XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
comment_post.php
Go to the documentation of this file.
1 <?php
20 defined('XOOPS_ROOT_PATH') or die('Restricted access');
21 
22 include_once $GLOBALS['xoops']->path('include/comment_constants.php');
23 
24 xoops_loadLanguage('comment');
25 
26 if ('system' == $xoopsModule->getVar('dirname')) {
27  $com_id = isset($_POST['com_id']) ? intval($_POST['com_id']) : 0;
28  if (empty($com_id)) {
29  exit();
30  }
31  $comment_handler =& xoops_gethandler('comment');
32  $comment =& $comment_handler->get($com_id);
33  $module_handler =& xoops_gethandler('module');
34  $module =& $module_handler->get($comment->getVar('com_modid'));
35  $comment_config = $module->getInfo('comments');
36  $com_modid = $module->getVar('mid');
37  $redirect_page = XOOPS_URL . '/modules/system/admin.php?fct=comments&amp;com_modid=' . $com_modid . '&amp;com_itemid';
38  $moddir = $module->getVar('dirname');
39  unset($comment);
40 } else {
41  $com_id = isset($_POST['com_id']) ? intval($_POST['com_id']) : 0;
42  if (XOOPS_COMMENT_APPROVENONE == $xoopsModuleConfig['com_rule']) {
43  exit();
44  }
45  $comment_config = $xoopsModule->getInfo('comments');
46  $com_modid = $xoopsModule->getVar('mid');
47  $redirect_page = $comment_config['pageName'] . '?';
48  if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
49  $extra_params = '';
50  foreach($comment_config['extraParams'] as $extra_param) {
51  $extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&amp;' : $extra_param . '=&amp;';
52  }
53  $redirect_page .= $extra_params;
54  }
55  $redirect_page .= $comment_config['itemName'];
56  $comment_url = $redirect_page;
57  $moddir = $xoopsModule->getVar('dirname');
58 }
59 
60 $op = '';
61 $error_message = '';
62 $com_user = '';
63 $com_email = '';
64 $com_url = '';
65 
66 if (!empty($_POST)) {
67  if (isset($_POST['com_dopost'])) {
68  $op = 'post';
69  } else if (isset($_POST['com_dopreview'])) {
70  $op = 'preview';
71  }
72  if (isset($_POST['com_dodelete'])) {
73  $op = 'delete';
74  }
75  if ($op == 'preview' || $op == 'post') {
76  if (! $GLOBALS['xoopsSecurity']->check()) {
77  $op = '';
78  }
79  }
80  if ($op == 'post' && !is_object($xoopsUser)) {
81  xoops_load('XoopsCaptcha');
82  $xoopsCaptcha = XoopsCaptcha::getInstance();
83  if (! $xoopsCaptcha->verify()) {
84  $error_message .= $xoopsCaptcha->getMessage() . '<br />';
85  }
86 
87  // Start add by voltan
88  xoops_load('XoopsUserUtility');
89  xoops_loadLanguage('user');
90  $myts =& MyTextSanitizer::getInstance();
91 
92  // Check user name
93  $search_arr = array("&nbsp;","\t","\r\n","\r","\n",",",".","'",";",":",")", "(",'"','?','!','{','}','[',']','<','>','/','+','-','_', '\\','*','=','@','#','$','%','^','&');
94  $replace_arr = array(' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ', ' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ', ' ',' ',' ',' ',' ','');
95  $com_user = trim($_POST['com_user']);
96  $com_user = $myts->stripSlashesGPC($com_user);
97  $com_user = $myts->xoopsCodeDecode($com_user);
98  $com_user = $myts->filterXss($com_user);
99  $com_user = strip_tags($com_user);
100  $com_user = strtolower($com_user);
101  $com_user = htmlentities($com_user, ENT_COMPAT, 'utf-8');
102  $com_user = preg_replace('`\[.*\]`U', ' ', $com_user);
103  $com_user = preg_replace('`&(amp;)?#?[a-z0-9]+;`i', ' ', $com_user);
104  $com_user = preg_replace('`&([a-z])(acute|uml|circ|grave|ring|cedil|slash|tilde|caron|lig);`i', '\\1', $com_user);
105  $com_user = str_replace($search_arr, $replace_arr, $com_user);
106 
107  // Check Url
108  if(!empty($_POST['com_url'])) {
109  $com_url = trim($_POST['com_url']);
