public function get_pingback($id)
{
$postdata = file_get_contents("php://input");
if ($postdata) {
$xml = new SimpleXMLElement($postdata);
$pingback_sender_url = strval($xml->params->param[0]->value->string);
$pingback_receiver_url = strval($xml->params->param[1]->value->string);
// get content:
if ($pingback_sender_url) {
if ($url_content = $this->_get_url_content($pingback_sender_url)) {
if (strpos($url_content[1], BASE_URL . PAGE) !== false) {
// get title:
preg_match("/<title>(.*)<\\/title>/i", $url_content[1], $matches);
if (isset($matches[1]) && trim($matches[1]) != '') {
$pingback_title = trim(filter_control_characters($matches[1]));
if (mb_strlen($pingback_title) > $this->pingback_title_maxlength) {
$pingback_title = truncate($pingback_title, $this->pingback_title_maxlength);
}
} else {
$pingback_error = true;
}
// get body:
preg_match("/<body[^>]*>(.*)<\\/body>/smi", $url_content[1], $b_matches);
if (isset($b_matches[1]) && trim($b_matches[1]) != '') {
$body = strip_tags($b_matches[1]);
$body = preg_replace("/\r\n|\r|\n/", "\n", $body);
$body_lines = explode("\n", $body);
$cleared_body = '';
foreach ($body_lines as $body_line) {
if (trim($body_line) != '') {
$cleared_body .= trim($body_line) . ' ';
}
}
$cleared_body = trim(filter_control_characters($cleared_body));
} else {
$pingback_error = true;
}
if (empty($pingback_error)) {
// not accepted words check:
$joined_message = mb_strtolower($pingback_title . ' ' . $pingback_sender_url . ' ' . $cleared_body);
$not_accepted_words = get_not_accepted_words($joined_message);
if ($not_accepted_words) {
$pingback_error = true;
}
}
if (empty($pingback_error)) {
// Akismet spam check:
if ($this->settings['akismet_key'] != '' && $this->settings['akismet_entry_check'] == 1) {
$check_posting['author'] = $pingback_title;
$check_posting['website'] = $pingback_sender_url;
$check_posting['body'] = truncate($cleared_body, 3000);
$akismet = new Akismet(BASE_URL, $this->settings['akismet_key'], $check_posting);
// test for errors
if ($akismet->errorsExist()) {
//$pingback_error = true;
if ($akismet->isError(AKISMET_INVALID_KEY)) {
$akismet_errors[] = 'akismet_error_api_key';
} elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) {
$akismet_errors[] = 'akismet_error_connection';
} elseif ($akismet->isError(AKISMET_SERVER_NOT_FOUND)) {
$akismet_errors[] = 'akismet_error_connection';
}
} else {
// No errors, check for spam
if ($akismet->isSpam()) {
// TODO:
#$pingback_error = true;
$akismet_spam = true;
#$mail = new Mail();
#$mail->send($this->settings['email'], $this->settings['email'], 'Pingback-Spam?', $check_posting['author']."\n".$check_posting['website']."\n".$check_posting['body'], $this->settings['mail_parameter']);
}
}
}
}
if (empty($pingback_error)) {
// check if url was already posted:
$dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE comment_id=:comment_id AND type=0 AND comment='' AND email_hp=:email_hp");
$dbr->bindParam(':comment_id', $id, PDO::PARAM_INT);
$dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR);
$dbr->execute();
$comment_count = $dbr->fetchColumn();
if ($comment_count > 0) {
$pingback_error = true;
}
}
if (empty($pingback_error)) {
$dbr = Database::$entries->prepare("INSERT INTO " . Database::$db_settings['comment_table'] . " (type, comment_id, time, ip, name, email_hp, comment) VALUES (0, :comment_id, :time, :ip, :name, :email_hp, '')");
$dbr->bindParam(':comment_id', $id, PDO::PARAM_INT);
$dbr->bindValue(':time', time(), PDO::PARAM_INT);
$dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
$dbr->bindParam(':name', $pingback_title, PDO::PARAM_STR);
$dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR);
$dbr->execute();
// E-mail notification to admin:
if ($this->settings['comment_notification'] && $this->settings['email']) {
$this->_localization->replacePlaceholder('page', PAGE, 'pingback_notification_subject');
$this->_localization->replacePlaceholder('title', $pingback_title, 'pingback_notification_message');
$this->_localization->replacePlaceholder('url', $pingback_sender_url, 'pingback_notification_message');
$this->_localization->replacePlaceholder('link', BASE_URL . PAGE, 'pingback_notification_message');
// TODO:
if (isset($akismet_spam)) {
$add = "\n\nAkismet: SPAM!";
} else {
$add = '';
}
$mail = new Mail();
$mail->set_charset(CHARSET);
$mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['pingback_notification_subject'], Localization::$lang['pingback_notification_message'] . $add, $this->settings['mail_parameter']);
}
$response = '<?xml version="1.0"?><methodResponse><params><param><value><string>OK</string></value></param></params></methodResponse>';
header('Content-Type: text/xml');
echo $response;
return true;
}
}
}
}
}
$response = '<?xml version="1.0"?><methodResponse><fault><value><struct><member><name>faultCode</name><value><int>0</int></value></member><member><name>faultString</name><value><string>FAIL</string></value></member></struct></value></fault></methodResponse>';
header('Content-Type: text/xml');
echo $response;
return false;
}
private function check_data($data, $save = false)
{
if ($this->comments_closed != false) {
$this->errors[] = 'comment_error_closed';
}
if (empty($this->errors) && $save) {
