b2evolution PHP Cross Reference Blogging Systems

Source: /htsrv/comment_post.php - 643 lines - 22768 bytes - Text - Print

Description: This file posts a comment! This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This file posts a comment!
   4   *
   5   * This file is part of the evoCore framework - {@link http://evocore.net/}
   6   * See also {@link http://sourceforge.net/projects/evocms/}.
   7   *
   8   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
   9   *
  10   * {@internal License choice
  11   * - If you have received this file as part of a package, please find the license.txt file in
  12   *   the same folder or the closest folder above for complete license terms.
  13   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  14   *   then you must choose one of the following licenses before using the file:
  15   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  16   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  17   * }}
  18   *
  19   * {@internal Open Source relicensing agreement:
  20   * }}
  21   *
  22   * @package htsrv
  23   */
  24  
  25  
  26  /**
  27   * Initialize everything:
  28   */
  29  require_once dirname(__FILE__).'/../conf/_config.php';
  30  
  31  require_once $inc_path.'_main.inc.php';
  32  
  33  // Stop a request from the blocked IP addresses
  34  antispam_block_ip();
  35  
  36  // Check if the request exceed the post max size. If it does then the function will a call header_redirect.
  37  check_post_max_size_exceeded();
  38  
  39  // Getting GET or POST parameters:
  40  param( 'comment_post_ID', 'integer', true ); // required
  41  param( 'redirect_to', 'url', '' );
  42  param( 'reply_ID', 'integer', 0 );
  43  
  44  $action = param_arrayindex( 'submit_comment_post_'.$comment_post_ID, 'save' );
  45  
  46  $ItemCache = & get_ItemCache();
  47  $commented_Item = & $ItemCache->get_by_ID( $comment_post_ID );
  48  // Make sure Blog is loaded
  49  $commented_Item->load_Blog();
  50  $blog = $commented_Item->Blog->ID;
  51  
  52  // Re-Init charset handling, in case current_charset has changed:
  53  locale_activate( $commented_Item->Blog->get('locale') );
  54  
  55  if( init_charsets( $current_charset ) )
  56  { // Reload Blog(s) (for encoding of name, tagline etc):
  57      $BlogCache->clear();
  58      $commented_Item->load_Blog();
  59  }
  60  
  61  header( 'Content-Type: text/html; charset='.$io_charset );
  62  
  63  if( $Settings->get('system_lock') )
  64  { // System is locked for maintenance, users cannot send a comment
  65      $Messages->add( T_('You cannot leave a comment at this time because the system is under maintenance. Please try again in a few moments.'), 'error' );
  66      header_redirect(); // Will save $Messages into Session
  67  }
  68  
  69  if( ! $commented_Item->can_comment( NULL ) )
  70  {
  71      $Messages->add( T_('You cannot leave comments on this post!'), 'error' );
  72  
  73      header_redirect(); // Will save $Messages into Session
  74  }
  75  
  76  if( $commented_Item->Blog->get_setting( 'allow_html_comment' ) )
  77  {    // HTML is allowed for this comment
  78      $text_format = 'html';
  79  }
  80  else
  81  {    // HTML is disallowed for this comment
  82      $text_format = 'htmlspecialchars';
  83  }
  84  
  85  // Note: we use funky field names to defeat the most basic guestbook spam bots and/or their most basic authors
  86  $comment = param( $dummy_fields[ 'content' ], $text_format );
  87  // Don't allow the hidden text in comment content
  88  $comment = str_replace( '<!', '&lt;!', $comment );
  89  
  90  if( is_logged_in( false ) )
  91  {
  92      /**
  93       * @var User
  94       */
  95      $User = & $current_User;
  96      $author = null;
  97      $email = null;
  98      $url = null;
  99      $comment_cookies = null;
 100      $comment_allow_msgform = null;
 101  }
 102  else
 103  {    // User is not logged in (registered users), we need some id info from him:
 104      $User = NULL;
 105      // Note: we use funky field names to defeat the most basic guestbook spam bots and/or their most basic authors
 106      $author = param( $dummy_fields[ 'name' ], 'string' );
 107      $email = param( $dummy_fields[ 'email' ], 'string' );
 108      $url = param( $dummy_fields[ 'url' ], 'string' );
 109  
 110      if( $url != '' && ! $commented_Item->Blog->get_setting( 'allow_anon_url' ) )
 111      {    // It's an automated/malicious submit and we want to reject it the hard way
 112          exit(0);
 113      }
 114      param( 'comment_cookies', 'integer', 0 );
 115      param( 'comment_allow_msgform', 'integer', 0 ); // checkbox
 116  }
 117  
 118  param( 'comment_rating', 'integer', NULL );
 119  
 120  // Manually fetch crumb_comment here, to pass it to/through CommentFormSent
 121  param( 'crumb_comment', 'string', NULL );
 122  
 123  
 124  $now = date( 'Y-m-d H:i:s', $localtimenow );
 125  
 126  
 127  // VALIDATION:
 128  
 129  $original_comment = $comment;
 130  
 131  // Trigger event: a Plugin could add a $category="error" message here..
