/**
* Create a piece of HTML with links to the latest comments.
*
* @param array $params
* @return string
*/
function smarty_latest_comments($params)
{
global $PIVOTX;
$params = cleanParams($params);
$latest_comments_format = getDefault($params['format'], "<a href='%url%' title='%date%'><b>%name%</b></a> (%title%): %comm%<br />");
$latest_comments_length = getDefault($params['length'], 100);
$latest_comments_trim = getDefault($params['trim'], 16);
$latest_comments_count = getDefault($params['count'], 6);
$toread_comments_count = $latest_comment_count * 2;
if ($toread_comments_count < 50) {
$toread_comments_count = 50;
}
if (!empty($params['category']) && $params['category'] != "*") {
$cats = explode(",", safeString($params['category']));
$cats = array_map("trim", $cats);
} else {
if ($PIVOTX['db']->db_type == 'flat') {
$cats = $PIVOTX['weblogs']->getCategories();
} else {
// Don't filter on cats by default, as it is _very_
// bad for SQL performance.
$cats = array();
}
}
$comments = $PIVOTX['db']->read_latestcomments(array('cats' => $cats, 'count' => $toread_comments_count, 'moderated' => 1));
// Adding the filter that we ignored because of SQL performance problems.
if (empty($params['category']) && $PIVOTX['db']->db_type != 'flat') {
$cats = $PIVOTX['weblogs']->getCategories();
$com_db = new db(false);
foreach ($comments as $key => $comment) {
$entry = $com_db->read_entry($comment['entry_uid']);
$comments[$key]['category'] = $entry['category'];
}
}
$output = '';
$count = 0;
// Initialise the IP blocklist.
$blocklist = new IPBlock();
$weblog = $PIVOTX['weblogs']->getWeblog();
if (count($comments) > 0) {
foreach ($comments as $comment) {
// if it's in a category that's published on the frontpage, and the user is not blocked, we display it.
if ((empty($comment['category']) || count(array_intersect($comment['category'], $cats)) > 0 || !empty($params['category'])) && !$blocklist->isBlocked(trim($comment['ip']))) {
$id = makeURI(html_entity_decode($comment['name'], ENT_COMPAT, 'UTF-8')) . "-" . formatDate($comment["date"], "%ye%%month%%day%%hour24%%minute%");
$url = makeFileLink($comment['entry_uid'], '', $id);
$comment['name'] = trimText(stripslashes($comment['name']), $latest_comments_trim);
$comment['title'] = trimText(stripslashes($comment['title']), $latest_comments_trim);
$comment['comment'] = commentFormat($comment["comment"]);
// Remove the [name:1] part in the 'latest comments'..
$comment['comment'] = preg_replace("/\\[(.*):([0-9]+)\\]/iU", '', $comment['comment']);
$comment['comment'] = trimText(stripslashes($comment['comment']), $latest_comments_length);
$comment['comment'] = wordwrapHTMLEntities($comment['comment'], 26, ' ', true);
if ($weblog['comment_pop'] == 1) {
$popup = sprintf("onclick=\"window.open('%s', 'popuplink', 'width=%s,height=%s,directories=no,location=no,scrollbars=yes,menubar=no,status=yes,toolbar=no,resizable=yes'); return false\"", $url, $weblog['comment_width'], $weblog['comment_height']);
} else {
$popup = '';
}
$thisline = $latest_comments_format;
$thisline = str_replace("%name%", $comment['name'], $thisline);
$thisline = str_replace("%date%", $comment['date'], $thisline);
$thisline = str_replace("%title%", $comment['title'], $thisline);
$thisline = str_replace("%url%", $url, $thisline);
$thisline = str_replace("%popup%", $popup, $thisline);
$thisline = str_replace("%comm%", $comment['comment'], $thisline);
$thisline = formatDate($comment["date"], $thisline);
$output .= "\n" . $thisline;
$count++;
if ($count >= $latest_comments_count) {
break;
}
}
}
}
return entifyAmpersand($output);
}
/**
* Enter description here...
*
*/
function handlePostComment()
{
global $weblogmessage, $PIVOTX, $temp_comment;
$entry = $PIVOTX['db']->read_entry($_POST['piv_code']);
// Check if we're allowed to comment on this entry. 'isset' is needed, because old entries
// might not have 'allow comments' set to either choice.
if (isset($entry['allow_comments']) && $entry['allow_comments'] == 0) {
echo "Spam is not appreciated.";
logspammer($_POST['piv_comment'], "closedcomments");
die;
}
// execute a hook here before a comment is processed
$PIVOTX['extensions']->executeHook('comment_before_processing', $entry);
$registered = 0;
// check if the current poster is a (logged in) registered visitor.
require_once $PIVOTX['paths']['pivotx_path'] . 'modules/module_userreg.php';
$visitors = new Visitors();
if ($visitor = $visitors->isLoggedIn()) {
if ($visitor['name'] == $_POST['piv_name']) {
$registered = 1;
}
}
// Strip out HTML from input..
