source: extensions/GuestBook/include/functions_comment.inc.php @ 23982

Last change on this file since 23982 was 21542, checked in by mistic100, 12 years ago

directly use Piwigo functions for email and url check (break compatibility < 2.5)
File size: 8.5 KB
Line 
1<?php
2if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5add_event_handler('user_comment_check_guestbook', 'user_comment_check',
6  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
7
8function insert_user_comment_guestbook( &$comm, $key )
9{
10  global $conf, $user, $page;
11
12  $comm = array_merge( $comm,
13    array(
14      'ip' => $_SERVER['REMOTE_ADDR'],
15      'agent' => $_SERVER['HTTP_USER_AGENT']
16    )
17   );
18 
19  if (!$conf['guestbook']['comments_validation'] or is_admin())
20  {
21    $comment_action='validate'; //one of validate, moderate, reject
22  }
23  else
24  {
25    $comment_action='moderate'; //one of validate, moderate, reject
26  }
27
28  // display author field if the user status is guest or generic
29  if (!is_classic_user())
30  {
31    if ( empty($comm['author']) )
32    {
33      array_push($page['errors'], l10n('Please enter your username'));
34      $comment_action='reject';
35    }
36    else
37    {
38      $comm['author_id'] = $conf['guest_id'];
39      // if a guest try to use the name of an already existing user, he must be
40      // rejected
41      $query = '
42SELECT COUNT(*) AS user_exists
43  FROM '.USERS_TABLE.'
44  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
45      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
46     
47      if ( $row['user_exists'] == 1 )
48      {
49        array_push($page['errors'], l10n('This login is already used by another user') );
50        $comment_action='reject';
51      }
52    }
53  }
54  else
55  {
56    $comm['author'] = addslashes($user['username']);
57    $comm['author_id'] = $user['id'];
58  }
59
60  if ( empty($comm['content']) )
61  { // empty comment content
62    $comment_action='reject';
63  }
64
65  if ( !verify_ephemeral_key(@$key) )
66  {
67    $comment_action='reject';
68    $_POST['cr'][] = 'key';
69  }
70 
71  // email
72  if ( empty($comm['email']) and is_classic_user() and !empty($user['email']) )
73  {
74    $comm['email'] = $user['email'];
75  }
76  else if ( !empty($comm['email']) and !email_check_format($comm['email']) )
77  {
78    array_push($page['errors'], l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));
79    $comment_action='reject';
80  }
81 
82  // website
83  if ( !empty($comm['website']) and !preg_match('/^(https?:\/\/)/i', $comm['website']) )
84  {
85    $comm['website'] = 'http://'.$comm['website'];
86  }
87  if ( !empty($comm['website']) and !url_check_format($comm['website']) )
88  {
89    array_push($page['errors'], l10n('invalid website address'));
90    $comment_action='reject';
91  }
92 
93  // anonymous id = ip address
94  $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
95  if (count($ip_components) > 3)
96  {
97    array_pop($ip_components);
98  }
99  $comm['anonymous_id'] = implode('.', $ip_components);
100 
101  // comment validation and anti-spam
102  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
103  {
104    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
105   
106    $query = '
107SELECT COUNT(1) FROM '.GUESTBOOK_TABLE.'
108  WHERE
109    date > '.$reference_date.'
