public function createObjectFromData($row)
{
/*
*Use type juggling to ensure object style syntax will work
*/
$row = (object) $row;
/*
*New comments wont have a post number or a submitted time
*/
if (!isset($row->postNumber)) {
$row->postNumber = null;
}
if (!isset($row->submittedAt)) {
$row->submittedAt = null;
}
//Create a new comment_model object
$comment = new Comment_Model();
//Set the postnumber on the comment model
$comment->setPostNumber($row->postNumber);
//Set the name on the comment model
$comment->setName($row->name);
//Set the email on the comment model
$comment->setEmail($row->email);
//set the website on the comment model
$comment->setWebsite($row->website);
//set the comment on the comment model
$comment->setComment($row->comment);
//set the submittedAt on the comment model
$comment->setSubmittedAt($row->submittedAt);
//Return the new user object
return $comment;
}
function removeComment($post_id)
{
$model = new Comment_Model();
$x = $model->removeComment(Session::get('id'), $post_id);
if ($x == true) {
echo 'Comment successfuly removed';
header("Location:" . URL . "/post/newsfeed");
} else {
echo 'error';
}
exit;
}
public static function getInstance()
{
if (self::$instance == null) {
self::$instance = new Comment_Model();
}
return self::$instance;
}
function addComment($params)
{
$name = isset($_POST['comname']) ? addslashes(trim($_POST['comname'])) : '';
$content = isset($_POST['comment']) ? addslashes(trim($_POST['comment'])) : '';
$mail = isset($_POST['commail']) ? addslashes(trim($_POST['commail'])) : '';
$url = isset($_POST['comurl']) ? addslashes(trim($_POST['comurl'])) : '';
$imgcode = isset($_POST['imgcode']) ? addslashes(trim(strtoupper($_POST['imgcode']))) : '';
$blogId = isset($_POST['gid']) ? intval($_POST['gid']) : -1;
$pid = isset($_POST['pid']) ? intval($_POST['pid']) : 0;
if (ISLOGIN === true) {
$CACHE = Cache::getInstance();
$user_cache = $CACHE->readCache('user');
$name = addslashes($user_cache[UID]['name_orig']);
$mail = addslashes($user_cache[UID]['mail']);
$url = addslashes(BLOG_URL);
}
if ($url && strncasecmp($url, 'http', 4)) {
$url = 'http://' . $url;
}
doAction('comment_post');
$Comment_Model = new Comment_Model();
$Comment_Model->setCommentCookie($name, $mail, $url);
if ($Comment_Model->isLogCanComment($blogId) === false) {
emMsg('评论失败:该文章已关闭评论');
} elseif ($Comment_Model->isCommentExist($blogId, $name, $content) === true) {
emMsg('评论失败:已存在相同内容评论');
} elseif (ROLE == ROLE_VISITOR && $Comment_Model->isCommentTooFast() === true) {
emMsg('评论失败:您提交评论的速度太快了,请稍后再发表评论');
} elseif (empty($name)) {
emMsg('评论失败:请填写姓名');
} elseif (strlen($name) > 20) {
emMsg('评论失败:姓名不符合规范');
} elseif ($mail != '' && !checkMail($mail)) {
emMsg('评论失败:邮件地址不符合规范');
} elseif (ISLOGIN == false && $Comment_Model->isNameAndMailValid($name, $mail) === false) {
emMsg('评论失败:禁止使用管理员昵称或邮箱评论');
} elseif (!empty($url) && preg_match("/^(http|https)\\:\\/\\/[^<>'\"]*\$/", $url) == false) {
emMsg('评论失败:主页地址不符合规范', 'javascript:history.back(-1);');
} elseif (empty($content)) {
emMsg('评论失败:请填写评论内容');
} elseif (strlen($content) > 8000) {
emMsg('评论失败:内容不符合规范');
} elseif (ROLE == ROLE_VISITOR && Option::get('comment_needchinese') == 'y' && !preg_match('/[\\x{4e00}-\\x{9fa5}]/iu', $content)) {
emMsg('评论失败:评论内容需包含中文');
} elseif (ISLOGIN == false && Option::get('comment_code') == 'y' && session_start() && (empty($imgcode) || $imgcode !== $_SESSION['code'])) {
emMsg('评论失败:验证码错误');
} else {
$_SESSION['code'] = null;
$Comment_Model->addComment($name, $content, $mail, $url, $imgcode, $blogId, $pid);
}
}
/**
* Displays a report.
* @param boolean $id If id is supplied, a report with that id will be
* retrieved.
*/
public function view($id = FALSE)
{
$this->template->header->this_page = 'reports';
$this->template->content = new View('reports/detail');
// Load Akismet API Key (Spam Blocker)
$api_akismet = Kohana::config('settings.api_akismet');
// Sanitize the report id before proceeding
$id = intval($id);
if ($id > 0) {
$incident = ORM::factory('sharing_incident')->where('id', $id)->where('incident_active', 1)->find();
// Not Found
if (!$incident->loaded) {
url::redirect('reports/');
}
// Comment Post?
// Setup and initialize form field names
$form = array('comment_author' => '', 'comment_description' => '', 'comment_email' => '', 'comment_ip' => '', 'captcha' => '');
$captcha = Captcha::factory();
$errors = $form;
$form_error = FALSE;
// Check, has the form been submitted, if so, setup validation
if ($_POST and Kohana::config('settings.allow_comments')) {
// Instantiate Validation, use $post, so we don't overwrite $_POST fields with our own things
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
if (!$this->user) {
$post->add_rules('comment_author', 'required', 'length[3,100]');
$post->add_rules('comment_email', 'required', 'email', 'length[4,100]');
}
$post->add_rules('comment_description', 'required');
$post->add_rules('captcha', 'required', 'Captcha::valid');
// Test to see if things passed the rule checks
if ($post->validate()) {
// Yes! everything is valid
if ($api_akismet != "") {
// Run Akismet Spam Checker
$akismet = new Akismet();
// Comment data
$comment = array('website' => "", 'body' => $post->comment_description, 'user_ip' => $_SERVER['REMOTE_ADDR']);
if ($this->user) {
$comment['author'] = $this->user->name;
$comment['email'] = $this->user->email;
} else {
$comment['author'] = $post->comment_author;
$comment['email'] = $post->comment_email;
}
$config = array('blog_url' => url::site(), 'api_key' => $api_akismet, 'comment' => $comment);
$akismet->init($config);
if ($akismet->errors_exist()) {
if ($akismet->is_error('AKISMET_INVALID_KEY')) {
// throw new Kohana_Exception('akismet.api_key');
} elseif ($akismet->is_error('AKISMET_RESPONSE_FAILED')) {
// throw new Kohana_Exception('akismet.server_failed');
} elseif ($akismet->is_error('AKISMET_SERVER_NOT_FOUND')) {
// throw new Kohana_Exception('akismet.server_not_found');
}
$comment_spam = 0;
} else {
$comment_spam = $akismet->is_spam() ? 1 : 0;
}
} else {
// No API Key!!
