Example #1
0
 public function get_pingback($id)
 {
     $postdata = file_get_contents("php://input");
     if ($postdata) {
         $xml = new SimpleXMLElement($postdata);
         $pingback_sender_url = strval($xml->params->param[0]->value->string);
         $pingback_receiver_url = strval($xml->params->param[1]->value->string);
         // get content:
         if ($pingback_sender_url) {
             if ($url_content = $this->_get_url_content($pingback_sender_url)) {
                 if (strpos($url_content[1], BASE_URL . PAGE) !== false) {
                     // get title:
                     preg_match("/<title>(.*)<\\/title>/i", $url_content[1], $matches);
                     if (isset($matches[1]) && trim($matches[1]) != '') {
                         $pingback_title = trim(filter_control_characters($matches[1]));
                         if (mb_strlen($pingback_title) > $this->pingback_title_maxlength) {
                             $pingback_title = truncate($pingback_title, $this->pingback_title_maxlength);
                         }
                     } else {
                         $pingback_error = true;
                     }
                     // get body:
                     preg_match("/<body[^>]*>(.*)<\\/body>/smi", $url_content[1], $b_matches);
                     if (isset($b_matches[1]) && trim($b_matches[1]) != '') {
                         $body = strip_tags($b_matches[1]);
                         $body = preg_replace("/\r\n|\r|\n/", "\n", $body);
                         $body_lines = explode("\n", $body);
                         $cleared_body = '';
                         foreach ($body_lines as $body_line) {
                             if (trim($body_line) != '') {
                                 $cleared_body .= trim($body_line) . ' ';
                             }
                         }
                         $cleared_body = trim(filter_control_characters($cleared_body));
                     } else {
                         $pingback_error = true;
                     }
                     if (empty($pingback_error)) {
                         // not accepted words check:
                         $joined_message = mb_strtolower($pingback_title . ' ' . $pingback_sender_url . ' ' . $cleared_body);
                         $not_accepted_words = get_not_accepted_words($joined_message);
                         if ($not_accepted_words) {
                             $pingback_error = true;
                         }
                     }
                     if (empty($pingback_error)) {
                         // Akismet spam check:
                         if ($this->settings['akismet_key'] != '' && $this->settings['akismet_entry_check'] == 1) {
                             $check_posting['author'] = $pingback_title;
                             $check_posting['website'] = $pingback_sender_url;
                             $check_posting['body'] = truncate($cleared_body, 3000);
                             $akismet = new Akismet(BASE_URL, $this->settings['akismet_key'], $check_posting);
                             // test for errors
                             if ($akismet->errorsExist()) {
                                 //$pingback_error = true;
                                 if ($akismet->isError(AKISMET_INVALID_KEY)) {
                                     $akismet_errors[] = 'akismet_error_api_key';
                                 } elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) {
                                     $akismet_errors[] = 'akismet_error_connection';
                                 } elseif ($akismet->isError(AKISMET_SERVER_NOT_FOUND)) {
                                     $akismet_errors[] = 'akismet_error_connection';
                                 }
                             } else {
                                 // No errors, check for spam
                                 if ($akismet->isSpam()) {
                                     // TODO:
                                     #$pingback_error = true;
                                     $akismet_spam = true;
                                     #$mail = new Mail();
                                     #$mail->send($this->settings['email'], $this->settings['email'], 'Pingback-Spam?', $check_posting['author']."\n".$check_posting['website']."\n".$check_posting['body'], $this->settings['mail_parameter']);
                                 }
                             }
                         }
                     }
                     if (empty($pingback_error)) {
                         // check if url was already posted:
                         $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE comment_id=:comment_id AND type=0 AND comment='' AND email_hp=:email_hp");
                         $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT);
                         $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR);
                         $dbr->execute();
                         $comment_count = $dbr->fetchColumn();
                         if ($comment_count > 0) {
                             $pingback_error = true;
                         }
                     }
                     if (empty($pingback_error)) {
                         $dbr = Database::$entries->prepare("INSERT INTO " . Database::$db_settings['comment_table'] . " (type, comment_id, time, ip, name, email_hp, comment) VALUES (0, :comment_id, :time, :ip, :name, :email_hp, '')");
                         $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT);
