function discuss_save()
{
extract(doSlash(gpsa(array('email', 'name', 'web', 'message', 'discussid', 'ip', 'visible', 'parentid'))));
safe_update("txp_discuss", "email = '{$email}',\n\t\t\t name = '{$name}',\n\t\t\t web = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = '{$visible}'", "discussid = {$discussid}");
update_comments_count($parentid);
discuss_list(messenger('message', $discussid, 'updated'));
}
function discuss_save()
{
extract(doSlash(gpsa(array('email', 'name', 'web', 'message', 'ip'))));
extract(array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid'))));
safe_update("txp_discuss", "email = '{$email}',\n\t\t\t name = '{$name}',\n\t\t\t web = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = {$visible}", "discussid = {$discussid}");
update_comments_count($parentid);
update_lastmod();
$message = gTxt('comment_updated', array('{id}' => $discussid));
discuss_list($message);
}
function discuss_save()
{
$varray = array_map('assert_string', gpsa(array('email', 'name', 'web', 'message', 'ip')));
$varray = $varray + array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid')));
extract(doSlash($varray));
$message = $varray['message'] = preg_replace('#<(/?txp:.+?)>#', '<$1>', $message);
$constraints = array('status' => new ChoiceConstraint($visible, array('choices' => array(SPAM, MODERATE, VISIBLE), 'message' => 'invalid_status')));
callback_event_ref('discuss_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate() && safe_update("txp_discuss", "email = '{$email}',\n\t\t\t name = '{$name}',\n\t\t\t web = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = {$visible}", "discussid = {$discussid}")) {
update_comments_count($parentid);
update_lastmod();
$message = gTxt('comment_updated', array('{id}' => $discussid));
} else {
$message = array(gTxt('comment_save_failed'), E_ERROR);
}
discuss_list($message);
}
/**
* Inserts a parsed item to the database.
*
* This import code is untested.
*
* @param array $item
* @param string $section
* @param int $status
* @param string $invite
* @return string A feedback message
* @access private
*/
function import_mt_item($item, $section, $status, $invite)
{
global $prefs;
if (empty($item)) {
return;
}
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$title = $textile->TextileThis($item['TITLE'], 1);
// Nice non-English permlinks.
$url_title = stripSpace($title, 1);
$body = isset($item['BODY'][0]['content']) ? $item['BODY'][0]['content'] : '';
if (isset($item['EXTENDED BODY'][0]['content'])) {
$body .= "\n <!-- more -->\n\n" . $item['EXTENDED BODY'][0]['content'];
}
$body_html = $textile->textileThis($body);
$excerpt = isset($item['EXCERPT'][0]['content']) ? $item['EXCERPT'][0]['content'] : '';
$excerpt_html = $textile->textileThis($excerpt);
$date = safe_strtotime($item['DATE']);
$date = strftime('%Y-%m-%d %H:%M:%S', $date);
if (isset($item['STATUS'])) {
$post_status = $item['STATUS'] == 'Draft' ? 1 : 4;
} else {
$post_status = $status;
}
$category1 = @$item['PRIMARY CATEGORY'];
if ($category1 and !safe_field("name", "txp_category", "name = '{$category1}'")) {
safe_insert('txp_category', "name='" . doSlash($category1) . "', type='article', parent='root'");
}
$category2 = @$item['CATEGORY'];
if ($category2 == $category1) {
$category2 = '';
}
if ($category2 and !safe_field("name", "txp_category", "name = '{$category2}'")) {
safe_insert('txp_category', "name='" . doSlash($category2) . "', type='article', parent='root'");
}
$keywords = isset($item['KEYWORDS'][0]['content']) ? $item['KEYWORDS'][0]['content'] : '';
$annotate = !empty($item['ALLOW COMMENTS']);
if (isset($item['ALLOW COMMENTS'])) {
$annotate = intval($item['ALLOW COMMENTS']);
} else {
$annotate = (!empty($item['COMMENT']) or $prefs['comments_on_default']);
}
$authorid = safe_field('user_id', 'txp_users', "name = '" . doSlash($item['AUTHOR']) . "'");
if (!$authorid) {
// $authorid = safe_field('user_id', 'txp_users', 'order by user_id asc limit 1');
// Add new authors.
