-
Notifications
You must be signed in to change notification settings - Fork 5
/
comments-ajax.php
executable file
·175 lines (149 loc) · 7.3 KB
/
comments-ajax.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
<?php
/**
* WordPress 內置嵌套評論專用 Ajax comments >> WordPress-jQuery-Ajax-Comments v1.3 by Willin Kan.
*
* 說明: 這個文件是由 WP 3.0 根目錄的 wp-comment-post.php 修改的, 修改的地方有注解. 當 WP 升級, 請注意可能有所不同.
*/
if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {
header('Allow: POST');
header('HTTP/1.1 405 Method Not Allowed');
header('Content-Type: text/plain');
exit;
}
/** Sets up the WordPress Environment. */
require( dirname(__FILE__) . '/../../../wp-load.php' ); // 此 comments-ajax.php 位於主題資料夾,所以位置已不同
nocache_headers();
$comment_post_ID = isset($_POST['hackerzhou_article_id']) ? (int) $_POST['hackerzhou_article_id'] : 0;
$verify_ans = isset($_POST['comm_verify_ans']) ? (int) $_POST['comm_verify_ans'] : -1;
$verify = isset($_COOKIE['comm_verify']) ? (int) $_COOKIE['comm_verify'] : -1;
if (($verify == -1 && $verify_ans == -1) || ($verify_ans != countOnes($verify))) {
err(__('Sorry, comments are closed for this item.') . $verify . ":" . $verify_ans);
}
$post = get_post($comment_post_ID);
if ( empty($post->comment_status) ) {
do_action('comment_id_not_found', $comment_post_ID);
err(__('Invalid comment status.')); // 將 exit 改為錯誤提示
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if ( !comments_open($comment_post_ID) ) {
do_action('comment_closed', $comment_post_ID);
err(__('Sorry, comments are closed for this item.')); // 將 wp_die 改為錯誤提示
} elseif ( 'trash' == $status ) {
do_action('comment_on_trash', $comment_post_ID);
err(__('Invalid comment status.')); // 將 exit 改為錯誤提示
} elseif ( !$status_obj->public && !$status_obj->private ) {
do_action('comment_on_draft', $comment_post_ID);
err(__('Invalid comment status.')); // 將 exit 改為錯誤提示
} elseif ( post_password_required($comment_post_ID) ) {
do_action('comment_on_password_protected', $comment_post_ID);
err(__('Password Protected')); // 將 exit 改為錯誤提示
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$arg0_name = comments_field_name($comment_post_ID, 0);
$arg1_name = comments_field_name($comment_post_ID, 1);
$arg2_name = comments_field_name($comment_post_ID, 2);
$arg3_name = comments_field_name($comment_post_ID, 3);
$comment_author = ( isset($_POST[$arg0_name]) ) ? trim(strip_tags($_POST[$arg0_name])) : null;
$comment_author_email = ( isset($_POST[$arg1_name]) ) ? trim($_POST[$arg1_name]) : null;
$comment_author_url = ( isset($_POST[$arg2_name]) ) ? trim($_POST[$arg2_name]) : null;
$comment_content = ( isset($_POST[$arg3_name]) ) ? trim($_POST[$arg3_name]) : null;
$edit_id = ( isset($_POST['edit_id']) ) ? $_POST['edit_id'] : null; // 提取 edit_id
// If the user is logged in
$user = wp_get_current_user();
if ( $user->ID ) {
if ( empty( $user->display_name ) )
$user->display_name=$user->user_login;
global $wpdb;
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
kses_init_filters(); // set up the filters
}
}
} else {
if ( get_option('comment_registration') || 'private' == $status )
err(__('Sorry, you must be logged in to post a comment.')); // 將 wp_die 改為錯誤提示
}
$comment_type = '';
if ( get_option('require_name_email') && !$user->ID ) {
if ( 6 > strlen($comment_author_email) || '' == $comment_author )
err( __('Error: please fill the required fields (name, email).') ); // 將 wp_die 改為錯誤提示
elseif ( !is_email($comment_author_email))
err( __('Error: please enter a valid email address.') ); // 將 wp_die 改為錯誤提示
}
if ( '' == $comment_content )
err( __('Error: please type a comment.') ); // 將 wp_die 改為錯誤提示
// 增加: 錯誤提示功能
function err($ErrMsg) {
header('HTTP/1.1 405 Method Not Allowed');
echo $ErrMsg;
exit;
}
function countOnes($v) {
$c = ($v & 0x55555555) + (($v >> 1) & 0x55555555);
$c = ($c & 0x33333333) + (($c >> 2) & 0x33333333);
$c = ($c & 0x0F0F0F0F) + (($c >> 4) & 0x0F0F0F0F);
$c = ($c & 0x00FF00FF) + (($c >> 8) & 0x00FF00FF);
$c = ($c & 0x0000FFFF) + (($c >> 16) & 0x0000FFFF);
return $c;
}
// 增加: 檢查重覆評論功能
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
if ( $comment_author_email ) $dupe .= "OR comment_author_email = '$comment_author_email' ";
$dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
if ( $wpdb->get_var($dupe) ) {
err(__('Duplicate comment detected; it looks as though you’ve already said that!'));
}
// 增加: 檢查評論太快功能
if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author) ) ) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ( $flood_die ) {
err(__('You are posting comments too quickly. Slow down.'));
}
}
$comment_parent = isset($_POST['hackerzhou_com_parent_id']) ? absint($_POST['hackerzhou_com_parent_id']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
// 增加: 檢查評論是否正被編輯, 更新或新建評論
if ( $edit_id ){
$comment_id = $commentdata['comment_ID'] = $edit_id;
wp_update_comment( $commentdata );
} else {
$comment_id = wp_new_comment( $commentdata );
}
$comment = get_comment($comment_id);
if ( !$user->ID ) {
$comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
}
$comment_depth = 1; //为评论的 class 属性准备的
$tmp_c = $comment;
while($tmp_c->comment_parent != 0){
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
//以下是評論式樣, 不含 "回覆". 要用你模板的式樣 copy 覆蓋.
?>
<li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?>">
<div id="comment-<?php comment_ID(); ?>">
<div class="comment-author vcard">
<?php echo get_avatar( $comment,$size='32',$default='<path_to_url>' ); ?>
<div class="authorInfo">
<cite class="fn"><?php echo get_comment_author_link(); ?></cite><br/><?php echo get_comment_time("Y-m-d H:i");?>
</div>
</div>
<?php if ( $comment->comment_approved == '0' ) : ?>
<em><?php _e( 'Your comment is awaiting moderation.'); ?></em>
<br />
<?php endif; ?>
<?php comment_text(); ?>
</div>