$_POST['piv_name'] = strip_tags($_POST['piv_name']);
$_POST['piv_email'] = strip_tags($_POST['piv_email']);
$_POST['piv_url'] = strip_tags($_POST['piv_url']);
if ($PIVOTX['config']->get('allow_html_in_comments') == 1) {
$_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "*");
} else {
$_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "<b><em><i><strong>");
}
// Do some more processing on the comment itself: trimming, standardizing line-breaks.
$comment_text = stripTrailingSpace($_POST['piv_comment']);
$comment_text = str_replace("\r\n", "\n", $comment_text);
// CRLF(Win) to LF
$comment_text = str_replace("\r", "\n", $comment_text);
// CR(Mac) to LF
$temp_comment = array('entry_uid' => intval($_POST['piv_code']), 'name' => encodeText($_POST['piv_name']), 'email' => encodeText($_POST['piv_email']), 'url' => encodeText($_POST['piv_url']), 'ip' => $_SERVER['REMOTE_ADDR'], 'useragent' => $_SERVER['HTTP_USER_AGENT'], 'date' => formatDate("", "%year%-%month%-%day%-%hour24%-%minute%"), 'comment' => $comment_text, 'registered' => $registered, 'notify' => intval($_POST['piv_notify']), 'discreet' => intval($_POST['piv_discreet']), 'rememberinfo' => intval($_POST['piv_rememberinfo']), 'moderate' => $PIVOTX['config']->get('moderate_comments'), 'spamscore' => 0);
if ($temp_comment['rememberinfo'] == 1) {
rememberCommentInfo($temp_comment);
}
//here we do a check to prevent double entries...
$duplicate = FALSE;
if (isset($entry['comments']) && count($entry['comments']) > 0) {
foreach ($entry['comments'] as $loop_comment) {
$diff = 1 / (min(strlen($loop_comment['comment']), 200) / (levenshtein(substr($loop_comment['comment'], 0, 200), substr($temp_comment['comment'], 0, 200)) + 1));
if ($diff < 0.25 && $loop_comment['ip'] == $temp_comment['ip']) {
$duplicate = TRUE;
break;
}
}
}
// Check for Hashcash violations..
if ($PIVOTX['config']->get('hashcash') == 1 && !hashcash_check_hidden_tag()) {
$weblogmessage = getDefault($PIVOTX['config']->get('hashcash_message'), __('The Hashcash code was not valid, so this comment could not be posted. If you believe this is an error, please make sure you have a modern browser, and that Javascript is enabled. If it still doesn\'t work, contact the maintainer of this website.'));
unset($_POST['post']);
$_POST['preview'] = true;
$spammessage = substr(implode(", ", $temp_comment), 0, 250);
logspammer($_SERVER["REMOTE_ADDR"], "hashcash", "pom pom pom", $spammessage);
}
// Check for SpamQuiz violations, but not when previewing..
if ($PIVOTX['config']->get('spamquiz') == 1 && !isset($_POST['preview'])) {
// Is the entry old enough?
$entryDate = substr($PIVOTX['db']->entry['date'], 0, 10);
$then = strtotime($entryDate);
$secsPerDay = 60 * 60 * 24;
$now = strtotime('now');
$diff = $now - $then;
$dayDiff = $diff / $secsPerDay;
$numDaysOld = (int) $dayDiff;
if ($numDaysOld > $PIVOTX['config']->get("spamquiz_age")) {
if (strtolower($_POST['spamquiz_answer']) != strtolower($PIVOTX['config']->get("spamquiz_answer"))) {
$weblogmessage = __('The Spamquiz answer was not correct, so this comment could not be posted. If you believe this is an error, please try again. If it still doesn\'t work, contact the maintainer of this website.');
unset($_POST['post']);
$_POST['preview'] = true;
logspammer($_SERVER["REMOTE_ADDR"], "spamquiz");
} else {
// Store the correct answer in a cookie.
