<?
/****************************************************************************
* Software distributed under the License is distributed on an "AS IS" *
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the *
* License for a specific language governing rights and limitations under *
* the License. *
* *
* The Original Code is - InTerra Blog Machine *
* *
* The Initial Developer of the Original Code is *
* *
* Kulikov Alexey <alex [at] essentialmind [dot] com> *
* *
* All Rights Reserved // www.inses.ru *
*****************************************************************************/
//disable cache
$smarty->caching = false;
//useful stuff =))
function adds(&$el,$level=0) {
if (is_array($el)) {
if (get_magic_quotes_gpc()) return;
foreach($el as $k=>$v) adds($el[$k],$level+1);
} else {
if (!get_magic_quotes_gpc()) $el = addslashes($el);
if (!$level) return $el;
}
}
function getSortOrder($commentID,$order=0){
global $db;
//echo "SELECT commentid, sortorder FROM int_comment WHERE parent = '".$commentID."' ORDER BY sortorder DESC LIMIT 1<br />";
//exit;
//first get the last in the list (if any)
if($data = $db->getRow("SELECT commentid, sortorder FROM int_comment WHERE parent = '".$commentID."' ORDER BY sortorder DESC LIMIT 1")){
if($data['sortorder'] > $order){
$myOrder = getSortOrder($data['commentid'],$data['sortorder']);
}else{
$myOrder = $order;
}
}else{
$myOrder = (int)$db->getOne("SELECT sortorder FROM int_comment WHERE commentid = '".$commentID."'");
}
return $myOrder;
}
//first check if the comment may be added
if(ANTISPAM and strtolower($_SESSION['challenge']) != strtolower($_POST['antispam']) and !$_SESSION['admin']){
$noComment = true;
setcookie("tPost",$_POST['comment'],time()+120,"/");
$_SESSION['error'] = true;
}else{
$noCommanet = false;
setcookie("tPost",null,time(),"/");
unset($_SESSION['error']);
}
if($_POST and !$noComment){
$entryID = (int)$_GET['id'];
//check if this post allows comments
$entry = $db->getRow("SELECT content, comments, intime FROM int_entry WHERE entryid = '".$entryID."'");
if($entry['comments'] =='1' and $entry['intime'] > NOW - 60*60*24*COMMENT_DAYS){
//mark the id of the comment being replied to
$replyTo = $_POST['replyto'];
$unprocessedComment = $_POST['comment'];
if($_SESSION['admin'] and $_POST['replyto']){ //this is an admin reply
//get some libraries
require("lib/nwacko/classes/macroProcessor.class.php");
$parser = &new macroProcessor();
//this is an admin reply =) be cool =)
$adminReply = true;
$mail = BLOGMASTER;
$sender = BLOGMASTER;
$comment = $parser->process($_POST['comment']);
}else{ //this is a mortal comment
//include safeHTML parser
require('lib/safehtml/classes/HTMLSax.php');
require('lib/safehtml/classes/safehtml.php');
//prepare contents
$comment = strip_tags($_POST['comment'],"<a>,<i>,<b>");
$sender = htmlspecialchars(trim($_POST['sender']));
$mail = htmlspecialchars(trim($_POST['mail']));
//autolink
$comment = preg_replace('#[^\"=]http://([^\s]*)#', ' [ <b><a href="http://\\1">'.$langData['link'].'</a></b> ]', $comment);
$comment = preg_replace('#^http://([^\s]*)#', ' [ <b><a href="http://\\1">'.$langData['link'].'</a></b> ]', $comment);
###################################
//parse contents through safehtml
$comment = stripslashes($comment);
// Save all "<" symbols
$comment = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", "<", $comment);
// Opera6 bug workaround
$comment = str_replace("\xC0\xBC", "<", $comment);
// Instantiate the handler parser
$handler=& new safehtml();
$parser=& new XML_HTMLSax();
// Register the handler with the parser
$parser->set_object($handler);
// Set the handlers
$parser->set_element_handler('openHandler','closeHandler');
$parser->set_data_handler('dataHandler');
$parser->set_escape_handler('escapeHandler');
$parser->parse($comment);
$comment = $handler->getXHTML();
###################################
//set cookies =)
setcookie("sender",$sender,time()+24*60*60*365,"/");
setcookie("senderMail",$mail,time()+24*60*60*365,"/");
//errors =)
if(empty($sender)){
$sender = "anonymous @ " . $_SERVER['REMOTE_ADDR'];
}
//fix some inputs
$comment = ereg_replace("[\r\n|\r]","\n",trim($comment));
$comment = ereg_replace("[\r\n|\n|\r]{3,}","\n\n",$comment);
$comment = "<p>".nl2br($comment)."</p>";
$adminReply = false;
}
//there needs to be some kind of comment, right?
if(!empty($_POST['comment'])){
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$",$mail)){
$notify = 1;
}else{
$notify = 0;
}
//we are cool, process database query
$db->query("LOCK TABLE int_comment WRITE"); //start "transaction"
//level mon
$level = (int)$db->getOne("SELECT level + 1 FROM int_comment WHERE commentid = '".$replyTo."'");
$commentID = (int)$db->getOne("SELECT max(commentid) FROM int_comment") + 1;
$parent = $replyTo;
## yukk (quick hack) ##
#
//can we have a comment tree?
