WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

otaku42's comment moderation patches 

git-svn-id: http://svn.automattic.com/wordpress/trunk@546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
emc3 2003-11-12 15:22:47 +00:00
parent b16ad38d3a
commit f49f11b3dd
16 changed files with 983 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
b2-include/b2functions.php
View File

@ -546,10 +546,14 @@ function get_postdata2($postid=0) { // less flexible, but saves DB queries
return $postdata;
}
function get_commentdata($comment_ID,$no_cache=0) { // less flexible, but saves DB queries
function get_commentdata($comment_ID,$no_cache=0,$include_unapproved=false) { // less flexible, but saves DB queries
global $postc,$id,$commentdata,$tablecomments,$querycount, $wpdb;
if ($no_cache) {
$myrow = $wpdb->get_row("SELECT * FROM $tablecomments WHERE comment_ID = $comment_ID", ARRAY_A);
$query = "SELECT * FROM $tablecomments WHERE comment_ID = $comment_ID";
if (false == $include_unapproved) {
$query .= " AND comment_approved = '1'";
}
$myrow = $wpdb->get_row($query, ARRAY_A);
++$querycount;
} else {
$myrow['comment_ID']=$postc->comment_ID;
@ -1310,6 +1314,147 @@ function pingGeoURL($blog_ID) {
getRemoteFile($host,$path);
}
/* wp_set_comment_status:
part of otaku42's comment moderation hack
changes the status of a comment according to $comment_status.
allowed values:
hold : set comment_approve field to 0
approve: set comment_approve field to 1
delete : remove comment out of database
returns true if change could be applied
returns false on database error or invalid value for $comment_status
*/
function wp_set_comment_status($comment_id, $comment_status) {
global $wpdb, $tablecomments;
switch($comment_status) {
case 'hold':
$query = "UPDATE $tablecomments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
break;
case 'approve':
$query = "UPDATE $tablecomments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
break;
case 'delete':
$query = "DELETE FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1";
break;
default:
return false;
}
if ($wpdb->query($query)) {
return true;
} else {
return false;
}
}
/* wp_get_comment_status
part of otaku42's comment moderation hack
gets the current status of a comment
returned values:
"approved" : comment has been approved
"unapproved": comment has not been approved
"deleted ": comment not found in database
a (boolean) false signals an error
*/
function wp_get_comment_status($comment_id) {
global $wpdb, $tablecomments;
$result = $wpdb->get_var("SELECT comment_approved FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1");
if ($result == NULL) {
return "deleted";
} else if ($result == "1") {
return "approved";
} else if ($result == "0") {
return "unapproved";
} else {
return false;
}
}
/* wp_notify_postauthor
notifies the author of a post about a new comment
needs the id of the new comment
always returns true
*/
function wp_notify_postauthor($comment_id) {
global $wpdb, $tablecomments, $tableposts, $tableusers;
global $querystring_start, $querystring_equal, $querystring_separator;
global $blogfilename, $blogname, $siteurl;
$comment = $wpdb->get_row("SELECT * FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID='$post->post_author' LIMIT 1");
if ("" != $user->user_email) {
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$notify_message = "New comment on your post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "E-mail : $comment->comment_author_email\r\n";
$notify_message .= "URL : $comment->comment_author_url\r\n";
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
$notify_message .= "You can see all comments on this post here: \r\n";
$notify_message .= $siteurl.'/'.$blogfilename.'?p='.$comment_post_ID.'&c=1#comments';
$subject = '[' . stripslashes($blogname) . '] Comment: "' .stripslashes($post->post_title).'"';
if ('' != $comment->comment_author_email) {
$from = "From: \"$comment->comment_author\" <$comment->comment_author_email>";
} else {
$from = 'From: "' . stripslashes($comment->comment_author) . "\" <$user->user_email>";
}
$from .= "\nX-Mailer: WordPress $b2_version with PHP/" . phpversion();
@mail($user->user_email, $subject, $notify_message, $from);
}
return true;
}
/* wp_notify_moderator
notifies the moderator of the blog (usually the admin)
about a new comment that waits for approval
always returns true
*/
function wp_notify_moderator($comment_id) {
global $wpdb, $tablecomments, $tableposts, $tableusers;
global $querystring_start, $querystring_equal, $querystring_separator;
global $blogfilename, $blogname, $siteurl;
$comment = $wpdb->get_row("SELECT * FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1");
$post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID='$post->post_author' LIMIT 1");
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $tablecomments WHERE comment_approved = '0'");
$notify_message = "A new comment on the post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\" is waiting for your approval\r\n\r\n";
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "E-mail : $comment->comment_author_email\r\n";
$notify_message .= "URL : $comment->comment_author_url\r\n";
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
$notify_message .= "To approve this comment, visit: $siteurl/wp-admin/wp-post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
$notify_message .= "To delete this comment, visit: $siteurl/wp-admin/wp-post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
$notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n";
$notify_message .= "$siteurl/wp-admin/wp-moderation.php\r\n";
$subject = '[' . stripslashes($blogname) . '] Please approve: "' .stripslashes($post->post_title).'"';
$admin_email = get_settings("admin_email");
$from = "From: $admin_email";
$from .= "\nX-Mailer: WordPress $b2_version with PHP/" . phpversion();
@mail($admin_email, $subject, $notify_message, $from);
return true;
}
// implementation of in_array that also should work on PHP3
if (!function_exists('in_array')) {

