includes/comment.php
author Dan
Thu, 20 Aug 2009 20:19:20 -0400
changeset 1083 ef2dbcac5d56
parent 1081 745200a9cc2a
child 1085 3343a05e7e5b
permissions -rw-r--r--
SECURITY: UCP: Added CSRF protection on Profile (unneeded on EmailPassword due to USER_LEVEL_CHPREF requirement)
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     1
<?php
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     2
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     3
/*
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1016
diff changeset
     5
 * Copyright (C) 2006-2009 Dan Fuhry
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     6
 *
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     7
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     8
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     9
 *
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    10
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    11
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    12
 */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    13
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    14
/**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    15
 * Class that handles comments. Has HTML/Javascript frontend support.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    16
 * @package Enano CMS
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    17
 * @subpackage Comment manager
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 748
diff changeset
    18
 * @license GNU General Public License <http://www.gnu.org/licenses/gpl-2.0.html>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    19
 */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    20
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    21
class Comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    22
{
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    23
  #
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    24
  # VARIABLES
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    25
  #
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    26
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    27
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    28
   * Current list of comments.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    29
   * @var array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    30
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    31
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    32
  var $comments = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    33
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    34
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    35
   * Object to track permissions.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    36
   * @var object
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    37
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    38
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    39
  var $perms;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    40
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    41
  #
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    42
  # METHODS
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    43
  #
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    44
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    45
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    46
   * Constructor.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    47
   * @param string Page ID of the page to load comments for
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    48
   * @param string Namespace of the page to load comments for
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    49
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    50
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    51
  function __construct($page_id, $namespace)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    52
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    53
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    54
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    55
    // Initialize permissions
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 320
diff changeset
    56
    if ( $page_id == $paths->page_id && $namespace == $paths->namespace )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    57
      $this->perms =& $GLOBALS['session'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    58
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    59
      $this->perms = $session->fetch_page_acl($page_id, $namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    60
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    61
    $this->page_id = $db->escape($page_id);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    62
    $this->namespace = $db->escape($namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    63
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    64
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    65
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    66
   * Processes a command in JSON format.
1016
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    67
   * @param mixed Either the JSON-encoded input string, probably something sent from the Javascript/AJAX frontend, or an equivalent array
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    68
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    69
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    70
  function process_json($json)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    71
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    72
    global $db, $session, $paths, $template, $plugins; // Common objects
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
    73
    global $lang;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
    74
    
1016
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    75
    $is_json = !is_array($json);
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    76
    
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    77
    if ( $is_json )
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    78
    {
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    79
      $data = enano_json_decode($json);
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    80
      $data = decode_unicode_array($data);
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    81
    }
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    82
    else
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    83
    {
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    84
      $data =& $json;
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
    85
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    86
    if ( !isset($data['mode']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    87
    {
86
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents: 78
diff changeset
    88
      $ret = Array('mode'=>'error','error'=>'No mode defined!');
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
    89
      echo enano_json_encode($ret);
86
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents: 78
diff changeset
    90
      return $ret;
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents: 78
diff changeset
    91
    }
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 825
diff changeset
    92
    if ( getConfig('enable_comments', '1') == '0' )
86
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents: 78
diff changeset
    93
    {
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents: 78
diff changeset
    94
      $ret = Array('mode'=>'error','error'=>'Comments are not enabled on this site.');
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
    95
      echo enano_json_encode($ret);
86
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents: 78
diff changeset
    96
      return $ret;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    97
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    98
    $ret = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    99
    $ret['mode'] = $data['mode'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   100
    switch ( $data['mode'] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   101
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   102
      case 'fetch':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   103
        if ( !$template->theme_loaded )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   104
          $template->load_theme();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   105
        if ( !isset($data['have_template']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   106
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   107
          $ret['template'] = file_get_contents(ENANO_ROOT . '/themes/' . $template->theme . '/comment.tpl');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   108
        }
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 541
diff changeset
   109
        $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,( c.ip_address IS NOT NULL ) AS have_ip,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type, b.buddy_id IS NOT NULL AS is_buddy, ( b.is_friend IS NOT NULL AND b.is_friend=1 ) AS is_friend FROM '.table_prefix.'comments AS c
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   110
                               LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   111
                                 ON (u.user_id=c.user_id)
108
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   112
                               LEFT JOIN '.table_prefix.'buddies AS b
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   113
                                 ON ( ( b.user_id=' . $session->user_id.' AND b.buddy_user_id=c.user_id ) OR b.user_id IS NULL)
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   114
                               LEFT JOIN '.table_prefix.'ranks AS r
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   115
                                 ON ( ( u.user_rank = r.rank_id ) )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   116
                               WHERE page_id=\'' . $this->page_id . '\'
108
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   117
                                 AND namespace=\'' . $this->namespace . '\'
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 541
diff changeset
   118
                               GROUP BY c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,c.ip_address,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type,b.buddy_id,b.is_friend
108
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   119
                               ORDER BY c.time ASC;');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   120
        $count_appr = 0;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   121
        $count_total = 0;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   122
        $count_unappr = 0;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   123
        $ret['comments'] = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   124
        if (!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   125
          $db->die_json();
1011
96119a79cf81 Comments: fixed failure to supply $q to fetchrow() in JSON fetcher
Dan
parents: 972
diff changeset
   126
        if ( $row = $db->fetchrow($q) )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   127
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   128
          do {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   129
            
