diff -r 880c4b7eb658 -r 9d5c04c1414f includes/comment.php
--- a/includes/comment.php	Sat Jan 17 15:16:36 2009 -0500
+++ b/includes/comment.php	Sun Jan 25 21:18:05 2009 -0500
@@ -123,7 +123,7 @@
             $count_total++;
             ( $row['approved'] == 1 ) ? $count_appr++ : $count_unappr++;
             
-            if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] == 0 )
+            if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] != COMMENT_APPROVED )
               continue;
             
             // Localize the rank
@@ -142,7 +142,7 @@
                 <div id="posthide_'.$seed.'" style="display: none;">
                   ' . $row['comment_data'] . '
                 </div>
-                <p><span style="opacity: 0.4; filter: alpha(opacity=40);">Post from foe hidden.</span> <span style="text-align: right;"><a href="#showpost" onclick="document.getElementById(\'posthide_'.$seed.'\').style.display=\'block\'; this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">Display post</a></span></p>
+                <p><span style="opacity: 0.4; filter: alpha(opacity=40);">' . $lang->get('comment_msg_foe_comment_hidden') . '</span> <span style="text-align: right;"><a href="#showpost" onclick="document.getElementById(\'posthide_'.$seed.'\').style.display=\'block\'; this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">' . $lang->get('comment_btn_display_foe_comment') . '</a></span></p>
               ';
               $row['comment_data'] = $wrapper;
             }
@@ -193,7 +193,7 @@
         break;
       case 'edit':
         $cid = (string)$data['id'];
-        if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 )
+        if ( !ctype_digit($cid) || intval($cid) < 1 )
         {
           echo '{"mode":"error","error":"HACKING ATTEMPT"}';
           return false;
@@ -228,7 +228,7 @@
         break;
       case 'delete':
         $cid = (string)$data['id'];
-        if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 )
+        if ( !ctype_digit($cid) || intval($cid) < 1 )
         {
           echo '{"mode":"error","error":"HACKING ATTEMPT"}';
           return false;
@@ -266,17 +266,28 @@
         
         // Guest authorization
         if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in )
-          $errors[] = 'You need to log in before posting comments.';
+          $errors[] = $lang->get('comment_err_need_login');
         
         // CAPTCHA code
         if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in )
         {
           $real_code = $session->get_captcha($data['captcha_id']);
-          if ( strtolower($real_code) != strtolower($data['captcha_code']) )
-            $errors[] = 'The confirmation code you entered was incorrect.';
+          if ( strtolower($real_code) !== strtolower($data['captcha_code']) )
+            $errors[] = $lang->get('comment_err_captcha_wrong');
           $session->kill_captcha();
         }
         
+        // Spam check
+        $spam_policy = getConfig('comment_spam_policy', 'moderate');
+        $sc_name = ( $session->user_logged_in ) ? $session->username : $data['name'];
+        $sc_mail = ( $session->user_logged_in ) ? $session->email : false;
+        $sc_url  = ( $session->user_logged_in ) ? $session->user_extra['user_homepage'] : false;
+        $spamcheck = $spam_policy === 'accept' ? true : spamalyze($data['text'], $sc_name, $sc_mail, $sc_url);
+        if ( !$spamcheck && $spam_policy === 'reject' )
+        {
+          $errors[] = $lang->get('comment_err_spamcheck_failed_rejected');
+        }
+        
         if ( count($errors) > 0 )
         {
           $ret = Array(
@@ -295,7 +306,9 @@
           $src = $text;
           $sql_text = $db->escape($text);
           $text = RenderMan::render($text);
-          $appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1';
+          $appr = ( getConfig('approve_comments') == '1' ) ? COMMENT_UNAPPROVED : COMMENT_APPROVED;
+          if ( $appr === COMMENT_APPROVED && $spam_policy === 'moderate' && !$spamcheck )
+            $appr = COMMENT_SPAM;
           $time = time();
           $date = enano_date('F d, Y h:i a', $time);
           $ip = $_SERVER['REMOTE_ADDR'];
@@ -358,7 +371,7 @@
         }
         
         $cid = (string)$data['id'];
-        if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 )
+        if ( !ctype_digit($cid) || intval($cid) < 1 )
         {
           echo '{"mode":"error","error":"HACKING ATTEMPT"}';
           return false;