/** * Function: create * Attempts to create a comment using the passed information. If the Akismet API key is present, it will check it. * * Parameters: * $body - The comment. * $author - The name of the commenter. * $url - The commenter's website. * $email - The commenter's email. * $post - The <Post> they're commenting on. * $parent - The <Comment> they're replying to. * $notify - Notification on follow-up comments. * $type - The type of comment. Optional, used for trackbacks/pingbacks. */ static function create($body, $author, $url, $email, $post, $parent, $notify, $type = null) { if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) { return; } $config = Config::current(); $route = Route::current(); $visitor = Visitor::current(); if (!$type) { $status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status; $type = "comment"; } else { $status = $type; } if (!empty($config->akismet_api_key)) { $akismet = new Akismet($config->url, $config->akismet_api_key); $akismet->setCommentContent($body); $akismet->setCommentAuthor($author); $akismet->setCommentAuthorURL($url); $akismet->setCommentAuthorEmail($email); $akismet->setPermalink($post->url()); $akismet->setCommentType($type); $akismet->setReferrer($_SERVER['HTTP_REFERER']); $akismet->setUserIP($_SERVER['REMOTE_ADDR']); if ($akismet->isCommentSpam()) { self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $post->id, $visitor->id, $parent, $notify); error(__("Spam Comment"), __("Your comment has been marked as spam. It has to be reviewed and/or approved by an admin.", "comments")); } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comments"); } } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comment"); } }
function report_ham($c) { $spam = $this->db->quick_query('SELECT * FROM %pspam WHERE spam_id=%d', $c); if (!$spam) { return $this->message('Spam Control', 'There is no such spam comment.', 'Continue', '/index.php?a=spam_control'); } if ($this->user['user_level'] == USER_CONTRIBUTOR) { $user = null; if ($spam['spam_type'] == COMMENT_BLOG) { $user = $this->db->quick_query('SELECT post_user FROM %blogposts WHERE post_id=%d', $spam['spam_post']); } else { if ($spam['spam_type'] == COMMENT_GALLERY) { $user = $this->db->quick_query('SELECT photo_user FROM %pphotogallery WHERE photo_id=%d', $spam['spam_post']); } else { if ($spam['spam_type'] == COMMENT_FILE) { $user = $this->db->quick_query('SELECT file_user FROM %pfilelist WHERE file_id=%d', $spam['spam_post']); } } } if (!$user) { return $this->error('Access Denied: You do not own the entry you are trying to report.'); } } $svars = json_decode($spam['spam_server'], true); // Setup and deliver the information to flag this comment as legit with Akismet. require_once 'lib/akismet.php'; $akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key'], $this->version); $akismet->setCommentAuthor($spam['spam_author']); $akismet->setCommentAuthorURL($spam['spam_url']); $akismet->setCommentContent($spam['spam_message']); $akismet->setUserIP($spam['spam_ip']); $akismet->setReferrer($svars['HTTP_REFERER']); $akismet->setUserAgent($svars['HTTP_USER_AGENT']); $akismet->setCommentType('comment'); $akismet->submitHam(); $q = $spam['spam_post']; $author = $spam['spam_user']; $author_name = $spam['spam_author']; $message = $spam['spam_message']; $url = $spam['spam_url']; $time = $spam['spam_date']; $ip = $spam['spam_ip']; $type = $spam['spam_type']; $this->settings['spam_count']--; $this->settings['ham_count']++; $this->save_settings(); $this->db->dbquery("INSERT INTO %pblogcomments\n\t\t (comment_post, comment_user, comment_author, comment_message, comment_date, comment_ip, comment_type)\n\t\t VALUES ( %d, %d, '%s', '%s', %d, '%s', %d)", $q, $author, $author_name, $message, $time, $ip, $type); if ($type == COMMENT_BLOG) { $this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count+1 WHERE post_id=%d', $q); } elseif ($type == COMMENT_GALLERY) { $this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count+1 WHERE photo_id=%d', $q); } elseif ($type == COMMENT_FILE) { $this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count+1 WHERE file_id=%d', $q); } $this->db->dbquery('DELETE FROM %pspam WHERE spam_id=%d', $c); return $this->message('Spam Control', 'Comment has been posted and Akismet notified of a false positive.', 'Continue', $this->settings['site_address'] . 'index.php?a=spam_control'); }
