0) { $error_message.=$COM_LANG['not_allowed'] . "
"; } if ($_REQUEST['disc_name'] == '') { $error_message.=$_REQUEST['r_disc_name'] . "
"; } if ($_REQUEST['disc_body'] == '') { $error_message.=$_REQUEST['r_disc_body'] . "
"; } if ($_REQUEST['disc_email'] != '') { if (!is_email($_REQUEST['disc_email'])) { $error_message.="Invalid email address" . "
"; } } return $error_message; } function flood_protection($INPUT) { global $comments_db_link, $COM_CONF, $COM_LANG; $result = mysql_query("select time from {$COM_CONF['dbmaintable']} where ip='{$_SERVER['REMOTE_ADDR']}' AND (UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP( time )) < {$COM_CONF['anti_flood_pause']}", $comments_db_link); if (mysql_num_rows($result)>0) { $error_message="Flood detected"; return $error_message; } $result = mysql_query("select ID from {$COM_CONF['dbmaintable']} where text='{$INPUT['disc_body']}' AND author='{$INPUT['disc_name']}' AND href='{$INPUT['href']}'", $comments_db_link); if (mysql_num_rows($result)>0) { $error_message="Flood detected"; return $error_message; } return ""; } function spam_check($email, $name, $url, $text, $path_to_page, $ip) { global $COM_CONF, $comments_db_link; $try = 0; while (!$valid && $try <= 3) { // Initialize and verify API key $akismet = new Akismet($COM_CONF['site_url'], $COM_CONF['akismet_apikey']); $result = $akismet->isKeyValid(); // Possible values: 'valid', 'invalid', 'no connect' if ($result != 'valid') { if (($result == 'invalid')) { // Invalid key return 2; } else { // Could not connect to the Akismet server $try++; } } else { $valid = 1; } } if (!$valid) { return 3; // Could not connect to the Akismet server } // Pass comment info to the class $akismet->setCommentAuthorEmail($email); $akismet->setCommentAuthor($name); $akismet->setCommentAuthorURL($url); $akismet->setCommentContent($text); $akismet->setUserIP($ip); $akismet->setPermalink($COM_CONF['site_url'] . $path_to_page); $akismet->setCommentType('Comment'); $try = 0; while ($try <= 3) { // Check the comment for spam $result = $akismet->isCommentSpam(); // Possible values: 'false' (not spam), 'true' (spam), 'no connect' if ($result != 'false') { if ($result == 'true') { // The comment is spam return 1; } else { // Could not connect to the Akismet server $try++; } } else { return 0; } } return 3; // Could not connect to the Akismet server } function add() { require('php-captcha.inc.php'); if (PhpCaptcha::Validate($_POST['user_code'])) { echo 'Valid code entered'; } else { echo 'Invalid code entered'; return; } global $comments_db_link, $COM_CONF, $COM_LANG; foreach ($_REQUEST as $key => $value) { if ($key == 'disc_body') { $comment_text=stripslashes($value); } $_REQUEST[$key] = str_replace('<', '<', $_REQUEST[$key]); $_REQUEST[$key] = str_replace('>', '>', $_REQUEST[$key]); if (get_magic_quotes_gpc()) { $_REQUEST[$key] = stripslashes($_REQUEST[$key]); } $_REQUEST[$key] = mysql_escape_string($_REQUEST[$key]); } $_REQUEST['href'] = str_replace('%2F', '/', $_REQUEST['href']); $_REQUEST['href'] = str_replace('%3F', '?', $_REQUEST['href']); $_REQUEST['href'] = str_replace('%26', '&', $_REQUEST['href']); $_REQUEST['href'] = str_replace('%3D', '=', $_REQUEST['href']); if ($_REQUEST['dont_show_email'] != '') { $dont_show="1"; } else { $dont_show="0"; } $error_message = check_for_errors(); $error_message .= flood_protection($_REQUEST); if ($COM_CONF['ckeck_for_spam']) { if (!$error_message) { $spam_check_result = spam_check($_REQUEST['disc_email'], $_REQUEST['disc_name'], "", $comment_text, $_REQUEST['href'], ""); if ($spam_check_result == 1) { $error_message .= "
Your comment suspected as spam."; mysql_query("INSERT INTO {$COM_CONF['dbjunktable']} VALUES (NULL, NOW(), '{$_REQUEST['href']}', '{$_REQUEST['disc_body']}', '{$_REQUEST['disc_name']}', '{$_REQUEST['disc_email']}', '$dont_show', '{$_SERVER['REMOTE_ADDR']}')", $comments_db_link); } if ($spam_check_result == 2) { $error_message .= "
Invalid WordPress API key"; } if ($spam_check_result == 3) { $error_message .= "
