function feedback() { header("Content-type: application/xml"); $pattern = '/^xe360/i'; $content = trim(AZLib::getParam('content')); $comment_id = (int) Url::get('comment_id', 0); $sender_user_name = trim(AZLib::getParam('user_name')); $sender_email = trim(AZLib::getParam('sender_email')); $comment_row = array(); if (isset($_COOKIE['setTimeOutComment'])) { if (time() - $_COOKIE['setTimeOutComment'] <= 30) { // 30 giay echo "<comments><content>time_out</content></comments>"; exit; } } else { AZLib::my_setcookie("setTimeOutComment", time(), 30 + TIME_NOW); // 30 giay } if (preg_match($pattern, $sender_user_name) || preg_match($pattern, $sender_email) || preg_match($pattern, $content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (User::is_login() && User::is_block()) { echo "<comments><content>no_perm</content></comments>"; exit; } if ($comment_id) { $comment_row = DB::select('comment', "id={$comment_id}"); if (!$comment_row) { echo "<comments><content>no_perm</content></comments>"; exit; } if (User::is_login() && $comment_row['sender_user_id'] == User::id()) { //Không được trả lời cho chính mình! echo "<comments><content>no_perm</content></comments>"; exit; } if (!($item = Item::get_item($comment_row['item_id']))) { echo "<comments><content>no_perm</content></comments>"; exit; } } else { $item_id = (int) Url::get('item_id', 0); if (!$item_id || !($item = Item::get_item($item_id))) { echo "<comments><content>no_perm</content></comments>"; exit; } } $item_memcache = $item; if (AZLib::isBlackList(User::id(), $item['user_id'])) { echo "<comments><content>blacklist</content></comments>"; exit; } if (!User::is_login() && AZLib::checkBadWord($sender_user_name)) { echo "<comments><content>bad_word</content></comments>"; exit; } if ($item["state"] == 1 && !User::have_permit(ADMIN_ITEM)) { echo "<comments><content>no_perm</content></comments>"; exit; } $username = strtolower($sender_user_name); if (!User::is_login() && (strlen($username) < 3 || strlen($sender_email) < 3 || $username == 'admin' || $username == 'administrator' || $username == 'moderator' || $username == 'enbac')) { echo "<comments><content>bad_word</content></comments>"; exit; } if (AZLib::checkBadWord($content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (!User::is_login()) { $captcha = AZLib::getParam('captcha'); if (!isset($_SESSION["enbac_validate"]) || $captcha == '' || $captcha != $_SESSION["enbac_validate"]) { echo "<comments><content>false_captcha</content></comments>"; exit; } } $content = preg_replace("/\n/", "<br />", $content); $content = str_replace('<br /><br />', ' ', $content); $receiver_user_id = 0; $receiver_username = ''; if ($comment_id) { if ($comment_row['parent_id']) { $receiver_user_id = $comment_row['sender_user_id']; $receiver_username = $comment_row['sender_user_name']; if ($receiver_user_id) { $content = '@<a href="' . WEB_DIR . $receiver_username . '" class="fast_reply_link" title="' . $receiver_username . '">' . $receiver_username . '</a>: ' . $content; } else { $content = '<font color="#999">@<span style="text-decoration:underline">' . $receiver_username . '</span> </font>: ' . $content; } $parent_id = $comment_row['parent_id']; } else { $parent_id = $comment_row['id']; } } else { $parent_id = 0; } $user_item = User::getUser($item['user_id']); if ($user_item) { if (User::id()) { $sender_user_name = User::user_name(); } else { // set guest cookie $week = 60 * 60 * 24 * 365 + TIME_NOW; AZLib::my_setcookie("guest_name", $sender_user_name, $week); AZLib::my_setcookie("guest_email", $sender_email, $week); } $up_up_count = ''; if ($content != '') { $comment = array('content' => $content, 'item_id' => $item['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $item['user_id'], 'receiver_user_name' => $item['user_name'], 'display' => 1); if (User::id()) { if ($item['user_id'] == User::id()) { //Chuyển trạng thái đã trả lời khi comment chính topic của mình! $comment['status'] = 1; } $comment['sender_user_id'] = User::id(); $comment['sender_user_name'] = User::user_name(); } else { $comment['sender_user_id'] = 0; $comment['sender_user_name'] = $sender_user_name; $comment['sender_email'] = $sender_email; } if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id']) { $comment['replied_user_id'] = $comment_row['sender_user_id']; $comment['replied_user_name'] = $comment_row['sender_user_name']; } elseif ($comment_row && $comment_row['sender_user_id'] == $item['user_id']) { $comment['replied_status'] = 1; } $id = DB::insert('comment', $comment); if ($id) { if (!User::id()) { AZLib::reload_captcha(); } if ($parent_id) { $re = DB::query("SELECT id FROM comment WHERE item_id = {$item['id']} AND parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1"); if ($re) { if ($row = mysql_fetch_assoc($re)) { if ($row) { DB::query("UPDATE