function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
// Should be username:hash:salt
$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
if (count($cookie) != 3) {
// Malformed cookies
destroyCookies();
mod_login();
exit;
}
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $cookie[0]);
$query->execute() or error(db_error($query));
$user = $query->fetch(PDO::FETCH_ASSOC);
// validate password hash
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies
destroyCookies();
mod_login();
exit;
}
$mod = array('id' => $user['id'], 'type' => $user['type'], 'username' => $cookie[0], 'boards' => explode(',', $user['boards']));
}
function create_pm_header()
{
global $mod, $config;
if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) {
if ($header === true) {
return false;
}
return $header;
}
$query = prepare("SELECT `id` FROM ``pms`` WHERE `to` = :id AND `unread` = 1");
function commentForm($id, $atts = NULL)
{
global $prefs;
extract($prefs);
extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts));
$namewarn = '';
$emailwarn = '';
$commentwarn = '';
$name = pcs('name');
$email = pcs('email');
$web = pcs('web');
extract(doStripTags(doDeEnt(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage')))));
if ($preview) {
$name = ps('name');
$email = ps('email');
$web = ps('web');
$nonce = md5(uniqid(rand(), true));
$secret = md5(uniqid(rand(), true));
safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}', secret='{$secret}'");
$namewarn = $comments_require_name ? !trim($name) ? gTxt('comment_name_required') . br : '' : '';
$emailwarn = $comments_require_email ? !trim($email) ? gTxt('comment_email_required') . br : '' : '';
$commentwarn = !trim($message) ? gTxt('comment_required') . br : '';
}
// If the form fields are filled (anything other than blank), pages
// really should not be saved by a public cache. rfc2616/14.9.1
if ($name || $email || $web) {
header('Cache-Control: private');
}
$parentid = !$parentid ? $id : $parentid;
if (pcs('name') || pcs('email') || pcs('web')) {
// Form-input different from Cookie, let's update the Cookie.
if (cs('name') != ps('name') or cs('email') != ps('email') or cs('web') != ps('web')) {
}
$remember = 1;
}
if ($remember == 1) {
setCookies($name, $email, $web);
}
if ($forget == 1) {
destroyCookies();
}
$out = '<form method="post" action="#cpreview" id="txpCommentInputForm">';
$Form = fetch('Form', 'txp_form', 'name', $form);
$msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : '';
$msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : '';
$msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : '';
$textarea = '<textarea class="txpCommentInputMessage" name="message"' . $msgcols . $msgrows . $msgstyle . ' tabindex="1">' . htmlspecialchars($message) . '</textarea>';
$comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : '';
$checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . gTxt('forget') : checkbox('remember', 1, 1) . gTxt('remember');
$vals = array('comment_name_input' => $namewarn . input('text', 'name', $name, $isize, 'comment_name_input', "2"), 'comment_email_input' => $emailwarn . input('text', 'email', $email, $isize, 'comment_email_input', "3"), 'comment_web_input' => input('text', 'web', $web, $isize, 'comment_web_input', "4"), 'comment_message_input' => $commentwarn . $textarea, 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), 'comment_preview', 'button'), 'comment_submit' => $comment_submit_button);
foreach ($vals as $a => $b) {
$Form = str_replace('<txp:' . $a . ' />', $b, $Form);
}
$form = parse($Form);
$out .= $form;
$out .= graf(fInput('hidden', 'parentid', $parentid));
$out .= $preview ? hInput('nonce', $nonce) : '';
$out .= !$preview ? graf(fInput('hidden', 'backpage', serverset("REQUEST_URI"))) : graf(fInput('hidden', 'backpage', $backpage));
$out .= '</form>';
return $out;
}
function mod_logout()
{
global $config;
destroyCookies();
header('Location: ?/', true, $config['redirect_http']);
