public static function write($id, $data)
{
if (is_null(self::$context)) {
self::initialize();
}
if (strlen($id) < 32) {
return false;
}
$userid = Acl::getIdentity('textcube');
if (empty($userid)) {
$userid = Acl::getIdentity('openid') ? SESSION_OPENID_USERID : '';
}
if (empty($userid)) {
$userid = 'null';
}
$id = POD::escapeString($id);
$data = POD::escapeString($data);
$server = POD::escapeString($_SERVER['HTTP_HOST']);
$request = POD::escapeString(substr($_SERVER['REQUEST_URI'], 0, 255));
$referer = isset($_SERVER['HTTP_REFERER']) ? POD::escapeString(substr($_SERVER['HTTP_REFERER'], 0, 255)) : '';
$timer = Timer::getMicroTime() - self::$sessionMicrotime;
$current = Timestamp::getUNIXtime();
$result = self::query('count', "UPDATE " . self::$context->getProperty('database.prefix') . "Sessions\n\t\t\t\tSET userid = {$userid}, privilege = '{$data}', server = '{$server}', request = '{$request}', referer = '{$referer}', timer = {$timer}, updated = IF(updated,{$current},1)\n\t\t\t\tWHERE id = '{$id}' AND address = '{$_SERVER['REMOTE_ADDR']}'");
if ($result && $result == 1) {
@POD::commit();
return true;
}
return false;
}
function addOpenID()
{
global $openid_list;
$context = Model_Context::getInstance();
if (empty($_GET['openid_identifier']) || strstr($_GET['openid_identifier'], ".") === false) {
exitWithError(_t('오픈아이디를 입력하지 않았거나, 도메인 없는 오픈아이디를 입력하였습니다.'));
}
$currentOpenID = Acl::getIdentity('openid_temp');
$fc = new OpenIDConsumer();
$claimedOpenID = $fc->fetch($_GET['openid_identifier']);
if (in_array($claimedOpenID, $openid_list)) {
exitWithError(_t('이미 연결된 오픈아이디 입니다') . " : " . $claimedOpenID);
}
if ($_GET['authenticated'] === "0") {
header("Location: " . $context->getProperty('uri.blog') . "/owner/setting/account");
exit(0);
}
if (empty($currentOpenID) || $claimedOpenID != $currentOpenID) {
loginOpenIDforAdding($claimedOpenID);
return;
}
if (!in_array($currentOpenID, $openid_list)) {
for ($i = 0; $i < OPENID_REGISTERS; $i++) {
$openid = Setting::getUserSetting("openid." . $i, null, true);
if (empty($openid)) {
Setting::setUserSetting("openid." . $i, $currentOpenID, true);
break;
}
}
}
echo "<html><head><script type=\"text/javascript\">//<![CDATA[" . CRLF . "alert('" . _t('연결하였습니다.') . " : " . $currentOpenID . "'); document.location.href='" . $context->getProperty('uri.blog') . "/owner/setting/account'; //]]></script></head></html>";
}
function openid_hardcore_login($target)
{
$context = Model_Context::getInstance();
if (!isset($_COOKIE['openid_auto']) || $_COOKIE['openid_auto'] != 'y') {
return $target;
}
if (Acl::getIdentity('openid')) {
return $target;
}
if (empty($_COOKIE['openid'])) {
return $target;
}
if (strstr($_SERVER["REQUEST_URI"], "/login/openid") !== false) {
return $target;
}
if (headers_sent()) {
return $target;
}
header("Location: " . $context->getProperty('uri.blog') . "/login/openid?action=hardcore&requestURI=" . urlencode($_SERVER["REQUEST_URI"]));
exit;
}
function DEFNENSIO_FILTER($type, $name, $title, $url, $content, $openid = false)
{
global $hostURL, $blogURL, $database, $configVal, $defensio_conf;
//if ( doesHaveOwnership() ) return true; // owner
DEFENSIO_Init();
$defensio_meta = array();
$comment = array();
$comment['referrer'] = $_SERVER['HTTP_REFERER'];
$comment['user-ip'] = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']);
$comment['user-ip'] = '168.126.63.1';
$comment['owner-url'] = $defensio_conf['blog'];
$comment['comment_type'] = $type == 2 ? 'trackback' : 'comment';
$comment['comment-author'] = $name;
$comment['article-date'] = strftime("%Y/%m/%d", time());
// $comment['permalink'] = $comment_perma_link;
