1
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
507
586fd7d3202d
Fixed some stray version numbers (again!); added support for Diffie-Hellman logins in the normal login form (not AJAX) - even works in IE
Dan
diff
changeset
+ − 5
* Version 1.1.3 (Caoineag alpha 3)
1
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
/**
+ − 16
* Class that handles comments. Has HTML/Javascript frontend support.
+ − 17
* @package Enano CMS
+ − 18
* @subpackage Comment manager
+ − 19
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
+ − 20
*/
+ − 21
+ − 22
class Comments
+ − 23
{
+ − 24
#
+ − 25
# VARIABLES
+ − 26
#
+ − 27
+ − 28
/**
+ − 29
* Current list of comments.
+ − 30
* @var array
+ − 31
*/
+ − 32
+ − 33
var $comments = Array();
+ − 34
+ − 35
/**
+ − 36
* Object to track permissions.
+ − 37
* @var object
+ − 38
*/
+ − 39
+ − 40
var $perms;
+ − 41
+ − 42
#
+ − 43
# METHODS
+ − 44
#
+ − 45
+ − 46
/**
+ − 47
* Constructor.
+ − 48
* @param string Page ID of the page to load comments for
+ − 49
* @param string Namespace of the page to load comments for
+ − 50
*/
+ − 51
+ − 52
function __construct($page_id, $namespace)
+ − 53
{
+ − 54
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 55
+ − 56
// Initialize permissions
322
+ − 57
if ( $page_id == $paths->page_id && $namespace == $paths->namespace )
1
+ − 58
$this->perms =& $GLOBALS['session'];
+ − 59
else
+ − 60
$this->perms = $session->fetch_page_acl($page_id, $namespace);
+ − 61
+ − 62
$this->page_id = $db->escape($page_id);
+ − 63
$this->namespace = $db->escape($namespace);
+ − 64
}
+ − 65
+ − 66
/**
+ − 67
* Processes a command in JSON format.
+ − 68
* @param string The JSON-encoded input, probably something sent from the Javascript/AJAX frontend
+ − 69
*/
+ − 70
+ − 71
function process_json($json)
+ − 72
{
+ − 73
global $db, $session, $paths, $template, $plugins; // Common objects
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 74
$data = enano_json_decode($json);
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 75
$data = decode_unicode_array($data);
1
+ − 76
if ( !isset($data['mode']) )
+ − 77
{
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 78
$ret = Array('mode'=>'error','error'=>'No mode defined!');
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 79
echo enano_json_encode($ret);
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 80
return $ret;
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 81
}
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 82
if ( getConfig('enable_comments') == '0' )
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 83
{
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 84
$ret = Array('mode'=>'error','error'=>'Comments are not enabled on this site.');
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 85
echo enano_json_encode($ret);
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 86
return $ret;
1
+ − 87
}
+ − 88
$ret = Array();
+ − 89
$ret['mode'] = $data['mode'];
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 90
$ret['avatar_directory'] = getConfig('avatar_directory');
1
+ − 91
switch ( $data['mode'] )
+ − 92
{
+ − 93
case 'fetch':
+ − 94
if ( !$template->theme_loaded )
+ − 95
$template->load_theme();
+ − 96
if ( !isset($data['have_template']) )
+ − 97
{
+ − 98
$ret['template'] = file_get_contents(ENANO_ROOT . '/themes/' . $template->theme . '/comment.tpl');
+ − 99
}
359
+ − 100
$q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,( c.ip_address IS NOT NULL ) AS have_ip,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type, b.buddy_id IS NOT NULL AS is_buddy, ( b.is_friend IS NOT NULL AND b.is_friend=1 ) AS is_friend FROM '.table_prefix.'comments AS c