 132  // This must get triggered before any internal validation and must pass all relevant params.
 133  // The OpenID plugin will validate a given OpenID here (via redirect and coming back here).
 134  $Plugins->trigger_event( 'CommentFormSent', array(
 135          'comment_post_ID' => $comment_post_ID,
 136          'comment' => & $comment,
 137          'original_comment' => & $original_comment,
 138          'action' => & $action,
 139          'anon_name' => & $author,
 140          'anon_email' => & $email,
 141          'anon_url' => & $url,
 142          'rating' => & $comment_rating,
 143          'anon_allow_msgform' => & $comment_allow_msgform,
 144          'anon_cookies' => & $comment_cookies,
 145          'User' => & $User,
 146          'redirect_to' => & $redirect_to,
 147          'crumb_comment' => & $crumb_comment,
 148      ) );
 149  
 150  // Check that this action request is not a CSRF hacked request:
 151  $Session->assert_received_crumb( 'comment' );
 152  
 153  $comments_email_is_detected = false;
 154  
 155  if( $User )
 156  {    // User is logged in (or provided, e.g. via OpenID plugin)
 157      // Does user have permission to edit?
 158      $perm_comment_edit = $User->check_perm( 'blog_comments', 'edit', false, $commented_Item->Blog->ID );
 159  }
 160  else
 161  {    // User is still not logged in
 162      // NO permission to edit!
 163      $perm_comment_edit = false;
 164  
 165      // we need some id info from the anonymous user:
 166      if ($require_name_email)
 167      { // We want Name and EMail with comments
 168          if( empty($author) )
 169          {
 170              $Messages->add( T_('Please fill in your name.'), 'error' );
 171          }
 172          if( empty($email) )
 173          {
 174              $Messages->add( T_('Please fill in your email.'), 'error' );
 175          }
 176      }
 177  
 178      if( !empty($author) && antispam_check( $author ) )
 179      {
 180          $Messages->add( T_('Supplied name is invalid.'), 'error' );
 181      }
 182  
 183      if( !empty($email)
 184          && ( !is_email($email)|| antispam_check( $email ) ) )
 185      {
 186          $Messages->add( T_('Supplied email address is invalid.'), 'error' );
 187      }
 188  
 189  
 190      if( !stristr($url, '://') && !stristr($url, '@') )
 191      { // add 'http://' if no protocol defined for URL; but not if the user seems to be entering an email address alone
 192          $url = 'http://'.$url;
 193      }
 194  
 195      if( strlen($url) <= 8 )
 196      {    // ex: https:// is 8 chars
 197          $url = '';
 198      }
 199  
 200      // Note: as part of the validation we require the url to be absolute; otherwise we cannot detect bozos typing in
 201      // a title for their comment or whatever...