$sess = $PIVOTX['session'];
setcookie("spamquiz_answer", $_POST["spamquiz_answer"], time() + $sess->cookie_lifespan, $sess->cookie_path, $sess->cookie_domain);
}
}
}
// set the message and take proper action:
if (isset($_POST['preview'])) {
// Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
$temp_comment['showpreview'] = 1;
// update the current entry
$entry['comments'][] = $temp_comment;
if (empty($weblogmessage)) {
$weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
}
unset($_POST['post']);
$_POST['preview'] = TRUE;
} else {
if ($temp_comment['spamscore'] > $PIVOTX['config']->get('spamthreshold')) {
// Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
$temp_comment['showpreview'] = 1;
$weblogmessage = __('Your comment has not been stored, because it seems to be spam.');
unset($_POST['post']);
$_POST['preview'] = TRUE;
} else {
if ($duplicate) {
$temp_comment['duplicate'] = true;
// Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
$temp_comment['showpreview'] = 1;
$weblogmessage = __('Your comment has not been stored, because it seems to be a duplicate of a previous entry.');
unset($_POST['post']);
$_POST['preview'] = TRUE;
} else {
if ($PIVOTX['config']->get('moderate_comments') == 1) {
// update the current entry
$entry['comments'][] = $temp_comment;
$weblogmessage = __('Your comment has been stored. Because comment moderation is enabled, it is now waiting for approval by an editor.');
$_POST['post'] = TRUE;
} else {
// update the current entry
$entry['comments'][] = $temp_comment;
$weblogmessage = __('Your comment has been stored.');
$_POST['post'] = TRUE;
}
}
}
}
// if comment or name is missing, give a notice, and show the form again..
if (strlen($temp_comment['name']) < 2) {
$weblogmessage = __('You should type your name (or an alias) in the "name"-field. Be sure to click on "Post Comment" to store it permanently.');
unset($_POST['post']);
$_POST['preview'] = TRUE;
}
if (strlen($temp_comment['comment']) < 3) {
$weblogmessage = __('You should type something in the "comment"-field. Be sure to click on "Post Comment" to store it permanently.');
unset($_POST['post']);
$_POST['preview'] = TRUE;
}
if ($PIVOTX['config']->get('maxhrefs') > 0) {
$low_comment = strtolower($temp_comment['comment']);
$low_comment_formatted = strtolower(commentFormat($temp_comment['comment']));
if (substr_count($low_comment, "href=") > $PIVOTX['config']->get('maxhrefs') || substr_count($low_comment_formatted, "href=") > $PIVOTX['config']->get('maxhrefs')) {
$weblogmessage = __('The maximum number of hyperlinks was exceeded. Stop spamming.');
unset($_POST['post']);
$_POST['preview'] = TRUE;
}
}
// execute a hook here after a comment is processed but before that comment is saved
$PIVOTX['extensions']->executeHook('comment_before_save', $entry);
if (isset($_POST['post'])) {
$PIVOTX['db']->set_entry($entry);
$PIVOTX['db']->save_entry(FALSE);
// do not update the index.
// Remove the compiled/parsed pages from the cache.
if ($PIVOTX['config']->get('smarty_cache')) {
$PIVOTX['template']->clear_cache();
}
//update the 'latest comments' file
if (isset($temp_comment)) {
if ($PIVOTX['config']->get('moderate_comments') != 1) {
generateLatestComments($temp_comment);
debug("comment from '" . $_POST['piv_name'] . "' added.");
} else {
generateModerationQueue($temp_comment);
debug("comment from '" . $_POST['piv_name'] . "' added to moderation queue.");
}
}
// Handle the users that want to be notified via email..
if ($PIVOTX['config']->get('dont_send_mail_notification') != 1) {
$notifications = sendMailNotification('comment', array($PIVOTX['db']->entry, $temp_comment, $PIVOTX['config']->get('moderate_comments')));
}
// send mail..
sendMailComment($temp_comment, $notifications);
// Don't display the 'preview' of the comment after posting.
$temp_comment = array();
unset($_POST);
// Clean the simple cache..
$PIVOTX['cache']->clear();
// Remove the compiled/parsed pages from the cache.
if ($PIVOTX['config']->get('smarty_cache')) {
$PIVOTX['template']->clear_cache();
}
// Redirect to the entrypage from which we came. (prevents reload-resubmit)
$uri = $_SERVER['REQUEST_URI'];
if (strpos($uri, "?") > 0) {
$uri .= "&weblogmessage=" . urlencode($weblogmessage);
} else {
$uri .= "?weblogmessage=" . urlencode($weblogmessage);
}
header('Location: ' . $uri);
exit;
}
// Set the 'you are previewing' message..
if (isset($_POST['preview']) && empty($weblogmessage)) {
$weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
}
// execute a hook here after a comment is saved and the mails are sent
$PIVOTX['extensions']->executeHook('comment_after_save', $entry);
// After messing about with the comments, clear the cache.
$PIVOTX['cache']->cache['entries'] = array();
}