10
b2-include/b2template.functions.php
View File

@ -1403,9 +1403,13 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
// generic comments/trackbacks/pingbacks numbering
function comments_number($zero='No Comments', $one='1 Comment', $more='% Comments') {
function comments_number($zero='No Comments', $one='1 Comment', $more='% Comments', $include_unapproved = false) {
global $id, $comment, $tablecomments, $querycount, $wpdb;
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
$query = "SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = '$id'";
if (false == $include_unapproved) {
$query .= " AND comment_approved = '1'";
}
$number = $wpdb->get_var($query);
if ($number == 0) {
$blah = $zero;
} elseif ($number == 1) {
@ -1436,7 +1440,7 @@ function comments_popup_script($width=400, $height=400, $file='b2commentspopup.p
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash;
global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id AND comment_approved = '1'");
if (0 == $number && 'closed' == $post->comment_status) {
echo $none;
return;

15
b2comments.php
View File

@ -14,7 +14,7 @@
$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email_".$cookiehash]);
$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]);
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date");
?>
<!-- You can start editing here. -->
@ -73,6 +73,19 @@ if ($comments) {
<textarea name="comment" id="comment" cols="70" rows="4" tabindex="4"></textarea>
</p>
<?php
if ('none' != get_settings("comment_moderation")) {
?>
<p>
<strong>Please note:</strong><br />
This blog uses comment moderation. In other words: your comment will need approval
by the administrator before it will appear in the blog. Approval usually happens
within the next 24 hours. Please send your comment only once. Thank you.
</p>
<?php
} // comment_moderation != 'none'
?>
<p>
<input name="submit" type="submit" tabindex="5" value="Say it!" />
</p>

51
b2comments.post.php
View File

@ -82,38 +82,41 @@ if (!empty($lasttime)) {
if ($ok) { // if there was no comment from this IP in the last 10 seconds
$comment_moderation = get_settings("comment_moderation");
$moderation_notify = get_settings("moderation_notify");
$wpdb->query("INSERT INTO $tablecomments VALUES ('0', '$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$comment', '0')");
// o42: this place could be the hook for further comment spam checking
// $approved should be set according the final approval status
// of the new comment
if ('manual' == $comment_moderation) {
$approved = 0;
} else if ('auto' == $comment_moderation) {
$approved = 0;
} else { // none
$approved = 1;
}
$wpdb->query("INSERT INTO $tablecomments (comment_ID,comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content,comment_karma,comment_approved) VALUES ('0', '$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$comment', '0', '$approved')");
// o42: this should be changed as soon as other sql dbs are supported
// as it's proprietary to mysql
$comment_ID = $wpdb->get_var("SELECT last_insert_id()");
if ($comments_notify) {
$postdata = get_postdata($comment_post_ID);
$authordata = get_userdata($postdata['Author_ID']);
$fp = fopen("/tmp/wpdebug.txt", "w+");
fwrite($fp, "comment_moderation: $comment_moderation\n");
fwrite($fp, "moderation_notify : $moderation_notify\n");
if('' != $authordata->user_email) {
$notify_message = "New comment on your post #$comment_post_ID \"".stripslashes($postdata['Title'])."\"\r\n\r\n";
$notify_message .= "Author : $comment_author (IP: $user_ip , $user_domain)\r\n";
$notify_message .= "E-mail : $comment_author_email\r\n";
$notify_message .= "URL : $comment_author_url\r\n";
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$user_ip\r\n";
$notify_message .= "Delete : $siteurl/wp-admin/wp-post.php?action=deletecomment&p=$comment_post_ID&comment=$comment_ID \r\n";
$notify_message .= "Comment:\r\n".stripslashes($original_comment)."\r\n\r\n";
$notify_message .= "You can see all comments on this post here: \r\n";
$notify_message .= $siteurl.'/'.$blogfilename.$querystring_start.'p'.$querystring_equal.$comment_post_ID.$querystring_separator.'c'.$querystring_equal.'1#comments';
$subject = '[' . stripslashes($blogname) . '] Comment: "' .stripslashes($postdata['Title']).'"';
if ('' != $comment_author_email) {
$from = "From: \"$comment_author\" <$comment_author_email>\r\n";
} else {
$from = 'From: "' . stripslashes($comment_author) . "\" <$authordata->user_email>\r\n";
if (($moderation_notify) && (!$approved)) {
wp_notify_moderator($comment_ID);
fwrite($fp, "notify moderator -> $comment_ID\n");
}
$from .= "X-Mailer: WordPress $b2_version with PHP/" . phpversion();
@mail($authordata->user_email, $subject, $notify_message, $from);
}
if (($comment_notify) && ($approved)) {
wp_notify_postauthor($comment_ID);
fwrite($fp, "notify postauthor -> $comment_ID\n");
}
fclose($fp);
if ($email == '')
$email = ' '; // this to make sure a cookie is set for 'no email'