safe_insert('txp_users', "name='" . doSlash($item['AUTHOR']) . "'");
}
if (!safe_field("ID", "textpattern", "Title = '" . doSlash($title) . "' AND Posted = '" . doSlash($date) . "'")) {
$parentid = safe_insert('textpattern', "Posted='" . doSlash($date) . "'," . "LastMod='" . doSlash($date) . "'," . "AuthorID='" . doSlash($item['AUTHOR']) . "'," . "LastModID='" . doSlash($item['AUTHOR']) . "'," . "Title='" . doSlash($title) . "'," . "Body='" . doSlash($body) . "'," . "Body_html='" . doSlash($body_html) . "'," . "Excerpt='" . doSlash($excerpt) . "'," . "Excerpt_html='" . doSlash($excerpt_html) . "'," . "Category1='" . doSlash($category1) . "'," . "Category2='" . doSlash($category2) . "'," . "Annotate='" . doSlash($annotate) . "'," . "AnnotateInvite='" . doSlash($invite) . "'," . "Status='" . doSlash($post_status) . "'," . "Section='" . doSlash($section) . "'," . "Keywords='" . doSlash($keywords) . "'," . "uid='" . md5(uniqid(rand(), true)) . "'," . "feed_time='" . substr($date, 0, 10) . "'," . "url_title='" . doSlash($url_title) . "'");
if (!empty($item['COMMENT']) and is_array($item['COMMENT'])) {
foreach ($item['COMMENT'] as $comment) {
$comment_date = strftime('%Y-%m-%d %H:%M:%S', safe_strtotime(@$comment['DATE']));
$comment_content = $textile->TextileThis(nl2br(@$comment['content']), 1);
if (!safe_field("discussid", "txp_discuss", "posted = '" . doSlash($comment_date) . "' AND message = '" . doSlash($comment_content) . "'")) {
safe_insert('txp_discuss', "parentid='" . doSlash($parentid) . "'," . "name='" . doSlash(@$comment['AUTHOR']) . "'," . "email='" . doSlash(@$comment['EMAIL']) . "'," . "web='" . doSlash(@$comment['URL']) . "'," . "ip='" . doSlash(@$comment['IP']) . "'," . "posted='" . doSlash($comment_date) . "'," . "message='" . doSlash($comment_content) . "'," . "visible='1'");
}
}
update_comments_count($parentid);
}
return $title;
}
return $title . ' already imported';
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
extract($in);
if (!checkCommentsAllowed($parentid)) {
exit(graf(gTxt('comments_closed')));
}
if ($prefs['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($prefs['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = serverset('REMOTE_ADDR');
$message = trim($message);
$blacklisted = is_blacklisted($ip);
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if ($blacklisted == false) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
$updated = update_comments_count($parentid);
ob_start();
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
}
}
// end check nonce
}
// end check dup
} else {
exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
}
// end check blacklist
} else {
exit(gTxt('you_have_been_banned'));
}
// end check site ban
}
/**
* _cbe_rndc_pop_com - Admin-side: Generate comments
*
* See "Rules for comments" in the helpfile
*
* @return array
*/
function _cbe_rndc_pop_com(&$message, &$html)
{
global $event, $use_comments, $comments_disabled_after;
$next_step = NULL;
$out = array();
$globerrlevel = '';
$aIds = safe_rows("ID, Title, unix_timestamp(Posted) as uPosted", "textpattern", "`Posted`<=now() AND\n (`Expires`>now() OR `Expires`=" . NULLDATETIME . ") AND\n `Status`=" . STATUS_LIVE . " AND\n `Annotate`='1'\n ORDER BY ID");
if (!$use_comments) {
$globerrlevel = E_ERROR;
$message = gTxt(CBE_RNDC_LPFX . 'no_comm_allowed');
} else {
$message = gTxt(CBE_RNDC_LPFX . 'populate_end');
if (($lifespan = $comments_disabled_after * 86400) > 0) {
array_walk($aIds, create_function('&$v, $k, $p', '$v[ "ID" ] = (time()-$v["uPosted"] < $p) ? $v["ID"] : false ;'), $lifespan);
$aIds = array_filter($aIds, create_function('$v', 'return( $v[ "ID" ] ) ;'));
}
foreach ($aIds as $article) {
if (rand(0, 99) == 50) {
continue;
}
$rndnb = rand(3, 10);
$aCids = array();
$errlevel = "success";
for ($i = 0; $i < $rndnb; $i++) {
$comm = '';
$parag = rand(2, 5);
for ($j = 0; $j < $parag; $j++) {
$comm .= '<p>' . _cbe_rndc_text(6, 10, 2, 8) . '</p>';
}
if ($insertd = safe_insert("txp_discuss", "`parentid`='{$article['ID']}',\n `name`='" . doSlash(_cbe_rndc_name(4, 7) . ' ' . _cbe_rndc_name(4, 9)) . "',\n `email`='" . doSlash(_cbe_rndc(false, ALPHAMINUS, 4, 7) . '@' . _cbe_rndc(false, ALPHAMINUS, 4, 9) . '.' . _cbe_rndc(false, ALPHAMINUS, 3)) . "',\n `web`='" . doSlash('http://' . _cbe_rndc(false, ALPHAMINUS, 4, 7) . '.' . _cbe_rndc(false, ALPHAMINUS, 3)) . "',\n `ip`='" . doSlash(_cbe_rndc_ip()) . "',\n `message`='" . doSlash($comm) . "',\n `posted`='" . doSlash(date("Y-m-d H:i:s", rand($article["uPosted"], time()))) . "'")) {
$aCids[] = $insertd;
} else {
$errlevel = "warning";
$globerrlevel = E_ERROR;
}
}
update_comments_count($article["ID"]);
$out[] = graf(tag($article['Title'], 'span', ' class="' . $errlevel . '"') . ': ' . join(", ", $aCids));
}
if (!empty($globerrlevel)) {
$message .= ' ' . gTxt(CBE_RNDC_LPFX . 'with_errors');
}
}
$back = tag(fInput('submit', 'submit', gTxt(CBE_RNDC_LPFX . 'go_back'), 'publish') . n . sInput(CBE_RNDC_SPFX . 'initiate') . n . eInput($event), 'div');
$html = join(n, $out) . form($back);
return $next_step;
}
function sed_comments($atts)
{
global $thisarticle, $prefs, $comment_preview, $pretext;
extract($prefs);
extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => $comments_are_ol ? 'ol' : '', 'break' => $comments_are_ol ? 'li' : 'div', 'class' => __FUNCTION__, 'breakclass' => '', 'sort' => 'posted ASC'), $atts));
assert_article();
if (is_array($thisarticle)) {
extract($thisarticle);
}
if (@$thisid) {
$id = $thisid;
