function blog_trackback_receive() { global $database, $user, $setting; $is_error = FALSE; // Create trackback class instance $trackback = new Trackback(NULL, NULL, "UTF-8"); // Prepare data $trackback_eid = $trackback->e_id; $trackback_url = trim($trackback->url); $trackback_title = trim($trackback->title); $trackback_excerpt = trim($trackback->excerpt); $trackback_bname = trim($trackback->bname); $trackback_ip = $_SERVER['REMOTE_ADDR']; $trackback_time = time(); $trackback_excerpthash = md5($trackback_excerpt); // Clean body $trackback_excerpt = str_replace("\r\n", "<br />", cleanHTML(censor(htmlspecialchars_decode($trackback_excerpt)), $setting['setting_comment_html'])); // Trackbacks not allowed if (!$user->level_info['level_blog_trackbacks_allow']) { $is_error = 1500013; } // No ID specified if (!$trackback_eid) { $is_error = 1500008; } // Trackback URL is empty if (!$trackback_url) { $is_error = 1500009; } // Get entry info. TODO: switch to SELECT NULL? if (!$is_error) { $sql = "\r\n SELECT\r\n NULL\r\n FROM\r\n se_blogentries\r\n WHERE\r\n se_blogentries.blogentry_id='{$trackback_eid}'\r\n LIMIT\r\n 1\r\n "; $resource = $database->database_query($sql); // Entry not found if (!$database->database_num_rows($resource)) { $is_error = 1500010; } } // See if trackback has already been received if (!$is_error) { $sql = "\r\n SELECT\r\n NULL\r\n FROM\r\n se_blogtrackbacks\r\n WHERE\r\n blogtrackback_blogentry_id='{$trackback_eid}' &&\r\n blogtrackback_name='{$trackback_bname}' &&\r\n blogtrackback_excerpthash='{$trackback_excerpthash}'\r\n LIMIT\r\n 1\r\n "; $resource = $database->database_query($sql); // Already tracked if ($database->database_num_rows($resource)) { $is_error = 1500011; } } // Only 1/15 seconds if (!$is_error) { $trackback_timeout = 15; $sql = "\r\n SELECT\r\n NULL\r\n FROM\r\n se_blogtrackbacks\r\n WHERE\r\n blogtrackback_ip='{$trackback_ip}' &&\r\n blogtrackback_date>" . ($trackback_time - $trackback_timeout) . "\r\n LIMIT\r\n 1\r\n "; $resource = $database->database_query($sql); if ($database->database_num_rows($resource)) { $is_error = 1500012; } } // TODO: antispam // INSERT if (!$is_error) { $sql = "\r\n INSERT INTO se_blogtrackbacks\r\n (\r\n blogtrackback_blogentry_id,\r\n blogtrackback_name,\r\n blogtrackback_title,\r\n blogtrackback_excerpt,\r\n blogtrackback_excerpthash,\r\n blogtrackback_url,\r\n blogtrackback_ip,\r\n blogtrackback_date\r\n ) VALUES (\r\n '{$trackback_eid}',\r\n '{$trackback_bname}',\r\n '{$trackback_title}',\r\n '{$trackback_excerpt}',\r\n '{$trackback_excerpthash}',\r\n '{$trackback_url}',\r\n '{$trackback_ip}',\r\n '{$trackback_time}'\r\n )\r\n "; $resource = $database->database_query($sql); if (!$database->database_affected_rows($resource)) { $is_error = 1500013; } // UPDATE TRACKBACK COUNT $sql = "UPDATE se_blogentries SET blogentry_totaltrackbacks=blogentry_totaltrackbacks+1 WHERE blogentry_id='{$trackback_eid}' LIMIT 1"; $database->database_query($sql); } // LOG if (empty($blogentry_url) && !empty($_SERVER['HTTP_REFERER'])) { $blogentry_url = $_SERVER['HTTP_REFERER']; } if (empty($blogentry_url) && !empty($_SERVER['REMOTE_ADDR'])) { $blogentry_url = $_SERVER['REMOTE_ADDR']; } $sql = "\r\n INSERT INTO se_blogpings\r\n (\r\n blogping_blogentry_id,\r\n blogping_target_url,\r\n blogping_source_url,\r\n blogping_status,\r\n blogping_type,\r\n blogping_ip\r\n ) VALUES (\r\n '{$trackback_eid}',\r\n '" . $database->database_real_escape_string($_SERVER['REQUEST_URI']) . "',\r\n '" . $database->database_real_escape_string($blogentry_url) . "',\r\n '1',\r\n '2',\r\n '{$_SERVER['REMOTE_ADDR']}'\r\n )\r\n "; $resource = $database->database_query($sql); // GET ERROR MESSAGE SE_Language::_preload($is_error ? $is_error : 1500014); SE_Language::load(); $message = SE_Language::_get($is_error ? $is_error : 1500014); return $trackback->recieve(!$is_error, $message); }