/**
*
* checks if comments are allowed and then processes them if so
* @param string $error
*/
function comment_form_postcomment($error)
{
global $_zp_current_album, $_zp_current_image, $_zp_current_article, $_zp_current_page;
if (commentsAllowed('comment_form_albums') && in_context(ZP_ALBUM) && !in_context(ZP_IMAGE) && $_zp_current_album->getCommentsAllowed() || commentsAllowed('comment_form_images') && in_context(ZP_IMAGE) && $_zp_current_image->getCommentsAllowed() || commentsAllowed('comment_form_articles') && in_context(ZP_ZENPAGE_NEWS_ARTICLE) && $_zp_current_article->getCommentsAllowed() || commentsAllowed('comment_form_pages') && in_context(ZP_ZENPAGE_PAGE) && $_zp_current_page->getCommentsAllowed()) {
$error = comment_form_handle_comment();
}
return $error;
}
/**
* Prints the code to auto receive and add tracksbacks from external clients
* for the root trackback.php file
*
*/
function printTrackbackReceiver()
{
global $_zp_gallery;
// Set page header to XML
header('Content-Type: text/xml');
// MUST be the 1st line
// Get trackback information
$tb_id = $this->id;
// The id of the item being trackbacked
$tb_type = $this->type;
// The type of the item being trackbacked
$tb_url = $this->url;
// The URL from which we got the trackback.
$tb_title = $this->title;
// Subject/title send by trackback
$tb_blogname = $this->blog_name;
// Name of the blog/site that sends the trackback;
// Following trackback spec only $tb_url is mandatory, so throw error if missing. Also if comments are not allowed at all
if (empty($tb_url) || empty($tb_id) || empty($tb_type)) {
echo $this->receive(false, "Trackbacks are not allowed");
exit;
}
if (empty($tb_blogname)) {
$tb_blogname = "[Trackback] " . $tb_url;
// if there is no name sent, use the url as name.
} else {
$tb_blogname = "[Trackback] " . $tb_blogname;
}
$tb_excerpt = truncate_string($this->excerpt, 255, "[...]");
// Short text send by trackback if too long
$tb_excerpt = "<strong>" . $tb_title . "</strong><br />" . $tb_excerpt;
// add trackback title to trackback content to show them togehter
// getting the item "name" so that we can setup an receiver object for postComment()
$gallery = new Gallery();
//$_zp_gallery;
$query = "";
switch ($tb_type) {
case "albums":
$query = query_single_row('SELECT `folder` FROM ' . prefix('albums') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true);
$object = new Album($gallery, $query['folder']);
$allowed = commentsAllowed('comment_form_albums');
break;
case "images":
$query = query_single_row('SELECT `filename`,`albumid` FROM ' . prefix('images') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true);
$albumid = $query['albumid'];
$query2 = query_single_row('SELECT `folder` FROM ' . prefix('albums') . ' WHERE `id`="' . zp_escape_string($albumid) . '"', true);
$albobject = new Album($gallery, $query2['folder']);
$object = newImage($albobject, $query['filename']);
$allowed = commentsAllowed('comment_form_images');
break;
case "pages":
$query = query_single_row('SELECT `titlelink` FROM ' . prefix('zenpage_pages') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true);
$object = new ZenpagePage($query['titlelink']);
$allowed = commentsAllowed('comment_form_pages');
break;
case "news":
$query = query_single_row('SELECT `titlelink` FROM ' . prefix('zenpage_news') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true);
$object = new ZenpageNews($query['titlelink']);
$allowed = commentsAllowed('comment_form_articles');
break;
}
// Check if the url being sent really includes a link to us.
$our_url = $this->getPermalinkURL($object);
if (!$this->validateTrackbackSender($tb_url, $our_url)) {
echo $this->receive(false, "Not a valid trackback!");
exit;
}
// I realized that we should only send one final receive(true) at the end
// and only receive(false) inbetween if it fails a precheck.
if (!(getOption('zp_plugin_comment_form') && $allowed && $object->getCommentsAllowed())) {
echo $this->receive(false, gettext("Sorry, comments are closed for this item."));
exit;
}
$sql = 'SELECT `id` FROM ' . prefix('comments') . ' WHERE `ownerid`=' . $tb_id . ' AND `comment`="' . zp_escape_string($tb_excerpt) . '" AND `website`="' . zp_escape_string($tb_url) . '" AND `type`="' . zp_escape_string($tb_type) . '" AND `name`="' . zp_escape_string($tb_blogname) . '"';
$dbcheck = query_single_row($sql);
if ($dbcheck) {
echo $this->receive(false, gettext("This trackback already exists!"));
exit;
} else {
$commentobj = postComment($tb_blogname, "", $tb_url, $tb_excerpt, "", "", $object, "", "", "", COMMENT_WEB_REQUIRED | COMMENT_SEND_EMAIL);
if ($commentobj->getInModeration() >= 0) {
echo $this->receive(true);
} else {
echo $this->receive(false);
}
}
}
$_zp_post_date = NULL;
$_zp_pre_authorization = array();
/*** Request Handler **********************
******************************************/
// This is the main top-level action handler for user requests. It parses a
// request, validates the input, loads the appropriate objects, and sets
// the context. All that is done in functions-controller.php.
zp_load_gallery();
// load the gallery and set the context to be on the front-end
$zp_request = zp_load_request();
// handle any passwords that might have been posted
if (!zp_loggedin()) {
zp_handle_password();
}
// Handle any comments that might be posted.
if (getOption('zp_plugin_comment_form') && (commentsAllowed('comment_form_albums') && in_context(ZP_ALBUM) && !in_context(ZP_IMAGE) && $_zp_current_album->getCommentsAllowed() || commentsAllowed('comment_form_images') && in_context(ZP_IMAGE) && $_zp_current_image->getCommentsAllowed() || commentsAllowed('comment_form_articles') && in_context(ZP_ZENPAGE_NEWS_ARTICLE) && $_zp_current_zenpage_news->getCommentsAllowed() || commentsAllowed('comment_form_pages') && in_context(ZP_ZENPAGE_PAGE) && $_zp_current_zenpage_page->getCommentsAllowed())) {
$_zp_comment_error = zp_handle_comment();
}
/*** Server-side AJAX Handling ***********
******************************************/
if (zp_loggedin() && getOption('edit_in_place')) {
if (!empty($_POST["eip_context"]) && !empty($_POST["eip_field"])) {
editInPlace_handle_request($_POST["eip_context"], $_POST["eip_field"], $_POST["new_value"], $_POST["orig_value"]);
}
}
/*** Consistent URL redirection ***********
******************************************/
// Check to see if we use mod_rewrite, but got a query-string request for a page.
// If so, redirect with a 301 to the correct URL. This must come AFTER the Ajax init above,
// and is mostly helpful for SEO, but also for users. Consistent URLs are a Good Thing.
fix_path_redirect();
