Context Navigation

source: trunk/include/picture_comment.inc.php @ 1819

Last change on this file since 1819 was 1819, checked in by rub, 17 years ago
Stupid modification on picture_comment.inc.php about validate link!
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 10.3 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $Id: picture_comment.inc.php 1819 2007-02-14 23:16:54Z rub $
9	// \| last update : $Date: 2007-02-14 23:16:54 +0000 (Wed, 14 Feb 2007) $
10	// \| last modifier : $Author: rub $
11	// \| revision : $Revision: 1819 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	/**
29	* This file is included by the picture page to manage user comments
30	*
31	*/
32
33	//returns string action to perform on a new comment: validate, moderate, reject
34	function user_comment_check($action, $comment, $picture)
35	{
36	global $conf,$user;
37
38	if ($action=='reject')
39	return $action;
40
41	$my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
42	if ($action==$my_action)
43	return $action;
44
45	// we do here only BASIC spam check (plugins can do more)
46	if ( !$user['is_the_guest'] )
47	return $action;
48
49	$link_count = preg_match_all( '/https?:\/\//',
50	$comment['content'], $matches);
51
52	if ( $link_count>$conf['comment_spam_max_links'] )
53	return $my_action;
54
55	if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] )
56	{
57	$rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
58	$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
59	$res = gethostbyname( $lookup );
60	if ( $lookup != $res )
61	return $my_action;
62	}
63
64	return $action;
65	}
66
67
68
69	add_event_handler('user_comment_check', 'user_comment_check',
70	EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
71
72
73	// the picture is commentable if it belongs at least to one category which
74	// is commentable
75	$page['show_comments'] = false;
76	foreach ($related_categories as $category)
77	{
78	if ($category['commentable'] == 'true')
79	{
80	$page['show_comments'] = true;
81	break;
82	}
83	}
84
85	if ( $page['show_comments'] and isset( $_POST['content'] ) )
86	{
87	if ( $user['is_the_guest'] and !$conf['comments_forall'] )
88	{
89	die ('Session expired');
90	}
91	if (!$conf['comments_validation'] or is_admin())
92	{
93	$comment_action='validate'; //one of validate, moderate, reject
94	}
95	else
96	{
97	$comment_action='moderate'; //one of validate, moderate, reject
98	}
99
100	$_POST['content'] = trim( stripslashes($_POST['content']) );
101
102	if ( $user['is_the_guest'] )
103	{
104	$author = empty($_POST['author'])?'guest':$_POST['author'];
105	// if a guest try to use the name of an already existing user, he must be
106	// rejected
107	if ( $author != 'guest' )
108	{
109	$query = 'SELECT COUNT(*) AS user_exists';
110	$query.= ' FROM '.USERS_TABLE;
111	$query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
112	$query.= ';';
113	$row = mysql_fetch_assoc( pwg_query( $query ) );
114	if ( $row['user_exists'] == 1 )
115	{
116	$template->assign_block_vars(
117	'information',
118	array('INFORMATION'=>$lang['comment_user_exists']));
119	$comment_action='reject';
120	}
121	}
122	}
123	else
124	{
125	$author = $user['username'];
126	}
127
128	$comm = array(
129	'author' => $author,
130	'content' => $_POST['content'],
131	'image_id' => $page['image_id'],
132	'ip' => $_SERVER['REMOTE_ADDR'],
133	'agent' => $_SERVER['HTTP_USER_AGENT']
134	);
135
136	if ($comment_action!='reject' and empty($comm['content']) )
137	{ // empty comment content
138	$comment_action='reject';
139	}
140
141	$key = explode(':', @$_POST['key']);
142	if ( count($key)!=2
143	or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
144	or $key[0]<time()-3600 // 60 minutes expiration
145	or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1]
146	)
147	{
148	$comment_action='reject';
149	}
150
151	if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
152	{ // anti-flood system
153	$reference_date = time() - $conf['anti-flood_time'];
154	$query = 'SELECT id FROM '.COMMENTS_TABLE;
155	$query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
156	$query.= " AND author = '".$comm['author']."'";
157	$query.= ';';
158	if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
159	{
160	$template->assign_block_vars(
161	'information',
162	array('INFORMATION'=>$lang['comment_anti-flood']));
163	$comment_action='reject';
164	}
165	}
166
167	// perform more spam check
168	$comment_action = trigger_event('user_comment_check',
169	$comment_action, $comm, $picture['current']
170	);
171
172	if ( $comment_action!='reject' )
173	{