if(!COMMENT_TREE and !$_SESSION['admin']){
$replyTo = null;
}
//figure out sort_order
if(!empty($replyTo)){
$sortOrder = getSortOrder($replyTo) + 1;
}else{
$sortOrder = (int)$db->getOne("SELECT max(sortorder) FROM int_comment WHERE entryid = '".$entryID."'") + 1;
}
#
## /end yukk ##
//shift the whole list
$res = $db->query("UPDATE int_comment SET sortorder = sortorder + 1 WHERE entryid = '".$entryID."' AND sortorder >= '$sortOrder'");
//admin replies are a bit different
if($adminReply){
$notify = 0;
//admin replies have special addslashes rules
$comment = adds($comment);
$admin = '1';
}else{
//mortal comments have all slashes escaped by default
if (get_magic_quotes_gpc()) $comment = addslashes($comment);
$admin = '0';
}
//comment intime
$intime = NOW + (int)OFFSET;
$res = $db->query("INSERT INTO int_comment SET
commentid = '$commentID',
content = '".$comment."',
senderName = '".adds($sender)."',
senderMail = '".adds($mail)."',
entryid = '$entryID',
intime = '".$intime."',
notify = '$notify',
sortorder = '$sortOrder',
level = '$level',
admin = '".$admin."',
ip = '".ip2long($_SERVER['REMOTE_ADDR'])."',
parent = '".$parent."'");
$db->query("UNLOCK TABLES"); //end "transaction"
//important, keeps counter intact
if(!DB::isError($res)){
$db->query("UPDATE int_entry SET commentcount = commentcount + 1 WHERE entryid = '".$entryID."'");
}
### e-mail shit happens below ###
#
//disable smarty cache
$smarty->caching = false;
$smarty->autoload_filters = array('output' => array());
//check
$comment = str_replace(' ',' ',$comment);
$unprocessedComment = str_replace(' ',' ',$unprocessedComment);
//is this a ROOT post (no replyto)
if(empty($replyTo)){ //yes
//notify admin only
//quick hack to get rid of sorting IDs
$sortOrder = $db->getOne("SELECT commentid FROM int_comment WHERE entryid = '$entryID' AND sortorder = '".(int)($sortOrder-1)."'");
//unlink comment short tag (1.30)
$comment = preg_replace('/\[ <b><a href=\\\"(.*)\\\">(.*)<\/a><\/b> \]/', '\\1', $comment);
//get some data to smarty
$smarty->assign(array(
"sender" => $sender,
"senderMail" => $mail,
"comment" => strip_tags(stripslashes($comment)),
"entry" => $entry['content'],
"entryID" => $entryID,
"commentID" => $commentID,
"commentSO" => $sortOrder,
"url" => REDURL . "#" . $sortOrder
));
## Notify Admin ##
$message = $smarty->preFetch("commentAdmin.txt");
//check of allowed to send e-mail and send it of so =)
if(ENABLE_BMMAIL){
@mail(BLOGMASTER,$langData['comNew'],$message,"FROM: ".MAILBOT."\nContent-type: text/plain; charset=".CHARSET);
}
}else{
//quick hack to get rid of sorting IDs
$sortOrder = $replyTo;
//notify whoever wants to be notified
$mailData = $db->getRow("SELECT senderName, senderMail, notify, content FROM int_comment WHERE commentid = '".$replyTo."'");
if($mailData['notify'] == '1'){
$smarty->assign(array(
"sender" => " ".$mailData['senderName'],
"senderMail" => $mailData['senderMail'],
"comment" => strip_tags(stripslashes($unprocessedComment)),
"entry" => strip_tags($mailData['content']),
"entryID" => $entryID,
"commentID" => $replyTo,
"commentSO" => $sortOrder,
"url" => REDURL . "#" . $sortOrder
));
$message = $smarty->preFetch("commentUser.txt");
//check of allowed to send e-mail and send it of so =)
if(ENABLE_UMAIL){
@mail($mailData['senderMail'],$langData['comReply'],$message,"FROM: ".MAILBOT."\nContent-type: text/plain; charset=".CHARSET);
}
}
//get a copy to admin as well???
if(!$adminReply){
$smarty->assign(array(
"admintext" => true,
"sender" => "",
"senderMail" => $sender . " ".$mail,
"comment" => strip_tags(stripslashes($unprocessedComment)),
"entry" => strip_tags($mailData['content']),
"entryID" => $entryID,
"commentID" => $replyTo,
"commentSO" => $sortOrder,
"url" => REDURL . "#" . $sortOrder
));
$message = $smarty->preFetch("commentUser.txt");
//check of allowed to send e-mail and send it of so =)
if(ENABLE_BMMAIL){
@mail(BLOGMASTER,$langData['comNew'],$message,"FROM: ".MAILBOT."\nContent-type: text/plain; charset=".CHARSET);
}
}
}
#
### /end e-mail shit
//kill cache if any
if(SMARTY_ALLOW_CACHE){
$smarty->clear_cache(null,"entry|$entryID");
$smarty->clear_cache(null,"______rootpage");
$smarty->clear_cache(null,YEAR."|".MONTH."|".DAY);
}
}
}
}
//this is a patch for opera and older versions of IE as they don't recognize internal redirects from other pages as page refresh commands
if(stristr($_SERVER['HTTP_USER_AGENT'],"opera") or stristr($_SERVER['HTTP_USER_AGENT'],"MSIE 5.")){
header("Location: ".REDURL);
}else{
header("Location: ".REDURL."#".$sortOrder);
}
exit;
?>