示例#1
0
    /**
     * Do edit own comment
     */
    function _edit($params = [])
    {
        if (empty(main()->USER_ID) && MAIN_TYPE_USER) {
            return _error_need_login();
        }
        $_GET['id'] = intval($_GET['id']);
        $comment_info = db()->query_fetch('SELECT * FROM ' . db('comments') . ' WHERE id=' . intval($_GET['id']));
        if (empty($comment_info['id'])) {
            return _e('No such comment!');
        }
        $OBJECT_NAME = !empty($params['object_name']) ? $params['object_name'] : $_GET['object'];
        $OBJECT_ID = !empty($params['object_id']) ? intval($params['object_id']) : intval($_GET['id']);
        $FORM_ACTION = !empty($params['add_form_action']) ? $params['add_form_action'] : './?object=' . $_GET['object'] . '&action=' . $_GET['action'] . '&id=' . $OBJECT_ID;
        $STPL_NAME_EDIT = !empty($params['stpl_edit']) ? $params['stpl_edit'] : 'comments/edit_form';
        $RETURN_PATH = $_SERVER['HTTP_REFERER'];
        if (!empty($params['return_path'])) {
            $RETURN_PATH = process_url($params['return_path']);
        } elseif (!empty($params['return_action'])) {
            $RETURN_PATH = process_url('./?object=' . $_GET['object'] . '&action=' . $params['return_action'] . '&id=' . $comment_info['object_id']);
        }
        if (empty($OBJECT_NAME) || empty($OBJECT_ID)) {
            return '';
        }
        $edit_allowed = false;
        $edit_allowed_check_method = is_object(module($_GET['object'])) && method_exists(module($_GET['object']), module('comments')->_edit_allowed_method);
        if ($edit_allowed_check_method) {
            $m = module('comments')->_edit_allowed_method;
            $edit_allowed = (bool) module($_GET['object'])->{$m}(['user_id' => $comment_info['user_id'], 'object_id' => $comment_info['object_id']]);
        } else {
            $edit_allowed = main()->USER_ID && $comment_info['user_id'] == main()->USER_ID;
        }
        if (MAIN_TYPE_ADMIN) {
            $edit_allowed = true;
        } else {
            if (!empty(module('comments')->EDIT_LIMIT_TIME)) {
                $elapse_time = time() - $comment_info['add_date'];
                if ($elapse_time > module('comments')->EDIT_LIMIT_TIME) {
                    return _e('allowed time to edit has expired');
                }
            }
        }
        if (!$edit_allowed) {
            return _e('You are not allowed to perform this action');
        }
        $user_info = user($comment_info['user_id'], ['id', 'name', module('comments')->_user_nick_field, 'photo_verified'], ['WHERE' => ['active' => 1]]);
        if (count($_POST) > 0 && !isset($_POST['_not_for_comments'])) {
            $_POST['text'] = substr($_POST['text'], 0, module('comments')->MAX_POST_TEXT_LENGTH);
            if (empty($_POST['text'])) {
                _re('Comment text required');
            }
            if (module($_GET['object'])->USE_CAPTCHA) {
                module($_GET['object'])->_captcha_check();
            }
            if (!common()->_error_exists() && MAIN_TYPE_USER) {
                $info_for_check = ['comment_text' => $_POST['text'], 'user_id' => main()->USER_ID];
                $USER_BANNED = _check_user_ban($info_for_check, module('comments')->_user_info);
                if ($USER_BANNED) {
                    module('comments')->_user_info = user(main()->USER_ID);
                }
                if (module('comments')->_user_info['ban_comments']) {
                    return _e('Sorry, you are not allowed to post comments!' . PHP_EOL . 'Perhaps, you broke some of our rules and moderator has banned you from using this feature. Please, enjoy our site in some other way!' . 'For more details <a href=\'./?object=faq&action=view&id=16\'>click here</a>');
                }
            }
            // Anti-flood check
            if (!common()->_error_exists() && module('comments')->ANTI_FLOOD_TIME && MAIN_TYPE_USER) {
