public function get_pingback($id) { $postdata = file_get_contents("php://input"); if ($postdata) { $xml = new SimpleXMLElement($postdata); $pingback_sender_url = strval($xml->params->param[0]->value->string); $pingback_receiver_url = strval($xml->params->param[1]->value->string); // get content: if ($pingback_sender_url) { if ($url_content = $this->_get_url_content($pingback_sender_url)) { if (strpos($url_content[1], BASE_URL . PAGE) !== false) { // get title: preg_match("/<title>(.*)<\\/title>/i", $url_content[1], $matches); if (isset($matches[1]) && trim($matches[1]) != '') { $pingback_title = trim(filter_control_characters($matches[1])); if (mb_strlen($pingback_title) > $this->pingback_title_maxlength) { $pingback_title = truncate($pingback_title, $this->pingback_title_maxlength); } } else { $pingback_error = true; } // get body: preg_match("/<body[^>]*>(.*)<\\/body>/smi", $url_content[1], $b_matches); if (isset($b_matches[1]) && trim($b_matches[1]) != '') { $body = strip_tags($b_matches[1]); $body = preg_replace("/\r\n|\r|\n/", "\n", $body); $body_lines = explode("\n", $body); $cleared_body = ''; foreach ($body_lines as $body_line) { if (trim($body_line) != '') { $cleared_body .= trim($body_line) . ' '; } } $cleared_body = trim(filter_control_characters($cleared_body)); } else { $pingback_error = true; } if (empty($pingback_error)) { // not accepted words check: $joined_message = mb_strtolower($pingback_title . ' ' . $pingback_sender_url . ' ' . $cleared_body); $not_accepted_words = get_not_accepted_words($joined_message); if ($not_accepted_words) { $pingback_error = true; } } if (empty($pingback_error)) { // Akismet spam check: if ($this->settings['akismet_key'] != '' && $this->settings['akismet_entry_check'] == 1) { $check_posting['author'] = $pingback_title; $check_posting['website'] = $pingback_sender_url; $check_posting['body'] = truncate($cleared_body, 3000); $akismet = new Akismet(BASE_URL, $this->settings['akismet_key'], $check_posting); // test for errors if ($akismet->errorsExist()) { //$pingback_error = true; if ($akismet->isError(AKISMET_INVALID_KEY)) { $akismet_errors[] = 'akismet_error_api_key'; } elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) { $akismet_errors[] = 'akismet_error_connection'; } elseif ($akismet->isError(AKISMET_SERVER_NOT_FOUND)) { $akismet_errors[] = 'akismet_error_connection'; } } else { // No errors, check for spam if ($akismet->isSpam()) { // TODO: #$pingback_error = true; $akismet_spam = true; #$mail = new Mail(); #$mail->send($this->settings['email'], $this->settings['email'], 'Pingback-Spam?', $check_posting['author']."\n".$check_posting['website']."\n".$check_posting['body'], $this->settings['mail_parameter']); } } } } if (empty($pingback_error)) { // check if url was already posted: $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE comment_id=:comment_id AND type=0 AND comment='' AND email_hp=:email_hp"); $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT); $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR); $dbr->execute(); $comment_count = $dbr->fetchColumn(); if ($comment_count > 0) { $pingback_error = true; } } if (empty($pingback_error)) { $dbr = Database::$entries->prepare("INSERT INTO " . Database::$db_settings['comment_table'] . " (type, comment_id, time, ip, name, email_hp, comment) VALUES (0, :comment_id, :time, :ip, :name, :email_hp, '')"); $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT); $dbr->bindValue(':time', time(), PDO::PARAM_INT); $dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); $dbr->bindParam(':name', $pingback_title, PDO::PARAM_STR); $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR); $dbr->execute(); // E-mail notification to admin: if ($this->settings['comment_notification'] && $this->settings['email']) { $this->_localization->replacePlaceholder('page', PAGE, 'pingback_notification_subject'); $this->_localization->replacePlaceholder('title', $pingback_title, 'pingback_notification_message'); $this->_localization->replacePlaceholder('url', $pingback_sender_url, 'pingback_notification_message'); $this->_localization->replacePlaceholder('link', BASE_URL . PAGE, 'pingback_notification_message'); // TODO: if (isset($akismet_spam)) { $add = "\n\nAkismet: SPAM!"; } else { $add = ''; } $mail = new Mail(); $mail->set_charset(CHARSET); $mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['pingback_notification_subject'], Localization::$lang['pingback_notification_message'] . $add, $this->settings['mail_parameter']); } $response = '<?xml version="1.0"?><methodResponse><params><param><value><string>OK</string></value></param></params></methodResponse>'; header('Content-Type: text/xml'); echo $response; return true; } } } } } $response = '<?xml version="1.0"?><methodResponse><fault><value><struct><member><name>faultCode</name><value><int>0</int></value></member><member><name>faultString</name><value><string>FAIL</string></value></member></struct></value></fault></methodResponse>'; header('Content-Type: text/xml'); echo $response; return false; }
public function save() { if (empty($_SESSION[$this->_form_session])) { #$this->preview(); } else { // if comment entered:: $data['comment_text'] = isset($_POST['comment_text']) ? trim(filter_control_characters($_POST['comment_text'])) : ''; $data['name'] = isset($_POST['name']) ? trim(filter_control_characters($_POST['name'])) : ''; $data['email_hp'] = isset($_POST['email_hp']) ? trim(filter_control_characters($_POST['email_hp'])) : ''; // check posted data: $this->check_data($data, true); // save if no errors: if ($this->errors == false) { $dbr = Database::$entries->prepare("INSERT INTO " . Database::$db_settings['comment_table'] . " (type, comment_id, time, ip, name, email_hp, comment) VALUES (:type, :comment_id, :time, :ip, :name, :email_hp, :comment)"); $dbr->bindParam(':type', $this->type, PDO::PARAM_INT); $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT); $dbr->bindValue(':time', time(), PDO::PARAM_INT); $dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); $dbr->bindParam(':name', $data['name'], PDO::PARAM_STR); $dbr->bindParam(':email_hp', $data['email_hp'], PDO::PARAM_STR); $dbr->bindParam(':comment', $data['comment_text'], PDO::PARAM_STR); $dbr->execute(); #$this->clear_cache(); #showme(Database::$entries->errorInfo()); #$this->form_values = array(); unset($_SESSION[$this->_form_session]); $this->form_session = false; $this->form_session_data = false; // E-mail notification to admin: if ($this->settings['comment_notification'] && $this->settings['email'] != '') { $this->_localization->replacePlaceholder('page', PAGE, 'comment_notification_subject'); $name = $data['name']; if ($data['email_hp']) { $name .= ' ' . $data['email_hp']; } $this->_localization->replacePlaceholder('name', $name, 'comment_notification_message'); $this->_localization->replacePlaceholder('comment', $data['comment_text'], 'comment_notification_message'); $this->_localization->replacePlaceholder('link', BASE_URL . PAGE, 'comment_notification_message'); $mail = new Mail(); $mail->set_charset(CHARSET); $mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['comment_notification_subject'], Localization::$lang['comment_notification_message'], $this->settings['mail_parameter']); } // count comments: $this->total_comments = $this->count_comments($this->comment_id); $this->total_pages = ceil($this->total_comments / $this->comments_per_page); if ($this->current_page > $this->total_pages) { $this->current_page = $this->total_pages; } return true; } } $_SESSION[$this->_form_session] = time(); $this->form_session = $_SESSION[$this->_form_session]; return false; }