/**
* Save a comment
*
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @param string $title Title of comment
* @param string $comment Text of comment
* @param string $sid ID of object receiving comment
* @param int $pid ID of parent comment
* @param string $type Type of comment this is (article, polls, etc)
* @param string $postmode Indicates if text is HTML or plain text
* @return int 0 for success, > 0 indicates error
*
*/
function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode)
{
global $_CONF, $_TABLES, $_USER, $LANG03;
$ret = 0;
// Get a valid uid
if (empty($_USER['uid'])) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// Sanity check
if (empty($sid) || empty($title) || empty($comment) || empty($type)) {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with one or more missing values.');
if (SESS_isSet('glfusion.commentpresave.error')) {
$msg = SESS_getVar('glfusion.commentpresave.error') . '<br/>' . $LANG03[12];
} else {
$msg = $LANG03[12];
}
SESS_setVar('glfusion.commentpresave.error', $msg);
return $ret = 1;
}
// Check that anonymous comments are allowed
if ($uid == 1 && ($_CONF['loginrequired'] == 1 || $_CONF['commentsloginrequired'] == 1)) {
COM_errorLog("CMT_saveComment: IP address {$_SERVER['REMOTE_ADDR']} " . 'attempted to save a comment with anonymous comments disabled for site.');
return $ret = 2;
}
// Check for people breaking the speed limit
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment');
$last = COM_checkSpeedlimit('comment');
if ($last > 0) {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment before the speed limit expired');
return $ret = 3;
}
// Let plugins have a chance to check for spam
$spamcheck = '<h1>' . $title . '</h1><p>' . $comment . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
// Now check the result and display message if spam action was taken
if ($result > 0) {
// update speed limit nonetheless
COM_updateSpeedlimit('comment');
// then tell them to get lost ...
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
// Let plugins have a chance to decide what to do before saving the comment, return errors.
if ($someError = PLG_commentPreSave($uid, $title, $comment, $sid, $pid, $type, $postmode)) {
return $someError;
}
$title = COM_checkWords(strip_tags($title));
$comment = CMT_prepareText($comment, $postmode);
// check for non-int pid's
// this should just create a top level comment that is a reply to the original item
if (!is_numeric($pid) || $pid < 0) {
$pid = 0;
}
if (!empty($title) && !empty($comment)) {
COM_updateSpeedlimit('comment');
$title = DB_escapeString($title);
$comment = DB_escapeString($comment);
$type = DB_escapeString($type);
// Insert the comment into the comment table
DB_lockTable($_TABLES['comments']);
if ($pid > 0) {
$result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = " . (int) $pid . " AND sid = '" . DB_escapeString($sid) . "'");
list($rht, $indent) = DB_fetchArray($result);
if (!DB_error()) {
DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND lft >= {$rht}");
DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND rht >= {$rht}");
DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "',{$uid},'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht},{$rht}+1,{$indent}+1,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'");
} else {
//replying to non-existent comment or comment in wrong article
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to reply to a non-existent comment or the pid/sid did not match');
$ret = 4;
// Cannot return here, tables locked!
}
} else {
$rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '" . DB_escapeString($sid) . "'");
if (DB_error()) {
$rht = 0;
}
DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "'," . (int) $uid . ",'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht}+1,{$rht}+2,0,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'");
}
$cid = DB_insertId();
//set Anonymous user name if present
if (isset($_POST['username'])) {
$name = strip_tags(USER_sanitizeName($_POST['username']));
DB_change($_TABLES['comments'], 'name', DB_escapeString($name), 'cid', (int) $cid);
}
DB_unlockTable($_TABLES['comments']);
CACHE_remove_instance('whatsnew');
if ($type == 'article') {
CACHE_remove_instance('story_' . $sid);
}
// check to see if user has subscribed....
if (!COM_isAnonUser()) {
if (isset($_POST['subscribe']) && $_POST['subscribe'] == 1) {
$itemInfo = PLG_getItemInfo($type, $sid, 'url,title');
if (isset($itemInfo['title'])) {
$id_desc = $itemInfo['title'];
} else {
$id_desc = 'not defined';
}
$rc = PLG_subscribe('comment', $type, $sid, $uid, $type, $id_desc);
} else {
PLG_unsubscribe('comment', $type, $sid);
}
}
// Send notification of comment if no errors and notications enabled for comments
if ($ret == 0 && isset($_CONF['notification']) && in_array('comment', $_CONF['notification'])) {
CMT_sendNotification($title, $comment, $uid, $_SERVER['REMOTE_ADDR'], $type, $cid);
}
if ($ret == 0) {
PLG_sendSubscriptionNotification('comment', $type, $sid, $cid, $uid);
}
} else {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.');
return $ret = 5;
}
return $ret;
}
function handleunSubscribe($sid, $type)
{
global $_CONF, $_TABLES, $_USER;
$dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url'];
if ($dirty_referer == '') {
$dirty_referer = $_CONF['site_url'];
}
$referer = COM_sanitizeUrl($dirty_referer);
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
if (strcasecmp($referer, $_CONF['site_url'] . '/users.php') == 0) {
$referer = $_CONF['site_url'];
}
$hasargs = strstr($referer, '?');
if ($hasargs) {
$sep = '&';
} else {
$sep = '?';
}
if (COM_isAnonUser()) {
$display = COM_siteHeader();
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
}
$rc = PLG_unsubscribe('comment', $type, $sid);
echo COM_refresh($referer . $sep . 'msg=521' . '#comments');
exit;
}
function handleunSubscribe($album_id)
{
global $_CONF, $_TABLES, $_USER;
$referer = isset($_SERVER['HTTP_REFERER']) ? COM_sanitizeUrl($_SERVER['HTTP_REFERER']) : $_CONF['site_url'];
if ($referer == '') {
$referer = $_CONF['site_url'];
}
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
$hasargs = strstr($referer, '?');
if ($hasargs) {
$sep = '&';
} else {
$sep = '?';
}
$rc = PLG_unsubscribe('mediagallery', '', $album_id);
echo COM_refresh($referer . $sep . 'msg=521');
exit;
}