1
+ − 101
LEFT JOIN '.table_prefix.'users AS u
+ − 102
ON (u.user_id=c.user_id)
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 103
LEFT JOIN '.table_prefix.'buddies AS b
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 104
ON ( ( b.user_id=' . $session->user_id.' AND b.buddy_user_id=c.user_id ) OR b.user_id IS NULL)
1
+ − 105
WHERE page_id=\'' . $this->page_id . '\'
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 106
AND namespace=\'' . $this->namespace . '\'
359
+ − 107
GROUP BY c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,c.ip_address,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type,b.buddy_id,b.is_friend
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 108
ORDER BY c.time ASC;');
1
+ − 109
$count_appr = 0;
+ − 110
$count_total = 0;
+ − 111
$count_unappr = 0;
+ − 112
$ret['comments'] = Array();
+ − 113
if (!$q)
+ − 114
$db->die_json();
+ − 115
if ( $row = $db->fetchrow() )
+ − 116
{
+ − 117
do {
+ − 118
+ − 119
// Increment counters
+ − 120
$count_total++;
+ − 121
( $row['approved'] == 1 ) ? $count_appr++ : $count_unappr++;
+ − 122
+ − 123
if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] == 0 )
+ − 124
continue;
+ − 125
+ − 126
// Send the source
+ − 127
$row['comment_source'] = $row['comment_data'];
+ − 128
+ − 129
// Format text
+ − 130
$row['comment_data'] = RenderMan::render($row['comment_data']);
+ − 131
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 132
if ( $row['is_buddy'] == 1 && $row['is_friend'] == 0 )
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 133
{
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 134
$seed = md5(sha1(mt_rand() . microtime()));
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 135
$wrapper = '
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 136
<div id="posthide_'.$seed.'" style="display: none;">
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 137
' . $row['comment_data'] . '
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 138
</div>
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 139
<p><span style="opacity: 0.4; filter: alpha(opacity=40);">Post from foe hidden.</span> <span style="text-align: right;"><a href="#showpost" onclick="document.getElementById(\'posthide_'.$seed.'\').style.display=\'block\'; this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">Display post</a></span></p>
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 140
';
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 141
$row['comment_data'] = $wrapper;
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 142
}
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 143
1
+ − 144
// Format date
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 145
$row['time'] = enano_date('F d, Y h:i a', $row['time']);
1
+ − 146
+ − 147
// Format signature
+ − 148
$row['signature'] = ( !empty($row['signature']) ) ? RenderMan::render($row['signature']) : '';
+ − 149
359
+ − 150
// Do we have the IP?
+ − 151
$row['have_ip'] = ( $row['have_ip'] == 1 );
+ − 152
1
+ − 153
// Add the comment to the list
+ − 154
$ret['comments'][] = $row;
+ − 155
+ − 156
} while ( $row = $db->fetchrow() );
+ − 157
}
+ − 158
$db->free_result();
+ − 159
$ret['count_appr'] = $count_appr;
+ − 160
$ret['count_total'] = $count_total;
+ − 161
$ret['count_unappr'] = $count_unappr;
+ − 162
$ret['auth_mod_comments'] = $this->perms->get_permissions('mod_comments');
+ − 163
$ret['auth_post_comments'] = $this->perms->get_permissions('post_comments');
+ − 164
$ret['auth_edit_comments'] = $this->perms->get_permissions('edit_comments');
+ − 165