if (isset($_POST['akismet_submit']) && $config['asacp_akismet_enable'] && $config['asacp_akismet_key'] && ($post_id = request_var('p', 0))) { $sql = 'SELECT * FROM ' . POSTS_TABLE . ' WHERE post_id = ' . $post_id; $result = $db->sql_query($sql); $post = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($post) { if (!class_exists('Akismet')) { global $phpbb_root_path, $phpEx; include $phpbb_root_path . 'antispam/Akismet.class.' . $phpEx; } $post['decoded_text'] = $post['post_text']; decode_message($post['decoded_text'], $post['bbcode_uid']); $akismet = new Akismet($config['asacp_akismet_domain'], $config['asacp_akismet_key']); $akismet->setUserIP($post['poster_ip']); $akismet->setReferrer(''); $akismet->setCommentUserAgent(''); $akismet->setCommentType('comment'); $akismet->setCommentAuthor($user_row['username']); $akismet->setCommentAuthorEmail($user_row['user_email']); $akismet->setCommentContent($post['decoded_text']); $akismet->submitSpam(); } } trigger_error(sprintf($user->lang['ASACP_BAN_COMPLETE'], append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&u={$user_id}"))); } else { if (isset($_REQUEST['confirm_key']) && $error) { // Hack to fix the confirm_box if we need to come back to it because of an error unset($_REQUEST['confirm_key']); } // Build the ban actions string
function delete_comment() { if (!isset($this->get['c'])) { return $this->message('Delete Comment', 'No comment was specified for editing.'); } $c = intval($this->get['c']); $comment = $this->db->quick_query('SELECT c.*, u.* FROM %pblogcomments c LEFT JOIN %pusers u ON u.user_id=c.comment_user WHERE comment_id=%d', $c); if (!$comment) { return $this->message('Delete Comment', 'No such comment was found for deletion.'); } if (!isset($this->get['confirm'])) { $xtpl = new XTemplate('./skins/' . $this->skin . '/AdminCP/post_comment_edit.xtpl'); $xtpl->assign('token', $this->generate_token()); $xtpl->assign('author', htmlspecialchars($comment['user_name'])); $params = POST_BBCODE | POST_EMOTICONS; $xtpl->assign('text', $this->format($comment['comment_message'], $params)); $xtpl->assign('date', date($this->settings['blog_dateformat'], $comment['comment_date'])); $link = 'admin.php?a=posts&s=del_comment&c=' . $c; $sp = null; if (isset($this->get['t']) && $this->get['t'] == 'spam') { $link .= '&t=spam'; $sp = '<br />This comment will be reported as spam.'; } $xtpl->assign('action_link', $link); $xtpl->assign('sp', $sp); $xtpl->parse('Comment.Delete'); return $xtpl->text('Comment.Delete'); } if (!$this->is_valid_token()) { return $this->error('Invalid or expired security token. Please go back, reload the form, and try again.'); } $out = null; if (isset($this->get['t']) && $this->get['t'] == 'spam') { // Time to report the spammer before we delete the comment. Hopefully this is enough info to strike back with. require_once 'lib/akismet.php'; $akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key']); $akismet->setCommentAuthor($comment['user_name']); $akismet->setCommentAuthorURL($comment['user_url']); $akismet->setCommentContent($comment['comment_message']); $akismet->setUserIP($comment['comment_ip']); $akismet->setReferrer($comment['comment_referrer']); $akismet->setCommentUserAgent($comment['comment_agent']); $akismet->setCommentType('comment'); $akismet->submitSpam(); $this->settings['spam_count']++; $this->settings['spam_uncaught']++; $this->save_settings(); $out .= 'Comment tagged as spam and reported.<br />'; } $this->db->dbquery('DELETE FROM %pblogcomments WHERE comment_id=%d', $c); if ($comment['comment_type'] == COMMENT_BLOG) { $this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count-1 WHERE post_id=%d', $comment['comment_post']); } elseif ($comment['comment_type'] == COMMENT_GALLERY) { $this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count-1 WHERE photo_id=%d', $comment['comment_post']); } elseif ($comment['comment_type'] == COMMENT_FILE) { $this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count-1 WHERE file_id=%d', $comment['comment_post']); } $out .= 'Comment has been deleted.'; return $this->message('Delete Comment', $out, 'Continue', "admin.php?a=posts&s=edit&p={$comment['comment_post']}"); }
