| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.64 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 5 * Copyright (C) 2002-2009 The Nucleus Group 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 2 10 * of the License, or (at your option) any later version. 11 * (see nucleus/documentation/index.html#license for more info) 12 */ 13 /** 14 * A class representing the comments (all of them) for a certain post on a ceratin blog 15 * 16 * @license http://nucleuscms.org/license.txt GNU General Public License 17 * @copyright Copyright (C) 2002-2009 The Nucleus Group 18 * @version $Id: COMMENTS.php 1507 2011-03-14 16:59:39Z ftruscot $ 19 */ 20 21 if ( !function_exists('requestVar') ) exit; 22 require_once dirname(__FILE__) . '/COMMENTACTIONS.php'; 23 24 class COMMENTS { 25 26 // item for which comment are being displayed 27 var $itemid; 28 29 // reference to the itemActions object that is calling the showComments function 30 var $itemActions; 31 32 // total amount of comments displayed 33 var $commentcount; 34 35 /** 36 * Creates a new COMMENTS object for the given blog and item 37 * 38 * @param $itemid 39 * id of the item 40 */ 41 function COMMENTS($itemid) { 42 $this->itemid = intval($itemid); 43 } 44 45 /** 46 * Used when parsing comments 47 * 48 * @param $itemActions 49 * itemActions object, that will take care of the parsing 50 */ 51 function setItemActions(&$itemActions) { 52 $this->itemActions =& $itemActions; 53 } 54 55 /** 56 * Shows maximum $max comments to the given item using the given template 57 * returns the amount of shown comments (if maxToShow = -1, then there is no limit) 58 * 59 * @param template 60 * template to use 61 * @param maxToShow 62 * max. comments to show 63 * @param showNone 64 * indicates if the 'no comments' thingie should be outputted when there are no comments 65 * (useful for closed items) 66 * @param highlight 67 * Highlight to use (if any) 68 */ 69 function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') { 70 global $CONF, $manager; 71 72 // create parser object & action handler 73 $actions =& new COMMENTACTIONS($this); 74 $parser =& new PARSER($actions->getDefinedActions(),$actions); 75 $actions->setTemplate($template); 76 $actions->setParser($parser); 77 78 if ($maxToShow == 0) { 79 $this->commentcount = $this->amountComments(); 80 } else { 81 $query = 'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid' 82 . ' FROM '.sql_table('comment').' as c' 83 . ' WHERE c.citem=' . $this->itemid 84 . ' ORDER BY c.ctime'; 85 86 $comments = sql_query($query); 87 $this->commentcount = sql_num_rows($comments); 88 } 89 90 // if no result was found 91 if ($this->commentcount == 0) { 92 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used 93 if ($showNone) $parser->parse($template['COMMENTS_NONE']); 94 return 0; 95 } 96 97 // if too many comments to show 98 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) { 99 $parser->parse($template['COMMENTS_TOOMUCH']); 100 return 0; 101 } 102 103 $parser->parse($template['COMMENTS_HEADER']); 104 105 while ( $comment = sql_fetch_assoc($comments) ) { 106 $comment['timestamp'] = strtotime($comment['ctime']); 107 $actions->setCurrentComment($comment); 108 $actions->setHighlight($highlight); 109 $manager->notify('PreComment', array('comment' => &$comment)); 110 $parser->parse($template['COMMENTS_BODY']); 111 $manager->notify('PostComment', array('comment' => &$comment)); 112 } 113 114 $parser->parse($template['COMMENTS_FOOTER']); 115 116 sql_free_result($comments); 117 118 return $this->commentcount; 119 } 120 121 /** 122 * Returns the amount of comments for this itemid 123 */ 124 function amountComments() { 125 $query = 'SELECT COUNT(*)' 126 . ' FROM '.sql_table('comment').' as c' 127 . ' WHERE c.citem='. $this->itemid; 128 $res = sql_query($query); 129 $arr = sql_fetch_row($res); 130 131 return $arr[0]; 132 } 133 134 /** 135 * Adds a new comment to the database 136 * @param string $timestamp 137 * @param array $comment 138 * @return mixed 139 */ 140 function addComment($timestamp, $comment) 141 { 142 global $CONF, $member, $manager; 143 144 $blogid = getBlogIDFromItemID($this->itemid); 145 146 $settings =& $manager->getBlog($blogid); 147 $settings->readSettings(); 148 149 // begin if: comments disabled 150 if ( !