Changeset 546

Timestamp:

11/12/03 15:22:47 (5 years ago)

Author:

emc3

Message:

otaku42's comment moderation patches

Files:

• trunk/b2-include/b2functions.php (modified) (2 diffs)
• trunk/b2-include/b2template.functions.php (modified) (2 diffs)
• trunk/b2comments.php (modified) (2 diffs)
• trunk/b2comments.post.php (modified) (2 diffs)
• trunk/b2commentspopup.php (modified) (1 diff)
• trunk/b2login.php (modified) (2 diffs)
• trunk/wp-admin/b2menutop.txt (modified) (1 diff)
• trunk/wp-admin/b2verifauth.php (modified) (1 diff)
• trunk/wp-admin/edit-comments.php (modified) (1 diff)
• trunk/wp-admin/edit.php (modified) (3 diffs)
• trunk/wp-admin/upgrade-4-commod.php (added)
• trunk/wp-admin/wp-admin.css (modified) (1 diff)
• trunk/wp-admin/wp-edit.showposts.php (modified) (2 diffs)
• trunk/wp-admin/wp-moderation.php (added)
• trunk/wp-admin/wp-post.php (modified) (2 diffs)
• trunk/wp-commentsrss2.php (modified) (2 diffs)

trunk/b2-include/b2functions.php

@@ -547 +547 @@
-}
-
-
+,$include_unapproved=false
-    global $postc,$id,$commentdata,$tablecomments,$querycount, $wpdb;
-    if ($no_cache) {
-
+
+
+
+
+
-        ++$querycount;
-    } else {
@@ -1311 +1315 @@
-}
-
+/* wp_set_comment_status:
+   part of otaku42's comment moderation hack
+   changes the status of a comment according to $comment_status.
+   allowed values:
+   hold   : set comment_approve field to 0
+   approve: set comment_approve field to 1
+   delete : remove comment out of database
+   
+   returns true if change could be applied
+   returns false on database error or invalid value for $comment_status
+ */
+function wp_set_comment_status($comment_id, $comment_status) {
+    global $wpdb, $tablecomments;
+
+    switch($comment_status) {
+    case 'hold':
+    $query = "UPDATE $tablecomments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
+    break;
+    case 'approve':
+    $query = "UPDATE $tablecomments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
+    break;
+    case 'delete':
+    $query = "DELETE FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1";
+    break;
+    default:
+    return false;
+    }
+    
+    if ($wpdb->query($query)) {
+    return true;
+    } else {
+    return false;
+    }
+}
+
+
+/* wp_get_comment_status
+   part of otaku42's comment moderation hack
+   gets the current status of a comment
+
+   returned values:
+   "approved"  : comment has been approved
+   "unapproved": comment has not been approved
+   "deleted   ": comment not found in database
+
+   a (boolean) false signals an error
+ */
+function wp_get_comment_status($comment_id) {
+    global $wpdb, $tablecomments;
+    
+    $result = $wpdb->get_var("SELECT comment_approved FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1");
+    if ($result == NULL) {
+    return "deleted";
+    } else if ($result == "1") {
+    return "approved";
+    } else if ($result == "0") {
+    return "unapproved";
+    } else {
+    return false;
+    }
+}
+
+
+/* wp_notify_postauthor
+   notifies the author of a post about a new comment
+   needs the id of the new comment
+   always returns true
+ */
+function wp_notify_postauthor($comment_id) {
+    global $wpdb, $tablecomments, $tableposts, $tableusers;
+    global $querystring_start, $querystring_equal, $querystring_separator;
+    global $blogfilename, $blogname, $siteurl;
+    
+    $comment = $wpdb->get_row("SELECT * FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1");
+    $post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID='$comment->comment_post_ID' LIMIT 1");
