source: trunk/include/picture_comment.inc.php @ 1809

Last change on this file since 1809 was 1809, checked in by rub, 18 years ago

When not template are selected for mail, PWG uses default template..

Sent multi-part message in MIME format. (With only one part for the moment).

Improvement pwg_mail function.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 10.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $Id: picture_comment.inc.php 1809 2007-02-12 23:21:23Z rub $
9// | last update   : $Date: 2007-02-12 23:21:23 +0000 (Mon, 12 Feb 2007) $
10// | last modifier : $Author: rub $
11// | revision      : $Revision: 1809 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28/**
29 * This file is included by the picture page to manage user comments
30 *
31 */
32
33//returns string action to perform on a new comment: validate, moderate, reject
34function user_comment_check($action, $comment, $picture)
35{
36  global $conf,$user;
37
38  if ($action=='reject')
39    return $action;
40
41  $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
42  if ($action==$my_action)
43    return $action;
44
45  // we do here only BASIC spam check (plugins can do more)
46  if ( !$user['is_the_guest'] )
47    return $action;
48
49  $link_count = preg_match_all( '/https?:\/\//',
50    $comment['content'], $matches);
51
52  if ( $link_count>$conf['comment_spam_max_links'] )
53    return $my_action;
54
55  if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] )
56  {
57    $rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
58    $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
59    $res = gethostbyname( $lookup );
60    if ( $lookup != $res )
61      return $my_action;
62  }
63
64  return $action;
65}
66
67
68
69add_event_handler('user_comment_check', 'user_comment_check',
70  EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
71
72
73// the picture is commentable if it belongs at least to one category which
74// is commentable
75$page['show_comments'] = false;
76foreach ($related_categories as $category)
77{
78  if ($category['commentable'] == 'true')
79  {
80    $page['show_comments'] = true;
81    break;
82  }
83}
84
85if ( $page['show_comments'] and isset( $_POST['content'] ) )
86{
87  if ( $user['is_the_guest'] and !$conf['comments_forall'] )
88  {
89    die ('Session expired');
90  }
91  if (!$conf['comments_validation'] or is_admin())
92  {
93    $comment_action='validate'; //one of validate, moderate, reject
94  }
95  else
96  {
97    $comment_action='moderate'; //one of validate, moderate, reject
98  }
99
100  $_POST['content'] = trim( stripslashes($_POST['content']) );
101
102  if ( $user['is_the_guest'] )
103  {
104    $author = empty($_POST['author'])?'guest':$_POST['author'];
105    // if a guest try to use the name of an already existing user, he must be
106    // rejected
107    if ( $author != 'guest' )
108    {
109      $query = 'SELECT COUNT(*) AS user_exists';
110      $query.= ' FROM '.USERS_TABLE;
111      $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
112      $query.= ';';
113      $row = mysql_fetch_assoc( pwg_query( $query ) );
114      if ( $row['user_exists'] == 1 )
115      {
116        $template->assign_block_vars(
117          'information',
118          array('INFORMATION'=>$lang['comment_user_exists']));
119        $comment_action='reject';
120      }
121    }
122  }
123  else
124  {
125    $author = $user['username'];
126  }
127
128  $comm = array(
129    'author' => $author,
130    'content' => $_POST['content'],
131    'image_id' => $page['image_id'],
132    'ip' => $_SERVER['REMOTE_ADDR'],
133    'agent' => $_SERVER['HTTP_USER_AGENT']
134   );
135
136  if ($comment_action!='reject' and empty($comm['content']) )
137  { // empty comment content
138    $comment_action='reject';
139  }
140
141  $key = explode(':', @$_POST['key']);
142  if ( count($key)!=2
143        or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
144        or $key[0]<time()-3600 // 60 minutes expiration
145        or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1]
146      )
147  {
148    $comment_action='reject';
149  }
150 
151  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
152  { // anti-flood system
153    $reference_date = time() - $conf['anti-flood_time'];
154    $query = 'SELECT id FROM '.COMMENTS_TABLE;
155    $query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
156    $query.= " AND author = '".$comm['author']."'";
157    $query.= ';';
158    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
159    {
160      $template->assign_block_vars(
161        'information',
162        array('INFORMATION'=>$lang['comment_anti-flood']));
163      $comment_action='reject';
164    }
165  }
166
167  // perform more spam check
168  $comment_action = trigger_event('user_comment_check',
169      $comment_action, $comm, $picture['current']
170    );
171
172  if ( $comment_action!='reject' )
173  {
174    list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
175
176    $data = $comm;
177    $data['date'] = $dbnow;
178    $data['content'] = addslashes(
179        // this htmlpsecialchars is not good here
