diff --git a/comment.php b/comment.php index 3b2c2744..534f87e6 100644 --- a/comment.php +++ b/comment.php @@ -20,6 +20,10 @@ if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry'])) { serendipity_allowCommentsToggle($serendipity['GET']['entry'], $serendipity['GET']['switch']); } +if (!empty($_REQUEST['c']) && !empty($_REQUEST['hash'])) { + serendipity_confirmMail($_REQUEST['c'], $_REQUEST['hash']); +} + serendipity_rememberComment(); // Trackback logging. For developers: can be switched to true! diff --git a/docs/NEWS b/docs/NEWS index deb69783..dc01cfdf 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -3,6 +3,10 @@ Version 1.4 () ------------------------------------------------------------------------ + * Allow spamblock plugin to use approval mechanism for comments, + so that commenting users first need to approve their comment + via email ("once" or "always" as options). + * Replace htmlarea with XINHA. Thanks to abdussamad! (Experimental! Needs testing on shared installations. Might need browser cache refresh!) diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index 6554afb4..f33a501f 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -186,7 +186,11 @@ function serendipity_displayCommentForm($id, $url = '', $comments = NULL, $data global $serendipity; if ($comments == NULL) { - $comments = serendipity_fetchComments($id); + if (empty($id)) { + $comments = array(); + } else { + $comments = serendipity_fetchComments($id); + } } $commentform_data = array( @@ -668,6 +672,168 @@ function serendipity_approveComment($cid, $entry_id, $force = false, $moderate = return true; } +/** + * Confirm a mail authentication request + * + * @access public + * @param int The ID of a comment + * @param string The confirmation hash + * @return boolean + */ +function serendipity_confirmMail($cid, $hash) { + global $serendipity; + + $q = "SELECT c.entry_id, e.title, e.timestamp, e.id + FROM {$serendipity['dbPrefix']}comments AS c + JOIN {$serendipity['dbPrefix']}entries AS e + ON (e.id = c.entry_id) + WHERE c.status = 'confirm" . serendipity_db_escape_string($hash) . "' + AND c.id = '" . (int)$cid . "'"; + $confirm = serendipity_db_query($q, true); + + if ($confirm['entry_id'] > 0) { + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}options + SET okey = 'mail_confirm' + WHERE okey = 'mail_confirm" . serendipity_db_escape_string($hash) . "'"); + + serendipity_db_query("UPDATE {$serendipity['dbPrefix']}comments + SET status = 'pending' + WHERE status = 'confirm" . serendipity_db_escape_string($hash) . "' + AND id = '" . (int)$cid . "'"); + + // TODO? + /* if (serendipity_db_bool($confirm['mail_comments'])) { + serendipity_sendComment($cid, $row['email'], $name, $email, $url, $id, $row['title'], $comments, $type, serendipity_db_bool($ca['moderate_comments'])); + } + */ + + serendipity_approveComment($cid, $confirm['entry_id'], true); + + $link = serendipity_getPermalink($confirm); + header('Location: ' . $serendipity['baseURL'] . $link); + exit; + return $confirm['entry_id']; + } else { + exit; + return false; + } +} + +/** + * Store the comment made by a visitor in the database + * + * @access public + * @param int The ID of an entry + * @param array An array that holds the input data from the visitor + * @param string The type of a comment (normal/trackback) + * @param string Where did a comment come from? (internal|trackback|plugin) + * @param string Additional plugin data (spamblock plugin etc.) + * @return boolean Returns true if the comment could be added + */ +function serendipity_insertComment($id, $commentInfo, $type = 'NORMAL', $source = 'internal', $ca = array()) { + global $serendipity; + + if (!empty($ca['status'])) { + $commentInfo['status'] = $ca['status']; + } + + $title = serendipity_db_escape_string(isset($commentInfo['title']) ? $commentInfo['title'] : ''); + $comments = $commentInfo['comment']; + $ip = serendipity_db_escape_string(isset($commentInfo['ip']) ? $commentInfo['ip'] : $_SERVER['REMOTE_ADDR']); + $commentsFixed = serendipity_db_escape_string($commentInfo['comment']); + $name = serendipity_db_escape_string($commentInfo['name']); + $url = serendipity_db_escape_string($commentInfo['url']); + $email = serendipity_db_escape_string($commentInfo['email']); + $parentid = (isset($commentInfo['parent_id']) && is_numeric($commentInfo['parent_id'])) ? $commentInfo['parent_id'] : 0; + $status = serendipity_db_escape_string(isset($commentInfo['status']) ? $commentInfo['status'] : (serendipity_db_bool($ca['moderate_comments']) ? 