static function reportSpam($comments) { $config = Config::current(); foreach ($comments as $comment) { $akismet = new Akismet($config->url, $config->akismet_api_key); $akismet->setCommentAuthor($comment->author); $akismet->setCommentAuthorEmail($comment->author_email); $akismet->setCommentAuthorURL($comment->author_url); $akismet->setCommentContent($comment->body); $akismet->setPermalink($comment->post_id); $akismet->setReferrer($comment->author_agent); $akismet->setUserIP($comment->author_ip); $akismet->submitSpam(); } }
function delete_comment() { // Lock this shit down!!! if ($this->user['user_level'] < USER_PRIVILEGED) { return $this->module->error('Access Denied: You do not have permission to perform that action.'); } if (!isset($this->module->get['c'])) { return $this->module->message('Delete Comment', 'No comment was specified for editing.'); } $c = intval($this->module->get['c']); $comment = $this->db->quick_query('SELECT c.*, u.* FROM %pblogcomments c LEFT JOIN %pusers u ON u.user_id=c.comment_user WHERE comment_id=%d', $c); if (!$comment) { return $this->module->message('Delete Comment', 'No such comment was found for deletion.'); } if ($this->user['user_id'] != $comment['comment_user'] && $this->user['user_level'] < USER_CONTRIBUTOR) { return $this->module->error('Access Denied: You do not own the comment you are attempting to delete.'); } // After 3 hours, you're stuck with it if you're a regular member. if ($this->user['user_level'] == USER_PRIVILEGED && $this->module->time - $comment['comment_date'] > 10800) { return $this->module->error('Access Denied: You cannot delete your comments after 3 hours have gone by.'); } $user = null; if ($comment['comment_type'] == COMMENT_BLOG) { $user = $this->db->quick_query('SELECT post_user FROM %pblogposts WHERE post_id=%d', $comment['comment_post']); } elseif ($comment['comment_type'] == COMMENT_GALLERY) { $user = $this->db->quick_query('SELECT photo_user FROM %pphotogallery WHERE photo_id=%d', $comment['comment_post']); } elseif ($comment['comment_type'] == COMMENT_FILE) { $user = $this->db->quick_query('SELECT file_user FROM %pfilelist WHERE file_id=%d', $comment['comment_post']); } if (!$user) { return $this->module->error('Access Denied: You do not own the entry you are trying to edit.'); } if ($this->user['user_level'] == USER_CONTRIBUTOR) { switch ($comment['comment_type']) { case COMMENT_BLOG: if ($this->user['user_id'] != $user['post_user'] && $this->user['user_id'] != $comment['comment_user']) { return $this->module->error('Access Denied: You do not own the blog entry you are trying to edit.'); } break; case COMMENT_GALLERY: if ($this->user['user_id'] != $user['photo_user'] && $this->user['user_id'] != $comment['comment_user']) { return $this->module->error('Access Denied: You do not own the image entry you are trying to edit.'); } break; case COMMENT_FILE: if ($this->user['user_id'] != $user['file_user'] && $this->user['user_id'] != $comment['comment_user']) { return $this->module->error('Access Denied: You do not own the download entry you are trying to edit.'); } break; default: return $this->module->error('Unknown comment type selected for editing.'); } } if (isset($this->module->get['t']) && $this->module->get['t'] == 'spam') { if ($this->user['user_level'] < USER_CONTRIBUTOR) { return $this->module->error('Access Denied: You are not authorized to report spam.'); } } $page = ''; if ($comment['comment_type'] == COMMENT_BLOG) { $page = 'blog'; } elseif ($comment['comment_type'] == COMMENT_GALLERY) { $page = 'gallery'; } elseif ($comment['comment_type'] == COMMENT_FILE) { $page = 'downloads'; } if (!isset($this->module->get['confirm'])) { $author = htmlspecialchars($comment['user_name']); $params = POST_BBCODE | POST_EMOTICONS; $text = $this->module->format($comment['comment_message'], $params); $date = date($this->settings['blog_dateformat'], $comment['comment_date']); $msg = "<div class=\"title\">Comment by {$author} Posted on: {$date}</div><div class=\"article\">{$text}</div>"; $link = "index.php?a={$page}&s=del_comment&c={$c}&confirm=1"; $sp = null; if (isset($this->module->get['t']) && $this->module->get['t'] == 'spam') { $link .= '&t=spam'; $sp = '<br />This comment will be reported as spam.'; } $msg .= "<div class=\"title\" style=\"text-align:center\">Are you sure you want to delete this comment?