-<?php\r
-\r
-/*\r
- * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
- * Copyright (C) 2002-2012 The Nucleus Group\r
- *\r
- * This program is free software; you can redistribute it and/or\r
- * modify it under the terms of the GNU General Public License\r
- * as published by the Free Software Foundation; either version 2\r
- * of the License, or (at your option) any later version.\r
- * (see nucleus/documentation/index.html#license for more info)\r
- */\r
-/**\r
- * A class representing the comments (all of them) for a certain post on a ceratin blog\r
- *\r
- * @license http://nucleuscms.org/license.txt GNU General Public License\r
- * @copyright Copyright (C) 2002-2012 The Nucleus Group\r
- * @version $Id: COMMENTS.php 1527 2011-06-21 10:43:44Z sakamocchi $\r
- */\r
-\r
-if ( !function_exists('requestVar') ) exit;\r
-require_once dirname(__FILE__) . '/COMMENTACTIONS.php';\r
-\r
-class Comments\r
-{\r
-\r
- // item for which comment are being displayed\r
- var $itemid;\r
-\r
- // reference to the itemActions object that is calling the showComments function\r
- var $itemActions;\r
-\r
- // total amount of comments displayed\r
- var $commentcount;\r
-\r
- /**\r
- * Creates a new Comments object for the given blog and item\r
- *\r
- * @param $itemid\r
- * id of the item\r
- */\r
- function COMMENTS($itemid) {\r
- $this->itemid = intval($itemid);\r
- }\r
- \r
- /**\r
- * Used when parsing comments\r
- *\r
- * @param $itemActions\r
- * itemActions object, that will take care of the parsing\r
- */\r
- function setItemActions(&$itemActions) {\r
- $this->itemActions =& $itemActions;\r
- }\r
-\r
- /**\r
- * Shows maximum $max comments to the given item using the given template\r
- * returns the amount of shown comments (if maxToShow = -1, then there is no limit)\r
- *\r
- * @param template\r
- * template to use\r
- * @param maxToShow\r
- * max. comments to show\r
- * @param showNone\r
- * indicates if the 'no comments' thingie should be outputted when there are no comments\r
- * (useful for closed items)\r
- * @param highlight\r
- * Highlight to use (if any)\r
- */\r
- function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') {\r
- global $CONF, $manager;\r
-\r
- // create parser object & action handler\r
- $handler = new CommentActions($this);\r
- $handler->setTemplate($template);\r
- \r
- $parser = new Parser($handler);\r
- \r
- if ($maxToShow == 0) {\r
- $this->commentcount = $this->amountComments();\r
- } else {\r
- $query = 'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid'\r
- . ' FROM '.sql_table('comment').' as c'\r
- . ' WHERE c.citem=' . $this->itemid\r
- . ' ORDER BY c.ctime';\r
-\r
- $comments = DB::getResult($query);\r
- $this->commentcount = $comments->rowCount();\r
- }\r
-\r
- // if no result was found\r
- if ($this->commentcount == 0) {\r
- // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used\r
- if ($showNone) $parser->parse($template['COMMENTS_NONE']);\r
- return 0;\r
- }\r
-\r
- // if too many comments to show\r
- if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) {\r
- $parser->parse($template['COMMENTS_TOOMUCH']);\r
- return 0;\r
- }\r
-\r
- $parser->parse($template['COMMENTS_HEADER']);\r
-\r
- foreach ( $comments as $comment ) {\r
- $comment['timestamp'] = strtotime($comment['ctime']);\r
- $handler->setCurrentComment($comment);\r
- $handler->setHighlight($highlight);\r
- $manager->notify('PreComment', array('comment' => &$comment));\r
- $parser->parse($template['COMMENTS_BODY']);\r
- $manager->notify('PostComment', array('comment' => &$comment));\r
- }\r
-\r
- $parser->parse($template['COMMENTS_FOOTER']);\r
-\r
- $comments->closeCursor();\r
-\r
- return $this->commentcount;\r
- }\r
-\r
- /**\r
- * Returns the amount of comments for this itemid\r
- */\r
- function amountComments() {\r
- $query = 'SELECT COUNT(*)'\r
- . ' FROM '.sql_table('comment').' as c'\r
- . ' WHERE c.citem='. $this->itemid;\r
