Changeset 1610
- Timestamp:
- Nov 16, 2006, 4:31:57 AM (17 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/config_default.inc.php
r1583 r1610 87 87 $conf['anti-flood_time'] = 60; 88 88 89 // qualified spam comments are not registered (false will register them 90 // but they will require admin validation) 91 $conf['comment_spam_reject'] = true; 92 93 // maximum number of links in a comment before it is qualified spam 94 $conf['comment_spam_max_links'] = 3; 95 96 // if the ip address of a comenteer is in spamhaus.org block list, the 97 // comment is qualified spam 98 $conf['comment_spam_check_ip'] = false; 99 89 100 // calendar_datefield : date field of table "images" used for calendar 90 101 // catgory -
trunk/include/picture_comment.inc.php
r1598 r1610 30 30 * 31 31 */ 32 33 if ( isset( $_POST['content'] ) and !empty($_POST['content']))32 //returns string action to perform on a new comment: validate, moderate, reject 33 function user_comment_check($action, $comment, $picture) 34 34 { 35 $register_comment = true; 36 $author = !empty($_POST['author'])?$_POST['author']:$lang['guest']; 37 // if a guest try to use the name of an already existing user, he must be 38 // rejected 39 if ( $author != $user['username'] ) 40 { 41 $query = 'SELECT COUNT(*) AS user_exists'; 42 $query.= ' FROM '.USERS_TABLE; 43 $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'"; 44 $query.= ';'; 45 $row = mysql_fetch_array( pwg_query( $query ) ); 46 if ( $row['user_exists'] == 1 ) 47 { 48 $template->assign_block_vars( 49 'information', 50 array('INFORMATION'=>$lang['comment_user_exists'])); 51 $register_comment = false; 52 } 53 } 54 55 if ( $register_comment ) 56 { 57 // anti-flood system 58 $reference_date = time() - $conf['anti-flood_time']; 59 $query = 'SELECT id FROM '.COMMENTS_TABLE; 60 $query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')'; 61 $query.= " AND author = '".$author."'"; 62 $query.= ';'; 63 if ( mysql_num_rows( pwg_query( $query ) ) == 0 64 or $conf['anti-flood_time'] == 0 ) 65 { 66 list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); 67 68 $data = array(); 69 $data{'author'} = $author; 70 $data{'date'} = $dbnow; 71 $data{'image_id'} = $page['image_id']; 72 $data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES); 73 74 if (!$conf['comments_validation'] or is_admin()) 75 { 76 $data{'validated'} = 'true'; 77 $data{'validation_date'} = $dbnow; 78 } 79 else 80 { 81 $data{'validated'} = 'false'; 82 } 83 84 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 85 $fields = array('author', 'date', 'image_id', 'content', 'validated', 86 'validation_date'); 87 mass_inserts(COMMENTS_TABLE, $fields, array($data)); 88 89 // information message 90 $message = $lang['comment_added']; 91 92 if (!$conf['comments_validation'] or is_admin()) 93 94 if ( $conf['comments_validation'] and !is_admin() ) 95 { 96 $message.= '<br />'.$lang['comment_to_validate']; 97 } 98 $template->assign_block_vars('information', 99 array('INFORMATION'=>$message)); 100 } 101 else 102 { 103 // information message 104 $template->assign_block_vars( 105 'information', 106 array('INFORMATION'=>$lang['comment_anti-flood'])); 107 } 108 } 35 global $conf,$user; 36 37 if ($action=='reject') 38 return $action; 39 40 $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate'; 41 if ($action==$my_action) 42 return $action; 43 44 // we do here only BASIC spam check (plugins can do more) 45 if ( !$user['is_the_guest'] ) 46 return $action; 47 48 $link_count = preg_match_all( '/https?:\/\//', 49 $comment['content'], $matches); 50 51 if ( $link_count>$conf['comment_spam_max_links'] ) 52 return $my_action; 53 54 if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] ) 55 { 56 $rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) ); 57 $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.'; 58 $res = gethostbyname( $lookup ); 59 if ( $lookup != $res ) 60 return $my_action; 61 } 62 63 return $action; 109 64 } 65 66 67 68 add_event_handler('user_comment_check', 'user_comment_check', 69 EVENT_HANDLER_PRIORITY_NEUTRAL, 3); 70 110 71 111 72 // the picture is commentable if it belongs at least to one category which … … 117 78 { 118 79 $page['show_comments'] = true; 80 break; 119 81 } 120 82 } 83 84 if ( $page['show_comments'] and isset( $_POST['content'] ) ) 85 { 86 if ( $user['is_the_guest'] and !$conf['comments_forall'] ) 87 { 88 die ('Session expired'); 89 } 90 if (!$conf['comments_validation'] or is_admin()) 91 { 92 $comment_action='validate'; //one of validate, moderate, reject 93 } 94 else 95 { 96 $comment_action='moderate'; //one of validate, moderate, reject 97 } 98 99 $_POST['content'] = trim( stripslashes($_POST['content']) ); 100 101 if ( $user['is_the_guest'] ) 102 { 103 $author = empty($_POST['author'])?'guest':$_POST['author']; 104 // if a guest try to use the name of an already existing user, he must be 105 // rejected 106 if ( $author != 'guest' ) 107 { 108 $query = 'SELECT COUNT(*) AS user_exists'; 109 $query.