/**
* Function: create
* Attempts to create a comment using the passed information. If the Akismet API key is present, it will check it.
*
* Parameters:
* $body - The comment.
* $author - The name of the commenter.
* $url - The commenter's website.
* $email - The commenter's email.
* $post - The <Post> they're commenting on.
* $parent - The <Comment> they're replying to.
* $notify - Notification on follow-up comments.
* $type - The type of comment. Optional, used for trackbacks/pingbacks.
*/
static function create($body, $author, $url, $email, $post, $parent, $notify, $type = null)
{
if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) {
return;
}
$config = Config::current();
$route = Route::current();
$visitor = Visitor::current();
if (!$type) {
$status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status;
$type = "comment";
} else {
$status = $type;
}
if (!empty($config->akismet_api_key)) {
$akismet = new Akismet($config->url, $config->akismet_api_key);
$akismet->setCommentContent($body);
$akismet->setCommentAuthor($author);
$akismet->setCommentAuthorURL($url);
$akismet->setCommentAuthorEmail($email);
$akismet->setPermalink($post->url());
$akismet->setCommentType($type);
$akismet->setReferrer($_SERVER['HTTP_REFERER']);
$akismet->setUserIP($_SERVER['REMOTE_ADDR']);
if ($akismet->isCommentSpam()) {
self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $post->id, $visitor->id, $parent, $notify);
error(__("Spam Comment"), __("Your comment has been marked as spam. It has to be reviewed and/or approved by an admin.", "comments"));
} else {
$comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify);
fallback($_SESSION['comments'], array());
$_SESSION['comments'][] = $comment->id;
if (isset($_POST['ajax'])) {
exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }");
}
Flash::notice(__("Comment added."), $post->url() . "#comments");
}
} else {
$comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify);
fallback($_SESSION['comments'], array());
$_SESSION['comments'][] = $comment->id;
if (isset($_POST['ajax'])) {
exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }");
}
Flash::notice(__("Comment added."), $post->url() . "#comment");
}
}
function report_ham($c)
{
$spam = $this->db->quick_query('SELECT * FROM %pspam WHERE spam_id=%d', $c);
if (!$spam) {
return $this->message('Spam Control', 'There is no such spam comment.', 'Continue', '/index.php?a=spam_control');
}
if ($this->user['user_level'] == USER_CONTRIBUTOR) {
$user = null;
if ($spam['spam_type'] == COMMENT_BLOG) {
$user = $this->db->quick_query('SELECT post_user FROM %blogposts WHERE post_id=%d', $spam['spam_post']);
} else {
if ($spam['spam_type'] == COMMENT_GALLERY) {
$user = $this->db->quick_query('SELECT photo_user FROM %pphotogallery WHERE photo_id=%d', $spam['spam_post']);
} else {
if ($spam['spam_type'] == COMMENT_FILE) {
$user = $this->db->quick_query('SELECT file_user FROM %pfilelist WHERE file_id=%d', $spam['spam_post']);
}
}
}
if (!$user) {
return $this->error('Access Denied: You do not own the entry you are trying to report.');
}
}
$svars = json_decode($spam['spam_server'], true);
// Setup and deliver the information to flag this comment as legit with Akismet.
