Exemple #1
0
function asc_add_to_blacklist($ip, $auto_blacklist, $max_attempt)
{
    if ($auto_blacklist) {
        $time = time();
        $temp = asc_read('temp');
        $key = array_search($ip, $temp['ip']);
        if ($key !== false) {
            if ($temp['time'][$key] < $time - 60) {
                $temp['time'][$key] = $time;
                $temp['attempt'][$key] = 1;
            } else {
                $temp['attempt'][$key]++;
                if ($max_attempt > 0 && $temp['attempt'][$key] > $max_attempt) {
                    $comname = isset($_POST['comname']) ? addslashes(trim($_POST['comname'])) : '';
                    $comurl = isset($_POST['comurl']) ? addslashes(trim($_POST['comurl'])) : '';
                    $data = asc_read();
                    if (strstr($data['name_keywords'], $comname) === false) {
                        $data['name_keywords'] .= '|' . $comname;
                    }
                    if (array_search($comurl, $data['url_keywords']) === false) {
                        $data['url_keywords'][] = $comurl;
                    }
                    if (array_search($ip, $data['blacklist']) === false) {
                        $data['blacklist'][] = $ip;
                    }
                    asc_write($data);
                    ascMsg("您的IP已被系统屏蔽,评论发表失败");
                }
            }
        } else {
            $temp['ip'][] = $ip;
            $temp['time'][] = $time;
            $temp['attempt'][] = 1;
        }
        if (count($temp['time']) > 50) {
            foreach ($temp['time'] as $key => $val) {
                if ($val < $time - 60) {
                    unset($temp['ip'][$key]);
                    unset($temp['time'][$key]);
                    unset($temp['attempt'][$key]);
                }
            }
        }
        asc_write($temp, 'temp');
    }
}
function plugin_setting_view()
{
    $DB = MySql::getInstance();
    ?>
<div class="containertitle2">
<a class="navi<?php 
    echo isset($_GET['advance']) ? 1 : 3;
    ?>
" href="./plugin.php?plugin=anti_spam_comment">基本设置</a>
<a class="navi<?php 
    echo isset($_GET['advance']) ? 2 : 4;
    ?>
" href="./plugin.php?plugin=anti_spam_comment&advance=true">高级选项</a>
<?php 
    if (isset($_GET['setting'])) {
        ?>
<span class="actived">插件设置完成</span><?php 
    }
    if (isset($_GET['error'])) {
        ?>
<span class="actived">插件设置失败</span><?php 
    }
    ?>
</div>
<?php 
    if (isset($_GET['advance'])) {
        $act = isset($_GET['act']) ? trim($_GET['act']) : '';
        if ($act) {
            global $CACHE;
            switch ($act) {
                case 'shieldname':
                    $id = isset($_GET['id']) ? intval($_GET['id']) : '';
                    //$DB->query("UPDATE ".DB_PREFIX."comment SET poster='该昵称已屏蔽' WHERE cid={$id}");
                    $DB->query("UPDATE " . DB_PREFIX . "comment SET comment='该评论已屏蔽',poster='该昵称已屏蔽' WHERE cid={$id}");
                    $CACHE->updateCache(array('sta', 'comment'));
                    header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
                    break;
                case 'delurl':
                    $id = isset($_GET['id']) ? intval($_GET['id']) : '';
                    $DB->query("UPDATE " . DB_PREFIX . "comment SET url='' WHERE cid={$id}");
                    $CACHE->updateCache(array('sta', 'comment'));
                    header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
                    break;
                case 'admin_all_coms':