// Make sure it we don't send an SQL escaped string to the server
$comment['comment-content'] = defensio_unescape_string($content);
$comment['comment-author-url'] = $url;
//$comment['comment-author-email'] = $email; // optional field
$next_id = $type == 2 ? getTrackBacksNextId() : getCommentsNextId();
$comment_TYPE = $type == 2 ? 'T' : 'C';
// to using openid
if ($openid) {
$comment['openid'] = Acl::getIdentity('openid');
$comment['user-logged-in'] = 'true';
}
// to testing
// $comment['test-force'] = 'spam,x.xxxx'; // | 'ham,x.xxxx' ( 0 ~ 1)
if ($r = defensio_post('audit-comment', $comment)) {
$ar = Spyc::YAMLLoad($r);
if (isset($ar['defensio-result'])) {
if ($ar['defensio-result']['status'] == DF_SUCCESS) {
// Set metadata about the comment
$defensio_meta['spaminess'] = $ar['defensio-result']['spaminess'];
$defensio_meta['signature'] = $ar['defensio-result']['signature'];
error_log(print_r($ar, true));
if ($ar['defensio-result']['spam']) {
$defensio_meta['spam'] = true;
defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta);
return false;
} else {
// not spam
$defensio_meta['spaminess'] = 0;
// if do you want check with Thief-cat algorithm, comment out the following two lines.
if (!$defensio_conf['force_with_tca']) {
defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta);
return true;
}
}
}
}
/* else {
// Succesful http request, but Defensio failed.
} */
}
/* else {
// Unsuccesful POST to the server. Defensio might be down.
} */
//defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta); // there is problem in defensio.
///////////////////////
// call fail
// Do Local spam check with "Thief-cat algorithm"
$count = 0;
$tableName = $database['prefix'] . 'Trackbacks';
if ($type == 2) {
$sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Trackbacks WHERE';
$sql .= ' url = \'' . POD::escapeString($url) . '\'';
$sql .= ' AND isFiltered > 0';
if ($row = POD::queryRow($sql)) {
$count += @$row[0];
}
} else {
// Comment Case
$tableName = $database['prefix'] . 'Comments';
$sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Comments WHERE';
$sql .= ' comment = \'' . POD::escapeString($content) . '\'';
$sql .= ' AND homepage = \'' . POD::escapeString($url) . '\'';
$sql .= ' AND name = \'' . POD::escapeString($name) . '\'';
$sql .= ' AND isFiltered > 0';
if ($row = POD::queryRow($sql)) {
$count += @$row[0];
}
}
// Check IP
$sql = 'SELECT COUNT(id) as cc FROM ' . $tableName . ' WHERE';
$sql .= ' ip = \'' . POD::escapeString($_SERVER['REMOTE_ADDR']) . '\'';
$sql .= ' AND isFiltered > 0';
if ($row = POD::queryRow($sql)) {
$count += @$row[0];
}
$is_spam = $count >= 10 ? 1 : 0;
if (isset($defensio_meta['spaminess']) and isset($defensio_meta['signature']) && $is_spam) {
defensio_submit_spam($defensio_meta['signature']);
}
$defensio_meta['spam'] = $defensio_meta['spaminess'] = $is_spam;
defensio_save_meta_data($comment_TYPE, $next_id, $defensio_meta);
return !$is_spam;
}
function addOpenIDPannel($comment, $prefix)
{
$context = Model_Context::getInstance();
if (!isActivePlugin('CL_OpenID')) {
return $comment;
}
$openid_identity = Acl::getIdentity('openid');
$whatisopenid = '<a target="_blank" href="' . _text('http://www.google.co.kr/search?q=OpenID&lr=lang_ko') . '"><span style="color:#ff6200">' . _text('오픈아이디란?') . '</span></a>';
//$lastcomment = ' | <a href="#" onClick="recallLastComment([##_article_rep_id_##]); return false"><span style="color:#ff6200">'._text('마지막 댓글로 채우기').'</span></a>';
$lastcomment = '';
$openidOnlySettingNotice = '';
if ($context->getProperty('blog.AddCommentMode', '') == 'openid') {
