/** * Generic comment adding routine. Called by album objects or image objects * to add comments. * * Returns a code for the success of the comment add: * 0: Bad entry * 1: Marked for moderation * 2: Successfully posted * * @param string $name Comment author name * @param string $email Comment author email * @param string $website Comment author website * @param string $comment body of the comment * @param string $code Captcha code entered * @param string $code_ok Captcha md5 expected * @param string $type 'albums' if it is an album or 'images' if it is an image comment * @param object $receiver the object (image or album) to which to post the comment * @param string $ip the IP address of the comment poster * @param bool $private set to true if the comment is for the admin only * @param bool $anon set to true if the poster wishes to remain anonymous * @return int */ function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon) { global $_zp_captcha; $result = commentObjectClass($receiver); list($type, $class) = $result; $receiver->getComments(); $name = trim($name); $email = trim($email); $website = trim($website); $admins = getAdministrators(); $admin = array_shift($admins); $key = $admin['pass']; // Let the comment have trailing line breaks and space? Nah... // Also (in)validate HTML here, and in $name. $comment = trim($comment); if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) { return -2; } if (getOption('comment_name_required') && empty($name)) { return -3; } if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) { return -4; } if (getOption('Use_Captcha')) { if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { return -5; } } if (empty($comment)) { return -6; } if (!empty($website) && substr($website, 0, 7) != "http://") { $website = "http://" . $website; } $goodMessage = 2; $gallery = new gallery(); if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) { require_once $requirePath; $spamfilter = new SpamFilter(); $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip); } if ($goodMessage) { if ($goodMessage == 1) { $moderate = 1; } else { $moderate = 0; } if ($private) { $private = 1; } else { $private = 0; } if ($anon) { $anon = 1; } else { $anon = 0; } $receiverid = $receiver->id; // Update the database entry with the new comment query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")'); if ($moderate) { $action = "placed in moderation"; } else { // add to comments array and notify the admin user $newcomment = array(); $newcomment['name'] = $name; $newcomment['email'] = $email; $newcomment['website'] = $website; $newcomment['comment'] = $comment; $newcomment['date'] = time(); $receiver->comments[] = $newcomment; $action = "posted"; } // switch added for zenpage support $class = get_class($receiver); switch ($class) { case "Albums": $on = $receiver->name; $url = "album=" . urlencode($receiver->name); $ur_album = getUrAlbum($receiver); break; case "ZenpageNews": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink()); break; case "ZenpagePage": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink()); break; default: // all image types $on = $receiver->getAlbumName() . " about " . $receiver->getTitle(); $url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename); $album = $receiver->getAlbum(); $ur_album = getUrAlbum($album); break; } if (getOption('email_new_comments')) { $last_comment = fetchComments(1); $last_comment = $last_comment[0]['id']; $message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n"; $emails = array(); $admin_users = getAdministrators(); foreach ($admin_users as $admin) { // mail anyone else with full rights if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) { $emails[] = $admin['email']; unset($admin_users[$admin['id']]); } } // take out for zenpage comments since there are no album admins if ($type === "images" or $type === "albums") { $id = $ur_album->getAlbumID(); $sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}"; $result = query_full_array($sql); foreach ($result as $anadmin) { $admin = $admin_users[$anadmin['adminid']]; if (!empty($admin['email'])) { $emails[] = $admin['email']; } } } zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails); } } return $goodMessage; }