110    AND author_id = '.$comm['author_id'];
111    if (!is_classic_user())
112    {
113      $query.= '
114      AND anonymous_id = "'.$comm['anonymous_id'].'"';
115    }
116    $query.= '
117;';
118   
119    list($counter) = pwg_db_fetch_row(pwg_query($query));
120    if ($counter > 0)
121    {
122      array_push($page['errors'], l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
123      $comment_action='reject';
124    }
125  }
126 
127  // perform more spam check
128  $comment_action = trigger_event('user_comment_check_guestbook',
129      $comment_action, $comm
130    );
131
132  if ( $comment_action!='reject' )
133  {
134    $query = '
135INSERT INTO '.GUESTBOOK_TABLE.'(
136    author,
137    author_id,
138    anonymous_id,
139    content,
140    date,
141    validated,
142    validation_date,
143    website,
144    rate,
145    email
146  )
147  VALUES (
148    \''.$comm['author'].'\',
149    '.$comm['author_id'].',
150    \''.$comm['anonymous_id'].'\',
151    \''.$comm['content'].'\',
152    NOW(),
153    \''.($comment_action=='validate' ? 'true':'false').'\',
154    '.($comment_action=='validate' ? 'NOW()':'NULL').',
155    '.(!empty($comm['website']) ? '\''.$comm['website'].'\'' : 'NULL').',
156    '.(!empty($comm['rate']) ? $comm['rate'] : 'NULL').',
157    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
158  )
159';
160
161    pwg_query($query);
162
163    $comm['id'] = pwg_db_insert_id(GUESTBOOK_TABLE);
164
165    if ( ($conf['guestbook']['email_admin_on_comment'] and 'validate' == $comment_action)
166        or ($conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
167    {
168      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
169
170      $comment_url = get_absolute_root_url().add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
171
172      $keyargs_content = array
173      (
174        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
175        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
176        get_l10n_args('', ''),
177        get_l10n_args('Manage this user comment: %s', $comment_url)
178      );
179
180      if ('moderate' == $comment_action)
181      {
182        $keyargs_content[] = get_l10n_args('', '');
183        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
184      }
185
186      pwg_mail_notification_admins
187      (
188        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
189        $keyargs_content
190      );
191    }
192  }
193  return $comment_action;
194}
195
196function update_user_comment_guestbook($comment, $post_key)
197{
198  global $conf;
199
200  $comment_action = 'validate';
201
202  if ( !verify_ephemeral_key($post_key) )
203  {
204    $comment_action='reject';
205  }
206  elseif (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated
207  {
208    $comment_action='validate'; //one of validate, moderate, reject
209  }
210  else
211  {
212    $comment_action='moderate'; //one of validate, moderate, reject
213  }
214
215  if ( $comment_action!='reject' )
216  {
217    $user_where_clause = '';
218    if (!is_admin())
219    {
220      $user_where_clause = '   AND author_id = \''.
221        $GLOBALS['user']['id'].'\'';
222    }
223
224    $query = '
225UPDATE '.GUESTBOOK_TABLE.'
226  SET content = \''.$comment['content'].'\',
227      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
228      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
229  WHERE id = '.$comment['comment_id'].
230$user_where_clause.'
231;';
232    $result = pwg_query($query);
233   
234    // mail admin and ask to validate the comment
235    if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
236    {
237      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
238     
239      $comment_url = get_absolute_root_url().add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
240
241      $keyargs_content = array
242      (
243        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
244        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
245        get_l10n_args('', ''),
246        get_l10n_args('Manage this user comment: %s', $comment_url),
247        get_l10n_args('', ''),
248        get_l10n_args('(!) This comment requires validation', ''),
249      );
250
251      pwg_mail_notification_admins
252      (
253        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
254        $keyargs_content
255      );
256    }
257  }
258 
259  return $comment_action;
260}
261
262function get_comment_author_id_guestbook($comment_id, $die_on_error=true)
263{
264  $query = '
265SELECT
266    author_id
267  FROM '.GUESTBOOK_TABLE.'
268  WHERE id = '.$comment_id.'
269;';
270  $result = pwg_query($query);
271  if (pwg_db_num_rows($result) == 0)
272  {
273    if ($die_on_error)
274    {
275      fatal_error('Unknown comment identifier');
276    }
277    else
278    {
279      return false;
280    }
281  }
282 
283  list($author_id) = pwg_db_fetch_row($result);
284
285  return $author_id;
286}
287
288function delete_user_comment_guestbook($comment_id)
289{
290  $user_where_clause = '';
291  if (!is_admin())
292  {
293    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
294  }
295 
296  if (is_array($comment_id))
297    $where_clause = 'id IN('.implode(',', $comment_id).')';
298  else
299    $where_clause = 'id = '.$comment_id;
300   
301  $query = '
302DELETE FROM '.GUESTBOOK_TABLE.'
303  WHERE '.$where_clause.
304$user_where_clause.'
305;';
306  pwg_query($query);
307}
308
309function validate_user_comment_guestbook($comment_id)
310{
311  if (is_array($comment_id))
312    $where_clause = 'id IN('.implode(',', $comment_id).')';
313  else
314    $where_clause = 'id = '.$comment_id;
315   
316  $query = '
317UPDATE '.GUESTBOOK_TABLE.'
318  SET validated = \'true\'
319    , validation_date = NOW()
320  WHERE '.$where_clause.'
321;';
322  pwg_query($query);
323}
324
325?>
Note: See TracBrowser for help on using the repository browser.