Exemplo n.º 1
1
 public function addComment()
 {
     $messageArray = array();
     $isAnonymous = false;
     $uniqueId = isset($_POST['wpdiscuz_unique_id']) ? trim($_POST['wpdiscuz_unique_id']) : '';
     $postId = isset($_POST['postId']) ? intval($_POST['postId']) : '';
     if ($uniqueId && $postId) {
         do_action('wpdiscuz_add_comment');
         if (function_exists('zerospam_get_key') && isset($_POST['wpdiscuz_zs']) && ($wpdiscuzZS = $_POST['wpdiscuz_zs'])) {
             $_POST['zerospam_key'] = $wpdiscuzZS == md5(zerospam_get_key()) ? zerospam_get_key() : '';
         }
         $commentDepth = isset($_POST['wc_comment_depth']) && intval($_POST['wc_comment_depth']) ? intval($_POST['wc_comment_depth']) : 1;
         $isInSameContainer = '1';
         $current_user = wp_get_current_user();
         if ($commentDepth > $this->optionsSerialized->wordpressThreadCommentsDepth) {
             $commentDepth = $this->optionsSerialized->wordpressThreadCommentsDepth;
             $isInSameContainer = '0';
         } else {
             if (!$this->optionsSerialized->wordpressThreadComments) {
                 $isInSameContainer = '0';
             }
         }
         $notificationType = isset($_POST['wpdiscuz_notification_type']) ? $_POST['wpdiscuz_notification_type'] : '';
         if ($current_user && $this->helper->isShowCaptcha($current_user->ID) && !class_exists("wpDiscuzReCaptcha") && !$this->optionsSerialized->isGoodbyeCaptchaActive) {
             $captcha = isset($_POST['wc_captcha']) ? trim($_POST['wc_captcha']) : '';
             if ($this->optionsSerialized->isCaptchaInSession) {
                 if (!session_id()) {
                     session_start();
                 }
                 $cnonce = isset($_POST['cnonce']) ? trim($_POST['cnonce']) : '';
                 $sCaptcha = isset($_SESSION['wpdiscuzc'][$cnonce]) ? $_SESSION['wpdiscuzc'][$cnonce] : false;
                 if (!$sCaptcha || md5(strtolower($captcha)) !== $sCaptcha) {
                     $messageArray['code'] = 'wc_invalid_captcha';
                     wp_die(json_encode($messageArray));
                 }
             } else {
                 $key = isset($_POST['cnonce']) ? substr(trim($_POST['cnonce']), self::CAPTCHA_LENGTH) : '';
                 $fileName = isset($_POST['fileName']) ? substr(trim($_POST['fileName']), 0, strlen(trim($_POST['fileName'])) - 4) : '';
                 if (!$this->helper->checkCaptchaFile($key, $fileName, $captcha)) {
                     $messageArray['code'] = 'wc_invalid_captcha';
                     wp_die(json_encode($messageArray));
                 }
             }
         }
         $website_url = '';
         if ($current_user && $current_user->ID) {
             $user = $current_user;
             $user_id = $current_user->ID;
             $name = $current_user->display_name;
             $email = $current_user->user_email;
         } else {
             $user_id = 0;
             $name = isset($_POST['wc_name']) ? filter_var($_POST['wc_name']) : '';
             $email = isset($_POST['wc_email']) ? trim($_POST['wc_email']) : '';
             $website_url = isset($_POST['wc_website']) ? trim($_POST['wc_website']) : '';
             if ($website_url != '' && (strpos($website_url, 'http://') !== '' && strpos($website_url, 'http://') !== 0) && (strpos($website_url, 'https://') !== '' && strpos($website_url, 'https://') !== 0)) {
                 $website_url = 'http://' . $website_url;
             }
             if (!$this->optionsSerialized->isNameFieldRequired) {
                 $name = !$name ? $this->optionsSerialized->phrases['wc_anonymous'] : $name;
             }
             if (!$this->optionsSerialized->isEmailFieldRequired) {
                 if (!$email) {
                     $email = uniqid() . '@example.com';
                     $isAnonymous = true;
                 }
             }
         }
         if ($website_url != '' && filter_var($website_url, FILTER_VALIDATE_URL) === false) {
             $messageArray['code'] = 'wc_error_url_text';
             wp_die(json_encode($messageArray));
         }
         if ($email != '' && filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
             $messageArray['code'] = 'wc_error_email_text';
             wp_die(json_encode($messageArray));
         }
