Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/comment.php
changeset 359 e0787bb6285b
parent 345 4ccdfeee9a11
child 387 92664d2efab8
equal deleted inserted replaced
358:b25d34fbc7ab 359:e0787bb6285b 
    95           $template->load_theme();
 
    95           $template->load_theme();
 
    96         if ( !isset($data['have_template']) )
 
    96         if ( !isset($data['have_template']) )
 
    97         {
 
    97         {
 
    98           $ret['template'] = file_get_contents(ENANO_ROOT . '/themes/' . $template->theme . '/comment.tpl');
 
    98           $ret['template'] = file_get_contents(ENANO_ROOT . '/themes/' . $template->theme . '/comment.tpl');
 
    99         }
 
    99         }
 
   100         $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type, b.buddy_id IS NOT NULL AS is_buddy, ( b.is_friend IS NOT NULL AND b.is_friend=1 ) AS is_friend FROM '.table_prefix.'comments AS c
 
   100         $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,( c.ip_address IS NOT NULL ) AS have_ip,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type, b.buddy_id IS NOT NULL AS is_buddy, ( b.is_friend IS NOT NULL AND b.is_friend=1 ) AS is_friend FROM '.table_prefix.'comments AS c
 
   101                                LEFT JOIN '.table_prefix.'users AS u
 
   101                                LEFT JOIN '.table_prefix.'users AS u
 
   102                                  ON (u.user_id=c.user_id)
 
   102                                  ON (u.user_id=c.user_id)
 
   103                                LEFT JOIN '.table_prefix.'buddies AS b
 
   103                                LEFT JOIN '.table_prefix.'buddies AS b
 
   104                                  ON ( ( b.user_id=' . $session->user_id.' AND b.buddy_user_id=c.user_id ) OR b.user_id IS NULL)
 
   104                                  ON ( ( b.user_id=' . $session->user_id.' AND b.buddy_user_id=c.user_id ) OR b.user_id IS NULL)
 
   105                                WHERE page_id=\'' . $this->page_id . '\'
 
   105                                WHERE page_id=\'' . $this->page_id . '\'
 
   106                                  AND namespace=\'' . $this->namespace . '\'
 
   106                                  AND namespace=\'' . $this->namespace . '\'
 
   107                                GROUP BY c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type,b.buddy_id,b.is_friend
 
   107                                GROUP BY c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,c.ip_address,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type,b.buddy_id,b.is_friend
 
   108                                ORDER BY c.time ASC;');
 
   108                                ORDER BY c.time ASC;');
 
   109         $count_appr = 0;
 
   109         $count_appr = 0;
 
   110         $count_total = 0;
 
   110         $count_total = 0;
 
   111         $count_unappr = 0;
 
   111         $count_unappr = 0;
 
   112         $ret['comments'] = Array();
 
   112         $ret['comments'] = Array();
 
   145             $row['time'] = enano_date('F d, Y h:i a', $row['time']);
 
   145             $row['time'] = enano_date('F d, Y h:i a', $row['time']);
 
   146             
   146             
   147             // Format signature
 
   147             // Format signature
 
   148             $row['signature'] = ( !empty($row['signature']) ) ? RenderMan::render($row['signature']) : '';
 
   148             $row['signature'] = ( !empty($row['signature']) ) ? RenderMan::render($row['signature']) : '';
 
   149             
   149             
       
   150             // Do we have the IP?
 
       
   151             $row['have_ip'] = ( $row['have_ip'] == 1 );
 
       
   152             
   150             // Add the comment to the list
 
   153             // Add the comment to the list
 
   151             $ret['comments'][] = $row;
 
   154             $ret['comments'][] = $row;
 
   152             
   155             
   153           } while ( $row = $db->fetchrow() );
 
   156           } while ( $row = $db->fetchrow() );
 
   154         }
 
   157         }
 
   283           $sql_text = $db->escape($text);
 
   286           $sql_text = $db->escape($text);
 
   284           $text = RenderMan::render($text);
 
   287           $text = RenderMan::render($text);
 
   285           $appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1';
 
   288           $appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1';
 
   286           $time = time();
 
   289           $time = time();
 
   287           $date = enano_date('F d, Y h:i a', $time);
 
   290           $date = enano_date('F d, Y h:i a', $time);
 
       
   291           $ip = $_SERVER['REMOTE_ADDR'];
 
       
   292           if ( !is_valid_ip($ip) )
 
       
   293             die('Hacking attempt');
 
   288           
   294           
   289           // Send it to the database
 
   295           // Send it to the database
 
   290           $q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id) VALUES' .
 
   296           $q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id, ip_address) VALUES' . "\n  " .
 
   291                               "('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, $session->user_id);");
 
   297                              "('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, {$session->user_id}, '$ip');");
 
   292           if(!$q)
 
   298           if(!$q)
 
   293             $db->die_json();
 
   299             $db->die_json();
 
   294           
   300           
   295           // Re-fetch
 
   301           // Re-fetch
 
   296           $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type FROM '.table_prefix.'comments AS c
 
   302           $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type FROM '.table_prefix.'comments AS c
 
   364             'id'   => $data['local_id'],
 
   370             'id'   => $data['local_id'],
 
   365             'approve_updated' => 'yes'
 
   371             'approve_updated' => 'yes'
 
   366           );
 
   372           );
 
   367         
   373         
   368         break;
 
   374         break;
 
       
   375       case 'view_ip':
 
       
   376         if ( !$session->get_permissions('mod_comments') )
 
       
   377         {
 
       
   378           return array(
 
       
   379               'mode' => 'error',
 
       
   380               'error' => 'Unauthorized'
 
       
   381             );
 
       
   382         }
 
       
   383         // fetch comment info
 
       
   384         if ( !is_int($data['id']) )
 
       
   385         {
 
       
   386           return array(
 
       
   387               'mode' => 'error',
 
       
   388               'error' => 'Unauthorized'
 
       
   389             );
 
       
   390         }
 
       
   391         $id =& $data['id'];
 
       
   392         $q = $db->sql_query('SELECT ip_address, name FROM ' . table_prefix . 'comments WHERE comment_id = ' . $id . ';');
 
       
   393         if ( !$q || $db->numrows() < 1 )
 
       
   394         {
 
       
   395           $db->die_json();
 
       
   396         }
 
       
   397         list($ip_addr, $name) = $db->fetchrow_num($q);
 
       
   398         $db->free_result();
 
       
   399         $name = $db->escape($name);
 
       
   400         $username = $db->escape($session->username);
 
       
   401         // log this action
 
       
   402         $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs(time_id, log_type, action, page_text, author, edit_summary) VALUES\n  "
 
       
   403                             . "( " . time() . ", 'security', 'view_comment_ip', '$name', '$username', '{$_SERVER['REMOTE_ADDR']}' );");
 
       
   404         if ( !$q )
 
       
   405           $db->die_json();
 
       
   406         
       
   407         // send packet
 
       
   408         $ret = array(
 
       
   409             'mode' => 'redraw',
 
       
   410             'ip_addr' => $ip_addr,
 
       
   411             'local_id' => $data['local_id']
 
       
   412           );
 
       
   413         break;
 
   369       default:
 
   414       default:
 
   370         $ret = Array(
 
   415         $ret = Array(
 
   371           'mode' => 'error', 
   416           'mode' => 'error', 
   372           'error' => $data['mode'] . ' is not a valid request mode'
 
   417           'error' => $data['mode'] . ' is not a valid request mode'
 
   373           );
 
   418           );
Enano CMS (1.1.x)