public function get_pingback($id) { $postdata = file_get_contents("php://input"); if ($postdata) { $xml = new SimpleXMLElement($postdata); $pingback_sender_url = strval($xml->params->param[0]->value->string); $pingback_receiver_url = strval($xml->params->param[1]->value->string); // get content: if ($pingback_sender_url) { if ($url_content = $this->_get_url_content($pingback_sender_url)) { if (strpos($url_content[1], BASE_URL . PAGE) !== false) { // get title: preg_match("/<title>(.*)<\\/title>/i", $url_content[1], $matches); if (isset($matches[1]) && trim($matches[1]) != '') { $pingback_title = trim(filter_control_characters($matches[1])); if (mb_strlen($pingback_title) > $this->pingback_title_maxlength) { $pingback_title = truncate($pingback_title, $this->pingback_title_maxlength); } } else { $pingback_error = true; } // get body: preg_match("/<body[^>]*>(.*)<\\/body>/smi", $url_content[1], $b_matches); if (isset($b_matches[1]) && trim($b_matches[1]) != '') { $body = strip_tags($b_matches[1]); $body = preg_replace("/\r\n|\r|\n/", "\n", $body); $body_lines = explode("\n", $body); $cleared_body = ''; foreach ($body_lines as $body_line) { if (trim($body_line) != '') { $cleared_body .= trim($body_line) . ' '; } } $cleared_body = trim(filter_control_characters($cleared_body)); } else { $pingback_error = true; } if (empty($pingback_error)) { // not accepted words check: $joined_message = mb_strtolower($pingback_title . ' ' . $pingback_sender_url . ' ' . $cleared_body); $not_accepted_words = get_not_accepted_words($joined_message); if ($not_accepted_words) { $pingback_error = true; } } if (empty($pingback_error)) { // Akismet spam check: if ($this->settings['akismet_key'] != '' && $this->settings['akismet_entry_check'] == 1) { $check_posting['author'] = $pingback_title; $check_posting['website'] = $pingback_sender_url; $check_posting['body'] = truncate($cleared_body, 3000); $akismet = new Akismet(BASE_URL, $this->settings['akismet_key'], $check_posting); // test for errors if ($akismet->errorsExist()) { //$pingback_error = true; if ($akismet->isError(AKISMET_INVALID_KEY)) { $akismet_errors[] = 'akismet_error_api_key'; } elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) { $akismet_errors[] = 'akismet_error_connection'; } elseif ($akismet->isError(AKISMET_SERVER_NOT_FOUND)) { $akismet_errors[] = 'akismet_error_connection'; } } else { // No errors, check for spam if ($akismet->isSpam()) { // TODO: #$pingback_error = true; $akismet_spam = true; #$mail = new Mail(); #$mail->send($this->settings['email'], $this->settings['email'], 'Pingback-Spam?', $check_posting['author']."\n".$check_posting['website']."\n".$check_posting['body'], $this->settings['mail_parameter']); } } } } if (empty($pingback_error)) { // check if url was already posted: $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE comment_id=:comment_id AND type=0 AND comment='' AND email_hp=:email_hp"); $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT); $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR); $dbr->execute(); $comment_count = $dbr->fetchColumn(); if ($comment_count > 0) { $pingback_error = true; } } if (empty($pingback_error)) { $dbr = Database::$entries->prepare("INSERT INTO " . Database::$db_settings['comment_table'] . " (type, comment_id, time, ip, name, email_hp, comment) VALUES (0, :comment_id, :time, :ip, :name, :email_hp, '')"); $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT); $dbr->bindValue(':time', time(), PDO::PARAM_INT); $dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); $dbr->bindParam(':name', $pingback_title, PDO::PARAM_STR); $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR); $dbr->execute(); // E-mail notification to admin: if ($this->settings['comment_notification'] && $this->settings['email']) { $this->_localization->replacePlaceholder('page', PAGE, 'pingback_notification_subject'); $this->_localization->replacePlaceholder('title', $pingback_title, 'pingback_notification_message'); $this->_localization->replacePlaceholder('url', $pingback_sender_url, 'pingback_notification_message'); $this->_localization->replacePlaceholder('link', BASE_URL . PAGE, 'pingback_notification_message'); // TODO: if (isset($akismet_spam)) { $add = "\n\nAkismet: SPAM!"; } else { $add = ''; } $mail = new Mail(); $mail->set_charset(CHARSET); $mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['pingback_notification_subject'], Localization::$lang['pingback_notification_message'] . $add, $this->settings['mail_parameter']); } $response = '<?xml version="1.0"?><methodResponse><params><param><value><string>OK</string></value></param></params></methodResponse>'; header('Content-Type: text/xml'); echo $response; return true; } } } } } $response = '<?xml version="1.0"?><methodResponse><fault><value><struct><member><name>faultCode</name><value><int>0</int></value></member><member><name>faultString</name><value><string>FAIL</string></value></member></struct></value></fault></methodResponse>'; header('Content-Type: text/xml'); echo $response; return false; }