         $comment_content = $this->helper->replaceCommentContentCode(stripslashes(trim($_POST['wc_comment'])));
         $comment_content = wp_kses($comment_content, $this->helper->wc_allowed_tags);
         $commentMinLength = intval($this->optionsSerialized->commentTextMinLength);
         $commentMaxLength = intval($this->optionsSerialized->commentTextMaxLength);
         $contentLength = function_exists('mb_strlen') ? mb_strlen($comment_content) : strlen($comment_content);
         if ($commentMinLength > 0 && $contentLength < $commentMinLength) {
             $messageArray['code'] = 'wc_msg_input_min_length';
             wp_die(json_encode($messageArray));
         }
         if ($commentMaxLength > 0 && $contentLength > $commentMaxLength) {
             $messageArray['code'] = 'wc_msg_input_max_length';
             wp_die(json_encode($messageArray));
         }
         if ($name && $email && $comment_content) {
             $author_ip = $this->helper->getRealIPAddr();
             $uid_data = $this->helper->getUIDData($uniqueId);
             $comment_parent = $uid_data[0];
             $wc_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
             $new_commentdata = array('user_id' => $user_id, 'comment_post_ID' => $postId, 'comment_parent' => $comment_parent, 'comment_author' => $name, 'comment_author_email' => $email, 'comment_content' => $comment_content, 'comment_author_url' => $website_url, 'comment_author_IP' => $author_ip, 'comment_agent' => $wc_user_agent, 'comment_type' => '');
             $new_comment_id = wp_new_comment(wp_slash($new_commentdata));
             $newComment = get_comment($new_comment_id);
             $held_moderate = 1;
             if ($newComment->comment_approved) {
                 $held_moderate = 0;
             }
             if ($notificationType == WpdiscuzCore::SUBSCRIPTION_POST && class_exists('Prompt_Comment_Form_Handling') && $this->optionsSerialized->usePostmaticForCommentNotification) {
                 $_POST[Prompt_Comment_Form_Handling::SUBSCRIBE_CHECKBOX_NAME] = 1;
                 Prompt_Comment_Form_Handling::handle_form($new_comment_id, $newComment->comment_approved);
             } else {
                 if (!$isAnonymous && $notificationType) {
                     $noNeedMemberConfirm = $current_user->ID && $this->optionsSerialized->disableMemberConfirm;
                     $noNeedGuestsConfirm = !$current_user->ID && $this->optionsSerialized->disableGuestsConfirm && $this->dbManager->hasConfirmedSubscription($email);
                     if ($noNeedMemberConfirm || $noNeedGuestsConfirm) {
                         $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT, 1);
                     } else {
                         $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT);
                         $this->emailHelper->confirmEmailSender($postId, $email);
                     }
                 }
             }
             $messageArray['code'] = $uniqueId;
             $messageArray['redirect'] = $this->optionsSerialized->redirectPage;
             $messageArray['new_comment_id'] = $new_comment_id;
             $messageArray['user_name'] = $name;
             $messageArray['user_email'] = $email;
             $messageArray['is_main'] = $comment_parent ? 0 : 1;
             $messageArray['held_moderate'] = $held_moderate;
             $messageArray['is_in_same_container'] = $isInSameContainer;
             $messageArray['wc_all_comments_count_new'] = $this->dbManager->getCommentsCount($postId);
             $commentListArgs = $this->getCommentListArgs($postId);
             $commentListArgs['current_user'] = $current_user;
             $commentListArgs['addComment'] = $commentDepth;
             $messageArray['message'] = wp_list_comments($commentListArgs, array($newComment));
         } else {
             $messageArray['code'] = 'wc_invalid_field';
         }
     } else {
         $messageArray['code'] = 'wc_msg_required_fields';
     }
     $messageArray['callbackFunctions'] = array();
     $messageArray = apply_filters('wpdiscuz_comment_post', $messageArray);
     wp_die(json_encode($messageArray));
 }
Exemplo n.º 2
0
function zerospam_is_valid()
{
    if (!empty($_POST['zerospam_key']) && $_POST['zerospam_key'] == zerospam_get_key()) {
        return true;
    }
    return false;
}
Exemplo n.º 3
0
 /**
  * Pre-process registration fields.