- $res = DB::getValue($query);\r
-\r
- return $res;\r
- }\r
-\r
- /**\r
- * Comments::addComment()\r
- * Adds a new comment to the database\r
- * \r
- * @param string $timestamp\r
- * @param array $comment\r
- * @return mixed\r
- */\r
- function addComment($timestamp, $comment)\r
- {\r
- global $CONF, $member, $manager;\r
- \r
- $item =& $manager->getItem($this->itemid, 0, 0);\r
- $settings =& $manager->getBlog($item['blogid']);\r
- $settings->readSettings();\r
- \r
- // begin if: comments disabled\r
- if ( !$settings->commentsEnabled() )\r
- {\r
- return _ERROR_COMMENTS_DISABLED;\r
- }\r
- \r
- // begin if: public cannot comment\r
- if ( !$settings->isPublic() && !$member->isLoggedIn() )\r
- {\r
- return _ERROR_COMMENTS_NONPUBLIC;\r
- }\r
- \r
- // begin if: comment uses a protected member name\r
- if ( $CONF['ProtectMemNames'] && !$member->isLoggedIn() && Member::isNameProtected($comment['user']) )\r
- {\r
- return _ERROR_COMMENTS_MEMBERNICK;\r
- }\r
- \r
- // begin if: email required, but missing (doesn't apply to members)\r
- if ( $settings->emailRequired() && i18n::strlen($comment['email']) == 0 && !$member->isLoggedIn() )\r
- {\r
- return _ERROR_EMAIL_REQUIRED;\r
- }\r
- \r
- // begin if: commenter's name is too long\r
- if ( i18n::strlen($comment['user']) > 40 )\r
- {\r
- return _ERROR_USER_TOO_LONG;\r
- }\r
- \r
- // begin if: commenter's email is too long\r
- if ( i18n::strlen($comment['email']) > 100 )\r
- {\r
- return _ERROR_EMAIL_TOO_LONG;\r
- }\r
- \r
- // begin if: commenter's url is too long\r
- if ( i18n::strlen($comment['userid']) > 100 )\r
- {\r
- return _ERROR_URL_TOO_LONG;\r
- }\r
- \r
- $comment['timestamp'] = $timestamp;\r
- $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR') );\r
- $comment['ip'] = serverVar('REMOTE_ADDR');\r
- \r
- // begin if: member is logged in, use that data\r
- if ( $member->isLoggedIn() )\r
- {\r
- $comment['memberid'] = $member->getID();\r
- $comment['user'] = '';\r
- $comment['userid'] = '';\r
- $comment['email'] = '';\r
- }\r
- else\r
- {\r
- $comment['memberid'] = 0;\r
- }\r
- \r
- // spam check\r
- $continue = FALSE;\r
- $plugins = array();\r
- \r
- if ( isset($manager->subscriptions['ValidateForm']) )\r
- {\r
- $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);\r
- }\r
- \r
- if ( isset($manager->subscriptions['PreAddComment']) )\r
- {\r
- $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);\r
- }\r
- \r
- if ( isset($manager->subscriptions['PostAddComment']) )\r
- {\r
- $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);\r
- }\r
- \r
- $plugins = array_unique($plugins);\r
- \r
- while ( list(, $plugin) = each($plugins) )\r
- {\r
- $p = $manager->getPlugin($plugin);\r
- $continue = $continue || $p->supportsFeature('handleSpam');\r
- }\r
- \r
- $spamcheck = array(\r
- 'type' => 'comment',\r
- 'body' => $comment['body'],\r
- 'id' => $comment['itemid'],\r
- 'live' => TRUE,\r
- 'return' => $continue\r
- );\r
- \r
- // begin if: member logged in\r
- if ( $member->isLoggedIn() )\r
- {\r
- $spamcheck['author'] = $member->displayname;\r
- $spamcheck['email'] = $member->email;\r
- }\r
- // else: public\r
- else\r
- {\r
- $spamcheck['author'] = $comment['user'];\r
- $spamcheck['email'] = $comment['email'];\r
- $spamcheck['url'] = $comment['userid'];\r
- }\r
- \r
- $manager->notify('SpamCheck', array('spamcheck' => &$spamcheck) );\r
- \r
- if ( !$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE )\r
- {\r
- return _ERROR_COMMENTS_SPAM;\r
- }\r
- \r
- // isValidComment returns either "1" or an error message\r
- $isvalid = $this->isValidComment($comment, $spamcheck);\r
- \r
- if ( $isvalid != 1 )\r
- {\r
- return $isvalid;\r
- }\r
- \r
- // begin if: send email to notification address\r
- if ( $settings->getNotifyAddress() && $settings->notifyOnComment() )\r
- {\r
- \r
- $message = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";\r