 202      if( $error = validate_url( $url, 'commenting' ) )
 203      {
 204          $Messages->add( T_('Supplied website address is invalid: ').$error, 'error' );
 205      }
 206  
 207      if( $commented_Item->Blog->get_setting( 'comments_detect_email' ) )
 208      {    // Detect email addresses in comments
 209          if( preg_match( '/(([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,}))/i', $comment ) )
 210          {    // Comment contains an email address
 211              $action = 'preview';
 212              $comments_email_is_detected = true;
 213          }
 214      }
 215  }
 216  
 217  // CHECK and FORMAT content
 218  $saved_comment = $comment;
 219  // Following call says "WARNING: this does *NOT* (necessarilly) make the HTML code safe.":
 220  $comment = check_html_sanity( $comment, $perm_comment_edit ? 'posting' : 'commenting', $User );
 221  if( $comment === false )
 222  {    // ERROR! Restore original comment for further editing:
 223      $comment = $saved_comment;
 224  }
 225  
 226  // Flood protection was here and SHOULD NOT have moved down!
 227  
 228  /**
 229   * Create comment object. Gets validated, before recording it into DB:
 230   */
 231  $Comment = new Comment();
 232  if( $reply_ID > 0 )
 233  {    // Set parent ID if this comment is reply to other comment
 234      $Comment->set( 'in_reply_to_cmt_ID', $reply_ID );
 235  }
 236  $Comment->set( 'type', 'comment' );
 237  $Comment->set_Item( $commented_Item );
 238  if( $User )
 239  { // User is logged in, we'll use his ID
 240      $Comment->set_author_User( $User );
 241  }
 242  else
 243  {    // User is not logged in:
 244      $Comment->set( 'author', $author );
 245      $Comment->set( 'author_email', $email );
 246      $Comment->set( 'author_url', $url );
 247      $Comment->set( 'allow_msgform', $comment_allow_msgform );
 248  }
 249  
 250  if( $commented_Item->can_rate() )
 251  {    // Comment rating:
 252      $Comment->set( 'rating', $comment_rating );
 253  }
 254  $Comment->set( 'author_IP', $Hit->IP );
 255  $Comment->set( 'date', $now );
 256  $Comment->set( 'content', $comment );
 257  
 258  // Renderers:
 259  if( param( 'renderers_displayed', 'integer', 0 ) )
 260  { // use "renderers" value only if it has been displayed (may be empty)
 261      global $Plugins;
 262      $comment_renderers = param( 'renderers', 'array/string', array() );
 263      $renderers = $Plugins->validate_renderer_list( $comment_renderers, array( 'Comment' => & $Comment ) );
 264      $Comment->set_renderers( $renderers );
 265  }
 266  
 267  // Def status will be the highest publish status what the current User ( or anonymous user if there is no current user ) can post
 268  $def_status = get_highest_publish_status( 'comment', $commented_Item->Blog->ID, false );
 269  $Comment->set( 'status', $def_status );
 270  
 271  if( $action != 'preview' )
 272  {
 273      /*
 274       * Flood-protection
 275       * NOTE: devs can override the flood protection delay in /conf/_overrides_TEST.php
 276       * TODO: Put time check into query?
 277       * TODO: move that as far !!UP!! as possible! We want to waste minimum resources on Floods
 278       * TODO: have several thresholds. For example:
 279       * 1 comment max every 30 sec + 5 comments max every 10 minutes + 15 comments max every 24 hours
 280       * TODO: factorize with trackback
 281       */
 282      $query = 'SELECT MAX(comment_date)
