Annotation of cdn/www/b2comments.post.php, revision 1.1

1.1     ! cdn         1: <?php
        !             2: 
        !             3: # if you want to change the paths here, remember to put your new path BEFORE $b2inc,
        !             4: #  like this: "b2/$b2inc/b2functions.php"
        !             5: 
        !             6: require("b2config.php");
        !             7: require("$b2inc/b2template.functions.php");
        !             8: include("$b2inc/b2vars.php");
        !             9: include("$b2inc/b2functions.php");
        !            10: 
        !            11: dbconnect();
        !            12: 
        !            13: function add_magic_quotes($array) {
        !            14:        foreach ($array as $k => $v) {
        !            15:                if (is_array($v)) {
        !            16:                        $array[$k] = add_magic_quotes($v);
        !            17:                } else {
        !            18:                        $array[$k] = addslashes($v);
        !            19:                }
        !            20:        }
        !            21:        return $array;
        !            22: } 
        !            23: 
        !            24: if (!get_magic_quotes_gpc()) {
        !            25:        $HTTP_GET_VARS    = add_magic_quotes($HTTP_GET_VARS);
        !            26:        $HTTP_POST_VARS   = add_magic_quotes($HTTP_POST_VARS);
        !            27:        $HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
        !            28: }
        !            29: 
        !            30: $author = trim($HTTP_POST_VARS["author"]);
        !            31: $email = trim($HTTP_POST_VARS["email"]);
        !            32: $url = trim($HTTP_POST_VARS["url"]);
        !            33: $comment = trim($HTTP_POST_VARS["comment"]);
        !            34: $original_comment = $comment;
        !            35: $comment_autobr = $HTTP_POST_VARS["comment_autobr"];
        !            36: $comment_post_ID = $HTTP_POST_VARS["comment_post_ID"];
        !            37: 
        !            38: if ($require_name_email && ($email == "" || $email == "@" || $author == "" || $author == "name")) { //original fix by Dodo, and then Drinyth
        !            39:        echo "Error: please fill the required fields (name, email)";
        !            40:        exit;
        !            41: }
        !            42: if ($comment == "comment" || $comment == "") {
        !            43:        echo "Error: please type a comment";
        !            44:        exit;
        !            45: }
        !            46: 
        !            47: $user_ip = $REMOTE_ADDR;
        !            48: $user_domain = gethostbyaddr($user_ip);
        !            49: $time_difference = get_settings("time_difference");
        !            50: $now = date("Y-m-d H:i:s",(time() + ($time_difference * 3600)));
        !            51: 
        !            52: $author = strip_tags($author);
        !            53: $email = strip_tags($email);
        !            54: if (strlen($email) < 6) {
        !            55:        $email = '';
        !            56: }
        !            57: $url = trim(strip_tags($url));
        !            58: $url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
        !            59: if (strlen($url) < 7) {
        !            60:        $url = '';
        !            61: }
        !            62: $comment = strip_tags($comment, $comment_allowed_tags);
        !            63: $comment = balanceTags($comment, 1);
        !            64: $comment = convert_chars($comment);
        !            65: $comment = format_to_post($comment);
        !            66: 
        !            67: $comment_author = $author;
        !            68: $comment_author_email = $email;
        !            69: $comment_author_url = $url;
        !            70: 
        !            71: $author = addslashes($author);
        !            72: $email = addslashes($email);
        !            73: $url = addslashes($url);
        !            74: 
        !            75: /* flood-protection */
        !            76: $query = "SELECT * FROM $tablecomments WHERE comment_author_IP='$user_ip' ORDER BY comment_date DESC LIMIT 1";
        !            77: $result = mysql_query($query);
        !            78: $ok=1;
        !            79: if (!empty($result)) {
        !            80:        while($row = mysql_fetch_object($result)) {
        !            81:                $then=$row->comment_date;
        !            82:        }
        !            83:        $time_lastcomment=mysql2date("U","$then");
        !            84:        $time_newcomment=mysql2date("U","$now");
        !            85:        if (($time_newcomment - $time_lastcomment) < 30)
        !            86:                $ok=0;
        !            87: }
        !            88: /* end flood-protection */
        !            89: 
        !            90: if ($ok) {
        !            91: 
        !            92:        $query = "INSERT INTO $tablecomments VALUES ('0','$comment_post_ID','$author','$email','$url','$user_ip','$now','$comment','0')";
        !            93:        $result = mysql_query($query);
        !            94:        if (!$result)
        !            95:                die ("There is an error with the database, it can't store your comment...<br>Contact the <a href=\"mailto:$admin_email\">webmaster</a>");
        !            96: 
        !            97:        if ($comments_notify) {
        !            98: 
        !            99:                $notify_message  = "New comment on your post #$comment_post_ID.\r\n\r\n";
        !           100:                $notify_message .= "author : $comment_author (IP: $user_ip , $user_domain)\r\n";
        !           101:                $notify_message .= "e-mail : $comment_author_email\r\n";
        !           102:                $notify_message .= "url    : $comment_author_url\r\n";
        !           103:                $notify_message .= "comment: \n".stripslashes($original_comment)."\r\n\r\n";
        !           104:                $notify_message .= "You can see all comments on this post there: \r\n";
        !           105:                $notify_message .= $siteurl.'/'.$blogfilename.$querystring_start.'p'.$querystring_equal.$comment_post_ID.$querystring_separator.'c'.$querystring_equal.'1'."\r\n\r\n";
        !           106:  
        !           107:                $postdata = get_postdata($comment_post_ID);
        !           108:                $authordata = get_userdata($postdata["Author_ID"]);
        !           109:                $recipient = $authordata["user_email"];
        !           110:                $subject = "comment on post #$comment_post_ID \"".$postdata["Title"]."\"";
        !           111: 
        !           112:                @mail($recipient, $subject, $notify_message, "From: b2@".$HTTP_SERVER_VARS['SERVER_NAME']."\r\n"."X-Mailer: b2 $b2_version - PHP/" . phpversion());
        !           113:                
        !           114:        }
        !           115: 
        !           116:        if ($email == "") {
        !           117:                $email = " "; // this to make sure a cookie is set for 'no email'
        !           118:        }
        !           119:        if ($url == "") {
        !           120:                $url = " "; // this to make sure a cookie is set for 'no url'
        !           121:        }
        !           122:        setcookie("comment_author",$author, time()+30000000);
        !           123:        setcookie("comment_author_email",$email, time()+30000000);
        !           124:        setcookie("comment_author_url",$url, time()+30000000);
        !           125: 
        !           126:        header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
        !           127:        header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
        !           128:        header("Cache-Control: no-cache, must-revalidate");
        !           129:        header("Pragma: no-cache");
        !           130:        $location = (!empty($HTTP_POST_VARS['redirect_to'])) ? $HTTP_POST_VARS['redirect_to'] : $HTTP_SERVER_VARS["HTTP_REFERER"];
        !           131:        header("Location: $location");
        !           132: 
        !           133: } else {
        !           134:        die("Sorry, you can only post a new comment every 30 seconds");
        !           135: }
        !           136: 
        !           137: ?>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>