+    $user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID='$post->post_author' LIMIT 1");
+
+    if ("" != $user->user_email) {
+    $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
+
+    $notify_message  = "New comment on your post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
+    $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
+    $notify_message .= "E-mail : $comment->comment_author_email\r\n";
+    $notify_message .= "URL    : $comment->comment_author_url\r\n";
+    $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
+    $notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
+    $notify_message .= "You can see all comments on this post here: \r\n";
+    $notify_message .= $siteurl.'/'.$blogfilename.'?p='.$comment_post_ID.'&c=1#comments';
+
+    $subject = '[' . stripslashes($blogname) . '] Comment: "' .stripslashes($post->post_title).'"';
+    if ('' != $comment->comment_author_email) {
+            $from = "From: \"$comment->comment_author\" <$comment->comment_author_email>";
+    } else {
+            $from = 'From: "' . stripslashes($comment->comment_author) . "\" <$user->user_email>";
+    }
+    $from .= "\nX-Mailer: WordPress $b2_version with PHP/" . phpversion();
+
+    @mail($user->user_email, $subject, $notify_message, $from);
+    }
+    
+    return true;
+}
+
+/* wp_notify_moderator
+   notifies the moderator of the blog (usually the admin)
+   about a new comment that waits for approval
+   always returns true
+ */
+function wp_notify_moderator($comment_id) {
+    global $wpdb, $tablecomments, $tableposts, $tableusers;
+    global $querystring_start, $querystring_equal, $querystring_separator;
+    global $blogfilename, $blogname, $siteurl;
+    
+    $comment = $wpdb->get_row("SELECT * FROM $tablecomments WHERE comment_ID='$comment_id' LIMIT 1");
+    $post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID='$comment->comment_post_ID' LIMIT 1");
+    $user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID='$post->post_author' LIMIT 1");
+
+    $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
+    $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $tablecomments WHERE comment_approved = '0'");
+
+    $notify_message  = "A new comment on the post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\" is waiting for your approval\r\n\r\n";
+    $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
+    $notify_message .= "E-mail : $comment->comment_author_email\r\n";
+    $notify_message .= "URL    : $comment->comment_author_url\r\n";
+    $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
+    $notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
+    $notify_message .= "To approve this comment, visit: $siteurl/wp-admin/wp-post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
+    $notify_message .= "To delete this comment, visit: $siteurl/wp-admin/wp-post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
+    $notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n";
+    $notify_message .= "$siteurl/wp-admin/wp-moderation.php\r\n";
+
+    $subject = '[' . stripslashes($blogname) . '] Please approve: "' .stripslashes($post->post_title).'"';
+    $admin_email = get_settings("admin_email");
+    $from  = "From: $admin_email";
+    $from .= "\nX-Mailer: WordPress $b2_version with PHP/" . phpversion();
+
+    @mail($admin_email, $subject, $notify_message, $from);
+    
+    return true;
+}
+
-
-// implementation of in_array that also should work on PHP3