  *
  * Used to create custom validation rules on user registration. This fires
  * when the form is submitted but before user information is saved to the
  * database.
  *
  * @since 2.0.0
  *
  * @link http://codex.wordpress.org/Plugin_API/Action_Reference/register_post
  */
 public function preprocess_registration($errors, $sanitized_user_login, $user_email)
 {
     if (!isset($_POST['zerospam_key']) || $_POST['zerospam_key'] != zerospam_get_key()) {
         do_action('zero_spam_found_spam_registration', $errors, $sanitized_user_login, $user_email);
         if (isset($this->settings['log_spammers']) && '1' == $this->settings['log_spammers']) {
             zerospam_log_spam('registration');
         }
         $errors->add('spam_error', __($this->settings['spammer_msg_registration'], 'zerospam'));
     }
     return $errors;
 }
 public function getOptionsForJs()
 {
     $js_options = array();
     $js_options['wc_hide_replies_text'] = $this->phrases['wc_hide_replies_text'];
     $js_options['wc_show_replies_text'] = $this->phrases['wc_show_replies_text'];
     $js_options['wc_msg_required_fields'] = $this->phrases['wc_msg_required_fields'];
     $js_options['wc_invalid_field'] = $this->phrases['wc_invalid_field'];
     $js_options['wc_invalid_captcha'] = $this->phrases['wc_invalid_captcha'];
     $js_options['wc_error_empty_text'] = $this->phrases['wc_error_empty_text'];
     $js_options['wc_error_url_text'] = $this->phrases['wc_error_url_text'];
     $js_options['wc_error_email_text'] = $this->phrases['wc_error_email_text'];
     $js_options['wc_login_to_vote'] = $this->phrases['wc_login_to_vote'];
     $js_options['wc_deny_voting_from_same_ip'] = $this->phrases['wc_deny_voting_from_same_ip'];
     $js_options['wc_self_vote'] = $this->phrases['wc_self_vote'];
     $js_options['wc_vote_only_one_time'] = $this->phrases['wc_vote_only_one_time'];
     $js_options['wc_voting_error'] = $this->phrases['wc_voting_error'];
     $js_options['wc_captcha_show_hide'] = $this->captchaShowHide;
     $js_options['wc_msg_comment_text_min_length'] = str_replace('%d%', $this->commentTextMinLength, $this->phrases['wc_msg_comment_text_min_length']);
     $js_options['wc_msg_comment_text_max_length'] = str_replace('%d%', $this->commentTextMaxLength, $this->phrases['wc_msg_comment_text_max_length']);
     $js_options['wc_held_for_moderate'] = $this->phrases['wc_held_for_moderate'];
     $js_options['wc_comment_edit_not_possible'] = $this->phrases['wc_comment_edit_not_possible'];
     $js_options['wc_comment_not_updated'] = $this->phrases['wc_comment_not_updated'];
     $js_options['wc_comment_not_edited'] = $this->phrases['wc_comment_not_edited'];
     $js_options['wc_new_comment_button_text'] = $this->phrases['wc_new_comment_button_text'];
     $js_options['wc_new_comments_button_text'] = $this->phrases['wc_new_comments_button_text'];
     $js_options['wc_new_reply_button_text'] = $this->phrases['wc_new_reply_button_text'];
     $js_options['wc_new_replies_button_text'] = $this->phrases['wc_new_replies_button_text'];
     $js_options['wc_captcha_show_hide_for_members'] = $this->captchaShowHideForMembers;
     $js_options['is_email_field_required'] = $this->isEmailFieldRequired;
     $js_options['is_user_logged_in'] = is_user_logged_in();
     $js_options['commentListLoadType'] = $this->commentListLoadType;
     $js_options['commentListUpdateType'] = $this->commentListUpdateType;
     $js_options['commentListUpdateTimer'] = $this->commentListUpdateTimer;
     $js_options['liveUpdateGuests'] = $this->liveUpdateGuests;
     $js_options['wc_comment_bg_color'] = $this->commentBGColor;
     $js_options['wc_reply_bg_color'] = $this->replyBGColor;
     $js_options['wordpress_comment_order'] = $this->wordpressCommentOrder;
     $js_options['commentsVoteOrder'] = $this->showSortingButtons && $this->mostVotedByDefault;
     $js_options['wordpressThreadCommentsDepth'] = $this->wordpressThreadCommentsDepth;
     $js_options['wordpressIsPaginate'] = $this->wordpressIsPaginate;
     if ($this->storeCommenterData < 0) {
         $js_options['storeCommenterData'] = 100000;
     } else {