$openidOnlySettingNotice = "<b>" . _text('오픈아이디로만 댓글을 남길 수 있습니다') . "</b>";
}
$tag_login = '******' . $context->getProperty('uri.blog') . '/login/openid/guest?requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="color:#ff6200">' . _text('로그인') . '</span></a>';
$tag_logoff = '<a href="' . $context->getProperty('uri.blog') . '/login/openid?action=logout&requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="">' . _text('로그아웃') . '</span></a>';
$pannel = '<div class="commentOuterPannel">' . CRLF;
$openid_input = 'OPENID_TAG_NEEDED';
$cookie_openid = '';
if (!empty($_COOKIE['openid'])) {
$cookie_openid = $_COOKIE['openid'];
}
if ($openidOnlySettingNotice || $openid_identity) {
$checked1 = 'checked="checked"';
$checked2 = '';
$disabled1 = '';
$disabled2 = 'disabled="disabled"';
} else {
$checked1 = '';
$checked2 = 'checked="checked"';
$disabled1 = 'disabled="disabled"';
$disabled2 = '';
}
$pannel_style = "style=\"width:100%; text-align:left\"";
$radio_style = "style=\"width:15px;vertical-align:text-bottom;height:15px;border:0px;margin:0px;padding:0px;\"";
$label_style = "style=\"display:inline;margin-top:0px;padding-left:0px;cursor:pointer\"";
$openid_input_style = 'style="padding-left:21px;width:165px;background-image:url(' . $context->getProperty('service.path') . '/resources/image/icon_openid.gif' . ');' . 'background-repeat:no-repeat;background-position:0px center"';
if ($openid_identity) {
$openid_input = '<span><a href="' . $openid_identity . '">' . OpenID::getDisplayName($openid_identity) . '</a></span>' . CRLF;
$openid_input .= '<input type="hidden" name="openid_identifier" id="openid_identifier_[##_article_rep_id_##]" value="' . htmlentities($openid_identity) . '" />';
$openid_input = _text('현재 로그인한 오픈아이디') . ' ' . $openid_input;
$_COOKIE['guestHomepage'] = $_SESSION['openid']['homepage'];
$_COOKIE['guestName'] = $_SESSION['openid']['nickname'];
} else {
if (preg_match('/.*?(<input[^>]+_(?:guest|rp)_input_homepage_[^>]+>).*/sm', $comment, $match)) {
$openid_input = $match[1];
$openid_input = str_replace('homepage_[##', 'openid_identifier_[##', $openid_input);
$openid_input = str_replace('[##_' . $prefix . '_input_homepage_##]', 'openid_identifier', $openid_input);
$openid_input = preg_replace('/value=(?:"|\')?(?:[^"\']+)(?:"|\')?/', 'value="' . $cookie_openid . '"', $openid_input);
$openid_input = preg_replace('/style=("|\')?([^"\']+)("|\')?/', '', $openid_input);
$openid_input = preg_replace('/(value=(?:"|\'))/', $openid_input_style . ' $1', $openid_input);
}
}
if ($disabled1) {
$openid_input = preg_replace('/(name=(?:"|\'))/', $disabled1 . ' $1', $openid_input);
}
if ($disabled2) {
$comment = preg_replace("/(.*)(<input)((?:[^>]+)name_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
$comment = preg_replace("/(.*)(<input)((?:[^>]+)password_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
$comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_name_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
$comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_password_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
}
$pannel .= '<div class="commentTypeOpenid" ' . $pannel_style . '>' . '<input class="commentTypeCheckbox" ' . $checked1 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_openid" ' . CRLF . 'name="comment_type" value="openid" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=true;this.form.openid_identifier.disabled=false;this.form.openid_identifier.disabled=false;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_openid" ' . $label_style . '>' . _text('오픈아이디로 글쓰기') . '</label> <span>[' . ($openid_identity ? $tag_logoff : $tag_login) . '][' . $whatisopenid . $lastcomment . ']</span></div>' . CRLF;