                    $operate = isset($_POST['operate']) ? $_POST['operate'] : '';
                    $comments = isset($_POST['com']) ? array_map('intval', $_POST['com']) : array();
                    $commentsId = '(' . implode(',', $comments) . ')';
                    switch ($operate) {
                        case 'shieldname':
                            $DB->query("UPDATE " . DB_PREFIX . "comment SET comment='该评论已屏蔽',poster='该昵称已屏蔽' WHERE cid IN{$commentsId}");
                            $CACHE->updateCache(array('sta', 'comment'));
                            header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
                            break;
                        case 'delurl':
                            $DB->query("UPDATE " . DB_PREFIX . "comment SET url='' WHERE cid IN{$commentsId}");
                            $CACHE->updateCache(array('sta', 'comment'));
                            header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
                            break;
                    }
                    break;
                case 'save':
                    $comname = isset($_POST['comname']) ? addslashes(trim($_POST['comname'])) : '';
                    $comment = isset($_POST['comment']) ? addslashes(trim($_POST['comment'])) : '';
                    $commail = isset($_POST['commail']) ? addslashes(trim($_POST['commail'])) : '';
                    $comurl = isset($_POST['comurl']) ? addslashes(trim($_POST['comurl'])) : '';
                    if ($comurl && strncasecmp($comurl, 'http://', 7)) {
                        $comurl = 'http://' . $comurl;
                    }
                    $cid = isset($_POST['cid']) ? intval($_POST['cid']) : '';
                    $DB->query("UPDATE " . DB_PREFIX . "comment SET poster='{$comname}',comment='{$comment}',mail='{$commail}',url='{$comurl}' WHERE cid={$cid}");
                    $CACHE->updateCache(array('sta', 'comment'));
                    header("Location: ./plugin.php?plugin=anti_spam_comment&advance=true&setting=true");
                    break;
                case 'edit':
                    $Comment_Model = new Comment_Model();
                    $cid = isset($_GET['cid']) ? intval($_GET['cid']) : '';
                    extract($Comment_Model->getOneComment($cid));
                    ?>
<form action="./plugin.php?plugin=anti_spam_comment&advance=true&act=save" method="post">
<div>
	<li>昵称</li>
	<li><input size="40" value="<?php 
                    echo $poster;
                    ?>
" name="comname" /></li>
	<li>邮箱</li>
	<li><input size="40" value="<?php 
                    echo $mail;
                    ?>
" name="commail" /></li>
	<li>地址</li>
	<li><input size="40" value="<?php 
                    echo $url;
                    ?>
" name="comurl" /></li>
	<li>内容</li>
	<li><textarea name="comment" rows="3" cols="45"><?php 
                    echo $comment;
                    ?>
</textarea></li>
	<li>
	<input type="hidden" value="<?php 
                    echo $cid;
                    ?>
" name="cid" />
	<input type="submit" value="保 存" class="submit" />
	<input type="button" value="取 消" class="submit" onclick="javascript: window.history.back();" /></li>
</div>
</form>
<?php 
                    break;
            }
        } else {
            $blogid = isset($_GET['gid']) ? intval($_GET['gid']) : null;
            $hide = isset($_GET['hide']) ? addslashes($_GET['hide']) : '';
            $page = isset($_GET['page']) ? intval($_GET['page']) : 1;