}
#
# Extract the sed article overrides...
# Access the custom field that houses the vars and explode the string on ';' boundaries.
#
$sed_vars = _sed_cp_get_sed_vars(@$thisarticle['sed per-article vars']);
$sed_vars = lAtts(array('sed_delay' => '0', 'sed_ttl' => '', 'sed_on_cull' => 'hide', 'sed_ttl_grace' => ''), $sed_vars);
extract($sed_vars);
if (!empty($comment_preview)) {
$preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
$preview['time'] = time();
$preview['discussid'] = 0;
$preview['message'] = markup_comment($preview['message']);
$GLOBALS['thiscomment'] = $preview;
$comments[] = parse_form($form) . n;
unset($GLOBALS['thiscomment']);
$out = doWrap($comments, $wraptag, $break, $class, $breakclass);
} else {
$rs = safe_rows_start("*, unix_timestamp(posted) as time", "txp_discuss", 'parentid=' . intval($id) . ' and visible=' . VISIBLE . ' order by ' . doSlash($sort));
$out = '';
if ($rs) {
$comments = array();
$culled_comments = array();
while ($vars = nextRow($rs)) {
$culled = false;
$show = true;
$extra = '';
$now = time();
$remaining = '';
#
# If the comment is in a deleting page then check if it is to be culled...
#
if (!empty($sed_ttl)) {
$do_cull_check = true;
#
# Are we in any grace period???
#
if (!empty($sed_ttl_grace) && 0 != $sed_ttl_grace) {
$do_cull_check = _sed_cp_if_outside_period($thisarticle['posted'], $sed_ttl_grace, $vars['time'], $remaining);
}
#
# If not then do the cull checking...
#
if ($do_cull_check) {
$culled = _sed_cp_if_outside_period($vars['time'], $sed_ttl, $now, $remaining);
}
#
# Display how long to go before culling.
#
if ($do_cull_check && !$culled) {
$vars['message'] .= "<br/><br/><strong>[MARKED FOR DELETION IN {$remaining}.]</strong>";
}
}
if ($culled) {
$extra .= ' culled';
$culled_comments[] = $vars;
$vars['time'] = $now;
$vars['message'] .= "<br/><br/><strong>[DELETED.]</strong>";
} else {
#
# See if the comment is in its "hidden" period.
# This is to try and discourage spam-robots that immediately see if their posts appear live.
#
if (!empty($sed_delay) && $sed_delay > '0') {
$show = _sed_cp_if_outside_period($vars['time'], $sed_delay, $now, $remaining);
}
#
# Still hidden so show a place-holder comment instead.
#
if (!$show) {
$extra .= ' delay_queue';
$vars['name'] = "[DELAYED]";
$vars['time'] = $now;
$vars['message'] = "A comment has been recorded and is in the delay queue.";
$vars['message'] .= "<br/><br/><strong>[REVEALED IN {$remaining}.]</strong>";
}
}
#
# Save the additional css class markup for this comment in the vars before parsing the comment form.
#
$vars['sed_class_extra'] = $extra;
$GLOBALS['thiscomment'] = $vars;
$comments[] = parse_form($form) . n;
unset($GLOBALS['thiscomment']);
}
$out .= doWrap($comments, $wraptag, $break, $class, $breakclass);
#
# Process the culled list...
#
if (!empty($culled_comments)) {
foreach ($culled_comments as $comment) {
if ('delete' == $sed_on_cull) {
_sed_cp_delete_comment($comment);
} else {
_sed_cp_update_comment($comment, $sed_on_cull);
}
}
update_comments_count($id);
}
}
}
return $out;
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message = trim($message);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
if ($prefs['logging'] == 'refer') {
logit('refer');
} elseif ($prefs['logging'] == 'all') {
logit();
}
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