2
b2commentspopup.php
View File

@ -30,7 +30,7 @@ foreach ($posts as $post) { start_b2();
<ol id="comments">
<?php
// this line is WordPress' motor, do not delete it.
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date");
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie
echo("<li>".get_the_password_form()."</li></ol>");

4
b2login.php
View File

@ -297,7 +297,11 @@ if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0
<input type="hidden" name="popupurl" value="<?php echo $popupurl ?>" />
<input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
<?php } ?>
<?php if (isset($HTTP_GET_VARS["redirect_to"])) { ?>
<input type="hidden" name="redirect_to" value="<?php echo $HTTP_GET_VARS["redirect_to"] ?>" />
<?php } else { ?>
<input type="hidden" name="redirect_to" value="wp-admin/" />
<?php } ?>
<input type="hidden" name="action" value="login" />
<label>Login: <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label><br />
<label>Password: <input type="password" name="pwd" value="" size="20" tabindex="2" /></label><br />

1
wp-admin/b2menutop.txt
View File

@ -1,5 +1,6 @@
1 wp-post.php Post
1 edit.php Edit
3 wp-moderation.php Moderation
3 b2team.php Team
4 wp-options.php Options
3 b2categories.php Categories

3
wp-admin/b2verifauth.php
View File

@ -41,7 +41,8 @@ function veriflog() {
if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
$error="<strong>Error</strong>: wrong login or password";
}
header("Location: $siteurl/b2login.php");
$redir = "Location: $siteurl/b2login.php?redirect_to=" . urlencode($HTTP_SERVER_VARS["REQUEST_URI"]);
header($redir);
exit();
}
//}

7
wp-admin/edit-comments.php
View File

@ -143,6 +143,13 @@ echo $comments_nav_bar;
foreach ($comments as $comment) {
?>
<li style="border-bottom: 1px solid #ccc;">
<?php
$comment_status = wp_get_comment_status($comment->comment_ID);
if ("unapproved" == $comment_status) {
echo "<span class=\"unapproved\">";
}
?>
<p><strong>Name:</strong> <?php comment_author() ?> <?php if ($comment->comment_author_email) { ?>| <strong>Email:</strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_email) { ?> | <strong>URI:</strong> <?php comment_author_url_link() ?> <?php } ?>| <strong>IP:</strong> <?php comment_author_IP() ?></p>
<?php comment_text() ?>

24
wp-admin/edit.php
View File

@ -243,7 +243,7 @@ if ($posts) {
foreach ($posts as $post) { start_b2();
?>
<p>
<strong><?php the_time('Y/m/d @ H:i:s'); ?></strong> [ <a href="edit.php?p=<?php echo $id ?>&c=1"><?php comments_number('no comments', '1 comment', "% comments") ?></a>
<strong><?php the_time('Y/m/d @ H:i:s'); ?></strong> [ <a href="edit.php?p=<?php echo $id ?>&c=1"><?php comments_number('no comments', '1 comment', "% comments", true) ?></a>
<?php
if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
echo " - <a href='wp-post.php?action=edit&amp;post=$id";
@ -278,16 +278,36 @@ foreach ($posts as $post) { start_b2();
<!-- comment -->
<li>
<?php
$comment_status = wp_get_comment_status($comment->comment_ID);
if ("unapproved" == $comment_status) {
echo "<span class=\"unapproved\">";
}
?>
<?php comment_date('Y/m/d') ?> @ <?php comment_time() ?>
<?php
if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
echo "[ <a href=\"wp-post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">Edit</a>";
echo " - <a href=\"wp-post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('You are about to delete this comment by \'".$comment->comment_author."\'\\n \'OK\' to delete, \'Cancel\' to stop.')\">Delete</a> ]";
echo " - <a href=\"wp-post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('You are about to delete this comment by \'".$comment->comment_author."\'\\n \'OK\' to delete, \'Cancel\' to stop.')\">Delete</a> ";
if ( ('none' != $comment_status) && ($user_level >= 3) ) {
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
echo " - <a href=\"wp-post.php?action=unapprovecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">Unapprove</a> ";
} else {
echo " - <a href=\"wp-post.php?action=approvecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">Approve</a> ";
}
}
echo "]";
} // end if any comments to show
?>
<br />
<strong><?php comment_author() ?> ( <?php comment_author_email_link() ?> / <?php comment_author_url_link() ?> )</strong> (IP: <?php comment_author_IP() ?>)
<?php comment_text() ?>
<?php
if ("unapproved" == $comment_status) {
echo "</span>";
}
?>
</li>
<!-- /comment -->