$ret['user_id'] = $session->user_id;
+ − 166
$ret['username'] = $session->username;
+ − 167
$ret['logged_in'] = $session->user_logged_in;
+ − 168
+ − 169
$ret['user_level'] = Array();
+ − 170
$ret['user_level']['guest'] = USER_LEVEL_GUEST;
+ − 171
$ret['user_level']['member'] = USER_LEVEL_MEMBER;
+ − 172
$ret['user_level']['mod'] = USER_LEVEL_MOD;
+ − 173
$ret['user_level']['admin'] = USER_LEVEL_ADMIN;
+ − 174
+ − 175
$ret['approval_needed'] = ( getConfig('approve_comments') == '1' );
+ − 176
$ret['guest_posting'] = getConfig('comments_need_login');
+ − 177
+ − 178
if ( $ret['guest_posting'] == '1' && !$session->user_logged_in )
+ − 179
{
+ − 180
$session->kill_captcha();
+ − 181
$ret['captcha'] = $session->make_captcha();
+ − 182
}
+ − 183
break;
+ − 184
case 'edit':
+ − 185
$cid = (string)$data['id'];
+ − 186
if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 )
+ − 187
{
+ − 188
echo '{"mode":"error","error":"HACKING ATTEMPT"}';
+ − 189
return false;
+ − 190
}
+ − 191
$cid = intval($cid);
+ − 192
$q = $db->sql_query('SELECT c.user_id,c.approved FROM '.table_prefix.'comments c LEFT JOIN '.table_prefix.'users u ON (u.user_id=c.user_id) WHERE comment_id='.$cid.';');
+ − 193
if(!$q)
+ − 194
$db->die_json();
+ − 195
$row = $db->fetchrow();
+ − 196
$uid = intval($row['user_id']);
+ − 197
$can_edit = ( ( $uid == $session->user_id && $uid != 1 && $this->perms->get_permissions('edit_comments') ) || ( $this->perms->get_permissions('mod_comments') ) );
+ − 198
if(!$can_edit)
+ − 199
{
+ − 200
echo '{"mode":"error","error":"HACKING ATTEMPT"}';
+ − 201
return false;
+ − 202
}
+ − 203
$data['data'] = str_replace("\r", '', $data['data']); // Windows compatibility
+ − 204
$text = RenderMan::preprocess_text($data['data'], true, false);
+ − 205
$text2 = $db->escape($text);
+ − 206
$subj = $db->escape(htmlspecialchars($data['subj']));
+ − 207
$q = $db->sql_query('UPDATE '.table_prefix.'comments SET subject=\'' . $subj . '\',comment_data=\'' . $text2 . '\' WHERE comment_id=' . $cid . ';');
+ − 208
if(!$q)
+ − 209
$db->die_json();
+ − 210
$ret = Array(
+ − 211
'mode' => 'redraw',
+ − 212
'id' => $data['local_id'],
+ − 213
'subj' => htmlspecialchars($data['subj']),
+ − 214
'text' => RenderMan::render($text),
+ − 215
'src' => $text,
+ − 216
'approved' => $row['approved']
+ − 217
);
+ − 218
break;
+ − 219
case 'delete':
+ − 220
$cid = (string)$data['id'];
+ − 221
if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 )
+ − 222
{
+ − 223
echo '{"mode":"error","error":"HACKING ATTEMPT"}';
+ − 224
return false;
+ − 225
}
+ − 226
$cid = intval($cid);
+ − 227
$q = $db->sql_query('SELECT c.user_id FROM '.table_prefix.'comments c LEFT JOIN '.table_prefix.'users u ON (u.user_id=c.user_id) WHERE comment_id='.$cid.';');
+ − 228
if(!$q)
+ − 229
$db->die_json();
+ − 230
$row = $db->fetchrow();
+ − 231
$uid = intval($row['user_id']);
+ − 232
$can_edit = ( ( $uid == $session->user_id && $uid != 1 && $this->perms->get_permissions('edit_comments') ) || ( $this->perms->get_permissions('mod_comments') ) );
+ − 233
if(!$can_edit)
+ − 234
{
+ − 235
echo '{"mode":"error","error":"HACKING ATTEMPT"}';
+ − 236
return false;
+ − 237
}
+ − 238
$q = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE comment_id='.$cid.';');
+ − 239
if(!$q)
+ − 240
$db->die_json();
+ − 241
$ret = Array(
+ − 242
'mode' => 'annihilate',
+ − 243
'id' => $data['local_id']
+ − 244
);
+ − 245
break;
+ − 246
case 'submit':
+ − 247
+ − 248
// Now for a huge round of security checks...
+ − 249
+ − 250
$errors = Array();
+ − 251
+ − 252
// Authorization
+ − 253
// Like the rest of the ACL system, this call is a one-stop check for ALL ACL entries.