require_once 'lib/akismet.php';
$akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key'], $this->version);
$akismet->setCommentAuthor($spam['spam_author']);
$akismet->setCommentAuthorURL($spam['spam_url']);
$akismet->setCommentContent($spam['spam_message']);
$akismet->setUserIP($spam['spam_ip']);
$akismet->setReferrer($svars['HTTP_REFERER']);
$akismet->setUserAgent($svars['HTTP_USER_AGENT']);
$akismet->setCommentType('comment');
$akismet->submitHam();
$q = $spam['spam_post'];
$author = $spam['spam_user'];
$author_name = $spam['spam_author'];
$message = $spam['spam_message'];
$url = $spam['spam_url'];
$time = $spam['spam_date'];
$ip = $spam['spam_ip'];
$type = $spam['spam_type'];
$this->settings['spam_count']--;
$this->settings['ham_count']++;
$this->save_settings();
$this->db->dbquery("INSERT INTO %pblogcomments\n\t\t (comment_post, comment_user, comment_author, comment_message, comment_date, comment_ip, comment_type)\n\t\t VALUES ( %d, %d, '%s', '%s', %d, '%s', %d)", $q, $author, $author_name, $message, $time, $ip, $type);
if ($type == COMMENT_BLOG) {
$this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count+1 WHERE post_id=%d', $q);
} elseif ($type == COMMENT_GALLERY) {
$this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count+1 WHERE photo_id=%d', $q);
} elseif ($type == COMMENT_FILE) {
$this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count+1 WHERE file_id=%d', $q);
}
$this->db->dbquery('DELETE FROM %pspam WHERE spam_id=%d', $c);
return $this->message('Spam Control', 'Comment has been posted and Akismet notified of a false positive.', 'Continue', $this->settings['site_address'] . 'index.php?a=spam_control');
}
if (isset($_POST['akismet_submit']) && $config['asacp_akismet_enable'] && $config['asacp_akismet_key'] && ($post_id = request_var('p', 0))) {
$sql = 'SELECT * FROM ' . POSTS_TABLE . '
WHERE post_id = ' . $post_id;
$result = $db->sql_query($sql);
$post = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($post) {
if (!class_exists('Akismet')) {
global $phpbb_root_path, $phpEx;
include $phpbb_root_path . 'antispam/Akismet.class.' . $phpEx;
}
$post['decoded_text'] = $post['post_text'];
decode_message($post['decoded_text'], $post['bbcode_uid']);
$akismet = new Akismet($config['asacp_akismet_domain'], $config['asacp_akismet_key']);
$akismet->setUserIP($post['poster_ip']);
$akismet->setReferrer('');
$akismet->setCommentUserAgent('');
$akismet->setCommentType('comment');
$akismet->setCommentAuthor($user_row['username']);
$akismet->setCommentAuthorEmail($user_row['user_email']);
$akismet->setCommentContent($post['decoded_text']);
$akismet->submitSpam();
}
}
trigger_error(sprintf($user->lang['ASACP_BAN_COMPLETE'], append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&u={$user_id}")));
} else {
if (isset($_REQUEST['confirm_key']) && $error) {
// Hack to fix the confirm_box if we need to come back to it because of an error
unset($_REQUEST['confirm_key']);
}
// Build the ban actions string
function delete_comment()
{
if (!isset($this->get['c'])) {
return $this->message('Delete Comment', 'No comment was specified for editing.');
}
$c = intval($this->get['c']);
$comment = $this->db->quick_query('SELECT c.*, u.* FROM %pblogcomments c
LEFT JOIN %pusers u ON u.user_id=c.comment_user
WHERE comment_id=%d', $c);
if (!$comment) {
return $this->message('Delete Comment', 'No such comment was found for deletion.');
}
if (!isset($this->get['confirm'])) {
$xtpl = new XTemplate('./skins/' . $this->skin . '/AdminCP/post_comment_edit.xtpl');
$xtpl->assign('token', $this->generate_token());
$xtpl->assign('author', htmlspecialchars($comment['user_name']));
$params = POST_BBCODE | POST_EMOTICONS;
$xtpl->assign('text', $this->format($comment['comment_message'], $params));
$xtpl->assign('date', date($this->settings['blog_dateformat'], $comment['comment_date']));
$link = 'admin.php?a=posts&s=del_comment&c=' . $c;
$sp = null;
if (isset($this->get['t']) && $this->get['t'] == 'spam') {
$link .= '&t=spam';
$sp = '<br />This comment will be reported as spam.';
}
$xtpl->assign('action_link', $link);
$xtpl->assign('sp', $sp);
$xtpl->parse('Comment.Delete');
return $xtpl->text('Comment.Delete');
}
if (!$this->is_valid_token()) {
return $this->error('Invalid or expired security token. Please go back, reload the form, and try again.');
}
$out = null;
if (isset($this->get['t']) && $this->get['t'] == 'spam') {
// Time to report the spammer before we delete the comment. Hopefully this is enough info to strike back with.
