aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_comment.inc.php
diff options
context:
space:
mode:
authormistic100 <mistic@piwigo.org>2012-06-24 01:24:55 +0000
committermistic100 <mistic@piwigo.org>2012-06-24 01:24:55 +0000
commitd39aaff5bca203d5699810bafe71b395081d513e (patch)
tree61454fccebc86076d97c67037cf305dba0bb9e9f /include/functions_comment.inc.php
parent3ecd123ef57d13b89411dd4d69a74805c8cf8238 (diff)
bug 2660: check guest IP on insert_user_comment (same system as rate_picture)
git-svn-id: http://piwigo.org/svn/trunk@15983 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_comment.inc.php')
-rw-r--r--include/functions_comment.inc.php19
1 files changed, 18 insertions, 1 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 4c884794a..51e83cd81 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -126,6 +126,14 @@ SELECT COUNT(*) AS user_exists
$comment_action='reject';
$_POST['cr'][] = 'key'; // rvelices: I use this outside to see how spam robots work
}
+
+ // anonymous id = ip address
+ $ip_components = explode('.', $comm['ip']);
+ if (count($ip_components) > 3)
+ {
+ array_pop($ip_components);
+ }
+ $comm['anonymous_id'] = implode('.', $ip_components);
if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
{ // anti-flood system
@@ -135,6 +143,14 @@ SELECT COUNT(*) AS user_exists
SELECT count(1) FROM '.COMMENTS_TABLE.'
WHERE date > '.$reference_date.'
AND author_id = '.$comm['author_id'];
+ if (!is_classic_user())
+ {
+ $query.= '
+ AND anonymous_id = "'.$comm['anonymous_id'].'"';
+ }
+ $query.= '
+;';
+
list($counter) = pwg_db_fetch_row(pwg_query($query));
if ( $counter > 0 )
{
@@ -152,10 +168,11 @@ SELECT count(1) FROM '.COMMENTS_TABLE.'
{
$query = '
INSERT INTO '.COMMENTS_TABLE.'
- (author, author_id, content, date, validated, validation_date, image_id)
+ (author, author_id, anonymous_id, content, date, validated, validation_date, image_id)
VALUES (
\''.$comm['author'].'\',
'.$comm['author_id'].',
+ \''.$comm['anonymous_id'].'\',
\''.$comm['content'].'\',
NOW(),
\''.($comment_action=='validate' ? 'true':'false').'\',