 283                              FROM T_comments
 284                           WHERE comment_author_IP = '.$DB->quote($Hit->IP).'
 285                                  OR comment_author_email = '.$DB->quote($Comment->get_author_email());
 286      $ok = 1;
 287      if( $then = $DB->get_var( $query ) )
 288      {
 289          $time_lastcomment = mysql2date("U",$then);
 290          $time_newcomment = mysql2date("U",$now);
 291          if( ($time_newcomment - $time_lastcomment) < $minimum_comment_interval )
 292              $ok = 0;
 293      }
 294      if( !$ok )
 295      {
 296          $Messages->add( sprintf( T_('You can only post a new comment every %d seconds.'), $minimum_comment_interval ), 'error' );
 297      }
 298      /* end flood-protection */
 299  }
 300  
 301  // get already attached file ids
 302  param( 'preview_attachments', 'string', '' );
 303  // finally checked attachments
 304  $checked_attachments = '';
 305  $checked_attachments_count = 0;
 306  if( !empty( $preview_attachments ) )
 307  { // Get checked attachments. Some attachments was already unchecked, so needs to be separated.
 308      $attachments = explode( ',', $preview_attachments );
 309      foreach( $attachments as $attachment_ID )
 310      { // iterate through all attachments and select checked ones
 311          if( ( $commented_Item->get_attachments_limit() === 'unlimit' || $checked_attachments_count < (int)$commented_Item->get_attachments_limit() ) &&
 312              param( 'preview_attachment'.$attachment_ID, 'integer', 0 ) )
 313          { // this attachment checkbox was checked in, so it needs to be attached
 314              $checked_attachments = $checked_attachments.$attachment_ID.',';
 315              $checked_attachments_count++;
 316          }
 317      }
 318      if( !empty( $checked_attachments ) )
 319      { // cut the last comma
 320          $checked_attachments = substr( $checked_attachments, 0, strlen( $checked_attachments ) - 1 );
 321      }
 322  }
 323  
 324  if( $commented_Item->can_attach() && ( ( $action == 'preview' ) || $ok ) &&
 325      !empty( $_FILES['uploadfile'] ) && !empty( $_FILES['uploadfile']['size'] ) && !empty( $_FILES['uploadfile']['size'][0] ) )
 326  { // attaching files is permitted
 327      $FileRootCache = & get_FileRootCache();
 328      if( is_logged_in() )
 329      { // registered user
 330          $root = FileRoot::gen_ID( 'user', $current_User->ID );
 331          $path = 'comments/p'.$commented_Item->ID;
 332      }
 333      else
 334      { // anonymous user
 335          $root = FileRoot::gen_ID( 'collection', $commented_Item->Blog->ID );
 336          $path = 'anonymous_comments/p'.$commented_Item->ID;
 337      }
 338  
 339      // process upload
 340      $result = process_upload( $root, $path, true, false, false, false );
 341      if( !empty( $result ) )
 342      {
 343          $uploadedFiles = $result['uploadedFiles'];
 344          if( !empty( $result['failedFiles'] ) )
 345          { // upload failed
 346              $Messages->add( T_( 'Couldn\'t attach selected file:' ).$result['failedFiles'][0], 'warning' );
 347          }
 348          if( !empty( $uploadedFiles ) )
 349          { // upload succeeded
 350              foreach( $uploadedFiles as $File )
 351              {
 352                  if( empty( $preview_attachments ) )
 353                  {
 354                      $preview_attachments = $File->ID;//get_rdfp_rel_path();
 355                      // newly uploaded file must be checked by default
 356                      $checked_attachments = $File->ID;
 357                  }
 358                  else
 359                  {
 360                      $preview_attachments .= ','.$File->ID;//get_rdfp_rel_path();
 361                      // newly uploaded file must be checked by default
 362                      if( empty( $checked_attachments ) )
 363                      {
 364                          $checked_attachments = $File->ID;
 365                      }
 366                      else
 367                      {
 368                          $checked_attachments = $checked_attachments.','.$File->ID;
 369                      }
 370                  }
 371                  $checked_attachments_count++;
 372              }
 373          }
 374      }
 375  }
 376  
 377  if( empty( $comment ) && $checked_attachments_count == 0 )
 378  { // comment should not be empty!
 379      $Messages->add( T_('Please do not send empty comments.'), 'error' );
 380  }
 381  
 382  
 383  // Trigger event: a Plugin could add a $category="error" message here..