- $temp = parse_url($CONF['Self']);\r
- \r
- if ( $temp['scheme'] )\r
- {\r
- $message .= Link::create_item_link($this->itemid) . "\n\n";\r
- }\r
- else\r
- {\r
- $tempurl = $settings->getURL();\r
- \r
- if ( i18n::substr($tempurl, -1) == '/' || i18n::substr($tempurl, -4) == '.php' )\r
- {\r
- $message .= $tempurl . '?itemid=' . $this->itemid . "\n\n";\r
- }\r
- else\r
- {\r
- $message .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";\r
- }\r
- }\r
- \r
- if ( $comment['memberid'] == 0 )\r
- {\r
- $message .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";\r
- $message .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";\r
- }\r
- else\r
- {\r
- $message .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";\r
- }\r
- \r
- $message .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";\r
- $message .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";\r
- $message .= NOTIFICATION::get_mail_footer();\r
- \r
- $subject = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';\r
- \r
- $from = $member->getNotifyFromMailAddress($comment['email']);\r
- \r
- NOTIFICATION::mail($settings->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());\r
- }\r
- \r
- $comment = Comment::prepare($comment);\r
- \r
- $manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) );\r
- \r
- $name = DB::quoteValue($comment['user']);\r
- $url = DB::quoteValue($comment['userid']);\r
- $email = DB::quoteValue($comment['email']);\r
- $body = DB::quoteValue($comment['body']);\r
- $host = DB::quoteValue($comment['host']);\r
- $ip = DB::quoteValue($comment['ip']);\r
- $memberid = (integer) $comment['memberid'];\r
- $timestamp = DB::formatDateTime($comment['timestamp']);\r
- $itemid = $this->itemid;\r
- \r
- $qSql = 'SELECT COUNT(*) AS result '\r
- . 'FROM ' . sql_table('comment')\r
- . ' WHERE '\r
- . 'cmail = ' . $url\r
- . ' AND cmember = ' . $memberid\r
- . ' AND cbody = ' . $body\r
- . ' AND citem = ' . $itemid\r
- . ' AND cblog = ' . $item['blogid'];\r
- $result = (integer) DB::getValue($qSql);\r
- \r
- if ( $result > 0 )\r
- {\r
- return _ERROR_BADACTION;\r
- }\r
- \r
- $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '\r
- . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'\r
- , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $item['blogid']);\r
- \r
- DB::execute($query);\r
- \r
- // post add comment\r
- $commentid = DB::getInsertId();\r
- $manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) );\r
- \r
- // succeeded !\r
- return TRUE;\r
- }\r
-\r
-\r
- /**\r
- * Comments::isValidComment()\r
- * Checks if a comment is valid and call plugins\r
- * that can check if the comment is a spam comment \r
- * \r
- * @param Array $comment array with comment elements\r
- * @param Array $spamcheck array with spamcheck elements\r
- */\r
- function isValidComment(&$comment, &$spamcheck)\r
- {\r
- global $member, $manager;\r
- \r
- // check if there exists a item for this date\r
- $item =& $manager->getItem($this->itemid, 0, 0);\r
- \r
- if ( !$item )\r
- {\r
- return _ERROR_NOSUCHITEM;\r
- }\r
- \r
- if ( $item['closed'] )\r
- {\r
- return _ERROR_ITEMCLOSED;\r
- }\r
- \r
- // don't allow words that are too long\r
- if ( preg_match('/[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}/', $comment['body']) != 0 )\r
- {\r
- return _ERROR_COMMENT_LONGWORD;\r
- }\r
- \r
- // check lengths of comment\r
- if ( i18n::strlen($comment['body']) < 3 )\r
- {\r
- return _ERROR_COMMENT_NOCOMMENT;\r
- }\r
- \r
- if ( i18n::strlen($comment['body']) > 5000 )\r
- {\r
- return _ERROR_COMMENT_TOOLONG;\r
- }\r
- \r
- // only check username if no member logged in\r
- if ( !$member->isLoggedIn() && (i18n::strlen($comment['user']) < 2) )\r
- {\r
- return _ERROR_COMMENT_NOUSERNAME;\r
- }\r
- \r
- if ( (i18n::strlen($comment['email']) != 0) && !NOTIFICATION::address_validation(trim($comment['email'])) )\r
- {\r
- return _ERROR_BADMAILADDRESS;\r
- }\r
