/editor/add_comment.php
PHP | 404 lines | 262 code | 64 blank | 78 comment | 73 complexity | 5f88808d45c091d49c82851b3b8c73e5 MD5 | raw file
- <?php
- /**
- * This source file is is part of Saurus CMS content management software.
- * It is licensed under MPL 1.1 (http://www.opensource.org/licenses/mozilla1.1.php).
- * Copyright (C) 2000-2010 Saurused Ltd (http://www.saurus.info/).
- * Redistribution of this file must retain the above copyright notice.
- *
- * Please note that the original authors never thought this would turn out
- * such a great piece of software when the work started using Perl in year 2000.
- * Due to organic growth, you may find parts of the software being
- * a bit (well maybe more than a bit) old fashioned and here's where you can help.
- * Good luck and keep your open source minds open!
- *
- * @package SaurusCMS
- * @copyright 2000-2010 Saurused Ltd (http://www.saurus.info/)
- * @license Mozilla Public License 1.1 (http://www.opensource.org/licenses/mozilla1.1.php)
- *
- */
-
-
- ##############################
- # Add a comment into database
- # : is FORM action value for comment forms
- # : will redirect back to the calling page
- # : is independent script, not for including, new Site is generated
- ##############################
-
- global $site, $leht;
-
- ##############################
- # function big_string_remove
- function big_string_remove( $input ) {
-
- global $site;
-
- $limit = $site->CONF['comment_max_chars'] ? $site->CONF['comment_max_chars'] : 50;
-
- $output = "";
- $sybol = array ("(","{","[","]","}",")");
- for ( $i=0; $i<=strlen($input); $i++) {
- if ($input[$i]!= " ") {
- $y++;
- } else {
- $y=0;
- }
-
- if (in_array ($input[$i], $sybol)){
- $x++;
- } else {
- $x=0;
- }
-
- $output .= $input[$i];
- if ( $y >= $limit ) {
- $y=0;
- $output .= " ";
- }
-
- if ( $x >= $limit ) {
- $x=0;
- $output .= "\n";
- }
- }
- return $output;
- }
- # / function big_string_remove
- ##############################
-
- preg_match('/\/(admin|editor)\//i', $_SERVER["REQUEST_URI"], $matches);
- $class_path = $matches[1] == "editor" ? "../classes/" : "./classes/";
- include($class_path."port.inc.php");
- include($class_path."mail.class.php"); # for f-n encodeHeader()
-
- $site = new Site(array(
- on_debug=>0,
- ));
-
- if(!isset($_SESSION['keel']))
- {
- //no session started, prolly a bot, exit
- header('Location: index.php');
- exit;
- }
-
- if($site->CONF['allow_commenting'] == 0)
- {
- header('Location: index.php');
- exit;
- }
-
-
- if($site->CONF['check_for_captcha'] == 1)
- {
- if(isset($_SESSION['scms_captcha']) && is_array($_SESSION['scms_captcha']))
- {
- $captcha = array_keys($_SESSION['scms_captcha']);
- $captcha['name'] = $captcha[0];
- $captcha['text'] = $_SESSION['scms_captcha'][$captcha['name']];
-
- if(strtolower($_POST['captcha_'.$captcha['name']]) == strtolower($captcha['text']))
- {
- $capthca_check_failed = false;
- }
- else
- {
- $capthca_check_failed = true;
- }
- }
- else
- {
- $capthca_check_failed = true;
- }
- }
-
- unset($_SESSION['scms_captcha']);
-
- if($capthca_check_failed)
- {
- // let's save data from form to cookie if there is captcha error
- $error_data = $site->fdat['nimi'].'|'.$site->fdat['email'].'|'.$site->fdat['url'].'|'.$site->fdat['text'].'|'.$site->fdat['pealkiri'];
- setcookie("addcomment_captcha_error", $error_data);
-
- // or I know: to the session!
- $_SESSION['scms_last_comment'] = $site->fdat;
-
- if ($site->fdat['redirect_url'])
- {
- header('Location: '.urldecode(preg_replace("!\r|\n.*!s", "", $_POST['redirect_url'])).'&lisa_alert=2');
- exit;
- }
- else
- {
- //protocol check ...