public function execute() { $action = $this->getMain()->getVal('type'); $page = $this->getMain()->getVal('pageid'); try { // If post is set, get the post object by id // By fetching the post object, we also validate the id $postList = $this->getMain()->getVal('postid'); $postList = $this->parsePostList($postList); switch ($action) { case 'list': if (!$page) { $this->dieNoParam('pageid'); } $this->getResult()->addValue(null, $this->getModuleName(), $this->fetchPosts($page)); break; case 'like': if (!$postList) { $this->dieNoParam('postid'); } foreach ($postList as $post) { $post->setUserAttitude($this->getUser(), Post::ATTITUDE_LIKE); } $this->getResult()->addValue(null, $this->getModuleName(), ''); break; case 'dislike': if (!$postList) { $this->dieNoParam('postid'); } foreach ($postList as $post) { $post->setUserAttitude($this->getUser(), Post::ATTITUDE_NORMAL); } $this->getResult()->addValue(null, $this->getModuleName(), ''); break; case 'report': if (!$postList) { $this->dieNoParam('postid'); } foreach ($postList as $post) { $post->setUserAttitude($this->getUser(), Post::ATTITUDE_REPORT); } $this->getResult()->addValue(null, $this->getModuleName(), ''); break; case 'delete': if (!$postList) { $this->dieNoParam('postid'); } foreach ($postList as $post) { $post->delete($this->getUser()); } $this->getResult()->addValue(null, $this->getModuleName(), ''); break; case 'recover': if (!$postList) { $this->dieNoParam('postid'); } foreach ($postList as $post) { $post->recover($this->getUser()); } $this->getResult()->addValue(null, $this->getModuleName(), ''); break; case 'erase': if (!$postList) { $this->dieNoParam('postid'); } foreach ($postList as $post) { $post->erase($this->getUser()); } $this->getResult()->addValue(null, $this->getModuleName(), ''); break; case 'post': if (!$page) { $this->dieNoParam('pageid'); } $text = $this->getMain()->getVal('content'); if (!$text) { $this->dieNoParam('content'); } // Permission check Post::checkIfCanPost($this->getUser()); $spam = !SpamFilter::validate($text); // Parse as wikitext if specified if ($this->getMain()->getCheck('wikitext')) { $parser = new \Parser(); $opt = new \ParserOptions($this->getUser()); $opt->setEditSection(false); $output = $parser->parse($text, \Title::newFromId($page), $opt); $text = $output->getText(); unset($parser); unset($opt); unset($output); } $data = array('id' => null, 'pageid' => $page, 'userid' => $this->getUser()->getId(), 'username' => $this->getUser()->getName(), 'text' => $text, 'parentid' => count($postList) ? $postList[0]->id : null, 'status' => $spam ? Post::STATUS_SPAM : Post::STATUS_NORMAL, 'like' => 0, 'report' => 0); $postObject = new Post($data); global $wgMaxNestLevel; // Restrict max nest level if ($postObject->getNestLevel() > $wgMaxNestLevel) { $postObject->parentid = $postObject->getParent()->parentid; $postObject->parent = $postObject->getParent()->parent; } $postObject->post(); if ($spam) { global $wgTriggerFlowThreadHooks; if ($wgTriggerFlowThreadHooks) { \Hooks::run('FlowThreadSpammed', array($postObject)); } } $this->getResult()->addValue(null, $this->getModuleName(), ''); break; default: $this->dieUsage("Unrecognized value for parameter 'type': {$action}", 'unknown_type'); } } catch (\UsageException $e) { throw $e; } catch (\Exception $e) { $this->getResult()->addValue("error", 'code', 'unknown_error'); $this->getResult()->addValue("error", 'info', $e->getMessage()); } return true; }
$can_erase = true; } if ($can_erase) { $pastebin->deletePost($pid, $is_admin); $page['delete_message'] = t('Your post has been deleted'); } else { $page['delete_message'] = t('You cannot delete this post - contact us if you need further assistance'); $_REQUEST["show"] = $pid; } } if (isset($_POST['abuse'])) { $pid = $pastebin->cleanPostId($_REQUEST['pid']); $post = $pastebin->getPost($pid); //is it spam? require_once 'pastebin/spamfilter.class.php'; $filter = new SpamFilter(); $score = $filter->getSpamScore($post['code']); //bot posting this this? shouldn't happen any more as form is posted //$is_bot=preg_match('/googlebot|slurp|msnbot/i',$_SERVER['HTTP_USER_AGENT']); //some form bots just send garbage $badpost = !in_array($_POST['abuse'], array('spam', 'personal', 'proprietary', 'other')); //anything that can't do javascript must be a bot to be sending this... $badpost = $badpost || $_POST['processabuse'] == 1; //only send mail if not triggered by bot if (!$badpost) { $abuse = preg_replace('[^a-z0-9\\s]', '', $_POST['abuse']); $sender = isset($_POST['sender']) ? trim($_POST['sender']) : ''; if (empty($sender)) { $sender = "n/a"; } $comments = isset($_POST['comments']) ? trim($_POST['comments']) : '';