- \r
- // let plugins do verification (any plugin which thinks the comment is invalid\r
- // can change 'error' to something other than '1')\r
- $result = 1;\r
- $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck) );\r
- \r
- return $result;\r
- }\r
-}\r
+<?php
+
+/*
+ * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
+ * Copyright (C) 2002-2009 The Nucleus Group
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * (see nucleus/documentation/index.html#license for more info)
+ */
+/**
+ * A class representing the comments (all of them) for a certain post on a ceratin blog
+ *
+ * @license http://nucleuscms.org/license.txt GNU General Public License
+ * @copyright Copyright (C) 2002-2009 The Nucleus Group
+ * @version $Id: COMMENTS.php 1527 2011-06-21 10:43:44Z sakamocchi $
+ */
+
+if ( !function_exists('requestVar') ) exit;
+require_once dirname(__FILE__) . '/COMMENTACTIONS.php';
+
+class Comments
+{
+ // reference to the itemActions object that is calling the showComments function
+ public $itemActions;
+
+ // item for which comment are being displayed
+ public $itemid;
+
+ // total amount of comments displayed
+ public $commentcount;
+
+ /**
+ * Comments::__construct()
+ * Creates a new Comments object for the given blog and item
+ *
+ * @param integer $itemid id of the item
+ * @return void
+ */
+ public function __construct($itemid)
+ {
+ $this->itemid = (integer) $itemid;
+ return;
+ }
+
+ /**
+ * Comments::setItemActions()
+ * Used when parsing comments
+ *
+ * @param object $itemActions itemActions object, that will take care of the parsing
+ * @return void
+ */
+ public function setItemActions(&$itemActions)
+ {
+ $this->itemActions =& $itemActions;
+ return;
+ }
+
+ /**
+ * Comments::showComments()
+ * Shows maximum $max comments to the given item using the given template
+ * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
+ *
+ * @param array template template to use
+ * @param integer maxToShow max. comments to show
+ * @param integer showNone indicates if the 'no comments' thingie should be outputted
+ * when there are no comments (useful for closed items)
+ * @param string highlight Highlight to use (if any)
+ * @return integer number of comments
+ */
+ public function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '')
+ {
+ global $CONF, $manager;
+
+ if ( $maxToShow == 0 )
+ {
+ $this->commentcount = $this->amountComments();
+ }
+ else
+ {
+ $query = 'SELECT citem as itemid, cnumber as commentid, cbody as body, cuser as user, cmail as userid, '
+ . 'cemail as email, cmember as memberid, ctime, chost as host, cip as ip, cblog as blogid '
+ . 'FROM %s as c WHERE citem=%d ORDER BY ctime';
+
+ $query = sprintf($query, sql_table('comment'), (integer) $this->itemid);
+ $comments = DB::getResult($query);
+ $this->commentcount = $comments->rowCount();
+ }
+
+ // create parser object & action handler
+ $handler = new CommentActions($this);
+ $handler->setTemplate($template);
+
+ $parser = new Parser($handler);
+
+ // if no result was found
+ if ( $this->commentcount == 0 )
+ {
+ // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
+ if ( $showNone )
+ {
+ $parser->parse($template['COMMENTS_NONE']);
+ }
+ return 0;
+ }
+
+ // if too many comments to show
+ if ( ($maxToShow != -1) && ($this->commentcount > $maxToShow) )
+ {
+ $parser->parse($template['COMMENTS_TOOMUCH']);
+ return 0;
+ }
+
+ $parser->parse($template['COMMENTS_HEADER']);
+
+ foreach ( $comments as $comment )
+ {
+ $comment['timestamp'] = strtotime($comment['ctime']);
+ $handler->setCurrentComment($comment);
+ $handler->setHighlight($highlight);
+
+ $manager->notify('PreComment', array('comment' => &$comment));
+ $parser->parse($template['COMMENTS_BODY']);
+ $manager->notify('PostComment', array('comment' => &$comment));
+ }
+
+ $parser->parse($template['COMMENTS_FOOTER']);
+
+ $comments->closeCursor();
+
+ return $this->commentcount;
