/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a code for the success of the comment add:
* 0: Bad entry
* 1: Marked for moderation
* 2: Successfully posted
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code Captcha code entered
* @param string $code_ok Captcha md5 expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @return int
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon)
{
global $_zp_captcha;
$result = commentObjectClass($receiver);
list($type, $class) = $result;
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
$admins = getAdministrators();
$admin = array_shift($admins);
$key = $admin['pass'];
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) {
return -2;
}
if (getOption('comment_name_required') && empty($name)) {
return -3;
}
if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) {
return -4;
}
if (getOption('Use_Captcha')) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
return -5;
}
}
if (empty($comment)) {
return -6;
}
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
$goodMessage = 2;
$gallery = new gallery();
if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip);
}
if ($goodMessage) {
if ($goodMessage == 1) {
$moderate = 1;
} else {
$moderate = 0;
}
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$receiverid = $receiver->id;
// Update the database entry with the new comment
query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")');
if ($moderate) {
$action = "placed in moderation";
} else {
// add to comments array and notify the admin user
$newcomment = array();
$newcomment['name'] = $name;
$newcomment['email'] = $email;
$newcomment['website'] = $website;
$newcomment['comment'] = $comment;
$newcomment['date'] = time();
$receiver->comments[] = $newcomment;
$action = "posted";
}
// switch added for zenpage support
$class = get_class($receiver);
switch ($class) {
case "Albums":
$on = $receiver->name;
$url = "album=" . urlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
break;
case "ZenpageNews":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink());
break;
case "ZenpagePage":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink());
break;
default:
// all image types
$on = $receiver->getAlbumName() . " about " . $receiver->getTitle();
$url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
break;
}
if (getOption('email_new_comments')) {
$last_comment = fetchComments(1);
$last_comment = $last_comment[0]['id'];
$message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n";
$emails = array();
$admin_users = getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone else with full rights
if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
// take out for zenpage comments since there are no album admins
if ($type === "images" or $type === "albums") {
$id = $ur_album->getAlbumID();
$sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}";
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$admin = $admin_users[$anadmin['adminid']];
if (!empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails);
}
}
return $goodMessage;
}
public function execute()
{
$action = $this->getMain()->getVal('type');
$page = $this->getMain()->getVal('pageid');
try {
// If post is set, get the post object by id
// By fetching the post object, we also validate the id
$postList = $this->getMain()->getVal('postid');
$postList = $this->parsePostList($postList);
switch ($action) {
case 'list':
if (!$page) {
$this->dieNoParam('pageid');
}
$this->getResult()->addValue(null, $this->getModuleName(), $this->fetchPosts($page));
break;
case 'like':
if (!$postList) {
$this->dieNoParam('postid');
}
foreach ($postList as $post) {
$post->setUserAttitude($this->getUser(), Post::ATTITUDE_LIKE);
}
$this->getResult()->addValue(null, $this->getModuleName(), '');
break;
case 'dislike':
if (!$postList) {
$this->dieNoParam('postid');
}
foreach ($postList as $post) {
$post->setUserAttitude($this->getUser(), Post::ATTITUDE_NORMAL);
}
$this->getResult()->addValue(null, $this->getModuleName(), '');
break;
case 'report':
if (!$postList) {
$this->dieNoParam('postid');
}
foreach ($postList as $post) {
$post->setUserAttitude($this->getUser(), Post::ATTITUDE_REPORT);
}
$this->getResult()->addValue(null, $this->getModuleName(), '');
break;
case 'delete':
if (!$postList) {
$this->dieNoParam('postid');
}
foreach ($postList as $post) {
$post->delete($this->getUser());
}
$this->getResult()->addValue(null, $this->getModuleName(), '');
break;
case 'recover':
if (!$postList) {
$this->dieNoParam('postid');
}
