source: extensions/GuestBook/include/functions_comment.inc.php @ 28630

Last change on this file since 28630 was 28630, checked in by mistic100, 10 years ago

use trigger_change
File size: 8.3 KB
Line 
1<?php
2defined('GUESTBOOK_PATH') or die('Hacking attempt!');
3
4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5
6
7function insert_user_comment_guestbook( &$comm, $key )
8{
9  global $conf, $user, $page;
10
11  $comm = array_merge($comm,
12    array(
13      'ip' => $_SERVER['REMOTE_ADDR'],
14      'agent' => $_SERVER['HTTP_USER_AGENT']
15    )
16   );
17 
18  if (!$conf['guestbook']['comments_validation'] or is_admin())
19  {
20    $comment_action='validate';
21  }
22  else
23  {
24    $comment_action='moderate';
25  }
26
27  // author
28  if (!is_classic_user())
29  {
30    if (empty($comm['author']))
31    {
32      $page['errors'][] = l10n('Please enter your username');
33      $comment_action='reject';
34    }
35    else
36    {
37      $comm['author_id'] = $conf['guest_id'];
38      // if a guest try to use the name of an already existing user,
39      // he must be rejected
40      $query = '
41SELECT COUNT(*) AS user_exists
42  FROM '.USERS_TABLE.'
43  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'
44;";
45      $row = pwg_db_fetch_assoc(pwg_query($query));
46     
47      if ($row['user_exists'] == 1)
48      {
49        $page['errors'][] = l10n('This login is already used by another user');
50        $comment_action='reject';
51      }
52    }
53  }
54  else
55  {
56    $comm['author'] = addslashes($user['username']);
57    $comm['author_id'] = $user['id'];
58  }
59
60  // content
61  if (empty($comm['content']))
62  {
63    $comment_action='reject';
64  }
65
66  // key
67  if (!verify_ephemeral_key(@$key))
68  {
69    $comment_action='reject';
70    $_POST['cr'][] = 'key';
71  }
72 
73  // email
74  if (empty($comm['email']) and is_classic_user() and !empty($user['email']))
75  {
76    $comm['email'] = $user['email'];
77  }
78  else if (empty($comm['email']) and $conf['comments_email_mandatory'])
79  {
80    $page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
81    $comment_action='reject';
82  }
83  else if (!empty($comm['email']) and !email_check_format($comm['email']))
84  {
85    $page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
86    $comment_action='reject';
87  }
88 
89  // website
90  if (!empty($comm['website']))
91  {
92    $comm['website'] = strip_tags($comm['website']);
93    if (!preg_match('/^(https?:\/\/)/i', $comm['website']))
94    {
95      $comm['website'] = 'http://'.$comm['website'];
96    }
97    if (!url_check_format($comm['website']))
98    {
99      $page['errors'][] = l10n('invalid website address');
100      $comment_action='reject';
101    }
102  }
103 
104  // anonymous id = ip address
105  $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
106  if (count($ip_components) > 3)
107  {
108    array_pop($ip_components);
109  }
110  $comm['anonymous_id'] = implode('.', $ip_components);
111 
112  // comment validation and anti-spam
113  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
114  {
115    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
116   
117    $query = '
118SELECT COUNT(1) FROM '.GUESTBOOK_TABLE.'
119  WHERE
120    date > '.$reference_date.'
