source: extensions/GuestBook/include/functions_comment.inc.php @ 25786

Last change on this file since 25786 was 25786, checked in by mistic100, 7 years ago

fix email validation

File size: 8.6 KB
Line 
1<?php
2if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5add_event_handler('user_comment_check_guestbook', 'user_comment_check',
6  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
7
8function insert_user_comment_guestbook( &$comm, $key )
9{
10  global $conf, $user, $page;
11
12  $comm = array_merge( $comm,
13    array(
14      'ip' => $_SERVER['REMOTE_ADDR'],
15      'agent' => $_SERVER['HTTP_USER_AGENT']
16    )
17   );
18 
19  if (!$conf['guestbook']['comments_validation'] or is_admin())
20  {
21    $comment_action='validate'; //one of validate, moderate, reject
22  }
23  else
24  {
25    $comment_action='moderate'; //one of validate, moderate, reject
26  }
27
28  // display author field if the user status is guest or generic
29  if (!is_classic_user())
30  {
31    if ( empty($comm['author']) )
32    {
33      array_push($page['errors'], l10n('Please enter your username'));
34      $comment_action='reject';
35    }
36    else
37    {
38      $comm['author_id'] = $conf['guest_id'];
39      // if a guest try to use the name of an already existing user, he must be
40      // rejected
41      $query = '
42SELECT COUNT(*) AS user_exists
43  FROM '.USERS_TABLE.'
44  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
45      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
46     
47      if ( $row['user_exists'] == 1 )
48      {
49        array_push($page['errors'], l10n('This login is already used by another user') );
50        $comment_action='reject';
51      }
52    }
53  }
54  else
55  {
56    $comm['author'] = addslashes($user['username']);
57    $comm['author_id'] = $user['id'];
58  }
59
60  if ( empty($comm['content']) )
61  { // empty comment content
62    $comment_action='reject';
63  }
64
65  if ( !verify_ephemeral_key(@$key) )
66  {
67    $comment_action='reject';
68    $_POST['cr'][] = 'key';
69  }
70 
71  // email
72  if ( empty($comm['email']) and is_classic_user() and !empty($user['email']) )
73  {
74    $comm['email'] = $user['email'];
75  }
76  else if ( empty($comm['email']) and $conf['comments_email_mandatory'] )
77  {
78    array_push($page['errors'], l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));
79    $comment_action='reject';
80  }
81  else if ( !empty($comm['email']) and !email_check_format($comm['email']) )
82  {
83    array_push($page['errors'], l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));
84    $comment_action='reject';
85  }
86 
87  // website
88  if ( !empty($comm['website']) and !preg_match('/^(https?:\/\/)/i', $comm['website']) )
89  {
90    $comm['website'] = 'http://'.$comm['website'];
91  }
92  if ( !empty($comm['website']) and !url_check_format($comm['website']) )
93  {
94    array_push($page['errors'], l10n('invalid website address'));
95    $comment_action='reject';
96  }
97 
98  // anonymous id = ip address
99  $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
100  if (count($ip_components) > 3)
101  {
102    array_pop($ip_components);
103  }
104  $comm['anonymous_id'] = implode('.', $ip_components);
105 
106  // comment validation and anti-spam
107  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
108  {
109    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
110   
111    $query = '
112SELECT COUNT(1) FROM '.GUESTBOOK_TABLE.'
113  WHERE
114    date > '.$reference_date.'
115    AND author_id = '.$comm['author_id'];
116    if (!is_classic_user())
117    {
118      $query.= '
119      AND anonymous_id = "'.$comm['anonymous_id'].'"';
120    }
121    $query.= '
122;';
123   
124    list($counter) = pwg_db_fetch_row(pwg_query($query));
125    if ($counter > 0)
126    {
127      array_push($page['errors'], l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
128      $comment_action='reject';
129    }
130  }
131 
132  // perform more spam check
133  $comment_action = trigger_event('user_comment_check_guestbook',
134      $comment_action, $comm
135    );
136
137  if ( $comment_action!='reject' )
138  {
139    $query = '
140INSERT INTO '.GUESTBOOK_TABLE.'(
141    author,
142    author_id,
143    anonymous_id,
144    content,
145    date,
146    validated,
147    validation_date,
148    website,
149    rate,
150    email
151  )
152  VALUES (
153    \''.$comm['author'].'\',
154    '.$comm['author_id'].',
155    \''.$comm['anonymous_id'].'\',
156    \''.$comm['content'].'\',
157    NOW(),
158    \''.($comment_action=='validate' ? 'true':'false').'\',
159    '.($comment_action=='validate' ? 'NOW()':'NULL').',