foreach ($postList as $post) {
$post->recover($this->getUser());
}
$this->getResult()->addValue(null, $this->getModuleName(), '');
break;
case 'erase':
if (!$postList) {
$this->dieNoParam('postid');
}
foreach ($postList as $post) {
$post->erase($this->getUser());
}
$this->getResult()->addValue(null, $this->getModuleName(), '');
break;
case 'post':
if (!$page) {
$this->dieNoParam('pageid');
}
$text = $this->getMain()->getVal('content');
if (!$text) {
$this->dieNoParam('content');
}
// Permission check
Post::checkIfCanPost($this->getUser());
$spam = !SpamFilter::validate($text);
// Parse as wikitext if specified
if ($this->getMain()->getCheck('wikitext')) {
$parser = new \Parser();
$opt = new \ParserOptions($this->getUser());
$opt->setEditSection(false);
$output = $parser->parse($text, \Title::newFromId($page), $opt);
$text = $output->getText();
unset($parser);
unset($opt);
unset($output);
}
$data = array('id' => null, 'pageid' => $page, 'userid' => $this->getUser()->getId(), 'username' => $this->getUser()->getName(), 'text' => $text, 'parentid' => count($postList) ? $postList[0]->id : null, 'status' => $spam ? Post::STATUS_SPAM : Post::STATUS_NORMAL, 'like' => 0, 'report' => 0);
$postObject = new Post($data);
global $wgMaxNestLevel;
// Restrict max nest level
if ($postObject->getNestLevel() > $wgMaxNestLevel) {
$postObject->parentid = $postObject->getParent()->parentid;
$postObject->parent = $postObject->getParent()->parent;
}
$postObject->post();
if ($spam) {
global $wgTriggerFlowThreadHooks;
if ($wgTriggerFlowThreadHooks) {
\Hooks::run('FlowThreadSpammed', array($postObject));
}
}
$this->getResult()->addValue(null, $this->getModuleName(), '');
break;
default:
$this->dieUsage("Unrecognized value for parameter 'type': {$action}", 'unknown_type');
}
} catch (\UsageException $e) {
throw $e;
} catch (\Exception $e) {
$this->getResult()->addValue("error", 'code', 'unknown_error');
$this->getResult()->addValue("error", 'info', $e->getMessage());
}
return true;
}
$can_erase = true;
}
if ($can_erase) {
$pastebin->deletePost($pid, $is_admin);
$page['delete_message'] = t('Your post has been deleted');
} else {
$page['delete_message'] = t('You cannot delete this post - contact us if you need further assistance');
$_REQUEST["show"] = $pid;
}
}
if (isset($_POST['abuse'])) {
$pid = $pastebin->cleanPostId($_REQUEST['pid']);
$post = $pastebin->getPost($pid);
//is it spam?
require_once 'pastebin/spamfilter.class.php';
$filter = new SpamFilter();
$score = $filter->getSpamScore($post['code']);
//bot posting this this? shouldn't happen any more as form is posted
//$is_bot=preg_match('/googlebot|slurp|msnbot/i',$_SERVER['HTTP_USER_AGENT']);
//some form bots just send garbage
$badpost = !in_array($_POST['abuse'], array('spam', 'personal', 'proprietary', 'other'));
//anything that can't do javascript must be a bot to be sending this...
$badpost = $badpost || $_POST['processabuse'] == 1;
//only send mail if not triggered by bot
if (!$badpost) {
$abuse = preg_replace('[^a-z0-9\\s]', '', $_POST['abuse']);
$sender = isset($_POST['sender']) ? trim($_POST['sender']) : '';
if (empty($sender)) {
$sender = "n/a";
}
$comments = isset($_POST['comments']) ? trim($_POST['comments']) : '';
function doPost(&$post)
{
$id = 0;
$this->errors = array();
//validate some inputs
$post['poster'] = $this->_cleanUsername($post['poster']);
$post['format'] = $this->_cleanFormat($post['format']);
$post['expiry'] = $this->_cleanExpiry($post['expiry']);
//get a token we'll use to remember this post
$post['token'] = isset($_COOKIE['persistToken']) ? $this->_cleanToken($_COOKIE['persistToken']) : md5(uniqid(rand(), true));
//set/clear the persistName cookie
if (isset($post['remember'])) {
$value = $post['poster'] . '#' . $post['format'] . '#' . $post['expiry'];
//set cookie if not set
if (!isset($_COOKIE['persistName']) || $value != $_COOKIE['persistName']) {
setcookie('persistName', $value, time() + 3600 * 24 * 365);
}
if (!isset($_COOKIE['persistToken'])) {
setcookie('persistToken', $post['token'], time() + 3600 * 24 * 365);
}
} else {
//clear cookie if set
if (isset($_COOKIE['persistName'])) {
setcookie('persistName', '', 0);
}
}
if (strlen($post['code2'])) {
if (strlen($post['poster']) == 0) {
$post['poster'] = 'Anonymous';
}
$format = $post['format'];
if (!array_key_exists($format, $this->conf['all_syntax'])) {
$format = '';
}
$code = $post['code2'];
//is it spam?
require_once 'pastebin/spamfilter.class.php';
$filter = new SpamFilter();
if ($filter->canPost($post)) {
//now insert..
