forked from hultqvist/Comments
-
Notifications
You must be signed in to change notification settings - Fork 0
/
post.php
136 lines (117 loc) · 3.96 KB
/
post.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php
// This is called when comments get posted
header('Content-Type: text/html');
//Allow cross site posting, enable other sites to use your service
//Remove these two header lines if you only use the service from the same site.
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
if(isset($_GET['sid']))
$sid = intval($_GET['sid']);
else
$sid = 0;
if(isset($_GET['page']))
$page = $_GET['page'];
else
$page = null;
require_once('shared.php');
$site = GetSiteConstants($sid);
if(!isset($_REQUEST['ajax']))
echo '<div><a href="'.service_url.'/inc/'.$sid.'/'.urlencode($page).'.html">back</a></div>';
if(urlError)
{
echo '<div class="commentError">'.urlError.'</div>';
return;
}
$commentText = trim($_POST['commentText']);
$commentEmail = filter_var($_POST['commentEmail'], FILTER_SANITIZE_EMAIL);
$commentEmail = strtolower($commentEmail);
//Set email cookie to autofill the email field
$url = parse_url(service_url);
setcookie("email", $commentEmail, time()+3600*365, $url['path'], $url['host'], $url['scheme'] === "https", false);
//Verify input
if(strlen($commentText) === 0)
{
echo '<div class="commentError">Empty text</div>';
return;
}
if($commentEmail != "" && filter_var($commentEmail, FILTER_VALIDATE_EMAIL) === FALSE)
{
echo '<div class="commentError">Invalid email address</div>';
return;
}
//Get poster session
$session = GetSessionConstants();
//Save Comment
if($session && $commentEmail === $session['Email'])
{
//Already verified poster
$res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail, VerifiedIP, VerifiedDate)
VALUES
('.$sid.',
\''.mysql_real_escape_string($page).'\',
\''.mysql_real_escape_string($_SERVER['HTTP_REFERER']).'\',
\''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\',
NOW(),
\''.mysql_real_escape_string($commentText).'\',
\''.mysql_real_escape_string($commentEmail).'\',
\''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\',
NOW()
)')
or die('<div class="commentError">'.mysql_error().'</div>');
UpdateComments($sid, $page);
echo '<div class="commentOk">Comment posted.</div>';
}
else
{
//Non verified comment
$res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail)
VALUES
('.$sid.',
\''.mysql_real_escape_string($page).'\',
\''.mysql_real_escape_string($_SERVER['HTTP_REFERER']).'\',
\''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\',
NOW(),
\''.mysql_real_escape_string($commentText).'\',
\''.mysql_real_escape_string($commentEmail).'\'
)')
or die('<div class="commentError">'.mysql_error().'</div>');
$id = mysql_insert_id();
if($commentEmail)
{
//Get Author
$verificationCode = TRUE;
$res = @mysql_query('SELECT * FROM Authors WHERE Email=\''.mysql_real_escape_String($commentEmail).'\'')
or die('<div class="commentError">'.mysql_error().'</div>');
$row = mysql_fetch_assoc($res);
if($row)
{
//Limit one verification email per day, unless already verified
if($row['VerifyCode'] !== NULL)
{
$vd = strtotime($row['VerifyDate']);
if($vd < time() + 3600*24)
{
echo '<div class="commentOk">Email verification already sent.</div>';
$verificationCode = FALSE;
}
}
}
//Create new VerifyCode
if($verificationCode === TRUE)
{
GenerateAndSendVerificationCode($commentEmail, $site['SiteUrl'].$page);
}
echo '<div class="commentOk">Comment awaits your verification, check your email</div>';
}
else
echo '<div class="commentOk">Comment awaits moderation</div>';
}
//Send email to site owner
$headers = "From: ".service_email."\nReply-To: ".$commentEmail;
mail($site['AdminEmail'], "New comment on ".$page,
"Dashboard: ".service_url."/dashboard/\n".
"Referrer: ".$_SERVER['HTTP_REFERER']."\n".
"From: ".$_SERVER['REMOTE_ADDR']."\n".
"Email: ".$commentEmail.($commentEmail == $session['Email']?'(verified)':'(not checked)')."\n".
"To: ".$page."\n".
$commentText, $headers);