function addComment($blogid, &$comment)
{
global $database, $user, $blog, $defaultURL;
$openid = Acl::getIdentity('openid');
$filtered = 0;
if (!doesHaveOwnership()) {
if (!Filter::isAllowed($comment['homepage'])) {
if (Filter::isFiltered('ip', $comment['ip'])) {
$blockType = "ip";
$filtered = 1;
} else {
if (Filter::isFiltered('name', $comment['name'])) {
$blockType = "name";
$filtered = 1;
} else {
if (Filter::isFiltered('url', $comment['homepage'])) {
$blockType = "homepage";
$filtered = 1;
} elseif (Filter::isFiltered('content', $comment['comment'])) {
$blockType = "comment";
$filtered = 1;
} elseif (!Acl::check("group.writers") && !$openid && Setting::getBlogSettingGlobal('AddCommentMode', '') == 'openid') {
$blockType = "openidonly";
$filtered = 1;
} else {
if (!fireEvent('AddingComment', true, $comment)) {
$blockType = "etc";
$filtered = 1;
}
}
}
}
}
}
$comment['homepage'] = stripHTML($comment['homepage']);
$comment['name'] = UTF8::lessenAsEncoding($comment['name'], 80);
$comment['homepage'] = UTF8::lessenAsEncoding($comment['homepage'], 80);
$comment['comment'] = UTF8::lessenAsEncoding($comment['comment'], 65535);
if (!doesHaveOwnership() && $comment['entry'] != 0) {
$result = POD::queryCount("SELECT *\n\t\t\tFROM {$database['prefix']}Entries\n\t\t\tWHERE blogid = {$blogid}\n\t\t\t\tAND id = {$comment['entry']}\n\t\t\t\tAND draft = 0\n\t\t\t\tAND visibility > 0\n\t\t\t\tAND acceptcomment = 1");
if (!$result || $result == 0) {
return false;
}
}
$parent = $comment['parent'] == null ? 'null' : $comment['parent'];
if ($user !== null) {
$comment['replier'] = getUserId();
$name = POD::escapeString($user['name']);
$password = '';
$homepage = POD::escapeString($user['homepage']);
if (empty($homepage) && $openid) {
$homepage = POD::escapeString($openid);
}
} else {
$comment['replier'] = 'null';
$name = POD::escapeString($comment['name']);
$password = empty($comment['password']) ? '' : md5($comment['password']);
$homepage = POD::escapeString($comment['homepage']);
}
$comment0 = POD::escapeString($comment['comment']);
$filteredAux = $filtered == 1 ? "UNIX_TIMESTAMP()" : 0;
$insertId = getCommentsMaxId() + 1;
$result = POD::query("INSERT INTO {$database['prefix']}Comments\n\t\t(blogid,replier,id,openid,entry,parent,name,password,homepage,secret,comment,ip,written,isfiltered)\n\t\tVALUES (\n\t\t\t{$blogid},\n\t\t\t{$comment['replier']},\n\t\t\t{$insertId},\n\t\t\t'{$openid}',\n\t\t\t{$comment['entry']},\n\t\t\t{$parent},\n\t\t\t'{$name}',\n\t\t\t'{$password}',\n\t\t\t'{$homepage}',\n\t\t\t{$comment['secret']},\n\t\t\t'{$comment0}',\n\t\t\t'{$comment['ip']}',\n\t\t\tUNIX_TIMESTAMP(),\n\t\t\t{$filteredAux}\n\t\t)");
if ($result) {
$id = $insertId;
if ($filtered != 1) {
CacheControl::flushCommentRSS($comment['entry']);
CacheControl::flushDBCache('comment');
if ($parent != 'null' && $comment['secret'] < 1) {
$insertId = getCommentsNotifiedQueueMaxId() + 1;
POD::execute("INSERT INTO {$database['prefix']}CommentsNotifiedQueue\n\t\t\t\t\t\t( blogid , id, commentid , sendstatus , checkdate , written )\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $blogid . "' , '" . $insertId . "', '" . $id . "', '0', '0', UNIX_TIMESTAMP())");
}
updateCommentsOfEntry($blogid, $comment['entry']);
fireEvent($comment['entry'] ? 'AddComment' : 'AddGuestComment', $id, $comment);
return $id;
} else {
return $blockType;
}
}
return false;
}
function addComment($blogid, &$comment)
{
$pool = DBModel::getInstance();
$openid = Acl::getIdentity('openid');
$filtered = 0;
if (!doesHaveOwnership()) {