function doPost(&$post) { $id = 0; $this->errors = array(); //validate some inputs $post['poster'] = $this->_cleanUsername($post['poster']); $post['format'] = $this->_cleanFormat($post['format']); $post['expiry'] = $this->_cleanExpiry($post['expiry']); //get a token we'll use to remember this post $post['token'] = isset($_COOKIE['persistToken']) ? $this->_cleanToken($_COOKIE['persistToken']) : md5(uniqid(rand(), true)); //set/clear the persistName cookie if (isset($post['remember'])) { $value = $post['poster'] . '#' . $post['format'] . '#' . $post['expiry']; //set cookie if not set if (!isset($_COOKIE['persistName']) || $value != $_COOKIE['persistName']) { setcookie('persistName', $value, time() + 3600 * 24 * 365); } if (!isset($_COOKIE['persistToken'])) { setcookie('persistToken', $post['token'], time() + 3600 * 24 * 365); } } else { //clear cookie if set if (isset($_COOKIE['persistName'])) { setcookie('persistName', '', 0); } } if (strlen($post['code2'])) { if (strlen($post['poster']) == 0) { $post['poster'] = 'Anonymous'; } $format = $post['format']; if (!array_key_exists($format, $this->conf['all_syntax'])) { $format = ''; } $code = $post['code2']; //is it spam? require_once 'pastebin/spamfilter.class.php'; $filter = new SpamFilter(); if ($filter->canPost($post)) { //now insert.. $parent_pid = ''; if (isset($post['parent_pid'])) { $parent_pid = $this->cleanPostId($post['parent_pid']); } $id = $this->db->addPost($post['poster'], $this->conf['subdomain'], $format, $code, $parent_pid, $post['expiry'], $post['token']); } else { $this->errors[] = 'Sorry, your post tripped our spam/abuse filter - let us know if you think this could be improved'; } } else { $this->errors[] = 'No code specified'; } return $id; }
private function regex_match_from_blacklist($text, $blacklist) { if (!file_exists($blacklist)) { $path = $this->blacklist_directory; if ($path === null) { $path = SpamFilter::default_blacklist_directory(); } // Check to see if they supplied a relative path instead of an absolute one. $blacklist_absolute = $path . DIRECTORY_SEPARATOR . $blacklist; if (file_exists($blacklist_absolute)) { $blacklist = $blacklist_absolute; } else { // Is this the proper way to throw errors in PHP? trigger_error("[SpamFilter::regex_match_from_blacklist()] Error: Cannot find blacklist with name `{$blacklist_absolute}`."); return false; } } $keywords = file($blacklist); $current_line = 0; $regex_match = array(); foreach ($keywords as $regex) { $current_line++; // Remove comments and whitespace before and after a keyword $regex = preg_replace('/(^\\s+|\\s+$|\\s*#.*$)/i', "", $regex); if (empty($regex)) { continue; } $match = @preg_match("/{$regex}/i", $text, $regex_match); if ($match) { // Spam found. Return the text that was matched return $regex_match[0]; } else { if ($match === false) { trigger_error("[SpamFilter::regex_match_from_blacklist()] Error: Invalid regular expression in `{$blacklist}` line {$current_line}."); continue; } } } // No spam found return false; }
<?php ob_start(); session_start(); //https://github.com/IQAndreas/php-spam-filter require_once 'spamfilter.php'; if (isset($_SESSION['username'])) { $username = $_SESSION['username']; $m = new MongoClient(); $db = $m->map; $collection = $db->reports; $constituency = $_SESSION["constituency"]; $title = htmlspecialchars($_POST["title"]); $description = str_replace("\n", "<br/>", nl2br($_POST["description"])); $filter = new SpamFilter(); $result = $filter->check_text($_POST["title"]); if ($result) { $collection = $db->attempts; $incorrectAttempts = $collection->count(array("ip" => $_SERVER['REMOTE_ADDR'])); if ($incorrectAttempts) { $attempts = $collection->find(array("ip" => $_SERVER['REMOTE_ADDR'])); foreach ($attempts as $attempt) { $wrongAttempts = $attempt["count"]; if ($wrongAttempts < 3) { $collection->update(array("ip" => $_SERVER['REMOTE_ADDR']), array('$inc' => array("count" => 1))); } else { $collection->update(array("ip" => $_SERVER['REMOTE_ADDR']), array('$set' => array("blockedAt" => new MongoDate(), "blocked" => 1))); $collection->ensureIndex(array('blockedAt' => 1), array('expireAfterSeconds' => 900)); $_SESSION["locked"] = 1; } }
