Example #1
0
/**
 * Inserts previously filled fields for commenting. They can come from either
 * a previous submit (when previewing, or when an error in the form occurred)
 * or from the cookie.
 *
 * @param array $params
 * @param object $smarty
 * @return string
 */
function smarty_remember($params, &$smarty)
{
    global $PIVOTX, $temp_comment;
    static $default_values;
    $params = cleanParams($params);
    $name = $params['name'];
    // Only calculate previous fields once
    if (!is_array($default_values)) {
        $default_values = array();
        // Get the cookies in an array.. (Why aren't we just using $_COOKIE?)
        if (isset($_SERVER['HTTP_COOKIE'])) {
            foreach (explode(";", $_SERVER['HTTP_COOKIE']) as $cookie) {
                list($key, $value) = explode("=", $cookie);
                $default_values[trim($key)] = urldecode(trim($value));
            }
        }
        if (!empty($temp_comment) && is_array($temp_comment)) {
            $default_values = $temp_comment;
        } else {
            if (!empty($_COOKIE['pivotxcomment'])) {
                $cookie = explode('|', $_COOKIE['pivotxcomment']);
                $default_values['name'] = $cookie[0];
                $default_values['email'] = $cookie[1];
                $default_values['url'] = $cookie[2];
                $default_values['reguser'] = $cookie[3];
                $default_values['notify'] = $cookie[4];
                $default_values['discreet'] = $cookie[5];
                $default_values['rememberinfo'] = 1;
            } else {
                // Check if this is a logged in registered visitor
                require_once $PIVOTX['paths']['pivotx_path'] . 'modules/module_userreg.php';
                $visitors = new Visitors();
                if ($visitor = $visitors->isLoggedIn()) {
                    $default_values['name'] = $visitor['name'];
                    $default_values['email'] = $visitor['email'];
                    $default_values['url'] = $visitor['url'];
                    $default_values['notify'] = $visitor['notify_default'];
                    $default_values['discreet'] = 1 - $visitor['show_address'];
                }
            }
        }
        // Posted values should override cookies since they are newer.
        // (The corresponding posted keys start with "piv_".)
        foreach ($_POST as $key => $value) {
            if (substr($key, 0, 4) == 'piv_') {
                $default_values[substr($key, 4)] = urldecode(trim($value));
            }
        }
        // Execute hooks, if present, and (potentially) override existing values.
        $hookname = "remember";
        $hook_values = $PIVOTX['extensions']->executeHook('template', $hookname, $default_values);
        if (is_array($hook_values)) {
            $default_values = $hook_values;
        }
    }
    switch ($name) {
        case 'all':
            echo "<h1>koekies</h1><pre>cookies:";
            print_r($_COOKIE);
            echo "</pre>";
            break;
        case 'name':
            return !empty($default_values['name']) ? encodeText($default_values['name']) : "";
            break;
        case 'email':
            return !empty($default_values['email']) ? encodeText($default_values['email']) : "";
            break;
        case 'url':
            return !empty($default_values['url']) ? encodeText($default_values['url']) : "";
            break;
        case 'comment':
            return !empty($default_values['comment']) ? $default_values['comment'] : "";
            break;
        case 'rememberinfo':
            return !empty($default_values['rememberinfo']) ? "checked='checked'" : "";
            break;
        case 'notify':
            return !empty($default_values['notify']) ? "checked='checked'" : "";
            break;
        case 'discreet':
            return !empty($default_values['discreet']) ? "checked='checked'" : "";
            break;
        case 'reguser':
            return !empty($default_values['piv_reguser']) ? $default_values['piv_reguser'] : "";
            break;
    }
}
/**
 * Enter description here...
 *
 */
function handlePostComment()
{
    global $weblogmessage, $PIVOTX, $temp_comment;
    $entry = $PIVOTX['db']->read_entry($_POST['piv_code']);
    // Check if we're allowed to comment on this entry. 'isset' is needed, because old entries
    // might not have 'allow comments' set to either choice.
    if (isset($entry['allow_comments']) && $entry['allow_comments'] == 0) {
        echo "Spam is not appreciated.";
        logspammer($_POST['piv_comment'], "closedcomments");
        die;
    }
    // execute a hook here before a comment is processed
    $PIVOTX['extensions']->executeHook('comment_before_processing', $entry);
    $registered = 0;
    // check if the current poster is a (logged in) registered visitor.
    require_once $PIVOTX['paths']['pivotx_path'] . 'modules/module_userreg.php';
    $visitors = new Visitors();
    if ($visitor = $visitors->isLoggedIn()) {
        if ($visitor['name'] == $_POST['piv_name']) {
            $registered = 1;
        }
    }
    // Strip out HTML from input..