110  $com_url = filter_var($com_url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED);
111  }
112 
113  // Check Email
114  $com_email = $myts->stripSlashesGPC(trim($_POST['com_email']));
115  $com_email = htmlspecialchars(trim($com_email), ENT_QUOTES);
116  $com_email = filter_var($com_email, FILTER_VALIDATE_EMAIL);
117  // Invalid email address
118  if (!checkEmail($com_email)) {
119  $error_message .= _US_INVALIDMAIL . '<br />';
120  }
121  if (strrpos($com_email, ' ') > 0) {
122  $error_message .= _US_EMAILNOSPACES . '<br />';
123  }
124  // Check forbidden email address if current operator is not an administrator
125  if (!$xoopsUser_isAdmin) {
126  foreach ($xoopsConfigUser['bad_emails'] as $be) {
127  if (!empty($be) && preg_match('/' . $be . '/i', $com_email)) {
128  $error_message .= _US_INVALIDMAIL . '<br />';
129  break;
130  }
131  }
132  }
133  if(!empty($error_message)) {
134  $op = 'preview';
135  }
136  // End add by voltan
137  }
138 
139  $com_mode = isset($_POST['com_mode']) ? htmlspecialchars(trim($_POST['com_mode']), ENT_QUOTES) : 'flat';
140  $com_order = isset($_POST['com_order']) ? intval($_POST['com_order']) : XOOPS_COMMENT_OLD1ST;
141  $com_itemid = isset($_POST['com_itemid']) ? intval($_POST['com_itemid']) : 0;
142  $com_pid = isset($_POST['com_pid']) ? intval($_POST['com_pid']) : 0;
143  $com_rootid = isset($_POST['com_rootid']) ? intval($_POST['com_rootid']) : 0;
144  $com_status = isset($_POST['com_status']) ? intval($_POST['com_status']) : 0;
145  $dosmiley = (isset($_POST['dosmiley']) && intval($_POST['dosmiley']) > 0) ? 1 : 0;
146  $doxcode = (isset($_POST['doxcode']) && intval($_POST['doxcode']) > 0) ? 1 : 0;
147  $dobr = (isset($_POST['dobr']) && intval($_POST['dobr']) > 0) ? 1 : 0;
148  $dohtml = (isset($_POST['dohtml']) && intval($_POST['dohtml']) > 0) ? 1 : 0;
149  $doimage = (isset($_POST['doimage']) && intval($_POST['doimage']) > 0) ? 1 : 0;
150  $com_icon = isset($_POST['com_icon']) ? trim($_POST['com_icon']) : '';
151 } else {
152  exit();
153 }
154 
155 switch ($op) {
156  case "delete":
157  include_once $GLOBALS['xoops']->path('include/comment_delete.php');
158  break;
159 
160  case "preview":
161  $myts =& MyTextSanitizer::getInstance();
162  $doimage = 1;
163  $com_title = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_title']));
164  if ($dohtml != 0) {
165  if (is_object($xoopsUser)) {
166  if (!$xoopsUser->isAdmin($com_modid)) {
167  include_once $GLOBALS['xoops']->path('modules/system/constants.php');
168  $sysperm_handler = & xoops_gethandler('groupperm');
169  if (!$sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
170  $dohtml = 0;
171  }
172  }
173  } else {
174  $dohtml = 0;
175  }
176  }
177  $p_comment =& $myts->previewTarea($_POST['com_text'], $dohtml, $dosmiley, $doxcode, $doimage, $dobr);
178  $noname = isset($noname) ? intval($noname) : 0;
179  $com_text = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_text']));
180  if ($xoopsModule->getVar('dirname') != 'system') {
181  include_once $GLOBALS['xoops']->path('header.php');
182  if (!empty($error_message)) {
183  xoops_error($error_message);
184  }
185  echo '<table cellpadding="4" cellspacing="1" width="98%" class="outer">
186  <tr><td class="head">' . $com_title . '</td></tr>
187  <tr><td><br />' . $p_comment . '<br /></td></tr>
188  </table>';
189  include_once $GLOBALS['xoops']->path('include/comment_form.php');
190  include_once $GLOBALS['xoops']->path('footer.php');
191  } else {
192  xoops_cp_header();
193  echo '<table cellpadding="4" cellspacing="1" width="98%" class="outer">
194  <tr><td class="head">' . $com_title . '</td></tr>
