File:  [mozdev] / cdn / www / b2comments.post.php
Revision 1.1: download - view: text, annotated - select for diffs - revision graph
Thu Mar 6 11:19:39 2003 UTC (16 years, 1 month ago) by cdn
Branches: MAIN
CVS tags: HEAD
b2 blog cafelog.com

    1: <?php
    2: 
    3: # if you want to change the paths here, remember to put your new path BEFORE $b2inc,
    4: #  like this: "b2/$b2inc/b2functions.php"
    5: 
    6: require("b2config.php");
    7: require("$b2inc/b2template.functions.php");
    8: include("$b2inc/b2vars.php");
    9: include("$b2inc/b2functions.php");
   10: 
   11: dbconnect();
   12: 
   13: function add_magic_quotes($array) {
   14: 	foreach ($array as $k => $v) {
   15: 		if (is_array($v)) {
   16: 			$array[$k] = add_magic_quotes($v);
   17: 		} else {
   18: 			$array[$k] = addslashes($v);
   19: 		}
   20: 	}
   21: 	return $array;
   22: } 
   23: 
   24: if (!get_magic_quotes_gpc()) {
   25: 	$HTTP_GET_VARS    = add_magic_quotes($HTTP_GET_VARS);
   26: 	$HTTP_POST_VARS   = add_magic_quotes($HTTP_POST_VARS);
   27: 	$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
   28: }
   29: 
   30: $author = trim($HTTP_POST_VARS["author"]);
   31: $email = trim($HTTP_POST_VARS["email"]);
   32: $url = trim($HTTP_POST_VARS["url"]);
   33: $comment = trim($HTTP_POST_VARS["comment"]);
   34: $original_comment = $comment;
   35: $comment_autobr = $HTTP_POST_VARS["comment_autobr"];
   36: $comment_post_ID = $HTTP_POST_VARS["comment_post_ID"];
   37: 
   38: if ($require_name_email && ($email == "" || $email == "@" || $author == "" || $author == "name")) { //original fix by Dodo, and then Drinyth
   39: 	echo "Error: please fill the required fields (name, email)";
   40: 	exit;
   41: }
   42: if ($comment == "comment" || $comment == "") {
   43: 	echo "Error: please type a comment";
   44: 	exit;
   45: }
   46: 
   47: $user_ip = $REMOTE_ADDR;
   48: $user_domain = gethostbyaddr($user_ip);
   49: $time_difference = get_settings("time_difference");
   50: $now = date("Y-m-d H:i:s",(time() + ($time_difference * 3600)));
   51: 
   52: $author = strip_tags($author);
   53: $email = strip_tags($email);
   54: if (strlen($email) < 6) {
   55: 	$email = '';
   56: }
   57: $url = trim(strip_tags($url));
   58: $url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
   59: if (strlen($url) < 7) {
   60: 	$url = '';
   61: }
   62: $comment = strip_tags($comment, $comment_allowed_tags);
   63: $comment = balanceTags($comment, 1);
   64: $comment = convert_chars($comment);
   65: $comment = format_to_post($comment);
   66: 
   67: $comment_author = $author;
   68: $comment_author_email = $email;
   69: $comment_author_url = $url;
   70: 
   71: $author = addslashes($author);
   72: $email = addslashes($email);
   73: $url = addslashes($url);
   74: 
   75: /* flood-protection */
   76: $query = "SELECT * FROM $tablecomments WHERE comment_author_IP='$user_ip' ORDER BY comment_date DESC LIMIT 1";
   77: $result = mysql_query($query);
   78: $ok=1;
   79: if (!empty($result)) {
   80: 	while($row = mysql_fetch_object($result)) {
   81: 		$then=$row->comment_date;
   82: 	}
   83: 	$time_lastcomment=mysql2date("U","$then");
   84: 	$time_newcomment=mysql2date("U","$now");
   85: 	if (($time_newcomment - $time_lastcomment) < 30)
   86: 		$ok=0;
   87: }
   88: /* end flood-protection */
   89: 
   90: if ($ok) {
   91: 
   92: 	$query = "INSERT INTO $tablecomments VALUES ('0','$comment_post_ID','$author','$email','$url','$user_ip','$now','$comment','0')";
   93: 	$result = mysql_query($query);
   94: 	if (!$result)
   95: 		die ("There is an error with the database, it can't store your comment...<br>Contact the <a href=\"mailto:$admin_email\">webmaster</a>");
   96: 
   97: 	if ($comments_notify) {
   98: 
   99: 		$notify_message  = "New comment on your post #$comment_post_ID.\r\n\r\n";
  100: 		$notify_message .= "author : $comment_author (IP: $user_ip , $user_domain)\r\n";
  101: 		$notify_message .= "e-mail : $comment_author_email\r\n";
  102: 		$notify_message .= "url    : $comment_author_url\r\n";
  103: 		$notify_message .= "comment: \n".stripslashes($original_comment)."\r\n\r\n";
  104: 		$notify_message .= "You can see all comments on this post there: \r\n";
  105: 		$notify_message .= $siteurl.'/'.$blogfilename.$querystring_start.'p'.$querystring_equal.$comment_post_ID.$querystring_separator.'c'.$querystring_equal.'1'."\r\n\r\n";
  106:  
  107: 		$postdata = get_postdata($comment_post_ID);
  108: 		$authordata = get_userdata($postdata["Author_ID"]);
  109: 		$recipient = $authordata["user_email"];
  110: 		$subject = "comment on post #$comment_post_ID \"".$postdata["Title"]."\"";
  111: 
  112: 		@mail($recipient, $subject, $notify_message, "From: b2@".$HTTP_SERVER_VARS['SERVER_NAME']."\r\n"."X-Mailer: b2 $b2_version - PHP/" . phpversion());
  113: 		
  114: 	}
  115: 
  116: 	if ($email == "") {
  117: 		$email = " "; // this to make sure a cookie is set for 'no email'
  118: 	}
  119: 	if ($url == "") {
  120: 		$url = " "; // this to make sure a cookie is set for 'no url'
  121: 	}
  122: 	setcookie("comment_author",$author, time()+30000000);
  123: 	setcookie("comment_author_email",$email, time()+30000000);
  124: 	setcookie("comment_author_url",$url, time()+30000000);
  125: 
  126: 	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  127: 	header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  128: 	header("Cache-Control: no-cache, must-revalidate");
  129: 	header("Pragma: no-cache");
  130: 	$location = (!empty($HTTP_POST_VARS['redirect_to'])) ? $HTTP_POST_VARS['redirect_to'] : $HTTP_SERVER_VARS["HTTP_REFERER"];
  131: 	header("Location: $location");
  132: 
  133: } else {
  134: 	die("Sorry, you can only post a new comment every 30 seconds");
  135: }
  136: 
  137: ?>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>