$comment_spam = 0;
}
$comment = new Comment_Model();
$comment->incident_id = 0;
if ($this->user) {
$comment->user_id = $this->user->id;
$comment->comment_author = $this->user->name;
$comment->comment_email = $this->user->email;
} else {
$comment->comment_author = strip_tags($post->comment_author);
$comment->comment_email = strip_tags($post->comment_email);
}
$comment->comment_description = strip_tags($post->comment_description);
$comment->comment_ip = $_SERVER['REMOTE_ADDR'];
$comment->comment_date = date("Y-m-d H:i:s", time());
// Activate comment for now
if ($comment_spam == 1) {
$comment->comment_spam = 1;
$comment->comment_active = 0;
} else {
$comment->comment_spam = 0;
$comment->comment_active = Kohana::config('settings.allow_comments') == 1 ? 1 : 0;
}
$comment->save();
// link comment to sharing_incident
$incident_comment = ORM::factory('sharing_incident_comment');
$incident_comment->comment_id = $comment->id;
$incident_comment->sharing_incident_id = $incident->id;
$incident_comment->save();
// Event::comment_add - Added a New Comment
Event::run('ushahidi_action.comment_add', $comment);
// Notify Admin Of New Comment
$send = notifications::notify_admins("[" . Kohana::config('settings.site_name') . "] " . Kohana::lang('notifications.admin_new_comment.subject'), Kohana::lang('notifications.admin_new_comment.message') . "\n\n'" . utf8::strtoupper($incident->incident_title) . "'" . "\n" . url::base() . 'reports/sharing/view/' . $id);
// Redirect
url::redirect('reports/sharing/view/' . $id);
} else {
// No! We have validation errors, we need to show the form again, with the errors
// Repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// Populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('comments'));
$form_error = TRUE;
}
}
// Filters
$incident_title = $incident->incident_title;
$incident_description = $incident->incident_description;
Event::run('ushahidi_filter.report_title', $incident_title);
Event::run('ushahidi_filter.report_description', $incident_description);
$this->template->header->page_title .= $incident_title . Kohana::config('settings.title_delimiter');
// Add Features
// hardcode geometries to empty
$this->template->content->features_count = 0;
$this->template->content->features = array();
$this->template->content->incident_id = $incident->id;
$this->template->content->incident_title = $incident_title;
$this->template->content->incident_description = $incident_description;
$this->template->content->incident_location = $incident->location->location_name;
$this->template->content->incident_latitude = $incident->location->latitude;
$this->template->content->incident_longitude = $incident->location->longitude;
$this->template->content->incident_date = date('M j Y', strtotime($incident->incident_date));
$this->template->content->incident_time = date('H:i', strtotime($incident->incident_date));
$this->template->content->incident_category = ORM::factory('sharing_incident_category')->where('sharing_incident_id', $incident->id)->find_all();
// Incident rating
$rating = ORM::factory('rating')->join('incident', 'incident.id', 'rating.incident_id', 'INNER')->where('rating.incident_id', $incident->id)->find();
$this->template->content->incident_rating = $rating->rating == '' ? 0 : $rating->rating;
// Retrieve Media
$incident_news = array();
$incident_video = array();
$incident_photo = array();
foreach ($incident->media as $media) {
if ($media->media_type == 4) {
$incident_news[] = $media->media_link;
} elseif ($media->media_type == 2) {
$incident_video[] = $media->media_link;
} elseif ($media->media_type == 1) {
$incident_photo[] = array('large' => url::convert_uploaded_to_abs($media->media_link), 'thumb' => url::convert_uploaded_to_abs($media->media_thumb));
}
}
$this->template->content->incident_verified = $incident->incident_verified;
// Retrieve Comments (Additional Information)
$this->template->content->comments = "";
if (Kohana::config('settings.allow_comments')) {
$this->template->content->comments = new View('reports/comments');
$incident_comments = array();
if ($id) {
$incident_comments = Sharing_Incident_Model::get_comments($id);
}
$this->template->content->comments->incident_comments = $incident_comments;
}
} else {
url::redirect('reports');
}
// Add extra info to meta
Event::add('ushahidi_action.report_display_media', array($this, 'report_display_media'));
// Add Neighbors
$this->template->content->incident_neighbors = Sharing_Incident_Model::get_neighbouring_incidents($id, TRUE, 0, 5);
// News Source links
$this->template->content->incident_news = $incident_news;
// Video links
$this->template->content->incident_videos = $incident_video;
// Images
$this->template->content->incident_photos = $incident_photo;
// Create object of the video embed class
$video_embed = new VideoEmbed();
$this->template->content->videos_embed = $video_embed;
// Javascript Header
$this->themes->map_enabled = TRUE;
$this->themes->photoslider_enabled = TRUE;
$this->themes->videoslider_enabled = TRUE;
$this->themes->js = new View('reports/view_js');
$this->themes->js->incident_id = $incident->id;
$this->themes->js->incident_json_url = 'json/share/single/' . $incident->id;
$this->themes->js->default_map = Kohana::config('settings.default_map');
$this->themes->js->default_zoom = Kohana::config('settings.default_zoom');
$this->themes->js->latitude = $incident->location->latitude;
$this->themes->js->longitude = $incident->location->longitude;
$this->themes->js->incident_zoom = null;
//$incident->incident_zoom;
$this->themes->js->incident_photos = $incident_photo;
// Initialize custom field array
$this->template->content->custom_forms = new View('reports/detail_custom_forms');
$form_field_names = customforms::get_custom_form_fields($id, 1, FALSE, "view");
$this->template->content->custom_forms->form_field_names = $form_field_names;
// Are we allowed to submit comments?
$this->template->content->comments_form = "";
if (Kohana::config('settings.allow_comments')) {
$this->template->content->comments_form = new View('reports/comments_form');
$this->template->content->comments_form->user = $this->user;
$this->template->content->comments_form->form = $form;
$this->template->content->comments_form->form_field_names = $form_field_names;
$this->template->content->comments_form->captcha = $captcha;
$this->template->content->comments_form->errors = $errors;
$this->template->content->comments_form->form_error = $form_error;
}
// If the Admin is Logged in - Allow for an edit link
$this->template->content->logged_in = $this->logged_in;
// Rebuild Header Block
$this->template->header->header_block = $this->themes->header_block();
$this->template->footer->footer_block = $this->themes->footer_block();
}
function displayContent($params)
{
$comment_page = isset($params[4]) && $params[4] == 'comment-page' ? intval($params[5]) : 1;
$Log_Model = new Log_Model();
$CACHE = Cache::getInstance();
$options_cache = $CACHE->readCache('options');
extract($options_cache);
$logid = 0;
if (isset($params[1])) {
if ($params[1] == 'post') {
$logid = isset($params[2]) ? intval($params[2]) : 0;
} elseif (is_numeric($params[1])) {
$logid = intval($params[1]);
} else {
$logalias_cache = $CACHE->readCache('logalias');
if (!empty($logalias_cache)) {
$alias = addslashes(urldecode(trim($params[1])));
$logid = array_search($alias, $logalias_cache);
if (!$logid) {
show_404_page();
}
}
}
}
$Comment_Model = new Comment_Model();
$logData = $Log_Model->getOneLogForHome($logid);
if ($logData === false) {
show_404_page();
}
extract($logData);
if (!empty($password)) {
$postpwd = isset($_POST['logpwd']) ? addslashes(trim($_POST['logpwd'])) : '';
$cookiepwd = isset($_COOKIE['em_logpwd_' . $logid]) ? addslashes(trim($_COOKIE['em_logpwd_' . $logid])) : '';
$Log_Model->AuthPassword($postpwd, $cookiepwd, $password, $logid);
}
//meta
switch ($log_title_style) {
case '0':
$site_title = $log_title;
break;
case '1':
$site_title = $log_title . ' - ' . $blogname;
break;
case '2':
$site_title = $log_title . ' - ' . $site_title;
break;
}
$site_description = extractHtmlData($log_content, 90);
$log_cache_tags = $CACHE->readCache('logtags');
if (!empty($log_cache_tags[$logid])) {
foreach ($log_cache_tags[$logid] as $value) {
$site_key .= ',' . $value['tagname'];
}
}
//comments
$verifyCode = ISLOGIN == false && $comment_code == 'y' ? "<img src=\"" . BLOG_URL . "include/lib/checkcode.php\" align=\"absmiddle\" /><input name=\"imgcode\" type=\"text\" class=\"input\" size=\"5\" tabindex=\"5\" />" : '';
$ckname = isset($_COOKIE['commentposter']) ? htmlspecialchars(stripslashes($_COOKIE['commentposter'])) : '';
$ckmail = isset($_COOKIE['postermail']) ? htmlspecialchars($_COOKIE['postermail']) : '';
$ckurl = isset($_COOKIE['posterurl']) ? htmlspecialchars($_COOKIE['posterurl']) : '';
$comments = $Comment_Model->getComments(0, $logid, 'n', $comment_page);
include View::getView('header');
if ($type == 'blog') {
$Log_Model->updateViewCount($logid);
$neighborLog = $Log_Model->neighborLog($timestamp);
$tb = array();
$tb_url = '';
//兼容未删除引用模板
include View::getView('echo_log');
} elseif ($type == 'page') {
$template = !empty($template) && file_exists(TEMPLATE_PATH . $template . '.php') ? $template : 'page';
include View::getView($template);
}
}
<?php
#comment.php
ob_start();
require '../../init.php';
//利用ajax返回给page.php的数据
$content = htmlClean($_POST['comment_content']);
$name = trim($_POST['nickname']);
$post_id = $_POST['post_id'];
header('Content-type: text/html;charset=UTF-8');
echo "<p class='comment_author'>{$name}</p>" . "<div class='avatar'><img src='images/avatar.jpg' title='avatar'/></div>" . "<p class='comment_content'>{$content}</p><div class='spacer'></div>";
//将评论加入数据库
Comment_Model::getInstance()->updateComment($name, $content, $post_id);
/**
* Submit comments
*
* @return int
*/
private function _add_comment()
{
$api_akismet = Kohana::config('settings.api_akismet');
// Comment Post?
