/**
* Adds a new comment to the database
* @param string $timestamp
* @param array $comment
* @return mixed
*/
function addComment($timestamp, $comment)
{
global $CONF, $member, $manager;
$blogid = getBlogIDFromItemID($this->itemid);
$settings =& $manager->getBlog($blogid);
$settings->readSettings();
// begin if: comments disabled
if (!$settings->commentsEnabled()) {
return _ERROR_COMMENTS_DISABLED;
}
// end if
// begin if: public cannot comment
if (!$settings->isPublic() && !$member->isLoggedIn()) {
return _ERROR_COMMENTS_NONPUBLIC;
}
// end if
// begin if: comment uses a protected member name
if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) {
return _ERROR_COMMENTS_MEMBERNICK;
}
// end if
// begin if: email required, but missing (doesn't apply to members)
if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
return _ERROR_EMAIL_REQUIRED;
}
// end if
## Note usage of mb_strlen() vs strlen() below ##
// begin if: commenter's name is too long
if (mb_strlen($comment['user']) > 40) {
return _ERROR_USER_TOO_LONG;
}
// end if
// begin if: commenter's email is too long
if (mb_strlen($comment['email']) > 100) {
return _ERROR_EMAIL_TOO_LONG;
}
// end if
// begin if: commenter's url is too long
if (mb_strlen($comment['userid']) > 100) {
return _ERROR_URL_TOO_LONG;
}
// end if
$comment['timestamp'] = $timestamp;
$comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
$comment['ip'] = serverVar('REMOTE_ADDR');
// begin if: member is logged in, use that data
if ($member->isLoggedIn()) {
$comment['memberid'] = $member->getID();
$comment['user'] = '';
$comment['userid'] = '';
$comment['email'] = '';
} else {
$comment['memberid'] = 0;
}
// spam check
$continue = FALSE;
$plugins = array();
if (isset($manager->subscriptions['ValidateForm'])) {
$plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
}
if (isset($manager->subscriptions['PreAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
}
if (isset($manager->subscriptions['PostAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
}
$plugins = array_unique($plugins);
while (list(, $plugin) = each($plugins)) {
$p = $manager->getPlugin($plugin);
$continue = $continue || $p->supportsFeature('handleSpam');
}
$spamcheck = array('type' => 'comment', 'body' => $comment['body'], 'id' => $comment['itemid'], 'live' => TRUE, 'return' => $continue);
// begin if: member logged in
if ($member->isLoggedIn()) {
$spamcheck['author'] = $member->displayname;
$spamcheck['email'] = $member->email;
} else {
$spamcheck['author'] = $comment['user'];
$spamcheck['email'] = $comment['email'];
$spamcheck['url'] = $comment['userid'];
}
// end if
$manager->notify('SpamCheck', array('spamcheck' => &$spamcheck));
if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE) {
return _ERROR_COMMENTS_SPAM;
}
// isValidComment returns either "1" or an error message
$isvalid = $this->isValidComment($comment, $spamcheck);
if ($isvalid != 1) {
return $isvalid;
}
// begin if: send email to notification address
if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
$mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
// $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
$temp = parse_url($CONF['Self']);
if ($temp['scheme']) {
$mailto_msg .= createItemLink($this->itemid) . "\n\n";
} else {
$tempurl = $settings->getURL();
if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
$mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
} else {
$mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
}
}
if ($comment['memberid'] == 0) {
$mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
$mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
} else {
$mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
}
$mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
$mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
$mailto_msg .= getMailFooter();
$item =& $manager->getItem($this->itemid, 0, 0);
$mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
$frommail = $member->getNotifyFromMailAddress($comment['email']);
$notify =& new NOTIFICATION($settings->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg, $frommail);
}
$comment = COMMENT::prepare($comment);
$manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck));
$name = sql_real_escape_string($comment['user']);
$url = sql_real_escape_string($comment['userid']);
$email = sql_real_escape_string($comment['email']);
$body = sql_real_escape_string($comment['body']);
$host = sql_real_escape_string($comment['host']);
$ip = sql_real_escape_string($comment['ip']);
$memberid = intval($comment['memberid']);
$timestamp = date('Y-m-d H:i:s', $comment['timestamp']);
$itemid = $this->itemid;
$qSql = 'SELECT COUNT(*) AS result ' . 'FROM ' . sql_table('comment') . ' WHERE ' . 'cmail = "' . $url . '"' . ' AND cmember = "' . $memberid . '"' . ' AND cbody = "' . $body . '"' . ' AND citem = "' . $itemid . '"' . ' AND cblog = "' . $blogid . '"';
$result = (int) quickQuery($qSql);
if ($result > 0) {
return _ERROR_BADACTION;
}
$query = 'INSERT INTO ' . sql_table('comment') . ' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' . "VALUES ('{$name}', '{$url}', '{$email}', {$memberid}, '{$body}', {$itemid}, '{$timestamp}', '{$host}', '{$ip}', '{$blogid}')";
sql_query($query);
// post add comment
$commentid = sql_insert_id();
$manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
// succeeded !
