Changeset 1744 for trunk/include/picture_comment.inc.php

Timestamp:

Jan 23, 2007, 2:22:52 AM (17 years ago)

Author:

rvelices

Message:

• revert feature 564: log the login of each user; but add the possibility to be

done by a plugin

• create a "standard" way to define PHP functions that we use but might not be

available in the current php version

• when a comment is rejected (spam, anti-flood etc), put the content back to the

browser in case there is a real user behind it

• now a comment can be entered only if the page was retrieved between 2 seconds

ago and 1 hour ago

File:

• trunk/include/picture_comment.inc.php (modified) (4 diffs)

trunk/include/picture_comment.inc.php

@@ -31 +31 @@
  */
 
-if (!function_exists('hash_hmac'))
-{
-function hash_hmac($algo, $data, $key, $raw_output=false)
-{
-  /* md5 and sha1 only */
-  $algo=strtolower($algo);
-  $p=array('md5'=>'H32','sha1'=>'H40');
-  if ( !isset($p[$algo]) or !function_exists($algo) )
-  {
-    $algo = 'md5';
-  }
-  if(strlen($key)>64) $key=pack($p[$algo],$algo($key));
-  if(strlen($key)<64) $key=str_pad($key,64,chr(0));
-
-  $ipad=substr($key,0,64) ^ str_repeat(chr(0x36),64);
-  $opad=substr($key,0,64) ^ str_repeat(chr(0x5C),64);
-
-  $ret = $algo($opad.pack($p[$algo],$algo($ipad.$data)));
-  if ($raw_output)
-  {
-    $ret = pack('H*', $ret);
-  }
-  return $ret;
-}
-}
-
 //returns string action to perform on a new comment: validate, moderate, reject
 function user_comment_check($action, $comment, $picture)
@@ -167 +141 @@
   $key = explode(':', @$_POST['key']);
   if ( count($key)!=2
-        or $key[0]>time() or $key[0]<time()-1800 // 30 minutes expiration
+        or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
+        or $key[0]<time()-3600 // 60 minutes expiration
         or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1]
       )
@@ -258 +233 @@
   else
   {
+    set_status_header(403);
     $template->assign_block_vars('information',
           array('INFORMATION'=>l10n('comment_not_added') )
@@ -355 +331 @@
     $key = time();
     $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']);
+    $content = '';
+    if ('reject'===@$comment_action)
+    {
+      $content = htmlspecialchars($comm['content']);
+    }
     $template->assign_block_vars('comments.add_comment',
         array(
-          'key' => $key
+          'KEY' => $key,
+          'CONTENT' => $content
         ));
     // display author field if the user is not logged in