source: extensions/GuestBook/include/functions_comment.inc.php @ 26111

Last change on this file since 26111 was 26111, checked in by mistic100, 10 years ago

use new trigger methods and add extra param
File size: 8.2 KB
Line 
1<?php
2defined('GUESTBOOK_PATH') or die('Hacking attempt!');
3
4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5
6
7function insert_user_comment_guestbook( &$comm, $key )
8{
9  global $conf, $user, $page;
10
11  $comm = array_merge($comm,
12    array(
13      'ip' => $_SERVER['REMOTE_ADDR'],
14      'agent' => $_SERVER['HTTP_USER_AGENT']
15    )
16   );
17 
18  if (!$conf['guestbook']['comments_validation'] or is_admin())
19  {
20    $comment_action='validate';
21  }
22  else
23  {
24    $comment_action='moderate';
25  }
26
27  // author
28  if (!is_classic_user())
29  {
30    if (empty($comm['author']))
31    {
32      $page['errors'][] = l10n('Please enter your username');
33      $comment_action='reject';
34    }
35    else
36    {
37      $comm['author_id'] = $conf['guest_id'];
38      // if a guest try to use the name of an already existing user,
39      // he must be rejected
40      $query = '
41SELECT COUNT(*) AS user_exists
42  FROM '.USERS_TABLE.'
43  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'
44;";
45      $row = pwg_db_fetch_assoc(pwg_query($query));
46     
47      if ($row['user_exists'] == 1)
48      {
49        $page['errors'][] = l10n('This login is already used by another user');
50        $comment_action='reject';
51      }
52    }
53  }
54  else
55  {
56    $comm['author'] = addslashes($user['username']);
57    $comm['author_id'] = $user['id'];
58  }
59
60  // content
61  if (empty($comm['content']))
62  {
63    $comment_action='reject';
64  }
65
66  // key
67  if (!verify_ephemeral_key(@$key))
68  {
69    $comment_action='reject';
70    $_POST['cr'][] = 'key';
71  }
72 
73  // email
74  if (empty($comm['email']) and is_classic_user() and !empty($user['email']))
75  {
76    $comm['email'] = $user['email'];
77  }
78  else if (empty($comm['email']) and $conf['comments_email_mandatory'])
79  {
80    $page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
81    $comment_action='reject';
82  }
83  else if (!empty($comm['email']) and !email_check_format($comm['email']))
84  {
85    $page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
86    $comment_action='reject';
87  }
88 
89  // website
90  if (!empty($comm['website']) and !preg_match('/^(https?:\/\/)/i', $comm['website']))
91  {
92    $comm['website'] = 'http://'.$comm['website'];
93  }
94  if (!empty($comm['website']) and !url_check_format($comm['website']))
95  {
96    $page['errors'][] = l10n('invalid website address');
97    $comment_action='reject';
98  }
99 
100  // anonymous id = ip address
101  $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
102  if (count($ip_components) > 3)
103  {
104    array_pop($ip_components);
105  }
106  $comm['anonymous_id'] = implode('.', $ip_components);
107 
108  // comment validation and anti-spam
109  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
110  {
111    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
112   
113    $query = '
114SELECT COUNT(1) FROM '.GUESTBOOK_TABLE.'
115  WHERE
116    date > '.$reference_date.'