332
wp-admin/upgrade-4-commod.php Normal file
View File

@ -0,0 +1,332 @@
<?php
$_wp_installing = 1;
require_once('../wp-config.php');
require_once('wp-install-helper.php');
$step = intval($HTTP_GET_VARS['step']);
if (!$step) $step = 0;
if (!step) $step = 0;
$file = basename(__FILE__);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<title>WordPress >Database upgrade for comment moderation hack</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style media="screen" type="text/css">
body {
font-family: Georgia, "Times New Roman", Times, serif;
margin-left: 15%;
margin-right: 15%;
}
#logo {
margin: 0;
padding: 0;
background-image: url(http://wordpress.org/images/wordpress.gif);
background-repeat: no-repeat;
height: 72px;
border-bottom: 4px solid #333;
}
#logo a {
display: block;
height: 72px;
}
#logo a span {
display: none;
}
p {
line-height: 140%;
}
</style>
</head>
<body>
<h1 id="logo"><a href="http://wordpress.org"><span>WordPress</span></a></h1>
<?php
switch($step) {
case 0:
?>
<p>This will upgrade your database in order to be able to use otaku42's comment
moderation hack.</p>
<p>First of all: <strong>backup your database!</strong> This script will make
changes to it and it could happen that things aren't going the way they should.
You have been warned.</p>
<p>What this hack does is simple: it introduces a new option for comment moderation.
Comment moderation means that new comments won't show up in your blog until they
have been approved. Approval happens either manually or automatically (not implemented
yet). This all is a first step towards comment spam prevention.
<br /> You will have a simple panel in the admin section that shows you waiting
comments. You can either approve or delete them, or hold them further for approval.</p>
<p>The procedure is easy: click on the next button and see if there
are any warnings popping up. If so, please report the problem(s) to me
(<a href="mailto:mrenzmann@otaku42.de">mrenzmann@otaku42.de</a>) so that I can
fix it/them.</p>
<p>The following passage (grey text) is of interest for you only if you are familiar
with WordPress development:</p>
<span style="color: #888888;">
<p>In order to have the patch working we need to extend the comment table with a
field that indicates whether the comment has been approved or not (<em>comment_approved</em>).
Its default value will be <em>1</em> so that comments are auto-approved when comment
moderation has been turned off by the admin.</p>
<p>The next thing is that we need an option to turn comment moderation on/off. It will
be named <em>comment_moderation</em> and can be found in <em>General blog
settings</em>.</p>
<p>Another option that gets inserted is <em>moderation_notify</em>. If turned on, a mail
will be sent to the admin to inform about the new (and possibly other) comment that is/are
waiting for his approval.</p>
</p>This upgrade procedure tries to be as save as possible by not relying on any hardcoded
values. For example it retrieves the id for option group <em>general blog settings</em>
rather than assuming it has the same id as in my own blog.</p>
</span>
<p>Ready?
<?php
echo "<a href=\"$file?step=1\">Let's go!</a></p>\n";
break; // end case 0
case 1:
$result = "";
$error_count = 0;
$continue = true;
// insert new column "comment_approved" to $tablecomments
if ($continue) {
$tablename = $tablecomments;
$tablecol = "comment_approved";
$ddl = "ALTER TABLE $tablecomments ADD COLUMN $tablecol ENUM('0','1') DEFAULT '1' NOT NULL";
$result .= "Adding column $tablecol to table $tablename: ";
if (maybe_add_column($tablename, $tablecol, $ddl)) {
$result .= "ok<br />\n";
$result .= "Indexing new column $tablecol: ";
$wpdb->query("ALTER TABLE $tablename ADD INDEX ($tablecol)");
$results = $wpdb->get_results("SHOW INDEX FROM $tablecomments");
foreach ($results as $row) {
if ($row->Key_name == $tablecol) {
$index=1;
}
}
if (1 == $index) {
$result .= "ok";
$continue = true;
} else {
$result .= "error";
++$error_count;
$continue = false;
}
} else {
$result .= "error (couldn't add column $tablecol)";
++$error_count;
$continue = false;
}
$result .= "<br />\n";
}
// insert new option "comment_moderation" to settings
if ($continue) {
$option = "comment_moderation";
$tablename = $tableoptions;
$ddl = "INSERT INTO $tablename "
. "(option_id, blog_id, option_name, option_can_override, option_type, "
. "option_value, option_width, option_height, option_description, "
. "option_admin_level) "
. "VALUES "
. "('0','0','$option','Y','5','none',20,8,'if enabled, comments will only be shown after they have been approved by you',8)";
$result .= "Adding new option $option to settings: ";
if ($wpdb->query($ddl)) {
$result .= "ok";
$continue = true;
} else {
$result .= "error";
++$error_count;
$continue = false;
}
$result .= "<br />\n";
}
// attach option to group "General blog settings"
if ($continue) {
// we take over here $option and $tablename from above
$group = "General blog settings";
$result .= "Inserting new option $option to settings group '$group': ";
