00001 <?php 00002 00003 /* 00004 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 00005 * Copyright (C) 2002-2007 The Nucleus Group 00006 * 00007 * This program is free software; you can redistribute it and/or 00008 * modify it under the terms of the GNU General Public License 00009 * as published by the Free Software Foundation; either version 2 00010 * of the License, or (at your option) any later version. 00011 * (see nucleus/documentation/index.html#license for more info) 00012 */ 00022 if ( !function_exists('requestVar') ) exit; 00023 require_once dirname(__FILE__) . '/COMMENTACTIONS.php'; 00024 00025 class COMMENTS { 00026 00027 // item for which comment are being displayed 00028 var $itemid; 00029 00030 // reference to the itemActions object that is calling the showComments function 00031 var $itemActions; 00032 00033 // total amount of comments displayed 00034 var $commentcount; 00035 00042 function COMMENTS($itemid) { 00043 $this->itemid = intval($itemid); 00044 } 00051 function setItemActions(&$itemActions) { 00052 $this->itemActions =& $itemActions; 00053 } 00054 00069 function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') { 00070 global $CONF, $manager; 00071 00072 // create parser object & action handler 00073 $actions =& new COMMENTACTIONS($this); 00074 $parser =& new PARSER($actions->getDefinedActions(),$actions); 00075 $actions->setTemplate($template); 00076 $actions->setParser($parser); 00077 00078 if ($maxToShow == 0) { 00079 $this->commentcount = $this->amountComments(); 00080 } else { 00081 $query = 'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid' 00082 . ' FROM '.sql_table('comment').' as c' 00083 . ' WHERE c.citem=' . $this->itemid 00084 . ' ORDER BY c.ctime'; 00085 00086 $comments = sql_query($query); 00087 $this->commentcount = mysql_num_rows($comments); 00088 } 00089 00090 // if no result was found 00091 if ($this->commentcount == 0) { 00092 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used 00093 if ($showNone) $parser->parse($template['COMMENTS_NONE']); 00094 return 0; 00095 } 00096 00097 // if too many comments to show 00098 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) { 00099 $parser->parse($template['COMMENTS_TOOMUCH']); 00100 return 0; 00101 } 00102 00103 $parser->parse($template['COMMENTS_HEADER']); 00104 00105 while ( $comment = mysql_fetch_assoc($comments) ) { 00106 $comment['timestamp'] = strtotime($comment['ctime']); 00107 $actions->setCurrentComment($comment); 00108 $actions->setHighlight($highlight); 00109 $manager->notify('PreComment', array('comment' => &$comment)); 00110 $parser->parse($template['COMMENTS_BODY']); 00111 $manager->notify('PostComment', array('comment' => &$comment)); 00112 } 00113 00114 $parser->parse($template['COMMENTS_FOOTER']); 00115 00116 mysql_free_result($comments); 00117 00118 return $this->commentcount; 00119 } 00120 00124 function amountComments() { 00125 $query = 'SELECT COUNT(*)' 00126 . ' FROM '.sql_table('comment').' as c' 00127 . ' WHERE c.citem='. $this->itemid; 00128 $res = sql_query($query); 00129 $arr = mysql_fetch_row($res); 00130 00131 return $arr[0]; 00132 } 00133 00134 00135 function addComment($timestamp, $comment) { 00136 global $CONF, $member, $manager; 00137 00138 $blogid = getBlogIDFromItemID($this->itemid); 00139 00140 $settings =& $manager->getBlog($blogid); 00141 $settings->readSettings(); 00142 00143 if (!$settings->commentsEnabled()) 00144 return _ERROR_COMMENTS_DISABLED; 00145 00146 if (!$settings->isPublic() && !$member->isLoggedIn()) 00147 return _ERROR_COMMENTS_NONPUBLIC; 00148 00149 // member name protection 00150 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) 00151 return _ERROR_COMMENTS_MEMBERNICK; 00152 00153 // email required protection 00154 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) { 00155 return _ERROR_EMAIL_REQUIRED; 00156 } 00157 00158 $comment['timestamp'] = $timestamp; 00159 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR')); 00160 $comment['ip'] = serverVar('REMOTE_ADDR'); 00161 00162 // if member is logged in, use that data 00163 if ($member->isLoggedIn()) { 00164 $comment['memberid'] = $member->getID(); 00165 $comment['user'] = ''; 00166 $comment['userid'] = ''; 00167 $comment['email'] = ''; 00168 } else { 00169 $comment['memberid'] = 0; 00170 } 00171 00172 // spam check 00173 $continue = false; 00174 $plugins = array(); 00175 00176 if (isset($manager->subscriptions['ValidateForm'])) 00177 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']); 00178 00179 if (isset($manager->subscriptions['PreAddComment'])) 00180 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']); 00181 00182 if (isset($manager->subscriptions['PostAddComment'])) 00183 