source: trunk/include/functions_comment.inc.php @ 1956

Last change on this file since 1956 was 1908, checked in by rub, 17 years ago

Add new translation functions.inc.php
Translate subject of information mail.
Notification mails are sent on the default language.
No mail is sent to the author witch are not done actions
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 6.8 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | file          : $Id: functions_comment.inc.php 1908 2007-03-15 23:20:41Z rub $
8// | last update   : $Date: 2007-03-15 23:20:41 +0000 (Thu, 15 Mar 2007) $
9// | last modifier : $Author: rub $
10// | revision      : $Revision: 1908 $
11// +-----------------------------------------------------------------------+
12// | This program is free software; you can redistribute it and/or modify  |
13// | it under the terms of the GNU General Public License as published by  |
14// | the Free Software Foundation                                          |
15// |                                                                       |
16// | This program is distributed in the hope that it will be useful, but   |
17// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
18// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
19// | General Public License for more details.                              |
20// |                                                                       |
21// | You should have received a copy of the GNU General Public License     |
22// | along with this program; if not, write to the Free Software           |
23// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
24// | USA.                                                                  |
25// +-----------------------------------------------------------------------+
26
27/**
28 * returns a "secret key" that is to be sent back when a user enters a comment
29 */
30function get_comment_post_key($image_id)
31{
32  global $conf;
33  $time = time();
34  return $time.':'.hash_hmac('md5', $time.':'.$image_id, $conf['secret_key'] );
35}
36
37//returns string action to perform on a new comment: validate, moderate, reject
38function user_comment_check($action, $comment)
39{
40  global $conf,$user;
41
42  if ($action=='reject')
43    return $action;
44
45  $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
46
47  if ($action==$my_action)
48    return $action;
49
50  // we do here only BASIC spam check (plugins can do more)
51  if ( !$user['is_the_guest'] )
52    return $action;
53
54  $link_count = preg_match_all( '/https?:\/\//',
55    $comment['content'], $matches);
56
57  if ( strpos($comment['author'], 'http://')!==false )
58  {
59    $link_count++;
60  }
61 
62  if ( $link_count>$conf['comment_spam_max_links'] )
63    return $my_action;
64
65  if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] 
66      and $_SERVER["SERVER_ADDR"] != $comment['ip'] 
67    )
68  {
69    $rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
70    $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
71    $res = gethostbyname( $lookup );
72    if ( $lookup != $res )
73      return $my_action;
74  }
75
76  return $action;
77}
78
79
80add_event_handler('user_comment_check', 'user_comment_check',
81  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
82
83/**
84 * Tries to insert a user comment in the database and returns one of :
85 * validate, moderate, reject
86 * @param array comm contains author, content, image_id
87 * @param string key secret key sent back to the browser
88 * @param array infos out array of messages
89 */
90function insert_user_comment( &$comm, $key, &$infos )
91{
92  global $conf, $user;
93 
94  $comm = array_merge( $comm, 
95    array(
96      'ip' => $_SERVER['REMOTE_ADDR'],
97      'agent' => $_SERVER['HTTP_USER_AGENT']
98    )
99   );
100
101  $infos = array();
102  if (!$conf['comments_validation'] or is_admin())
103  {
104    $comment_action='validate'; //one of validate, moderate, reject
105  }
106  else
107  {
108    $comment_action='moderate'; //one of validate, moderate, reject
109  }
110
111  if ( $user['is_the_guest'] )
112  {
113    if ( empty($comm['author']) )
114    {
115      $comm['author'] = 'guest';
116    }
117    // if a guest try to use the name of an already existing user, he must be
118    // rejected
119    if ( $comm['author'] != 'guest' )
120    {
121      $query = '
122SELECT COUNT(*) AS user_exists
123  FROM '.USERS_TABLE.'
124  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
125      $row = mysql_fetch_assoc( pwg_query( $query ) );
126      if ( $row['user_exists'] == 1 )
127      {
128        array_push($infos, l10n('comment_user_exists') );
129        $comment_action='reject';
130      }
131    }
132  }
133  else
134  {
135    $comm['author'] = $user['username'];
136  }
137  if ( empty($comm['content']) )
138  { // empty comment content
139    $comment_action='reject';
140  }
141
142  $key = explode( ':', @$key );
143  if ( count($key)!=2
144        or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
145        or $key[0]<time()-3600 // 60 minutes expiration
146        or hash_hmac(
147              'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
148            ) != $key[1]
149      )
150  {
151    $comment_action='reject';
152  }
153 
154  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
155  { // anti-flood system
156    $reference_date = time() - $conf['anti-flood_time'];
157    $query = '
158SELECT id FROM '.COMMENTS_TABLE.'
159  WHERE date > FROM_UNIXTIME('.$reference_date.')
160    AND author = "'.addslashes($comm['author']).'"';
161    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
162    {
163      array_push( $infos, l10n('comment_anti-flood') );
164      $comment_action='reject';
165    }
166  }
167
168  // perform more spam check
169  $comment_action = trigger_event('user_comment_check',
170      $comment_action, $comm
171    );
172
173  if ( $comment_action!='reject' )
174  {
175    $query = '
176INSERT INTO '.COMMENTS_TABLE.'
177  (author, content, date, validated, validation_date, image_id)
178  VALUES (
179    "'.addslashes($comm['author']).'",
180    "'.addslashes($comm['content']).'",
181    NOW(),
182    "'.($comment_action=='validate' ? 'true':'false').'",
183    '.($comment_action=='validate' ? 'NOW()':'NULL').',
184    '.$comm['image_id'].'     
185  )
186';
187
188    pwg_query($query);
189
190    $comm['id'] = mysql_insert_id();
191
192    if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
193      or $conf['email_admin_on_comment_validation'] )
194    {
195      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
196
197      $del_url =
198          get_absolute_root_url().'comments.php?delete='.$comm['id'];
199
200      $keyargs_content = array
201      (
202        get_l10n_args('Author: %s', $comm['author']),
203        get_l10n_args('Comment: %s', $comm['content']),
204        get_l10n_args('', ''),
205        get_l10n_args('Delete: %s', $del_url)
206      );
207
208      if ($comment_action!='validate')
209      {
210        $keyargs_content[] =
211          get_l10n_args('', '');
212        $keyargs_content[] =
213          get_l10n_args('Validate: %s',
214            get_absolute_root_url().'comments.php?validate='.$comm['id']);
215      }
216
217      pwg_mail_notification_admins
218      (
219        get_l10n_args('Comment by %s', $comm['author']),
220        $keyargs_content
221      );
222    }
223  }
224  return $comment_action;
225}
226
227?>
Note: See TracBrowser for help on using the repository browser.