Exemplo n.º 1
0
function comments($atts)
{
    global $thisarticle, $prefs, $comment_preview, $pretext;
    extract($prefs);
    extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => $comments_are_ol ? 'ol' : '', 'break' => $comments_are_ol ? 'li' : 'div', 'class' => __FUNCTION__, 'breakclass' => ''), $atts));
    if (is_array($thisarticle)) {
        extract($thisarticle);
    }
    if (@$thisid) {
        $id = $thisid;
    }
    $Form = fetch_form($form);
    if (!empty($comment_preview)) {
        $preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
        $preview['time'] = time();
        $preview['discussid'] = 0;
        $preview['message'] = markup_comment($preview['message']);
        $GLOBALS['thiscomment'] = $preview;
        $comments[] = parse($Form) . n;
        unset($GLOBALS['thiscomment']);
        $out = doWrap($comments, $wraptag, $break, $class, $breakclass);
    } else {
        $rs = safe_rows_start("*, unix_timestamp(posted) as time", "txp_discuss", "parentid='{$id}' and visible='1' order by posted asc");
        $out = '';
        if ($rs) {
            $comments = array();
            while ($vars = nextRow($rs)) {
                $GLOBALS['thiscomment'] = $vars;
                $comments[] = parse($Form) . n;
                unset($GLOBALS['thiscomment']);
            }
            $out .= doWrap($comments, $wraptag, $break, $class, $breakclass);
        }
    }
    return $out;
}
Exemplo n.º 2
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $web = clean_url($web);
    $email = clean_url($email);
    if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
        setCookies($name, $email, $web);
    } else {
        destroyCookies();
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(strip_tags(deEntBrackets($web)));
    $email = doSlash(strip_tags(deEntBrackets($email)));
    $message = substr(trim($message), 0, 65535);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $parentid = assert_int($parentid);
            $rs = safe_insert("txp_discuss", "parentid  = {$parentid},\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '" . doSlash($ip) . "',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = " . intval($visible) . ",\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    update_lastmod();
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
                if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
                    $backpage = permlinkurl_id($parentid);
                }
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                log_hit('302');
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Exemplo n.º 3
0
function comments_preview($atts)
{
    global $has_comments_preview;
    if (!ps('preview')) {
        return;
    }
    extract(lAtts(array('form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts));
    assert_article();
    $preview = psa(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
    $preview['time'] = time();
    $preview['discussid'] = 0;
    $preview['name'] = strip_tags($preview['name']);
    $preview['email'] = clean_url($preview['email']);
    if ($preview['message'] == '') {
        $in = getComment();
        $preview['message'] = $in['message'];
    }
    $preview['message'] = markup_comment(substr(trim($preview['message']), 0, 65535));
    // it is called 'message', not 'novel'
    $preview['web'] = clean_url($preview['web']);
    $GLOBALS['thiscomment'] = $preview;
    $comments = parse_form($form) . n;
    unset($GLOBALS['thiscomment']);
    $out = doTag($comments, $wraptag, $class);
    # set a flag, to tell the comments_form tag that it doesn't have to show a preview
    $has_comments_preview = true;
    return $out;
}
Exemplo n.º 4
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        exit(graf(gTxt('comments_closed')));
    }
    if ($prefs['comments_require_name']) {
        if (!trim($name)) {
            exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if ($prefs['comments_require_email']) {
        if (!trim($email)) {
            exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if (!trim($message)) {
        exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
    }
    $ip = serverset('REMOTE_ADDR');
    $message = trim($message);
    $blacklisted = is_blacklisted($ip);
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if (checkBan($ip)) {
        if ($blacklisted == false) {
            if (!$isdup) {
                if (checkNonce($nonce)) {
                    $visible = $comments_moderate ? 0 : 1;
                    $rs = safe_insert("txp_discuss", "parentid  = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t\t\t posted\t  = now()");
                    if ($rs) {
                        safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
                        if ($prefs['comment_means_site_updated']) {
                            safe_update("txp_prefs", "val=now()", "name='lastmod'");
                        }
                        if ($comments_sendmail) {
                            mail_comment($message, $name, $email, $web, $parentid);
                        }
                        $updated = update_comments_count($parentid);
                        ob_start();
                        $backpage = substr($backpage, 0, $prefs['max_url_len']);
                        $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                        $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
                        if ($comments_moderate) {
                            header('Location: ' . $backpage . '#txpCommentInputForm');
                        } else {
                            header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                        }
                    }
                }
                // end check nonce
            }
            // end check dup
        } else {
            exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
        }
        // end check blacklist
    } else {
        exit(gTxt('you_have_been_banned'));
    }
    // end check site ban
}
function sed_comments($atts)
{
    global $thisarticle, $prefs, $comment_preview, $pretext;
    extract($prefs);
    extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => $comments_are_ol ? 'ol' : '', 'break' => $comments_are_ol ? 'li' : 'div', 'class' => __FUNCTION__, 'breakclass' => '', 'sort' => 'posted ASC'), $atts));
    assert_article();
    if (is_array($thisarticle)) {
        extract($thisarticle);
    }
    if (@$thisid) {
        $id = $thisid;