+ − 254
if ( !$this->perms->get_permissions('post_comments') )
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 255
$errors[] = 'The site security policy prevents your user account from posting comments;';
1
+ − 256
+ − 257
// Guest authorization
+ − 258
if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in )
+ − 259
$errors[] = 'You need to log in before posting comments.';
+ − 260
+ − 261
// CAPTCHA code
+ − 262
if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in )
+ − 263
{
+ − 264
$real_code = $session->get_captcha($data['captcha_id']);
456
+ − 265
if ( strtolower($real_code) != strtolower($data['captcha_code']) )
1
+ − 266
$errors[] = 'The confirmation code you entered was incorrect.';
263
d57af0b0302e
Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true
Dan
diff
changeset
+ − 267
$session->kill_captcha();
1
+ − 268
}
+ − 269
+ − 270
if ( count($errors) > 0 )
+ − 271
{
+ − 272
$ret = Array(
+ − 273
'mode' => 'error',
+ − 274
'error' => implode("\n", $errors)
+ − 275
);
+ − 276
}
+ − 277
else
+ − 278
{
+ − 279
// We're authorized!
+ − 280
+ − 281
// Preprocess
+ − 282
$name = ( $session->user_logged_in ) ? htmlspecialchars($session->username) : htmlspecialchars($data['name']);
+ − 283
$subj = htmlspecialchars($data['subj']);
+ − 284
$text = RenderMan::preprocess_text($data['text'], true, false);
+ − 285
$src = $text;
+ − 286
$sql_text = $db->escape($text);
+ − 287
$text = RenderMan::render($text);
+ − 288
$appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1';
+ − 289
$time = time();
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 290
$date = enano_date('F d, Y h:i a', $time);
359
+ − 291
$ip = $_SERVER['REMOTE_ADDR'];
+ − 292
if ( !is_valid_ip($ip) )
+ − 293
die('Hacking attempt');
1
+ − 294
+ − 295
// Send it to the database
359
+ − 296
$q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id, ip_address) VALUES' . "\n " .
+ − 297
"('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, {$session->user_id}, '$ip');");
1
+ − 298
if(!$q)
+ − 299
$db->die_json();
+ − 300
+ − 301
// Re-fetch
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 302
$q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.signature,u.user_has_avatar,u.avatar_type FROM '.table_prefix.'comments AS c
1
+ − 303
LEFT JOIN '.table_prefix.'users AS u
+ − 304
ON (u.user_id=c.user_id)
+ − 305
WHERE page_id=\'' . $this->page_id . '\'
+ − 306
AND namespace=\'' . $this->namespace . '\'
+ − 307
AND time='.$time.' ORDER BY comment_id DESC LIMIT 1;');
+ − 308
if(!$q)
+ − 309
$db->die_json();
+ − 310
+ − 311
$row = $db->fetchrow();
+ − 312
$db->free_result();
+ − 313
$row['time'] = $date;
+ − 314
$row['comment_data'] = $text;
+ − 315
$row['comment_source'] = $src;
+ − 316
$ret = Array(
+ − 317
'mode' => 'materialize'
+ − 318
);
+ − 319
$ret = enano_safe_array_merge($ret, $row);
+ − 320
+ − 321
$ret['auth_mod_comments'] = $this->perms->get_permissions('mod_comments');
+ − 322
$ret['auth_post_comments'] = $this->perms->get_permissions('post_comments');
+ − 323
$ret['auth_edit_comments'] = $this->perms->get_permissions('edit_comments');
+ − 324
$ret['user_id'] = $session->user_id;
+ − 325
$ret['username'] = $session->username;
+ − 326
$ret['logged_in'] = $session->user_logged_in;
+ − 327
$ret['signature'] = RenderMan::render($row['signature']);
+ − 328
+ − 329
$ret['user_level_list'] = Array();
+ − 330
$ret['user_level_list']['guest'] = USER_LEVEL_GUEST;
+ − 331
$ret['user_level_list']['member'] = USER_LEVEL_MEMBER;
+ − 332
$ret['user_level_list']['mod'] = USER_LEVEL_MOD;
+ − 333
$ret['user_level_list']['admin'] = USER_LEVEL_ADMIN;
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 334
$ret['avatar_directory'] = getConfig('avatar_directory');
1
+ − 335
}
+ − 336
+ − 337
break;
+ − 338
case 'approve':
+ − 339
if ( !$this->perms->get_permissions('mod_comments') )
+ − 340
{
+ − 341
$ret = Array(
+ − 342
'mode' => 'error',
+ − 343
'error' => 'You are not authorized to moderate comments.'