 384  $Plugins->trigger_event('BeforeCommentFormInsert', array(
 385      'Comment' => & $Comment,
 386      'original_comment' => $original_comment,
 387      'is_preview' => ($action == 'preview'),
 388      'action' => & $action ) );
 389  
 390  
 391  /*
 392   * Display error messages:
 393   */
 394  if( $Messages->has_errors() && $action != 'preview' )
 395  {
 396      $Comment->set( 'preview_attachments', $preview_attachments );
 397      $Comment->set( 'checked_attachments', $checked_attachments );
 398      save_comment_to_session( $Comment );
 399  
 400      if( !empty( $reply_ID ) )
 401      {
 402          $redirect_to = url_add_param( $redirect_to, 'reply_ID='.$reply_ID.'&redir=no', '&' );
 403      }
 404  
 405      header_redirect(); // 303 redirect
 406      // exited here
 407  
 408      /* asimo>fp I think we may delete this commented part below:
 409      // TODO: dh> HEAD part should be some global front end include file..
 410      // fp> actually, I'd like the error messages to de displayed in a skinnable file. Something that looks like the _main skin file but with minimum extra gadgets (in order to save on DB requests at each "spam denied" error)
 411      // fp> So please don't waste time on implementing a half baked solution.
 412      // fp> We may want to rethink skins more deeply beofre implementing this.
 413      ?>
 414      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 415      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php locale_lang() ?>" lang="<?php locale_lang() ?>">
 416      <head>
 417          <title><?php echo $app_shortname.' &rsaquo; '.$page_title ?></title>
 418          <meta name="ROBOTS" content="NOINDEX" />
 419          <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $io_charset ?>" />
 420      </head>
 421      <body>
 422      <?php
 423      $Messages->display( T_('Cannot post comment, please correct these errors:'),
 424      '[<a href="javascript:history.go(-1)">'.T_('Back to comment editing').'</a>]' );
 425      ?>
 426      </body>
 427      </html>
 428      <?php
 429      exit(0);*/
 430  }
 431  
 432  if( $action == 'preview' )
 433  { // set the Comment into user's session and redirect.
 434      $Comment->set( 'original_content', html_entity_decode( $original_comment ) ); // used in the textarea input field again
 435      $Comment->set( 'preview_attachments', $preview_attachments ); // memorize attachments
 436      $Comment->set( 'checked_attachments', $checked_attachments ); // memorize checked attachments
 437      $Comment->set( 'email_is_detected', $comments_email_is_detected ); // used to change a style of the comment
 438      // Set Comment Item object to NULL, so this way the Item object won't be serialized, but the item_ID is still set
 439      $Comment->Item = NULL;
 440      $Session->set( 'core.preview_Comment', $Comment );
 441      $Session->set( 'core.no_CachePageContent', 1 );
 442      $Session->dbsave();
 443  
 444      // This message serves the purpose that the next page will not even try to retrieve preview from cache... (and won't collect data to be cached)
 445      // This is session based, so it's not 100% safe to prevent caching. We are also using explicit caching prevention whenever personal data is displayed
 446      $Messages->add( T_('This is a preview only! Do not forget to send your comment!'), 'error' );
 447  
 448      if( $comments_email_is_detected )
 449      { // Comment contains an email address, We should show an error about this
 450          if( $Settings->get( 'newusers_canregister' ) )
 451          { // Users can register and we give them a links to log in and registration
 452              if( is_null( $commented_Item ) )
 453              { // Initialize the commented Item object
 454                  $commented_Item = & $ItemCache->get_by_ID( $comment_post_ID );
 455              }
 456              $link_log_in = 'href="'.get_login_url( 'blocked comment email', $commented_Item->get_url( 'public_view' ) ).'"';
 457              $link_register = 'href="'.get_user_register_url( $commented_Item->get_url( 'public_view' ), 'blocked comment email' ).'"';
 458              $Messages->add( sprintf( T_('Your comment contains an email address. Please <a %s>log in</a> or <a %s>create an account now</a> instead. This will allow people to send you private messages without revealing your email address to SPAM robots.'), $link_log_in, $link_register ), 'error' );
 459  
 460              // Save the user data if he will go to register form after this action
 461              $register_user = array(
 462                  'name' => $Comment->author,
 463                  'email' => $Comment->author_email
 464              );
 465              $Session->set( 'core.register_user', $register_user );
 466          }
 467          else
 468          {    // No registration
 469              $Messages->add( T_('Your comment contains an email address. We recommend you check the box "Allow message form." below instead. This will allow people to contact you without revealing your email address to SPAM robots.'), 'error' );
 470          }
 471      }
 472  
 473      // Passthrough comment_cookies & comment_allow_msgform params:
 474      // fp> moved this down here in order to keep return URLs clean whenever this is not needed.