// Setup and initialize form field names
$form = array('incident_id' => '', 'comment_author' => '', 'comment_description' => '', 'comment_email' => '');
$captcha = Captcha::factory();
$errors = $form;
$form_error = FALSE;
$ret_value = 0;
// Check, has the form been submitted, if so, setup validation
if ($_POST and Kohana::config('settings.allow_comments')) {
// Instantiate Validation, use $post, so we don't overwrite $_POST fields with our own things
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('incident_id', 'required');
$post->add_rules('comment_author', 'required', 'length[3,100]');
$post->add_rules('comment_description', 'required');
$post->add_rules('comment_email', 'required', 'email', 'length[4,100]');
// Test to see if things passed the rule checks
if ($post->validate()) {
// Yes! everything is valid
$incident = ORM::factory('incident')->where('id', $post->incident_id)->where('incident_active', 1)->find();
if ($incident->id == 0) {
return $this->response(1, "No incidents with that ID");
}
if ($api_akismet != "") {
// Run Akismet Spam Checker
$akismet = new Akismet();
// Comment data
$comment = array('author' => $post->comment_author, 'email' => $post->comment_email, 'website' => "", 'body' => $post->comment_description, 'user_ip' => $_SERVER['REMOTE_ADDR']);
$config = array('blog_url' => url::site(), 'api_key' => $api_akismet, 'comment' => $comment);
$akismet->init($config);
if ($akismet->errors_exist()) {
if ($akismet->is_error('AKISMET_INVALID_KEY')) {
// throw new Kohana_Exception('akismet.api_key');
} elseif ($akismet->is_error('AKISMET_RESPONSE_FAILED')) {
// throw new Kohana_Exception('akismet.server_failed');
} elseif ($akismet->is_error('AKISMET_SERVER_NOT_FOUND')) {
// throw new Kohana_Exception('akismet.server_not_found');
}
// If the server is down, we have to post
// the comment :(
// $this->_post_comment($comment);
$comment_spam = 0;
} else {
if ($akismet->is_spam()) {
$comment_spam = 1;
} else {
$comment_spam = 0;
}
}
} else {
// No API Key!!
$comment_spam = 0;
}
$comment = new Comment_Model();
$comment->incident_id = strip_tags($post->incident_id);
$comment->comment_author = strip_tags($post->comment_author);
$comment->comment_description = strip_tags($post->comment_description);
$comment->comment_email = strip_tags($post->comment_email);
$comment->comment_ip = $_SERVER['REMOTE_ADDR'];
$comment->comment_date = date("Y-m-d H:i:s", time());
// Activate comment for now
if ($comment_spam == 1) {
$comment->comment_spam = 1;
$comment->comment_active = 0;
} else {
$comment->comment_spam = 0;
if (Kohana::config('settings.allow_comments') == 1) {
// Auto Approve
$comment->comment_active = 1;
} else {
// Manually Approve
$comment->comment_active = 0;
}
}
$comment->save();
// Notify Admin Of New Comment
$send = notifications::notify_admins("[" . Kohana::config('settings.site_name') . "] " . Kohana::lang('notifications.admin_new_comment.subject'), Kohana::lang('notifications.admin_new_comment.message') . "\n\n'" . strtoupper($incident->incident_title) . "'" . "\n" . url::base() . 'reports/view/' . $post->incident_id);
} else {
// No! We have validation errors, we need to show the form again, with the errors
// Repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// Populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('comments'));
foreach ($errors as $error_item => $error_description) {
if (!is_array($error_description)) {
$this->error_messages .= $error_description;
if ($error_description != end($errors)) {
$this->error_messages .= " - ";
}
}
}
$ret_value = 1;
// Validation error
}
} else {
$ret_value = 3;
}
return $this->response($ret_value, $this->error_messages);
}
/**
* Lists the reports.
* @param int $page
*/
function index($page = 1)
{
$this->template->content = new View('simplegroups/comments');
$this->template->content->title = Kohana::lang('ui_admin.comments');
if (!empty($_GET['status'])) {
$status = $_GET['status'];
if (strtolower($status) == 'a') {
$filter = 'comment_active = 1 AND comment_spam = 0';
} elseif (strtolower($status) == 'p') {
$filter = 'comment_active = 0 AND comment_spam = 0';
} elseif (strtolower($status) == 's') {
$filter = 'comment_spam = 1';
} else {
$status = "0";
$filter = 'comment_spam = 0';
}
} else {
$status = "0";
$filter = 'comment_spam = 0';
}
// check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('comment_id.*', 'required', 'numeric');
if ($post->validate()) {
if ($post->action == 'a') {
// Approve Action
foreach ($post->comment_id as $item) {
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_active = '1';
$update->comment_spam = '0';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.approved'));
} elseif ($post->action == 'u') {
// Unapprove Action
foreach ($post->comment_id as $item) {
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_active = '0';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.unapproved'));
} elseif ($post->action == 's') {
// Spam Action
foreach ($post->comment_id as $item) {
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_spam = '1';
$update->comment_active = '0';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.marked_as_spam'));
} elseif ($post->action == 'n') {
// Spam Action
foreach ($post->comment_id as $item) {
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_spam = '0';
$update->comment_active = '1';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.marked_as_not_spam'));
} elseif ($post->action == 'd') {
foreach ($post->comment_id as $item) {
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->delete();
}
}
$form_action = Kohana::lang('ui_admin.deleted');
} elseif ($post->action == 'x') {
ORM::factory('comment')->where('comment_spam', '1')->delete_all();
$form_action = Kohana::lang('ui_admin.deleted');
}
$form_saved = TRUE;
} else {
$form_error = TRUE;
}
}
// Pagination
$pagination = new Pagination(array('query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page_admin'), 'total_items' => ORM::factory('comment')->join("simplegroups_groups_incident", "comment.incident_id", "simplegroups_groups_incident.incident_id")->where($filter . " AND (simplegroups_groups_incident.simplegroups_groups_id = " . $this->group->id . ") ")->count_all()));
$comments = ORM::factory('comment')->join("simplegroups_groups_incident", "comment.incident_id", "simplegroups_groups_incident.incident_id")->where($filter . " AND (simplegroups_groups_incident.simplegroups_groups_id = " . $this->group->id . ") ")->orderby('comment_date', 'desc')->find_all((int) Kohana::config('settings.items_per_page_admin'), $pagination->sql_offset);
$this->template->content->comments = $comments;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('simplegroups/comments_js');
}
public function agree_group()
{
$data = $this->get_data();
$message_id = $data['id'];
if (empty($message_id)) {
$this->send_response(400, NULL, '400102:消息id非法');
}
$result = $this->model->getNoticeInfo(array('id' => $message_id, 'uid' => $this->user_id), true);
if (!$result) {
$this->send_response(400, NULL, '400101:消息体不存在或已经被处理');
}
$group_tmp = json_decode($result['title'], true);
$gid = $group_tmp['group'][0]['id'];
$gname = $group_tmp['group'][0]['name'];
$grade = $this->groupModel->getmembergrade($gid, $this->user_id);
if ($grade > 0) {
$this->model->putChangeTplByid($this->user_id, $message_id, 1);
$this->send_response(400, NULL, '400108:您已经是群成员了');
}
$group_info = $this->groupModel->getGroupInfo($gid);
if (!$group_info) {
$this->model->putChangeTplByid($this->user_id, $message_id, 4);
$this->send_response(400, NULL, '400109:群不存在');
}
//查询群组成员总数是否超出最大限制(暂定100)
$memberNum = $group_info['member_number'];
if ($group_info['type'] == Kohana::config('group.type.public')) {
$maxMemberNum = Kohana::config('group.maxMemberNum.public');
} else {
$maxMemberNum = Kohana::config('group.maxMemberNum.private');
}
if ($memberNum >= $maxMemberNum) {
$this->model->putChangeTplByid($this->user_id, $message_id, 3);
$this->send_response(400, NULL, '400110:群成员人数已满');
}
$result = $this->groupModel->addGroupMember($gid, $this->user_id, 1);
$this->groupModel->addMemberNum($gid);
$feedModel = new Feed_Model();
if ($group_info['type'] == Kohana::config('group.type.private')) {
$dateline = time();
try {
//添加群组通讯录联系人
$this->groupContactModel->addGroupContactByUserCard($gid, $this->user_id, $dateline);
} catch (Exception $exc) {
$this->send_response(400, NULL, '400111:导入个人名片到群组通讯录联系人失败');
}
$ginfo['modify_time'] = $dateline;
$ret = $this->groupModel->modifyGroup($gid, $ginfo);
} else {
if ($group_info['type'] == Kohana::config('group.type.public')) {
//发送加入公开群组动态
$application = array('id' => floatval($gid), 'title' => '查看群组', 'url' => 'group/' . $gid);
$feedModel->addFeed($this->user_id, 2, $text = '加入了群组:' . $group_info['gname'], $this->get_source(), $application, $at = array(), $images = array(), $sync = array(), $group_type = 0, $group_id = 0, $retweet_id = 0, $allow_rt = 0, $allow_comment = 1, $allow_praise = 1, $allow_del = 1, $allow_hide = 1);
}
}
$commentModel = new Comment_Model();
if ($group_info['feed_id']) {
$friendModel = Friend_Model::instance();
$isFriend = $friendModel->check_isfriend($this->user_id, $group_info['creator_id']);
if ($isFriend) {
$commentModel->saveComment($group_info['feed_id'], '加入了本群', $group_info['creator_id']);
}
}
if ($group_info['group_feed_id']) {
$commentModel->saveComment($group_info['group_feed_id'], '加入了本群', $group_info['creator_id']);
}
//添加群到首页tab列表
$userModel = new User_Model();
$userModel->insertTag($this->user_id, 7, $gid);
$feedModel->addTab($gid, $group_info['gname'], 7, $this->user_id);
//删除邀请表对应的记录
$this->model->putChangeTplByid($this->user_id, $message_id, 1);
$this->send_response(200);
}
/**
* Displays a report.