                         $dbr->bindValue(':time', time(), PDO::PARAM_INT);
                         $dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
                         $dbr->bindParam(':name', $pingback_title, PDO::PARAM_STR);
                         $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR);
                         $dbr->execute();
                         // E-mail notification to admin:
                         if ($this->settings['comment_notification'] && $this->settings['email']) {
                             $this->_localization->replacePlaceholder('page', PAGE, 'pingback_notification_subject');
                             $this->_localization->replacePlaceholder('title', $pingback_title, 'pingback_notification_message');
                             $this->_localization->replacePlaceholder('url', $pingback_sender_url, 'pingback_notification_message');
                             $this->_localization->replacePlaceholder('link', BASE_URL . PAGE, 'pingback_notification_message');
                             // TODO:
                             if (isset($akismet_spam)) {
                                 $add = "\n\nAkismet: SPAM!";
                             } else {
                                 $add = '';
                             }
                             $mail = new Mail();
                             $mail->set_charset(CHARSET);
                             $mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['pingback_notification_subject'], Localization::$lang['pingback_notification_message'] . $add, $this->settings['mail_parameter']);
                         }
                         $response = '<?xml version="1.0"?><methodResponse><params><param><value><string>OK</string></value></param></params></methodResponse>';
                         header('Content-Type: text/xml');
                         echo $response;
                         return true;
                     }
                 }
             }
         }
     }
     $response = '<?xml version="1.0"?><methodResponse><fault><value><struct><member><name>faultCode</name><value><int>0</int></value></member><member><name>faultString</name><value><string>FAIL</string></value></member></struct></value></fault></methodResponse>';
     header('Content-Type: text/xml');
     echo $response;
     return false;
 }
Example #2
0
 public function save()
 {
     if (empty($_SESSION[$this->_form_session])) {
         #$this->preview();
     } else {
         // if comment entered::
         $data['comment_text'] = isset($_POST['comment_text']) ? trim(filter_control_characters($_POST['comment_text'])) : '';
         $data['name'] = isset($_POST['name']) ? trim(filter_control_characters($_POST['name'])) : '';
         $data['email_hp'] = isset($_POST['email_hp']) ? trim(filter_control_characters($_POST['email_hp'])) : '';
         // check posted data:
         $this->check_data($data, true);
         // save if no errors:
         if ($this->errors == false) {
             $dbr = Database::$entries->prepare("INSERT INTO " . Database::$db_settings['comment_table'] . " (type, comment_id, time, ip, name, email_hp, comment) VALUES (:type, :comment_id, :time, :ip, :name, :email_hp, :comment)");
             $dbr->bindParam(':type', $this->type, PDO::PARAM_INT);
             $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
             $dbr->bindValue(':time', time(), PDO::PARAM_INT);
             $dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
             $dbr->bindParam(':name', $data['name'], PDO::PARAM_STR);
             $dbr->bindParam(':email_hp', $data['email_hp'], PDO::PARAM_STR);
             $dbr->bindParam(':comment', $data['comment_text'], PDO::PARAM_STR);
             $dbr->execute();
             #$this->clear_cache();
             #showme(Database::$entries->errorInfo());
             #$this->form_values = array();
             unset($_SESSION[$this->_form_session]);
             $this->form_session = false;
             $this->form_session_data = false;
             // E-mail notification to admin:
             if ($this->settings['comment_notification'] && $this->settings['email'] != '') {
                 $this->_localization->replacePlaceholder('page', PAGE, 'comment_notification_subject');
                 $name = $data['name'];
                 if ($data['email_hp']) {
                     $name .= ' ' . $data['email_hp'];
                 }
                 $this->_localization->replacePlaceholder('name', $name, 'comment_notification_message');
                 $this->_localization->replacePlaceholder('comment', $data['comment_text'], 'comment_notification_message');
                 $this->_localization->replacePlaceholder('link', BASE_URL . PAGE, 'comment_notification_message');
                 $mail = new Mail();
                 $mail->set_charset(CHARSET);
                 $mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['comment_notification_subject'], Localization::$lang['comment_notification_message'], $this->settings['mail_parameter']);
             }
             // count comments:
             $this->total_comments = $this->count_comments($this->comment_id);
             $this->total_pages = ceil($this->total_comments / $this->comments_per_page);
             if ($this->current_page > $this->total_pages) {
                 $this->current_page = $this->total_pages;
             }
             return true;
         }
     }
     $_SESSION[$this->_form_session] = time();
     $this->form_session = $_SESSION[$this->_form_session];
     return false;
 }