/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a code for the success of the comment add:
* 0: Bad entry
* 1: Marked for moderation
* 2: Successfully posted
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code Captcha code entered
* @param string $code_ok Captcha md5 expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @return int
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon)
{
global $_zp_captcha;
$result = commentObjectClass($receiver);
list($type, $class) = $result;
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
$admins = getAdministrators();
$admin = array_shift($admins);
$key = $admin['pass'];
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) {
return -2;
}
if (getOption('comment_name_required') && empty($name)) {
return -3;
}
if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) {
return -4;
}
if (getOption('Use_Captcha')) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
return -5;
}
}
if (empty($comment)) {
return -6;
}
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
$goodMessage = 2;
$gallery = new gallery();
if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip);
}
if ($goodMessage) {
if ($goodMessage == 1) {
$moderate = 1;
} else {
$moderate = 0;
}
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$receiverid = $receiver->id;
// Update the database entry with the new comment
query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")');
if ($moderate) {
$action = "placed in moderation";
} else {
// add to comments array and notify the admin user
$newcomment = array();
$newcomment['name'] = $name;
$newcomment['email'] = $email;
$newcomment['website'] = $website;
$newcomment['comment'] = $comment;
$newcomment['date'] = time();
$receiver->comments[] = $newcomment;
$action = "posted";
}
// switch added for zenpage support
$class = get_class($receiver);
switch ($class) {
case "Albums":
$on = $receiver->name;
$url = "album=" . urlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
break;
case "ZenpageNews":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink());
break;
case "ZenpagePage":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink());
break;
default:
// all image types
$on = $receiver->getAlbumName() . " about " . $receiver->getTitle();
$url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
break;
}
if (getOption('email_new_comments')) {
$last_comment = fetchComments(1);
$last_comment = $last_comment[0]['id'];
$message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n";
$emails = array();
$admin_users = getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone else with full rights
if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
// take out for zenpage comments since there are no album admins
if ($type === "images" or $type === "albums") {
$id = $ur_album->getAlbumID();
$sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}";
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$admin = $admin_users[$anadmin['adminid']];
if (!empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails);
}
}
return $goodMessage;
}
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a comment object
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code CAPTCHA code entered
* @param string $code_ok CAPTCHA hash expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @param bit $check bitmask of which fields must be checked. If set overrides the options
* @return object
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $check = false)
{
global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold;
if ($check === false) {
$whattocheck = 0;
if (getOption('comment_email_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED;
}
if (getOption('comment_name_required')) {
$whattocheck = $whattocheck | COMMENT_NAME_REQUIRED;
}
if (getOption('comment_web_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_WEB_REQUIRED;
}
if (getOption('Use_Captcha')) {
$whattocheck = $whattocheck | USE_CAPTCHA;
}
if (getOption('comment_body_requiired')) {
$whattocheck = $whattocheck | COMMENT_BODY_REQUIRED;
}
if (getOption('email_new_comments')) {
$whattocheck = $whattocheck | COMMENT_SEND_EMAIL;
}
} else {
$whattocheck = $check;
}
$type = $receiver->table;
$class = get_class($receiver);
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
$receiverid = $receiver->id;
$goodMessage = 2;
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$commentobj = new Comment();
$commentobj->transient = false;
// otherwise we won't be able to save it....
$commentobj->setOwnerID($receiverid);
$commentobj->setName($name);
$commentobj->setEmail($email);
$commentobj->setWebsite($website);
$commentobj->setComment($comment);
$commentobj->setType($type);
$commentobj->setIP($ip);
$commentobj->setPrivate($private);
$commentobj->setAnon($anon);
$commentobj->setInModeration(0);
if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) {
$commentobj->setInModeration(-2);
$commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) {
$commentobj->setInModeration(-3);
$commentobj->comment_error_text .= ' ' . gettext("You must enter your name.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) {
$commentobj->setInModeration(-4);
$commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL.");
$goodMessage = false;
}
if ($whattocheck & USE_CAPTCHA) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$commentobj->setInModeration(-5);
$commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed.");
$goodMessage = false;
}
}
if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) {
$commentobj->setInModeration(-6);
$commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text.");
$goodMessage = false;
}
$moderate = 0;
if ($goodMessage && !(false === ($requirePath = getPlugin('spamfilters/' . internalToFilesystem(getOption('spam_filter')) . ".php")))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, $receiver, $ip);
switch ($goodMessage) {
case 0:
$commentobj->setInModeration(2);
$commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), getOption('spam_filter'));
$goodMessage = false;
break;
case 1:
$_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), getOption('spam_filter'));
$commentobj->comment_error_text .= $_zp_comment_on_hold;
$commentobj->setInModeration(1);
$moderate = 1;
break;
case 2:
$commentobj->setInModeration(0);
break;
}
}
$localerrors = $commentobj->getInModeration();
zp_apply_filter('comment_post', $commentobj, $receiver);
if ($check === false) {
// ignore filter provided errors if caller is supplying the fields to check
$localerrors = $commentobj->getInModeration();
}
if ($goodMessage && $localerrors >= 0) {
// Update the database entry with the new comment
$commentobj->save();
// add to comments array and notify the admin user
if (!$moderate) {
$receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData());
}
$class = strtolower(get_class($receiver));
switch ($class) {
case "album":
$url = "album=" . pathurlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your album "%1$s".'), $receiver->name);
} else {
$action = sprintf(gettext('A comment has been posted on your album "%1$s".'), $receiver->name);
}
break;
case "zenpagenews":
$url = "p=news&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your article "%1$s".'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your article "%1$s".'), $receiver->getTitlelink());
}
break;
case "zenpagepage":
$url = "p=pages&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your page "%1$s".'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your page "%1$s".'), $receiver->getTitlelink());
}
break;
default:
// all image types
$url = "album=" . pathurlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName());
} else {
$action = sprintf(gettext('A comment has been posted on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName());
}
break;
}
if ($whattocheck & COMMENT_SEND_EMAIL) {
$message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/admin-comments.php?page=editcomment&id=' . $commentobj->id);
$emails = array();
$admin_users = $_zp_authority->getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone with full rights
if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
if ($type === "images" or $type === "albums") {
// mail to album admins
$id = $ur_album->getAlbumID();
$sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type`="album"';
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$id = $anadmin['adminid'];
if (array_key_exists($id, $admin_users)) {
$admin = $admin_users[$id];
if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
}
$on = gettext('Comment posted');
$gallery = new Gallery();
$result = zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails);
if ($result) {
$commentobj->setInModeration(-12);
$commentobj->comment_error_text = $result;
}
}
}
return $commentobj;
}