 475      $redirect_to = url_add_param( $redirect_to, 'redir=no&comment_cookies='.$comment_cookies
 476          .'&comment_allow_msgform='.$comment_allow_msgform, '&' );
 477  
 478      if( !empty( $reply_ID ) )
 479      {
 480          $redirect_to = url_add_param( $redirect_to, 'reply_ID='.$reply_ID, '&' );
 481      }
 482  
 483      $redirect_to .= '#comment_preview';
 484  
 485      header_redirect();
 486      exit(0);
 487  }
 488  else
 489  { // delete any preview comment from session data:
 490      $Session->delete( 'core.preview_Comment' );
 491  }
 492  
 493  
 494  // RECORD comment:
 495  
 496  $Comment->dbinsert();
 497  
 498  // Create links
 499  if( !empty( $preview_attachments ) )
 500  {
 501      global $DB;
 502      $order = 1;
 503      $FileCache = & get_FileCache();
 504      $attachments = explode( ',', $preview_attachments );
 505      $final_attachments = explode( ',', $checked_attachments );
 506      $DB->begin();
 507      foreach( $attachments as $file_ID )
 508      { // create links between comment and attached files
 509          if( in_array( $file_ID, $final_attachments ) )
 510          { // attachment checkbox was checked, create the link
 511              $edited_Link = new Link();
 512              $edited_Link->set( 'cmt_ID', $Comment->ID );
 513              $edited_Link->set( 'file_ID', $file_ID );
 514              $edited_Link->set( 'position', 'aftermore' );
 515              $edited_Link->set( 'order', $order );
 516              $edited_Link->dbinsert();
 517              $order++;
 518          }
 519          else
 520          { // attachment checkbox was not checked, remove unused uploaded file
 521              $unused_File = $FileCache->get_by_ID( $file_ID, false );
 522              if( $unused_File )
 523              {
 524                  $unused_File->unlink();
 525              }
 526          }
 527      }
 528      $DB->commit();
 529  }
 530  
 531  
 532  /*
 533   * ---------------
 534   * Handle cookies:
 535   * ---------------
 536   */
 537  if( !is_logged_in() )
 538  {
 539      if( $comment_cookies )
 540      {    // Set cookies:
 541          if ($email == '')
 542              $email = ' '; // this to make sure a cookie is set for 'no email'
 543          if ($url == '')
 544              $url = ' '; // this to make sure a cookie is set for 'no url'
 545  
 546          // fplanque: made cookies available for whole site
 547          setcookie( $cookie_name, $author, $cookie_expires, $cookie_path, $cookie_domain);
 548          setcookie( $cookie_email, $email, $cookie_expires, $cookie_path, $cookie_domain);
 549          setcookie( $cookie_url, $url, $cookie_expires, $cookie_path, $cookie_domain);
 550      }
 551      else
 552      {    // Erase cookies:
 553          if( !empty($_COOKIE[$cookie_name]) )
 554          {
 555              setcookie( $cookie_name, '', $cookie_expired, $cookie_path, $cookie_domain);
 556          }
 557          if( !empty($_COOKIE[$cookie_email]) )
 558          {
 559              setcookie( $cookie_email, '', $cookie_expired, $cookie_path, $cookie_domain);
 560          }
 561          if( !empty($_COOKIE[$cookie_url]) )
 562          {
 563              setcookie( $cookie_url, '', $cookie_expired, $cookie_path, $cookie_domain);
 564          }
 565      }
 566  }
 567  
 568  // Note: we don't give any clue that we have automatically deleted a comment. It would only give spammers the perfect tool to find out how to pass the filter.