174	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
175
176	$data = $comm;
177	$data['date'] = $dbnow;
178	$data['content'] = addslashes(
179	// this htmlpsecialchars is not good here
180	htmlspecialchars($comm['content'],ENT_QUOTES)
181	);
182
183	if ($comment_action=='validate')
184	{
185	$data['validated'] = 'true';
186	$data['validation_date'] = $dbnow;
187	}
188	else
189	{
190	$data['validated'] = 'false';
191	}
192
193	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
194	$fields = array('author', 'date', 'image_id', 'content', 'validated',
195	'validation_date');
196	mass_inserts(COMMENTS_TABLE, $fields, array($data));
197	$comm['id'] = mysql_insert_id();
198
199	// information message
200	$message = $lang['comment_added'];
201	if ($comment_action!='validate')
202	{
203	$message.= '<br />'.$lang['comment_to_validate'];
204	}
205	$template->assign_block_vars('information',
206	array('INFORMATION'=>$message));
207	if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
208	or $conf['email_admin_on_comment_validation'] )
209	{
210	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
211
212	$del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
213
214	$content =
215	'Author: '.$comm['author']."\n"
216	.'Comment: '.$comm['content']."\n"
217	.'IP: '.$comm['ip']."\n"
218	.'Browser: '.$comm['agent']."\n\n"
219	.'Delete: '.$del_url."\n";
220
221	if ($comment_action!='validate')
222	{
223	$content .=
224	'Validate: '.get_absolute_root_url()
225	.'comments.php?validate='.$comm['id'];
226	}
227
228	pwg_mail
229	(
230	format_email('administrators', get_webmaster_mail_address()),
231	array
232	(
233	'subject' => 'PWG comment by '.$comm['author'],
234	'content' => $content,
235	'Bcc' => get_administrators_email()
236	)
237	);
238	}
239	}
240	else
241	{
242	set_status_header(403);
243	$template->assign_block_vars('information',
244	array('INFORMATION'=>l10n('comment_not_added') )
245	);
246	}
247
248	// allow plugins to notify what's going on
249	trigger_action( 'user_comment_insertion',
250	array_merge($comm, array('action'=>$comment_action) )
251	);
252	}
253
254
255	if ($page['show_comments'])
256	{
257	// number of comment for this picture
258	$query = 'SELECT COUNT(*) AS nb_comments';
259	$query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$page['image_id'];
260	$query.= " AND validated = 'true'";
261	$query.= ';';
262	$row = mysql_fetch_array( pwg_query( $query ) );
263
264	// navigation bar creation
265	if (!isset($page['start']))
266	{
267	$page['start'] = 0;
268	}
269
270	$page['navigation_bar'] = create_navigation_bar(
271	duplicate_picture_url(array(), array('start')),
272	$row['nb_comments'],
273	$page['start'],
274	$conf['nb_comment_page'],
275	true // We want a clean URL
276	);
277
278	$template->assign_block_vars(
279	'comments',
280	array(
281	'NB_COMMENT' => $row['nb_comments'],
282	'NAV_BAR' => $page['navigation_bar'],
283	)
284	);
285
286	if ($row['nb_comments'] > 0)
287	{
288	$query = '
289	SELECT id,author,date,image_id,content
290	FROM '.COMMENTS_TABLE.'
291	WHERE image_id = '.$page['image_id'].'
292	AND validated = \'true\'
293	ORDER BY date ASC
294	LIMIT '.$page['start'].', '.$conf['nb_comment_page'].'
295	;';
296	$result = pwg_query( $query );
297
298	while ($row = mysql_fetch_array($result))
299	{
300	$template->assign_block_vars(
301	'comments.comment',
302	array(
303	'COMMENT_AUTHOR' => empty($row['author'])
304	? $lang['guest']
305	: $row['author'],
306
307	'COMMENT_DATE' => format_date(
308	$row['date'],
309	'mysql_datetime',
310	true),
311
312	'COMMENT' => trigger_event('render_comment_content',$row['content']),
313	)
314	);
315
316	if (is_admin())
317	{
318	$template->assign_block_vars(
319	'comments.comment.delete',
320	array(
321	'U_COMMENT_DELETE' =>
322	add_url_params(
323	$url_self,
324	array(
325	'action'=>'delete_comment',
326	'comment_to_delete'=>$row['id']
327	)
328	)
329	)
330	);
331	}
332	}
333	}
334
335	if (!$user['is_the_guest']
336	or ($user['is_the_guest'] and $conf['comments_forall']))
337	{
338	$key = time();
339	$key .= ':'.hash_hmac('md5', $key, $conf['secret_key']);
340	$content = '';
341	if ('reject'===@$comment_action)
342	{
343	$content = htmlspecialchars($comm['content']);
344	}
345	$template->assign_block_vars('comments.add_comment',
346	array(
347	'KEY' => $key,
348	'CONTENT' => $content
349	));
350	// display author field if the user is not logged in
351	if ($user['is_the_guest'])
352	{
353	$template->assign_block_vars(
354	'comments.add_comment.author_field', array()
355	);
356	}
357	}
358	}
359
360	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: