public function addComment()
 {
     $messageArray = array();
     $isAnonymous = false;
     $uniqueId = isset($_POST['wpdiscuz_unique_id']) ? trim($_POST['wpdiscuz_unique_id']) : '';
     $postId = isset($_POST['postId']) ? intval($_POST['postId']) : '';
     if ($uniqueId && $postId) {
         do_action('wpdiscuz_add_comment');
         if (function_exists('zerospam_get_key') && isset($_POST['wpdiscuz_zs']) && ($wpdiscuzZS = $_POST['wpdiscuz_zs'])) {
             $_POST['zerospam_key'] = $wpdiscuzZS == md5(zerospam_get_key()) ? zerospam_get_key() : '';
         }
         $commentDepth = isset($_POST['wc_comment_depth']) && intval($_POST['wc_comment_depth']) ? intval($_POST['wc_comment_depth']) : 1;
         $isInSameContainer = '1';
         $current_user = wp_get_current_user();
         if ($commentDepth > $this->optionsSerialized->wordpressThreadCommentsDepth) {
             $commentDepth = $this->optionsSerialized->wordpressThreadCommentsDepth;
             $isInSameContainer = '0';
         } else {
             if (!$this->optionsSerialized->wordpressThreadComments) {
                 $isInSameContainer = '0';
             }
         }
         $notificationType = isset($_POST['wpdiscuz_notification_type']) ? $_POST['wpdiscuz_notification_type'] : '';
         if ($current_user && $this->helper->isShowCaptcha($current_user->ID) && !class_exists("wpDiscuzReCaptcha") && !$this->optionsSerialized->isGoodbyeCaptchaActive) {
             $captcha = isset($_POST['wc_captcha']) ? trim($_POST['wc_captcha']) : '';
             if ($this->optionsSerialized->isCaptchaInSession) {
                 if (!session_id()) {
                     session_start();
                 }
                 $cnonce = isset($_POST['cnonce']) ? trim($_POST['cnonce']) : '';
                 $sCaptcha = isset($_SESSION['wpdiscuzc'][$cnonce]) ? $_SESSION['wpdiscuzc'][$cnonce] : false;
                 if (!$sCaptcha || md5(strtolower($captcha)) !== $sCaptcha) {
                     $messageArray['code'] = 'wc_invalid_captcha';
                     wp_die(json_encode($messageArray));
                 }
             } else {
                 $key = isset($_POST['cnonce']) ? substr(trim($_POST['cnonce']), self::CAPTCHA_LENGTH) : '';
                 $fileName = isset($_POST['fileName']) ? substr(trim($_POST['fileName']), 0, strlen(trim($_POST['fileName'])) - 4) : '';
                 if (!$this->helper->checkCaptchaFile($key, $fileName, $captcha)) {
                     $messageArray['code'] = 'wc_invalid_captcha';
                     wp_die(json_encode($messageArray));
                 }
             }
         }
         $website_url = '';
         if ($current_user && $current_user->ID) {
             $user = $current_user;
             $user_id = $current_user->ID;
             $name = $current_user->display_name;
             $email = $current_user->user_email;
         } else {
             $user_id = 0;
             $name = isset($_POST['wc_name']) ? filter_var($_POST['wc_name']) : '';
             $email = isset($_POST['wc_email']) ? trim($_POST['wc_email']) : '';
             $website_url = isset($_POST['wc_website']) ? trim($_POST['wc_website']) : '';
             if ($website_url != '' && (strpos($website_url, 'http://') !== '' && strpos($website_url, 'http://') !== 0) && (strpos($website_url, 'https://') !== '' && strpos($website_url, 'https://') !== 0)) {
                 $website_url = 'http://' . $website_url;
             }
             if (!$this->optionsSerialized->isNameFieldRequired) {
                 $name = !$name ? $this->optionsSerialized->phrases['wc_anonymous'] : $name;
             }
             if (!$this->optionsSerialized->isEmailFieldRequired) {
                 if (!$email) {
                     $email = uniqid() . '@example.com';
                     $isAnonymous = true;
                 }
             }
         }
         if ($website_url != '' && filter_var($website_url, FILTER_VALIDATE_URL) === false) {
             $messageArray['code'] = 'wc_error_url_text';
             wp_die(json_encode($messageArray));
         }
         if ($email != '' && filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
             $messageArray['code'] = 'wc_error_email_text';
             wp_die(json_encode($messageArray));
         }
         $comment_content = $this->helper->replaceCommentContentCode(stripslashes(trim($_POST['wc_comment'])));
         $comment_content = wp_kses($comment_content, $this->helper->wc_allowed_tags);
         $commentMinLength = intval($this->optionsSerialized->commentTextMinLength);
         $commentMaxLength = intval($this->optionsSerialized->commentTextMaxLength);
         $contentLength = function_exists('mb_strlen') ? mb_strlen($comment_content) : strlen($comment_content);
         if ($commentMinLength > 0 && $contentLength < $commentMinLength) {
             $messageArray['code'] = 'wc_msg_input_min_length';
             wp_die(json_encode($messageArray));
         }
         if ($commentMaxLength > 0 && $contentLength > $commentMaxLength) {
             $messageArray['code'] = 'wc_msg_input_max_length';
             wp_die(json_encode($messageArray));
         }
         if ($name && $email && $comment_content) {
             $author_ip = $this->helper->getRealIPAddr();
             $uid_data = $this->helper->getUIDData($uniqueId);
             $comment_parent = $uid_data[0];
             $wc_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
             $new_commentdata = array('user_id' => $user_id, 'comment_post_ID' => $postId, 'comment_parent' => $comment_parent, 'comment_author' => $name, 'comment_author_email' => $email, 'comment_content' => $comment_content, 'comment_author_url' => $website_url, 'comment_author_IP' => $author_ip, 'comment_agent' => $wc_user_agent, 'comment_type' => '');
             $new_comment_id = wp_new_comment(wp_slash($new_commentdata));
             $newComment = get_comment($new_comment_id);
             $held_moderate = 1;
             if ($newComment->comment_approved) {
                 $held_moderate = 0;
             }
             if ($notificationType == WpdiscuzCore::SUBSCRIPTION_POST && class_exists('Prompt_Comment_Form_Handling') && $this->optionsSerialized->usePostmaticForCommentNotification) {
                 $_POST[Prompt_Comment_Form_Handling::SUBSCRIBE_CHECKBOX_NAME] = 1;
                 Prompt_Comment_Form_Handling::handle_form($new_comment_id, $newComment->comment_approved);
             } else {
                 if (!$isAnonymous && $notificationType) {
                     $noNeedMemberConfirm = $current_user->ID && $this->optionsSerialized->disableMemberConfirm;
                     $noNeedGuestsConfirm = !$current_user->ID && $this->optionsSerialized->disableGuestsConfirm && $this->dbManager->hasConfirmedSubscription($email);
                     if ($noNeedMemberConfirm || $noNeedGuestsConfirm) {
                         $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT, 1);
                     } else {
                         $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT);
                         $this->emailHelper->confirmEmailSender($postId, $email);
                     }
                 }
             }
             $messageArray['code'] = $uniqueId;
             $messageArray['redirect'] = $this->optionsSerialized->redirectPage;
             $messageArray['new_comment_id'] = $new_comment_id;
             $messageArray['user_name'] = $name;
             $messageArray['user_email'] = $email;
             $messageArray['is_main'] = $comment_parent ? 0 : 1;
             $messageArray['held_moderate'] = $held_moderate;
             $messageArray['is_in_same_container'] = $isInSameContainer;
             $messageArray['wc_all_comments_count_new'] = $this->dbManager->getCommentsCount($postId);
             $commentListArgs = $this->getCommentListArgs($postId);
             $commentListArgs['current_user'] = $current_user;
             $commentListArgs['addComment'] = $commentDepth;
             $messageArray['message'] = wp_list_comments($commentListArgs, array($newComment));
         } else {
             $messageArray['code'] = 'wc_invalid_field';
         }
     } else {
         $messageArray['code'] = 'wc_msg_required_fields';
     }
     $messageArray['callbackFunctions'] = array();
     $messageArray = apply_filters('wpdiscuz_comment_post', $messageArray);
     wp_die(json_encode($messageArray));
 }
 /**
  * Handle the situation when a moderated comment subscribe request has not yet been fulfilled.
  * @param $comment
  */
 protected static function handle_new_subscriber($comment)
 {
     if (!Prompt_Comment_Form_Handling::subscription_requested($comment)) {
         return;
     }
     Prompt_Comment_Form_Handling::subscribe_commenter($comment);
 }
 /**
  * Echo comment form content.
  *
  * Called by the comment_form action.
  *
  * @param $post_id
  */
 public static function form_content($post_id)
 {
     if (!Prompt_Core::$options->get('prompt_key') or !Prompt_Core::$options->get('enable_comment_delivery')) {
         return;
     }
     self::enqueue_assets($post_id);
     self::$prompt_post = new Prompt_Post($post_id);
     $current_user = Prompt_User_Handling::current_user();
     if ($current_user and self::$prompt_post->is_subscribed($current_user->ID)) {
         return;
     }
     echo html('label id="prompt-comment-subscribe"', html('input', array('type' => 'checkbox', 'name' => self::SUBSCRIBE_CHECKBOX_NAME, 'value' => '1', 'checked' => Prompt_Core::$options->get('comment_opt_in_default'))), '&nbsp;', html('span', Prompt_Core::$options->get('comment_opt_in_text')));
 }
Exemple #4
0
 public function comment_submit_via_ajax()
 {
     $message_array = array();
     $comment_post_ID = intval(filter_input(INPUT_POST, 'comment_post_ID'));
     $comment_parent = intval(filter_input(INPUT_POST, 'comment_parent'));
     $comment_depth = intval(filter_input(INPUT_POST, 'comment_depth'));
     $is_in_same_container = 1;
     if ($comment_depth > $this->wc_options_serialized->wc_comments_max_depth) {
         $comment_depth = $this->wc_options_serialized->wc_comments_max_depth;
         $is_in_same_container = 0;
     }
     $notification_type = isset($_POST['notification_type']) ? $_POST['notification_type'] : '';
     if (!$this->wc_options_serialized->wc_captcha_show_hide) {
         if (!is_user_logged_in()) {
             $sess_captcha = $_SESSION['wc_captcha'][$comment_post_ID . '-' . $comment_parent];
             $captcha = filter_input(INPUT_POST, 'captcha');
             if (md5(strtolower($captcha)) !== $sess_captcha) {
                 $message_array['code'] = -1;
                 $message_array['message'] = $this->wc_options_serialized->wc_phrases['wc_invalid_captcha'];
                 echo json_encode($message_array);
                 exit;
             }
         }
     }
     $comment_content = filter_input(INPUT_POST, 'comment');
     $website_url = '';
     if (is_user_logged_in()) {
         $user_id = get_current_user_id();
         $user = get_userdata($user_id);
         $name = $user->display_name;
         $email = $user->user_email;
     } else {
         if ($this->wc_options_serialized->wc_is_name_field_required) {
             $name = filter_input(INPUT_POST, 'name');
         } else {
             $name = !filter_input(INPUT_POST, 'name') ? __('Anonymous', WC_Core::$TEXT_DOMAIN) : filter_input(INPUT_POST, 'name');
         }
         if ($this->wc_options_serialized->wc_is_email_field_required) {
             $email = filter_input(INPUT_POST, 'email');
         } else {
             $email = !filter_input(INPUT_POST, 'email') ? 'anonymous_' . md5(uniqid() . time()) . '@example.com' : filter_input(INPUT_POST, 'email');
         }
         $user_id = 0;
         $website_url = filter_input(INPUT_POST, 'website');
     }
     if ($website_url != '' && (strpos($website_url, 'http://') !== '' && strpos($website_url, 'http://') !== 0) && (strpos($website_url, 'https://') !== '' && strpos($website_url, 'https://') !== 0)) {
         $website_url = 'http://' . $website_url;
     }
     if ($website_url != '' && filter_var($website_url, FILTER_VALIDATE_URL) === false) {
         $message_array['code'] = -1;
         $message_array['message'] = $this->wc_options_serialized->wc_phrases['wc_error_url_text'];
         echo json_encode($message_array);
         exit;
     }
     $comment_content = wp_kses($comment_content, $this->wc_helper->wc_allowed_tags);
     $wc_comment_text_max_length = intval($this->wc_options_serialized->wc_comment_text_max_length);
     if ($wc_comment_text_max_length && $wc_comment_text_max_length > 0 && mb_strlen(trim($comment_content)) > $wc_comment_text_max_length) {
         $message_array['code'] = -1;
         $message_array['message'] = $this->wc_options_serialized->wc_phrases['wc_msg_comment_text_max_length'];
         echo json_encode($message_array);
         exit;
     }
     if ($name && filter_var($email, FILTER_VALIDATE_EMAIL) && $comment_content && filter_var($comment_post_ID)) {
         $author_ip = WC_Helper::get_real_ip_addr();
         $comment_content = addslashes($comment_content);
         $new_commentdata = array('user_id' => $user_id, 'comment_post_ID' => $comment_post_ID, 'comment_parent' => $comment_parent, 'comment_author' => $name, 'comment_author_email' => $email, 'comment_content' => $comment_content, 'comment_author_url' => $website_url, 'comment_author_IP' => $author_ip, 'comment_agent' => $this->wc_user_agent);
         $new_comment_id = wp_new_comment($new_commentdata);
         $new_inserted_comment = get_comment($new_comment_id);
         $held_moderate = 1;
         if ($new_inserted_comment->comment_approved) {
             $held_moderate = 0;
         }
         $wc_notification_inserted_id = 0;
         if ($notification_type == 'post' && !$this->wc_db_helper->wc_has_post_notification($comment_post_ID, $email)) {
             if (class_exists('Prompt_Comment_Form_Handling') && $this->wc_options_serialized->wc_use_postmatic_for_comment_notification) {
                 $_POST[Prompt_Comment_Form_Handling::SUBSCRIBE_CHECKBOX_NAME] = 1;
                 Prompt_Comment_Form_Handling::handle_form($new_comment_id, $new_inserted_comment->comment_approved);
             } else {
                 $wc_notification_inserted_id = $this->wc_db_helper->wc_add_email_notification($comment_post_ID, $comment_post_ID, $email, 1);
             }
         } else {
             if ($notification_type == 'all_comment' && !$this->wc_db_helper->wc_has_all_comments_notification($comment_post_ID, $email)) {
                 $wc_notification_inserted_id = $this->wc_db_helper->wc_add_email_notification($comment_post_ID, $comment_post_ID, $email, 2);
             } else {
                 if ($notification_type == 'comment' && !$this->wc_db_helper->wc_has_comment_notification($comment_post_ID, $new_comment_id, $email)) {
                     $wc_notification_inserted_id = $this->wc_db_helper->wc_add_email_notification($new_comment_id, $comment_post_ID, $email, 3);
                 }
             }
         }
         if ($wc_notification_inserted_id) {
             $this->wc_confirm_email_sender($wc_notification_inserted_id, $email, $comment_post_ID, $new_comment_id, $notification_type);
         }
         $new_comment = get_comment($new_comment_id, OBJECT);
         if ($held_moderate) {
             $message_array['code'] = -2;
             $message_array['message'] = $this->wc_options_serialized->wc_phrases['wc_held_for_moderate'];
         } else {
             $message_array['code'] = 1;
             $message_array['message'] = $this->comment_tpl_builder->get_comment_template($new_comment, null, $comment_depth);
             $message_array['is_in_same_container'] = $is_in_same_container;
             $message_array['wc_all_comments_count_new'] = $this->wc_db_helper->get_comments_count($comment_post_ID, null, null);
         }
         $message_array['wc_new_comment_id'] = $new_comment_id;
     } else {
         $message_array['code'] = -1;
         $message_array['wc_new_comment_id'] = -1;
         $message_array['message'] = $this->wc_options_serialized->wc_phrases['wc_invalid_field'];
     }
     echo json_encode($message_array);
     exit;
 }
 public function addComment()
 {
     $messageArray = array();
     $commentData = filter_input(INPUT_POST, 'wpdiscuzAjaxData');
     $isAnonymous = false;
     if ($commentData) {
         parse_str($commentData);
         $postId = isset($postId) ? intval(trim($postId)) : 0;
         if (function_exists('zerospam_get_key') && isset($wpdiscuz_zs)) {
             $_POST['zerospam_key'] = $wpdiscuz_zs == md5(zerospam_get_key()) ? zerospam_get_key() : '';
         }
         if (wp_verify_nonce($wpdiscuz_comment_form_nonce, self::ACTION_FORM_NONCE) && isset($wpdiscuz_unique_id) && $wpdiscuz_unique_id && $postId) {
             $wpdiscuz_unique_id = filter_var($wpdiscuz_unique_id);
             $wc_comment_depth = isset($wc_comment_depth) && intval($wc_comment_depth) ? $wc_comment_depth : 1;
             $isInSameContainer = '1';
             global $current_user;
             get_currentuserinfo();
             if ($wc_comment_depth > $this->optionsSerialized->wordpressThreadCommentsDepth) {
                 $wc_comment_depth = $this->optionsSerialized->wordpressThreadCommentsDepth;
                 $isInSameContainer = '0';
             } else {
                 if (!$this->optionsSerialized->wordpressThreadComments) {
                     $isInSameContainer = '0';
                 }
             }
             $notification_type = isset($wpdiscuz_notification_type) ? $wpdiscuz_notification_type : '';
             if ($this->helper->isShowCaptcha($current_user->ID)) {
                 $key = isset($cnonce) ? substr($cnonce, self::CAPTCHA_LENGTH) : '';
                 $fileName = isset($fileName) ? substr($fileName, 0, strlen($fileName) - 4) : '';
                 $captcha = isset($wc_captcha) ? $wc_captcha : '';
                 if (!$this->helper->checkCaptcha($key, $fileName, $captcha)) {
                     $messageArray['code'] = 'wc_invalid_captcha';
                     wp_die(json_encode($messageArray));
                 }
             }
             $website_url = '';
             if ($current_user->ID) {
                 $user_id = $current_user->ID;
                 $user = $current_user;
                 $name = $current_user->display_name;
                 $email = $current_user->user_email;
             } else {
                 $user_id = 0;
                 $name = isset($wc_name) ? filter_var($wc_name) : '';
                 $email = isset($wc_email) ? trim($wc_email) : '';
                 $website_url = isset($wc_website) ? trim($wc_website) : '';
                 if ($website_url != '' && (strpos($website_url, 'http://') !== '' && strpos($website_url, 'http://') !== 0) && (strpos($website_url, 'https://') !== '' && strpos($website_url, 'https://') !== 0)) {
                     $website_url = 'http://' . $website_url;
                 }
                 if (!$this->optionsSerialized->isNameFieldRequired) {
                     $name = !$name ? __('Anonymous', 'wpdiscuz') : $name;
                 }
                 if (!$this->optionsSerialized->isEmailFieldRequired) {
                     if (!$email) {
                         $email = 'anonymous_' . md5(uniqid() . time()) . '@example.com';
                         $isAnonymous = true;
                     }
                 }
             }
             if ($website_url != '' && filter_var($website_url, FILTER_VALIDATE_URL) === false) {
                 $messageArray['code'] = 'wc_error_url_text';
                 wp_die(json_encode($messageArray));
             }
             if ($email != '' && filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
                 $messageArray['code'] = 'wc_error_email_text';
                 wp_die(json_encode($messageArray));
             }
             $comment_content = wp_kses(trim($wc_comment), $this->helper->wc_allowed_tags);
             $commentMinLength = intval($this->optionsSerialized->commentTextMinLength);
             $commentMaxLength = intval($this->optionsSerialized->commentTextMaxLength);
             $contentLength = function_exists('mb_strlen') ? mb_strlen($comment_content) : strlen($comment_content);
             if ($commentMinLength > 0 && $contentLength < $commentMinLength) {
                 $messageArray['code'] = 'wc_msg_comment_text_min_length';
                 wp_die(json_encode($messageArray));
             }
             if ($commentMaxLength > 0 && $contentLength > $commentMaxLength) {
                 $messageArray['code'] = 'wc_msg_comment_text_max_length';
                 wp_die(json_encode($messageArray));
             }
             if ($name && $email && $comment_content) {
                 $author_ip = $this->helper->getRealIPAddr();
                 $uid_data = $this->helper->getUIDData($wpdiscuz_unique_id);
                 $comment_parent = $uid_data[0];
                 $wc_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
                 $new_commentdata = array('user_id' => $user_id, 'comment_post_ID' => $postId, 'comment_parent' => $comment_parent, 'comment_author' => $name, 'comment_author_email' => $email, 'comment_content' => $comment_content, 'comment_author_url' => $website_url, 'comment_author_IP' => $author_ip, 'comment_agent' => $wc_user_agent, 'comment_type' => '');
                 $new_comment_id = wp_new_comment($new_commentdata);
                 $newComment = get_comment($new_comment_id);
                 $held_moderate = 1;
                 if ($newComment->comment_approved) {
                     $held_moderate = 0;
                 }
                 if ($notification_type == WpdiscuzCore::SUBSCRIPTION_POST && class_exists('Prompt_Comment_Form_Handling') && $this->optionsSerialized->usePostmaticForCommentNotification) {
                     $_POST[Prompt_Comment_Form_Handling::SUBSCRIBE_CHECKBOX_NAME] = 1;
                     Prompt_Comment_Form_Handling::handle_form($new_comment_id, $newComment->comment_approved);
                 } else {
                     if (!$isAnonymous && $notification_type) {
                         if ($current_user->ID && $this->optionsSerialized->disableMemberConfirm) {
                             $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT, 1);
                         } else {
                             $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT);
                             $this->emailHelper->confirmEmailSender($postId, $email);
                         }
                     }
                 }
                 $messageArray['code'] = $wpdiscuz_unique_id;
                 $messageArray['redirect'] = $this->optionsSerialized->redirectPage;
                 $messageArray['new_comment_id'] = $new_comment_id;
                 $messageArray['user_name'] = $name;
                 $messageArray['user_email'] = $email;
                 $messageArray['is_main'] = $comment_parent ? 0 : 1;
                 $messageArray['held_moderate'] = $held_moderate;
                 $messageArray['is_in_same_container'] = $isInSameContainer;
                 $messageArray['wc_all_comments_count_new'] = $this->dbManager->getCommentsCount($postId);
                 $commentListArgs = $this->getCommentListArgs($postId);
                 $commentListArgs['current_user'] = $current_user;
                 $commentListArgs['addComment'] = $wc_comment_depth;
                 $messageArray['message'] = wp_list_comments($commentListArgs, array($newComment));
             } else {
                 $messageArray['code'] = 'wc_invalid_field';
             }
         } else {
             $messageArray['code'] = 'wc_invalid_field';
         }
     } else {
         $messageArray['code'] = 'wc_msg_required_fields';
     }
     wp_die(json_encode($messageArray));
 }