+ }
+
+ /**
+ * Comments::amountComments()
+ * Returns the amount of comments for this itemid
+ *
+ * @param void
+ * @return integer number of comments
+ */
+ public function amountComments()
+ {
+ $query = 'SELECT COUNT(*) FROM %s WHERE citem=%d;';
+ $query = sprintf($query, sql_table('comment'), (integer) $this->itemid);
+ $res = DB::getValue($query);
+
+ return $res;
+ }
+
+ /**
+ * Comments::addComment()
+ * Adds a new comment to the database
+ *
+ * @param string $timestamp
+ * @param array $comment
+ * @return mixed
+ */
+ public function addComment($timestamp, $comment)
+ {
+ global $CONF, $member, $manager;
+
+ $blogid = getBlogIDFromItemID($this->itemid);
+
+ $settings =& $manager->getBlog($blogid);
+ $settings->readSettings();
+
+ // begin if: comments disabled
+ if ( !$settings->commentsEnabled() )
+ {
+ return _ERROR_COMMENTS_DISABLED;
+ }
+
+ // begin if: public cannot comment
+ if ( !$settings->isPublic() && !$member->isLoggedIn() )
+ {
+ return _ERROR_COMMENTS_NONPUBLIC;
+ }
+
+ // begin if: comment uses a protected member name
+ if ( $CONF['ProtectMemNames'] && !$member->isLoggedIn() && Member::isNameProtected($comment['user']) )
+ {
+ return _ERROR_COMMENTS_MEMBERNICK;
+ }
+
+ // begin if: email required, but missing (doesn't apply to members)
+ if ( $settings->emailRequired() && i18n::strlen($comment['email']) == 0 && !$member->isLoggedIn() )
+ {
+ return _ERROR_EMAIL_REQUIRED;
+ }
+
+ // begin if: commenter's name is too long
+ if ( i18n::strlen($comment['user']) > 40 )
+ {
+ return _ERROR_USER_TOO_LONG;
+ }
+
+ // begin if: commenter's email is too long
+ if ( i18n::strlen($comment['email']) > 100 )
+ {
+ return _ERROR_EMAIL_TOO_LONG;
+ }
+
+ // begin if: commenter's url is too long
+ if ( i18n::strlen($comment['userid']) > 100 )
+ {
+ return _ERROR_URL_TOO_LONG;
+ }
+
+ $comment['timestamp'] = $timestamp;
+ $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR') );
+ $comment['ip'] = serverVar('REMOTE_ADDR');
+
+ // begin if: member is logged in, use that data
+ if ( $member->isLoggedIn() )
+ {
+ $comment['memberid'] = $member->getID();
+ $comment['user'] = '';
+ $comment['userid'] = '';
+ $comment['email'] = '';
+ }
+ else
+ {
+ $comment['memberid'] = 0;
+ }
+
+ // spam check
+ $continue = FALSE;
+ $plugins = array();
+
+ if ( isset($manager->subscriptions['ValidateForm']) )
+ {
+ $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
+ }
+
+ if ( isset($manager->subscriptions['PreAddComment']) )
+ {
+ $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
+ }
+
+ if ( isset($manager->subscriptions['PostAddComment']) )
+ {
+ $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
+ }
+
+ $plugins = array_unique($plugins);
+
+ while ( list(, $plugin) = each($plugins) )
+ {
+ $p = $manager->getPlugin($plugin);
+ $continue = $continue || $p->supportsFeature('handleSpam');
+ }
+
+ $spamcheck = array(
+ 'type' => 'comment',
+ 'body' => $comment['body'],
+ 'id' => $comment['itemid'],
+ 'live' => TRUE,
+ 'return' => $continue
+ );
+
+ // begin if: member logged in
+ if ( $member->isLoggedIn() )
+ {
+ $spamcheck['author'] = $member->displayname;
+ $spamcheck['email'] = $member->email;
+ }
+ // else: public
+ else
+ {
+ $spamcheck['author'] = $comment['user'];
+ $spamcheck['email'] = $comment['email'];
+ $spamcheck['url'] = $comment['userid'];
+ }
+
+ $manager->notify('SpamCheck', array('spamcheck' => &$spamcheck) );
+
+ if ( !$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE )
+ {
+ return _ERROR_COMMENTS_SPAM;
+ }
+
+ // isValidComment returns either "1" or an error message
+ $isvalid = $this->isValidComment($comment, $spamcheck);
+ if ( $isvalid != 1 )
+ {
+ return $isvalid;
+ }
+
+ // begin if: send email to notification address
+ if ( $settings->getNotifyAddress() && $settings->notifyOnComment() )
+ {
+
+ $message = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
+ $temp = parse_url($CONF['Self']);
