function comments($atts)
{
global $thisarticle, $prefs, $comment_preview, $pretext;
extract($prefs);
extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => $comments_are_ol ? 'ol' : '', 'break' => $comments_are_ol ? 'li' : 'div', 'class' => __FUNCTION__, 'breakclass' => ''), $atts));
if (is_array($thisarticle)) {
extract($thisarticle);
}
if (@$thisid) {
$id = $thisid;
}
$Form = fetch_form($form);
if (!empty($comment_preview)) {
$preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
$preview['time'] = time();
$preview['discussid'] = 0;
$preview['message'] = markup_comment($preview['message']);
$GLOBALS['thiscomment'] = $preview;
$comments[] = parse($Form) . n;
unset($GLOBALS['thiscomment']);
$out = doWrap($comments, $wraptag, $break, $class, $breakclass);
} else {
$rs = safe_rows_start("*, unix_timestamp(posted) as time", "txp_discuss", "parentid='{$id}' and visible='1' order by posted asc");
$out = '';
if ($rs) {
$comments = array();
while ($vars = nextRow($rs)) {
$GLOBALS['thiscomment'] = $vars;
$comments[] = parse($Form) . n;
unset($GLOBALS['thiscomment']);
}
$out .= doWrap($comments, $wraptag, $break, $class, $breakclass);
}
}
return $out;
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function comments_preview($atts)
{
global $has_comments_preview;
if (!ps('preview')) {
return;
}
extract(lAtts(array('form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts));
assert_article();
$preview = psa(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
$preview['time'] = time();
$preview['discussid'] = 0;
$preview['name'] = strip_tags($preview['name']);
$preview['email'] = clean_url($preview['email']);
if ($preview['message'] == '') {
$in = getComment();
$preview['message'] = $in['message'];
}
$preview['message'] = markup_comment(substr(trim($preview['message']), 0, 65535));
// it is called 'message', not 'novel'
$preview['web'] = clean_url($preview['web']);
$GLOBALS['thiscomment'] = $preview;
$comments = parse_form($form) . n;
unset($GLOBALS['thiscomment']);
$out = doTag($comments, $wraptag, $class);
# set a flag, to tell the comments_form tag that it doesn't have to show a preview
$has_comments_preview = true;
return $out;
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
extract($in);
if (!checkCommentsAllowed($parentid)) {
exit(graf(gTxt('comments_closed')));
}
if ($prefs['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($prefs['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = serverset('REMOTE_ADDR');
$message = trim($message);
$blacklisted = is_blacklisted($ip);
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if ($blacklisted == false) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
$updated = update_comments_count($parentid);
ob_start();
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
}
}
// end check nonce
}
// end check dup
} else {
exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
}
// end check blacklist
} else {
exit(gTxt('you_have_been_banned'));
}
// end check site ban
}
function sed_comments($atts)
{
global $thisarticle, $prefs, $comment_preview, $pretext;
extract($prefs);
extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => $comments_are_ol ? 'ol' : '', 'break' => $comments_are_ol ? 'li' : 'div', 'class' => __FUNCTION__, 'breakclass' => '', 'sort' => 'posted ASC'), $atts));
assert_article();
if (is_array($thisarticle)) {
extract($thisarticle);
}
if (@$thisid) {
$id = $thisid;
}
#
# Extract the sed article overrides...
# Access the custom field that houses the vars and explode the string on ';' boundaries.
#
$sed_vars = _sed_cp_get_sed_vars(@$thisarticle['sed per-article vars']);
$sed_vars = lAtts(array('sed_delay' => '0', 'sed_ttl' => '', 'sed_on_cull' => 'hide', 'sed_ttl_grace' => ''), $sed_vars);
extract($sed_vars);
if (!empty($comment_preview)) {
$preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
$preview['time'] = time();
$preview['discussid'] = 0;
$preview['message'] = markup_comment($preview['message']);
$GLOBALS['thiscomment'] = $preview;
$comments[] = parse_form($form) . n;
unset($GLOBALS['thiscomment']);
$out = doWrap($comments, $wraptag, $break, $class, $breakclass);
} else {
$rs = safe_rows_start("*, unix_timestamp(posted) as time", "txp_discuss", 'parentid=' . intval($id) . ' and visible=' . VISIBLE . ' order by ' . doSlash($sort));
$out = '';
if ($rs) {
$comments = array();
$culled_comments = array();
while ($vars = nextRow($rs)) {
$culled = false;
$show = true;
$extra = '';
$now = time();
$remaining = '';
#
# If the comment is in a deleting page then check if it is to be culled...
#
if (!empty($sed_ttl)) {
$do_cull_check = true;
#
# Are we in any grace period???
#
if (!empty($sed_ttl_grace) && 0 != $sed_ttl_grace) {
$do_cull_check = _sed_cp_if_outside_period($thisarticle['posted'], $sed_ttl_grace, $vars['time'], $remaining);
}
#
# If not then do the cull checking...
#
if ($do_cull_check) {
$culled = _sed_cp_if_outside_period($vars['time'], $sed_ttl, $now, $remaining);
