b2evolution

Multilingual multiuser multiblog engine

Home About Demo Download Hosting Extend Docs Support
b2evolution Technical Documentation (0.9.x) [ class tree: htsrv ] [ index: htsrv ] [ all elements ]

Source for file comment_post.php

Documentation is available at comment_post.php

  1. <?php
  2. /**
  3.  * This file posts a comment!
  4.  *
  5.  * b2evolution - {@link http://b2evolution.net/}
  6.  * Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
  7.  * @copyright (c)2003-2005 by Francois PLANQUE - {@link http://fplanque.net/}
  8.  *
  9.  * @package htsrv
  10.  */
  11.  
  12. /**
  13.  * Initialize everything:
  14.  */
  15. require_oncedirname(__FILE__'/../b2evocore/_main.php' );
  16.  
  17. // statuses allowed for acting on:
  18. $show_statuses array'published''protected''private' );
  19.  
  20. // Only for 0.9.0.11, for users who will not update their conf! :/
  21. if!isset($minimum_comment_interval) ) $minimum_comment_interval 30;
  22.  
  23. // Getting GET or POST parameters:
  24. param'comment_post_ID''integer'true )// required
  25.  
  26. $commented_Item Item_get_by_ID$comment_post_ID );
  27.  
  28. if$commented_Item->can_comment'''''''' ) )
  29. {
  30.     errors_addT_('You cannot leave comments on this post!') );
  31. }
  32.  
  33. param'author''string' );
  34. param'email''string' );
  35. param'url''string' );
  36. param'comment' 'html' );
  37. param'comment_autobr''integer'($comments_use_autobr == 'always');
  38. param'comment_cookies''integer');
  39.  
  40. ifis_logged_in() )
  41. // User is loggued in, we'll use his ID
  42.     $author_ID $current_User->ID;
  43.     $author NULL;
  44.     $email NULL;
  45.     $url NULL;
  46. }
  47. else
  48. {    // User is not logged in, we need some id info from him:
  49.     $author_ID NULL;
  50.  
  51.     if ($require_name_email)
  52.     // Blog wants Name and EMail with comments
  53.         ifempty($author) ) errors_addT_('Please fill in the name field') );
  54.         ifempty($email) ) errors_addT_('Please fill in the email field') );
  55.     }
  56.  
  57.     if!empty($author&& antispam_check$author ) )
  58.     {
  59.         errors_addT_('Supplied name is invalid') );
  60.     }
  61.  
  62.     if!empty($email)
  63.         && !is_email($email)|| antispam_check$email ) ) )
  64.     {
  65.         errors_addT_('Supplied email address is invalid') );
  66.     }
  67.  
  68.     // add 'http://' if no protocol defined for URL
  69.     $url ((!stristr($url'://')) && ($url != '')) 'http://' $url $url;
  70.     ifstrlen($url){
  71.         $url '';
  72.     }
  73.     if$error validate_url$url$comments_allowed_uri_scheme ) )
  74.     {
  75.         errors_addT_('Supplied URL is invalid: '$error );
  76.     }
  77. }
  78.  
  79. $user_ip $_SERVER['REMOTE_ADDR'];
  80. $user_ip explode','$user_ip );
  81. $user_ip $user_ip[0];
  82.  
  83. $now date("Y-m-d H:i:s"$localtimenow );
  84.  
  85. // CHECK and FORMAT content
  86. //echo 'allowed tags:',htmlspecialchars($comment_allowed_tags);
  87. $original_comment strip_tags($comment$comment_allowed_tags);
  88. $comment format_to_post($original_comment$comment_autobr1);
  89.  
  90. ifempty($comment) )
  91. // comment should not be empty!
  92.     errors_addT_('Please do not send empty comment') );
  93. }
  94. elseifantispam_checkstrip_tags($comment) ) )
  95. {
  96.     errors_addT_('Supplied comment is invalid') );
  97. }
  98.  
  99. /* flood-protection */
  100. $query "SELECT max(comment_date)
  101.                     FROM $tablecomments
  102.                     WHERE comment_author_IP = '$user_ip'";
  103. $ok 1;
  104. if$then $DB->get_var$query ) )
  105. {
  106.     $time_lastcomment mysql2date("U",$then);
  107.     $time_newcomment mysql2date("U",$now);
  108.     if( ($time_newcomment $time_lastcomment$minimum_comment_interval )
  109.         $ok 0;
  110. }
  111. if!$ok )
  112. {
  113.     errors_addsprintfT_('You can only post a new comment every %d seconds.')$minimum_comment_interval ) );
  114. }
  115. /* end flood-protection */
  116.  
  117. iferrors_displayT_('Cannot post comment, please correct these errors:'),
  118.     '[<a href="javascript:history.go(-1)">'T_('Back to comment editing''</a>]' ) )
  119. {
  120.     exit();
  121. }
  122.  
  123. $query "INSERT INTO $tablecomments( comment_post_ID, comment_type, comment_author_ID, comment_author,
  124.                                                                             comment_author_email, comment_author_url, comment_author_IP,
  125.                                                                             comment_date, comment_content)
  126.                     VALUES( $comment_post_ID, 'comment', ".$DB->null($author_ID).",
  127.                                     ".$DB->quote($author).", ".$DB->quote($email).",