* @param boolean $id If id is supplied, a report with that id will be
* retrieved.
*/
public function view($id = false)
{
$this->template->header->this_page = 'reports';
$this->template->content = new View('reports_view');
if (!$id) {
url::redirect('main');
} else {
$incident = ORM::factory('incident', $id);
if ($incident->id == 0) {
url::redirect('main');
}
// Comment Post?
// Setup and initialize form field names
$form = array('comment_author' => '', 'comment_description' => '', 'comment_email' => '', 'comment_ip' => '', 'captcha' => '');
$captcha = Captcha::factory();
$errors = $form;
$form_error = FALSE;
// Check, has the form been submitted, if so, setup validation
if ($_POST) {
// Instantiate Validation, use $post, so we don't overwrite $_POST fields with our own things
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('comment_author', 'required', 'length[3,100]');
$post->add_rules('comment_description', 'required');
$post->add_rules('comment_email', 'required', 'email', 'length[4,100]');
$post->add_rules('captcha', 'required', 'Captcha::valid');
// Test to see if things passed the rule checks
if ($post->validate()) {
// Yes! everything is valid
$comment = new Comment_Model();
$comment->incident_id = $id;
$comment->comment_author = $post->comment_author;
$comment->comment_description = $post->comment_description;
$comment->comment_email = $post->comment_email;
$comment->comment_ip = $_SERVER['REMOTE_ADDR'];
$comment->comment_date = date("Y-m-d H:i:s", time());
// Activate comment for now
$comment->comment_active = 1;
$comment->save();
// Redirect
url::redirect('reports/view/' . $id);
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('comments'));
$form_error = TRUE;
}
}
$this->template->content->incident_id = $incident->id;
$this->template->content->incident_title = $incident->incident_title;
$this->template->content->incident_description = nl2br($incident->incident_description);
$this->template->content->incident_location = $incident->location->location_name;
$this->template->content->incident_latitude = $incident->location->latitude;
$this->template->content->incident_longitude = $incident->location->longitude;
$this->template->content->incident_date = date('M j Y', strtotime($incident->incident_date));
$this->template->content->incident_time = date('H:i', strtotime($incident->incident_date));
$this->template->content->incident_category = $incident->incident_category;
if ($incident->incident_rating == '') {
$this->template->content->incident_rating = 0;
} else {
$this->template->content->incident_rating = $incident->incident_rating;
}
// Retrieve Media
$incident_news = array();
$incident_video = array();
$incident_photo = array();
foreach ($incident->media as $media) {
if ($media->media_type == 4) {
$incident_news[] = $media->media_link;
} elseif ($media->media_type == 2) {
$incident_video[] = $media->media_link;
} elseif ($media->media_type == 1) {
$incident_photo[] = $media->media_link;
}
}
$this->template->content->incident_verified = $incident->incident_verified;
// Retrieve Comments (Additional Information)
$incident_comments = array();
if ($id) {
$incident_comments = ORM::factory('comment')->where('incident_id', $id)->where('comment_active', '1')->orderby('comment_date', 'asc')->find_all();
}
$this->template->content->incident_comments = $incident_comments;
}
// Add Neighbors
$this->template->content->incident_neighbors = $this->_get_neighbors($incident->location->latitude, $incident->location->longitude);
// Get RSS News Feeds
$this->template->content->feeds = ORM::factory('feed_item')->limit('5')->orderby('item_date', 'desc')->find_all();
// Video links
$this->template->content->incident_videos = $incident_video;
// Create object of the video embed class
$video_embed = new VideoEmbed();
$this->template->content->videos_embed = $video_embed;
// Javascript Header
$this->template->header->map_enabled = TRUE;
$this->template->header->photoslider_enabled = TRUE;
$this->template->header->videoslider_enabled = TRUE;
$this->template->header->js = new View('reports_view_js');
$this->template->header->js->incident_id = $incident->id;
$this->template->header->js->default_map = Kohana::config('settings.default_map');
$this->template->header->js->default_zoom = Kohana::config('settings.default_zoom');
$this->template->header->js->latitude = $incident->location->latitude;
$this->template->header->js->longitude = $incident->location->longitude;
$this->template->header->js->incident_photos = $incident_photo;
// Pack the javascript using the javascriptpacker helper
$myPacker = new javascriptpacker($this->template->header->js, 'Normal', false, false);
$this->template->header->js = $myPacker->pack();
// Forms
$this->template->content->form = $form;
$this->template->content->captcha = $captcha;
$this->template->content->errors = $errors;
$this->template->content->form_error = $form_error;
}
<?php
/**
* 评论管理
* @copyright (c) Emlog All Rights Reserved
*/
require_once 'globals.php';
$Comment_Model = new Comment_Model();
if ($action == '') {
$blogId = isset($_GET['gid']) ? intval($_GET['gid']) : null;
$hide = isset($_GET['hide']) ? addslashes($_GET['hide']) : '';
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$addUrl_1 = $blogId ? "gid={$blogId}&" : '';
$addUrl_2 = $hide ? "hide={$hide}&" : '';
$addUrl = $addUrl_1 . $addUrl_2;
$comment = $Comment_Model->getComments(1, $blogId, $hide, $page);
$cmnum = $Comment_Model->getCommentNum($blogId, $hide);
$hideCommNum = $Comment_Model->getCommentNum($blogId, 'y');
$pageurl = pagination($cmnum, Option::get('admin_perpage_num'), $page, "comment.php?{$addUrl}page=");
include View::getView('header');
require_once View::getView('comment');
include View::getView('footer');
View::output();
}
if ($action == 'del') {
$id = isset($_GET['id']) ? intval($_GET['id']) : '';
LoginAuth::checkToken();
$Comment_Model->delComment($id);
$CACHE->updateCache(array('sta', 'comment'));
emDirect("./comment.php?active_del=1");
}
private function _add_feed_comment($activity, $old_apply_type, $apply_type, $uid)
{
$feedModel = new Feed_Model();
if ($apply_type == Kohana::config('activity.apply_type.join')) {
$feedStatus = "参加";
$applyStatus = "参加";
} else {
if ($apply_type == Kohana::config('activity.apply_type.interest')) {
$feedStatus = "关注";
$applyStatus = "感兴趣";
}
}
if ($activity['gid'] != 0) {
if ($apply_type != Kohana::config('activity.apply_type.not_join')) {
$commentModel = new Comment_Model();
$content = "参与报名:" . $applyStatus;
if ($activity['feed_id']) {
$feed_id = $activity['feed_id'];
$feedInfo = $feedModel->getFeedById($feed_id);
if ($feedInfo) {
$group_type = $feedInfo[$feed_id]['group_type'];
$group_id = $feedInfo[$feed_id]['group_id'];
$owner_uid = $feedInfo[$feed_id]['owner_uid'];
if (!$group_type) {
//好友
$friendModel = Friend_Model::instance();
$isFriend = $friendModel->check_isfriend($owner_uid, $uid);
if ($isFriend) {
$commentModel->saveComment($feed_id, $content, $owner_uid);
}
} else {
if ($group_type == 1) {
//群内
$groupModel = Group_Model::instance();
$grade = $groupModel->getMemberGrade($group_id, $uid);
if ($grade > 0) {
$commentModel->saveComment($feed_id, $content, $owner_uid);
}
} else {
if ($group_type == 2) {
//活动内
$activityModel = Activity_Model::instance();