trunk/b2-include/b2template.functions.php

@@ -1404 +1404 @@
-// generic comments/trackbacks/pingbacks numbering
-
-
+, $include_unapproved = false
-    global $id, $comment, $tablecomments, $querycount, $wpdb;
-
+
+
+
+
+
-    if ($number == 0) {
-        $blah = $zero;
@@ -1437 +1441 @@
-    global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash;
-    global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
-
+ AND comment_approved = '1'
-    if (0 == $number && 'closed' == $post->comment_status) {
-        echo $none;

trunk/b2comments.php

@@ -15 +15 @@
-        $comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]);
-
-
+AND comment_approved = '1' 
-?>
-
@@ -74 +74 @@
-    </p>
-
+<?php 
+if ('none' != get_settings("comment_moderation")) { 
+?>
+    <p>
+    <strong>Please note:</strong><br />
+    This blog uses comment moderation. In other words: your comment will need approval
+    by the administrator before it will appear in the blog. Approval usually happens 
+    within the next 24 hours. Please send your comment only once. Thank you.
+    </p>
+<?php
+} // comment_moderation != 'none'
+?>
+
-    <p>
-      <input name="submit" type="submit" tabindex="5" value="Say it!" />

trunk/b2comments.post.php

@@ -83 +83 @@
-
-if ($ok) { // if there was no comment from this IP in the last 10 seconds
+    $comment_moderation = get_settings("comment_moderation");
+    $moderation_notify = get_settings("moderation_notify");
+    
+    // o42: this place could be the hook for further comment spam checking
+    // $approved should be set according the final approval status
+    // of the new comment
+    if ('manual' == $comment_moderation) {
+        $approved = 0;
+    } else if ('auto' == $comment_moderation) {
+        $approved = 0;
+    } else { // none
+        $approved = 1;
+    }
+    $wpdb->query("INSERT INTO $tablecomments (comment_ID,comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content,comment_karma,comment_approved) VALUES ('0', '$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$comment', '0', '$approved')");
-
-
+
+
-    $comment_ID = $wpdb->get_var("SELECT last_insert_id()");
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-    }
+    
+    if (($comment_notify) && ($approved)) {
+        wp_notify_postauthor($comment_ID);
+        fwrite($fp, "notify postauthor -> $comment_ID\n");
+    }
+    
+    fclose($fp);
-
-    if ($email == '')
@@ -125 +128 @@
-    setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
-
-   
-   
+        
+        
-    header('Cache-Control: no-cache, must-revalidate');
-    header('Pragma: no-cache');

trunk/b2commentspopup.php

@@ -31 +31 @@
-<?php
-// this line is WordPress' motor, do not delete it.
-
+AND comment_approved = '1' 
-$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
-if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) {  // and it doesn't match the cookie

trunk/b2login.php

@@ -67 +67 @@
-        $redirect_to = $HTTP_POST_VARS["redirect_to"];
-    }
-
+
-    function login() {
-        global $wpdb, $log, $pwd, $error, $user_ID;
@@ -298 +298 @@
-    <input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
-<?php } ?>
+<?php if (isset($HTTP_GET_VARS["redirect_to"])) { ?>
+    <input type="hidden" name="redirect_to" value="<?php echo $HTTP_GET_VARS["redirect_to"] ?>" />
+<?php } else { ?>
-    <input type="hidden" name="redirect_to" value="wp-admin/" />
+<?php } ?>
-    <input type="hidden" name="action" value="login" />
-    <label>Login: <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label><br />

trunk/wp-admin/b2menutop.txt

@@ -1 +1 @@
-1   wp-post.php Post
-1   edit.php    Edit
+3   wp-moderation.php   Moderation
-3   b2team.php  Team
-4   wp-options.php  Options

trunk/wp-admin/b2verifauth.php

@@ -42 +42 @@
-            $error="<strong>Error</strong>: wrong login or password";
-        }
-
+
+
-        exit();
-    }

trunk/wp-admin/edit-comments.php

@@ -144 +144 @@
-        ?>      
-        <li style="border-bottom: 1px solid #ccc;">
+        <?php
+            $comment_status = wp_get_comment_status($comment->comment_ID);
+            
+            if ("unapproved" == $comment_status) {
+                echo "<span class=\"unapproved\">";
+            }
+        ?>
-        <p><strong>Name:</strong> <?php comment_author() ?> <?php if ($comment->comment_author_email) { ?>| <strong>Email:</strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_email) { ?> | <strong>URI:</strong> <?php comment_author_url_link() ?> <?php } ?>| <strong>IP:</strong> <?php comment_author_IP() ?></p>
-        

trunk/wp-admin/edit.php

@@ -244 +244 @@
-?>
-            <p>
-
+, true
-                <?php
-                if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
@@ -279 +279 @@
-                    <!-- comment -->
-                    <li>
+                        <?php
+                        $comment_status = wp_get_comment_status($comment->comment_ID);
+                        
+                        if ("unapproved" == $comment_status) {
+                            echo "<span class=\"unapproved\">";
+                        }
+                        ?>
-                            <?php comment_date('Y/m/d') ?> @ <?php comment_time() ?> 
-                            <?php 
-                            if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
-                                echo "[ <a href=\"wp-post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">Edit</a>";
-
+
+
+
+
+
+
+
+
+
-                            } // end if any comments to show
-                            ?>
@@ -289 +304 @@
-                        <strong><?php comment_author() ?> ( <?php comment_author_email_link() ?> / <?php comment_author_url_link() ?> )</strong> (IP: <?php comment_author_IP() ?>)
-                            <?php comment_text() ?>
+                        <?php
+                        if ("unapproved" == $comment_status) {
+                            echo "</span>";
+                        }
+                        ?>
-                    </li>
-                    <!-- /comment -->

