} else { //if security key submitted if (cmtx_setting('security_key') != $_POST['cmtx_security_key']) { //security key incorrect cmtx_ban(CMTX_BAN_REASON_INCORRECT_SECURITY_KEY); //ban user for incorrect security key } } /* Resubmit Key */ if (!isset($_POST['cmtx_resubmit_key'])) { //no resubmit key submitted cmtx_ban(CMTX_BAN_REASON_NO_RESUBMIT_KEY); //ban user for no resubmit key } else { //if resubmit key submitted if (!ctype_alnum($_POST['cmtx_resubmit_key']) || cmtx_strlen($_POST['cmtx_resubmit_key']) != 20) { //if resubmit key invalid cmtx_ban(CMTX_BAN_REASON_INVALID_RESUBMIT_KEY); //ban user for invalid resubmit key } } /* Check Honeypot */ if (cmtx_setting('check_honeypot')) { //if honeypot-check enabled if (!isset($_POST['cmtx_honeypot'])) { //if honeypot not submitted cmtx_error(CMTX_ERROR_MESSAGE_MISSING_DATA); //reject user for no honeypot } else { //if honeypot submitted if (!empty($_POST['cmtx_honeypot'])) {
function cmtx_load_form_cookie() { //load cookie form field values global $cmtx_default_name, $cmtx_default_email, $cmtx_default_website, $cmtx_default_town, $cmtx_default_country; //globalise variables if (isset($_COOKIE['Commentics-Form']) && cmtx_strlen($_COOKIE['Commentics-Form']) < 500) { $values = explode('|', $_COOKIE['Commentics-Form']); if (count($values) == 5) { $cmtx_default_name = $values[0]; $cmtx_default_email = $values[1]; $cmtx_default_website = $values[2]; $cmtx_default_town = $values[3]; $cmtx_default_country = $values[4]; } } }
function cmtx_get_random_key($length) { //generates a random key $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; //allowed characters $key = ''; for ($i = 0; $i < $length; $i++) { $key .= $characters[mt_rand(0, cmtx_strlen($characters) - 1)]; } return $key; }
function cmtx_generate_comment($is_preview, $alternate, $id, $name, $email, $website, $town, $country, $rating, $reply_to, $comment, $reply, $is_admin, $likes, $dislikes, $is_sticky, $is_locked, $dated) { //generate comment $cmtx_box = ''; //initialise box for ($i = 1; $i <= cmtx_get_reply_depth($id); $i++) { if (cmtx_setting('reply_arrow') && $i == cmtx_get_reply_depth($id)) { $cmtx_box .= '<div class="cmtx_reply_arrow">'; //add the reply arrow } $cmtx_box .= '<div class="cmtx_reply_indent">'; //indent the reply } $perm = ''; if (isset($_GET['cmtx_perm']) && ctype_digit($_GET['cmtx_perm'])) { $cmtx_perm = (int) $_GET['cmtx_perm']; if ($cmtx_perm == $id) { $perm = ' cmtx_permalink_box'; } } if ($alternate == 1) { //if it's the first box if (!$reply_to && !$is_admin) { $cmtx_box .= '<div class="cmtx_comment_box_1' . $perm . '" id="cmtx_perm_' . $id . '">'; //comment and not admin } else { if ($reply_to && !$is_admin) { $cmtx_box .= '<div class="cmtx_reply_box_1' . $perm . '" id="cmtx_perm_' . $id . '">'; //reply and not admin } else { if (!$reply_to && $is_admin) { $cmtx_box .= '<div class="cmtx_admin_comment_box_1' . $perm . '" id="cmtx_perm_' . $id . '">'; //comment and is admin } else { if ($reply_to && $is_admin) { $cmtx_box .= '<div class="cmtx_admin_reply_box_1' . $perm . '" id="cmtx_perm_' . $id . '">'; //reply and is admin } } } } } else { //if it's the second box if (!$reply_to && !$is_admin) { $cmtx_box .= '<div class="cmtx_comment_box_2' . $perm . '" id="cmtx_perm_' . $id . '">'; //comment and not admin } else { if ($reply_to && !