require_once 'lib/akismet.php';
$akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key']);
$akismet->setCommentAuthor($comment['user_name']);
$akismet->setCommentAuthorURL($comment['user_url']);
$akismet->setCommentContent($comment['comment_message']);
$akismet->setUserIP($comment['comment_ip']);
$akismet->setReferrer($comment['comment_referrer']);
$akismet->setCommentUserAgent($comment['comment_agent']);
$akismet->setCommentType('comment');
$akismet->submitSpam();
$this->settings['spam_count']++;
$this->settings['spam_uncaught']++;
$this->save_settings();
$out .= 'Comment tagged as spam and reported.<br />';
}
$this->db->dbquery('DELETE FROM %pblogcomments WHERE comment_id=%d', $c);
if ($comment['comment_type'] == COMMENT_BLOG) {
$this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count-1 WHERE post_id=%d', $comment['comment_post']);
} elseif ($comment['comment_type'] == COMMENT_GALLERY) {
$this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count-1 WHERE photo_id=%d', $comment['comment_post']);
} elseif ($comment['comment_type'] == COMMENT_FILE) {
$this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count-1 WHERE file_id=%d', $comment['comment_post']);
}
$out .= 'Comment has been deleted.';
return $this->message('Delete Comment', $out, 'Continue', "admin.php?a=posts&s=edit&p={$comment['comment_post']}");
}
static function reportSpam($comments)
{
$config = Config::current();
foreach ($comments as $comment) {
$akismet = new Akismet($config->url, $config->akismet_api_key);
$akismet->setCommentAuthor($comment->author);
$akismet->setCommentAuthorEmail($comment->author_email);
$akismet->setCommentAuthorURL($comment->author_url);
$akismet->setCommentContent($comment->body);
$akismet->setPermalink($comment->post_id);
$akismet->setReferrer($comment->author_agent);
$akismet->setUserIP($comment->author_ip);
$akismet->submitSpam();
}
}
function delete_comment()
{
// Lock this shit down!!!
if ($this->user['user_level'] < USER_PRIVILEGED) {
return $this->module->error('Access Denied: You do not have permission to perform that action.');
}
if (!isset($this->module->get['c'])) {
return $this->module->message('Delete Comment', 'No comment was specified for editing.');
}
$c = intval($this->module->get['c']);
$comment = $this->db->quick_query('SELECT c.*, u.* FROM %pblogcomments c
LEFT JOIN %pusers u ON u.user_id=c.comment_user WHERE comment_id=%d', $c);
if (!$comment) {
return $this->module->message('Delete Comment', 'No such comment was found for deletion.');
}
if ($this->user['user_id'] != $comment['comment_user'] && $this->user['user_level'] < USER_CONTRIBUTOR) {
return $this->module->error('Access Denied: You do not own the comment you are attempting to delete.');
}
// After 3 hours, you're stuck with it if you're a regular member.
