121 |
121 |
122 // Increment counters |
122 // Increment counters |
123 $count_total++; |
123 $count_total++; |
124 ( $row['approved'] == 1 ) ? $count_appr++ : $count_unappr++; |
124 ( $row['approved'] == 1 ) ? $count_appr++ : $count_unappr++; |
125 |
125 |
126 if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] == 0 ) |
126 if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] != COMMENT_APPROVED ) |
127 continue; |
127 continue; |
128 |
128 |
129 // Localize the rank |
129 // Localize the rank |
130 $row = array_merge($row, $session->get_user_rank(intval($row['user_id']))); |
130 $row = array_merge($row, $session->get_user_rank(intval($row['user_id']))); |
131 |
131 |
140 $seed = md5(sha1(mt_rand() . microtime())); |
140 $seed = md5(sha1(mt_rand() . microtime())); |
141 $wrapper = ' |
141 $wrapper = ' |
142 <div id="posthide_'.$seed.'" style="display: none;"> |
142 <div id="posthide_'.$seed.'" style="display: none;"> |
143 ' . $row['comment_data'] . ' |
143 ' . $row['comment_data'] . ' |
144 </div> |
144 </div> |
145 <p><span style="opacity: 0.4; filter: alpha(opacity=40);">Post from foe hidden.</span> <span style="text-align: right;"><a href="#showpost" onclick="document.getElementById(\'posthide_'.$seed.'\').style.display=\'block\'; this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">Display post</a></span></p> |
145 <p><span style="opacity: 0.4; filter: alpha(opacity=40);">' . $lang->get('comment_msg_foe_comment_hidden') . '</span> <span style="text-align: right;"><a href="#showpost" onclick="document.getElementById(\'posthide_'.$seed.'\').style.display=\'block\'; this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">' . $lang->get('comment_btn_display_foe_comment') . '</a></span></p> |
146 '; |
146 '; |
147 $row['comment_data'] = $wrapper; |
147 $row['comment_data'] = $wrapper; |
148 } |
148 } |
149 |
149 |
150 // Format date |
150 // Format date |
191 $ret['captcha'] = $session->make_captcha(); |
191 $ret['captcha'] = $session->make_captcha(); |
192 } |
192 } |
193 break; |
193 break; |
194 case 'edit': |
194 case 'edit': |
195 $cid = (string)$data['id']; |
195 $cid = (string)$data['id']; |
196 if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 ) |
196 if ( !ctype_digit($cid) || intval($cid) < 1 ) |
197 { |
197 { |
198 echo '{"mode":"error","error":"HACKING ATTEMPT"}'; |
198 echo '{"mode":"error","error":"HACKING ATTEMPT"}'; |
199 return false; |
199 return false; |
200 } |
200 } |
201 $cid = intval($cid); |
201 $cid = intval($cid); |
264 if ( !$this->perms->get_permissions('post_comments') ) |
264 if ( !$this->perms->get_permissions('post_comments') ) |
265 $errors[] = 'The site security policy prevents your user account from posting comments;'; |
265 $errors[] = 'The site security policy prevents your user account from posting comments;'; |
266 |
266 |
267 // Guest authorization |
267 // Guest authorization |
268 if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in ) |
268 if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in ) |
269 $errors[] = 'You need to log in before posting comments.'; |
269 $errors[] = $lang->get('comment_err_need_login'); |
270 |
270 |
271 // CAPTCHA code |
271 // CAPTCHA code |
272 if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in ) |
272 if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in ) |
273 { |
273 { |
274 $real_code = $session->get_captcha($data['captcha_id']); |
274 $real_code = $session->get_captcha($data['captcha_id']); |
275 if ( strtolower($real_code) != strtolower($data['captcha_code']) ) |
275 if ( strtolower($real_code) !== strtolower($data['captcha_code']) ) |
276 $errors[] = 'The confirmation code you entered was incorrect.'; |
276 $errors[] = $lang->get('comment_err_captcha_wrong'); |
277 $session->kill_captcha(); |
277 $session->kill_captcha(); |
|
278 } |
|
279 |
|
280 // Spam check |
|
281 $spam_policy = getConfig('comment_spam_policy', 'moderate'); |
|
282 $sc_name = ( $session->user_logged_in ) ? $session->username : $data['name']; |
|
283 $sc_mail = ( $session->user_logged_in ) ? $session->email : false; |
|
284 $sc_url = ( $session->user_logged_in ) ? $session->user_extra['user_homepage'] : false; |
|
285 $spamcheck = $spam_policy === 'accept' ? true : spamalyze($data['text'], $sc_name, $sc_mail, $sc_url); |
|
286 if ( !$spamcheck && $spam_policy === 'reject' ) |
|
287 { |
|
288 $errors[] = $lang->get('comment_err_spamcheck_failed_rejected'); |
278 } |
289 } |
279 |
290 |
280 if ( count($errors) > 0 ) |
291 if ( count($errors) > 0 ) |
281 { |
292 { |
282 $ret = Array( |
293 $ret = Array( |
293 $subj = htmlspecialchars($data['subj']); |
304 $subj = htmlspecialchars($data['subj']); |
294 $text = RenderMan::preprocess_text($data['text'], true, false); |
305 $text = RenderMan::preprocess_text($data['text'], true, false); |
295 $src = $text; |
306 $src = $text; |
296 $sql_text = $db->escape($text); |
307 $sql_text = $db->escape($text); |
297 $text = RenderMan::render($text); |
308 $text = RenderMan::render($text); |
298 $appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1'; |
309 $appr = ( getConfig('approve_comments') == '1' ) ? COMMENT_UNAPPROVED : COMMENT_APPROVED; |
|
310 if ( $appr === COMMENT_APPROVED && $spam_policy === 'moderate' && !$spamcheck ) |
|
311 $appr = COMMENT_SPAM; |
299 $time = time(); |
312 $time = time(); |
300 $date = enano_date('F d, Y h:i a', $time); |
313 $date = enano_date('F d, Y h:i a', $time); |
301 $ip = $_SERVER['REMOTE_ADDR']; |
314 $ip = $_SERVER['REMOTE_ADDR']; |
302 if ( !is_valid_ip($ip) ) |
315 if ( !is_valid_ip($ip) ) |
303 die('Hacking attempt'); |
316 die('Hacking attempt'); |