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   130
            // Increment counters
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   131
            $count_total++;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   132
            ( $row['approved'] == 1 ) ? $count_appr++ : $count_unappr++;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   133
            
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   134
            if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] != COMMENT_APPROVED )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   135
              continue;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   136
            
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   137
            // Localize the rank
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   138
            $row = array_merge($row, $session->get_user_rank(intval($row['user_id'])));
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   139
            
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   140
            // Send the source
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   141
            $row['comment_source'] = $row['comment_data'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   142
            
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   143
            // Format text
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   144
            $row['comment_data'] = RenderMan::render($row['comment_data']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   145
            
108
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   146
            if ( $row['is_buddy'] == 1 && $row['is_friend'] == 0 )
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   147
            {
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   148
              $seed = md5(sha1(mt_rand() . microtime()));
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   149
              $wrapper = '
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   150
                <div id="posthide_'.$seed.'" style="display: none;">
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   151
                  ' . $row['comment_data'] . '
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   152
                </div>
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   153
                <p><span style="opacity: 0.4; filter: alpha(opacity=40);">' . $lang->get('comment_msg_foe_comment_hidden') . '</span> <span style="text-align: right;"><a href="#showpost" onclick="document.getElementById(\'posthide_'.$seed.'\').style.display=\'block\'; this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">' . $lang->get('comment_btn_display_foe_comment') . '</a></span></p>
108
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   154
              ';
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   155
              $row['comment_data'] = $wrapper;
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   156
            }
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
parents: 86
diff changeset
   157
            
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   158
            // Format date
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1016
diff changeset
   159
            $row['time'] = enano_date(ED_DATE | ED_TIME, $row['time']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   160
            
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   161
            // Format signature
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   162
            $row['signature'] = ( !empty($row['signature']) ) ? RenderMan::render($row['signature']) : '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   163
            
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   164
            // Do we have the IP?
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   165
            $row['have_ip'] = ( $row['have_ip'] == 1 );
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   166
            
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   167
            // Avatar URL
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 541
diff changeset
   168
            $row['avatar_path'] = make_avatar_url($row['user_id'], $row['avatar_type'], $row['email']);
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   169
            
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   170
            // Add the comment to the list
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   171
            $ret['comments'][] = $row;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   172
            
1011
96119a79cf81 Comments: fixed failure to supply $q to fetchrow() in JSON fetcher
Dan
parents: 972
diff changeset
   173
          } while ( $row = $db->fetchrow($q) );
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   174
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   175
        $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   176
        $ret['count_appr'] = $count_appr;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   177
        $ret['count_total'] = $count_total;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   178
        $ret['count_unappr'] = $count_unappr;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   179
        $ret['auth_mod_comments'] = $this->perms->get_permissions('mod_comments');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   180
        $ret['auth_post_comments'] = $this->perms->get_permissions('post_comments');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   181
        $ret['auth_edit_comments'] = $this->perms->get_permissions('edit_comments');
748
e39454295bbb Added makeSwitchable Dynano method for textareas; enabled support for makeSwitchable in comment runtime
Dan
parents: 685
diff changeset
   182
        $ret['auth_edit_wysiwyg'] = $this->perms->get_permissions('edit_wysiwyg');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   183
        $ret['user_id'] = $session->user_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   184
        $ret['username'] = $session->username;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   185
        $ret['logged_in'] = $session->user_logged_in;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   186
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   187
        $ret['user_level'] = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   188
        $ret['user_level']['guest'] = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   189
        $ret['user_level']['member'] = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   190
        $ret['user_level']['mod'] = USER_LEVEL_MOD;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   191
        $ret['user_level']['admin'] = USER_LEVEL_ADMIN;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   192
        