$oid = $wpdb->get_var("SELECT option_id FROM $tablename WHERE option_name='$option'");
$gid = $wpdb->get_var("SELECT group_id FROM $tableoptiongroups WHERE group_name='$group'");
if (0 != $gid && 0 != $oid) {
$continue = true;
} else {
$result .= "error (couldn't determine option_id and/or group_id)";
++$error_count;
$continue = false;
}
}
if ($continue) {
$seq = $wpdb->get_var("SELECT MAX(seq) FROM $tableoptiongroup_options WHERE group_id='$gid'");
if (0 != $seq) {
$continue = true;
} else {
$result .= "error (couldn't determine sequence)";
++$error_count;
$continue = false;
}
}
if ($continue) {
++$seq;
$ddl = "INSERT INTO $tableoptiongroup_options (group_id, option_id, seq) "
. "VALUES ('$gid','$oid','$seq')";
if ($wpdb->query($ddl)) {
$result .= "ok";
} else {
$result .= "error";
++$error_count;
$continue = false;
}
$result .= "<br />\n";
}
// insert option values for new option "comment_moderation"
if ($continue) {
$tablename = $tableoptionvalues;
$result .= "Inserting option values for new option $option: ";
$ddl = array();
$ddl[] = "INSERT INTO $tablename (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) "
. "VALUES ('$oid','none','None',NULL,NULL,1)";
$ddl[] = "INSERT INTO $tablename (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) "
. "VALUES ('$oid','manual','Manual',NULL,NULL,2)";
$ddl[] = "INSERT INTO $tablename (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) "
. "VALUES ('$oid','auto','Automatic',NULL,NULL,3)";
for ($i = 0; $i < count($ddl); $i++) {
if ($wpdb->query($ddl[$i])) {
$success = true;
continue;
} else {
$success = false;
break;
}
}
if ($success) {
$result .= "ok";
} else {
$result .= "error";
++$error_count;
$continue = false;
}
$result .= "<br />\n";
}
// insert new option "moderation_notify" to settings
if ($continue) {
$option = "moderation_notify";
$tablename = $tableoptions;
$ddl = "INSERT INTO $tablename "
. "(option_id, blog_id, option_name, option_can_override, option_type, "
. "option_value, option_width, option_height, option_description, "
. "option_admin_level) "
. "VALUES "
. "('0','0','$option','Y','2','1',20,8,'set this to true if you want to be notified about new comments that wait for approval',8)";
$result .= "Adding new option $option to settings: ";
if ($wpdb->query($ddl)) {
$result .= "ok";
$continue = true;
} else {
$result .= "error";
++$error_count;
$continue = false;
}
$result .= "<br />\n";
}
// attach option to group "General blog settings"
if ($continue) {
// we take over here $option and $tablename from above
$group = "General blog settings";
$result .= "Inserting new option $option to settings group '$group': ";
$oid = $wpdb->get_var("SELECT option_id FROM $tablename WHERE option_name='$option'");
$gid = $wpdb->get_var("SELECT group_id FROM $tableoptiongroups WHERE group_name='$group'");
if (0 != $gid && 0 != $oid) {
$continue = true;
} else {
$result .= "error (couldn't determine option_id and/or group_id)";
++$error_count;
$continue = false;
}
}
if ($continue) {
$seq = $wpdb->get_var("SELECT MAX(seq) FROM $tableoptiongroup_options WHERE group_id='$gid'");
if (0 != $seq) {
$continue = true;
} else {
$result .= "error (couldn't determine sequence)";
++$error_count;
$continue = false;
}
}
if ($continue) {
++$seq;
$ddl = "INSERT INTO $tableoptiongroup_options (group_id, option_id, seq) "
. "VALUES ('$gid','$oid','$seq')";
if ($wpdb->query($ddl)) {
$result .= "ok";
} else {
$result .= "error";
++$error_count;
$continue = false;
}
$result .= "<br />\n";
}
echo $result;
if ($error_count > 0) {
?>
<p>Hmmm... there was some kind of error. If you cannot figure out
from the output above how to correct the problems please
contact me at <a href="mailto:mrenzmann@otaku42.de">mrenzmann@otaku42.de</a>
and report your problem.</p>
<?php
} else {
?>
<p>Seems that everything went fine. Great!</p>
<p>Now you have two new options in your settings section <em>General blog settings</em>:
<ol><li><em>comment_moderation</em> controls whether you want to use the new comment
moderation functionality at all. If set to <em>manual</em>, you need to approve each
new comment by hand either in the comment moderation panel or when editing the comments
for a post. Choose <em>automatic</em> currently equals <em>manual</em>, but in the near
future this will allow the application of filtering functions (such as URL blacklisting,
keyword filtering, bayesian filtering and similar stuff). To approve awaiting comments
go to <em>Moderate</em> in the admin menu, where all waiting comments will be listed.</li>
<li><em>moderation_notify</em> will decide if you get notified by e-mail as soon as a
new comment has been posted and is waiting for approval (in other words: this setting
only takes effect, if <em>comment_moderation</em> is either set to <em>manual</em> or
<em>automatic</em>. The notification message will contain direct links that allow to
approve or delete a comment, or to jump to the moderation panel.</li></ol>
<p>Have fun!</p>
<?php
}
break; // end case 1
}
?>
</body>
</html>