            $ip = isset($_GET['ip']) ? addslashes($_GET['ip']) : '';
            $poster = isset($_GET['poster']) ? addslashes($_GET['poster']) : '';
            $addUrl_1 = $addUrl_2 = $addUrl_3 = $addUrl_4 = '';
            if ($blogid) {
                $addUrl_1 = "gid={$blogid}&";
                $blogid = "AND a.gid={$blogid}";
            }
            if ($hide) {
                $addUrl_2 = "hide={$hide}&";
                $hide = "AND a.hide='{$hide}'";
            }
            if ($ip) {
                $addUrl_3 = "ip={$ip}&";
                $ip = "AND a.ip='{$ip}'";
            }
            if ($poster) {
                $addUrl_4 = "poster={$poster}&";
                $poster = "AND a.poster='{$poster}'";
            }
            $addUrl = $addUrl_1 . $addUrl_2 . $addUrl_3 . $addUrl_4;
            $perpage_num = Option::get('admin_perpage_num');
            if ($page) {
                $startId = ($page - 1) * $perpage_num;
                $limit = " LIMIT {$startId}, " . $perpage_num;
            }
            $sql = "SELECT a.cid,a.hide,a.date,a.comment,a.gid,a.poster,a.ip,a.mail,a.url,b.title FROM " . DB_PREFIX . "comment as a, " . DB_PREFIX . "blog as b where 1=1 {$blogid} {$hide} {$ip} {$poster} AND a.gid=b.gid ORDER BY a.cid DESC";
            $query = $DB->query($sql);
            $cmnum = $DB->num_rows($query);
            $query = $DB->query($sql . $limit);
            $pageurl = pagination($cmnum, $perpage_num, $page, "./plugin.php?plugin=anti_spam_comment&advance=true&{$addUrl}page=");
            $sql = "SELECT a.cid,a.hide,a.date,a.comment,a.gid,a.poster,a.ip,a.mail,a.url,b.title FROM " . DB_PREFIX . "comment as a, " . DB_PREFIX . "blog as b where 1=1 {$blogid} AND a.hide='y' {$ip} AND a.gid=b.gid ORDER BY a.cid DESC";
            $hideCommNum = $DB->num_rows($DB->query($sql));
            if ($hideCommNum > 0) {
                $hide_ = $hide_y = $hide_n = '';
                $a = "hide_{$hide}";
                ${$a} = "class=\"filter\"";
                ?>
<div class="filters">
<span <?php 
                echo $hide_;
                ?>
><a href="./plugin.php?plugin=anti_spam_comment&advance=true&<?php 
                echo $addUrl_1 . $addUrl_3;
                ?>
">全部</a></span>
<span <?php 
                echo $hide_y;
                ?>
><a href="./plugin.php?plugin=anti_spam_comment&advance=true&hide=y&<?php 
                echo $addUrl_1 . $addUrl_3;
                ?>
">待审
<?php 
                $hidecmnum = ROLE == 'admin' ? $sta_cache['hidecomnum'] : $sta_cache[UID]['hidecommentnum'];
                if ($hidecmnum > 0) {
                    echo '(' . $hidecmnum . ')';
                }
                ?>
</a></span>
<span <?php 
                echo $hide_n;
                ?>
><a href="./plugin.php?plugin=anti_spam_comment&advance=true&hide=n&<?php 
                echo $addUrl_1 . $addUrl_3;
                ?>
">已审</a></span>
</div>
<?php 
            } elseif ($addUrl) {
                ?>
<div class="filters">
<span><a href="./plugin.php?plugin=anti_spam_comment&advance=true">全部</a></span>
</div>
<?php 
            }
            ?>
<form action="./plugin.php?plugin=anti_spam_comment&advance=true&act=admin_all_coms" method="post" name="form_com" id="form_com">
	<table width="100%" id="adm_comment_list" class="item_list">
		<thead>
			<tr>
				<th width="19"><input onclick="CheckAll(this.form)" type="checkbox" value="on" name="chkall" /></th>
				<th width="350"><b>内容</b></th>
				<th width="300"><b>评论者</b></th>