$parent_pid = '';
if (isset($post['parent_pid'])) {
$parent_pid = $this->cleanPostId($post['parent_pid']);
}
$id = $this->db->addPost($post['poster'], $this->conf['subdomain'], $format, $code, $parent_pid, $post['expiry'], $post['token']);
} else {
$this->errors[] = 'Sorry, your post tripped our spam/abuse filter - let us know if you think this could be improved';
}
} else {
$this->errors[] = 'No code specified';
}
return $id;
}
private function regex_match_from_blacklist($text, $blacklist)
{
if (!file_exists($blacklist)) {
$path = $this->blacklist_directory;
if ($path === null) {
$path = SpamFilter::default_blacklist_directory();
}
// Check to see if they supplied a relative path instead of an absolute one.
$blacklist_absolute = $path . DIRECTORY_SEPARATOR . $blacklist;
if (file_exists($blacklist_absolute)) {
$blacklist = $blacklist_absolute;
} else {
// Is this the proper way to throw errors in PHP?
trigger_error("[SpamFilter::regex_match_from_blacklist()] Error: Cannot find blacklist with name `{$blacklist_absolute}`.");
return false;
}
}
$keywords = file($blacklist);
$current_line = 0;
$regex_match = array();
foreach ($keywords as $regex) {
$current_line++;
// Remove comments and whitespace before and after a keyword
$regex = preg_replace('/(^\\s+|\\s+$|\\s*#.*$)/i', "", $regex);
if (empty($regex)) {
continue;
}
$match = @preg_match("/{$regex}/i", $text, $regex_match);
if ($match) {
// Spam found. Return the text that was matched
return $regex_match[0];
} else {
if ($match === false) {
trigger_error("[SpamFilter::regex_match_from_blacklist()] Error: Invalid regular expression in `{$blacklist}` line {$current_line}.");
continue;
}
}
}
// No spam found
return false;
}
<?php
ob_start();
session_start();
//https://github.com/IQAndreas/php-spam-filter
require_once 'spamfilter.php';
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$m = new MongoClient();
$db = $m->map;
$collection = $db->reports;
$constituency = $_SESSION["constituency"];
$title = htmlspecialchars($_POST["title"]);
$description = str_replace("\n", "<br/>", nl2br($_POST["description"]));
$filter = new SpamFilter();
$result = $filter->check_text($_POST["title"]);
if ($result) {
$collection = $db->attempts;
$incorrectAttempts = $collection->count(array("ip" => $_SERVER['REMOTE_ADDR']));
if ($incorrectAttempts) {
$attempts = $collection->find(array("ip" => $_SERVER['REMOTE_ADDR']));
foreach ($attempts as $attempt) {
$wrongAttempts = $attempt["count"];
if ($wrongAttempts < 3) {
$collection->update(array("ip" => $_SERVER['REMOTE_ADDR']), array('$inc' => array("count" => 1)));
} else {
$collection->update(array("ip" => $_SERVER['REMOTE_ADDR']), array('$set' => array("blockedAt" => new MongoDate(), "blocked" => 1)));
$collection->ensureIndex(array('blockedAt' => 1), array('expireAfterSeconds' => 900));
$_SESSION["locked"] = 1;
}
}
function spam_filter($plugin)
{
$spamfilter = new SpamFilter($_POST, $plugin);
// CAPTCHAでの認証が通っている場合そのまま通す
if ($spamfilter->captcha_check()) {
return;
}
// 拒否条件に合っている場合、CAPTCHAでの認証すらせず終了
if ($spamfilter->is_spam()) {
die_message("Spam check failed. Plugin:" . $spamfilter->plugin_name . " Match:" . $spamfilter->message . "<br>\n");
}
// CAPTCHAする条件に合っている場合、CAPTCHAの表示
if ($spamfilter->is_spam(SPAM_FILTER_CAPTCHA_COND)) {
$spamfilter->captcha_show();
}
}
ob_start();
session_start();
//https://github.com/IQAndreas/php-spam-filter
require_once 'spamfilter.php';
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$fromuser = $_GET['user'];
$id = $_GET['id'];
$_SESSION['commentId'] = $id;
//empty comment
if (strlen($_POST['comment']) < 2) {
header('Location:report.php');
} else {
$comment = $_POST['comment'];
$filter = new SpamFilter();
$result = $filter->check_text($comment);
//spam detected
if ($result) {
$m = new MongoClient();
$db = $m->map;
$collection = $db->spammers;
$isSpammer = $collection->count(array('username' => $username));
//new spammer - welcome him by opening an account
if (!$isSpammer) {
$collection->insert(array('username' => $username, 'count' => 1));
} else {
$isSpammer = $collection->find(array('username' => $username));
foreach ($isSpammer as $c) {
//increase spam count
if ($c["count"] < 3) {
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a comment object
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code CAPTCHA code entered
* @param string $code_ok CAPTCHA hash expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @param bit $check bitmask of which fields must be checked. If set overrides the options
* @return object
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $check = false)
{
global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold;
if ($check === false) {
$whattocheck = 0;
if (getOption('comment_email_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED;
}
if (getOption('comment_name_required')) {
$whattocheck = $whattocheck | COMMENT_NAME_REQUIRED;
}
if (getOption('comment_web_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_WEB_REQUIRED;
}
if (getOption('Use_Captcha')) {
$whattocheck = $whattocheck | USE_CAPTCHA;
}
if (getOption('comment_body_requiired')) {
$whattocheck = $whattocheck | COMMENT_BODY_REQUIRED;
}
if (getOption('email_new_comments')) {
$whattocheck = $whattocheck | COMMENT_SEND_EMAIL;
}
} else {
$whattocheck = $check;
}
$type = $receiver->table;
$class = get_class($receiver);
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
$receiverid = $receiver->id;
$goodMessage = 2;
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$commentobj = new Comment();
$commentobj->transient = false;
// otherwise we won't be able to save it....