16
wp-admin/wp-admin.css
View File

@ -87,6 +87,22 @@ textarea, input, select {
margin: 6px 0;
}
.unapproved {
color: #888;
}
.unapproved a:link {
color: #B9BCFF;
}
.unapproved a:visited {
color: #696DFF;
}
.unapproved a:hover {
color: #009EF0;
}
#adminmenu .last, #adminmenu2 .last {
border-right: none;
}

12
wp-admin/wp-edit.showposts.php
View File

@ -246,7 +246,7 @@ echo $posts_nav_bar;
//$posts_per_page = 10;
start_b2(); ?>
<p>
<strong><?php the_time('Y/m/d @ H:i:s'); ?></strong> [ <a href="wp-post.php?p=<?php echo $id ?>&c=1"><?php comments_number('no comments', '1 comment', "% comments") ?></a>
<strong><?php the_time('Y/m/d @ H:i:s'); ?></strong> [ <a href="wp-post.php?p=<?php echo $id ?>&c=1"><?php comments_number('no comments', '1 comment', "% comments", true) ?></a>
<?php
if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
echo " - <a href='wp-post.php?action=edit&amp;post=$id";
@ -286,7 +286,15 @@ echo $posts_nav_bar;
<?php
if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
echo "[ <a href=\"wp-post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">Edit</a>";
echo " - <a href=\"wp-post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('You are about to delete this comment by \'".$comment->comment_author."\'\\n \'Cancel\' to stop, \'OK\' to delete.')\">Delete</a> ]";
echo " - <a href=\"wp-post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('You are about to delete this comment by \'".$comment->comment_author."\'\\n \'Cancel\' to stop, \'OK\' to delete.')\">Delete</a> ";
if ( ('none' != get_settings("comment_moderation")) && ($user_level >= 3) ) {
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
echo " - <a href=\"b2edit.php?action=unapprovecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">Unapprove</a> ";
} else {
echo " - <a href=\"b2edit.php?action=approvecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">Approve</a> ";
}
}
echo " ]";
} // end if any comments to show
?>
<br />

