WordPress/b2comments.post.php

145 lines
4.7 KiB
PHP
Raw Normal View History

<?php
require_once('wp-config.php');
require_once($abspath.$b2inc.'/b2template.functions.php');
require_once($abspath.$b2inc.'/b2vars.php');
require_once($abspath.$b2inc.'/b2functions.php');
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
}
}
return $array;
}
if (!get_magic_quotes_gpc()) {
$HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS);
$HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}
$author = trim(strip_tags($HTTP_POST_VARS['author']));
$email = trim(strip_tags($HTTP_POST_VARS['email']));
if (strlen($email) < 6)
$email = '';
$url = trim(strip_tags($HTTP_POST_VARS['url']));
$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
if (strlen($url) < 7)
$url = '';
$comment = trim($HTTP_POST_VARS['comment']);
$original_comment = $comment;
$comment_post_ID = intval($HTTP_POST_VARS['comment_post_ID']);
$user_ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
$user_domain = gethostbyaddr($user_ip);
$commentstatus = $wpdb->get_var("SELECT comment_status FROM $tableposts WHERE ID = $comment_post_ID");
if ('closed' == $commentstatus)
die('Sorry, comments are closed for this item.');
if ($require_name_email && ($email == '' || $email == '@' || $author == '' || $author == 'name')) { //original fix by Dodo, and then Drinyth
echo 'Error: please fill the required fields (name, email).';
exit;
}
if ($comment == 'comment' || $comment == '') {
echo "Error: please type a comment";
exit;
}
$time_difference = get_settings('time_difference');
$now = date('Y-m-d H:i:s',(time() + ($time_difference * 3600)));
$comment = strip_tags($comment, $comment_allowed_tags);
$comment = balanceTags($comment, 1);
$comment = convert_chars($comment);
$comment = format_to_post($comment);
$comment_author = $author;
$comment_author_email = $email;
$comment_author_url = $url;
$author = addslashes($author);
$email = addslashes($email);
$url = addslashes($url);
/* flood-protection */
$lasttime = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
$ok = true;
if (!empty($lasttime)) {
$time_lastcomment= mysql2date('U', $lasttime);
$time_newcomment= mysql2date('U', "$now");
if (($time_newcomment - $time_lastcomment) < 10)
$ok = false;
}
/* end flood-protection */
if ($ok) { // if there was no comment from this IP in the last 10 seconds
$comment_moderation = get_settings("comment_moderation");
$moderation_notify = get_settings("moderation_notify");
// o42: this place could be the hook for further comment spam checking
// $approved should be set according the final approval status
// of the new comment
if ('manual' == $comment_moderation) {
$approved = 0;
} else if ('auto' == $comment_moderation) {
$approved = 0;
} else { // none
$approved = 1;
}
$wpdb->query("INSERT INTO $tablecomments (comment_ID,comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content,comment_karma,comment_approved) VALUES ('0', '$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$comment', '0', '$approved')");
// o42: this should be changed as soon as other sql dbs are supported
// as it's proprietary to mysql
$comment_ID = $wpdb->get_var("SELECT last_insert_id()");
$fp = fopen("/tmp/wpdebug.txt", "w+");
fwrite($fp, "comment_moderation: $comment_moderation\n");
fwrite($fp, "moderation_notify : $moderation_notify\n");
if (($moderation_notify) && (!$approved)) {
wp_notify_moderator($comment_ID);
fwrite($fp, "notify moderator -> $comment_ID\n");
}
if (($comment_notify) && ($approved)) {
wp_notify_postauthor($comment_ID);
fwrite($fp, "notify postauthor -> $comment_ID\n");
}
fclose($fp);
if ($email == '')
$email = ' '; // this to make sure a cookie is set for 'no email'
if ($url == '')
$url = ' '; // this to make sure a cookie is set for 'no url'
setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
$location = (!empty($HTTP_POST_VARS['redirect_to'])) ? $HTTP_POST_VARS['redirect_to'] : $HTTP_SERVER_VARS["HTTP_REFERER"];
if ($is_IIS) {
header("Refresh: 0;url=$location");
} else {
header("Location: $location");
}
} else {
die('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.');
}
?>