From 77fd1f51a3c5f5a52f72ef8a299fe368228e2285 Mon Sep 17 00:00:00 2001 From: vdigital Date: Fri, 23 May 2008 21:05:41 +0000 Subject: git-svn-id: http://piwigo.org/svn/trunk@2357 68402e56-0260-453c-a942-63ccdbb3a9ee --- BSF/include/functions_comment.inc.php | 228 ++++++++++++++++++++++++++++++++++ 1 file changed, 228 insertions(+) create mode 100644 BSF/include/functions_comment.inc.php (limited to 'BSF/include/functions_comment.inc.php') diff --git a/BSF/include/functions_comment.inc.php b/BSF/include/functions_comment.inc.php new file mode 100644 index 000000000..6e6498c38 --- /dev/null +++ b/BSF/include/functions_comment.inc.php @@ -0,0 +1,228 @@ +$conf['comment_spam_max_links'] ) + return $my_action; + + return $action; +} + + +add_event_handler('user_comment_check', 'user_comment_check', + EVENT_HANDLER_PRIORITY_NEUTRAL, 2); + +/** + * Tries to insert a user comment in the database and returns one of : + * validate, moderate, reject + * @param array comm contains author, content, image_id + * @param string key secret key sent back to the browser + * @param array infos out array of messages + */ +function insert_user_comment( &$comm, $key, &$infos ) +{ + global $conf, $user; + + $comm = array_merge( $comm, + array( + 'ip' => $_SERVER['REMOTE_ADDR'], + 'agent' => $_SERVER['HTTP_USER_AGENT'] + ) + ); + + $infos = array(); + if (!$conf['comments_validation'] or is_admin()) + { + $comment_action='validate'; //one of validate, moderate, reject + } + else + { + $comment_action='moderate'; //one of validate, moderate, reject + } + + // display author field if the user status is guest or generic + if (!is_classic_user()) + { + if ( empty($comm['author']) ) + { + $comm['author'] = 'guest'; + } + // if a guest try to use the name of an already existing user, he must be + // rejected + if ( $comm['author'] != 'guest' ) + { + $query = ' +SELECT COUNT(*) AS user_exists + FROM '.USERS_TABLE.' + WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'"; + $row = mysql_fetch_assoc( pwg_query( $query ) ); + if ( $row['user_exists'] == 1 ) + { + array_push($infos, l10n('comment_user_exists') ); + $comment_action='reject'; + } + } + } + else + { + $comm['author'] = $user['username']; + } + if ( empty($comm['content']) ) + { // empty comment content + $comment_action='reject'; + } + + $key = explode( ':', @$key ); + if ( count($key)!=2 + or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago + or $key[0]0 ) + { // anti-flood system + $reference_date = time() - $conf['anti-flood_time']; + $query = ' +SELECT id FROM '.COMMENTS_TABLE.' + WHERE date > FROM_UNIXTIME('.$reference_date.') + AND author = "'.addslashes($comm['author']).'"'; + if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) + { + array_push( $infos, l10n('comment_anti-flood') ); + $comment_action='reject'; + } + } + + // perform more spam check + $comment_action = trigger_event('user_comment_check', + $comment_action, $comm + ); + + if ( $comment_action!='reject' ) + { + $query = ' +INSERT INTO '.COMMENTS_TABLE.' + (author, content, date, validated, validation_date, image_id) + VALUES ( + "'.addslashes($comm['author']).'", + "'.addslashes($comm['content']).'", + NOW(), + "'.($comment_action=='validate' ? 'true':'false').'", + '.($comment_action=='validate' ? 'NOW()':'NULL').', + '.$comm['image_id'].' + ) +'; + + pwg_query($query); + + $comm['id'] = mysql_insert_id(); + + if + ( + ($comment_action=='validate' and $conf['email_admin_on_comment']) + or + ($comment_action!='validate' and $conf['email_admin_on_comment_validation']) + ) + { + include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); + + $del_url = + get_absolute_root_url().'comments.php?delete='.$comm['id']; + + $keyargs_content = array + ( + get_l10n_args('Author: %s', $comm['author']), + get_l10n_args('Comment: %s', $comm['content']), + get_l10n_args('', ''), + get_l10n_args('Delete: %s', $del_url) + ); + + if ($comment_action!='validate') + { + $keyargs_content[] = + get_l10n_args('', ''); + $keyargs_content[] = + get_l10n_args('Validate: %s', + get_absolute_root_url().'comments.php?validate='.$comm['id']); + } + + pwg_mail_notification_admins + ( + get_l10n_args('Comment by %s', $comm['author']), + $keyargs_content + ); + } + } + return $comment_action; +} + +?> \ No newline at end of file -- cgit v1.2.3