/* Opera browser does not work with single 'this.form.openid_identifier.disabled=false;', is it a bug? */
$pannel .= '<div style="padding:5px 0 5px 0px;width:100%;">' . $openid_input . '</div>' . CRLF;
$pannel .= '<div class="commentTypeNamepassword" ' . $pannel_style . ' >' . CRLF . '<input class="commentTypeCheckbox" ' . $checked2 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_idpwd" ' . CRLF . 'name="comment_type" value="idpwd" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=false;this.form.openid_identifier.disabled=true;this.form.openid_identifier.disabled=true;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_idpwd" ' . $label_style . '>' . _text('이름/비밀번호로 글쓰기') . '</label> ' . $openidOnlySettingNotice . '</div>' . CRLF;
$comment = $pannel . $comment . "</div>";
return $comment;
}
}
requireStrictRoute();
header('Content-Type: text/html; charset=utf-8');
if (!Validator::validate($IV)) {
OpenIDConsumer::printErrorReturn('Illegal parameters', $_POST["requestURI"]);
}
if ($_POST["comment_type_{$entryId}"] != 'openid') {
OpenIDConsumer::printErrorReturn('Invalid comment type', $_POST["requestURI"]);
}
if (!isset($_GET['__T__']) || !isset($_POST['key']) || $_POST['key'] != md5(filemtime(ROOT . '/config.php'))) {
OpenIDConsumer::printErrorReturn('Illegal parameters', $_POST["requestURI"]);
}
if ($_POST["comment_{$entryId}"] == '') {
OpenIDConsumer::printErrorReturn(_text('본문을 입력해 주십시오.'), $_POST["requestURI"]);
}
$openid_identity = Acl::getIdentity('openid');
if ($openid_identity) {
/* OpenID success return path.. */
$_POST["name_{$entryId}"] = $_SESSION['openid']['nickname'];
if (empty($_POST["name_{$entryId}"])) {
$_POST["name_{$entryId}"] = $openid_identity;
}
if (empty($_POST["homepage_{$entryId}"]) || $_POST["homepage_{$entryId}"] == "http://") {
$_POST["homepage_{$entryId}"] = empty($_SESSION['openid']['homepage']) ? $openid_identity : $_SESSION['openid']['homepage'];
}
} else {
if (empty($tr['openid_errormsg'])) {
/* OpenID request path.. */
$tid = Transaction::pickle(array('_POST' => $_POST, 'HTTP_REFERER' => $_SERVER['HTTP_REFERER']));
$requestURI = urlencode($context->getProperty('uri.blog') . "/comment/addopenid/{$entryId}?tid={$tid}&__T__=" . $_GET['__T__']);
/* eas_mode will redirect your browser to the IdP authentication page in EAS4.js addComment-onError handler */
function updateUserInfo($nickname, $homepage)
{
$openid = Acl::getIdentity('openid');
if (empty($openid)) {
return false;
}
$context = Model_Context::getInstance();
$pool = DBModel::getInstance();
$pool->reset('OpenIDUsers');
$pool->setQualifier('openid', 'equals', $openid, true);
$result = $pool->getCell('openidinfo');
$data = unserialize($result);
if (!empty($nickname)) {
$data['nickname'] = $nickname;
}
if (!empty($homepage)) {
$data['homepage'] = $homepage;
}
OpenIDConsumer::setUserInfo($data['nickname'], $data['homepage']);
$data = serialize($data);
$pool->reset('OpenIDUsers');
$pool->setAttribute('openidinfo', $data, true);
$pool->setQualifier('openid', 'equals', $openid, true);
$pool->update();
}
exit;
} else {
if ($userComment == '') {
Respond::PrintResult(array('error' => 2, 'description' => _text('본문을 입력해 주십시오.')));
exit;
} else {
if (!empty($userName)) {
setcookie('guestName', $userName, time() + 2592000, $context->getProperty('uri.blog') . "/");
}
if (!empty($userHomepage) && $userHomepage != 'http://') {
if (strpos($userHomepage, 'http://') !== 0) {
$userHomepage = "http://{$userHomepage}";
}
setcookie('guestHomepage', $userHomepage, time() + 2592000, $context->getProperty('uri.blog') . "/");
