function commentForm($id, $atts = NULL)
{
global $prefs;
extract($prefs);
extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts));
$namewarn = false;
$emailwarn = false;
$commentwarn = false;
$name = pcs('name');
$email = clean_url(pcs('email'));
$web = clean_url(pcs('web'));
extract(doStripTags(doDeEnt(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage')))));
if ($preview) {
$name = ps('name');
$email = clean_url(ps('email'));
$web = clean_url(ps('web'));
$nonce = getNextNonce();
$secret = getNextSecret();
safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}', secret='{$secret}'");
$namewarn = $comments_require_name && !trim($name);
$emailwarn = $comments_require_email && !trim($email);
$commentwarn = !trim($message);
$evaluator =& get_comment_evaluator();
if ($namewarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_name_required'));
}
if ($emailwarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_email_required'));
}
if ($commentwarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_required'));
}
}
// If the form fields are filled (anything other than blank), pages
// really should not be saved by a public cache. rfc2616/14.9.1
if ($name || $email || $web) {
header('Cache-Control: private');
}
$parentid = !$parentid ? $id : $parentid;
if (pcs('name') || pcs('email') || pcs('web')) {
// Form-input different from Cookie, let's update the Cookie.
if (cs('name') != ps('name') or cs('email') != ps('email') or cs('web') != ps('web')) {
}
$remember = 1;
}
if ($remember == 1) {
setCookies($name, $email, $web);
}
if ($forget == 1) {
destroyCookies();
}
$url = $GLOBALS['pretext']['request_uri'];
// Experimental clean urls with only 404-error-document on apache
// possibly requires messy urls for POST requests.
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$url = hu . '?id=' . intval($parentid);
}
$out = '<form method="post" action="' . $url . '#cpreview" id="txpCommentInputForm">';
$Form = fetch('Form', 'txp_form', 'name', $form);
$msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : '';
$msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : '';
$msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : '';
$textarea = '<textarea class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . ' name="message" id="message" ' . $msgcols . $msgrows . $msgstyle . '>' . htmlspecialchars($message) . '</textarea>';
$comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : '';
$checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . tag(gTxt('forget'), 'label', ' for="forget"') : checkbox('remember', 1, 1) . tag(gTxt('remember'), 'label', ' for="remember"');
$vals = array('comment_name_input' => input('text', 'name', htmlspecialchars($name), $isize, 'comment_name_input' . ($namewarn ? ' comments_error' : ''), ""), 'comment_email_input' => input('text', 'email', htmlspecialchars($email), $isize, 'comment_email_input' . ($emailwarn ? ' comments_error' : ''), ""), 'comment_web_input' => input('text', 'web', htmlspecialchars($web), $isize, 'comment_web_input', ""), 'comment_message_input' => $textarea . '<!-- plugin-place-holder -->', 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), '', 'button'), 'comment_submit' => $comment_submit_button);
foreach ($vals as $a => $b) {
$Form = str_replace('<txp:' . $a . ' />', $b, $Form);
}
$form = parse($Form);
$out .= $form;
$out .= fInput('hidden', 'parentid', $parentid);
$split = rand(1, 31);
$out .= $preview ? hInput(substr($nonce, 0, $split), substr($nonce, $split)) : '';
$out .= !$preview ? fInput('hidden', 'backpage', serverset("REQUEST_URI")) : fInput('hidden', 'backpage', $backpage);
$out = substr_replace($out, callback_event('comment.form'), strpos($out, '<!-- plugin-place-holder -->'), strlen('<!-- plugin-place-holder -->'));
$out .= '</form>';
return $out;
}
function commentForm($id, $atts = NULL)
{
global $prefs;
extract($prefs);
extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts, 0));
$namewarn = false;
$emailwarn = false;
$commentwarn = false;
$name = pcs('name');
$email = clean_url(pcs('email'));
$web = clean_url(pcs('web'));
$n_message = 'message';
extract(doDeEnt(psa(array('checkbox_type', 'remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage'))));
if ($message == '') {
//Second or later preview will have randomized message-field name
$in = getComment();
$message = doDeEnt($in['message']);
}
if ($preview) {
$name = ps('name');
$email = clean_url(ps('email'));
$web = clean_url(ps('web'));
$nonce = getNextNonce();
$secret = getNextSecret();
safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='" . doSlash($nonce) . "', secret='" . doSlash($secret) . "'");
$n_message = md5('message' . $secret);
$namewarn = $comments_require_name && !trim($name);
$emailwarn = $comments_require_email && !trim($email);
$commentwarn = !trim($message);
$evaluator =& get_comment_evaluator();
if ($namewarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_name_required'));
}
if ($emailwarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_email_required'));
}
if ($commentwarn) {
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_required'));
}
} else {
$rememberCookie = cs('txp_remember');
if ($rememberCookie === '') {
$checkbox_type = 'remember';
$remember = 1;
} else {
if ($rememberCookie == 1) {
$checkbox_type = 'forget';
} else {
$checkbox_type = 'remember';
}
}
}
// If the form fields are filled (anything other than blank), pages
// really should not be saved by a public cache. rfc2616/14.9.1
if ($name || $email || $web) {
header('Cache-Control: private');
}
$parentid = !$parentid ? $id : $parentid;
$url = $GLOBALS['pretext']['request_uri'];
// Experimental clean urls with only 404-error-document on apache
// possibly requires messy urls for POST requests.