$is_admin) { $cmtx_box .= '<div class="cmtx_reply_box_2' . $perm . '" id="cmtx_perm_' . $id . '">'; //reply and not admin } else { if (!$reply_to && $is_admin) { $cmtx_box .= '<div class="cmtx_admin_comment_box_2' . $perm . '" id="cmtx_perm_' . $id . '">'; //comment and is admin } else { if ($reply_to && $is_admin) { $cmtx_box .= '<div class="cmtx_admin_reply_box_2' . $perm . '" id="cmtx_perm_' . $id . '">'; //reply and is admin } } } } } //Sticky (1/2) if ($is_sticky) { $cmtx_box .= '<div class="cmtx_sticky_image">'; } //Gravatar (1/2) if (cmtx_setting('show_gravatar')) { $cmtx_box .= '<div class="cmtx_gravatar_block">'; $gravatar_parameter = '&r=' . cmtx_setting('gravatar_rating'); if (cmtx_setting('gravatar_default') != 'default') { if (cmtx_setting('gravatar_default') == 'custom') { $gravatar_parameter .= '&d=' . cmtx_url_encode(cmtx_setting('gravatar_custom')); } else { $gravatar_parameter .= '&d=' . cmtx_setting('gravatar_default'); } } $cmtx_box .= '<img src="http://www.gravatar.com/avatar/' . md5(strtolower(trim($email))) . '.png?s=' . cmtx_setting('gravatar_size') . $gravatar_parameter . '" alt="Gravatar" title="Gravatar"/>'; $cmtx_box .= '</div>'; $cmtx_box .= '<div style="clear: right;"></div>'; $cmtx_box .= '<div style="margin-left:' . (cmtx_setting('gravatar_size') + 5) . 'px;">'; } //Rating if (cmtx_setting('show_rating') && $rating != 0) { $cmtx_box .= '<div class="cmtx_rating_block">'; if ($rating == 1) { $cmtx_box .= cmtx_star_full(1, CMTX_RATING_ONE); $cmtx_box .= cmtx_star_empty(4, CMTX_RATING_ONE); } else { if ($rating == 2) { $cmtx_box .= cmtx_star_full(2, CMTX_RATING_TWO); $cmtx_box .= cmtx_star_empty(3, CMTX_RATING_TWO); } else { if ($rating == 3) { $cmtx_box .= cmtx_star_full(3, CMTX_RATING_THREE); $cmtx_box .= cmtx_star_empty(2, CMTX_RATING_THREE); } else { if ($rating == 4) { $cmtx_box .= cmtx_star_full(4, CMTX_RATING_FOUR); $cmtx_box .= cmtx_star_empty(1, CMTX_RATING_FOUR); } else { if ($rating == 5) { $cmtx_box .= cmtx_star_full(5, CMTX_RATING_FIVE); } } } } } $cmtx_box .= '</div>'; } //Name and Website if (cmtx_setting('show_website') && !empty($website) && $website != 'http://') { $cmtx_website_attribute = ''; //initialize variable if (cmtx_setting('website_new_window')) { $cmtx_website_attribute = ' target="_blank"'; } //if website should open in new window if (cmtx_setting('website_nofollow')) { $cmtx_website_attribute .= ' rel="nofollow"'; } //if website should contain nofollow tag if ($is_admin) { $cmtx_box .= '<a class="cmtx_admin_name_with_website_text" href="' . $website . '"' . $cmtx_website_attribute . '>' . $name . '</a>'; } else { $cmtx_box .= '<a class="cmtx_name_with_website_text" href="' . $website . '"' . $cmtx_website_attribute . '>' . $name . '</a>'; } } else { if ($is_admin) { $cmtx_box .= '<span class="cmtx_admin_name_without_website_text">'; $cmtx_box .= $name; $cmtx_box .= '</span>'; } else { $cmtx_box .= '<span class="cmtx_name_without_website_text">'; $cmtx_box .= $name; $cmtx_box .= '</span>'; } } //Town and Country if (cmtx_setting('show_town') && !empty($town) && cmtx_setting('show_country') && !empty($country)) { $cmtx_box .= '<span class="cmtx_town_country_text">'; $cmtx_box .= ' (' . $town . ', ' . $country . ')'; $cmtx_box .= '</span>'; } else { if (cmtx_setting('show_town') && !empty($town)) { $cmtx_box .