diff options
author | mistic100 <mistic@piwigo.org> | 2012-06-24 01:24:55 +0000 |
---|---|---|
committer | mistic100 <mistic@piwigo.org> | 2012-06-24 01:24:55 +0000 |
commit | d39aaff5bca203d5699810bafe71b395081d513e (patch) | |
tree | 61454fccebc86076d97c67037cf305dba0bb9e9f | |
parent | 3ecd123ef57d13b89411dd4d69a74805c8cf8238 (diff) |
bug 2660: check guest IP on insert_user_comment (same system as rate_picture)
git-svn-id: http://piwigo.org/svn/trunk@15983 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | include/functions_comment.inc.php | 19 | ||||
-rw-r--r-- | install/db/128-database.php | 38 | ||||
-rw-r--r-- | install/piwigo_structure-mysql.sql | 1 |
3 files changed, 57 insertions, 1 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 4c884794a..51e83cd81 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -126,6 +126,14 @@ SELECT COUNT(*) AS user_exists $comment_action='reject'; $_POST['cr'][] = 'key'; // rvelices: I use this outside to see how spam robots work } + + // anonymous id = ip address + $ip_components = explode('.', $comm['ip']); + if (count($ip_components) > 3) + { + array_pop($ip_components); + } + $comm['anonymous_id'] = implode('.', $ip_components); if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin()) { // anti-flood system @@ -135,6 +143,14 @@ SELECT COUNT(*) AS user_exists SELECT count(1) FROM '.COMMENTS_TABLE.' WHERE date > '.$reference_date.' AND author_id = '.$comm['author_id']; + if (!is_classic_user()) + { + $query.= ' + AND anonymous_id = "'.$comm['anonymous_id'].'"'; + } + $query.= ' +;'; + list($counter) = pwg_db_fetch_row(pwg_query($query)); if ( $counter > 0 ) { @@ -152,10 +168,11 @@ SELECT count(1) FROM '.COMMENTS_TABLE.' { $query = ' INSERT INTO '.COMMENTS_TABLE.' - (author, author_id, content, date, validated, validation_date, image_id) + (author, author_id, anonymous_id, content, date, validated, validation_date, image_id) VALUES ( \''.$comm['author'].'\', '.$comm['author_id'].', + \''.$comm['anonymous_id'].'\', \''.$comm['content'].'\', NOW(), \''.($comment_action=='validate' ? 'true':'false').'\', diff --git a/install/db/128-database.php b/install/db/128-database.php new file mode 100644 index 000000000..d1dae91f9 --- /dev/null +++ b/install/db/128-database.php @@ -0,0 +1,38 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based photo gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008-2012 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +if (!defined('PHPWG_ROOT_PATH')) +{ + die('Hacking attempt!'); +} + +$upgrade_description = 'add anonymous_id in comments table'; + +include_once(PHPWG_ROOT_PATH.'include/constants.php'); + +$query = 'ALTER TABLE `'.COMMENTS_TABLE.'` ADD `anonymous_id` VARCHAR( 45 ) DEFAULT NULL;'; +pwg_query($query); + +echo "\n".$upgrade_description."\n"; + +?>
\ No newline at end of file diff --git a/install/piwigo_structure-mysql.sql b/install/piwigo_structure-mysql.sql index 8f7c87009..d1202b1bd 100644 --- a/install/piwigo_structure-mysql.sql +++ b/install/piwigo_structure-mysql.sql @@ -52,6 +52,7 @@ CREATE TABLE `piwigo_comments` ( `date` datetime NOT NULL default '0000-00-00 00:00:00', `author` varchar(255) default NULL, `author_id` smallint(5) DEFAULT NULL, + `anonymous_id` varchar(45) NOT NULL, `content` longtext, `validated` enum('true','false') NOT NULL default 'false', `validation_date` datetime default NULL, |