2003-04-01 16:12:34 +02:00
|
|
|
<?php
|
2003-12-11 01:22:36 +01:00
|
|
|
require(dirname(__FILE__) . '/wp-config.php');
|
2003-04-01 16:12:34 +02:00
|
|
|
|
|
|
|
function add_magic_quotes($array) {
|
|
|
|
foreach ($array as $k => $v) {
|
|
|
|
if (is_array($v)) {
|
|
|
|
$array[$k] = add_magic_quotes($v);
|
|
|
|
} else {
|
|
|
|
$array[$k] = addslashes($v);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $array;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!get_magic_quotes_gpc()) {
|
2004-04-21 00:56:47 +02:00
|
|
|
$_GET = add_magic_quotes($_GET);
|
|
|
|
$_POST = add_magic_quotes($_POST);
|
|
|
|
$_COOKIE = add_magic_quotes($_COOKIE);
|
2003-04-01 16:12:34 +02:00
|
|
|
}
|
|
|
|
|
2004-04-21 00:56:47 +02:00
|
|
|
$author = trim(strip_tags($_POST['author']));
|
2003-10-04 00:31:47 +02:00
|
|
|
|
2004-04-21 00:56:47 +02:00
|
|
|
$email = trim(strip_tags($_POST['email']));
|
2003-10-04 00:31:47 +02:00
|
|
|
if (strlen($email) < 6)
|
|
|
|
$email = '';
|
|
|
|
|
2004-04-21 00:56:47 +02:00
|
|
|
$url = trim(strip_tags($_POST['url']));
|
2003-10-04 00:31:47 +02:00
|
|
|
$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
|
|
|
|
if (strlen($url) < 7)
|
|
|
|
$url = '';
|
|
|
|
|
2004-04-21 00:56:47 +02:00
|
|
|
$comment = trim($_POST['comment']);
|
2003-04-01 16:12:34 +02:00
|
|
|
$original_comment = $comment;
|
2004-04-21 00:56:47 +02:00
|
|
|
$comment_post_ID = intval($_POST['comment_post_ID']);
|
|
|
|
$user_ip = $_SERVER['REMOTE_ADDR'];
|
2003-10-04 00:31:47 +02:00
|
|
|
$user_domain = gethostbyaddr($user_ip);
|
2003-04-01 16:12:34 +02:00
|
|
|
|
2003-06-04 20:17:48 +02:00
|
|
|
$commentstatus = $wpdb->get_var("SELECT comment_status FROM $tableposts WHERE ID = $comment_post_ID");
|
|
|
|
if ('closed' == $commentstatus)
|
|
|
|
die('Sorry, comments are closed for this item.');
|
|
|
|
|
2004-03-01 07:13:32 +01:00
|
|
|
if (get_settings('require_name_email') && ($email == '' || $author == '')) { //original fix by Dodo, and then Drinyth
|
2003-11-15 09:58:18 +01:00
|
|
|
die('Error: please fill the required fields (name, email).');
|
2003-04-01 16:12:34 +02:00
|
|
|
}
|
2003-06-08 17:45:37 +02:00
|
|
|
if ($comment == 'comment' || $comment == '') {
|
2003-11-15 09:58:18 +01:00
|
|
|
die('Error: please type a comment.');
|
2003-04-01 16:12:34 +02:00
|
|
|
}
|
|
|
|
|
2004-03-25 02:56:02 +01:00
|
|
|
$now = current_time('mysql');
|
|
|
|
$now_gmt = current_time('mysql', 1);
|
2004-02-23 04:42:40 +01:00
|
|
|
|
2003-04-01 16:12:34 +02:00
|
|
|
|
|
|
|
$comment = balanceTags($comment, 1);
|
|
|
|
$comment = format_to_post($comment);
|
|
|
|
|
|
|
|
$comment_author = $author;
|
|
|
|
$comment_author_email = $email;
|
|
|
|
$comment_author_url = $url;
|
|
|
|
|
|
|
|
$author = addslashes($author);
|
|
|
|
$email = addslashes($email);
|
|
|
|
$url = addslashes($url);
|
|
|
|
|
2003-11-15 09:58:18 +01:00
|
|
|
/* Flood-protection */
|
2003-05-29 16:04:30 +02:00
|
|
|
$lasttime = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
|
2003-10-04 00:31:47 +02:00
|
|
|
$ok = true;
|
2003-05-29 16:04:30 +02:00
|
|
|
if (!empty($lasttime)) {
|
|
|
|
$time_lastcomment= mysql2date('U', $lasttime);
|
|
|
|
$time_newcomment= mysql2date('U', "$now");