$settings->commentsEnabled() ) 151 { 152 return _ERROR_COMMENTS_DISABLED; 153 } // end if 154 155 // begin if: public cannot comment 156 if ( !$settings->isPublic() && !$member->isLoggedIn() ) 157 { 158 return _ERROR_COMMENTS_NONPUBLIC; 159 } // end if 160 161 // begin if: comment uses a protected member name 162 if ( $CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user']) ) 163 { 164 return _ERROR_COMMENTS_MEMBERNICK; 165 } // end if 166 167 // begin if: email required, but missing (doesn't apply to members) 168 if ( $settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn() ) 169 { 170 return _ERROR_EMAIL_REQUIRED; 171 } // end if 172 173 ## Note usage of mb_strlen() vs strlen() below ## 174 175 // begin if: commenter's name is too long 176 if ( mb_strlen($comment['user']) > 40 ) 177 { 178 return _ERROR_USER_TOO_LONG; 179 } // end if 180 181 // begin if: commenter's email is too long 182 if ( mb_strlen($comment['email']) > 100 ) 183 { 184 return _ERROR_EMAIL_TOO_LONG; 185 } // end if 186 187 // begin if: commenter's url is too long 188 if ( mb_strlen($comment['userid']) > 100 ) 189 { 190 return _ERROR_URL_TOO_LONG; 191 } // end if 192 193 $comment['timestamp'] = $timestamp; 194 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR') ); 195 $comment['ip'] = serverVar('REMOTE_ADDR'); 196 197 // begin if: member is logged in, use that data 198 if ( $member->isLoggedIn() ) 199 { 200 $comment['memberid'] = $member->getID(); 201 $comment['user'] = ''; 202 $comment['userid'] = ''; 203 $comment['email'] = ''; 204 } 205 else 206 { 207 $comment['memberid'] = 0; 208 } 209 210 // spam check 211 $continue = FALSE; 212 $plugins = array(); 213 214 if ( isset($manager->subscriptions['ValidateForm']) ) 215 { 216 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']); 217 } 218 219 if ( isset($manager->subscriptions['PreAddComment']) ) 220 { 221 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']); 222 } 223 224 if ( isset($manager->subscriptions['PostAddComment']) ) 225 { 226 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']); 227 } 228 229 $plugins = array_unique($plugins); 230 231 while ( list(, $plugin) = each($plugins) ) 232 { 233 $p = $manager->getPlugin($plugin); 234 $continue = $continue || $p->supportsFeature('handleSpam'); 235 } 236 237 $spamcheck = array( 238 'type' => 'comment', 239 'body' => $comment['body'], 240 'id' => $comment['itemid'], 241 'live' => TRUE, 242 'return' => $continue 243 ); 244 245 // begin if: member logged in 246 if ( $member->isLoggedIn() ) 247 { 248 $spamcheck['author'] = $member->displayname; 249 $spamcheck['email'] = $member->email; 250 } 251 // else: public 252 else 253 { 254 $spamcheck['author'] = $comment['user']; 255 $spamcheck['email'] = $comment['email']; 256 $spamcheck['url'] = $comment['userid']; 257 } // end if 258 259 $manager->notify('SpamCheck', array('spamcheck' => &$spamcheck) ); 260 261 if ( !$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE ) 262 { 263 return _ERROR_COMMENTS_SPAM; 264 } 265 266 // isValidComment returns either "1" or an error message 267 $isvalid = $this->isValidComment($comment, $spamcheck); 268 269 if ( $isvalid != 1 ) 270 { 271 return $isvalid; 272 } 273 274 // begin if: send email to notification address 275 if ( $settings->getNotifyAddress() && $settings->notifyOnComment() ) 276 { 277 278 $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n"; 279 // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n"; 280 $temp = parse_url($CONF['Self']); 281 282 if ( $temp['scheme'] ) 283 { 284 $mailto_msg .