$apply_type = $activityModel->getActivityApplyType($group_id, $uid);
if ($apply_type > 0) {
$commentModel->saveComment($feed_id, $content, $owner_uid);
}
}
}
}
}
}
if ($activity['action_feed_id']) {
$commentModel->saveComment($activity['action_feed_id'], $content, $activity['creator_id']);
}
}
}
if (!$old_apply_type && ($apply_type == Kohana::config('activity.apply_type.join') || $apply_type == Kohana::config('activity.apply_type.interest')) && $activity['is_allow_invite']) {
$application = array('id' => floatval($activity['aid']), 'title' => '查看活动', 'url' => 'action/showblogbox/' . $activity['aid']);
$feedModel->addFeed($uid, 7, $text = $feedStatus . '了活动:' . $activity['title'], $this->get_source(), $application, $at = array(), $images = array(), $sync = array(), $group_type = 0, $group_id = 0, $retweet_id = 0, $allow_rt = 0, $allow_comment = 1, $allow_praise = 1, $allow_del = 1, $allow_hide = 1);
}
}
/**
* Approves / Dissaproves a comment
*
* @param string response_type - The resposne format to return.XML
* or JSON
*
* @return Array
*/
public function _approve_comment($response_type)
{
$form = array('action' => '', 'comment_id' => '');
$errors = $form;
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of
//checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('comment_id', 'required', 'numeric');
if ($post->validate()) {
$comment_id = $post->comment_id;
$comment = new Comment_Model($comment_id);
if ($comment->loaded == true) {
//approve
if ($post->action == strtolower('a')) {
$comment->comment_active = '1';
$comment->comment_spam = '0';
} else {
if ($post->action == strtolower('u')) {
$comment->comment_active = '0';
}
}
$comment->save();
} else {
//Comment id doesn't exist in DB
//TODO i18nize the string
$this->error_messages .= "Comment ID does not exist.";
$this->ret_value = 1;
}
} else {
//TODO i18nize the string
$this->error_messages .= "Comment ID is required.";
$this->ret_value = 1;
}
} else {
$this->ret_value = 3;
}
return $this->api_actions->_response($this->ret_value, $response_type, $this->error_messages);
}
/**
* Lists the reports.
* @param int $page
*/
function index($page = 1)
{
$this->template->content = new View('admin/comments');
$this->template->content->title = Kohana::lang('ui_admin.comments');
$filter = '';
$r_from = "";
if( isset($_GET['from']) )
{
$r_from = $this->input->xss_clean($_GET['from']);
}
$r_to = "";
if( isset($_GET['to']) )
{
$r_to = $this->input->xss_clean($_GET['to']);
}
$filter_range = "";
if( isset($r_from) && empty($r_to) )
{
$filter_range = "comment_date between \"".date("Y-m-d",strtotime($r_from))." 00:00:00\" and \"".date("Y-m-d")." 23:59:00\"";
} elseif( isset($r_from) && isset($r_to) )
{
$filter_range = "comment_date between \"".date("Y-m-d",strtotime($r_from))." 00:00:00\" and \"".date("Y-m-d",strtotime($r_to))." 23:59:00\"";
} elseif( empty($r_from) && isset($r_to) )
{
$filter_range = "comment_date between \"".date("Y-m-d",1)." 00:00:00\" and \"".date("Y-m-d",strtotime($r_to))." 23:59:00\"";
}
$filter_status = "";
if (!empty($_GET['status']))
{
$status = $_GET['status'];
if (strtolower($status) == 'a')
{
$filter_status = 'comment_active = 1 AND comment_spam = 0';
}
elseif (strtolower($status) == 'p')
{
$filter_status = 'comment_active = 0 AND comment_spam = 0';
}
elseif (strtolower($status) == 's')
{
$filter_status = 'comment_spam = 1';
}
else
{
$status = "0";
$filter_status = 'comment_spam = 0';
}
}
else
{
$status = "0";
$filter_status = 'comment_spam = 0';
}
// filter string build.
$filter = $filter_status;
$filter .= ((!empty($filter))? ((!empty($filter_range))? (" AND ".$filter_range):""):$filter_range);
if (empty($filter))
{
$filter = 'comment_spam = 0';
}
// check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST)
{
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action','required', 'alpha', 'length[1,1]');
$post->add_rules('comment_id.*','required','numeric');
if ($post->validate())
{
if ($post->action == 'a')
{ // Approve Action
foreach($post->comment_id as $item)
{
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_active = '1';
$update->comment_spam = '0';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.approved'));
}
elseif ($post->action == 'u')
{ // Unapprove Action
foreach($post->comment_id as $item)
{
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_active = '0';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.unapproved'));
}
elseif ($post->action == 's')
{ // Spam Action
foreach($post->comment_id as $item)
{
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_spam = '1';
$update->comment_active = '0';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.marked_as_spam'));
}
elseif ($post->action == 'n')
{ // Spam Action
foreach($post->comment_id as $item)
{
$update = new Comment_Model($item);
if ($update->loaded == true) {
$update->comment_spam = '0';
$update->comment_active = '1';
$update->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.marked_as_not_spam'));
}
elseif ($post->action == 'd') // Delete Action
{
foreach($post->comment_id as $item)
{
$update = new Comment_Model($item);
if ($update->loaded == true)
{
$update->delete();
}
}
$form_action = Kohana::lang('ui_admin.deleted');
}
elseif ($post->action == 'x') // Delete All Spam Action
{
ORM::factory('comment')->where('comment_spam','1')->delete_all();
$form_action = Kohana::lang('ui_admin.deleted');
}
$form_saved = TRUE;
}
else
{
$form_error = TRUE;
}
}
$order = 0;
$order_string = "desc";
if( isset($_GET['order']) )
{
$order = intval($_GET['order']);
if ( $order == 0 )
{
$order_string = "desc";
} elseif ( $order == 1 ) {
$order_string = "asc";
} else {
$order = 0;
$order_string = "desc";
}
}
// Pagination
$pagination = new Pagination(array(
'query_string' => 'page',
'items_per_page' => (int) Kohana::config('settings.items_per_page_admin'),
'total_items' => ORM::factory('comment')->where($filter)->count_all()
));
$comments = ORM::factory('comment')->where($filter)->orderby('comment_date', $order_string)->find_all((int) Kohana::config('settings.items_per_page_admin'), $pagination->sql_offset);
$this->template->content->from = $r_from;
$this->template->content->to = $r_to;
$this->template->content->order = $order;
$this->template->content->comments = $comments;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('admin/comments_js');
}
/**
* 审核/驳回作者文章
*
* @param int $blogId
* @param string $state
*/
function checkSwitch($blogId, $state)
{
$this->db->query("UPDATE " . DB_PREFIX . "blog SET checked='{$state}' WHERE gid={$blogId}");
$state = $state == 'y' ? 'n' : 'y';
$this->db->query("UPDATE " . DB_PREFIX . "comment SET hide='{$state}' WHERE gid={$blogId}");
$Comment_Model = new Comment_Model();
$Comment_Model->updateCommentNum($blogId);
}
</div> <div class="ft-right"> <ul> <li class="sort byorder"><span>Ordenar por</span> <?php echo get_byorder($byorder); ?> </li> <li class="ui"><span>Interfaz</span><a class="grid" href="javascript:void(0)"> </a><a class="list" href="javascript:void(0)"> </a></li> </ul> </div> </div> <div class="fitter-mess"> <p> <?php echo Comment_Model::rand_notice(); ?> </p> </div> <div class="clearfix filter-type hidden"> <input type="hidden" id="bycountry" value="<?php echo $couid; ?> "/> <input type="hidden" id="byquality" value="<?php echo $qualityid; ?> "/> <input type="hidden" id="bycat" value="<?php echo $catid; ?>