				<th width="250"><b>所属日志</b></th>
			</tr>
		</thead>
		<tbody>
		<?php 
            while ($res = $DB->fetch_array($query)) {
                $ishide = $res['hide'] == 'y' ? '<font color="red">[待审]</font>' : '';
                $mail = !empty($res['mail']) ? "({$res['mail']})" : '';
                $ip = !empty($res['ip']) ? "<br />IP:<a href=\"./plugin.php?plugin=anti_spam_comment&advance=true&ip={$res['ip']}\">{$res['ip']}</a>" : '';
                $url = !empty($res['url']) ? "({$res['url']})" : '';
                $res['content'] = str_replace('<br>', ' ', $res['comment']);
                $sub_content = subString($res['content'], 0, 50);
                $res['title'] = subString($res['title'], 0, 42);
                ?>
			<tr>
				<td><input type="checkbox" value="<?php 
                echo $res['cid'];
                ?>
" name="com[]" class="ids" /></td>
				<td><a href="./plugin.php?plugin=anti_spam_comment&advance=true&act=edit&cid=<?php 
                echo $res['cid'];
                ?>
"><?php 
                echo htmlspecialchars($sub_content);
                ?>
</a> <?php 
                echo $ishide;
                ?>
				<br /><?php 
                echo smartDate($res['date']);
                ?>
				<span style="display:none; margin-left:8px;">
				<a href="javascript: asc_confirm(<?php 
                echo $res['cid'];
                ?>
, 'name');">屏蔽内容</a>
				<a href="javascript: asc_confirm(<?php 
                echo $res['cid'];
                ?>
, 'url');">删除地址</a>
				</span>
				</td>
				<td><a href="./plugin.php?plugin=anti_spam_comment&advance=true&poster=<?php 
                echo urlencode($res['poster']);
                ?>
"><?php 
                echo htmlspecialchars($res['poster']);
                ?>
</a> <?php 
                echo $url;
                ?>
 <?php 
                echo $ip;
                ?>
 <?php 
                echo $mail;
                ?>
</td>
				<td><a href="./plugin.php?plugin=anti_spam_comment&advance=true&gid=<?php 
                echo $res['gid'];
                ?>
"><?php 
                echo $res['title'];
                ?>
</a></td>
			</tr>
		<?php 
            }
            ?>
		</tbody>
	</table>
	<div class="list_footer">
	选中项:
	<a href="javascript:asc_commentact('shieldname');">屏蔽内容</a>
	<a href="javascript:asc_commentact('delurl');">删除地址</a>
	<input name="operate" id="operate" res="" type="hidden" />
	</div>
	<div class="page"><?php 
            echo $pageurl;
            ?>
 (有<?php 
            echo $cmnum;
            ?>
条评论)</div> 
</form>
<script>
$(document).ready(function(){
	$("#adm_comment_list tbody tr:odd").addClass("tralt_b");
	$("#adm_comment_list tbody tr")
		.mouseover(function(){$(this).addClass("trover");$(this).find("span").show();})
		.mouseout(function(){$(this).removeClass("trover");$(this).find("span").hide();})
});
setTimeout(hideActived,2600);
function asc_commentact(act){
	if (getChecked('ids') == false) {
		alert('请选择要操作的评论');
		return;
	}
	if(act == 'shieldname' && !confirm('你确定要屏蔽所选评论的内容吗?')){return;}
	if(act == 'delurl' && !confirm('你确定要删除所选评论的评论人地址吗?')){return;}
	$("#operate").val(act);
	$("#form_com").submit();
}
function asc_confirm (id, property) {
	switch (property){
		case 'name':
		var urlreturn="./plugin.php?plugin=anti_spam_comment&advance=true&act=shieldname&id="+id;
		var msg = "你确定要屏蔽该评论内容?";break;
		case 'url':
		var urlreturn="./plugin.php?plugin=anti_spam_comment&advance=true&act=delurl&id="+id;