    $_POST['piv_name'] = strip_tags($_POST['piv_name']);
    $_POST['piv_email'] = strip_tags($_POST['piv_email']);
    $_POST['piv_url'] = strip_tags($_POST['piv_url']);
    if ($PIVOTX['config']->get('allow_html_in_comments') == 1) {
        $_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "*");
    } else {
        $_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "<b><em><i><strong>");
    }
    // Do some more processing on the comment itself: trimming, standardizing line-breaks.
    $comment_text = stripTrailingSpace($_POST['piv_comment']);
    $comment_text = str_replace("\r\n", "\n", $comment_text);
    // CRLF(Win) to LF
    $comment_text = str_replace("\r", "\n", $comment_text);
    // CR(Mac) to LF
    $temp_comment = array('entry_uid' => intval($_POST['piv_code']), 'name' => encodeText($_POST['piv_name']), 'email' => encodeText($_POST['piv_email']), 'url' => encodeText($_POST['piv_url']), 'ip' => $_SERVER['REMOTE_ADDR'], 'useragent' => $_SERVER['HTTP_USER_AGENT'], 'date' => formatDate("", "%year%-%month%-%day%-%hour24%-%minute%"), 'comment' => $comment_text, 'registered' => $registered, 'notify' => intval($_POST['piv_notify']), 'discreet' => intval($_POST['piv_discreet']), 'rememberinfo' => intval($_POST['piv_rememberinfo']), 'moderate' => $PIVOTX['config']->get('moderate_comments'), 'spamscore' => 0);
    if ($temp_comment['rememberinfo'] == 1) {
        rememberCommentInfo($temp_comment);
    }
    //here we do a check to prevent double entries...
    $duplicate = FALSE;
    if (isset($entry['comments']) && count($entry['comments']) > 0) {
        foreach ($entry['comments'] as $loop_comment) {
            $diff = 1 / (min(strlen($loop_comment['comment']), 200) / (levenshtein(substr($loop_comment['comment'], 0, 200), substr($temp_comment['comment'], 0, 200)) + 1));
            if ($diff < 0.25 && $loop_comment['ip'] == $temp_comment['ip']) {
                $duplicate = TRUE;
                break;
            }
        }
    }
    // Check for Hashcash violations..
    if ($PIVOTX['config']->get('hashcash') == 1 && !hashcash_check_hidden_tag()) {
        $weblogmessage = getDefault($PIVOTX['config']->get('hashcash_message'), __('The Hashcash code was not valid, so this comment could not be posted. If you believe this is an error, please make sure you have a modern browser, and that Javascript is enabled. If it still doesn\'t work, contact the maintainer of this website.'));
        unset($_POST['post']);
        $_POST['preview'] = true;
        $spammessage = substr(implode(", ", $temp_comment), 0, 250);
        logspammer($_SERVER["REMOTE_ADDR"], "hashcash", "pom pom pom", $spammessage);
    }
    // Check for SpamQuiz violations, but not when previewing..
    if ($PIVOTX['config']->get('spamquiz') == 1 && !isset($_POST['preview'])) {
        // Is the entry old enough?
        $entryDate = substr($PIVOTX['db']->entry['date'], 0, 10);
        $then = strtotime($entryDate);
        $secsPerDay = 60 * 60 * 24;
        $now = strtotime('now');
        $diff = $now - $then;
        $dayDiff = $diff / $secsPerDay;
        $numDaysOld = (int) $dayDiff;
        if ($numDaysOld > $PIVOTX['config']->get("spamquiz_age")) {
            if (strtolower($_POST['spamquiz_answer']) != strtolower($PIVOTX['config']->get("spamquiz_answer"))) {
                $weblogmessage = __('The Spamquiz answer was not correct, so this comment could not be posted. If you believe this is an error, please try again. If it still doesn\'t work, contact the maintainer of this website.');
                unset($_POST['post']);
                $_POST['preview'] = true;
                logspammer($_SERVER["REMOTE_ADDR"], "spamquiz");
            } else {
                // Store the correct answer in a cookie.