117    AND author_id = '.$comm['author_id'];
118    if (!is_classic_user())
119    {
120      $query.= '
121      AND anonymous_id = "'.$comm['anonymous_id'].'"';
122    }
123    $query.= '
124;';
125   
126    list($counter) = pwg_db_fetch_row(pwg_query($query));
127    if ($counter > 0)
128    {
129      $page['errors'][] = l10n('Anti-flood system : please wait for a moment before trying to post another comment');
130      $comment_action='reject';
131    }
132  }
133 
134  // perform more spam check
135  $comment_action = trigger_change('user_comment_check', $comment_action, $comm, 'guestbook');
136
137  if ($comment_action!='reject')
138  {
139    $query = '
140INSERT INTO '.GUESTBOOK_TABLE.'(
141    author,
142    author_id,
143    anonymous_id,
144    content,
145    date,
146    validated,
147    validation_date,
148    website,
149    rate,
150    email
151  )
152  VALUES (
153    \''.$comm['author'].'\',
154    '.$comm['author_id'].',
155    \''.$comm['anonymous_id'].'\',
156    \''.$comm['content'].'\',
157    NOW(),
158    \''.($comment_action=='validate' ? 'true':'false').'\',
159    '.($comment_action=='validate' ? 'NOW()':'NULL').',
160    '.(!empty($comm['website']) ? '\''.$comm['website'].'\'' : 'NULL').',
161    '.(!empty($comm['rate']) ? $comm['rate'] : 'NULL').',
162    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
163  )
164';
165
166    pwg_query($query);
167
168    $comm['id'] = pwg_db_insert_id(GUESTBOOK_TABLE);
169
170    if ( ($conf['guestbook']['email_admin_on_comment'] and 'validate' == $comment_action)
171        or ($conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
172    {
173      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
174
175      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
176
177      $keyargs_content = array(
178        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
179        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
180        get_l10n_args('', ''),
181        get_l10n_args('Manage this user comment: %s', $comment_url)
182      );
183
184      if ('moderate' == $comment_action)
185      {
186        $keyargs_content[] = get_l10n_args('', '');
187        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
188      }
189
190      pwg_mail_notification_admins(
191        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
192        $keyargs_content
193      );
194    }
195  }
196 
197  return $comment_action;
198}
199
200function update_user_comment_guestbook($comment, $post_key)
201{
202  global $conf;
203
204  $comment_action = 'validate';
205
206  if (!verify_ephemeral_key($post_key))
207  {
208    $comment_action='reject';
209  }
210  else if (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated
211  {
212    $comment_action='validate';
213  }
214  else
215  {
216    $comment_action='moderate';
217  }
218
219  if ($comment_action!='reject')
220  {
221    $user_where_clause = '';
222    if (!is_admin())
223    {
224      $user_where_clause = '   AND author_id = \''.
225        $GLOBALS['user']['id'].'\'';
226    }
227
228    $query = '
229UPDATE '.GUESTBOOK_TABLE.'
230  SET content = \''.$comment['content'].'\',
231      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
232      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
233  WHERE id = '.$comment['comment_id'].
234$user_where_clause.'
235;';
236    $result = pwg_query($query);
237   
238    // mail admin and ask to validate the comment
239    if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
240    {
241      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
242     
243      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
244
245      $keyargs_content = array(
246        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
247        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
248        get_l10n_args('', ''),
249        get_l10n_args('Manage this user comment: %s', $comment_url),
250        get_l10n_args('', ''),
251        get_l10n_args('(!) This comment requires validation', ''),
252      );
253
254      pwg_mail_notification_admins(
255        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
256        $keyargs_content
257      );
258    }
259  }
260 
261  return $comment_action;
262}
263
264function get_comment_author_id_guestbook($comment_id, $die_on_error=true)
265{
266  $query = '
267SELECT
268    author_id
269  FROM '.GUESTBOOK_TABLE.'
270  WHERE id = '.$comment_id.'
271;';
272  $result = pwg_query($query);
273
274  if (pwg_db_num_rows($result) == 0)
275  {
276    if ($die_on_error)
277    {
278      fatal_error('Unknown comment identifier');
279    }
280    else
281    {
282      return false;
283    }
284  }
285 
286  list($author_id) = pwg_db_fetch_row($result);
287
288  return $author_id;
289}
290
291function delete_user_comment_guestbook($comment_id)
292{
293  $user_where_clause = '';
294  if (!is_admin())
295  {
296    $user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
297  }
298 
299  if (is_array($comment_id))
300  {
301    $where_clause = 'id IN('.implode(',', $comment_id).')';
302  }
303  else
304  {
305    $where_clause = 'id = '.$comment_id;
306  }
307   
308  $query = '
309DELETE FROM '.GUESTBOOK_TABLE.'
310  WHERE '.$where_clause.
311$user_where_clause.'
312;';
313  pwg_query($query);
314}
315
316function validate_user_comment_guestbook($comment_id)
317{
318  if (is_array($comment_id))
319  {
320    $where_clause = 'id IN('.implode(',', $comment_id).')';
321  }
322  else
323  {
324    $where_clause = 'id = '.$comment_id;
325  }
326   
327  $query = '
328UPDATE '.GUESTBOOK_TABLE.'
329  SET validated = \'true\'
330    , validation_date = NOW()
331  WHERE '.$where_clause.'
332;';
333  pwg_query($query);
334}
Note: See TracBrowser for help on using the repository browser.