private function check_data($data, $save = false) { if ($this->comments_closed != false) { $this->errors[] = 'comment_error_closed'; } if (empty($this->errors) && $save) { if (empty($_SESSION[$this->_form_session])) { $this->errors[] = 'comment_error_invalid_request'; } else { if (time() - $_SESSION[$this->_form_session] < 2) { $this->errors[] = 'comment_error_too_fast'; } } } if (empty($this->errors)) { // check for not accepted words: $joined_message = mb_strtolower($data['name'] . ' ' . $data['email_hp'] . ' ' . $data['comment_text']); $not_accepted_words = get_not_accepted_words($joined_message); if ($not_accepted_words != false) { $not_accepted_words_listing = htmlspecialchars(implode(', ', $not_accepted_words)); if (count($not_accepted_words) == 1) { $this->errors[] = 'error_not_accepted_word'; #$this->assign_lang_placeholder('not_accepted_word', $not_accepted_words_listing, 'error_not_accepted_word'); $this->_localization->replacePlaceholder('not_accepted_word', $not_accepted_words_listing, 'error_not_accepted_word'); } else { $this->errors[] = 'error_not_accepted_words'; #$this->assign_lang_placeholder('not_accepted_words', $not_accepted_words_listing, 'error_not_accepted_words'); $this->_localization->replacePlaceholder('not_accepted_words', $not_accepted_words_listing, 'error_not_accepted_words'); } } if (empty($data['name'])) { $this->errors[] = 'comment_error_no_name'; } if (empty($data['comment_text'])) { $this->errors[] = 'comment_error_no_text'; } if (mb_strlen($data['name']) > $this->name_maxlength) { $this->errors[] = 'comment_error_name_too_long'; } if (mb_strlen($data['email_hp']) > $this->email_hp_maxlength) { $this->errors[] = 'comment_error_email_hp_too_long'; } if (!empty($data['email_hp'])) { if (strpos($data['email_hp'], ' ') !== false || strpos($data['email_hp'], '.') === false) { $this->errors[] = 'comment_error_email_hp_invalid'; } } if (mb_strlen($data['comment_text']) > $this->comment_maxlength) { $text_length = mb_strlen($data['comment_text']); $this->errors[] = 'comment_error_text_too_long'; $this->_localization->replacePlaceholder('characters', $text_length, 'comment_error_text_too_long'); $this->_localization->replacePlaceholder('max_characters', $this->comment_maxlength, 'comment_error_text_too_long'); } } if (empty($this->errors)) { if ($too_long_words = too_long_words(strip_tags($this->format_comment($data['comment_text'])), $this->word_maxlength)) { foreach ($too_long_words as $too_long_word) { $stripped_too_long_words[] = htmlspecialchars(mb_substr($too_long_word, 0, $this->word_maxlength)) . '...'; } $too_long_words_listing = implode(', ', $stripped_too_long_words); if (count($too_long_words) == 1) { $this->errors[] = 'comment_error_too_long_word'; #$this->assign_lang_placeholder('word', $too_long_words_listing, 'comment_error_too_long_word'); $this->_localization->replacePlaceholder('word', $too_long_words_listing, 'comment_error_too_long_word'); } else { $this->errors[] = 'comment_error_too_long_words'; #$this->assign_lang_placeholder('words', $too_long_words_listing, 'comment_error_too_long_words'); $this->_localization->replacePlaceholder('words', $too_long_words_listing, 'comment_error_too_long_words'); } } // check for double and repeated entries: $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE time>:time AND comment_id=:comment_id AND name=:name AND email_hp=:email_hp AND comment=:comment"); $time = time() - 300; // last 5 minutes $dbr->bindParam(':time', $time, PDO::PARAM_INT); $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT); $dbr->bindParam(':name', $data['name'], PDO::PARAM_STR); $dbr->bindParam(':email_hp', $data['email_hp'], PDO::PARAM_STR); $dbr->bindParam(':comment', $data['comment_text'], PDO::PARAM_STR); $dbr->execute(); if ($dbr->fetchColumn() > 0) { $this->errors[] = 'comment_error_entry_exists'; } if ($this->prevent_repeated_posts_minutes > 0) { $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE time>:time AND comment_id=:comment_id AND ip=:ip"); $time = time() - $this->prevent_repeated_posts_minutes * 60; $dbr->bindParam(':time', $time, PDO::PARAM_INT); $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT); $dbr->bindParam(':ip', $_SERVER["REMOTE_ADDR"], PDO::PARAM_STR); $dbr->execute(); if ($dbr->fetchColumn() > 0) { $this->errors[] = 'comment_error_repeated_post'; } } if ($save) { // Akismet spam check: if ($this->akismet_key != '' && $this->akismet_entry_check == 1) { #require('./cms/modules/akismet/akismet.class.php'); $check_posting['author'] = $data['name']; if ($data['email_hp'] != '') { if (preg_match("/^[^@]+@.+\\.\\D{2,5}\$/", $email_hp)) { $check_posting['email'] = $data['email_hp']; } else { $check_posting['website'] = $data['email_hp']; } } $check_posting['body'] = $data['comment_text']; $akismet = new Akismet(BASE_URL, $this->akismet_key, $check_posting); // test for errors if ($akismet->errorsExist()) { if ($akismet->isError(AKISMET_INVALID_KEY)) { $this->errors[] = 'akismet_error_api_key'; } elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) { $this->errors[] = 'akismet_error_connection'; } elseif ($akismet->isError(AKISMET_SERVER_NOT_FOUND)) { $this->errors[] = 'akismet_error_connection'; } } else { // No errors, check for spam if ($akismet->isSpam()) { $this->errors[] = 'akismet_spam_suspicion'; } } } } // end if($save) } }