}
function check_login($prompt = false)
{
global $config, $mod;
// Validate session
if (isset($_COOKIE[$config['cookies']['mod']])) {
// Should be username:hash:salt
$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
if (count($cookie) != 3) {
// Malformed cookies
destroyCookies();
if ($prompt) {
mod_login();
}
exit;
}
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $cookie[0]);
$query->execute() or error(db_error($query));
$user = $query->fetch(PDO::FETCH_ASSOC);
// validate password hash
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies
destroyCookies();
if ($prompt) {
mod_login();
}
exit;
}
$mod = array('id' => $user['id'], 'type' => $user['type'], 'username' => $cookie[0], 'boards' => explode(',', $user['boards']));
}
if ($config['debug']) {
$parse_start_time = microtime(true);
}
// Fix for magic quotes
if (get_magic_quotes_gpc()) {
function strip_array($var)
{
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
}
function commentForm($id, $atts = NULL)
{
global $prefs;
extract($prefs);
extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts));
$namewarn = false;
$emailwarn = false;
$commentwarn = false;
$name = pcs('name');
$email = clean_url(pcs('email'));
$web = clean_url(pcs('web'));
extract(doStripTags(doDeEnt(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage')))));
if ($preview) {
$name = ps('name');
$email = clean_url(ps('email'));
$web = clean_url(ps('web'));
$nonce = getNextNonce();
$secret = getNextSecret();
safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}', secret='{$secret}'");
$namewarn = $comments_require_name && !trim($name);
$emailwarn = $comments_require_email && !trim($email);
$commentwarn = !trim($message);
$evaluator =& get_comment_evaluator();
if ($namewarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_name_required'));
}
if ($emailwarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_email_required'));
}
if ($commentwarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_required'));
}
}
// If the form fields are filled (anything other than blank), pages
// really should not be saved by a public cache. rfc2616/14.9.1
if ($name || $email || $web) {
header('Cache-Control: private');
}
$parentid = !$parentid ? $id : $parentid;
if (pcs('name') || pcs('email') || pcs('web')) {
// Form-input different from Cookie, let's update the Cookie.
if (cs('name') != ps('name') or cs('email') != ps('email') or cs('web') != ps('web')) {
}
$remember = 1;
}
if ($remember == 1) {
setCookies($name, $email, $web);
}
if ($forget == 1) {
destroyCookies();
}
$url = $GLOBALS['pretext']['request_uri'];
// Experimental clean urls with only 404-error-document on apache
// possibly requires messy urls for POST requests.
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$url = hu . '?id=' . intval($parentid);
}
$out = '<form method="post" action="' . $url . '#cpreview" id="txpCommentInputForm">';
$Form = fetch('Form', 'txp_form', 'name', $form);
$msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : '';
$msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : '';
$msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : '';
$textarea = '<textarea class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . ' name="message" id="message" ' . $msgcols . $msgrows . $msgstyle . '>' . htmlspecialchars($message) . '</textarea>';
$comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : '';
$checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . tag(gTxt('forget'), 'label', ' for="forget"') : checkbox('remember', 1, 1) . tag(gTxt('remember'), 'label', ' for="remember"');
$vals = array('comment_name_input' => input('text', 'name', htmlspecialchars($name), $isize, 'comment_name_input' . ($namewarn ? ' comments_error' : ''), ""), 'comment_email_input' => input('text', 'email', htmlspecialchars($email), $isize, 'comment_email_input' . ($emailwarn ? ' comments_error' : ''), ""), 'comment_web_input' => input('text', 'web', htmlspecialchars($web), $isize, 'comment_web_input', ""), 'comment_message_input' => $textarea . '<!-- plugin-place-holder -->', 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), '', 'button'), 'comment_submit' => $comment_submit_button);