= '<span class="cmtx_town_country_text">'; $cmtx_box .= ' (' . $town . ')'; $cmtx_box .= '</span>'; } else { if (cmtx_setting('show_country') && !empty($country)) { $cmtx_box .= '<span class="cmtx_town_country_text">'; $cmtx_box .= ' (' . $country . ')'; $cmtx_box .= '</span>'; } } } //Says... if (cmtx_setting('show_says')) { $cmtx_box .= '<span class="cmtx_says_text">'; $cmtx_box .= ' ' . CMTX_SAYS; $cmtx_box .= '</span>'; } $cmtx_box .= '<div class="cmtx_height_above_comment_text"></div>'; //Comment $cmtx_box .= '<div class="cmtx_comment_text">'; if (cmtx_setting('show_read_more') && !$is_preview && cmtx_strlen(strip_tags($comment)) > cmtx_setting('read_more_limit')) { $comment_less = str_ireplace('<br />', ' ', $comment); $comment_less = str_ireplace('<br/>', ' ', $comment_less); $comment_less = str_ireplace('<br>', ' ', $comment_less); $comment_less = str_ireplace('<p></p>', ' ', $comment_less); $comment_less = str_ireplace('<p />', ' ', $comment_less); $comment_less = str_ireplace('<p/>', ' ', $comment_less); $comment_less = strip_tags($comment_less); $comment_cut = substr($comment_less, 0, cmtx_setting('read_more_limit')); $comment_less = substr($comment_cut, 0, strrpos($comment_cut, ' ')); $cmtx_box .= '<div id="cmtx_comment_less_' . $id . '">'; $cmtx_box .= $comment_less; $cmtx_box .= ' <a href="' . cmtx_url_encode(cmtx_current_page()) . '" class="cmtx_read_more_link" title="' . CMTX_TITLE_READ_MORE . '" rel="nofollow" onclick="cmtx_read_more(' . $id . ');return false;">' . CMTX_READ_MORE . '</a>'; $cmtx_box .= '</div>'; $cmtx_box .= '<div id="cmtx_comment_more_' . $id . '" style="display:none;">'; $cmtx_box .= $comment; $cmtx_box .= '</div>'; } else { $cmtx_box .= $comment; } $cmtx_box .= '</div>'; //Admin Reply if (!empty($reply)) { $cmtx_box .= '<div class="cmtx_height_above_reply_text"></div>'; $cmtx_box .= '<div class="cmtx_reply_area">'; $cmtx_box .= '<div class="cmtx_reply_intro">'; $cmtx_box .= CMTX_REPLY_INTRO; $cmtx_box .= '</div>'; $cmtx_box .= ' '; $cmtx_box .= '<div class="cmtx_reply_text">'; $cmtx_box .= $reply; $cmtx_box .= '</div>'; $cmtx_box .= '</div>'; } $cmtx_box .= '<div class="cmtx_height_below_comment_text"></div>'; //Preview Message if ($is_preview) { $cmtx_box .= '<div class="cmtx_preview_text">'; $cmtx_box .= CMTX_PREVIEW_TEXT; $cmtx_box .= '</div>'; } $cmtx_box .= '<div class="cmtx_buttons_block">'; //Reply if (cmtx_setting('show_reply') && !$is_preview) { $cmtx_box .= '<div class="cmtx_reply_block">'; $cmtx_box .= '<div class="cmtx_buttons">'; if (cmtx_get_reply_depth($id) < cmtx_setting('reply_depth') && !$is_locked) { $cmtx_box .= '<a href="' . cmtx_url_encode(cmtx_current_page() . CMTX_ANCHOR_FORM) . '" id="cmtx_reply_' . $id . '" class="cmtx_reply_enabled" title="' . CMTX_TITLE_REPLY . '" rel="nofollow" onclick="'; if (cmtx_setting('hide_form')) { $cmtx_box .= 'cmtx_open_form();'; } $cmtx_box .= 'document.getElementById(\'cmtx_hide_reply\').style.display=\'block\';'; $cmtx_box .= 'document.getElementById(\'cmtx_reply_id\').value=\'' . $id . '\';'; $cmtx_box .= 'document.getElementById(\'cmtx_reply_message\').innerHTML=\'' . CMTX_REPLY_MESSAGE . ' ' . $name . '. ' . '\';'; $cmtx_box .= 'document.getElementById(\'cmtx_reset_reply\').style.display=\'inline\'">'; $cmtx_box .= '<img src="' . cmtx_commentics_url() . 