= ' FROM '.USERS_TABLE; 110 $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'"; 111 $query.= ';'; 112 $row = mysql_fetch_assoc( pwg_query( $query ) ); 113 if ( $row['user_exists'] == 1 ) 114 { 115 $template->assign_block_vars( 116 'information', 117 array('INFORMATION'=>$lang['comment_user_exists'])); 118 $comment_action='reject'; 119 } 120 } 121 } 122 else 123 { 124 $author = $user['username']; 125 } 126 127 $comm = array( 128 'author' => $author, 129 'content' => $_POST['content'], 130 'image_id' => $page['image_id'], 131 'ip' => $_SERVER['REMOTE_ADDR'], 132 'agent' => $_SERVER['HTTP_USER_AGENT'] 133 ); 134 135 if ($comment_action!='reject' and empty($comm['content']) ) 136 { // empty comment content 137 $comment_action='reject'; 138 } 139 140 if ($comment_action!='reject' and $conf['anti-flood_time']>0 ) 141 { // anti-flood system 142 $reference_date = time() - $conf['anti-flood_time']; 143 $query = 'SELECT id FROM '.COMMENTS_TABLE; 144 $query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')'; 145 $query.= " AND author = '".$comm['author']."'"; 146 $query.= ';'; 147 if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) 148 { 149 $template->assign_block_vars( 150 'information', 151 array('INFORMATION'=>$lang['comment_anti-flood'])); 152 $comment_action='reject'; 153 } 154 } 155 156 // perform more spam check 157 $comment_action = trigger_event('user_comment_check', 158 $comment_action, $comm, $picture['current'] 159 ); 160 161 if ( $comment_action!='reject' ) 162 { 163 list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); 164 165 $data = $comm; 166 $data['date'] = $dbnow; 167 $data['content'] = addslashes( 168 // this htmlpsecialchars is not good here 169 htmlspecialchars($comm['content'],ENT_QUOTES) 170 ); 171 172 if ($comment_action=='validate') 173 { 174 $data['validated'] = 'true'; 175 $data['validation_date'] = $dbnow; 176 } 177 else 178 { 179 $data['validated'] = 'false'; 180 } 181 182 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 183 $fields = array('author', 'date', 'image_id', 'content', 'validated', 184 'validation_date'); 185 mass_inserts(COMMENTS_TABLE, $fields, array($data)); 186 $comm['id'] = mysql_insert_id(); 187 188 // information message 189 $message = $lang['comment_added']; 190 if ($comment_action!='validate') 191 { 192 $message.= '<br />'.$lang['comment_to_validate']; 193 } 194 $template->assign_block_vars('information', 195 array('INFORMATION'=>$message)); 196 } 197 else 198 { 199 $template->assign_block_vars('information', 200 array('INFORMATION'=>l10n('comment_not_added') ) 201 ); 202 } 203 204 // allow plugins to notify what's going on 205 trigger_action( 'user_comment_insertion', 206 array_merge($comm, array('action'=>$comment_action) ) 207 ); 208 } 209 121 210 122 211 if ($page['show_comments']) … … 205 294 $template->assign_block_vars('comments.add_comment', array()); 206 295 // display author field if the user is not logged in 207 if (!$user['is_the_guest']) 208 { 209 $template->assign_block_vars( 210 'comments.add_comment.author_known', 211 array('KNOWN_AUTHOR'=>$user['username']) 212 ); 213 } 214 else 296 if ($user['is_the_guest']) 215 297 { 216 298 $template->assign_block_vars( -
trunk/language/en_UK.iso-8859-1/common.lang.php
r1606 r1610 414 414 $lang['comment_added'] = 'Your comment has been registered'; 415 415 $lang['comment_anti-flood'] = 'Anti-flood system : please wait for a moment before trying to post another comment'; 416 $lang['comment_not_added'] = 'Your comment has NOT been registered because it did not pass the validation rules'; 416 417 $lang['comment_to_validate'] = 'An administrator must authorize your comment before it is visible.'; 417 418 $lang['comment_user_exists'] = 'This login is already used by another user'; -
trunk/language/fr_FR.iso-8859-1/common.lang.php
r1606 r1610 413 413 $lang['comment_added'] = 'Votre commentaire a été enregistré'; 414 414 $lang['comment_anti-flood'] = 'Système anti-abus : merci de patienter avant d\'ajouter un nouveau commentaire'; 415 $lang['comment_not_added'] = 'Votre commentaire n\'a pas été enregistré parce qu\'il ne vérifie pas les règles de validation'; 415 416 $lang['comment_to_validate'] = 'Un administrateur doit valider votre commentaire afin qu\'il soit visible.'; 416 417 $lang['comment_user_exists'] = 'Ce nom d\'utilisateur est déjà pris'; -
trunk/template/yoga/picture.tpl
r1590 r1610 190 190 <label>{lang:upload_author}<input type="text" name="author"></label> 191 191 <!-- END author_field --> 192 <!-- BEGIN author_known -->193 <input type="hidden" name="author" value="{comments.add_comment.author_known.KNOWN_AUTHOR}">194 <!-- END author_known -->195 192 <label>{lang:comment}<textarea name="content" rows="10" cols="80"></textarea></label> 196 193 <input type="submit" value="{lang:submit}">
Note: See TracChangeset
for help on using the changeset viewer.