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 825
diff changeset
   193
        $ret['approval_needed'] = ( getConfig('approve_comments', '0') == '1' );
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   194
        $ret['guest_posting'] = getConfig('comments_need_login');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   195
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   196
        if ( $ret['guest_posting'] == '1' && !$session->user_logged_in )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   197
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   198
          $session->kill_captcha();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   199
          $ret['captcha'] = $session->make_captcha();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   200
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   201
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   202
      case 'edit':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   203
        $cid = (string)$data['id'];
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   204
        if ( !ctype_digit($cid) || intval($cid) < 1 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   205
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   206
          echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   207
          return false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   208
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   209
        $cid = intval($cid);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   210
        $q = $db->sql_query('SELECT c.user_id,c.approved FROM '.table_prefix.'comments c LEFT JOIN '.table_prefix.'users u ON (u.user_id=c.user_id) WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   211
        if(!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   212
          $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   213
        $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   214
        $uid = intval($row['user_id']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   215
        $can_edit = ( ( $uid == $session->user_id && $uid != 1 && $this->perms->get_permissions('edit_comments') ) || ( $this->perms->get_permissions('mod_comments') ) );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   216
        if(!$can_edit)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   217
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   218
          echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   219
          return false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   220
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   221
        $data['data'] = str_replace("\r", '', $data['data']); // Windows compatibility
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   222
        $text = RenderMan::preprocess_text($data['data'], true, false);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   223
        $text2 = $db->escape($text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   224
        $subj = $db->escape(htmlspecialchars($data['subj']));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   225
        $q = $db->sql_query('UPDATE '.table_prefix.'comments SET subject=\'' . $subj . '\',comment_data=\'' . $text2 . '\' WHERE comment_id=' . $cid . ';');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   226
        if(!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   227
          $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   228
        $ret = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   229
            'mode' => 'redraw',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   230
            'id'   => $data['local_id'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   231
            'subj' => htmlspecialchars($data['subj']),
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   232
            'text' => RenderMan::render($text),
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   233
            'src'  => $text,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   234
            'approved' => $row['approved']
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   235
          );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   236
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   237
      case 'delete':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   238
        $cid = (string)$data['id'];
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   239
        if ( !ctype_digit($cid) || intval($cid) < 1 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   240
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   241
          echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   242
          return false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   243
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   244
        $cid = intval($cid);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   245
        $q = $db->sql_query('SELECT c.user_id FROM '.table_prefix.'comments c LEFT JOIN '.table_prefix.'users u ON (u.user_id=c.user_id) WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   246
        if(!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   247
          $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   248
        $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   249
        $uid = intval($row['user_id']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   250
        $can_edit = ( ( $uid == $session->user_id && $uid != 1 && $this->perms->get_permissions('edit_comments') ) || ( $this->perms->get_permissions('mod_comments') ) );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   251
        if(!$can_edit)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   252
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   253
          echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   254
          return false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   255
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   256
        $q = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   257
        if(!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   258
          $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   259
        $ret = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   260
            'mode' => 'annihilate',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   261
            'id'   => $data['local_id']
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   262
          );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   263
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   264
      case 'submit':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   265
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   266
        // Now for a huge round of security checks...
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   267
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   268
        $errors = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   269
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   270
        // Authorization
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   271
        // Like the rest of the ACL system, this call is a one-stop check for ALL ACL entries.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   272
        if ( !$this->perms->get_permissions('post_comments') )
74
68469a95658d Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
parents: 73
diff changeset
   273
          $errors[] = 'The site security policy prevents your user account from posting comments;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   274
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   275
        // Guest authorization
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   276
        if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in )
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   277
          $errors[] = $lang->get('comment_err_need_login');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   278
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   279
        // CAPTCHA code
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   280
        if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   281
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   282
          $real_code = $session->get_captcha($data['captcha_id']);
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   283
          if ( strtolower($real_code) !== strtolower($data['captcha_code']) )
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   284
            $errors[] = $lang->get('comment_err_captcha_wrong');
263
d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
parents: 166
diff changeset
   285
          $session->kill_captcha();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   286
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   287
        