$commentobj->setOwnerID($receiverid);
$commentobj->setName($name);
$commentobj->setEmail($email);
$commentobj->setWebsite($website);
$commentobj->setComment($comment);
$commentobj->setType($type);
$commentobj->setIP($ip);
$commentobj->setPrivate($private);
$commentobj->setAnon($anon);
$commentobj->setInModeration(0);
if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) {
$commentobj->setInModeration(-2);
$commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) {
$commentobj->setInModeration(-3);
$commentobj->comment_error_text .= ' ' . gettext("You must enter your name.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) {
$commentobj->setInModeration(-4);
$commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL.");
$goodMessage = false;
}
if ($whattocheck & USE_CAPTCHA) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$commentobj->setInModeration(-5);
$commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed.");
$goodMessage = false;
}
}
if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) {
$commentobj->setInModeration(-6);
$commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text.");
$goodMessage = false;
}
$moderate = 0;
if ($goodMessage && !(false === ($requirePath = getPlugin('spamfilters/' . internalToFilesystem(getOption('spam_filter')) . ".php")))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, $receiver, $ip);
switch ($goodMessage) {
case 0:
$commentobj->setInModeration(2);
$commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), getOption('spam_filter'));
$goodMessage = false;
break;
case 1:
$_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), getOption('spam_filter'));
$commentobj->comment_error_text .= $_zp_comment_on_hold;
$commentobj->setInModeration(1);
$moderate = 1;
break;
case 2:
$commentobj->setInModeration(0);
break;
}
}
$localerrors = $commentobj->getInModeration();
zp_apply_filter('comment_post', $commentobj, $receiver);
if ($check === false) {
// ignore filter provided errors if caller is supplying the fields to check
$localerrors = $commentobj->getInModeration();
}
if ($goodMessage && $localerrors >= 0) {
// Update the database entry with the new comment
$commentobj->save();
// add to comments array and notify the admin user
if (!$moderate) {
$receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData());
}
$class = strtolower(get_class($receiver));
switch ($class) {
case "album":
$url = "album=" . pathurlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your album "%1$s".'), $receiver->name);
} else {
$action = sprintf(gettext('A comment has been posted on your album "%1$s".'), $receiver->name);
}
break;
case "zenpagenews":
$url = "p=news&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your article "%1$s".'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your article "%1$s".'), $receiver->getTitlelink());
}
break;
case "zenpagepage":
$url = "p=pages&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your page "%1$s".'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your page "%1$s".'), $receiver->getTitlelink());
}
break;
default:
// all image types
$url = "album=" . pathurlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName());
} else {
$action = sprintf(gettext('A comment has been posted on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName());
}
break;
}
if ($whattocheck & COMMENT_SEND_EMAIL) {
$message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/admin-comments.php?page=editcomment&id=' . $commentobj->id);
$emails = array();
$admin_users = $_zp_authority->getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone with full rights
if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
if ($type === "images" or $type === "albums") {
// mail to album admins
$id = $ur_album->getAlbumID();
$sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type`="album"';
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$id = $anadmin['adminid'];
if (array_key_exists($id, $admin_users)) {
$admin = $admin_users[$id];
if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
}
$on = gettext('Comment posted');
$gallery = new Gallery();
$result = zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails);
if ($result) {
$commentobj->setInModeration(-12);
$commentobj->comment_error_text = $result;
}
}
}
return $commentobj;
}