		var msg = "你确定要删除该评论人地址吗?";break;
	}
	if(confirm(msg)){window.location = urlreturn;}else {return;}
}
</script>
<?php 
        }
    } else {
        $data = asc_read();
        extract($data);
        $blacklist = implode("\n", $blacklist);
        $url_keywords = implode("\n", $url_keywords);
        $ex1 = $ex2 = '';
        $vari = array(array('英文字母abc…ABC…<font color="red">*</font>:', 'asc_letter'), array('数字0-9:', 'asc_digit'), array('英文字符(包括英文字母、数字和其它英文符号)<font color="red">*</font>:', 'asc_char'), array('星号*:', 'asc_star'));
        if ($auto_blacklist == 1) {
            $ex1 = 'checked="checked"';
        }
        if ($need_chinese == 1) {
            $ex2 = 'checked="checked"';
        }
        ?>
<form action="plugin.php?plugin=anti_spam_comment&action=setting" method="post">
<table cellspacing="8" cellpadding="4" width="95%" align="center" border="0">
	<tbody>
		<tr nowrap="nowrap">
		<td width="33%" align="right">评论时间间隔(秒):</td>
		<td width="67%"><input size="10" name="time_limit" type="text" value="<?php 
        echo $time_limit;
        ?>
" /></td>
		</tr>
		<tr nowrap="nowrap">
		<td width="33%" align="right">必须包含汉字:</td>
		<td width="67%"><input size="10" name="need_chinese" type="checkbox" value="1" <?php 
        echo $ex2;
        ?>
 /></td>
		</tr>
		<tr nowrap="nowrap">
		<td align="right" valign="top">IP黑名单:<br/><br/>
		可封IP段,填入IP开头地址,如162.204
		</td>
		<td><textarea name="blacklist" cols="" rows="4" style="width:300px;height:70px;"><?php 
        echo $blacklist;
        ?>
</textarea></td>
		</tr>
		<tr nowrap="nowrap">
		<td align="right">将频繁尝试发表评论的IP加入黑名单</td>
 		<td><input name="auto_blacklist" type="checkbox" value="1" <?php 
        echo $ex1;
        ?>
 /></td>
		</tr>
		<tr nowrap="nowrap">
		<td align="right">每分钟允许尝试评论次数:</td>
 		<td><input size="10" name="max_attempt" type="text" value="<?php 
        echo $max_attempt;
        ?>
" />(开启自动黑名单有效)</td>
		</tr>
		<tr nowrap="nowrap">
		<td align="right" valign="top">屏蔽词汇(以 | 分割):<br />
		可以使用通配符*或者系统<a href="#var">内置变量</a>
		</td>
		<td><textarea name="keywords" cols="" rows="4" style="width:300px;height:70px;"><?php 
        echo $keywords;
        ?>
</textarea></td>
		</tr>
		<tr nowrap="nowrap">
		<td align="right" valign="top">屏蔽昵称(以 | 分割):<br />
		可以使用通配符*或者系统<a href="#var">内置变量</a>
		</td>
		<td><textarea name="name_keywords" cols="" rows="4" style="width:300px;height:70px;"><?php 
        echo $name_keywords;
        ?>
</textarea></td>
		</tr>
		<tr nowrap="nowrap">
		<td align="right" valign="top">屏蔽地址(每行一条):<br/>
		可以使用通配符*或者系统<a href="#var">内置变量</a>
		</td>
		<td><textarea name="url_keywords" cols="" rows="4" style="width:300px;height:70px;"><?php 
        echo $url_keywords;
        ?>
</textarea></td>
		</tr>
		<tr>
		<td align="center" colspan="2"><input type="submit" value="保存设置" class="button" /></td>
		</tr>
	</tbody>
</table>
</form>
<b><a name="var"></a>内置变量</b>
<table cellspacing="8" cellpadding="4" width="95%" align="center" border="0">
	<tbody>
<?php 
        foreach ($vari as $value) {
            ?>
		<tr nowrap="nowrap">
		<td width="40%" align="right"><?php 
            echo $value[0];
            ?>
</td>
		<td width="60%"><b><?php 
            echo $value[1];
            ?>
</b></td>
		</tr>
<?php 
        }
        ?>
		<tr>
		<td align="center" colspan="2"><font color="red">*注</font>:该项仅当评论全文符合时过滤评论(例如关键字填入asc_letter时,仅过滤纯英文评论)</td>
		</tr>
	</tbody>
</table>
<?php 
    }
    ?>
<script>
$("#anti_spam_comment").addClass('sidebarsubmenu1');
</script>
<?php 
}