if ($this->user['user_level'] == USER_PRIVILEGED && $this->module->time - $comment['comment_date'] > 10800) {
return $this->module->error('Access Denied: You cannot delete your comments after 3 hours have gone by.');
}
$user = null;
if ($comment['comment_type'] == COMMENT_BLOG) {
$user = $this->db->quick_query('SELECT post_user FROM %pblogposts WHERE post_id=%d', $comment['comment_post']);
} elseif ($comment['comment_type'] == COMMENT_GALLERY) {
$user = $this->db->quick_query('SELECT photo_user FROM %pphotogallery WHERE photo_id=%d', $comment['comment_post']);
} elseif ($comment['comment_type'] == COMMENT_FILE) {
$user = $this->db->quick_query('SELECT file_user FROM %pfilelist WHERE file_id=%d', $comment['comment_post']);
}
if (!$user) {
return $this->module->error('Access Denied: You do not own the entry you are trying to edit.');
}
if ($this->user['user_level'] == USER_CONTRIBUTOR) {
switch ($comment['comment_type']) {
case COMMENT_BLOG:
if ($this->user['user_id'] != $user['post_user'] && $this->user['user_id'] != $comment['comment_user']) {
return $this->module->error('Access Denied: You do not own the blog entry you are trying to edit.');
}
break;
case COMMENT_GALLERY:
if ($this->user['user_id'] != $user['photo_user'] && $this->user['user_id'] != $comment['comment_user']) {
return $this->module->error('Access Denied: You do not own the image entry you are trying to edit.');
}
break;
case COMMENT_FILE:
if ($this->user['user_id'] != $user['file_user'] && $this->user['user_id'] != $comment['comment_user']) {
return $this->module->error('Access Denied: You do not own the download entry you are trying to edit.');
}
break;
default:
return $this->module->error('Unknown comment type selected for editing.');
}
}
if (isset($this->module->get['t']) && $this->module->get['t'] == 'spam') {
if ($this->user['user_level'] < USER_CONTRIBUTOR) {
return $this->module->error('Access Denied: You are not authorized to report spam.');
}
}
$page = '';
if ($comment['comment_type'] == COMMENT_BLOG) {
$page = 'blog';
} elseif ($comment['comment_type'] == COMMENT_GALLERY) {
$page = 'gallery';
} elseif ($comment['comment_type'] == COMMENT_FILE) {
$page = 'downloads';
}
if (!isset($this->module->get['confirm'])) {
$author = htmlspecialchars($comment['user_name']);
$params = POST_BBCODE | POST_EMOTICONS;
$text = $this->module->format($comment['comment_message'], $params);
$date = date($this->settings['blog_dateformat'], $comment['comment_date']);
$msg = "<div class=\"title\">Comment by {$author} Posted on: {$date}</div><div class=\"article\">{$text}</div>";
$link = "index.php?a={$page}&s=del_comment&c={$c}&confirm=1";
$sp = null;
if (isset($this->module->get['t']) && $this->module->get['t'] == 'spam') {
$link .= '&t=spam';
$sp = '<br />This comment will be reported as spam.';
}
$msg .= "<div class=\"title\" style=\"text-align:center\">Are you sure you want to delete this comment?{$sp}</div>";
return $this->module->message('DELETE COMMENT', $msg, 'Delete', $link, 0);
}
$out = null;
if (isset($this->module->get['t']) && $this->module->get['t'] == 'spam') {
// Time to report the spammer before we delete the comment. Hopefully this is enough info to strike back with.