if (!Filter::isAllowed($comment['homepage'])) {
if (Filter::isFiltered('ip', $comment['ip'])) {
$blockType = "ip";
$filtered = 1;
} else {
if (Filter::isFiltered('name', $comment['name'])) {
$blockType = "name";
$filtered = 1;
} else {
if (Filter::isFiltered('url', $comment['homepage'])) {
$blockType = "homepage";
$filtered = 1;
} elseif (Filter::isFiltered('content', $comment['comment'])) {
$blockType = "comment";
$filtered = 1;
} elseif (!Acl::check("group.writers") && !$openid && Setting::getBlogSettingGlobal('AddCommentMode', '') == 'openid') {
$blockType = "openidonly";
$filtered = 1;
} else {
if (!fireEvent('AddingComment', true, $comment)) {
$blockType = "etc";
$filtered = 1;
}
}
}
}
}
}
$comment['homepage'] = stripHTML($comment['homepage']);
$comment['name'] = Utils_Unicode::lessenAsEncoding($comment['name'], 80);
$comment['homepage'] = Utils_Unicode::lessenAsEncoding($comment['homepage'], 80);
$comment['comment'] = Utils_Unicode::lessenAsEncoding($comment['comment'], 65535);
if (!doesHaveOwnership() && $comment['entry'] != 0) {
$pool->reset('Entries');
$pool->setQualifier('blogid', 'eq', $blogid);
$pool->setQualifier('id', 'eq', $comment['entry']);
$pool->setQualifier('draft', 'eq', 0);
$pool->setQualifier('visibility', 'b', 0);
$pool->setQualifier('acceptcomment', 'eq', 1);
$result = $pool->getCount();
if (!$result || $result == 0) {
return false;
}
}
$parent = $comment['parent'] == null ? null : $comment['parent'];
$userid = getUserId();
if (!empty($userid)) {
$comment['replier'] = $userid;
$name = User::getName($userid);
$password = '';
$homepage = User::getHomepage($userid);
if (empty($homepage)) {
if ($openid) {
$homepage = $openid;
} else {
$homepage = '';
}
}
} else {
$comment['replier'] = null;
$name = $comment['name'];
$password = empty($comment['password']) ? '' : md5($comment['password']);
$homepage = $comment['homepage'];
}
$comment0 = $comment['comment'];
$filteredAux = $filtered == 1 ? Timestamp::getUNIXtime() : 0;
$insertId = getCommentsMaxId() + 1;
$pool->reset('Comments');
$pool->setAttribute('blogid', $blogid);
$pool->setAttribute('replier', $comment['replier']);
$pool->setAttribute('id', $insertId);
if (is_null($openid)) {
$pool->setAttribute('openid', '', true);
} else {
$pool->setAttribute('openid', $openid, true);
}
$pool->setAttribute('entry', $comment['entry']);
$pool->setAttribute('parent', $parent);
$pool->setAttribute('name', $name, true);
$pool->setAttribute('password', $password, true);
$pool->setAttribute('homepage', $homepage, true);
$pool->setAttribute('secret', $comment['secret']);
$pool->setAttribute('comment', $comment0, true);
$pool->setAttribute('ip', $comment['ip'], true);
$pool->setAttribute('written', Timestamp::getUNIXtime());
$pool->setAttribute('isfiltered', $filteredAux);
$result = $pool->insert();
if ($result) {
$id = $insertId;
if ($filtered != 1) {
CacheControl::flushCommentRSS($comment['entry']);
CacheControl::flushDBCache('comment');
if ($parent != 'null' && $comment['secret'] < 1) {
$insertId = getCommentsNotifiedQueueMaxId() + 1;
$pool->reset('CommentsNotifiedQueue');
$pool->setAttribute('blogid', $blogid);
$pool->setAttribute('id', $insertId);
$pool->setAttribute('commentid', $id);
$pool->setAttribute('sendstatus', 0);
$pool->setAttribute('checkdate', 0);
$pool->setAttribute('written', Timestamp::getUNIXtime());
$pool->insert();
}
updateCommentsOfEntry($blogid, $comment['entry']);
fireEvent($comment['entry'] ? 'AddComment' : 'AddGuestComment', $id, $comment);
return $id;
} else {
return $blockType;
}
}
return false;
}