return TRUE;
}
function sendNewItemNotification($itemid, $title, $body)
{
global $CONF, $member;
// create text version of html post
$ascii = toAscii($body);
$mailto_msg = _NOTIFY_NI_MSG . " \n";
// $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
$temp = parse_url($CONF['Self']);
if ($temp['scheme']) {
$mailto_msg .= createItemLink($itemid) . "\n\n";
} else {
$tempurl = $this->getURL();
if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
$mailto_msg .= $tempurl . '?itemid=' . $itemid . "\n\n";
} else {
$mailto_msg .= $tempurl . '/?itemid=' . $itemid . "\n\n";
}
}
$mailto_msg .= _NOTIFY_TITLE . ' ' . strip_tags($title) . "\n";
$mailto_msg .= _NOTIFY_CONTENTS . "\n " . $ascii . "\n";
$mailto_msg .= getMailFooter();
$mailto_title = $this->getName() . ': ' . _NOTIFY_NI_TITLE;
$frommail = $member->getNotifyFromMailAddress();
$notify =& new NOTIFICATION($this->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg, $frommail);
}
/**
* Handle karma votes
*/
function doKarma($type)
{
global $itemid, $member, $CONF, $manager;
// check if itemid exists
if (!$manager->existsItem($itemid, 0, 0)) {
doError(_ERROR_NOSUCHITEM);
}
$blogid = getBlogIDFromItemID($itemid);
$this->checkban($blogid);
$karma =& $manager->getKarma($itemid);
// check if not already voted
if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) {
doError(_ERROR_VOTEDBEFORE);
}
// check if item does allow voting
$item =& $manager->getItem($itemid, 0, 0);
if ($item['closed']) {
doError(_ERROR_ITEMCLOSED);
}
switch ($type) {
case 'pos':
$karma->votePositive();
break;
case 'neg':
$karma->voteNegative();
break;
}
// $blogid = getBlogIDFromItemID($itemid);
$blog =& $manager->getBlog($blogid);
// send email to notification address, if any
if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
$mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
$itemLink = createItemLink(intval($itemid));
$temp = parse_url($itemLink);
if (!$temp['scheme']) {
$itemLink = $CONF['IndexURL'] . $itemLink;
}
$mailto_msg .= $itemLink . "\n\n";
if ($member->isLoggedIn()) {
$mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
}
$mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
$mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
$mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
$mailto_msg .= getMailFooter();
$mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
$frommail = $member->getNotifyFromMailAddress();
$notify = new NOTIFICATION($blog->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg, $frommail);
}
$refererUrl = serverVar('HTTP_REFERER');
if ($refererUrl) {
$url = $refererUrl;
} else {
// $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
$url = $itemLink;
}
redirect($url);
exit;
}