comment SET display = 0 WHERE parent_id = {$parent_id} AND display = 1 AND id<={$row['id']}"); } } } if ($comment_id == $parent_id) { if (User::is_login() && $item['user_id'] == User::id()) { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}"); } else { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); } } else { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); if (User::is_login() && $item['user_id'] == User::id()) { DB::query("UPDATE comment SET status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=1"); } } if (User::is_login()) { //Nếu là thành viên //Cập nhật lại replied_status nếu chưa được check! if ($item['user_id'] != User::id() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) { DB::query("UPDATE comment SET replied_status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=2"); //Cập nhật comment mới cho chính mình DB::query('UPDATE user SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0'); User::getUser(User::id(), 0, 1); } if ($item['user_id'] != User::id()) { //Nếu ko fải giao dịch của mình //Cập nhật comment mới cho chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']); User::getUser($item['user_id'], 0, 1); } elseif ($comment_row && $comment_row['status'] == 0) { //Cập nhật comment mới cho chính mình DB::query('UPDATE user SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0'); User::getUser(User::id(), 0, 1); } //Cập nhật comment mới cho người có comment được trả lời if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != User::id() && $comment_row['sender_user_id'] != $item['user_id']) { //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']); User::getUser($comment_row['sender_user_id'], 0, 1); } } else { //Nếu là khách vãng lai //Cập nhật comment mới cho chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']); User::getUser($item['user_id'], 0, 1); //Cập nhật comment mới cho người có comment được trả lời if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != $item['user_id']) { //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic DB::query('UPDATE user SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']); User::getUser($comment_row['sender_user_id'], 0, 1); } } } } $total_feedback = DB::count('comment', "item_id={$item['id']}"); $up_up_count = '<up_count>'; $up_up_count .= $user_item['up_item']; DB::update_id('item', array('reply_count' => $total_feedback), $item['id']); if (MEMCACHE_ON) { $item_memcache['reply_count'] = $total_feedback; AZMemcache::do_put("item:{$item['id']}", $item_memcache); } $up_up_count .= '</up_count>'; //Cập nhật cron job if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) { if (User::id()) { $sender_email = ''; } $link = WEB_ROOT . AZRewrite::formatUrl('?page=item_detail&id=' . $item['id'] . '&ebname=' . AZLib::safe_title($item['name'])); $title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$item['name']}</font></a>"; AZLib::addCronJob('item_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $item['id'], $title, $link); } } else { $id = 0; } $time = date('H:i - d/m'); $xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($content) . "]]></content><post_time>" . date('H:i') . "</post_time>"; $action = 'item_comment'; if (User::id() != $item['user_id']) { require_once ROOT_PATH . 'includes/enbac/comment.php'; Comment::addNewComment($item['user_id']); } $xml .= $up_up_count . "<id>" . $id % 3 . "</id></comments>"; //del cache html $caheFile = 'fb_' . $item['id']; StaticCache::delCache($caheFile); echo $xml; System::halt(); } }
function fn_comment() { header("Content-type: application/xml"); $content = trim(AZLib::getParam('content')); $comment_id = (int) Url::get('comment_id', 0); $comment_row = array(); if ($content == '') { echo "<comments><content>no_perm</content></comments>"; exit; } if (User::is_login()) { if (User::is_block()) { echo "<comments><content>no_perm</content></comments>"; exit; } $sender_user_name = User::user_name(); $sender_email = ''; } else { $sender_user_name = AZLib::getParam('user_name'); $sender_email = AZLib::getParam('sender_email', ''); $username_lower = strtolower($sender_user_name); if (strlen($username_lower) < 3 || $username_lower == 'admin' || $username_lower == 'administrator' || $username_lower == 'moderator' || $username_lower == 'enbac') { echo "<comments><content>bad_word</content></comments>"; exit; } } if ($comment_id) { $comment_row = DB::select("user_entry_comment", "id={$comment_id}"); if (!$comment_row || $comment_row && User::is_login() && $comment_row['sender_user_id'] == User::id()) { //Không được trả lời cho chính mình! echo "<comments><content>no_perm</content></comments>"; exit; } $entry_id = $comment_row['entry_id']; } else { $entry_id = (int) Url::get('entry_id', 0); } if (!$entry_id || !