function kl_sendmail_put_reply_mail($commentId, $reply)
{
global $userData;
include EMLOG_ROOT . '/content/plugins/kl_sendmail/kl_sendmail_config.php';
if (KL_IS_REPLY_MAIL == 'Y') {
$DB = Database::getInstance();
$blogname = Option::get('blogname');
$Comment_Model = new Comment_Model();
$commentArray = $Comment_Model->getOneComment($commentId);
extract($commentArray);
$subject = "您在【{$blogname}】发表的评论收到了回复";
if (strpos($mail, '@139.com') === false) {
$emBlog = new Log_Model();
$logData = $emBlog->getOneLogForHome($gid);
$log_title = $logData['log_title'];
$content = "{$poster},您好:<br /><br />您之前在《{$log_title}》发表的的评论:<br />{$comment}<br /><br />{$userData['username']}给您的回复:<br />{$reply}<br /><br /><strong>您可以点击<a href=\"" . Url::log($gid) . "#{$cid}\" target=\"_blank\">查看该日志</a></strong><br /><br /><strong>感谢您对<a href=\"" . BLOG_URL . "\" target=\"_blank\">{$blogname}</a>的关注,欢迎<a href=\"" . BLOG_URL . "rss.php\">订阅本站</a></strong><br /><br />";
} else {
$content = $reply;
}
if ($mail != '') {
kl_sendmail_do(KL_MAIL_SMTP, KL_MAIL_PORT, KL_MAIL_SENDEMAIL, KL_MAIL_PASSWORD, $mail, $subject, $content, $blogname);
}
} else {
return;
}
}
function plugin_setting_view()
{
$DB = MySql::getInstance();
?>
<div class="containertitle2">
<a class="navi<?php
echo isset($_GET['advance']) ? 1 : 3;
?>
" href="./plugin.php?plugin=anti_spam_comment">基本设置</a>
<a class="navi<?php
echo isset($_GET['advance']) ? 2 : 4;
?>
" href="./plugin.php?plugin=anti_spam_comment&advance=true">高级选项</a>
<?php
if (isset($_GET['setting'])) {
?>
<span class="actived">插件设置完成</span><?php
}
if (isset($_GET['error'])) {
?>
<span class="actived">插件设置失败</span><?php
}
?>
</div>
<?php
if (isset($_GET['advance'])) {
$act = isset($_GET['act']) ? trim($_GET['act']) : '';
if ($act) {
global $CACHE;
switch ($act) {
case 'shieldname':
$id = isset($_GET['id']) ? intval($_GET['id']) : '';
//$DB->query("UPDATE ".DB_PREFIX."comment SET poster='该昵称已屏蔽' WHERE cid={$id}");
$DB->query("UPDATE " . DB_PREFIX . "comment SET comment='该评论已屏蔽',poster='该昵称已屏蔽' WHERE cid={$id}");
$CACHE->updateCache(array('sta', 'comment'));
header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
break;
case 'delurl':
$id = isset($_GET['id']) ? intval($_GET['id']) : '';
$DB->query("UPDATE " . DB_PREFIX . "comment SET url='' WHERE cid={$id}");
$CACHE->updateCache(array('sta', 'comment'));
header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
break;
case 'admin_all_coms':
$operate = isset($_POST['operate']) ? $_POST['operate'] : '';
$comments = isset($_POST['com']) ? array_map('intval', $_POST['com']) : array();
$commentsId = '(' . implode(',', $comments) . ')';
switch ($operate) {
case 'shieldname':
$DB->query("UPDATE " . DB_PREFIX . "comment SET comment='该评论已屏蔽',poster='该昵称已屏蔽' WHERE cid IN{$commentsId}");
$CACHE->updateCache(array('sta', 'comment'));
header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
break;
case 'delurl':
$DB->query("UPDATE " . DB_PREFIX . "comment SET url='' WHERE cid IN{$commentsId}");
$CACHE->updateCache(array('sta', 'comment'));
header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
break;
}
break;
case 'save':
$comname = isset($_POST['comname']) ? addslashes(trim($_POST['comname'])) : '';
$comment = isset($_POST['comment']) ? addslashes(trim($_POST['comment'])) : '';
$commail = isset($_POST['commail']) ? addslashes(trim($_POST['commail'])) : '';
$comurl = isset($_POST['comurl']) ? addslashes(trim($_POST['comurl'])) : '';
if ($comurl && strncasecmp($comurl, 'http://', 7)) {
$comurl = 'http://' . $comurl;
}
$cid = isset($_POST['cid']) ? intval($_POST['cid']) : '';
$DB->query("UPDATE " . DB_PREFIX . "comment SET poster='{$comname}',comment='{$comment}',mail='{$commail}',url='{$comurl}' WHERE cid={$cid}");
$CACHE->updateCache(array('sta', 'comment'));
header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
break;
case 'edit':
$Comment_Model = new Comment_Model();
$cid = isset($_GET['cid']) ? intval($_GET['cid']) : '';
extract($Comment_Model->getOneComment($cid));
?>
<form action="./plugin.php?plugin=anti_spam_comment&advance=true&act=save" method="post">
<div>
<li>昵称</li>
<li><input size="40" value="<?php
echo $poster;
?>
" name="comname" /></li>
<li>邮箱</li>
<li><input size="40" value="<?php
echo $mail;
?>
" name="commail" /></li>
<li>地址</li>
<li><input size="40" value="<?php
echo $url;
?>
" name="comurl" /></li>
<li>内容</li>
<li><textarea name="comment" rows="3" cols="45"><?php
echo $comment;
?>
</textarea></li>
<li>
<input type="hidden" value="<?php
echo $cid;
?>
" name="cid" />
<input type="submit" value="保 存" class="submit" />
<input type="button" value="取 消" class="submit" onclick="javascript: window.history.back();" /></li>
</div>
</form>
<?php
break;
}
} else {
$blogid = isset($_GET['gid']) ? intval($_GET['gid']) : null;
$hide = isset($_GET['hide']) ? addslashes($_GET['hide']) : '';
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$ip = isset($_GET['ip']) ? addslashes($_GET['ip']) : '';
$poster = isset($_GET['poster']) ? addslashes($_GET['poster']) : '';
$addUrl_1 = $addUrl_2 = $addUrl_3 = $addUrl_4 = '';
if ($blogid) {
$addUrl_1 = "gid={$blogid}&";
$blogid = "AND a.gid={$blogid}";
}
if ($hide) {
$addUrl_2 = "hide={$hide}&";
$hide = "AND a.hide='{$hide}'";
}
if ($ip) {
$addUrl_3 = "ip={$ip}&";
$ip = "AND a.ip='{$ip}'";
}
if ($poster) {
$addUrl_4 = "poster={$poster}&";
$poster = "AND a.poster='{$poster}'";
}
$addUrl = $addUrl_1 . $addUrl_2 . $addUrl_3 . $addUrl_4;
$perpage_num = Option::get('admin_perpage_num');
if ($page) {
$startId = ($page - 1) * $perpage_num;
$limit = " LIMIT {$startId}, " . $perpage_num;
}
$sql = "SELECT a.cid,a.hide,a.date,a.comment,a.gid,a.poster,a.ip,a.mail,a.url,b.title FROM " . DB_PREFIX . "comment as a, " . DB_PREFIX . "blog as b where 1=1 {$blogid} {$hide} {$ip} {$poster} AND a.gid=b.gid ORDER BY a.cid DESC";
$query = $DB->query($sql);
$cmnum = $DB->num_rows($query);
$query = $DB->query($sql . $limit);
$pageurl = pagination($cmnum, $perpage_num, $page, "./plugin.php?plugin=anti_spam_comment&advance=true&{$addUrl}page=");
$sql = "SELECT a.cid,a.hide,a.date,a.comment,a.gid,a.poster,a.ip,a.mail,a.url,b.title FROM " . DB_PREFIX . "comment as a, " . DB_PREFIX . "blog as b where 1=1 {$blogid} AND a.hide='y' {$ip} AND a.gid=b.gid ORDER BY a.cid DESC";
$hideCommNum = $DB->num_rows($DB->query($sql));
if ($hideCommNum > 0) {
$hide_ = $hide_y = $hide_n = '';
$a = "hide_{$hide}";
${$a} = "class=\"filter\"";
?>
<div class="filters">
<span <?php
echo $hide_;
?>
><a href="./plugin.php?plugin=anti_spam_comment&advance=true&<?php
echo $addUrl_1 . $addUrl_3;
?>
">全部</a></span>
<span <?php
echo $hide_y;
?>
><a href="./plugin.php?plugin=anti_spam_comment&advance=true&hide=y&<?php
echo $addUrl_1 . $addUrl_3;
?>
">待审
<?php
$hidecmnum = ROLE == 'admin' ? $sta_cache['hidecomnum'] : $sta_cache[UID]['hidecommentnum'];
if ($hidecmnum > 0) {
echo '(' . $hidecmnum . ')';
}
?>
</a></span>
<span <?php
echo $hide_n;
?>
><a href="./plugin.php?plugin=anti_spam_comment&advance=true&hide=n&<?php
echo $addUrl_1 . $addUrl_3;
?>
">已审</a></span>
</div>
<?php
} elseif ($addUrl) {
?>
<div class="filters">
<span><a href="./plugin.php?plugin=anti_spam_comment&advance=true">全部</a></span>
