          'CONTENT' => $content
341        ));
342    // display author field if the user is not logged in
343    if ($user['is_the_guest'])
344    {
345      $template->assign_block_vars(
346        'comments.add_comment.author_field', array()
347        );
348    }
349  }
350}
351
352?>
Note: See TracBrowser for help on using the repository browser.