225
wp-admin/wp-moderation.php Normal file
View File

@ -0,0 +1,225 @@
<?php
$title = "Moderate comments";
/* <Moderation> */
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
}
}
return $array;
}
if (!get_magic_quotes_gpc()) {
$HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS);
$HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}
$b2varstoreset = array('action','item_ignored','item_deleted','item_approved');
for ($i=0; $i<count($b2varstoreset); $i += 1) {
$b2var = $b2varstoreset[$i];
if (!isset($$b2var)) {
if (empty($HTTP_POST_VARS["$b2var"])) {
if (empty($HTTP_GET_VARS["$b2var"])) {
$$b2var = '';
} else {
$$b2var = $HTTP_GET_VARS["$b2var"];
}
} else {
$$b2var = $HTTP_POST_VARS["$b2var"];
}
}
}
switch($action) {
case 'update':
$standalone = 1;
require_once("b2header.php");
if ($user_level < 3) {
die('<p>You have no right to moderate comments.<br />Ask for a promotion to your <a href="mailto:$admin_email">blog admin</a>. :)</p>');
}
// check if comment moderation is turned on in the settings
// if not, just give a short note and stop
if (get_settings("comment_moderation") == "none") {
echo "<div class=\"wrap\">\n";
echo "Comment moderation has been turned off.<br /><br />\n";
echo "</div>\n";
include("b2footer.php");
exit;
}
$item_ignored = 0;
$item_deleted = 0;
$item_approved = 0;
foreach($comment as $key => $value) {
switch($value) {
case "later":
// do nothing with that comment
// wp_set_comment_status($key, "hold");
++$item_ignored;
break;
case "delete":
wp_set_comment_status($key, "delete");
++$item_deleted;
break;
case "approve":
wp_set_comment_status($key, "approve");
if (get_settings("comments_notify") == true) {
wp_notify_postauthor($key);
}
++$item_approved;
break;
}
}
$file = basename(__FILE__);
header("Location: $file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved");
exit();
break;
default:
require_once('b2header.php');
if ($user_level <= 3) {
die('<p>You have no right to moderate comments.<br>Ask for a promotion to your <a href="mailto:$admin_email">blog admin</a>. :)</p>');
}
// check if comment moderation is turned on in the settings
// if not, just give a short note and stop
if (get_settings("comment_moderation") == "none") {
echo "<div class=\"wrap\">\n";
echo "Comment moderation has been turned off.<br /><br />\n";
echo "</div>\n";
include("b2footer.php");
exit;
}
// if we come here after deleting/approving comments we give
// a short overview what has been done
if (($deleted) || ($approved) || ($ignored)) {
echo "<div class=\"wrap\">\n";
if ($approved) {
if ($approved == "1") {
echo "1 comment approved <br />\n";
} else {
echo "$approved comments approved <br />\n";
}
}
if ($deleted) {
if ($deleted == "1") {
echo "1 comment deleted <br />\n";
} else {
echo "$approved comments deleted <br />\n";
}
}
if ($ignored) {
if ($deleted == "1") {
echo "1 comment left unchanged <br />\n";
} else {
echo "$approved comments left unchanged <br />\n";
}
}
echo "</div>\n";
}
?>
<div class="wrap">
<?php
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_approved='0'");
if ($comments) {
// list all comments that are waiting for approval
$file = basename(__FILE__);
echo "The following comments wait for approval:<br /><br />";
echo "<form name=\"approval\" action=\"$file\" method=\"post\">";
echo "<input type=\"hidden\" name=\"action\" value=\"update\" />\n";
echo "<ol id=\"comments\">\n";
foreach($comments as $comment) {
$comment_date = mysql2date(get_settings("date_format") . " @ " . get_settings("time_format"), $comment->comment_date);
$post_title = $wpdb->get_var("SELECT post_title FROM $tableposts WHERE ID='$comment->comment_post_ID'");
$comment_text = stripslashes($comment->comment_content);
$comment_text = str_replace('<trackback />', '', $comment_text);
$comment_text = str_replace('<pingback />', '', $comment_text);
$comment_text = convert_chars($comment_text);
$comment_text = convert_bbcode($comment_text);
$comment_text = convert_gmcode($comment_text);
$comment_text = convert_smilies($comment_text);
$comment_text = make_clickable($comment_text);
$comment_text = balanceTags($comment_text,1);
$comment_text = apply_filters('comment_text', $comment_text);
echo "<li id=\"comment-$comment->comment_ID\">";
echo "$comment_date -&gt; $post_title<br />";
echo "<strong>$comment->comment_author ";
echo "(<a href=\"mailto:$comment->comment_author_email\">$comment->comment_author_email</a> /";
echo "<a href=\"$comment->comment_author_url\">$comment->comment_author_url</a>)</strong> ";
echo "(IP: <a href=\"http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\">$comment->comment_author_IP</a>)<br />";
echo $comment_text;
echo "<strong>Your action:</strong>";
echo "&nbsp;&nbsp;<input type=\"radio\" name=\"comment[$comment->comment_ID]\" value=\"approve\" />&nbsp;approve";
echo "&nbsp;&nbsp;<input type=\"radio\" name=\"comment[$comment->comment_ID]\" value=\"delete\" />&nbsp;delete";
echo "&nbsp;&nbsp;<input type=\"radio\" name=\"comment[$comment->comment_ID]\" value=\"later\" checked=\"checked\" />&nbsp;later";
echo "<br /><br />";
echo "</li>\n";
}
echo "</ol>\n";
echo "<input type=\"submit\" name=\"submit\" value=\"Continue!\" class=\"search\" style=\"font-weight: bold;\" />\n";
echo "</form>\n";
} else {
// nothing to approve
echo "Currently there are no comments to be approved.<br />\n";
}
?>
<br />
</div>
<?php
if ($comments) {
// show this help text only if there are comments waiting
?>
<div class="wrap">
<p>For each comment you have to choose either <em>approve</em>, <em>delete</em> or <em>later</em>:</p>
<p><em>approve</em>: approves comment, so that it will be publically visible
<?php
if ("1" == get_settings("comments_notify")) {
echo "; the author of the post will be notified about the new comment on his post.</p>\n";
} else {
echo ".</p>\n";
}
?>
<p><em>delete</em>: remove the content from your blog (note: you won't be asked again, so you should double-check
that you really want to delete the comment - once deleted you can&#8242;t bring them back!)</p>
<p><em>later</em>: don&#8242;t change the comment&#8242;s status at all now.</p>
</div>
<?php
} // if comments
break;
}
/* </Template> */
include("b2footer.php") ?>