         if ($this->storeCommenterData == 0) {
             $js_options['storeCommenterData'] = null;
         } else {
             $js_options['storeCommenterData'] = $this->storeCommenterData;
         }
     }
     if (function_exists('zerospam_get_key')) {
         $js_options['wpdiscuz_zs'] = md5(zerospam_get_key());
     }
     return $js_options;
 }
Exemplo n.º 5
0
 public function addComment()
 {
     $messageArray = array();
     $commentData = filter_input(INPUT_POST, 'wpdiscuzAjaxData');
     $isAnonymous = false;
     if ($commentData) {
         parse_str($commentData);
         $postId = isset($postId) ? intval(trim($postId)) : 0;
         if (function_exists('zerospam_get_key') && isset($wpdiscuz_zs)) {
             $_POST['zerospam_key'] = $wpdiscuz_zs == md5(zerospam_get_key()) ? zerospam_get_key() : '';
         }
         if (wp_verify_nonce($wpdiscuz_comment_form_nonce, self::ACTION_FORM_NONCE) && isset($wpdiscuz_unique_id) && $wpdiscuz_unique_id && $postId) {
             $wpdiscuz_unique_id = filter_var($wpdiscuz_unique_id);
             $wc_comment_depth = isset($wc_comment_depth) && intval($wc_comment_depth) ? $wc_comment_depth : 1;
             $isInSameContainer = '1';
             global $current_user;
             get_currentuserinfo();
             if ($wc_comment_depth > $this->optionsSerialized->wordpressThreadCommentsDepth) {
                 $wc_comment_depth = $this->optionsSerialized->wordpressThreadCommentsDepth;
                 $isInSameContainer = '0';
             } else {
                 if (!$this->optionsSerialized->wordpressThreadComments) {
                     $isInSameContainer = '0';
                 }
             }
             $notification_type = isset($wpdiscuz_notification_type) ? $wpdiscuz_notification_type : '';
             if ($this->helper->isShowCaptcha($current_user->ID)) {
                 $key = isset($cnonce) ? substr($cnonce, self::CAPTCHA_LENGTH) : '';
                 $fileName = isset($fileName) ? substr($fileName, 0, strlen($fileName) - 4) : '';
                 $captcha = isset($wc_captcha) ? $wc_captcha : '';
                 if (!$this->helper->checkCaptcha($key, $fileName, $captcha)) {
                     $messageArray['code'] = 'wc_invalid_captcha';
                     wp_die(json_encode($messageArray));
                 }
             }
             $website_url = '';
             if ($current_user->ID) {
                 $user_id = $current_user->ID;
                 $user = $current_user;
                 $name = $current_user->display_name;
                 $email = $current_user->user_email;
             } else {
                 $user_id = 0;
                 $name = isset($wc_name) ? filter_var($wc_name) : '';
                 $email = isset($wc_email) ? trim($wc_email) : '';
                 $website_url = isset($wc_website) ? trim($wc_website) : '';
                 if ($website_url != '' && (strpos($website_url, 'http://') !== '' && strpos($website_url, 'http://') !== 0) && (strpos($website_url, 'https://') !== '' && strpos($website_url, 'https://') !== 0)) {
                     $website_url = 'http://' . $website_url;
                 }
                 if (!$this->optionsSerialized->isNameFieldRequired) {
                     $name = !$name ? __('Anonymous', 'wpdiscuz') : $name;
                 }
                 if (!$this->optionsSerialized->isEmailFieldRequired) {
                     if (!$email) {
                         $email = 'anonymous_' . md5(uniqid() . time()) . '@example.com';
                         $isAnonymous = true;
                     }
                 }
             }
             if ($website_url != '' && filter_var($website_url, FILTER_VALIDATE_URL) === false) {
                 $messageArray['code'] = 'wc_error_url_text';
                 wp_die(json_encode($messageArray));
             }
             if ($email != '' && filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
                 $messageArray['code'] = 'wc_error_email_text';
                 wp_die(json_encode($messageArray));
             }
             $comment_content = wp_kses(trim($wc_comment), $this->helper->wc_allowed_tags);