 569  
 570  if( $Comment->ID )
 571  { // comment has not been deleted
 572      // Trigger event: a Plugin should cleanup any temporary data here..
 573      $Plugins->trigger_event( 'AfterCommentFormInsert', array( 'Comment' => & $Comment, 'original_comment' => $original_comment ) );
 574  
 575      /*
 576       * --------------------------
 577       * New comment notifications:
 578       * --------------------------
 579       */
 580      // TODO: dh> this should only send published feedback probably and should also use "outbound_notifications_mode"
 581      // fp> yes for general users, but comment moderators need to receive notifications for new unpublished comments
 582      // asimo> this handle moderators and general users as well and use "outbound_notifications_mode" in case of general users
 583      // Moderators will get emails about every new comment
 584      // Subscribed user will only get emails about new published comments
 585      $executed_by_userid = is_logged_in() ? $current_User->ID : NULL;
 586      $Comment->handle_notifications( true, $executed_by_userid );
 587  
 588  
 589      // Add a message, according to the comment's status:
 590      switch( $Comment->status )
 591      {
 592          case 'published':
 593              $success_message = T_('Your comment has been submitted.');
 594              // Append anchor to the redirect_to param, so the user sees his comment:
 595              $redirect_to .= '#'.$Comment->get_anchor();
 596              break;
 597          case 'community':
 598              $success_message = T_('Your comment is now visible by the community.');
 599              break;
 600          case 'protected':
 601              $success_message = T_('Your comment is now visible by the blog members.');
 602              break;
 603          case 'review':
 604              if( is_logged_in() && $current_User->check_perm( 'blog_comment!review', 'create', false, $blog ) )
 605              {
 606                  $success_message = T_('Your comment is now visible by moderators only (+You).');
 607                  break;
 608              }
 609          default:
 610              $success_message = T_('Your comment has been submitted. It will appear once it has been approved.');
 611              break;
 612      }
 613      $Messages->add( $success_message, 'success' );
 614  
 615      if( !is_logged_in() )
 616      {
 617          if( $Settings->get( 'newusers_canregister' ) && $Comment->Item->Blog->get_setting( 'comments_register' ) )
 618          { // Redirect to the registration form
 619              $Messages->add( T_('ATTENTION: Create a user account now so that other users can contact you after reading your comment.'), 'error' );
 620  
 621              $register_user = array(
 622                  'name' => $Comment->author,
 623                  'email' => $Comment->author_email
 624              );
 625              $Session->set( 'core.register_user', $register_user );
 626  
 627              header_redirect( get_user_register_url( $Comment->Item->get_url( 'public_view' ), 'reg after comment', false, '&' ) );
 628          }
 629  
 630          // Not logged in user. We want him to see his comment has not vanished if he checks back on the Item page
 631          // before the cache has expired. Invalidate cache for that page:
 632          // Note: this is approximative and may not cover all URLs where the user expects to see the comment...
 633          // TODO: fp> solution: touch dates?
 634          load_class( '_core/model/_pagecache.class.php', 'PageCache' );
 635          $PageCache = new PageCache( $Comment->Item->Blog );
 636          $PageCache->invalidate( $Comment->Item->get_single_url() );
 637      }
 638  }
 639  
 640  
 641  header_redirect(); // Will save $Messages into Session
 642  
 643  ?>

title

Description

title

Description

title

Description

title

title

Body