160    '.(!empty($comm['website']) ? '\''.$comm['website'].'\'' : 'NULL').',
161    '.(!empty($comm['rate']) ? $comm['rate'] : 'NULL').',
162    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
163  )
164';
165
166    pwg_query($query);
167
168    $comm['id'] = pwg_db_insert_id(GUESTBOOK_TABLE);
169
170    if ( ($conf['guestbook']['email_admin_on_comment'] and 'validate' == $comment_action)
171        or ($conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
172    {
173      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
174
175      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
176
177      $keyargs_content = array
178      (
179        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
180        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
181        get_l10n_args('', ''),
182        get_l10n_args('Manage this user comment: %s', $comment_url)
183      );
184
185      if ('moderate' == $comment_action)
186      {
187        $keyargs_content[] = get_l10n_args('', '');
188        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
189      }
190
191      pwg_mail_notification_admins
192      (
193        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
194        $keyargs_content
195      );
196    }
197  }
198  return $comment_action;
199}
200
201function update_user_comment_guestbook($comment, $post_key)
202{
203  global $conf;
204
205  $comment_action = 'validate';
206
207  if ( !verify_ephemeral_key($post_key) )
208  {
209    $comment_action='reject';
210  }
211  elseif (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated
212  {
213    $comment_action='validate'; //one of validate, moderate, reject
214  }
215  else
216  {
217    $comment_action='moderate'; //one of validate, moderate, reject
218  }
219
220  if ( $comment_action!='reject' )
221  {
222    $user_where_clause = '';
223    if (!is_admin())
224    {
225      $user_where_clause = '   AND author_id = \''.
226        $GLOBALS['user']['id'].'\'';
227    }
228
229    $query = '
230UPDATE '.GUESTBOOK_TABLE.'
231  SET content = \''.$comment['content'].'\',
232      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
233      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
234  WHERE id = '.$comment['comment_id'].
235$user_where_clause.'
236;';
237    $result = pwg_query($query);
238   
239    // mail admin and ask to validate the comment
240    if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
241    {
242      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
243     
244      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
245
246      $keyargs_content = array
247      (
248        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
249        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
250        get_l10n_args('', ''),
251        get_l10n_args('Manage this user comment: %s', $comment_url),
252        get_l10n_args('', ''),
253        get_l10n_args('(!) This comment requires validation', ''),
254      );
255
256      pwg_mail_notification_admins
257      (
258        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
259        $keyargs_content
260      );
261    }
262  }
263 
264  return $comment_action;
265}
266
267function get_comment_author_id_guestbook($comment_id, $die_on_error=true)
268{
269  $query = '
270SELECT
271    author_id
272  FROM '.GUESTBOOK_TABLE.'
273  WHERE id = '.$comment_id.'
274;';
275  $result = pwg_query($query);
276  if (pwg_db_num_rows($result) == 0)
277  {
278    if ($die_on_error)
279    {
280      fatal_error('Unknown comment identifier');
281    }
282    else
283    {
284      return false;
285    }
286  }
287 
288  list($author_id) = pwg_db_fetch_row($result);
289
290  return $author_id;
291}
292
293function delete_user_comment_guestbook($comment_id)
294{
295  $user_where_clause = '';
296  if (!is_admin())
297  {
298    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
299  }
300 
301  if (is_array($comment_id))
302    $where_clause = 'id IN('.implode(',', $comment_id).')';
303  else
304    $where_clause = 'id = '.$comment_id;
305   
306  $query = '
307DELETE FROM '.GUESTBOOK_TABLE.'
308  WHERE '.$where_clause.
309$user_where_clause.'
310;';
311  pwg_query($query);
312}
313
314function validate_user_comment_guestbook($comment_id)
315{
316  if (is_array($comment_id))
317    $where_clause = 'id IN('.implode(',', $comment_id).')';
318  else
319    $where_clause = 'id = '.$comment_id;
320   
321  $query = '
322UPDATE '.GUESTBOOK_TABLE.'
323  SET validated = \'true\'
324    , validation_date = NOW()
325  WHERE '.$where_clause.'
326;';
327  pwg_query($query);
328}
Note: See TracBrowser for help on using the repository browser.