+
+ if ( $temp['scheme'] )
+ {
+ $message .= Link::create_item_link($this->itemid) . "\n\n";
+ }
+ else
+ {
+ $tempurl = $settings->getURL();
+
+ if ( i18n::substr($tempurl, -1) == '/' || i18n::substr($tempurl, -4) == '.php' )
+ {
+ $message .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
+ }
+ else
+ {
+ $message .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
+ }
+ }
+
+ if ( $comment['memberid'] == 0 )
+ {
+ $message .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
+ $message .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
+ }
+ else
+ {
+ $message .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
+ }
+
+ $message .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
+ $message .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
+ $message .= NOTIFICATION::get_mail_footer();
+
+ $item =& $manager->getItem($this->itemid, 0, 0);
+ $subject = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
+
+ $from = $member->getNotifyFromMailAddress($comment['email']);
+
+ NOTIFICATION::mail($settings->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());
+ }
+
+ $comment = Comment::prepare($comment);
+
+ $manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) );
+
+ $name = DB::quoteValue($comment['user']);
+ $url = DB::quoteValue($comment['userid']);
+ $email = DB::quoteValue($comment['email']);
+ $body = DB::quoteValue($comment['body']);
+ $host = DB::quoteValue($comment['host']);
+ $ip = DB::quoteValue($comment['ip']);
+ $memberid = intval($comment['memberid']);
+ $timestamp = DB::formatDateTime($comment['timestamp']);
+ $itemid = $this->itemid;
+
+ $qSql = 'SELECT COUNT(*) AS result '
+ . 'FROM ' . sql_table('comment')
+ . ' WHERE '
+ . 'cmail = ' . $url
+ . ' AND cmember = ' . $memberid
+ . ' AND cbody = ' . $body
+ . ' AND citem = ' . $itemid
+ . ' AND cblog = ' . $blogid;
+ $result = (integer) DB::getValue($qSql);
+
+ if ( $result > 0 )
+ {
+ return _ERROR_BADACTION;
+ }
+
+ $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '
+ . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'
+ , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $blogid);
+
+ DB::execute($query);
+
+ // post add comment
+ $commentid = DB::getInsertId();
+ $manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) );
+
+ // succeeded !
+ return TRUE;
+ }
+
+ /**
+ * Comments::isValidComment()
+ * Checks if a comment is valid and call plugins
+ * that can check if the comment is a spam comment
+ *
+ * @param array $comment array with comment elements
+ * @param array $spamcheck array with spamcheck elements
+ * @return boolean valid or not
+ */
+ private function isValidComment(&$comment, &$spamcheck)
+ {
+ global $member, $manager;
+
+ // check if there exists a item for this date
+ $item =& $manager->getItem($this->itemid, 0, 0);
+
+ if ( !$item )
+ {
+ return _ERROR_NOSUCHITEM;
+ }
+
+ if ( $item['closed'] )
+ {
+ return _ERROR_ITEMCLOSED;
+ }
+
+ // don't allow words that are too long
+ if ( preg_match('/[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}/', $comment['body']) != 0 )
+ {
+ return _ERROR_COMMENT_LONGWORD;
+ }
+
+ // check lengths of comment
+ if ( i18n::strlen($comment['body']) < 3 )
+ {
+ return _ERROR_COMMENT_NOCOMMENT;
+ }
+
+ if ( i18n::strlen($comment['body']) > 5000 )
+ {
+ return _ERROR_COMMENT_TOOLONG;
+ }
+
+ // only check username if no member logged in
+ if ( !$member->isLoggedIn() && (i18n::strlen($comment['user']) < 2) )
+ {
+ return _ERROR_COMMENT_NOUSERNAME;
+ }
+
+ if ( (i18n::strlen($comment['email']) != 0) && !NOTIFICATION::address_validation(trim($comment['email'])) )
+ {
+ return _ERROR_BADMAILADDRESS;
+ }
+
+ // let plugins do verification (any plugin which thinks the comment is invalid
+ // can change 'error' to something other than '1')
+ $result = 1;
+ $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck) );
+
+ return $result;
+ }
+}
OSDN Git Service