    }
    #
    #	Extract the sed article overrides...
    #	Access the custom field that houses the vars and explode the string on ';' boundaries.
    #
    $sed_vars = _sed_cp_get_sed_vars(@$thisarticle['sed per-article vars']);
    $sed_vars = lAtts(array('sed_delay' => '0', 'sed_ttl' => '', 'sed_on_cull' => 'hide', 'sed_ttl_grace' => ''), $sed_vars);
    extract($sed_vars);
    if (!empty($comment_preview)) {
        $preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
        $preview['time'] = time();
        $preview['discussid'] = 0;
        $preview['message'] = markup_comment($preview['message']);
        $GLOBALS['thiscomment'] = $preview;
        $comments[] = parse_form($form) . n;
        unset($GLOBALS['thiscomment']);
        $out = doWrap($comments, $wraptag, $break, $class, $breakclass);
    } else {
        $rs = safe_rows_start("*, unix_timestamp(posted) as time", "txp_discuss", 'parentid=' . intval($id) . ' and visible=' . VISIBLE . ' order by ' . doSlash($sort));
        $out = '';
        if ($rs) {
            $comments = array();
            $culled_comments = array();
            while ($vars = nextRow($rs)) {
                $culled = false;
                $show = true;
                $extra = '';
                $now = time();
                $remaining = '';
                #
                #	If the comment is in a deleting page then check if it is to be culled...
                #
                if (!empty($sed_ttl)) {
                    $do_cull_check = true;
                    #
                    #	Are we in any grace period???
                    #
                    if (!empty($sed_ttl_grace) && 0 != $sed_ttl_grace) {
                        $do_cull_check = _sed_cp_if_outside_period($thisarticle['posted'], $sed_ttl_grace, $vars['time'], $remaining);
                    }
                    #
                    #	If not then do the cull checking...
                    #
                    if ($do_cull_check) {
                        $culled = _sed_cp_if_outside_period($vars['time'], $sed_ttl, $now, $remaining);
                    }
                    #
                    #	Display how long to go before culling.
                    #
                    if ($do_cull_check && !$culled) {
                        $vars['message'] .= "<br/><br/><strong>[MARKED FOR DELETION IN {$remaining}.]</strong>";
                    }
                }
                if ($culled) {
                    $extra .= ' culled';
                    $culled_comments[] = $vars;
                    $vars['time'] = $now;
                    $vars['message'] .= "<br/><br/><strong>[DELETED.]</strong>";
                } else {
                    #
                    #	See if the comment is in its "hidden" period.
                    #	This is to try and discourage spam-robots that immediately see if their posts appear live.
                    #
                    if (!empty($sed_delay) && $sed_delay > '0') {
                        $show = _sed_cp_if_outside_period($vars['time'], $sed_delay, $now, $remaining);
                    }
                    #
                    #	Still hidden so show a place-holder comment instead.
                    #
                    if (!$show) {
                        $extra .= ' delay_queue';
                        $vars['name'] = "[DELAYED]";
                        $vars['time'] = $now;
                        $vars['message'] = "A comment has been recorded and is in the delay queue.";
                        $vars['message'] .= "<br/><br/><strong>[REVEALED IN {$remaining}.]</strong>";