- header('Location: '.(empty($_SERVER['HTTPS']) ? 'http://': 'https://').$site->CONF['hostname'].$site->CONF['wwwroot'].($site->in_editor?'/editor':'').'/?'.(($site->fdat['tpl'] || $site->fdat['c_tpl'])&&!$site->fdat['inserted_id']&&!$site->fdat['jump_to_parent']?'tpl='.$site->fdat['tpl'].'&c_tpl='.$site->fdat['c_tpl'].'&':'').'id='.$site->fdat['id'].'&lisa_alert=2');
- exit;
- }
- }
-
- $tyyp_id = 14;
- $site->debug->print_hash($site->fdat,1,"FDAT");
-
- $leht = new Leht(array(
- id => $site->fdat['id'] ? $site->fdat['id'] : $site->alias("rub_home_id"),
- ));
-
- $objekt = new Objekt(array(
- objekt_id => $site->fdat['id'],
- on_sisu=>1,
- ));
-
- if(!$objekt->objekt_id)
- {
- //redirect 404 lehele
- header('Location: index.php?id='.$site->alias(array('key' => '404error')));
- exit;
- }
-
- $obj_conf = new CONFIG($objekt->all['ttyyp_params']);
-
- if ($site->fdat['output_device'] == 'pda') {
- if (strlen($site->fdat['text']) < 2 || strlen($site->fdat['nimi']) < 2) {
- myRedirect($site->fdat['redirect_url']);
- exit;
- }
- $name = trim($site->user->all['firstname'] . ' ' . $site->user->all['lastname']);
- $nimi = trim($site->fdat['nimi']);
- if ($name != $nimi)
- $site->fdat['nimi'] .= ' (nimi muudetud)';
- }
-
- $already = 0;
-
- ############ get all parent object: trail
- $trail_objs = $leht->parents->list;
-
-
- #oldfor ($y=-1;$y>-10;$y--){
- $i = 0;
- foreach ($trail_objs as $i => $myobj) {
- # skip the first array element - itself
- //if($i == 0) { continue; }
-
- if (($myobj->all[ttyyp_id]==40 || $myobj->all[ttyyp_id]>1000) && !$already){
- $already=1;
- $par_rubobj = $myobj; # get parent section object
-
- ############################
- # CONFIGURATION PARAMETERS - reading parameters values of object
-
- $leht->debug->msg("PARAMS ".$par_rubobj->all[ttyyp_params]);
- $conf = new CONFIG($par_rubobj->all[ttyyp_params]);
- $faq_mode = ($conf->get("faq_mode") ? 1:0);
- $conf->debug->print_msg();
-
- if (!$faq_mode) {
- $leht->debug->msg("set default forum view");
- } else {
- $leht->debug->msg("set forum view to FAQ-mode");
- }
- # / CONFIGURATION PARAMETERS
- ############################
-
- };
- }
- ########################
- # if article then check if commenting is allowed for this article;
- # allow unlimited commenting for all other content objects (Bug #2656)
-
- if (($objekt->all[klass] == "artikkel" && $objekt->all['on_foorum']) || $objekt->all[klass] != "artikkel") {
-
- ########################
- # if access is allowed
- # Bug #2133
- if (!($objekt->all[klass] == "kommentaar" && $faq_mode && !$site->in_editor)){
-
- # kui FAQ-mode ja pole editor, siis pane avaldatud=NO (Bug #2133)
- if ($faq_mode && !$site->in_editor){
- $publish=0;
- } else {$publish=1;}
-
- # Kui admin vastab kirjale, siis teeme parent avaldatud:
- if ($faq_mode && $site->in_editor && $objekt->all[klass] == "kommentaar" && is_numeric($site->fdat['id'])){
- $sql = $site->db->prepare(
- "UPDATE objekt SET on_avaldatud=?, last_modified=? WHERE objekt_id=?",
- 1,
- time(),
- $site->fdat['id']
- );
- $sth = new SQL ($sql);
- $site->debug->msg($sth->debug->get_msgs());
- }
-
- #####################
- # insert into objekt:
- $sql = $site->db->prepare("INSERT INTO objekt (pealkiri, tyyp_id, on_avaldatud, keel, kesk, pealkiri_strip, sisu_strip, aeg, check_in, last_modified, created_user_id, created_user_name, created_time) values (?, ?, ?, ?, ?, ?, ?, ".$site->db->unix2db_datetime(time()).", ?, ?, ?, ?, ?)",