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   288
        // Spam check
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   289
        $spam_policy = getConfig('comment_spam_policy', 'moderate');
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   290
        $sc_name = ( $session->user_logged_in ) ? $session->username : $data['name'];
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   291
        $sc_mail = ( $session->user_logged_in ) ? $session->email : false;
972
437f2505d340 Band-Aided user_homepage undefined index error in comments.
Dan
parents: 832
diff changeset
   292
        $sc_url  = ( $session->user_logged_in ) ? @$session->user_extra['user_homepage'] : false;
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   293
        $spamcheck = $spam_policy === 'accept' ? true : spamalyze($data['text'], $sc_name, $sc_mail, $sc_url);
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   294
        if ( !$spamcheck && $spam_policy === 'reject' )
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   295
        {
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   296
          $errors[] = $lang->get('comment_err_spamcheck_failed_rejected');
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   297
        }
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   298
        
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   299
        if ( count($errors) > 0 )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   300
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   301
          $ret = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   302
            'mode' => 'error',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   303
            'error' => implode("\n", $errors)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   304
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   305
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   306
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   307
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   308
          // We're authorized!
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   309
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   310
          // Preprocess
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   311
          $name = ( $session->user_logged_in ) ? htmlspecialchars($session->username) : htmlspecialchars($data['name']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   312
          $subj = htmlspecialchars($data['subj']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   313
          $text = RenderMan::preprocess_text($data['text'], true, false);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   314
          $src = $text;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   315
          $sql_text = $db->escape($text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   316
          $text = RenderMan::render($text);
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 825
diff changeset
   317
          $appr = ( getConfig('approve_comments', '0') == '1' ) ? COMMENT_UNAPPROVED : COMMENT_APPROVED;
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   318
          if ( $appr === COMMENT_APPROVED && $spam_policy === 'moderate' && !$spamcheck )
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   319
            $appr = COMMENT_SPAM;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   320
          $time = time();
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1016
diff changeset
   321
          $date = enano_date(ED_DATE | ED_TIME, $time);
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   322
          $ip = $_SERVER['REMOTE_ADDR'];
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   323
          if ( !is_valid_ip($ip) )
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   324
            die('Hacking attempt');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   325
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   326
          // Send it to the database
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   327
          $q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id, ip_address) VALUES' . "\n  " .
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   328
                             "('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, {$session->user_id}, '$ip');");
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   329
          if(!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   330
            $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   331
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   332
          // Re-fetch
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 541
diff changeset
   333
          $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type FROM '.table_prefix.'comments AS c
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   334
                               LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   335
                                 ON (u.user_id=c.user_id)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   336
                               WHERE page_id=\'' . $this->page_id . '\'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   337
                                 AND namespace=\'' . $this->namespace . '\'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   338
                                 AND time='.$time.' ORDER BY comment_id DESC LIMIT 1;');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   339
          if(!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   340
            $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   341
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   342
          $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   343
          $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   344
          $row['time'] = $date;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   345
          $row['comment_data'] = $text;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   346
          $row['comment_source'] = $src;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   347
          $ret = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   348
              'mode' => 'materialize'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   349
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   350
          $ret = enano_safe_array_merge($ret, $row);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   351
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   352
          $ret['auth_mod_comments'] = $this->perms->get_permissions('mod_comments');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   353
          $ret['auth_post_comments'] = $this->perms->get_permissions('post_comments');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   354
          $ret['auth_edit_comments'] = $this->perms->get_permissions('edit_comments');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   355
          $ret['user_id'] = $session->user_id;
541
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents: 536
diff changeset
   356
          $ret['rank_data'] = $session->get_user_rank($session->user_id);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   357
          $ret['username'] = $session->username;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   358
          $ret['logged_in'] = $session->user_logged_in;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   359
          $ret['signature'] = RenderMan::render($row['signature']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   360
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   361
          $ret['user_level_list'] = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   362
          $ret['user_level_list']['guest'] = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   363
          $ret['user_level_list']['member'] = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   364
          $ret['user_level_list']['mod'] = USER_LEVEL_MOD;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   365
          $ret['user_level_list']['admin'] = USER_LEVEL_ADMIN;
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 541
diff changeset
   366
          $ret['avatar_path'] = make_avatar_url($row['user_id'], $row['avatar_type'], $row['email']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   367