195  <tr><td><br />' . $p_comment . '<br /></td></tr>
196  </table>';
197  include_once $GLOBALS['xoops']->path('include/comment_form.php');
198  xoops_cp_footer();
199  }
200  break;
201 
202  case "post":
203  $doimage = 1;
204  $comment_handler =& xoops_gethandler('comment');
205  // Start add by voltan
206  $myts =& MyTextSanitizer::getInstance();
207  // Edit add by voltan
208  $add_userpost = false;
209  $call_approvefunc = false;
210  $call_updatefunc = false;
211  // RMV-NOTIFY - this can be set to 'comment' or 'comment_submit'
212  $notify_event = false;
213  if (!empty($com_id)) {
214  $comment =& $comment_handler->get($com_id);
215  $accesserror = false;
216 
217  if (is_object($xoopsUser)) {
218  include_once $GLOBALS['xoops']->path('modules/system/constants.php');
219  $sysperm_handler = & xoops_gethandler('groupperm');
220  if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
221  if (!empty($com_status) && $com_status != XOOPS_COMMENT_PENDING) {
222  $old_com_status = $comment->getVar('com_status');
223  $comment->setVar('com_status', $com_status);
224  // if changing status from pending state, increment user post
225  if (XOOPS_COMMENT_PENDING == $old_com_status) {
226  $add_userpost = true;
227  if (XOOPS_COMMENT_ACTIVE == $com_status) {
228  $call_updatefunc = true;
229  $call_approvefunc = true;
230  // RMV-NOTIFY
231  $notify_event = 'comment';
232  }
233  } else if (XOOPS_COMMENT_HIDDEN == $old_com_status && XOOPS_COMMENT_ACTIVE == $com_status) {
234  $call_updatefunc = true;
235  // Comments can not be directly posted hidden,
236  // no need to send notification here
237  } else if (XOOPS_COMMENT_ACTIVE == $old_com_status && XOOPS_COMMENT_HIDDEN == $com_status) {
238  $call_updatefunc = true;
239  }
240  }
241  } else {
242  $dohtml = 0;
243  if ($comment->getVar('com_uid') != $xoopsUser->getVar('uid')) {
244  $accesserror = true;
245  }
246  }
247  } else {
248  $dohtml = 0;
249  $accesserror = true;
250  }
251  if (false != $accesserror) {
252  redirect_header($redirect_page . '=' . $com_itemid . '&amp;com_id=' . $com_id . '&amp;com_mode=' . $com_mode . '&amp;com_order=' . $com_order, 1, _NOPERM);
253  exit();
254  }
255  } else {
256  $comment = $comment_handler->create();
257  $comment->setVar('com_created', time());
258  $comment->setVar('com_pid', $com_pid);
259  $comment->setVar('com_itemid', $com_itemid);
260  $comment->setVar('com_rootid', $com_rootid);
261  $comment->setVar('com_ip', xoops_getenv('REMOTE_ADDR'));
262  if (is_object($xoopsUser)) {
263  include_once $GLOBALS['xoops']->path('modules/system/constants.php');
264  $sysperm_handler =& xoops_gethandler('groupperm');
265  if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
266  $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
267  $add_userpost = true;
268  $call_approvefunc = true;
269  $call_updatefunc = true;
270  // RMV-NOTIFY
271  $notify_event = 'comment';
272  } else {
273  $dohtml = 0;
274  switch ($xoopsModuleConfig['com_rule']) {
275  case XOOPS_COMMENT_APPROVEALL:
276  case XOOPS_COMMENT_APPROVEUSER:
277  $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
278  $add_userpost = true;
279  $call_approvefunc = true;
280  $call_updatefunc = true;
281  // RMV-NOTIFY
282  $notify_event = 'comment';
283  break;
284  case XOOPS_COMMENT_APPROVEADMIN:
285  default:
286  $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
287  $notify_event = 'comment_submit';
288  break;
289  }
290  }
291  if (!empty($xoopsModuleConfig['com_anonpost']) && ! empty($noname)) {
292  $uid = 0;
293  } else {
294  $uid = $xoopsUser->getVar('uid');
295  }
296  } else {
297  $dohtml = 0;
298  $uid = 0;
299  if ($xoopsModuleConfig['com_anonpost'] != 1) {