|
2003-08-07 22:30:30 +02:00
|
|
|
if (($time_newcomment - $time_lastcomment) < 10)
|
2003-10-04 00:31:47 +02:00
|
|
|
$ok = false;
|
2003-04-01 16:12:34 +02:00
|
|
|
}
|
2003-11-15 09:58:18 +01:00
|
|
|
/* End flood-protection */
|
2003-04-01 16:12:34 +02:00
|
|
|
|
2003-06-04 20:17:48 +02:00
|
|
|
|
|
|
|
|
2003-09-01 03:26:20 +02:00
|
|
|
if ($ok) { // if there was no comment from this IP in the last 10 seconds
|
2003-11-15 09:58:18 +01:00
|
|
|
$moderation_notify = get_settings('moderation_notify');
|
2003-12-09 00:58:00 +01:00
|
|
|
$comments_notify = get_settings('comments_notify');
|
|
|
|
|
2004-03-21 09:31:33 +01:00
|
|
|
if(check_comment($author, $email, $url, $comment, $user_ip)) {
|
2003-11-12 16:22:47 +01:00
|
|
|
$approved = 1;
|
2004-03-21 09:31:33 +01:00
|
|
|
} else {
|
|
|
|
$approved = 0;
|
2003-11-12 16:22:47 +01:00
|
|
|
}
|
2004-03-21 09:31:33 +01:00
|
|
|
|
2003-11-23 23:13:33 +01:00
|
|
|
$wpdb->query("INSERT INTO $tablecomments
|
2004-03-25 02:56:02 +01:00
|
|
|
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved)
|
2003-11-23 23:13:33 +01:00
|
|
|
VALUES
|
2004-03-26 12:26:57 +01:00
|
|
|
('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved')
|
2003-11-23 23:13:33 +01:00
|
|
|
");
|
2003-04-01 16:12:34 +02:00
|
|
|
|
2003-11-15 09:58:18 +01:00
|
|
|
$comment_ID = $wpdb->get_var('SELECT last_insert_id()');
|
2003-04-01 16:12:34 +02:00
|
|
|
|
2003-11-12 16:22:47 +01:00
|
|
|
if (($moderation_notify) && (!$approved)) {
|
|
|
|
wp_notify_moderator($comment_ID);
|
|
|
|
}
|
|
|
|
|
2004-03-01 07:13:32 +01:00
|
|
|
if ((get_settings('comments_notify')) && ($approved)) {
|
2003-11-23 23:13:33 +01:00
|
|
|
wp_notify_postauthor($comment_ID, 'comment');
|
2003-04-01 16:12:34 +02:00
|
|
|
}
|
|
|
|
|
2004-03-25 21:18:20 +01:00
|
|
|
do_action('comment_post', $comment_ID);
|
|
|
|
|
2003-09-01 03:26:20 +02:00
|
|
|
if ($email == '')
|
2003-04-07 08:55:21 +02:00
|
|
|
$email = ' '; // this to make sure a cookie is set for 'no email'
|
2003-09-01 03:26:20 +02:00
|
|
|
|
|
|
|
if ($url == '')
|
2003-04-07 08:55:21 +02:00
|
|
|
$url = ' '; // this to make sure a cookie is set for 'no url'
|
2003-09-01 03:26:20 +02:00
|
|
|
|
2003-10-20 22:53:13 +02:00
|
|
|
setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
|
|
|
|
setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
|
|
|
|
setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
|
2003-04-07 08:55:21 +02:00
|
|
|
|
2003-11-15 09:58:18 +01:00
|
|
|
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
|
|
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
2003-04-07 08:55:21 +02:00
|
|
|
header('Cache-Control: no-cache, must-revalidate');
|
|
|
|
header('Pragma: no-cache');
|
2004-04-21 00:56:47 +02:00
|
|
|
$location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
|
2003-06-16 00:44:54 +02:00
|
|
|
if ($is_IIS) {
|
|
|
|
header("Refresh: 0;url=$location");
|
|
|
|
} else {
|
|
|
|
header("Location: $location");
|
|
|
|
}
|
2003-04-01 16:12:34 +02:00
|
|
|
} else {
|
2003-09-01 03:26:20 +02:00
|
|
|
die('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.');
|
2003-04-01 16:12:34 +02:00
|
|
|
}
|
|
|
|
|
2003-11-15 09:58:18 +01:00
|
|
|
?>
|