= createItemLink($this->itemid) . "\n\n"; 285 } 286 else 287 { 288 $tempurl = $settings->getURL(); 289 290 if ( substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php' ) 291 { 292 $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n"; 293 } 294 else 295 { 296 $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n"; 297 } 298 } 299 300 if ( $comment['memberid'] == 0 ) 301 { 302 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n"; 303 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n"; 304 } 305 else 306 { 307 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; 308 } 309 310 $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n"; 311 $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n"; 312 $mailto_msg .= getMailFooter(); 313 314 $item =& $manager->getItem($this->itemid, 0, 0); 315 $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')'; 316 317 $frommail = $member->getNotifyFromMailAddress($comment['email']); 318 319 $notify =& new NOTIFICATION($settings->getNotifyAddress() ); 320 $notify->notify($mailto_title, $mailto_msg , $frommail); 321 } 322 323 $comment = COMMENT::prepare($comment); 324 325 $manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) ); 326 327 $name = sql_real_escape_string($comment['user']); 328 $url = sql_real_escape_string($comment['userid']); 329 $email = sql_real_escape_string($comment['email']); 330 $body = sql_real_escape_string($comment['body']); 331 $host = sql_real_escape_string($comment['host']); 332 $ip = sql_real_escape_string($comment['ip']); 333 $memberid = intval($comment['memberid']); 334 $timestamp = date('Y-m-d H:i:s', $comment['timestamp']); 335 $itemid = $this->itemid; 336 337 $qSql = 'SELECT COUNT(*) AS result ' 338 . 'FROM ' . sql_table('comment') 339 . ' WHERE ' 340 . 'cmail = "' . $url . '"' 341 . ' AND cmember = "' . $memberid . '"' 342 . ' AND cbody = "' . $body . '"' 343 . ' AND citem = "' . $itemid . '"' 344 . ' AND cblog = "' . $blogid . '"'; 345 $result = (integer) quickQuery($qSql); 346 347 if ( $result > 0 ) 348 { 349 return _ERROR_BADACTION; 350 } 351 352 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' 353 . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')"; 354 355 sql_query($query); 356 357 // post add comment 358 $commentid = sql_insert_id(); 359 $manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) ); 360 361 // succeeded ! 362 return TRUE; 363 } 364 365 366 /** 367 * Checks if a comment is valid and call plugins 368 * that can check if the comment is a spam comment 369 */ 370 function isValidComment(&$comment, &$spamcheck) { 371 372 global $member, $manager; 373 374 // check if there exists a item for this date 375 $item =& $manager->getItem($this->itemid, 0, 0); 376 377 if (!$item) 378 { 379 return _ERROR_NOSUCHITEM; 380 } 381 382 if ($item['closed']) 383 { 384 return _ERROR_ITEMCLOSED; 385 } 386 387 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 388 # original eregi comparison: eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}', $comment['body']) != FALSE 389 390 // don't allow words that are too long 391 if (preg_match('/[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}/', $comment['body']) != 0) 392 { 393 return _ERROR_COMMENT_LONGWORD; 394 } 395 396 // check lengths of comment 397 if (strlen($comment['body']) < 3) 398 { 399 return _ERROR_COMMENT_NOCOMMENT; 400 } 401 402 if (strlen($comment['body']) > 5000) 403 { 404 return _ERROR_COMMENT_TOOLONG; 405 } 406 407 // only check username if no member logged in 408 if (!$member->isLoggedIn() ) 409 { 410 411 if (strlen($comment['user']) < 2) 412 { 413 return _ERROR_COMMENT_NOUSERNAME; 414 } 415 416 } 417 418 if ((strlen($comment['email']) != 0) && !(isValidMailAddress(trim($comment['email']) ) ) ) 419 { 420 return _ERROR_BADMAILADDRESS; 421 } 422 423 // let plugins do verification (any plugin which thinks the comment is invalid 424 // can change 'error' to something other than '1') 425 $result = 1; 426 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck) ); 427 428 return $result; 429 } 430 431 } 432 433 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon May 2 16:14:08 2011 | Cross-referenced by PHPXref 0.7.1 |