}
if (Acl::getIdentity('openid')) {
OpenIDConsumer::updateUserInfo($userName, $userHomepage);
}
$comment = array();
$comment['entry'] = $entryId;
$comment['parent'] = null;
$comment['name'] = $userName;
$comment['password'] = $userPassword;
$comment['homepage'] = $userHomepage == '' || $userHomepage == 'http://' ? '' : $userHomepage;
$comment['secret'] = $userSecret;
$comment['comment'] = $userComment;
$comment['ip'] = $_SERVER['REMOTE_ADDR'];
$result = addComment($blogid, $comment);
if (in_array($result, array("ip", "name", "homepage", "comment", "openidonly", "etc"))) {
switch ($result) {
case "name":
function deleteComment($blogid, $id, $entry, $password)
{
global $database;
if (!is_numeric($id)) {
return false;
}
if (!is_numeric($entry)) {
return false;
}
$guestcomment = false;
if (POD::queryExistence("SELECT * FROM {$database['prefix']}Comments WHERE blogid = {$blogid} AND id = {$id} AND replier IS NULL")) {
$guestcomment = true;
}
$wherePassword = '';
$sql = "DELETE FROM {$database['prefix']}Comments\n\t\tWHERE blogid = {$blogid}\n\t\t\tAND id = {$id}\n\t\t\tAND entry = {$entry}";
if (!doesHaveOwnership()) {
if (Acl::getIdentity('openid') && empty($password)) {
$wherePassword = '******'' . Acl::getIdentity('openid') . '\'';
} else {
if ($guestcomment == false) {
if (!doesHaveMembership()) {
return false;
}
$wherePassword = '******' . getUserId();
} else {
$wherePassword = '******'' . md5($password) . '\'';
}
}
}
if (POD::queryCount($sql . $wherePassword)) {
CacheControl::flushCommentRSS($entry);
CacheControl::flushDBCache('comment');
updateCommentsOfEntry($blogid, $entry);
return true;
}
return false;
}
function deleteComment($blogid, $id, $entry, $password)
{
if (!is_numeric($id)) {
return false;
}
if (!is_numeric($entry)) {
return false;
}
$pool = DBModel::getInstance();
$guestcomment = false;
$pool->reset('Comments');
$pool->setQualifier('blogid', 'eq', $blogid);
$pool->setQualifier('id', 'eq', $id);
$pool->setQualifier('replier', 'eq', NULL);
if ($pool->doesExist()) {
$guestcomment = true;
}
$wherePassword = '';
$pool->reset('Comments');
$pool->setQualifier('blogid', 'eq', $blogid);
$pool->setQualifier('id', 'eq', $id);
$pool->setQualifier('entry', 'eq', $entry);
if (!doesHaveOwnership()) {
if (Acl::getIdentity('openid') && empty($password)) {
$pool->setQualifier('openid', Acl::getIdentity('openid'), true);
} else {
if ($guestcomment == false) {
if (!doesHaveMembership()) {
return false;
}
$pool->setQualifier('replier', 'eq', getUserId());
} else {
$pool->setQualifier('password', 'eq', md5($password), true);
}
}
}
if ($pool->getCount()) {
CacheControl::flushCommentRSS($entry);
CacheControl::flushDBCache('comment');
updateCommentsOfEntry($blogid, $entry);
return true;
}
return false;
}
function getUserId()
{
return intval(Acl::getIdentity('textcube'));
}
<table class="data-inbox">
<thead>
<tr>
<th class="site"><span class="text"><?php
echo _t('오픈아이디');
?>
</span></th>
<th class="site"><span class="text"><?php
echo _t('삭제');
?>
</span></th>
</tr>
</thead>
<tbody>
<?php
$currentOpenID = Acl::getIdentity('openid');
$openid_list = array();
for ($i = 0; $i < OPENID_REGISTERS; $i++) {
$openid_identity = Setting::getUserSettingGlobal("openid." . $i);
if (!empty($openid_identity)) {
array_push($openid_list, $openid_identity);
}
}
for ($i = 0; $i < count($openid_list); $i++) {
$className = $i % 2 == 1 ? 'even-line' : 'odd-line';
$className .= $i == count($openid_list) - 1 ? ' last-line' : '';
?>
<tr class="<?php
echo $className;
?>
inactive-class" onmouseover="rolloverClass(this, 'over')" onmouseout="rolloverClass(this, 'out')">