             $commentMinLength = intval($this->optionsSerialized->commentTextMinLength);
             $commentMaxLength = intval($this->optionsSerialized->commentTextMaxLength);
             $contentLength = function_exists('mb_strlen') ? mb_strlen($comment_content) : strlen($comment_content);
             if ($commentMinLength > 0 && $contentLength < $commentMinLength) {
                 $messageArray['code'] = 'wc_msg_comment_text_min_length';
                 wp_die(json_encode($messageArray));
             }
             if ($commentMaxLength > 0 && $contentLength > $commentMaxLength) {
                 $messageArray['code'] = 'wc_msg_comment_text_max_length';
                 wp_die(json_encode($messageArray));
             }
             if ($name && $email && $comment_content) {
                 $author_ip = $this->helper->getRealIPAddr();
                 $uid_data = $this->helper->getUIDData($wpdiscuz_unique_id);
                 $comment_parent = $uid_data[0];
                 $wc_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
                 $new_commentdata = array('user_id' => $user_id, 'comment_post_ID' => $postId, 'comment_parent' => $comment_parent, 'comment_author' => $name, 'comment_author_email' => $email, 'comment_content' => $comment_content, 'comment_author_url' => $website_url, 'comment_author_IP' => $author_ip, 'comment_agent' => $wc_user_agent, 'comment_type' => '');
                 $new_comment_id = wp_new_comment($new_commentdata);
                 $newComment = get_comment($new_comment_id);
                 $held_moderate = 1;
                 if ($newComment->comment_approved) {
                     $held_moderate = 0;
                 }
                 if ($notification_type == WpdiscuzCore::SUBSCRIPTION_POST && class_exists('Prompt_Comment_Form_Handling') && $this->optionsSerialized->usePostmaticForCommentNotification) {
                     $_POST[Prompt_Comment_Form_Handling::SUBSCRIBE_CHECKBOX_NAME] = 1;
                     Prompt_Comment_Form_Handling::handle_form($new_comment_id, $newComment->comment_approved);
                 } else {
                     if (!$isAnonymous && $notification_type) {
                         if ($current_user->ID && $this->optionsSerialized->disableMemberConfirm) {
                             $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT, 1);
                         } else {
                             $this->dbManager->addEmailNotification($new_comment_id, $postId, $email, self::SUBSCRIPTION_COMMENT);
                             $this->emailHelper->confirmEmailSender($postId, $email);
                         }
                     }
                 }
                 $messageArray['code'] = $wpdiscuz_unique_id;
                 $messageArray['redirect'] = $this->optionsSerialized->redirectPage;
                 $messageArray['new_comment_id'] = $new_comment_id;
                 $messageArray['user_name'] = $name;
                 $messageArray['user_email'] = $email;
                 $messageArray['is_main'] = $comment_parent ? 0 : 1;
                 $messageArray['held_moderate'] = $held_moderate;
                 $messageArray['is_in_same_container'] = $isInSameContainer;
                 $messageArray['wc_all_comments_count_new'] = $this->dbManager->getCommentsCount($postId);
                 $commentListArgs = $this->getCommentListArgs($postId);
                 $commentListArgs['current_user'] = $current_user;
                 $commentListArgs['addComment'] = $wc_comment_depth;
                 $messageArray['message'] = wp_list_comments($commentListArgs, array($newComment));
             } else {
                 $messageArray['code'] = 'wc_invalid_field';
             }
         } else {
             $messageArray['code'] = 'wc_invalid_field';
         }
     } else {
         $messageArray['code'] = 'wc_msg_required_fields';
     }
     wp_die(json_encode($messageArray));
 }
Exemplo n.º 6
0
 public function enqueue_scripts()
 {
     wp_localize_script('zerospam', 'zerospam', array('key' => zerospam_get_key()));
     wp_enqueue_script('zerospam');
 }