+ − 344
);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 345
echo enano_json_encode($ret);
1
+ − 346
return $ret;
+ − 347
}
+ − 348
+ − 349
$cid = (string)$data['id'];
+ − 350
if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 )
+ − 351
{
+ − 352
echo '{"mode":"error","error":"HACKING ATTEMPT"}';
+ − 353
return false;
+ − 354
}
+ − 355
$cid = intval($cid);
+ − 356
$q = $db->sql_query('SELECT subject,approved FROM '.table_prefix.'comments WHERE comment_id='.$cid.';');
+ − 357
if(!$q || $db->numrows() < 1)
+ − 358
$db->die_json();
+ − 359
$row = $db->fetchrow();
+ − 360
$db->free_result();
+ − 361
$appr = ( $row['approved'] == '1' ) ? '0' : '1';
+ − 362
$q = $db->sql_query('UPDATE '.table_prefix."comments SET approved=$appr WHERE comment_id=$cid;");
+ − 363
if (!$q)
+ − 364
$db->die_json();
+ − 365
+ − 366
$ret = Array(
+ − 367
'mode' => 'redraw',
+ − 368
'approved' => $appr,
+ − 369
'subj' => $row['subject'],
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 370
'id' => $data['local_id'],
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 371
'approve_updated' => 'yes'
1
+ − 372
);
+ − 373
+ − 374
break;
359
+ − 375
case 'view_ip':
+ − 376
if ( !$session->get_permissions('mod_comments') )
+ − 377
{
+ − 378
return array(
+ − 379
'mode' => 'error',
+ − 380
'error' => 'Unauthorized'
+ − 381
);
+ − 382
}
+ − 383
// fetch comment info
+ − 384
if ( !is_int($data['id']) )
+ − 385
{
+ − 386
return array(
+ − 387
'mode' => 'error',
+ − 388
'error' => 'Unauthorized'
+ − 389
);
+ − 390
}
+ − 391
$id =& $data['id'];
+ − 392
$q = $db->sql_query('SELECT ip_address, name FROM ' . table_prefix . 'comments WHERE comment_id = ' . $id . ';');
+ − 393
if ( !$q || $db->numrows() < 1 )
+ − 394
{
+ − 395
$db->die_json();
+ − 396
}
+ − 397
list($ip_addr, $name) = $db->fetchrow_num($q);
+ − 398
$db->free_result();
+ − 399
$name = $db->escape($name);
+ − 400
$username = $db->escape($session->username);
+ − 401
// log this action
+ − 402
$q = $db->sql_query('INSERT INTO ' . table_prefix . "logs(time_id, log_type, action, page_text, author, edit_summary) VALUES\n "
+ − 403
. "( " . time() . ", 'security', 'view_comment_ip', '$name', '$username', '{$_SERVER['REMOTE_ADDR']}' );");
+ − 404
if ( !$q )
+ − 405
$db->die_json();
+ − 406
+ − 407
// send packet
+ − 408
$ret = array(
+ − 409
'mode' => 'redraw',
+ − 410
'ip_addr' => $ip_addr,
+ − 411
'local_id' => $data['local_id']
+ − 412
);
+ − 413
break;
1
+ − 414
default:
+ − 415
$ret = Array(
+ − 416
'mode' => 'error',
+ − 417
'error' => $data['mode'] . ' is not a valid request mode'
+ − 418
);
+ − 419
break;
+ − 420
}
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 421
echo enano_json_encode($ret);
1
+ − 422
return $ret;
+ − 423
}
+ − 424
+ − 425
} // class Comments
+ − 426