function spam_filter($plugin) { $spamfilter = new SpamFilter($_POST, $plugin); // CAPTCHAでの認証が通っている場合そのまま通す if ($spamfilter->captcha_check()) { return; } // 拒否条件に合っている場合、CAPTCHAでの認証すらせず終了 if ($spamfilter->is_spam()) { die_message("Spam check failed. Plugin:" . $spamfilter->plugin_name . " Match:" . $spamfilter->message . "<br>\n"); } // CAPTCHAする条件に合っている場合、CAPTCHAの表示 if ($spamfilter->is_spam(SPAM_FILTER_CAPTCHA_COND)) { $spamfilter->captcha_show(); } }
ob_start(); session_start(); //https://github.com/IQAndreas/php-spam-filter require_once 'spamfilter.php'; if (isset($_SESSION['username'])) { $username = $_SESSION['username']; $fromuser = $_GET['user']; $id = $_GET['id']; $_SESSION['commentId'] = $id; //empty comment if (strlen($_POST['comment']) < 2) { header('Location:report.php'); } else { $comment = $_POST['comment']; $filter = new SpamFilter(); $result = $filter->check_text($comment); //spam detected if ($result) { $m = new MongoClient(); $db = $m->map; $collection = $db->spammers; $isSpammer = $collection->count(array('username' => $username)); //new spammer - welcome him by opening an account if (!$isSpammer) { $collection->insert(array('username' => $username, 'count' => 1)); } else { $isSpammer = $collection->find(array('username' => $username)); foreach ($isSpammer as $c) { //increase spam count if ($c["count"] < 3) {
/** * Generic comment adding routine. Called by album objects or image objects * to add comments. * * Returns a comment object * * @param string $name Comment author name * @param string $email Comment author email * @param string $website Comment author website * @param string $comment body of the comment * @param string $code CAPTCHA code entered * @param string $code_ok CAPTCHA hash expected * @param string $type 'albums' if it is an album or 'images' if it is an image comment * @param object $receiver the object (image or album) to which to post the comment * @param string $ip the IP address of the comment poster * @param bool $private set to true if the comment is for the admin only * @param bool $anon set to true if the poster wishes to remain anonymous * @param bit $check bitmask of which fields must be checked. If set overrides the options * @return object */ function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $check = false) { global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold; if ($check === false) { $whattocheck = 0; if (getOption('comment_email_required') == 'required') { $whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED; } if (getOption('comment_name_required')) { $whattocheck = $whattocheck | COMMENT_NAME_REQUIRED; } if (getOption('comment_web_required') == 'required') { $whattocheck = $whattocheck | COMMENT_WEB_REQUIRED; } if (getOption('Use_Captcha')) { $whattocheck = $whattocheck | USE_CAPTCHA; } if (getOption('comment_body_requiired')) { $whattocheck = $whattocheck | COMMENT_BODY_REQUIRED; } if (getOption('email_new_comments')) { $whattocheck = $whattocheck | COMMENT_SEND_EMAIL; } } else { $whattocheck = $check; } $type = $receiver->table; $class = get_class($receiver); $receiver->getComments(); $name = trim($name); $email = trim($email); $website = trim($website); if (!empty($website) && substr($website, 0, 7) != "http://") { $website = "http://" . $website; } // Let the comment have trailing line breaks and space? Nah... // Also (in)validate HTML here, and in $name. $comment = trim($comment); $receiverid = $receiver->id; $goodMessage = 2; if ($private) { $private = 1; } else { $private = 0; } if ($anon) { $anon = 1; } else { $anon = 0; } $commentobj = new Comment(); $commentobj->transient = false; // otherwise we won't be able to save it.... $commentobj->setOwnerID($receiverid); $commentobj->setName($name); $commentobj->setEmail($email); $commentobj->setWebsite($website); $commentobj->setComment($comment); $commentobj->setType($type); $commentobj->setIP($ip); $commentobj->setPrivate($private); $commentobj->setAnon($anon); $commentobj->setInModeration(0); if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) { $commentobj->setInModeration(-2); $commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address."); $goodMessage = false; } if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) { $commentobj->setInModeration(-3); $commentobj->comment_error_text .