'images/buttons/reply.png" alt="Reply" title="' . CMTX_TITLE_REPLY . '"/>' . CMTX_REPLY . '</a>'; } else { $cmtx_box .= '<a href="' . cmtx_url_encode(cmtx_current_page()) . '" id="cmtx_reply_' . $id . '" class="cmtx_reply_disabled" title="" rel="nofollow" onclick="return false;">'; $cmtx_box .= '<img src="' . cmtx_commentics_url() . 'images/buttons/reply.png" alt="Reply" title=""/>' . CMTX_REPLY . '</a>'; } $cmtx_box .= '</div>'; $cmtx_box .= '</div>'; } //Permalink if (cmtx_setting('show_permalink') && !$is_preview) { $cmtx_box .= '<div class="cmtx_permalink_block">'; $cmtx_box .= '<div class="cmtx_buttons">'; $cmtx_box .= '<a class="cmtx_permalink" href="' . cmtx_get_permalink($id, cmtx_get_page_url()) . '" id="cmtx_permalink_' . $id . '" title="' . CMTX_TITLE_PERMALINK . '" rel="nofollow"><img src="' . cmtx_commentics_url() . 'images/buttons/permalink.png" alt="Permalink" title="' . CMTX_TITLE_PERMALINK . '"/>' . CMTX_PERMALINK . '</a>'; $cmtx_box .= '</div>'; $cmtx_box .= '</div>'; } //Flag if (cmtx_setting('show_flag') && !$is_preview) { $cmtx_box .= '<div class="cmtx_flag_block">'; $cmtx_box .= '<div class="cmtx_buttons">'; $cmtx_box .= '<a class="cmtx_flag" href="' . cmtx_url_encode(cmtx_current_page()) . '" id="cmtx_flag_' . $id . '" title="' . CMTX_TITLE_FLAG . '" rel="nofollow"><img src="' . cmtx_commentics_url() . 'images/buttons/flag.png" alt="Flag" title="' . CMTX_TITLE_FLAG . '"/>' . CMTX_FLAG . '</a>'; $cmtx_box .= '</div>'; $cmtx_box .= '</div>'; } //Like/Dislike if ((cmtx_setting('show_like') || cmtx_setting('show_dislike')) && !$is_preview) { $cmtx_box .= '<div class="cmtx_like_block">'; $cmtx_box .= '<div class="cmtx_buttons">'; if (cmtx_setting('show_like')) { $cmtx_box .= '<a class="cmtx_vote cmtx_like" href="' . cmtx_url_encode(cmtx_current_page()) . '" id="cmtx_like_' . $id . '" title="' . CMTX_TITLE_LIKE . '" rel="nofollow"><img src="' . cmtx_commentics_url() . 'images/buttons/like.png" alt="Like" title="' . CMTX_TITLE_LIKE . '"/>' . $likes . '</a>'; } if (cmtx_setting('show_dislike')) { $cmtx_box .= '<a class="cmtx_vote cmtx_dislike" href="' . cmtx_url_encode(cmtx_current_page()) . '" id="cmtx_dislike_' . $id . '" title="' . CMTX_TITLE_DISLIKE . '" rel="nofollow"><img src="' . cmtx_commentics_url() . 'images/buttons/dislike.png" alt="Dislike" title="' . CMTX_TITLE_DISLIKE . '"/>' . $dislikes . '</a>'; } $cmtx_box .= '</div>'; $cmtx_box .= '</div>'; } $cmtx_box .= '</div>'; //Date if (cmtx_setting('show_date')) { $cmtx_box .= '<div class="cmtx_date_text">'; if (date('Y-m-d', strtotime($dated)) == date('Y-m-d')) { //if comment's date is today $cmtx_box .= CMTX_TODAY . ' ' . cmtx_format_date(date(CMTX_TIME_FORMAT, strtotime($dated))); } else { if (date('Y-m-d', strtotime($dated)) == date('Y-m-d', mktime(date('H'), date('i'), date('s'), date('m'), date('d') - 1, date('Y')))) { //if comment's date is yesterday $cmtx_box .= CMTX_YESTERDAY . ' ' . cmtx_format_date(date(CMTX_TIME_FORMAT, strtotime($dated))); } else { $cmtx_box .= cmtx_format_date(date(CMTX_DATE_FORMAT, strtotime($dated))) . ' ' . cmtx_format_date(date(CMTX_TIME_FORMAT, strtotime($dated))); } } $cmtx_box .= '</div>'; } //Sticky (2/2) if ($is_sticky) { $cmtx_box .= '</div>'; } //Gravatar (2/2) if (cmtx_setting('show_gravatar')) { $cmtx_box .= '</div>'; } $cmtx_box .= '</div>'; //end div for ($i = 1; $i <= cmtx_get_reply_depth($id); $i++) { if (cmtx_setting('reply_arrow') && $i == cmtx_get_reply_depth($id)) { $cmtx_box .= '</div>'; } $cmtx_box .= '</div>'; } if ($is_preview) { $cmtx_box .= '<div class="cmtx_height_below_preview_box"></div>'; } return $cmtx_box; }