                $FLOOD_DETECTED = db()->query_fetch('SELECT id,add_date FROM ' . db('comments') . ' WHERE ' . (main()->USER_ID ? 'user_id=' . intval(main()->USER_ID) : 'ip="' . _es(common()->get_ip()) . '"') . ' AND add_date > ' . (time() - module('comments')->ANTI_FLOOD_TIME) . ' 
					ORDER BY add_date DESC 
					LIMIT 1');
                if (!empty($FLOOD_DETECTED)) {
                    _re('Please wait %num seconds before post comment.', ['%num' => intval(module('comments')->ANTI_FLOOD_TIME - (time() - $FLOOD_DETECTED['add_date']))]);
                }
            }
            // Anti-spam check
            if (!common()->_error_exists()) {
                if (module('comments')->ANTI_SPAM_DETECT) {
                    $this->_spam_check($_POST['text']);
                }
            }
            if (!common()->_error_exists()) {
                if (module('comments')->AUTO_FILTER_INPUT_TEXT) {
                    $_POST['text'] = _filter_text($_POST['text']);
                }
                if (module('comments')->USE_BB_CODES) {
                    $BB_CODES_OBJ = _class('bb_codes');
                    if (is_object($BB_CODES_OBJ)) {
                        $_POST['text'] = $BB_CODES_OBJ->_force_close_bb_codes($_POST['text']);
                    }
                }
                db()->UPDATE('comments', ['text' => _es($_POST['text'])], 'id=' . intval($comment_info['id']));
                $try_trigger_callback = [module($_GET['object']), module('comments')->_on_update_trigger];
                if (is_callable($try_trigger_callback)) {
                    call_user_func($try_trigger_callback, $params);
                }
                $RETURN_PATH = !empty($params['return_path']) ? process_url($params['return_path']) : (!empty($params['return_action']) ? process_url('./?object=' . $_GET['object'] . '&action=' . $params['return_action'] . '&id=' . $comment_info['object_id']) : $_SERVER['HTTP_REFERER']);
                return js_redirect($RETURN_PATH, false);
            }
        } else {
            $_POST['text'] = $comment_info['text'];
        }
        $error_message = _e();
        if (empty($_POST['go']) || !empty($error_message)) {
            $replace = ['form_action' => $FORM_ACTION, 'error_message' => $error_message, 'user_id' => intval(main()->USER_ID), 'user_name' => _prepare_html(_display_name($user_info)), 'user_avatar' => _show_avatar($comment_info['user_id'], $user_info, 1, 1), 'user_profile_link' => _profile_link($comment_info['user_id']), 'user_email_link' => _email_link($comment_info['user_id']), 'text' => _prepare_html($_POST['text']), 'back_url' => $_SERVER['HTTP_REFERER'], 'object_name' => _prepare_html($OBJECT_NAME), 'object_id' => intval($OBJECT_ID), 'use_captcha' => intval((bool) module($_GET['object'])->USE_CAPTCHA), 'captcha_block' => module($_GET['object'])->_captcha_block(), 'bb_codes_block' => module('comments')->USE_BB_CODES ? _class('bb_codes')->_display_buttons(['unique_id' => 'text']) : '', 'js_check' => intval((bool) module('comments')->JS_TEXT_CHECKING)];
            $body = tpl()->parse($STPL_NAME_EDIT, $replace);
        }
        return $body;
    }
示例#2
0
文件: yf_test.class.php 项目: yfix/yf
 function filter_text()
 {
     // Do process
     if (main()->is_post()) {
         $BB_CODES_OBJ = _class('bb_codes');
         if (is_object($BB_CODES_OBJ)) {
             $result = $_POST['text'];
             $result = _filter_text($result);
             $res2 = $result;
             $result = $BB_CODES_OBJ->_force_close_bb_codes($result);
             $result = $BB_CODES_OBJ->_process_text($result);
             $result .= '<br /><br /><br />' . $res2;
         }
     }
     $replace = ['form_action' => './?object=' . $_GET['object'] . '&action=' . $_GET['action'], 'result' => $result, 'source' => $_POST['text'] ? $_POST['text'] : '[COLOR=green][U][SIZE=7][B][I]пользовательдолженпользовательдолжен[/I][/B][/SIZE][/U][/COLOR]http://www.gooooooooooooooooooooooooggle.com'];
     return tpl()->parse($_GET['object'] . '/' . __FUNCTION__, $replace);
 }