                $sess = $PIVOTX['session'];
                setcookie("spamquiz_answer", $_POST["spamquiz_answer"], time() + $sess->cookie_lifespan, $sess->cookie_path, $sess->cookie_domain);
            }
        }
    }
    // set the message and take proper action:
    if (isset($_POST['preview'])) {
        // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
        $temp_comment['showpreview'] = 1;
        // update the current entry
        $entry['comments'][] = $temp_comment;
        if (empty($weblogmessage)) {
            $weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
        }
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    } else {
        if ($temp_comment['spamscore'] > $PIVOTX['config']->get('spamthreshold')) {
            // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
            $temp_comment['showpreview'] = 1;
            $weblogmessage = __('Your comment has not been stored, because it seems to be spam.');
            unset($_POST['post']);
            $_POST['preview'] = TRUE;
        } else {
            if ($duplicate) {
                $temp_comment['duplicate'] = true;
                // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
                $temp_comment['showpreview'] = 1;
                $weblogmessage = __('Your comment has not been stored, because it seems to be a duplicate of a previous entry.');
                unset($_POST['post']);
                $_POST['preview'] = TRUE;
            } else {
                if ($PIVOTX['config']->get('moderate_comments') == 1) {
                    // update the current entry
                    $entry['comments'][] = $temp_comment;
                    $weblogmessage = __('Your comment has been stored. Because comment moderation is enabled, it is now waiting for approval by an editor.');
                    $_POST['post'] = TRUE;
                } else {
                    // update the current entry
                    $entry['comments'][] = $temp_comment;
                    $weblogmessage = __('Your comment has been stored.');
                    $_POST['post'] = TRUE;
                }
            }
        }
    }
    // if comment or name is missing, give a notice, and show the form again..
    if (strlen($temp_comment['name']) < 2) {
        $weblogmessage = __('You should type your name (or an alias) in the "name"-field. Be sure to click on "Post Comment" to store it permanently.');
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    }
    if (strlen($temp_comment['comment']) < 3) {
        $weblogmessage = __('You should type something in the "comment"-field. Be sure to click on "Post Comment" to store it permanently.');
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    }
    if ($PIVOTX['config']->get('maxhrefs') > 0) {
        $low_comment = strtolower($temp_comment['comment']);
        $low_comment_formatted = strtolower(commentFormat($temp_comment['comment']));
        if (substr_count($low_comment, "href=") > $PIVOTX['config']->get('maxhrefs') || substr_count($low_comment_formatted, "href=") > $PIVOTX['config']->get('maxhrefs')) {
            $weblogmessage = __('The maximum number of hyperlinks was exceeded. Stop spamming.');
            unset($_POST['post']);
            $_POST['preview'] = TRUE;
        }
    }
    // execute a hook here after a comment is processed but before that comment is saved
    $PIVOTX['extensions']->executeHook('comment_before_save', $entry);
    if (isset($_POST['post'])) {
        $PIVOTX['db']->set_entry($entry);
        $PIVOTX['db']->save_entry(FALSE);
        // do not update the index.
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        //update the 'latest comments' file
        if (isset($temp_comment)) {
            if ($PIVOTX['config']->get('moderate_comments') != 1) {
                generateLatestComments($temp_comment);
                debug("comment from '" . $_POST['piv_name'] . "' added.");
            } else {
                generateModerationQueue($temp_comment);
                debug("comment from '" . $_POST['piv_name'] . "' added to moderation queue.");
            }
        }
        // Handle the users that want to be notified via email..
        if ($PIVOTX['config']->get('dont_send_mail_notification') != 1) {
            $notifications = sendMailNotification('comment', array($PIVOTX['db']->entry, $temp_comment, $PIVOTX['config']->get('moderate_comments')));
        }
        // send mail..
        sendMailComment($temp_comment, $notifications);
        // Don't display the 'preview' of the comment after posting.
        $temp_comment = array();
        unset($_POST);
        // Clean the simple cache..
        $PIVOTX['cache']->clear();
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        // Redirect to the entrypage from which we came. (prevents reload-resubmit)
        $uri = $_SERVER['REQUEST_URI'];
        if (strpos($uri, "?") > 0) {
            $uri .= "&weblogmessage=" . urlencode($weblogmessage);
        } else {
            $uri .= "?weblogmessage=" . urlencode($weblogmessage);
        }
        header('Location: ' . $uri);
        exit;
    }
    // Set the 'you are previewing' message..
    if (isset($_POST['preview']) && empty($weblogmessage)) {
        $weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
    }
    // execute a hook here after a comment is saved and the mails are sent
    $PIVOTX['extensions']->executeHook('comment_after_save', $entry);
    // After messing about with the comments, clear the cache.
    $PIVOTX['cache']->cache['entries'] = array();
}