function cmtx_comment_check_capitals($comment) { //checks comment for too many capital letters if (cmtx_is_encoding_iso($comment)) { //if encoding is ISO-8859-1 $comment = preg_replace('/[^a-z]/i', '', $comment); //remove non-letters $number_of_letters = cmtx_strlen($comment); //number of letters $number_of_capitals = cmtx_strlen(preg_replace('/[^A-Z]/', '', $comment)); //number of capitals if ($number_of_letters != 0 && $number_of_letters > 3 && $number_of_capitals != 0) { //if check is appropriate $percentage_of_capitals = $number_of_capitals / $number_of_letters * 100; //percentage of capitals if ($percentage_of_capitals >= cmtx_setting('check_capitals_percentage')) { //if too many capitals if (cmtx_setting('check_capitals_action') == 'approve') { //if entering too many capitals should require approval cmtx_approve(CMTX_APPROVE_REASON_CAPITALS); //approve user for too many capitals } else { if (cmtx_setting('check_capitals_action') == 'reject') { //if entering too many capitals should be rejected cmtx_error(CMTX_ERROR_MESSAGE_CAPITALS); //reject user for too many capitals } else { if (cmtx_setting('check_capitals_action') == 'ban') { //if entering too many capitals should result in a ban cmtx_ban(CMTX_BAN_REASON_CAPITALS); //ban user for too many capitals } } } } //end of if-too-many-capitals } } }
if (!cmtx_setting('show_rss')) { die(CMTX_RSS_FEATURE_DISABLED); } if (!cmtx_is_administrator()) { //if not administrator if (cmtx_in_maintenance()) { //check if under maintenance die; } } header('Content-Type:text/xml; charset=utf-8'); /* Error Reporting */ cmtx_error_reporting('includes/logs/errors.log'); /* Time Zone */ cmtx_set_time_zone(cmtx_setting('time_zone')); if (isset($_GET['id']) && ctype_digit($_GET['id']) && cmtx_strlen($_GET['id']) < 10) { //if page ID is in URL and it validates $id = (int) $_GET['id']; $id = cmtx_sanitize($id, true, true); $query = "SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' AND `page_id` = '{$id}' ORDER BY `dated` DESC"; //get page's items } else { $query = "SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' ORDER BY `dated` DESC"; //get all items } /* Last Build Date */ $lbd_query = $query . " LIMIT 1"; $lbd_query = cmtx_db_query($lbd_query); if (cmtx_db_num_rows($lbd_query)) { $lbd_result = cmtx_db_fetch_assoc($lbd_query); $last_build_date = date("r", strtotime($lbd_result["dated"]));
/* Error Reporting */ cmtx_error_reporting('includes/logs/errors.log'); /* Time Zone */ cmtx_set_time_zone(cmtx_setting('time_zone')); ?> <h1><?php echo CMTX_SUB_HEADING; ?> </h1> <?php if (isset($_GET['id'])) { //get subscriber $token = $_GET['id']; if (cmtx_strlen($token) != 20 || !ctype_alnum($token)) { ?> <div class="error"><?php echo CMTX_SUB_MSG_INVALID; ?> </div><?php die; } $token = cmtx_sanitize($token, true, true); if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'"))) { $subscriber = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'"); $subscriber = cmtx_db_fetch_assoc($subscriber); } else { ?> <div class="error"><?php echo CMTX_SUB_MSG_NO_SUBSCRIPTION;