($user_entry = DB::select('user_entry', "id={$entry_id}"))) { echo "<comments><content>no_perm</content></comments>"; exit; } if (User::is_login() && AZLib::isBlackList(User::id(), $user_entry['user_id'])) { echo "<comments><content>blacklist</content></comments>"; exit; } if (!User::is_login() && AZLib::checkBadWord($sender_user_name) || AZLib::checkBadWord($content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (AZLib::checkBadWord($content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (!User::is_login()) { $captcha = AZLib::getParam('captcha'); if (!isset($_SESSION["enbac_validate"]) || $captcha == '' || $captcha != $_SESSION["enbac_validate"]) { echo "<comments><content>false_captcha</content></comments>"; exit; } } $content = preg_replace("/\n/", "<br />", $content); $content = str_replace('<br /><br />', ' ', $content); if ($comment_row) { if ($comment_row['parent_id']) { $parent_id = $comment_row['parent_id']; //$sender_user_name = $comment_row['sender_user_name']; $sender_user_name = User::user_name(); if ($comment_row['sender_user_id']) { $content = '@<a href="' . WEB_DIR . $comment_row['sender_user_name'] . '" class="fast_reply_link" title="' . $sender_user_name . '">' . $comment_row['sender_user_name'] . '</a>: ' . $content; } else { $content = '<font color="#999">@<span style="text-decoration:underline">' . $sender_user_name . '</span> </font>: ' . $content; } } else { $parent_id = $comment_row['id']; } } else { $parent_id = 0; } // set guest cookie if (!User::id()) { $week = 60 * 60 * 24 * 365 + TIME_NOW; AZLib::my_setcookie("guest_name", $sender_user_name, $week); AZLib::my_setcookie("guest_email", $sender_email, $week); } $user_entry_comment = array('content' => $content, 'entry_id' => $user_entry['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => AZLib::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $user_entry['user_id'], 'display' => 1, 'receiver_user_name' => $user_entry['user_name']); if (User::id()) { $user_entry_comment['sender_user_id'] = User::id(); } else { $user_entry_comment['sender_user_id'] = 0; $user_entry_comment['sender_email'] = $sender_email; } $user_entry_comment['sender_user_name'] = $sender_user_name; if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $user_entry['user_id']) { //Lưu lại người được trả lời $user_entry_comment['replied_user_id'] = $comment_row['sender_user_id']; $user_entry_comment['replied_user_name'] = $comment_row['sender_user_name']; } elseif ($comment_row && $comment_row['sender_user_id'] == $user_entry['user_id']) { $user_entry_comment['replied_status'] = 1; } $id = DB::insert('user_entry_comment', $user_entry_comment); if ($id) { if (!User::id()) { AZLib::reload_captcha(); } if ($parent_id) { $re = DB::query("SELECT id FROM user_entry_comment WHERE parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1"); if ($re) { if ($row = mysql_fetch_assoc($re)) { if ($row) { DB::query("UPDATE user_entry_comment SET display = 0 WHERE parent_id = {$comment_id} AND display = 1 AND id<={$row['id']}"); } } } if ($comment_id == $parent_id) { if (User::is_login() && $user_entry['user_id'] == User::id()) { DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}"); } else { DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); } } else { DB::query("UPDATE user_entry_comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); if (User::is_login() && $user_entry['user_id'] == User::id()) { DB::query("UPDATE user_entry_comment SET status=1 WHERE id = {$comment_id}"); } } //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=5"); //Cập nhật lại replied_status nếu chưa được check! if (User::is_login() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) { DB::query("UPDATE user_entry_comment SET replied_status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=6"); } } } $total_feedback = DB::count('user_entry_comment', 'entry_id="' . $user_entry['id'] . '"'); DB::update_id('user_entry', array('reply_count' => $total_feedback), $user_entry['id']); $xml = "<comments><content><![CDATA[" . AZLib::parseBBCode($content) . "]]></content><post_time>vài giây trước</post_time>"; $xml .= "<id>" . $id % 3 . "</id><parent_id>{$parent_id}</parent_id></comments>"; echo $xml; $user_item = User::getUser($user_entry['user_id']); if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) { if (User::id()) { $sender_email = ''; } $link = WEB_ROOT . '?page=user_entry&user_name=' . $user_entry['user_name'] . '&cmd_entry=view&entry_id=' . $user_entry['id'] . '&ebname=' . AZLib::safe_title($user_entry['title']); $link = AZRewrite::formatUrl($link); $title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$user_entry['title']}</font></a>"; AZLib::addCronJob('entry_comment', AZLib::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $user_entry['id'], $title, $link); } System::halt(); }