trunk/wp-admin/wp-admin.css

@@ -86 +86 @@
-    font-size: 18px;
-    margin: 6px 0;
+}
+
+.unapproved {
+    color: #888;
+}
+
+.unapproved a:link {
+    color: #B9BCFF;
+}
+
+.unapproved a:visited {
+    color: #696DFF;
+}
+
+.unapproved a:hover {
+    color: #009EF0;
-}
-

trunk/wp-admin/wp-edit.showposts.php

@@ -247 +247 @@
-        start_b2(); ?>
-            <p>
-
+, true
-                <?php
-                if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
@@ -287 +287 @@
-                            if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
-                                echo "[ <a href=\"wp-post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">Edit</a>";
-
+
+
+
+
+
+
+
+
+
-                            } // end if any comments to show
-                            ?>

trunk/wp-admin/wp-post.php

@@ -339 +339 @@
-
-        $comment = $HTTP_GET_VARS['comment'];
-
+, true
-        $content = $commentdata['comment_content'];
-        $content = format_to_edit($content);
@@ -347 +347 @@
-        break;
-
+    case 'confirmdeletecomment':
+    
+    $standalone = 0;
+    require_once('./b2header.php');
+    
+    if ($user_level == 0)
+        die ('Cheatin’ uh?');
+    
+    $comment = $HTTP_GET_VARS['comment'];
+    $p = $HTTP_GET_VARS['p'];
+    $commentdata = get_commentdata($comment, 1, true) or die('Oops, no comment with this ID. <a href="edit.php">Go back</a>!');
+    
+    echo "<div class=\"wrap\">\n";
+    echo "<p><strong>Caution:</strong> You are about to delete the following comment:</p>\n";
+    echo "<table border=\"0\">\n";
+    echo "<tr><td>Author:</td><td>" . $commentdata["comment_author"] . "</td></tr>\n";
+    echo "<tr><td>E-Mail:</td><td>" . $commentdata["comment_author_email"] . "</td></tr>\n";
+    echo "<tr><td>URL:</td><td>" . $commentdata["comment_author_url"] . "</td></tr>\n";
+    echo "<tr><td>Comment:</td><td>" . stripslashes($commentdata["comment_content"]) . "</td></tr>\n";
+    echo "</table>\n";
+    echo "<p>Are you sure you want to do that?</p>\n";
+    
+    echo "<form action=\"$siteurl/wp-admin/wp-post.php\" method=\"get\">\n";
+    echo "<input type=\"hidden\" name=\"action\" value=\"deletecomment\" />\n";
+    echo "<input type=\"hidden\" name=\"p\" value=\"$p\" />\n";
+    echo "<input type=\"hidden\" name=\"comment\" value=\"$comment\" />\n";
+    echo "<input type=\"hidden\" name=\"noredir\" value=\"1\" />\n";
+    echo "<input type=\"submit\" value=\"Yes\" />";
+    echo "&nbsp;&nbsp;";
+    echo "<input type=\"button\" value=\"No\" onClick=\"self.location='$siteurl/wp-admin/edit.php?p=$p&c=1#comments';\" />\n";
+    echo "</form>\n";
+    echo "</div>\n";
+    
+    break;
+
-    case 'deletecomment':
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-    case 'editedcomment':
-

trunk/wp-commentsrss2.php

@@ -54 +54 @@
-                                            LEFT JOIN $tableposts ON comment_post_id = id
-                                            WHERE comment_post_ID = '$id'
+                                            AND $tablecomments.comment_approved = '1'
-                                            AND $tableposts.post_status = 'publish'
-                                            AND post_category > '0'
@@ -73 +74 @@
-                                            LEFT JOIN $tableposts ON comment_post_id = id
-                                            WHERE $tableposts.post_status = 'publish'
+                                            AND $tablecomments.comment_approved = '1'
-                                            AND post_category > '0'
-                                            AND post_date < '".date("Y-m-d H:i:s")."'