                    }
                }
                #
                #	Save the additional css class markup for this comment in the vars before parsing the comment form.
                #
                $vars['sed_class_extra'] = $extra;
                $GLOBALS['thiscomment'] = $vars;
                $comments[] = parse_form($form) . n;
                unset($GLOBALS['thiscomment']);
            }
            $out .= doWrap($comments, $wraptag, $break, $class, $breakclass);
            #
            #	Process the culled list...
            #
            if (!empty($culled_comments)) {
                foreach ($culled_comments as $comment) {
                    if ('delete' == $sed_on_cull) {
                        _sed_cp_delete_comment($comment);
                    } else {
                        _sed_cp_update_comment($comment, $sed_on_cull);
                    }
                }
                update_comments_count($id);
            }
        }
    }
    return $out;
}
Exemplo n.º 6
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message = trim($message);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $rs = safe_insert("txp_discuss", "parentid  = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    safe_update("txp_prefs", "val=now()", "name='lastmod'");
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                if ($prefs['logging'] == 'refer') {
                    logit('refer');
                } elseif ($prefs['logging'] == 'all') {
                    logit();
                }
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Exemplo n.º 7
0
/**
 * Display a comment form to post new comments
 * and display the whole comment thread
 * @param int $pos_id
 */
function display_comment_thread($post_id)
{
    $output = false;
    $count = 0;
    if (post_exist((int) $post_id)) {
        $coms = get_comments_byPOST((int) $post_id);
        $count += count($coms['comment_parent']);
        $count += count($coms['comment_children']);
        $output = '<div id="comments-post-' . $post_id . '" class="post-comments">';
        $output .= '<div class="post-comment-head">';
        $output .= '<h2>Discussion</h2>';
        $output .= $count > 0 ? sprintf('<h4>%s Comments</h4>', $count) : '<h4>Be the first to comment</h4>';
        $output .= '</div>';
        $output .= '<div class="comment-form-box">';
        $output .= display_comment_box((int) $post_id);
        $output .= '</div>';
        if (is_array($coms) && isset($coms['comment_parent']) && !empty($coms['comment_parent'])) {
            $output .= markup_comment($post_id, $coms['comment_parent'], $coms['comment_children']);
        } else {
            $output .= '<ul class="comment-thread"><li id="post-thread-' . $post_id . '"></li></ul>';
        }
        $output .= '</div>';
    }
    return $output;
}
Exemplo n.º 8
0
function comments_preview($atts, $thing = '', $me = '')
{
    global $thisarticle, $has_comments_preview;
    if (!ps('preview')) {
        return;
    }
    extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts));
    assert_article();
    if (is_array($thisarticle)) {
        extract($thisarticle);
    }
    if (@$thisid) {
        $id = $thisid;
    }
    $Form = fetch_form($form);
    $preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
    $preview['time'] = time();
    $preview['discussid'] = 0;
    if ($preview['message'] == '') {
        $in = getComment();
        $preview['message'] = $in['message'];
    }
    $preview['message'] = markup_comment($preview['message']);
    $GLOBALS['thiscomment'] = $preview;
    $comments = parse($Form) . n;
    unset($GLOBALS['thiscomment']);
    $out = doTag($comments, $wraptag, $class);
    # set a flag, to tell the comments_form tag that it doesn't have to show a preview
    $has_comments_preview = true;
    return $out;
}
Exemplo n.º 9
0
function comments_preview($atts, $thing = '', $me = '')
{
    global $thisarticle;
    if (!ps('preview')) {
        return;
    }
    extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'bc' => false, 'wraptag' => '', 'class' => __FUNCTION__), $atts));
    //FIXME for crockery. This emulates the old hardcoded preview behaviour.
    if ($bc) {
        if (@$GLOBALS['pretext']['secondpass'] == false) {
            return $me;
        }
        if (@$GLOBALS['pretext']['comments_preview_shown']) {
            return '';
        } else {
            return '<a id="cpreview"></a>' . discuss($id);
        }
    }
    $GLOBALS['pretext']['comments_preview_shown'] = true;
    if (is_array($thisarticle)) {
        extract($thisarticle);
    }
    if (@$thisid) {
        $id = $thisid;
    }
    $Form = fetch_form($form);
    $preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
    $preview['time'] = time();
    $preview['discussid'] = 0;
    $preview['message'] = markup_comment($preview['message']);
    $GLOBALS['thiscomment'] = $preview;
    $comments = parse($Form) . n;
    unset($GLOBALS['thiscomment']);
    $out = doTag($comments, $wraptag, $class);
    return $out;
}