= ' ' . gettext("You must enter your name."); $goodMessage = false; } if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) { $commentobj->setInModeration(-4); $commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL."); $goodMessage = false; } if ($whattocheck & USE_CAPTCHA) { if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $commentobj->setInModeration(-5); $commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed."); $goodMessage = false; } } if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) { $commentobj->setInModeration(-6); $commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text."); $goodMessage = false; } $moderate = 0; if ($goodMessage && !(false === ($requirePath = getPlugin('spamfilters/' . internalToFilesystem(getOption('spam_filter')) . ".php")))) { require_once $requirePath; $spamfilter = new SpamFilter(); $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, $receiver, $ip); switch ($goodMessage) { case 0: $commentobj->setInModeration(2); $commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), getOption('spam_filter')); $goodMessage = false; break; case 1: $_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), getOption('spam_filter')); $commentobj->comment_error_text .= $_zp_comment_on_hold; $commentobj->setInModeration(1); $moderate = 1; break; case 2: $commentobj->setInModeration(0); break; } } $localerrors = $commentobj->getInModeration(); zp_apply_filter('comment_post', $commentobj, $receiver); if ($check === false) { // ignore filter provided errors if caller is supplying the fields to check $localerrors = $commentobj->getInModeration(); } if ($goodMessage && $localerrors >= 0) { // Update the database entry with the new comment $commentobj->save(); // add to comments array and notify the admin user if (!$moderate) { $receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData()); } $class = strtolower(get_class($receiver)); switch ($class) { case "album": $url = "album=" . pathurlencode($receiver->name); $ur_album = getUrAlbum($receiver); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your album "%1$s".'), $receiver->name); } else { $action = sprintf(gettext('A comment has been posted on your album "%1$s".'), $receiver->name); } break; case "zenpagenews": $url = "p=news&title=" . urlencode($receiver->getTitlelink()); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your article "%1$s".'), $receiver->getTitlelink()); } else { $action = sprintf(gettext('A comment has been posted on your article "%1$s".'), $receiver->getTitlelink()); } break; case "zenpagepage": $url = "p=pages&title=" . urlencode($receiver->getTitlelink()); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your page "%1$s".'), $receiver->getTitlelink()); } else { $action = sprintf(gettext('A comment has been posted on your page "%1$s".'), $receiver->getTitlelink()); } break; default: // all image types $url = "album=" . pathurlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename); $album = $receiver->getAlbum(); $ur_album = getUrAlbum($album); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName()); } else { $action = sprintf(gettext('A comment has been posted on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName()); } break; } if ($whattocheck & COMMENT_SEND_EMAIL) { $message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/admin-comments.php?page=editcomment&id=' . $commentobj->id); $emails = array(); $admin_users = $_zp_authority->getAdministrators(); foreach ($admin_users as $admin) { // mail anyone with full rights if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) { $emails[] = $admin['email']; unset($admin_users[$admin['id']]); } } if ($type === "images" or $type === "albums") { // mail to album admins $id = $ur_album->getAlbumID(); $sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type`="album"'; $result = query_full_array($sql); foreach ($result as $anadmin) { $id = $anadmin['adminid']; if (array_key_exists($id, $admin_users)) { $admin = $admin_users[$id]; if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) { $emails[] = $admin['email']; } } } } $on = gettext('Comment posted'); $gallery = new Gallery(); $result = zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails); if ($result) { $commentobj->setInModeration(-12); $commentobj->comment_error_text = $result; } } } return $commentobj; }