diff options
author | mistic100 <mistic@piwigo.org> | 2012-06-24 01:24:55 +0000 |
---|---|---|
committer | mistic100 <mistic@piwigo.org> | 2012-06-24 01:24:55 +0000 |
commit | d39aaff5bca203d5699810bafe71b395081d513e (patch) | |
tree | 61454fccebc86076d97c67037cf305dba0bb9e9f /include/functions_comment.inc.php | |
parent | 3ecd123ef57d13b89411dd4d69a74805c8cf8238 (diff) |
bug 2660: check guest IP on insert_user_comment (same system as rate_picture)
git-svn-id: http://piwigo.org/svn/trunk@15983 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_comment.inc.php')
-rw-r--r-- | include/functions_comment.inc.php | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 4c884794a..51e83cd81 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -126,6 +126,14 @@ SELECT COUNT(*) AS user_exists $comment_action='reject'; $_POST['cr'][] = 'key'; // rvelices: I use this outside to see how spam robots work } + + // anonymous id = ip address + $ip_components = explode('.', $comm['ip']); + if (count($ip_components) > 3) + { + array_pop($ip_components); + } + $comm['anonymous_id'] = implode('.', $ip_components); if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin()) { // anti-flood system @@ -135,6 +143,14 @@ SELECT COUNT(*) AS user_exists SELECT count(1) FROM '.COMMENTS_TABLE.' WHERE date > '.$reference_date.' AND author_id = '.$comm['author_id']; + if (!is_classic_user()) + { + $query.= ' + AND anonymous_id = "'.$comm['anonymous_id'].'"'; + } + $query.= ' +;'; + list($counter) = pwg_db_fetch_row(pwg_query($query)); if ( $counter > 0 ) { @@ -152,10 +168,11 @@ SELECT count(1) FROM '.COMMENTS_TABLE.' { $query = ' INSERT INTO '.COMMENTS_TABLE.' - (author, author_id, content, date, validated, validation_date, image_id) + (author, author_id, anonymous_id, content, date, validated, validation_date, image_id) VALUES ( \''.$comm['author'].'\', '.$comm['author_id'].', + \''.$comm['anonymous_id'].'\', \''.$comm['content'].'\', NOW(), \''.($comment_action=='validate' ? 'true':'false').'\', |