121    AND author_id = '.$comm['author_id'];
122    if (!is_classic_user())
123    {
124      $query.= '
125      AND anonymous_id = "'.$comm['anonymous_id'].'"';
126    }
127    $query.= '
128;';
129   
130    list($counter) = pwg_db_fetch_row(pwg_query($query));
131    if ($counter > 0)
132    {
133      $page['errors'][] = l10n('Anti-flood system : please wait for a moment before trying to post another comment');
134      $comment_action='reject';
135    }
136  }
137 
138  // perform more spam check
139  $comment_action = trigger_change('user_comment_check', $comment_action, $comm, 'guestbook');
140
141  if ($comment_action!='reject')
142  {
143    $query = '
144INSERT INTO '.GUESTBOOK_TABLE.'(
145    author,
146    author_id,
147    anonymous_id,
148    content,
149    date,
150    validated,
151    validation_date,
152    website,
153    rate,
154    email
155  )
156  VALUES (
157    \''.$comm['author'].'\',
158    '.$comm['author_id'].',
159    \''.$comm['anonymous_id'].'\',
160    \''.$comm['content'].'\',
161    NOW(),
162    \''.($comment_action=='validate' ? 'true':'false').'\',
163    '.($comment_action=='validate' ? 'NOW()':'NULL').',
164    '.(!empty($comm['website']) ? '\''.$comm['website'].'\'' : 'NULL').',
165    '.(!empty($comm['rate']) ? $comm['rate'] : 'NULL').',
166    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
167  )
168';
169
170    pwg_query($query);
171
172    $comm['id'] = pwg_db_insert_id(GUESTBOOK_TABLE);
173
174    if ( ($conf['guestbook']['email_admin_on_comment'] and 'validate' == $comment_action)
175        or ($conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
176    {
177      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
178
179      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
180
181      $keyargs_content = array(
182        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
183        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
184        get_l10n_args('', ''),
185        get_l10n_args('Manage this user comment: %s', $comment_url)
186      );
187
188      if ('moderate' == $comment_action)
189      {
190        $keyargs_content[] = get_l10n_args('', '');
191        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
192      }
193
194      pwg_mail_notification_admins(
195        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
196        $keyargs_content
197      );
198    }
199  }
200 
201  return $comment_action;
202}
203
204function update_user_comment_guestbook($comment, $post_key)
205{
206  global $conf;
207
208  $comment_action = 'validate';
209
210  if (!verify_ephemeral_key($post_key))
211  {
212    $comment_action='reject';
213  }
214  else if (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated
215  {
216    $comment_action='validate';
217  }
218  else
219  {
220    $comment_action='moderate';
221  }
222
223  if ($comment_action!='reject')
224  {
225    $user_where_clause = '';
226    if (!is_admin())
227    {
228      $user_where_clause = '   AND author_id = \''.
229        $GLOBALS['user']['id'].'\'';
230    }
231
232    $query = '
233UPDATE '.GUESTBOOK_TABLE.'
234  SET content = \''.$comment['content'].'\',
235      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
236      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
237  WHERE id = '.$comment['comment_id'].
238$user_where_clause.'
239;';
240    $result = pwg_query($query);
241   
242    // mail admin and ask to validate the comment
243    if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
244    {
245      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
246     
247      $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id']));
248
249      $keyargs_content = array(
250        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
251        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
252        get_l10n_args('', ''),
253        get_l10n_args('Manage this user comment: %s', $comment_url),
254        get_l10n_args('', ''),
255        get_l10n_args('(!) This comment requires validation', ''),
256      );
257
258      pwg_mail_notification_admins(
259        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
260        $keyargs_content
261      );
262    }
263  }
264 
265  return $comment_action;
266}
267
268function get_comment_author_id_guestbook($comment_id, $die_on_error=true)
269{
270  $query = '
271SELECT
272    author_id
273  FROM '.GUESTBOOK_TABLE.'
274  WHERE id = '.$comment_id.'
275;';
276  $result = pwg_query($query);
277
278  if (pwg_db_num_rows($result) == 0)
279  {
280    if ($die_on_error)
281    {
282      fatal_error('Unknown comment identifier');
283    }
284    else
285    {
286      return false;
287    }
288  }
289 
290  list($author_id) = pwg_db_fetch_row($result);
291
292  return $author_id;
293}
294
295function delete_user_comment_guestbook($comment_id)
296{
297  $user_where_clause = '';
298  if (!is_admin())
299  {
300    $user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
301  }
302 
303  if (is_array($comment_id))
304  {
305    $where_clause = 'id IN('.implode(',', $comment_id).')';
306  }
307  else
308  {
309    $where_clause = 'id = '.$comment_id;
310  }
311   
312  $query = '
313DELETE FROM '.GUESTBOOK_TABLE.'
314  WHERE '.$where_clause.
315$user_where_clause.'
316;';
317  pwg_query($query);
318}
319
320function validate_user_comment_guestbook($comment_id)
321{
322  if (is_array($comment_id))
323  {
324    $where_clause = 'id IN('.implode(',', $comment_id).')';
325  }
326  else
327  {
328    $where_clause = 'id = '.$comment_id;
329  }
330   
331  $query = '
332UPDATE '.GUESTBOOK_TABLE.'
333  SET validated = \'true\'
334    , validation_date = NOW()
335  WHERE '.$where_clause.'
336;';
337  pwg_query($query);
338}
Note: See TracBrowser for help on using the repository browser.