300  redirect_header($redirect_page . '=' . $com_itemid . '&amp;com_id=' . $com_id . '&amp;com_mode=' . $com_mode . '&amp;com_order=' . $com_order, 1, _NOPERM);
301  exit();
302  }
303  }
304  if ($uid == 0) {
305  switch ($xoopsModuleConfig['com_rule']) {
306  case XOOPS_COMMENT_APPROVEALL:
307  $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
308  $add_userpost = true;
309  $call_approvefunc = true;
310  $call_updatefunc = true;
311  // RMV-NOTIFY
312  $notify_event = 'comment';
313  break;
314  case XOOPS_COMMENT_APPROVEADMIN:
315  case XOOPS_COMMENT_APPROVEUSER:
316  default:
317  $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
318  // RMV-NOTIFY
319  $notify_event = 'comment_submit';
320  break;
321  }
322  }
323  $comment->setVar('com_uid', $uid);
324  }
325  $com_title = xoops_trim($_POST['com_title']);
326  $com_title = ($com_title == '') ? _NOTITLE : $com_title;
327  $comment->setVar('com_title', $com_title);
328  $comment->setVar('com_text', $_POST['com_text']);
329  $comment->setVar('dohtml', $dohtml);
330  $comment->setVar('dosmiley', $dosmiley);
331  $comment->setVar('doxcode', $doxcode);
332  $comment->setVar('doimage', $doimage);
333  $comment->setVar('dobr', $dobr);
334  $comment->setVar('com_icon', $com_icon);
335  $comment->setVar('com_modified', time());
336  $comment->setVar('com_modid', $com_modid);
337  // Start add by voltan
338  $comment->setVar('com_user', $com_user);
339  $comment->setVar('com_email', $com_email);
340  $comment->setVar('com_url', $com_url);
341  // End add by voltan
342  if (isset($extra_params)) {
343  $comment->setVar('com_exparams', $extra_params);
344  }
345  if (false != $comment_handler->insert($comment)) {
346  $newcid = $comment->getVar('com_id');
347  // set own id as root id if this is a top comment
348  if ($com_rootid == 0) {
349  $com_rootid = $newcid;
350  if (!$comment_handler->updateByField($comment, 'com_rootid', $com_rootid)) {
351  $comment_handler->delete($comment);
352  include $GLOBALS['xoops']->path('header.php');
353  xoops_error();
354  include $GLOBALS['xoops']->path('footer.php');
355  }
356  }
357  // call custom approve function if any
358  if (false != $call_approvefunc && isset($comment_config['callback']['approve']) && trim($comment_config['callback']['approve']) != '') {
359  $skip = false;
360  if (!function_exists($comment_config['callback']['approve'])) {
361  if (isset($comment_config['callbackFile'])) {
362  $callbackfile = trim($comment_config['callbackFile']);
363  if ($callbackfile != '' && file_exists($GLOBALS['xoops']->path('modules/' . $moddir . '/' . $callbackfile))) {
364  include_once $GLOBALS['xoops']->path('modules/' . $moddir . '/' . $callbackfile);
365  }
366  if (!function_exists($comment_config['callback']['approve'])) {
367  $skip = true;
368  }
369  } else {
370  $skip = true;
371  }
372  }
373  if (!$skip) {
374  $comment_config['callback']['approve']($comment);
375  }
376  }
377 
378  // call custom update function if any
379  if (false != $call_updatefunc && isset($comment_config['callback']['update']) && trim($comment_config['callback']['update']) != '') {
380  $skip = false;
381  if (!function_exists($comment_config['callback']['update'])) {
382  if (isset($comment_config['callbackFile'])) {
383  $callbackfile = trim($comment_config['callbackFile']);
384  if ($callbackfile != '' && file_exists($GLOBALS['xoops']->path('modules/' . $moddir . '/' . $callbackfile))) {
385  include_once $GLOBALS['xoops']->path('modules/' . $moddir . '/' . $callbackfile);
386  }
387  if (!function_exists($comment_config['callback']['update'])) {
388  $skip = true;
389  }
390  } else {
391  $skip = true;