180        htmlspecialchars($comm['content'],ENT_QUOTES)
181      );
182
183    if ($comment_action=='validate')
184    {
185      $data['validated'] = 'true';
186      $data['validation_date'] = $dbnow;
187    }
188    else
189    {
190      $data['validated'] = 'false';
191    }
192
193    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
194    $fields = array('author', 'date', 'image_id', 'content', 'validated',
195                    'validation_date');
196    mass_inserts(COMMENTS_TABLE, $fields, array($data));
197    $comm['id'] = mysql_insert_id();
198
199    // information message
200    $message = $lang['comment_added'];
201    if ($comment_action!='validate')
202    {
203      $message.= '<br />'.$lang['comment_to_validate'];
204    }
205    $template->assign_block_vars('information',
206                                 array('INFORMATION'=>$message));
207    if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
208      or $conf['email_admin_on_comment_validation'] )
209    {
210      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
211
212      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
213
214      $content =
215        'Author: '.$comm['author']."\n"
216        .'Comment: '.$comm['content']."\n"
217        .'IP: '.$comm['ip']."\n"
218        .'Browser: '.$comm['agent']."\n\n"
219        .'Delete: '.$del_url."\n";
220      if ($comment_action!='validate')
221      {
222        $content .=
223          'Validate: '.get_absolute_root_url()
224          .'comments.php?validate='.$comm['id'];
225      }
226      pwg_mail(get_webmaster_mail_address(),
227        array('subject' => 'PWG comment by '.$comm['author'], 'content' => $content));
228    }
229  }
230  else
231  {
232    set_status_header(403);
233    $template->assign_block_vars('information',
234          array('INFORMATION'=>l10n('comment_not_added') )
235        );
236  }
237
238  // allow plugins to notify what's going on
239  trigger_action( 'user_comment_insertion',
240      array_merge($comm, array('action'=>$comment_action) )
241    );
242}
243
244
245if ($page['show_comments'])
246{
247  // number of comment for this picture
248  $query = 'SELECT COUNT(*) AS nb_comments';
249  $query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$page['image_id'];
250  $query.= " AND validated = 'true'";
251  $query.= ';';
252  $row = mysql_fetch_array( pwg_query( $query ) );
253
254  // navigation bar creation
255  if (!isset($page['start']))
256  {
257    $page['start'] = 0;
258  }
259
260  $page['navigation_bar'] = create_navigation_bar(
261    duplicate_picture_url(array(), array('start')),
262    $row['nb_comments'],
263    $page['start'],
264    $conf['nb_comment_page'],
265    true // We want a clean URL
266    );
267
268  $template->assign_block_vars(
269    'comments',
270    array(
271      'NB_COMMENT' => $row['nb_comments'],
272      'NAV_BAR' => $page['navigation_bar'],
273      )
274    );
275
276  if ($row['nb_comments'] > 0)
277  {
278    $query = '
279SELECT id,author,date,image_id,content
280  FROM '.COMMENTS_TABLE.'
281  WHERE image_id = '.$page['image_id'].'
282    AND validated = \'true\'
283  ORDER BY date ASC
284  LIMIT '.$page['start'].', '.$conf['nb_comment_page'].'
285;';
286    $result = pwg_query( $query );
287
288    while ($row = mysql_fetch_array($result))
289    {
290      $template->assign_block_vars(
291        'comments.comment',
292        array(
293          'COMMENT_AUTHOR' => empty($row['author'])
294            ? $lang['guest']
295            : $row['author'],
296
297          'COMMENT_DATE' => format_date(
298            $row['date'],
299            'mysql_datetime',
300            true),
301
302          'COMMENT' => trigger_event('render_comment_content',$row['content']),
303          )
304        );
305
306      if (is_admin())
307      {
308        $template->assign_block_vars(
309          'comments.comment.delete',
310          array(
311            'U_COMMENT_DELETE' =>
312              add_url_params(
313                    $url_self,
314                    array(
315                      'action'=>'delete_comment',
316                      'comment_to_delete'=>$row['id']
317                    )
318                )
319            )
320          );
321      }
322    }
323  }
324
325  if (!$user['is_the_guest']
326      or ($user['is_the_guest'] and $conf['comments_forall']))
327  {
328    $key = time();
329    $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']);
330    $content = '';
331    if ('reject'===@$comment_action)
332    {
333      $content = htmlspecialchars($comm['content']);
334    }
335    $template->assign_block_vars('comments.add_comment',
336        array(
337          'KEY' => $key,
338          'CONTENT' => $content
339        ));
340    // display author field if the user is not logged in
341    if ($user['is_the_guest'])
342    {
343      $template->assign_block_vars(
344        'comments.add_comment.author_field', array()
345        );
346    }
347  }
348}
349
350?>
Note: See TracBrowser for help on using the repository browser.