  128.                                     ".$DB->quote($url).",'".$DB->escape($user_ip)."','$now',
  129.                                     '".$DB->escape($comment)."' )";
  130. $DB->query$query );
  131.  
  132. /*
  133.  * New comment notification:
  134.  */
  135. $item_author_User $commented_Item->Author;
  136.  
  137. if$item_author_User->notify
  138.         && (!empty$item_author_User->email ))
  139.         && $author_ID != $item_author_User->ID )  // don't send if original author comments (is logged in)
  140. {    // Author wants to be notified and does not comment himself:
  141.     locale_temp_switch($item_author_User->locale);
  142.     $recipient $item_author_User->email;
  143.     $subject sprintfT_('New comment on your post #%d "%s"')$comment_post_ID$commented_Item->get('title') );
  144.     $Blog Blog_get_by_ID$commented_Item->blog_ID );
  145.  
  146.     $notify_message  sprintfT_('New comment on your post #%d "%s"')$comment_post_ID$commented_Item->get('title') )."\n";
  147.     $notify_message .= str_replace('&amp;''&'$commented_Item->gen_permalink'pid' ))."\n\n"// We use pid to get a short URL and avoid it to wrap on a new line in the mail which may prevent people from clicking
  148.     ifis_logged_in() )
  149.     {
  150.         $notify_message .= T_('Author').': '.$current_User->get('preferedname').
  151.                                                 ' ('.$current_User->get('login').")\n";
  152.     }
  153.     else
  154.     {
  155.         $user_domain gethostbyaddr($user_ip);
  156.         $notify_message .= T_('Author')."$author (IP: $user_ip$user_domain)\n";
  157.         $notify_message .= T_('Email')."$email\n";
  158.         $notify_message .= T_('Url')."$url\n";
  159.     }
  160.     $notify_message .= T_('Comment').": \n".$original_comment."\n\n";
  161.     $notify_message .= T_('Edit/Delete').': '.$admin_url.'/b2browse.php?blog='.$commented_Item->blog_ID.'&p='.$comment_post_ID."&c=1\n";
  162.  
  163.  
  164.     // echo "Sending notification to $recipient :<pre>$notify_message</pre>";
  165.  
  166.     ifis_logged_in() )
  167.         $mail_from $current_User->get('email');
  168.     elseifempty$email ) )
  169.         $mail_from $notify_from;
  170.     else
  171.         $mail_from "\"$author\" <$email>";
  172.  
  173.     send_mail$recipient$subject$notify_message$mail_from );
  174.     locale_restore_previous();
  175. }
  176.  
  177.  
  178. /*
  179.  * Handle cookies
  180.  */
  181. if$comment_cookies )
  182. {    // Set cookies:
  183.     if ($email == '')
  184.         $email ' '// this to make sure a cookie is set for 'no email'
  185.     if ($url == '')
  186.         $url ' '// this to make sure a cookie is set for 'no url'
  187.  
  188.     // fplanque: made cookies available for whole site
  189.     setcookie$cookie_name$author$cookie_expires$cookie_path$cookie_domain);
  190.     setcookie$cookie_email$email$cookie_expires$cookie_path$cookie_domain);
  191.     setcookie$cookie_url$url$cookie_expires$cookie_path$cookie_domain);
  192. }
  193. else
  194. {    // Erase cookies:
  195.     if!empty($_COOKIE[$cookie_name]) )
  196.     {
  197.         // echo "del1<br />";
  198.         setcookie('comment_author'''$cookie_expired'/');
  199.         setcookie('comment_author'''$cookie_expired$cookie_path$cookie_domain);
  200.         setcookie$cookie_name''$cookie_expired$cookie_path$cookie_domain);
  201.     }
  202.     if!empty($_COOKIE['comment_author_email']) )
  203.     {
  204.         // echo "del2<br />";
  205.         setcookie('comment_author_email'''$cookie_expired'/');
  206.         setcookie('comment_author_email'''$cookie_expired$cookie_path$cookie_domain);
  207.         setcookie$cookie_email''$cookie_expired$cookie_path$cookie_domain);
  208.     }
  209.     if!empty($_COOKIE['comment_author_url']) )
  210.     {
  211.         // echo "del3<br />";
  212.         setcookie('comment_author_url'''$cookie_expired'/');
  213.         setcookie('comment_author_url'''$cookie_expired$cookie_path$cookie_domain);
  214.         setcookie$cookie_url''$cookie_expired$cookie_path$cookie_domain);
  215.     }
  216. }
  217.  
  218. header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
  219. header('Last-Modified: ' gmdate('D, d M Y H:i:s'' GMT');
  220. header('Cache-Control: no-cache, must-revalidate');
  221. header('Pragma: no-cache');
  222.  
  223. param'redirect_to''string' );
  224. $location (!empty($redirect_to)) $redirect_to $_SERVER['HTTP_REFERER'];
  225. header'Refresh:0;url='.str_replace('&amp;''&'$location) );
  226.  
  227. ?>
htsrv

Packages

main
admin
conf
evocore
evoskins
htsrv
install
plugins
xmlsrv

Documentation generated on Tue, 20 May 2008 01:51:33 +0200 by phpDocumentor 1.4.2