}
#
# Display how long to go before culling.
#
if ($do_cull_check && !$culled) {
$vars['message'] .= "<br/><br/><strong>[MARKED FOR DELETION IN {$remaining}.]</strong>";
}
}
if ($culled) {
$extra .= ' culled';
$culled_comments[] = $vars;
$vars['time'] = $now;
$vars['message'] .= "<br/><br/><strong>[DELETED.]</strong>";
} else {
#
# See if the comment is in its "hidden" period.
# This is to try and discourage spam-robots that immediately see if their posts appear live.
#
if (!empty($sed_delay) && $sed_delay > '0') {
$show = _sed_cp_if_outside_period($vars['time'], $sed_delay, $now, $remaining);
}
#
# Still hidden so show a place-holder comment instead.
#
if (!$show) {
$extra .= ' delay_queue';
$vars['name'] = "[DELAYED]";
$vars['time'] = $now;
$vars['message'] = "A comment has been recorded and is in the delay queue.";
$vars['message'] .= "<br/><br/><strong>[REVEALED IN {$remaining}.]</strong>";
}
}
#
# Save the additional css class markup for this comment in the vars before parsing the comment form.
#
$vars['sed_class_extra'] = $extra;
$GLOBALS['thiscomment'] = $vars;
$comments[] = parse_form($form) . n;
unset($GLOBALS['thiscomment']);
}
$out .= doWrap($comments, $wraptag, $break, $class, $breakclass);
#
# Process the culled list...
#
if (!empty($culled_comments)) {
foreach ($culled_comments as $comment) {
if ('delete' == $sed_on_cull) {
_sed_cp_delete_comment($comment);
} else {
_sed_cp_update_comment($comment, $sed_on_cull);
}
}
update_comments_count($id);
}
}
}
return $out;
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message = trim($message);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
if ($prefs['logging'] == 'refer') {
logit('refer');
} elseif ($prefs['logging'] == 'all') {
logit();
}
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
/**
* Display a comment form to post new comments
* and display the whole comment thread
* @param int $pos_id
*/
function display_comment_thread($post_id)
{
$output = false;
$count = 0;
if (post_exist((int) $post_id)) {
$coms = get_comments_byPOST((int) $post_id);
$count += count($coms['comment_parent']);
$count += count($coms['comment_children']);
$output = '<div id="comments-post-' . $post_id . '" class="post-comments">';
$output .= '<div class="post-comment-head">';
$output .= '<h2>Discussion</h2>';
$output .= $count > 0 ? sprintf('<h4>%s Comments</h4>', $count) : '<h4>Be the first to comment</h4>';
$output .= '</div>';
$output .= '<div class="comment-form-box">';
$output .= display_comment_box((int) $post_id);
$output .= '</div>';
if (is_array($coms) && isset($coms['comment_parent']) && !empty($coms['comment_parent'])) {
$output .= markup_comment($post_id, $coms['comment_parent'], $coms['comment_children']);
} else {
$output .= '<ul class="comment-thread"><li id="post-thread-' . $post_id . '"></li></ul>';
}
$output .= '</div>';
}
return $output;
}
function comments_preview($atts, $thing = '', $me = '')
{
global $thisarticle, $has_comments_preview;
if (!ps('preview')) {
return;
}
extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts));
assert_article();
if (is_array($thisarticle)) {
extract($thisarticle);
}
if (@$thisid) {
$id = $thisid;
}
$Form = fetch_form($form);
$preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
$preview['time'] = time();
$preview['discussid'] = 0;
if ($preview['message'] == '') {
$in = getComment();
$preview['message'] = $in['message'];
}
$preview['message'] = markup_comment($preview['message']);
$GLOBALS['thiscomment'] = $preview;
$comments = parse($Form) . n;
unset($GLOBALS['thiscomment']);
$out = doTag($comments, $wraptag, $class);
# set a flag, to tell the comments_form tag that it doesn't have to show a preview
$has_comments_preview = true;
return $out;
}
function comments_preview($atts, $thing = '', $me = '')
{
global $thisarticle;
if (!ps('preview')) {
return;
}
extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'bc' => false, 'wraptag' => '', 'class' => __FUNCTION__), $atts));
//FIXME for crockery. This emulates the old hardcoded preview behaviour.
if ($bc) {
if (@$GLOBALS['pretext']['secondpass'] == false) {
return $me;
}
if (@$GLOBALS['pretext']['comments_preview_shown']) {
return '';
} else {
return '<a id="cpreview"></a>' . discuss($id);
}
}
$GLOBALS['pretext']['comments_preview_shown'] = true;
if (is_array($thisarticle)) {
extract($thisarticle);
}
if (@$thisid) {
$id = $thisid;
}
$Form = fetch_form($form);
$preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
$preview['time'] = time();
$preview['discussid'] = 0;
$preview['message'] = markup_comment($preview['message']);
$GLOBALS['thiscomment'] = $preview;
$comments = parse($Form) . n;
unset($GLOBALS['thiscomment']);
$out = doTag($comments, $wraptag, $class);
return $out;
}