$v) { if (is_array($v)) { $array[$k] = add_magic_quotes($v); } else { $array[$k] = addslashes($v); } } return $array; } if (!get_magic_quotes_gpc()) { $HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS); $HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS); $HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS); } $author = trim($HTTP_POST_VARS["author"]); $email = trim($HTTP_POST_VARS["email"]); $url = trim($HTTP_POST_VARS["url"]); $comment = trim($HTTP_POST_VARS["comment"]); $original_comment = $comment; $comment_autobr = $HTTP_POST_VARS["comment_autobr"]; $comment_post_ID = $HTTP_POST_VARS["comment_post_ID"]; if ($require_name_email && ($email == "" || $email == "@" || $author == "" || $author == "name")) { //original fix by Dodo, and then Drinyth echo "Error: please fill the required fields (name, email)"; exit; } if ($comment == "comment" || $comment == "") { echo "Error: please type a comment"; exit; } $user_ip = $HTTP_SERVER_VARS['REMOTE_ADDR']; $user_domain = gethostbyaddr($user_ip); $time_difference = get_settings("time_difference"); $now = date("Y-m-d H:i:s",(time() + ($time_difference * 3600))); $author = strip_tags($author); $email = strip_tags($email); if (strlen($email) < 6) { $email = ''; } $url = trim(strip_tags($url)); $url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url; if (strlen($url) < 7) { $url = ''; } $comment = strip_tags($comment, $comment_allowed_tags); $comment = balanceTags($comment, 1); $comment = convert_chars($comment); $comment = format_to_post($comment); $comment_author = $author; $comment_author_email = $email; $comment_author_url = $url; $author = addslashes($author); $email = addslashes($email); $url = addslashes($url); /* flood-protection */ $query = "SELECT * FROM $tablecomments WHERE comment_author_IP='$user_ip' ORDER BY comment_date DESC LIMIT 1"; $result = mysql_query($query); $ok=1; if (!empty($result)) { while($row = mysql_fetch_object($result)) { $then=$row->comment_date; } $time_lastcomment=mysql2date("U","$then"); $time_newcomment=mysql2date("U","$now"); if (($time_newcomment - $time_lastcomment) < 30) $ok=0; } /* end flood-protection */ if ($ok) { $query = "INSERT INTO $tablecomments VALUES ('0','$comment_post_ID','$author','$email','$url','$user_ip','$now','$comment','0')"; $result = mysql_query($query); if (!$result) die ("There is an error with the database, it can’t store your comment...
Contact the webmaster."); if ($comments_notify) { $notify_message = "New comment on your post #$comment_post_ID ".stripslashes($postdata['Title'])."\r\n\r\n"; $notify_message .= "Author : $comment_author (IP: $user_ip , $user_domain)\r\n"; $notify_message .= "E-mail : $comment_author_email\r\n"; $notify_message .= "URL : $comment_author_url\r\n"; $notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$user_ip\r\n"; $notify_message .= "Comment: \n".stripslashes($original_comment)."\r\n\r\n"; $notify_message .= "You can see all comments on this post here: \r\n"; $notify_message .= comments_link('', false); $postdata = get_postdata($comment_post_ID); $authordata = get_userdata($postdata['Author_ID']); $recipient = $authordata['user_email']; $subject = "[$blogname] Comment: \"".stripslashes($postdata['Title']).'"'; @mail($recipient, $subject, $notify_message, "From: \"$comment_author\" <$comment_author_email>\r\n"."X-Mailer: wordpress $b2_version with PHP/".phpversion()); } if ($email == '') { $email = ' '; // this to make sure a cookie is set for 'no email' } if ($url == '') { $url = ' '; // this to make sure a cookie is set for 'no url' } setcookie("comment_author", $author, time()+30000000); setcookie("comment_author_email", $email, time()+30000000); setcookie("comment_author_url", $url, time()+30000000); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); $location = (!empty($HTTP_POST_VARS['redirect_to'])) ? $HTTP_POST_VARS['redirect_to'] : $HTTP_SERVER_VARS["HTTP_REFERER"]; header("Location: $location"); } else { die('Sorry, you can only post a new comment once every 30 seconds.'); } ?>