- big_string_remove(strip_tags($site->fdat['pealkiri'])),
- $tyyp_id,
- $publish,
- $site->keel,
- 0,
- big_string_remove(strip_tags($site->fdat['pealkiri'])),
- big_string_remove(strip_tags($site->fdat['text'])),
- time(),
- 0,
- $site->user->id,
- $site->user->name,
- date("Y-m-d H:i:s")
- );
- $sth = new SQL ($sql);
- $site->debug->msg($sth->debug->get_msgs());
-
- $id = $sth->insert_id;
-
- #####################
- # insert into objekt_objekt:
- $sql = "SELECT MAX(sorteering) FROM objekt_objekt";
- $sth = new SQL ($sql);
- $site->debug->msg($sth->debug->get_msgs());
- $sorteering=$sth->fetchsingle();
-
- $sql = $site->db->prepare("INSERT INTO objekt_objekt (objekt_id, parent_id, sorteering) VALUES (?,?,?)",
- $id,
- $site->fdat['id'],
- $sorteering+1
- );
- $sth = new SQL($sql);
- $site->debug->msg($sth->debug->get_msgs());
-
- $name = big_string_remove(strip_tags($site->fdat['nimi']));
- $email = strip_tags($site->fdat['email']);
- $blog_url = strip_tags($site->fdat['url']);
-
- #####################
- # insert into obj_kommentaar:
- $sql = $site->db->prepare("INSERT INTO obj_kommentaar (objekt_id, nimi, email, on_saada_email, on_peida_email, ip, text, kasutaja_id, url) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",
- $id,
- $name,
- $email,
- $site->fdat['on_saada_email'] ? 1 : 0,
- $site->fdat['on_peida_email'] ? 1 : 0,
- $_SERVER["REMOTE_ADDR"],
- big_string_remove(strip_tags($site->fdat['text'])),
- $site->user->user_id,
- $blog_url
- );
- $sth = new SQL($sql);
- $site->debug->msg($sth->debug->get_msgs());
- $comment_inserted = $sth->rows;
-
- #####################
- # UPDATE LAST_COMMENTED_TIME, COMMENT_COUNT
-
- # get comment count for object:
- $alamlist_count = new Alamlist(array(
- parent => $site->fdat['id'],
- klass => "kommentaar",
- asukoht => 0,
- on_counter => 1
- ));
- $comment_count = $alamlist_count->rows;
-
- $sql = $site->db->prepare("UPDATE objekt SET last_commented_time=".$site->db->unix2db_datetime(time()).", comment_count=? WHERE objekt_id=?",
- $comment_count,
- $site->fdat['id']
- );
- $sth = new SQL($sql);
- $site->debug->msg($sth->debug->get_msgs());
-
-
- #################
- # kui kommentaar edukalt tabelisse lisatud
- if ($comment_inserted){
- ####### find TO e-mail saved in topic's editor or in template configuration
- if(is_object($obj_conf) && $obj_conf->get('email')){
- $conf_email = $obj_conf->get('email');
- } elseif(is_object($conf)){
- $conf_email = $conf->get("email");
- }
-
- #####################
- # kui e-maili vaja saata ja e-maili formaat OK
- if (($objekt->all[on_saada_email]==1 && preg_match("/^[\w\d\-\&\.]+\@[\w\d\-\&\.]+$/",$objekt->all[email])) || ($conf_email != '' && preg_match("/^[\w\d\-\&\.]+\@[\w\d\-\&\.]+$/",$conf_email))
- ){
-
- if (preg_match("/^[\w\d\-\&\.]+\@[\w\d\-\&\.]+$/",$site->fdat[email])){
- $from = $site->fdat['email'];
- } else {
- $from = $site->CONF['from_email'];
- };
-
- $url = "/?".($site->fdat[tpl]?"tpl=".$site->fdat[tpl]."&":"").($site->fdat[c_tpl]?"c_tpl=".$site->fdat[c_tpl]."&":"")."id=".($site->fdat['inserted_id'] ? $id : $site->fdat[id]);
-