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   368
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   369
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   370
      case 'approve':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   371
        if ( !$this->perms->get_permissions('mod_comments') )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   372
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   373
          $ret = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   374
          'mode' => 'error', 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   375
          'error' => 'You are not authorized to moderate comments.'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   376
          );
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
   377
          echo enano_json_encode($ret);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   378
          return $ret;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   379
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   380
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   381
        $cid = (string)$data['id'];
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   382
        if ( !ctype_digit($cid) || intval($cid) < 1 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   383
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   384
          echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   385
          return false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   386
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   387
        $cid = intval($cid);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   388
        $q = $db->sql_query('SELECT subject,approved FROM '.table_prefix.'comments WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   389
        if(!$q || $db->numrows() < 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   390
          $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   391
        $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   392
        $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   393
        $appr = ( $row['approved'] == '1' ) ? '0' : '1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   394
        $q = $db->sql_query('UPDATE '.table_prefix."comments SET approved=$appr WHERE comment_id=$cid;");
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   395
        if (!$q)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   396
          $db->die_json();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   397
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   398
        $ret = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   399
            'mode' => 'redraw',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   400
            'approved' => $appr,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   401
            'subj' => $row['subject'],
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 21
diff changeset
   402
            'id'   => $data['local_id'],
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 21
diff changeset
   403
            'approve_updated' => 'yes'
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   404
          );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   405
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   406
        break;
359
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   407
      case 'view_ip':
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   408
        if ( !$session->get_permissions('mod_comments') )
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   409
        {
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   410
          return array(
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   411
              'mode' => 'error',
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   412
              'error' => 'Unauthorized'
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   413
            );
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   414
        }
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   415
        // fetch comment info
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   416
        if ( !is_int($data['id']) )
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   417
        {
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   418
          return array(
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   419
              'mode' => 'error',
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   420
              'error' => 'Unauthorized'
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   421
            );
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   422
        }
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   423
        $id =& $data['id'];
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   424
        $q = $db->sql_query('SELECT ip_address, name FROM ' . table_prefix . 'comments WHERE comment_id = ' . $id . ';');
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   425
        if ( !$q || $db->numrows() < 1 )
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   426
        {
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   427
          $db->die_json();
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   428
        }
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   429
        list($ip_addr, $name) = $db->fetchrow_num($q);
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   430
        $db->free_result();
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   431
        $name = $db->escape($name);
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   432
        $username = $db->escape($session->username);
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   433
        // log this action
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   434
        $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs(time_id, log_type, action, page_text, author, edit_summary) VALUES\n  "
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   435
                            . "( " . time() . ", 'security', 'view_comment_ip', '$name', '$username', '{$_SERVER['REMOTE_ADDR']}' );");
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   436
        if ( !$q )
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   437
          $db->die_json();
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   438
        
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   439
        // send packet
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   440
        $ret = array(
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   441
            'mode' => 'redraw',
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   442
            'ip_addr' => $ip_addr,
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   443
            'local_id' => $data['local_id']
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   444
          );
e0787bb6285b Implemented IP logging for comments and registration
Dan
parents: 345
diff changeset
   445
        break;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   446
      default:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   447
        $ret = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   448
          'mode' => 'error', 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   449
          'error' => $data['mode'] . ' is not a valid request mode'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   450
          );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   451
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   452
    }
1016
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
   453
    if ( $is_json )
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
   454
      echo enano_json_encode($ret);
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 1011
diff changeset
   455
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   456
    return $ret;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   457
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   458
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   459
} // class Comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   460