Skip to content

Commit

Permalink
bug 2660: check guest IP on insert_user_comment (same system as rate_…
Browse files Browse the repository at this point in the history 
…picture)

git-svn-id: http://piwigo.org/svn/trunk@15983 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information
@mistic100
mistic100 committed Jun 24, 2012
1 parent 3ecd123 commit d39aaff
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 1 deletion.
19 changes: 18 additions & 1 deletion include/functions_comment.inc.php
View file
Expand Up @@ -126,6 +126,14 @@ function insert_user_comment( &$comm, $key, &$infos )
$comment_action='reject';
$_POST['cr'][] = 'key'; // rvelices: I use this outside to see how spam robots work
}

// anonymous id = ip address
$ip_components = explode('.', $comm['ip']);
if (count($ip_components) > 3)
{
array_pop($ip_components);
}
$comm['anonymous_id'] = implode('.', $ip_components);

if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
{ // anti-flood system
Expand All @@ -135,6 +143,14 @@ function insert_user_comment( &$comm, $key, &$infos )
SELECT count(1) FROM '.COMMENTS_TABLE.'
WHERE date > '.$reference_date.'
AND author_id = '.$comm['author_id'];
if (!is_classic_user())
{
$query.= '
AND anonymous_id = "'.$comm['anonymous_id'].'"';
}
$query.= '
;';

list($counter) = pwg_db_fetch_row(pwg_query($query));
if ( $counter > 0 )
{
Expand All @@ -152,10 +168,11 @@ function insert_user_comment( &$comm, $key, &$infos )
{
$query = '
INSERT INTO '.COMMENTS_TABLE.'
(author, author_id, content, date, validated, validation_date, image_id)
(author, author_id, anonymous_id, content, date, validated, validation_date, image_id)
VALUES (
\''.$comm['author'].'\',
'.$comm['author_id'].',
\''.$comm['anonymous_id'].'\',
\''.$comm['content'].'\',
NOW(),
\''.($comment_action=='validate' ? 'true':'false').'\',
Expand Down
38 changes: 38 additions & 0 deletions install/db/128-database.php
View file
@@ -0,0 +1,38 @@
<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based photo gallery |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008-2012 Piwigo Team http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+

if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}

$upgrade_description = 'add anonymous_id in comments table';

include_once(PHPWG_ROOT_PATH.'include/constants.php');

$query = 'ALTER TABLE `'.COMMENTS_TABLE.'` ADD `anonymous_id` VARCHAR( 45 ) DEFAULT NULL;';
pwg_query($query);

echo "\n".$upgrade_description."\n";

?>
1 change: 1 addition & 0 deletions install/piwigo_structure-mysql.sql
View file
Expand Up @@ -52,6 +52,7 @@ CREATE TABLE `piwigo_comments` (
`date` datetime NOT NULL default '0000-00-00 00:00:00',
`author` varchar(255) default NULL,
`author_id` smallint(5) DEFAULT NULL,
`anonymous_id` varchar(45) NOT NULL,
`content` longtext,
`validated` enum('true','false') NOT NULL default 'false',
`validation_date` datetime default NULL,
Expand Down

0 comments on commit d39aaff

Please sign in to comment.