/** * Generic comment adding routine. Called by album objects or image objects * to add comments. * * Returns a code for the success of the comment add: * 0: Bad entry * 1: Marked for moderation * 2: Successfully posted * * @param string $name Comment author name * @param string $email Comment author email * @param string $website Comment author website * @param string $comment body of the comment * @param string $code Captcha code entered * @param string $code_ok Captcha md5 expected * @param string $type 'albums' if it is an album or 'images' if it is an image comment * @param object $receiver the object (image or album) to which to post the comment * @param string $ip the IP address of the comment poster * @param bool $private set to true if the comment is for the admin only * @param bool $anon set to true if the poster wishes to remain anonymous * @return int */ function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon) { global $_zp_captcha; $result = commentObjectClass($receiver); list($type, $class) = $result; $receiver->getComments(); $name = trim($name); $email = trim($email); $website = trim($website); $admins = getAdministrators(); $admin = array_shift($admins); $key = $admin['pass']; // Let the comment have trailing line breaks and space? Nah... // Also (in)validate HTML here, and in $name. $comment = trim($comment); if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) { return -2; } if (getOption('comment_name_required') && empty($name)) { return -3; } if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) { return -4; } if (getOption('Use_Captcha')) { if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { return -5; } } if (empty($comment)) { return -6; } if (!empty($website) && substr($website, 0, 7) != "http://") { $website = "http://" . $website; } $goodMessage = 2; $gallery = new gallery(); if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) { require_once $requirePath; $spamfilter = new SpamFilter(); $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip); } if ($goodMessage) { if ($goodMessage == 1) { $moderate = 1; } else { $moderate = 0; } if ($private) { $private = 1; } else { $private = 0; } if ($anon) { $anon = 1; } else { $anon = 0; } $receiverid = $receiver->id; // Update the database entry with the new comment query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")'); if ($moderate) { $action = "placed in moderation"; } else { // add to comments array and notify the admin user $newcomment = array(); $newcomment['name'] = $name; $newcomment['email'] = $email; $newcomment['website'] = $website; $newcomment['comment'] = $comment; $newcomment['date'] = time(); $receiver->comments[] = $newcomment; $action = "posted"; } // switch added for zenpage support $class = get_class($receiver); switch ($class) { case "Albums": $on = $receiver->name; $url = "album=" . urlencode($receiver->name); $ur_album = getUrAlbum($receiver); break; case "ZenpageNews": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink()); break; case "ZenpagePage": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink()); break; default: // all image types $on = $receiver->getAlbumName() . " about " . $receiver->getTitle(); $url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename); $album = $receiver->getAlbum(); $ur_album = getUrAlbum($album); break; } if (getOption('email_new_comments')) { $last_comment = fetchComments(1); $last_comment = $last_comment[0]['id']; $message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n"; $emails = array(); $admin_users = getAdministrators(); foreach ($admin_users as $admin) { // mail anyone else with full rights if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) { $emails[] = $admin['email']; unset($admin_users[$admin['id']]); } } // take out for zenpage comments since there are no album admins if ($type === "images" or $type === "albums") { $id = $ur_album->getAlbumID(); $sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}"; $result = query_full_array($sql); foreach ($result as $anadmin) { $admin = $admin_users[$anadmin['adminid']]; if (!empty($admin['email'])) { $emails[] = $admin['email']; } } } zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails); } } return $goodMessage; }
/** * Generic comment adding routine. Called by album objects or image objects * to add comments. * * Returns a comment object * * @param string $name Comment author name * @param string $email Comment author email * @param string $website Comment author website * @param string $comment body of the comment * @param string $code CAPTCHA code entered * @param string $code_ok CAPTCHA hash expected * @param string $type 'albums' if it is an album or 'images' if it is an image comment * @param object $receiver the object (image or album) to which to post the comment * @param string $ip the IP address of the comment poster * @param bool $private set to true if the comment is for the admin only * @param bool $anon set to true if the poster wishes to remain anonymous * @param bit $check bitmask of which fields must be checked. If set overrides the options * @return object */ function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $check = false) { global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold; if ($check === false) { $whattocheck = 0; if (getOption('comment_email_required') == 'required') { $whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED; } if (getOption('comment_name_required')) { $whattocheck = $whattocheck | COMMENT_NAME_REQUIRED; } if (getOption('comment_web_required') == 'required') { $whattocheck = $whattocheck | COMMENT_WEB_REQUIRED; } if (getOption('Use_Captcha')) { $whattocheck = $whattocheck | USE_CAPTCHA; } if (getOption('comment_body_requiired')) { $whattocheck = $whattocheck | COMMENT_BODY_REQUIRED; } if (getOption('email_new_comments')) { $whattocheck = $whattocheck | COMMENT_SEND_EMAIL; } } else { $whattocheck = $check; } $type = $receiver->table; $class = get_class($receiver); $receiver->getComments(); $name = trim($name); $email = trim($email); $website = trim($website); if (!empty($website) && substr($website, 0, 7) != "http://") { $website = "http://" . $website; } // Let the comment have trailing line breaks and space? Nah... // Also (in)validate HTML here, and in $name. $comment = trim($comment); $receiverid = $receiver->id; $goodMessage = 2; if ($private) { $private = 1; } else { $private = 0; } if ($anon) { $anon = 1; } else { $anon = 0; } $commentobj = new Comment(); $commentobj->transient = false; // otherwise we won't be able to save it.... $commentobj->setOwnerID($receiverid); $commentobj->setName($name); $commentobj->setEmail($email); $commentobj->setWebsite($website); $commentobj->setComment($comment); $commentobj->setType($type); $commentobj->setIP($ip); $commentobj->setPrivate($private); $commentobj->setAnon($anon); $commentobj->setInModeration(0); if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) { $commentobj->setInModeration(-2); $commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address."); $goodMessage = false; } if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) { $commentobj->setInModeration(-3); $commentobj->comment_error_text .= ' ' . gettext("You must enter your name."); $goodMessage = false; } if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) { $commentobj->setInModeration(-4); $commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL."); $goodMessage = false; } if ($whattocheck & USE_CAPTCHA) { if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $commentobj->setInModeration(-5); $commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed."); $goodMessage = false; } } if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) { $commentobj->setInModeration(-6); $commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text."); $goodMessage = false; } $moderate = 0; if ($goodMessage && !(false === ($requirePath = getPlugin('spamfilters/' . internalToFilesystem(getOption('spam_filter')) . ".php")))) { require_once $requirePath; $spamfilter = new SpamFilter(); $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, $receiver, $ip); switch ($goodMessage) { case 0: $commentobj->setInModeration(2); $commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), getOption('spam_filter')); $goodMessage = false; break; case 1: $_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), getOption('spam_filter')); $commentobj->comment_error_text .= $_zp_comment_on_hold; $commentobj->setInModeration(1); $moderate = 1; break; case 2: $commentobj->setInModeration(0); break; } } $localerrors = $commentobj->getInModeration(); zp_apply_filter('comment_post', $commentobj, $receiver); if ($check === false) { // ignore filter provided errors if caller is supplying the fields to check $localerrors = $commentobj->getInModeration(); } if ($goodMessage && $localerrors >= 0) { // Update the database entry with the new comment $commentobj->save(); // add to comments array and notify the admin user if (!$moderate) { $receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData()); } $class = strtolower(get_class($receiver)); switch ($class) { case "album": $url = "album=" . pathurlencode($receiver->name); $ur_album = getUrAlbum($receiver); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your album "%1$s".'), $receiver->name); } else { $action = sprintf(gettext('A comment has been posted on your album "%1$s".'), $receiver->name); } break; case "zenpagenews": $url = "p=news&title=" . urlencode($receiver->getTitlelink()); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your article "%1$s".'), $receiver->getTitlelink()); } else { $action = sprintf(gettext('A comment has been posted on your article "%1$s".'), $receiver->getTitlelink()); } break; case "zenpagepage": $url = "p=pages&title=" . urlencode($receiver->getTitlelink()); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your page "%1$s".'), $receiver->getTitlelink()); } else { $action = sprintf(gettext('A comment has been posted on your page "%1$s".'), $receiver->getTitlelink()); } break; default: // all image types $url = "album=" . pathurlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename); $album = $receiver->getAlbum(); $ur_album = getUrAlbum($album); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName()); } else { $action = sprintf(gettext('A comment has been posted on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName()); } break; } if ($whattocheck & COMMENT_SEND_EMAIL) { $message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/admin-comments.php?page=editcomment&id=' . $commentobj->id); $emails = array(); $admin_users = $_zp_authority->getAdministrators(); foreach ($admin_users as $admin) { // mail anyone with full rights if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) { $emails[] = $admin['email']; unset($admin_users[$admin['id']]); } } if ($type === "images" or $type === "albums") { // mail to album admins $id = $ur_album->getAlbumID(); $sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type`="album"'; $result = query_full_array($sql); foreach ($result as $anadmin) { $id = $anadmin['adminid']; if (array_key_exists($id, $admin_users)) { $admin = $admin_users[$id]; if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) { $emails[] = $admin['email']; } } } } $on = gettext('Comment posted'); $gallery = new Gallery(); $result = zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails); if ($result) { $commentobj->setInModeration(-12); $commentobj->comment_error_text = $result; } } } return $commentobj; }