{$sp}</div>"; return $this->module->message('DELETE COMMENT', $msg, 'Delete', $link, 0); } $out = null; if (isset($this->module->get['t']) && $this->module->get['t'] == 'spam') { // Time to report the spammer before we delete the comment. Hopefully this is enough info to strike back with. require_once 'lib/akismet.php'; $akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key'], $this->module->version); $akismet->setCommentAuthor($comment['user_name']); $akismet->setCommentAuthorURL($comment['user_url']); $akismet->setCommentContent($comment['comment_message']); $akismet->setUserIP($comment['comment_ip']); $akismet->setReferrer($comment['comment_referrer']); $akismet->setCommentUserAgent($comment['comment_agent']); $akismet->setCommentType('comment'); $akismet->submitSpam(); $this->settings['spam_count']++; $this->settings['spam_uncaught']++; $this->module->save_settings(); $out .= 'Comment tagged as spam and reported.<br />'; } $this->db->dbquery('DELETE FROM %pblogcomments WHERE comment_id=%d', $c); if ($comment['comment_type'] == COMMENT_BLOG) { $this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count-1 WHERE post_id=%d', $comment['comment_post']); } elseif ($comment['comment_type'] == COMMENT_GALLERY) { $this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count-1 WHERE photo_id=%d', $comment['comment_post']); } elseif ($comment['comment_type'] == COMMENT_FILE) { $this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count-1 WHERE file_id=%d', $comment['comment_post']); } $out .= 'Comment has been deleted.'; return $this->module->message('Delete Comment', $out, 'Continue', "index.php?a={$page}&p={$comment['comment_post']}"); }
function execute() { $svars = array(); $this->title('Spam Control'); if (isset($this->get['s'])) { switch ($this->get['s']) { case 'keytest': return $this->test_akismet_key(); } } if (!isset($this->get['p'])) { return $this->display_spam_comments(); } if (!$this->is_valid_token()) { return $this->error('Invalid or expired security token. Please go back, reload the form, and try again.'); } $p = intval($this->get['p']); if ($p == 0) { $this->db->dbquery('TRUNCATE TABLE %pspam'); return $this->message('Spam Control', 'All entries in the spam table have been cleared.', 'Continue', 'admin.php?a=spam'); } $spam = $this->db->quick_query('SELECT s.*, u.user_name, u.user_url, u.user_id FROM %pspam s LEFT JOIN %pusers u ON u.user_id=s.spam_user WHERE spam_id=%d', $p); if (!$spam) { return $this->message('Spam Control', 'There is no such spam comment.', 'Continue', 'admin.php?a=spam'); } $out = ''; if (!isset($this->get['s']) || $this->get['s'] != 'delete_spam') { $svars = json_decode($spam['spam_server'], true); // Setup and deliver the information to flag this comment as legit with Akismet. require_once 'lib/akismet.php'; $akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key'], $this->version); $akismet->setCommentAuthor($spam['spam_author']); $akismet->setCommentAuthorURL($spam['user_url']); $akismet->setCommentContent($spam['spam_message']); $akismet->setUserIP($spam['spam_ip']); $akismet->setReferrer($svars['HTTP_REFERER']); $akismet->setCommentUserAgent($svars['HTTP_USER_AGENT']); $akismet->setCommentType('Sandbox'); $akismet->submitHam(); $q = $spam['spam_post']; $author = $spam['user_id']; $author_name = $spam['spam_author']; $message = $spam['spam_message']; $url = $spam['spam_url']; $time = $spam['spam_date']; $ip = $spam['spam_ip']; $type = $spam['spam_type']; $this->settings['spam_count']--; $this->settings['ham_count']++; $this->save_settings(); $this->db->dbquery("INSERT INTO %pblogcomments\n\t\t\t (comment_post, comment_user, comment_author, comment_message, comment_date, comment_ip, comment_type)\n\t\t\t VALUES (%d, %d, '%s', '%s', %d, '%s', %d)", $q, $author, $author_name, $message, $time, $ip, $type); if ($type == COMMENT_BLOG) { $this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count+1 WHERE post_id=%d', $q); } elseif ($type == COMMENT_GALLERY) { $this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count+1 WHERE photo_id=%d', $q); } elseif ($type == COMMENT_FILE) { $this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count+1 WHERE file_id=%d', $q); } $out .= 'Comment has been posted and Akismet notified of false positive.<br />'; } $this->db->dbquery('DELETE FROM %pspam WHERE spam_id=%d', $p); $out .= 'Message deleted from spam table.'; return $this->message('Spam Control', $out, 'Continue', 'admin.php?a=spam'); }