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$url = hu . '?id=' . intval($parentid);
}
$out = '<form id="txpCommentInputForm" method="post" action="' . htmlspecialchars($url) . '#cpreview">' . n . '<div class="comments-wrapper">' . n . n;
$Form = fetch('Form', 'txp_form', 'name', $form);
$msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : '';
$msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : '';
$msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : '';
$textarea = '<textarea id="message" name="' . $n_message . '"' . $msgcols . $msgrows . $msgstyle . ' class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . '>' . htmlspecialchars(substr(trim($message), 0, 65535)) . '</textarea>';
// by default, the submit button is visible but disabled
$comment_submit_button = fInput('submit', 'submit', gTxt('submit'), 'button disabled', '', '', '', '', 'txpCommentSubmit', true);
// if all fields checkout, the submit button is active/clickable
if ($preview) {
$comment_submit_button = fInput('submit', 'submit', gTxt('submit'), 'button', '', '', '', '', 'txpCommentSubmit', false);
}
if ($checkbox_type == 'forget') {
// inhibit default remember
if ($forget == 1) {
destroyCookies();
}
$checkbox = checkbox('forget', 1, $forget, '', 'forget') . ' ' . tag(gTxt('forget'), 'label', ' for="forget"');
} else {
// inhibit default remember
if ($remember != 1) {
destroyCookies();
}
$checkbox = checkbox('remember', 1, $remember, '', 'remember') . ' ' . tag(gTxt('remember'), 'label', ' for="remember"');
}
$checkbox .= ' ' . hInput('checkbox_type', $checkbox_type);
$vals = array('comment_name_input' => fInput('text', 'name', htmlspecialchars($name), 'comment_name_input' . ($namewarn ? ' comments_error' : ''), '', '', $isize, '', 'name'), 'comment_email_input' => fInput('text', 'email', htmlspecialchars($email), 'comment_email_input' . ($emailwarn ? ' comments_error' : ''), '', '', $isize, '', 'email'), 'comment_web_input' => fInput('text', 'web', htmlspecialchars($web), 'comment_web_input', '', '', $isize, '', 'web'), 'comment_message_input' => $textarea . '<!-- plugin-place-holder -->', 'comment_remember' => $checkbox, 'comment_preview' => fInput('submit', 'preview', gTxt('preview'), 'button', '', '', '', '', 'txpCommentPreview', false), 'comment_submit' => $comment_submit_button);
foreach ($vals as $a => $b) {
$Form = str_replace('<txp:' . $a . ' />', $b, $Form);
}
$form = parse($Form);
$out .= $form . n . hInput('parentid', $parentid);
$split = rand(1, 31);
$out .= $preview ? n . hInput(substr($nonce, 0, $split), substr($nonce, $split)) : '';
$out .= !$preview ? n . hInput('backpage', htmlspecialchars($url)) : n . hInput('backpage', htmlspecialchars($backpage));
$out = str_replace('<!-- plugin-place-holder -->', callback_event('comment.form'), $out);
$out .= n . n . '</div>' . n . '</form>';
return $out;
}
function comment_message_input($atts)
{
global $prefs, $thiscommentsform;
extract(lAtts(array('rows' => $thiscommentsform['msgrows'], 'cols' => $thiscommentsform['msgcols']), $atts));
$style = $thiscommentsform['msgstyle'];
$commentwarn = false;
$n_message = 'message';
$formnonce = '';
$message = doDeEnt(ps('message'));
if ($message == '') {
// Second or later preview will have randomised message-field name.
$in = getComment();
$message = doDeEnt($in['message']);
}
if (ps('preview')) {
$split = rand(1, 31);
$nonce = getNextNonce();
$secret = getNextSecret();
safe_insert('txp_discuss_nonce', "issue_time = NOW(), nonce = '" . doSlash($nonce) . "', secret = '" . doSlash($secret) . "'");
$n_message = md5('message' . $secret);
$formnonce = n . hInput(substr($nonce, 0, $split), substr($nonce, $split));
$commentwarn = !trim($message);
if ($commentwarn) {
$evaluator =& get_comment_evaluator();
$evaluator->add_estimate(RELOAD, 1, gTxt('comment_required'));
}
}
$required = $prefs['doctype'] == 'html5' ? ' required' : '';
$cols = ($cols and is_numeric($cols)) ? ' cols="' . intval($cols) . '"' : '';
$rows = ($rows and is_numeric($rows)) ? ' rows="' . intval($rows) . '"' : '';
$style = $style ? ' style="' . $style . '"' : '';
return '<textarea class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . ' id="message" name="' . $n_message . '"' . $cols . $rows . $style . $required . '>' . txpspecialchars(substr(trim($message), 0, 65535)) . '</textarea>' . callback_event('comment.form') . $formnonce;
}