392  }
393  }
394  if (!$skip) {
395  $criteria = new CriteriaCompo(new Criteria('com_modid', $com_modid));
396  $criteria->add(new Criteria('com_itemid', $com_itemid));
397  $criteria->add(new Criteria('com_status', XOOPS_COMMENT_ACTIVE));
398  $comment_count = $comment_handler->getCount($criteria);
399  $func = $comment_config['callback']['update'];
400  call_user_func_array($func, array(
401  $com_itemid ,
402  $comment_count ,
403  $comment->getVar('com_id')));
404  }
405  }
406 
407  // increment user post if needed
408  $uid = $comment->getVar('com_uid');
409  if ($uid > 0 && false != $add_userpost) {
410  $member_handler =& xoops_gethandler('member');
411  $poster =& $member_handler->getUser($uid);
412  if (is_object($poster)) {
413  $member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1);
414  }
415  }
416 
417  // RMV-NOTIFY
418  // trigger notification event if necessary
419  if ($notify_event) {
420  $not_modid = $com_modid;
421  include_once $GLOBALS['xoops']->path('include/notification_functions.php');
422  $not_catinfo =& notificationCommentCategoryInfo($not_modid);
423  $not_category = $not_catinfo['name'];
424  $not_itemid = $com_itemid;
425  $not_event = $notify_event;
426  // Build an ABSOLUTE URL to view the comment. Make sure we
427  // point to a viewable page (i.e. not the system administration
428  // module).
429  $comment_tags = array();
430  if ('system' == $xoopsModule->getVar('dirname')) {
431  $module_handler =& xoops_gethandler('module');
432  $not_module =& $module_handler->get($not_modid);
433  } else {
434  $not_module =& $xoopsModule;
435  }
436  if (!isset($comment_url)) {
437  $com_config =& $not_module->getInfo('comments');
438  $comment_url = $com_config['pageName'] . '?';
439  if (isset($com_config['extraParams']) && is_array($com_config['extraParams'])) {
440  $extra_params = '';
441  foreach($com_config['extraParams'] as $extra_param) {
442  $extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&amp;' : $extra_param . '=&amp;';
443  }
444  $comment_url .= $extra_params;
445  }
446  $comment_url .= $com_config['itemName'];
447  }
448  $comment_tags['X_COMMENT_URL'] = XOOPS_URL . '/modules/' . $not_module->getVar('dirname') . '/' . $comment_url . '=' . $com_itemid . '&amp;com_id=' . $newcid . '&amp;com_rootid=' . $com_rootid . '&amp;com_mode=' . $com_mode . '&amp;com_order=' . $com_order . '#comment' . $newcid;
449  $notification_handler =& xoops_gethandler('notification');
450  $notification_handler->triggerEvent($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid);
451  }
452  if (!isset($comment_post_results)) {
453  // if the comment is active, redirect to posted comment
454  if ($comment->getVar('com_status') == XOOPS_COMMENT_ACTIVE) {
455  redirect_header($redirect_page . '=' . $com_itemid . '&amp;com_id=' . $newcid . '&amp;com_rootid=' . $com_rootid . '&amp;com_mode=' . $com_mode . '&amp;com_order=' . $com_order . '#comment' . $newcid, 1, _CM_THANKSPOST);
456  } else {
457  // not active, so redirect to top comment page
458  redirect_header($redirect_page . '=' . $com_itemid . '&amp;com_mode=' . $com_mode . '&amp;com_order=' . $com_order . '#comment' . $newcid, 1, _CM_THANKSPOST);
459  }
460  }
461  } else {
462  if (!isset($purge_comment_post_results)) {
463  include_once $GLOBALS['xoops']->path('header.php');
464  xoops_error($comment->getHtmlErrors());
465  include_once $GLOBALS['xoops']->path('footer');
466  } else {
467  $comment_post_results = $comment->getErrors();
468  }
469  }
470  break;
471  default:
472  redirect_header(XOOPS_URL . '/', 1, implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
473  break;
474 }
475 ?>