require_once 'lib/akismet.php';
$akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key'], $this->module->version);
$akismet->setCommentAuthor($comment['user_name']);
$akismet->setCommentAuthorURL($comment['user_url']);
$akismet->setCommentContent($comment['comment_message']);
$akismet->setUserIP($comment['comment_ip']);
$akismet->setReferrer($comment['comment_referrer']);
$akismet->setCommentUserAgent($comment['comment_agent']);
$akismet->setCommentType('comment');
$akismet->submitSpam();
$this->settings['spam_count']++;
$this->settings['spam_uncaught']++;
$this->module->save_settings();
$out .= 'Comment tagged as spam and reported.<br />';
}
$this->db->dbquery('DELETE FROM %pblogcomments WHERE comment_id=%d', $c);
if ($comment['comment_type'] == COMMENT_BLOG) {
$this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count-1 WHERE post_id=%d', $comment['comment_post']);
} elseif ($comment['comment_type'] == COMMENT_GALLERY) {
$this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count-1 WHERE photo_id=%d', $comment['comment_post']);
} elseif ($comment['comment_type'] == COMMENT_FILE) {
$this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count-1 WHERE file_id=%d', $comment['comment_post']);
}
$out .= 'Comment has been deleted.';
return $this->module->message('Delete Comment', $out, 'Continue', "index.php?a={$page}&p={$comment['comment_post']}");
}
function execute()
{
$svars = array();
$this->title('Spam Control');
if (isset($this->get['s'])) {
switch ($this->get['s']) {
case 'keytest':
return $this->test_akismet_key();
}
}
if (!isset($this->get['p'])) {
return $this->display_spam_comments();
}
if (!$this->is_valid_token()) {
return $this->error('Invalid or expired security token. Please go back, reload the form, and try again.');
}
$p = intval($this->get['p']);
if ($p == 0) {
$this->db->dbquery('TRUNCATE TABLE %pspam');
return $this->message('Spam Control', 'All entries in the spam table have been cleared.', 'Continue', 'admin.php?a=spam');
}
$spam = $this->db->quick_query('SELECT s.*, u.user_name, u.user_url, u.user_id FROM %pspam s
LEFT JOIN %pusers u ON u.user_id=s.spam_user WHERE spam_id=%d', $p);
if (!$spam) {
return $this->message('Spam Control', 'There is no such spam comment.', 'Continue', 'admin.php?a=spam');
}
$out = '';
if (!isset($this->get['s']) || $this->get['s'] != 'delete_spam') {
$svars = json_decode($spam['spam_server'], true);
// Setup and deliver the information to flag this comment as legit with Akismet.
require_once 'lib/akismet.php';
$akismet = new Akismet($this->settings['site_address'], $this->settings['wordpress_api_key'], $this->version);
$akismet->setCommentAuthor($spam['spam_author']);
$akismet->setCommentAuthorURL($spam['user_url']);
$akismet->setCommentContent($spam['spam_message']);
$akismet->setUserIP($spam['spam_ip']);
$akismet->setReferrer($svars['HTTP_REFERER']);
$akismet->setCommentUserAgent($svars['HTTP_USER_AGENT']);
$akismet->setCommentType('Sandbox');
$akismet->submitHam();
$q = $spam['spam_post'];
$author = $spam['user_id'];
$author_name = $spam['spam_author'];
$message = $spam['spam_message'];
$url = $spam['spam_url'];
$time = $spam['spam_date'];
$ip = $spam['spam_ip'];
$type = $spam['spam_type'];
$this->settings['spam_count']--;
$this->settings['ham_count']++;
$this->save_settings();
$this->db->dbquery("INSERT INTO %pblogcomments\n\t\t\t (comment_post, comment_user, comment_author, comment_message, comment_date, comment_ip, comment_type)\n\t\t\t VALUES (%d, %d, '%s', '%s', %d, '%s', %d)", $q, $author, $author_name, $message, $time, $ip, $type);
if ($type == COMMENT_BLOG) {
$this->db->dbquery('UPDATE %pblogposts SET post_comment_count=post_comment_count+1 WHERE post_id=%d', $q);
} elseif ($type == COMMENT_GALLERY) {
$this->db->dbquery('UPDATE %pphotogallery SET photo_comment_count=photo_comment_count+1 WHERE photo_id=%d', $q);
} elseif ($type == COMMENT_FILE) {
$this->db->dbquery('UPDATE %pfilelist SET file_comment_count=file_comment_count+1 WHERE file_id=%d', $q);
}
$out .= 'Comment has been posted and Akismet notified of false positive.<br />';
}
$this->db->dbquery('DELETE FROM %pspam WHERE spam_id=%d', $p);
$out .= 'Message deleted from spam table.';
return $this->message('Spam Control', $out, 'Continue', 'admin.php?a=spam');
}