foreach ($vals as $a => $b) {
$Form = str_replace('<txp:' . $a . ' />', $b, $Form);
}
$form = parse($Form);
$out .= $form;
$out .= fInput('hidden', 'parentid', $parentid);
$split = rand(1, 31);
$out .= $preview ? hInput(substr($nonce, 0, $split), substr($nonce, $split)) : '';
$out .= !$preview ? fInput('hidden', 'backpage', serverset("REQUEST_URI")) : fInput('hidden', 'backpage', $backpage);
$out = substr_replace($out, callback_event('comment.form'), strpos($out, '<!-- plugin-place-holder -->'), strlen('<!-- plugin-place-holder -->'));
$out .= '</form>';
return $out;
}
function commentForm($id)
{
global $txpac;
$namewarn = '';
$emailwarn = '';
$commentwarn = '';
$name = pcs('name');
$email = pcs('email');
$web = pcs('web');
extract(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage')));
if ($preview) {
$name = ps('name');
$email = ps('email');
$web = ps('web');
$nonce = md5(uniqid(rand(), true));
safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}'");
$namewarn = $txpac['comments_require_name'] ? !trim($name) ? gTxt('comment_name_required') . br : '' : '';
$emailwarn = $txpac['comments_require_email'] ? !trim($email) ? gTxt('comment_email_required') . br : '' : '';
$commentwarn = !trim($message) ? gTxt('comment_required') . br : '';
}
$parentid = !$parentid ? $id : $parentid;
if ($remember == 1) {
setCookies($name, $email, $web);
}
if ($forget == 1) {
destroyCookies();
}
$out = '<form method="post" action="" style="margin-top:2em">';
$form = fetch('Form', 'txp_form', 'name', 'comment_form');
$textarea = '<textarea name="message" cols="1" rows="1" style="width:300px;height:250px" tabindex="4">' . htmlspecialchars($message) . '</textarea>';
$comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : '';
$checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . gTxt('forget') : checkbox('remember', 1, 1) . gTxt('remember');
$vals = array('comment_name_input' => $namewarn . input('text', 'name', $name, "25", '', "1"), 'comment_email_input' => $emailwarn . input('text', 'email', $email, "25", '', "2"), 'comment_web_input' => input('text', 'web', $web, "25", '', "3"), 'comment_message_input' => $commentwarn . $textarea, 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), '', 'button'), 'comment_submit' => $comment_submit_button);
foreach ($vals as $a => $b) {
$form = str_replace('<txp:' . $a . ' />', $b, $form);
}
$form = parse($form);
$out .= $form;
$out .= graf(fInput('hidden', 'parentid', $parentid));
$out .= $preview ? hInput('nonce', $nonce) : '';
$out .= !$preview ? graf(fInput('hidden', 'backpage', serverset("REQUEST_URI"))) : graf(fInput('hidden', 'backpage', $backpage));
$out .= '</form>';
return $out;
}
function comment_remember($atts)
{
global $thiscommentsform;
extract(lAtts(array('rememberlabel' => $thiscommentsform['rememberlabel'], 'forgetlabel' => $thiscommentsform['forgetlabel']), $atts));
extract(doDeEnt(psa(array('checkbox_type', 'remember', 'forget'))));
if (!ps('preview')) {
$rememberCookie = cs('txp_remember');
if ($rememberCookie === '') {
$checkbox_type = 'remember';
$remember = 1;
} elseif ($rememberCookie == 1) {
$checkbox_type = 'forget';
} else {
$checkbox_type = 'remember';
}
}
if ($checkbox_type == 'forget') {
// Inhibit default remember.
if ($forget == 1) {
destroyCookies();
}
$checkbox = checkbox('forget', 1, $forget, '', 'forget') . ' ' . tag(txpspecialchars($forgetlabel), 'label', ' for="forget"');
} else {
// Inhibit default remember.
if ($remember != 1) {
destroyCookies();
}
$checkbox = checkbox('remember', 1, $remember, '', 'remember') . ' ' . tag(txpspecialchars($rememberlabel), 'label', ' for="remember"');
}
$checkbox .= ' ' . hInput('checkbox_type', $checkbox_type);
return $checkbox;
}