if (empty($_SESSION[$this->_form_session])) {
$this->errors[] = 'comment_error_invalid_request';
} else {
if (time() - $_SESSION[$this->_form_session] < 2) {
$this->errors[] = 'comment_error_too_fast';
}
}
}
if (empty($this->errors)) {
// check for not accepted words:
$joined_message = mb_strtolower($data['name'] . ' ' . $data['email_hp'] . ' ' . $data['comment_text']);
$not_accepted_words = get_not_accepted_words($joined_message);
if ($not_accepted_words != false) {
$not_accepted_words_listing = htmlspecialchars(implode(', ', $not_accepted_words));
if (count($not_accepted_words) == 1) {
$this->errors[] = 'error_not_accepted_word';
#$this->assign_lang_placeholder('not_accepted_word', $not_accepted_words_listing, 'error_not_accepted_word');
$this->_localization->replacePlaceholder('not_accepted_word', $not_accepted_words_listing, 'error_not_accepted_word');
} else {
$this->errors[] = 'error_not_accepted_words';
#$this->assign_lang_placeholder('not_accepted_words', $not_accepted_words_listing, 'error_not_accepted_words');
$this->_localization->replacePlaceholder('not_accepted_words', $not_accepted_words_listing, 'error_not_accepted_words');
}
}
if (empty($data['name'])) {
$this->errors[] = 'comment_error_no_name';
}
if (empty($data['comment_text'])) {
$this->errors[] = 'comment_error_no_text';
}
if (mb_strlen($data['name']) > $this->name_maxlength) {
$this->errors[] = 'comment_error_name_too_long';
}
if (mb_strlen($data['email_hp']) > $this->email_hp_maxlength) {
$this->errors[] = 'comment_error_email_hp_too_long';
}
if (!empty($data['email_hp'])) {
if (strpos($data['email_hp'], ' ') !== false || strpos($data['email_hp'], '.') === false) {
$this->errors[] = 'comment_error_email_hp_invalid';
}
}
if (mb_strlen($data['comment_text']) > $this->comment_maxlength) {
$text_length = mb_strlen($data['comment_text']);
$this->errors[] = 'comment_error_text_too_long';
$this->_localization->replacePlaceholder('characters', $text_length, 'comment_error_text_too_long');
$this->_localization->replacePlaceholder('max_characters', $this->comment_maxlength, 'comment_error_text_too_long');
}
}
if (empty($this->errors)) {
if ($too_long_words = too_long_words(strip_tags($this->format_comment($data['comment_text'])), $this->word_maxlength)) {
foreach ($too_long_words as $too_long_word) {
$stripped_too_long_words[] = htmlspecialchars(mb_substr($too_long_word, 0, $this->word_maxlength)) . '...';
}
$too_long_words_listing = implode(', ', $stripped_too_long_words);
if (count($too_long_words) == 1) {
$this->errors[] = 'comment_error_too_long_word';
#$this->assign_lang_placeholder('word', $too_long_words_listing, 'comment_error_too_long_word');
$this->_localization->replacePlaceholder('word', $too_long_words_listing, 'comment_error_too_long_word');
} else {
$this->errors[] = 'comment_error_too_long_words';
#$this->assign_lang_placeholder('words', $too_long_words_listing, 'comment_error_too_long_words');
$this->_localization->replacePlaceholder('words', $too_long_words_listing, 'comment_error_too_long_words');
}
}
// check for double and repeated entries:
$dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE time>:time AND comment_id=:comment_id AND name=:name AND email_hp=:email_hp AND comment=:comment");
$time = time() - 300;
// last 5 minutes
$dbr->bindParam(':time', $time, PDO::PARAM_INT);
$dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
$dbr->bindParam(':name', $data['name'], PDO::PARAM_STR);
$dbr->bindParam(':email_hp', $data['email_hp'], PDO::PARAM_STR);
$dbr->bindParam(':comment', $data['comment_text'], PDO::PARAM_STR);
$dbr->execute();
if ($dbr->fetchColumn() > 0) {
$this->errors[] = 'comment_error_entry_exists';
}
if ($this->prevent_repeated_posts_minutes > 0) {
$dbr = Database::$entries->prepare("SELECT COUNT(*) FROM " . Database::$db_settings['comment_table'] . " WHERE time>:time AND comment_id=:comment_id AND ip=:ip");
$time = time() - $this->prevent_repeated_posts_minutes * 60;
$dbr->bindParam(':time', $time, PDO::PARAM_INT);
$dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
$dbr->bindParam(':ip', $_SERVER["REMOTE_ADDR"], PDO::PARAM_STR);
$dbr->execute();
if ($dbr->fetchColumn() > 0) {
$this->errors[] = 'comment_error_repeated_post';
}
}
if ($save) {
// Akismet spam check:
if ($this->akismet_key != '' && $this->akismet_entry_check == 1) {
#require('./cms/modules/akismet/akismet.class.php');
$check_posting['author'] = $data['name'];
if ($data['email_hp'] != '') {
if (preg_match("/^[^@]+@.+\\.\\D{2,5}\$/", $email_hp)) {
$check_posting['email'] = $data['email_hp'];
} else {
$check_posting['website'] = $data['email_hp'];
}
}
$check_posting['body'] = $data['comment_text'];
$akismet = new Akismet(BASE_URL, $this->akismet_key, $check_posting);
// test for errors
if ($akismet->errorsExist()) {
if ($akismet->isError(AKISMET_INVALID_KEY)) {
$this->errors[] = 'akismet_error_api_key';
} elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) {
$this->errors[] = 'akismet_error_connection';
} elseif ($akismet->isError(AKISMET_SERVER_NOT_FOUND)) {
$this->errors[] = 'akismet_error_connection';
}
} else {
// No errors, check for spam
if ($akismet->isSpam()) {
$this->errors[] = 'akismet_spam_suspicion';
}
}
}
}
// end if($save)
}
}