Could not connect to the Akismet server"; } } } if ($error_message) { print "The following errors occured:
$error_message

Please get back and try again."; return 0; } mysql_query("INSERT INTO {$COM_CONF['dbmaintable']} VALUES (NULL, NOW(), '{$_REQUEST['href']}', '{$_REQUEST['disc_body']}', '{$_REQUEST['disc_name']}', '{$_REQUEST['disc_email']}', '$dont_show', '{$_SERVER['REMOTE_ADDR']}')", $comments_db_link); if ($_REQUEST['email_me'] != '' && $_REQUEST['disc_email'] != '') { $result = mysql_query("select COUNT(*) from {$COM_CONF['dbemailstable']} where href='{$_REQUEST['href']}' AND email='{$_REQUEST['disc_email']}'", $comments_db_link); list ($count) = mysql_fetch_row($result); if ($count == 0) { $hash=md5($email . $COM_CONF['copy_random_seed']); mysql_query("INSERT INTO {$COM_CONF['dbemailstable']} VALUES (NULL, '{$_REQUEST['disc_email']}', '{$_REQUEST['href']}', '$hash')", $comments_db_link); } } if ($COM_CONF['email_admin']) { notify_admin($_REQUEST['href'], $_REQUEST['disc_name'], $_REQUEST['disc_email'], $comment_text, "{$_SERVER['REMOTE_ADDR']}, {$_SERVER['HTTP_USER_AGENT']}"); } notify_users($_REQUEST['href'], $_REQUEST['disc_name'], $_REQUEST['disc_email']); header("HTTP/1.1 302"); header("Location: {$COM_CONF['site_url']}{$_REQUEST['href']}"); print "Click here to get back."; } function notify_admin($href, $name, $email, $text, $ip) { global $comments_db_link, $COM_CONF, $COM_LANG; $headers = "From: Comments <{$COM_CONF['email_from']}>\r\n"; $text_of_message=" {$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href {$COM_LANG['email_from']}: $name <$email> $text $ip "; mail($COM_CONF['email_admin'], "{$COM_LANG['email_new_comment']} $href", $text_of_message, $headers); } function notify_users($href, $name, $email_from) { global $comments_db_link, $COM_CONF, $COM_LANG; $headers = "From: Comments <{$COM_CONF['email_from']}>\n"; $result=mysql_query("select email, hash from {$COM_CONF['dbemailstable']} where href='$href'", $comments_db_link); while (list($email, $hash) = mysql_fetch_row($result)) { if ($email != $email_from) { $text_of_message=" {$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href {$COM_LANG['email_from']}: $name {$COM_LANG['email_to_unsubscribe']} {$COM_CONF['site_url']}{$COM_CONF['script_url']}?action=unsub&page=$href&id=$hash "; mail($email, "{$COM_LANG['email_new_comment']} $href",$text_of_message, $headers); } } } function unsub() { global $comments_db_link, $COM_CONF, $COM_LANG; $id=mysql_escape_string($_REQUEST['id']); $href=mysql_escape_string($_REQUEST['page']); mysql_query("delete from {$COM_CONF['dbemailstable']} where href='$href' AND hash='$id'", $comments_db_link); if (mysql_affected_rows() > 0) { print "{$COM_LANG['unsubscribed']}"; } else { print "{$COM_LANG['not_unsubscribed']}"; } } function view() { global $comments_db_link, $COM_CONF, $COM_LANG; $request_uri = mysql_escape_string($_SERVER['REQUEST_URI']); $result = mysql_query("select time, text, author, email, dont_show_email from {$COM_CONF['dbmaintable']} where href='$request_uri' order by time {$COM_CONF['sort_order']}", $comments_db_link); $comments_count=0; $time=$text=$author=$email=$dont_show_email=array(); while (list($time[$comments_count], $text[$comments_count], $author[$comments_count], $email[$comments_count], $dont_show_email[$comments_count])=mysql_fetch_array($result)) { $text[$comments_count] = wordwrap($text[$comments_count], 75, "\n", 1); $time[$comments_count] = format_date($time[$comments_count]); $comments_count++; } require("{$COM_CONF['full_path']}/templates/{$COM_CONF['template']}.php"); } function format_date ($date) { global $COM_LANG; $year = substr($date, 0, 4); $month = intval(substr($date, 5, 2)) - 1; $day = substr($date, 8, 2); $hour = substr($date, 11, 2); $min = substr($date, 14, 2); return "$day {$COM_LANG['months'][$month]} $year, $hour:$min"; } function is_email($Addr) { $p = '/^[a-z0-9!#$%&*+-=?^_`{|}~]+(\.[a-z0-9!#$%&*+-=?^_`{|}~]+)*'; $p.= '@([-a-z0-9]+\.)+([a-z]{2,3}'; $p.= '|info|arpa|aero|coop|name|museum)$/ix'; return preg_match($p, $Addr); } ob_end_flush(); ?>