140
wp-admin/wp-post.php
View File

@ -338,7 +338,7 @@ switch($action) {
}
$comment = $HTTP_GET_VARS['comment'];
$commentdata = get_commentdata($comment, 1) or die('Oops, no comment with this ID. <a href="javascript:history.go(-1)">Go back</a>!');
$commentdata = get_commentdata($comment, 1, true) or die('Oops, no comment with this ID. <a href="javascript:history.go(-1)">Go back</a>!');
$content = $commentdata['comment_content'];
$content = format_to_edit($content);
@ -346,6 +346,41 @@ switch($action) {
break;
case 'confirmdeletecomment':
$standalone = 0;
require_once('./b2header.php');
if ($user_level == 0)
die ('Cheatin&#8217; uh?');
$comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p'];
$commentdata = get_commentdata($comment, 1, true) or die('Oops, no comment with this ID. <a href="edit.php">Go back</a>!');
echo "<div class=\"wrap\">\n";
echo "<p><strong>Caution:</strong> You are about to delete the following comment:</p>\n";
echo "<table border=\"0\">\n";
echo "<tr><td>Author:</td><td>" . $commentdata["comment_author"] . "</td></tr>\n";
echo "<tr><td>E-Mail:</td><td>" . $commentdata["comment_author_email"] . "</td></tr>\n";
echo "<tr><td>URL:</td><td>" . $commentdata["comment_author_url"] . "</td></tr>\n";
echo "<tr><td>Comment:</td><td>" . stripslashes($commentdata["comment_content"]) . "</td></tr>\n";
echo "</table>\n";
echo "<p>Are you sure you want to do that?</p>\n";
echo "<form action=\"$siteurl/wp-admin/wp-post.php\" method=\"get\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"deletecomment\" />\n";
echo "<input type=\"hidden\" name=\"p\" value=\"$p\" />\n";
echo "<input type=\"hidden\" name=\"comment\" value=\"$comment\" />\n";
echo "<input type=\"hidden\" name=\"noredir\" value=\"1\" />\n";
echo "<input type=\"submit\" value=\"Yes\" />";
echo "&nbsp;&nbsp;";
echo "<input type=\"button\" value=\"No\" onClick=\"self.location='$siteurl/wp-admin/edit.php?p=$p&c=1#comments';\" />\n";
echo "</form>\n";
echo "</div>\n";
break;
case 'deletecomment':
$standalone = 1;
@ -357,20 +392,113 @@ switch($action) {
$comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p'];
if (isset($HTTP_GET_VARS['noredir'])) {
$noredir = true;
} else {
$noredir = false;
}
$postdata = get_postdata($p) or die('Oops, no post with this ID. <a href="wp-post.php">Go back</a>!');
$commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="wp-post.php">Go back</a>!');
$postdata = get_postdata($p) or die('Oops, no post with this ID. <a href="edit.php">Go back</a>!');
$commentdata = get_commentdata($comment, 1, true) or die('Oops, no comment with this ID. <a href="wp-post.php">Go back</a>!');
$authordata = get_userdata($postdata['Author_ID']);
if ($user_level < $authordata->user_level)
die ('You don&#8217;t have the right to delete <strong>'.$authordata->user_nickname.'</strong>&#8217;s post comments. <a href="wp-post.php">Go back</a>!');
$result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_ID=$comment");
wp_set_comment_status($comment, "delete");
if($HTTP_SERVER_VARS['HTTP_REFERER'] != "") {
if (($HTTP_SERVER_VARS['HTTP_REFERER'] != "") && (false == $noredir)) {
header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
} else {
header('Location: '.$siteurl.'/wp-admin/');
header('Location: '.$siteurl.'/wp-admin/edit.php?p='.$p.'&c=1#comments');
}
break;
case 'unapprovecomment':
$standalone = 1;
require_once('./b2header.php');
if ($user_level == 0)
die ('Cheatin&#8217; uh?');
$comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p'];
if (isset($HTTP_GET_VARS['noredir'])) {
$noredir = true;
} else {
$noredir = false;
}
$commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="edit.php">Go back</a>!');
wp_set_comment_status($comment, "hold");
if (($HTTP_SERVER_VARS['HTTP_REFERER'] != "") && (false == $noredir)) {
header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
} else {
header('Location: '.$siteurl.'/wp-admin/edit.php?p='.$p.'&c=1#comments');
}
break;
case 'mailapprovecomment':
$standalone = 0;
require_once('./b2header.php');
if ($user_level == 0)
die ('Cheatin&#8217; uh?');
$comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p'];
$commentdata = get_commentdata($comment, 1, true) or die('Oops, no comment with this ID. <a href="edit.php">Go back</a>!');
wp_set_comment_status($comment, "approve");
if (get_settings("comments_notify") == true) {
wp_notify_postauthor($comment);
}
echo "<div class=\"wrap\">\n";
echo "<p>Comment has been approved.</p>\n";
echo "<form action=\"$siteurl/wp-admin/edit.php?p=$p&c=1#comments\" method=\"get\">\n";
echo "<input type=\"hidden\" name=\"p\" value=\"$p\" />\n";
echo "<input type=\"hidden\" name=\"c\" value=\"1\" />\n";
echo "<input type=\"submit\" value=\"Ok\" />";
echo "</form>\n";
echo "</div>\n";
break;
case 'approvecomment':
$standalone = 1;
require_once('./b2header.php');
if ($user_level == 0)
die ('Cheatin&#8217; uh?');
$comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p'];
if (isset($HTTP_GET_VARS['noredir'])) {
$noredir = true;
} else {
$noredir = false;
}
$commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. <a href="edit.php">Go back</a>!');
wp_set_comment_status($comment, "approve");
if (get_settings("comments_notify") == true) {
wp_notify_postauthor($comment);
}
if (($HTTP_SERVER_VARS['HTTP_REFERER'] != "") && (false == $noredir)) {
header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
} else {
header('Location: '.$siteurl.'/wp-admin/edit.php?p='.$p.'&c=1#comments');
}
break;

2
wp-commentsrss2.php
View File

@ -53,6 +53,7 @@ foreach ($posts as $post) { start_b2();
FROM $tablecomments
LEFT JOIN $tableposts ON comment_post_id = id
WHERE comment_post_ID = '$id'
AND $tablecomments.comment_approved = '1'
AND $tableposts.post_status = 'publish'
AND post_category > '0'
AND post_date < '".date("Y-m-d H:i:s")."'
@ -72,6 +73,7 @@ foreach ($posts as $post) { start_b2();
FROM $tablecomments
LEFT JOIN $tableposts ON comment_post_id = id
WHERE $tableposts.post_status = 'publish'
AND $tablecomments.comment_approved = '1'
AND post_category > '0'
AND post_date < '".date("Y-m-d H:i:s")."'
ORDER BY comment_date DESC