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']); 00184 00185 $plugins = array_unique($plugins); 00186 00187 while (list(,$plugin) = each($plugins)) { 00188 $p = $manager->getPlugin($plugin); 00189 $continue = $continue || $p->supportsFeature('handleSpam'); 00190 } 00191 00192 $spamcheck = array ( 00193 'type' => 'comment', 00194 'body' => $comment['body'], 00195 'id' => $comment['itemid'], 00196 'live' => true, 00197 'return' => $continue 00198 ); 00199 00200 if ($member->isLoggedIn()) { 00201 $spamcheck['author'] = $member->displayname; 00202 $spamcheck['email'] = $member->email; 00203 } else { 00204 $spamcheck['author'] = $comment['user']; 00205 $spamcheck['email'] = $comment['email']; 00206 $spamcheck['url'] = $comment['userid']; 00207 } 00208 00209 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck)); 00210 00211 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true) 00212 return _ERROR_COMMENTS_SPAM; 00213 00214 00215 // isValidComment returns either "1" or an error message 00216 $isvalid = $this->isValidComment($comment, $spamcheck); 00217 if ($isvalid != 1) 00218 return $isvalid; 00219 00220 // send email to notification address, if any 00221 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) { 00222 00223 $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n"; 00224 // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n"; 00225 $temp = parse_url($CONF['Self']); 00226 if ($temp['scheme']) { 00227 $mailto_msg .= createItemLink($this->itemid) . "\n\n"; 00228 } else { 00229 $tempurl = $settings->getURL(); 00230 if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') { 00231 $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n"; 00232 } else { 00233 $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n"; 00234 } 00235 } 00236 if ($comment['memberid'] == 0) { 00237 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n"; 00238 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n"; 00239 } else { 00240 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; 00241 } 00242 $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n"; 00243 $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n"; 00244 $mailto_msg .= getMailFooter(); 00245 00246 $item =& $manager->getItem($this->itemid, 0, 0); 00247 $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')'; 00248 00249 $frommail = $member->getNotifyFromMailAddress($comment['userid']); 00250 00251 $notify =& new NOTIFICATION($settings->getNotifyAddress()); 00252 $notify->notify($mailto_title, $mailto_msg , $frommail); 00253 } 00254 00255 $comment = COMMENT::prepare($comment); 00256 00257 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck)); 00258 00259 $name = addslashes($comment['user']); 00260 $url = addslashes($comment['userid']); 00261 $email = addslashes($comment['email']); 00262 $body = addslashes($comment['body']); 00263 $host = addslashes($comment['host']); 00264 $ip = addslashes($comment['ip']); 00265 $memberid = intval($comment['memberid']); 00266 $timestamp = date('Y-m-d H:i:s', $comment['timestamp']); 00267 $itemid = $this->itemid; 00268 00269 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' 00270 . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')"; 00271 00272 sql_query($query); 00273 00274 // post add comment 00275 $commentid = mysql_insert_id(); 00276 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck)); 00277 00278 // succeeded ! 00279 return true; 00280 } 00281 00282 00283 function isValidComment($comment, & $spamcheck) { 00284 global $member, $manager; 00285 00286 // check if there exists a item for this date 00287 $item =& $manager->getItem($this->itemid,0,0); 00288 00289 if (!$item) 00290 return _ERROR_NOSUCHITEM; 00291 00292 if ($item['closed']) 00293 return _ERROR_ITEMCLOSED; 00294 00295 // don't allow words that are too long 00296 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false) 00297 return _ERROR_COMMENT_LONGWORD; 00298 00299 // check lengths of comment 00300 if (strlen($comment['body'])<3) 00301 return _ERROR_COMMENT_NOCOMMENT; 00302 00303 if (strlen($comment['body'])>5000) 00304 return _ERROR_COMMENT_TOOLONG; 00305 00306 // only check username if no member logged in 00307 if (!$member->isLoggedIn()) 00308 if (strlen($comment['user'])<2) 00309 return _ERROR_COMMENT_NOUSERNAME; 00310 00311 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) { 00312 return _ERROR_BADMAILADDRESS; 00313 } 00314 00315 // let plugins do verification (any plugin which thinks the comment is invalid 00316 // can change 'error' to something other than '1') 00317 $result = 1; 00318 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck)); 00319 00320 return $result; 00321 } 00322 00323 } 00324 00325 ?>
1.5.5