</div>
<?php
}
?>
<form action="./plugin.php?plugin=anti_spam_comment&advance=true&act=admin_all_coms" method="post" name="form_com" id="form_com">
<table width="100%" id="adm_comment_list" class="item_list">
<thead>
<tr>
<th width="19"><input onclick="CheckAll(this.form)" type="checkbox" value="on" name="chkall" /></th>
<th width="350"><b>内容</b></th>
<th width="300"><b>评论者</b></th>
<th width="250"><b>所属日志</b></th>
</tr>
</thead>
<tbody>
<?php
while ($res = $DB->fetch_array($query)) {
$ishide = $res['hide'] == 'y' ? '<font color="red">[待审]</font>' : '';
$mail = !empty($res['mail']) ? "({$res['mail']})" : '';
$ip = !empty($res['ip']) ? "<br />IP:<a href=\"./plugin.php?plugin=anti_spam_comment&advance=true&ip={$res['ip']}\">{$res['ip']}</a>" : '';
$url = !empty($res['url']) ? "({$res['url']})" : '';
$res['content'] = str_replace('<br>', ' ', $res['comment']);
$sub_content = subString($res['content'], 0, 50);
$res['title'] = subString($res['title'], 0, 42);
?>
<tr>
<td><input type="checkbox" value="<?php
echo $res['cid'];
?>
" name="com[]" class="ids" /></td>
<td><a href="./plugin.php?plugin=anti_spam_comment&advance=true&act=edit&cid=<?php
echo $res['cid'];
?>
"><?php
echo htmlspecialchars($sub_content);
?>
</a> <?php
echo $ishide;
?>
<br /><?php
echo smartDate($res['date']);
?>
<span style="display:none; margin-left:8px;">
<a href="javascript: asc_confirm(<?php
echo $res['cid'];
?>
, 'name');">屏蔽内容</a>
<a href="javascript: asc_confirm(<?php
echo $res['cid'];
?>
, 'url');">删除地址</a>
</span>
</td>
<td><a href="./plugin.php?plugin=anti_spam_comment&advance=true&poster=<?php
echo urlencode($res['poster']);
?>
"><?php
echo htmlspecialchars($res['poster']);
?>
</a> <?php
echo $url;
?>
<?php
echo $ip;
?>
<?php
echo $mail;
?>
</td>
<td><a href="./plugin.php?plugin=anti_spam_comment&advance=true&gid=<?php
echo $res['gid'];
?>
"><?php
echo $res['title'];
?>
</a></td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="list_footer">
选中项:
<a href="javascript:asc_commentact('shieldname');">屏蔽内容</a>
<a href="javascript:asc_commentact('delurl');">删除地址</a>
<input name="operate" id="operate" res="" type="hidden" />
</div>
<div class="page"><?php
echo $pageurl;
?>
(有<?php
echo $cmnum;
?>
条评论)</div>
</form>
<script>
$(document).ready(function(){
$("#adm_comment_list tbody tr:odd").addClass("tralt_b");
$("#adm_comment_list tbody tr")
.mouseover(function(){$(this).addClass("trover");$(this).find("span").show();})
.mouseout(function(){$(this).removeClass("trover");$(this).find("span").hide();})
});
setTimeout(hideActived,2600);
function asc_commentact(act){
if (getChecked('ids') == false) {
alert('请选择要操作的评论');
return;
}
if(act == 'shieldname' && !confirm('你确定要屏蔽所选评论的内容吗?')){return;}
if(act == 'delurl' && !confirm('你确定要删除所选评论的评论人地址吗?')){return;}
$("#operate").val(act);
$("#form_com").submit();
}
function asc_confirm (id, property) {
switch (property){
case 'name':
var urlreturn="./plugin.php?plugin=anti_spam_comment&advance=true&act=shieldname&id="+id;
var msg = "你确定要屏蔽该评论内容?";break;
case 'url':
var urlreturn="./plugin.php?plugin=anti_spam_comment&advance=true&act=delurl&id="+id;
var msg = "你确定要删除该评论人地址吗?";break;
}
if(confirm(msg)){window.location = urlreturn;}else {return;}
}
</script>
<?php
}
} else {
$data = asc_read();
extract($data);
$blacklist = implode("\n", $blacklist);
$url_keywords = implode("\n", $url_keywords);
$ex1 = $ex2 = '';
$vari = array(array('英文字母abc…ABC…<font color="red">*</font>:', 'asc_letter'), array('数字0-9:', 'asc_digit'), array('英文字符(包括英文字母、数字和其它英文符号)<font color="red">*</font>:', 'asc_char'), array('星号*:', 'asc_star'));
if ($auto_blacklist == 1) {
$ex1 = 'checked="checked"';
}
if ($need_chinese == 1) {
$ex2 = 'checked="checked"';
}
?>
<form action="plugin.php?plugin=anti_spam_comment&action=setting" method="post">
<table cellspacing="8" cellpadding="4" width="95%" align="center" border="0">
<tbody>
<tr nowrap="nowrap">
<td width="33%" align="right">评论时间间隔(秒):</td>
<td width="67%"><input size="10" name="time_limit" type="text" value="<?php
echo $time_limit;
?>
" /></td>
</tr>
<tr nowrap="nowrap">
<td width="33%" align="right">必须包含汉字:</td>
<td width="67%"><input size="10" name="need_chinese" type="checkbox" value="1" <?php
echo $ex2;
?>
/></td>
</tr>
<tr nowrap="nowrap">
<td align="right" valign="top">IP黑名单:<br/><br/>
可封IP段,填入IP开头地址,如162.204
</td>
<td><textarea name="blacklist" cols="" rows="4" style="width:300px;height:70px;"><?php
echo $blacklist;
?>
</textarea></td>
</tr>
<tr nowrap="nowrap">
<td align="right">将频繁尝试发表评论的IP加入黑名单</td>
<td><input name="auto_blacklist" type="checkbox" value="1" <?php
echo $ex1;
?>
/></td>
</tr>
<tr nowrap="nowrap">
<td align="right">每分钟允许尝试评论次数:</td>
<td><input size="10" name="max_attempt" type="text" value="<?php
echo $max_attempt;
?>
" />(开启自动黑名单有效)</td>
</tr>
<tr nowrap="nowrap">
<td align="right" valign="top">屏蔽词汇(以 | 分割):<br />
可以使用通配符*或者系统<a href="#var">内置变量</a>
</td>
<td><textarea name="keywords" cols="" rows="4" style="width:300px;height:70px;"><?php
echo $keywords;
?>
</textarea></td>
</tr>
<tr nowrap="nowrap">
<td align="right" valign="top">屏蔽昵称(以 | 分割):<br />
可以使用通配符*或者系统<a href="#var">内置变量</a>
</td>
<td><textarea name="name_keywords" cols="" rows="4" style="width:300px;height:70px;"><?php
echo $name_keywords;
?>
</textarea></td>
</tr>
<tr nowrap="nowrap">
<td align="right" valign="top">屏蔽地址(每行一条):<br/>
可以使用通配符*或者系统<a href="#var">内置变量</a>
</td>
<td><textarea name="url_keywords" cols="" rows="4" style="width:300px;height:70px;"><?php
echo $url_keywords;
?>
</textarea></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="submit" value="保存设置" class="button" /></td>
</tr>
</tbody>
</table>
</form>
<b><a name="var"></a>内置变量</b>
<table cellspacing="8" cellpadding="4" width="95%" align="center" border="0">
<tbody>
<?php
foreach ($vari as $value) {
?>
<tr nowrap="nowrap">
<td width="40%" align="right"><?php
echo $value[0];
?>
</td>
<td width="60%"><b><?php
echo $value[1];
?>
</b></td>
</tr>
<?php
}
?>
<tr>
<td align="center" colspan="2"><font color="red">*注</font>:该项仅当评论全文符合时过滤评论(例如关键字填入asc_letter时,仅过滤纯英文评论)</td>
</tr>
</tbody>
</table>
<?php
}
?>
<script>
$("#anti_spam_comment").addClass('sidebarsubmenu1');
</script>
<?php
}
doAction('comment_saved', $cid);
mMsg('评论发表成功,请等待管理员审核', $targetBlogUrl);
}
}
}
if (ROLE === ROLE_ADMIN && $action == 'delcom') {
LoginAuth::checkToken();
$blogId = isset($_GET['gid']) ? intval($_GET['gid']) : -1;
$id = isset($_GET['id']) ? intval($_GET['id']) : '';
$Comment_Model = new Comment_Model();
$Comment_Model->delComment($id);
$CACHE->updateCache(array('sta', 'comment'));
emDirect('./?post=' . $blogId);
}
if ($action == 'reply') {
$Comment_Model = new Comment_Model();
$cid = isset($_GET['cid']) ? intval($_GET['cid']) : 0;
$commentArray = $Comment_Model->getOneComment($cid);
if (!$commentArray) {
mMsg('参数错误', './');
}
extract($commentArray);
$verifyCode = ISLOGIN == false && Option::get('comment_code') == 'y' ? "<img src=\"../include/lib/checkcode.php\" /><br /><input name=\"imgcode\" type=\"text\" />" : '';
include View::getView('header');
include View::getView('reply');
include View::getView('footer');
View::output();
}
// 微语
if ($action == 'tw' && Option::get('istwitter') == 'y') {
$Twitter_Model = new Twitter_Model();
/**
* Displays a report.