- $messagebody = ($site->fdat['message_text'] ? str_replace("\\n", "\n", strip_tags($site->fdat['message_text'])) : strip_tags($site->fdat['text']))."\n\n\nURL: ".(empty($_SERVER['HTTPS']) ? 'http://': 'https://').$site->CONF[hostname].$site->CONF[wwwroot].($site->fdat['mail_to_admin'] || ($faq_mode && $publish == 0) ? "/editor" : "")."/?".($site->fdat[tpl]?"tpl=".$site->fdat[tpl]."&":"").($site->fdat[c_tpl]?"c_tpl=".$site->fdat[c_tpl]."&":"")."id=".($id ? $id : $site->fdat[id]);
- mail(
- email::encodeHeader(($objekt->all[email] ? $objekt->all[email] : $conf_email), $site->encoding),
- email::encodeHeader(strip_tags($site->fdat['pealkiri']), $site->encoding),
- $messagebody,
- "From: ". email::encodeHeader($from, $site->encoding) .(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? "\r\n" : "\n").
- "MIME-Version: 1.0" .(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? "\r\n" : "\n").
- "Content-Type: text/plain; charset=\"".$site->encoding."\"" .(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? "\r\n" : "\n"). # Bug #2121
- "Content-Transfer-Encoding: 8bit".(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? "\r\n" : "\n")
- );
-
- if ($site->on_debug){
- echo "<hr>Saadan meil siia:".($objekt->all[email] ? $objekt->all[email] : $conf_email).", from: ".$from;
- };
-
- };
- # / kui e-maili vaja saata ja e-maili formaat OK
- #####################
-
- # ------------------------
- # Kustutame chache-ist
- # ------------------------
- clear_cache("ALL");
- }
- # / kui kommentaar edukalt tabelisse lisatud
- #################
-
- #########################
- # debug info
- $site->debug->print_msg();
-
- #########################
- # redirect
-
- if (!$site->on_debug){
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); //To fool old browsers
- header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
- header("Cache-Control: no-store, no-cache, must-revalidate");
- header("Cache-Control: post-check=0, pre-check=0", false);
- header("Pragma: no-cache");
- # show javascript message "Forum alert: Your question has been sent"
- if ($faq_mode && !$site->in_editor){$tmp_lisa_alert="&lisa_alert=1";} # Bug #2133
-
- if ($site->fdat['redirect_url']){
- header("Location: ".urldecode($site->fdat['redirect_url']));
- } else { # Bug #1953
- header("Location: ".(empty($_SERVER['HTTPS']) ? 'http://': 'https://').$site->CONF[hostname].$site->CONF[wwwroot].($site->in_editor?"/editor":"")."/?".(($site->fdat[tpl] || $site->fdat[c_tpl])&&!$site->fdat['inserted_id']&&!$site->fdat['jump_to_parent']?"tpl=".$site->fdat[tpl]."&c_tpl=".$site->fdat[c_tpl]."&":"")."id=".($site->fdat['jump_to_parent'] ? $objekt->parent_id : $objekt->objekt_id).$tmp_lisa_alert);
- }
- } # not debug
- }
- else {
- echo "<font size=2>Access denied.</font>";
- }
- # / if access is allowed
- ########################
- }
- else {
- $site->debug->msg("Object adding denied - not correct class:".$objekt->all[klass]);
- $site->debug->print_msg();
- }
-
- # / double check object class: is it correct?
- ########################
-
- function myRedirect($url) {
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); //To fool old browsers
- header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
- header("Cache-Control: no-store, no-cache, must-revalidate");
- header("Cache-Control: post-check=0, pre-check=0", false);
- header("Pragma: no-cache");
- header("Location: " . urldecode($url));
- }