* @param boolean $id If id is supplied, a report with that id will be
* retrieved.
*/
public function view($id = false)
{
$this->template->header->this_page = 'reports';
$this->template->content = new View('reports_view');
// Load Akismet API Key (Spam Blocker)
$api_akismet = Kohana::config('settings.api_akismet');
if (!$id) {
url::redirect('main');
} else {
$incident = ORM::factory('incident', $id);
if ($incident->id == 0) {
url::redirect('main');
}
// Comment Post?
// Setup and initialize form field names
$form = array('comment_author' => '', 'comment_description' => '', 'comment_email' => '', 'comment_ip' => '', 'captcha' => '');
$captcha = Captcha::factory();
$errors = $form;
$form_error = FALSE;
// Check, has the form been submitted, if so, setup validation
if ($_POST) {
// Instantiate Validation, use $post, so we don't overwrite $_POST fields with our own things
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('comment_author', 'required', 'length[3,100]');
$post->add_rules('comment_description', 'required');
$post->add_rules('comment_email', 'required', 'email', 'length[4,100]');
$post->add_rules('captcha', 'required', 'Captcha::valid');
// Test to see if things passed the rule checks
if ($post->validate()) {
// Yes! everything is valid
if ($api_akismet != "") {
// Run Akismet Spam Checker
$akismet = new Akismet();
// comment data
$comment = array('author' => $post->comment_author, 'email' => $post->comment_email, 'website' => "", 'body' => $post->comment_description, 'user_ip' => $_SERVER['REMOTE_ADDR']);
$config = array('blog_url' => url::site(), 'api_key' => $api_akismet, 'comment' => $comment);
$akismet->init($config);
if ($akismet->errors_exist()) {
if ($akismet->is_error('AKISMET_INVALID_KEY')) {
// throw new Kohana_Exception('akismet.api_key');
} elseif ($akismet->is_error('AKISMET_RESPONSE_FAILED')) {
// throw new Kohana_Exception('akismet.server_failed');
} elseif ($akismet->is_error('AKISMET_SERVER_NOT_FOUND')) {
// throw new Kohana_Exception('akismet.server_not_found');
}
// If the server is down, we have to post
// the comment :(
// $this->_post_comment($comment);
$comment_spam = 0;
} else {
if ($akismet->is_spam()) {
$comment_spam = 1;
} else {
$comment_spam = 0;
}
}
} else {
// No API Key!!
$comment_spam = 0;
}
$comment = new Comment_Model();
$comment->incident_id = $id;
$comment->comment_author = strip_tags($post->comment_author);
$comment->comment_description = strip_tags($post->comment_description);
$comment->comment_email = strip_tags($post->comment_email);
$comment->comment_ip = $_SERVER['REMOTE_ADDR'];
$comment->comment_date = date("Y-m-d H:i:s", time());
// Activate comment for now
if ($comment_spam == 1) {
$comment->comment_spam = 1;
$comment->comment_active = 0;
} else {
$comment->comment_spam = 0;
$comment->comment_active = 1;
}
$comment->save();
// Notify Admin Of New Comment
$send = notifications::notify_admins("[" . Kohana::config('settings.site_name') . "] " . Kohana::lang('notifications.admin_new_comment.subject'), Kohana::lang('notifications.admin_new_comment.message') . "\n\n'" . strtoupper($incident->incident_title) . "'" . "\n" . url::base() . 'reports/view/' . $id);
// Redirect
url::redirect('reports/view/' . $id);
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('comments'));
$form_error = TRUE;
}
}
$this->template->content->incident_id = $incident->id;
$this->template->content->incident_title = $incident->incident_title;
$this->template->content->incident_description = nl2br($incident->incident_description);
$this->template->content->incident_location = $incident->location->location_name;
$this->template->content->incident_latitude = $incident->location->latitude;
$this->template->content->incident_longitude = $incident->location->longitude;
$this->template->content->incident_date = date('M j Y', strtotime($incident->incident_date));
$this->template->content->incident_time = date('H:i', strtotime($incident->incident_date));
$this->template->content->incident_category = $incident->incident_category;
if ($incident->incident_rating == '') {
$this->template->content->incident_rating = 0;
} else {
$this->template->content->incident_rating = $incident->incident_rating;
}
// Retrieve Media
$incident_news = array();
$incident_video = array();
$incident_photo = array();
foreach ($incident->media as $media) {
if ($media->media_type == 4) {
$incident_news[] = $media->media_link;
} elseif ($media->media_type == 2) {
$incident_video[] = $media->media_link;
} elseif ($media->media_type == 1) {
$incident_photo[] = $media->media_link;
}
}
$this->template->content->incident_verified = $incident->incident_verified;
// Retrieve Comments (Additional Information)
$incident_comments = array();
if ($id) {
$incident_comments = ORM::factory('comment')->where('incident_id', $id)->where('comment_active', '1')->where('comment_spam', '0')->orderby('comment_date', 'asc')->find_all();
}
$this->template->content->incident_comments = $incident_comments;
}
// Add Neighbors
$this->template->content->incident_neighbors = $this->_get_neighbors($incident->location->latitude, $incident->location->longitude);
// Get RSS News Feeds
$this->template->content->feeds = ORM::factory('feed_item')->limit('5')->orderby('item_date', 'desc')->find_all();
// Video links
$this->template->content->incident_videos = $incident_video;
//images
$this->template->content->incident_photos = $incident_photo;
// Create object of the video embed class
$video_embed = new VideoEmbed();
$this->template->content->videos_embed = $video_embed;
// Javascript Header
$this->template->header->map_enabled = TRUE;
$this->template->header->photoslider_enabled = TRUE;
$this->template->header->videoslider_enabled = TRUE;
$this->template->header->js = new View('reports_view_js');
$this->template->header->js->incident_id = $incident->id;
$this->template->header->js->default_map = Kohana::config('settings.default_map');
$this->template->header->js->default_zoom = Kohana::config('settings.default_zoom');
$this->template->header->js->latitude = $incident->location->latitude;
$this->template->header->js->longitude = $incident->location->longitude;
$this->template->header->js->incident_photos = $incident_photo;
// Pack the javascript using the javascriptpacker helper
$myPacker = new javascriptpacker($this->template->header->js, 'Normal', false, false);
$this->template->header->js = $myPacker->pack();
// initialize custom field array
$form_field_names = $this->_get_custom_form_fields($id, $incident->form_id, false);
// Retrieve Custom Form Fields Structure
$disp_custom_fields = $this->_get_custom_form_fields($id, $incident->form_id, true);
$this->template->content->disp_custom_fields = $disp_custom_fields;
// Forms
$this->template->content->form = $form;
$this->template->content->form_field_names = $form_field_names;
$this->template->content->captcha = $captcha;
$this->template->content->errors = $errors;
$this->template->content->form_error = $form_error;
// If the Admin is Logged in - Allow for an edit link
$this->template->content->logged_in = $this->logged_in;
}
public static function remove_comment(Comment_Model $object)
{
$object->delete();
}