'pending' : 'approved')); + $t = serendipity_db_escape_string(isset($commentInfo['time']) ? $commentInfo['time'] : time()); + $referer = substr((isset($_SESSION['HTTP_REFERER']) ? serendipity_db_escape_string($_SESSION['HTTP_REFERER']) : ''), 0, 200); + + $query = "SELECT a.email, e.title, a.mail_comments, a.mail_trackbacks + FROM {$serendipity['dbPrefix']}entries e, {$serendipity['dbPrefix']}authors a + WHERE e.id = '". (int)$id ."' + AND e.isdraft = 'false' + AND e.authorid = a.authorid"; + if (!serendipity_db_bool($serendipity['showFutureEntries'])) { + $query .= " AND e.timestamp <= " . serendipity_db_time(); + + } + + $row = serendipity_db_query($query, true); // Get info on author/entry + if (!is_array($row) || empty($id)) { + // No associated entry found. + return false; + } + + if (isset($commentInfo['subscribe'])) { + $subscribe = 'true'; + } else { + $subscribe = 'false'; + } + + $dbhash = md5(uniqid(rand(), true)); + + if ($status == 'confirm') { + $dbstatus = 'confirm' . $dbhash; + } elseif ($status == 'confirm1') { + $auth = serendipity_db_query("SELECT * + FROM {$serendipity['dbPrefix']}options + WHERE okey = 'mail_confirm' + AND name = '" . $email . "' + AND value = '" . $name . "'", true); + if (!is_array($auth)) { + serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (okey, name, value) + VALUES ('mail_confirm{$dbhash}', '{$email}', '{$name}')"); + $dbstatus = 'confirm' . $dbhash; + } else { + $serendipity['csuccess'] = 'true'; + $status = $dbstatus = 'approved'; + } + } else { + $dbstatus = $status; + } + + $query = "INSERT INTO {$serendipity['dbPrefix']}comments (entry_id, parent_id, ip, author, email, url, body, type, timestamp, title, subscribed, status, referer)"; + $query .= " VALUES ('". (int)$id ."', '$parentid', '$ip', '$name', '$email', '$url', '$commentsFixed', '$type', '$t', '$title', '$subscribe', '$dbstatus', '$referer')"; + + serendipity_db_query($query); + $cid = serendipity_db_insert_id('comments', 'id'); + + // Send mail to the author if he chose to receive these mails, or if the comment is awaiting moderation + if ($status != 'confirm' && (serendipity_db_bool($ca['moderate_comments']) + || ($type == 'NORMAL' && serendipity_db_bool($row['mail_comments'])) + || ($type == 'TRACKBACK' && serendipity_db_bool($row['mail_trackbacks'])))) { + serendipity_sendComment($cid, $row['email'], $name, $email, $url, $id, $row['title'], $comments, $type, serendipity_db_bool($ca['moderate_comments'])); + } + + // Approve with force, if moderation is disabled + if ($status != 'confirm' && (empty($ca['moderate_comments']) || serendipity_db_bool($ca['moderate_comments']) == false)) { + serendipity_approveComment($cid, $id, true); + } + + if ($status == 'confirm') { + $subject = sprintf(NEW_COMMENT_TO_SUBSCRIBED_ENTRY, $row['title']); + $message = sprintf(CONFIRMATION_MAIL_ALWAYS, + $name, + $row['title'], + $commentsFixed, + $serendipity['baseURL'] . 'comment.php?c=' . $cid . '&hash=' . $dbhash); + + serendipity_sendMail($email, $subject, $message, $serendipity['blogMail']); + } elseif ($status == 'confirm1') { + $subject = sprintf(NEW_COMMENT_TO_SUBSCRIBED_ENTRY, $row['title']); + $message = sprintf(CONFIRMATION_MAIL_ONCE, + $name, + $row['title'], + $commentsFixed, + $serendipity['baseURL'] . 'comment.php?c=' . $cid . '&hash=' . $dbhash); + + serendipity_sendMail($email, $subject, $message, $serendipity['blogMail']); + } + + serendipity_purgeEntry($id, $t); +} + /** * Save a comment made by a visitor * @@ -688,58 +854,7 @@ function serendipity_saveComment($id, $commentInfo, $type = 'NORMAL', $source = $commentInfo['source'] = $source; serendipity_plugin_api::hook_event('frontend_saveComment', $ca, $commentInfo); if (!is_array($ca) || serendipity_db_bool($ca['allow_comments'])) { - $title = serendipity_db_escape_string(isset($commentInfo['title']) ? $commentInfo['title'] : ''); - $comments = $commentInfo['comment']; - $ip = serendipity_db_escape_string(isset($commentInfo['ip']) ? $commentInfo['ip'] : $_SERVER['REMOTE_ADDR']); - $commentsFixed = serendipity_db_escape_string($commentInfo['comment']); - $name = serendipity_db_escape_string($commentInfo['name']); - $url = serendipity_db_escape_string($commentInfo['url']); - $email = serendipity_db_escape_string($commentInfo['email']); - $parentid = (isset($commentInfo['parent_id']) && is_numeric($commentInfo['parent_id'])) ? $commentInfo['parent_id'] : 0; - $status = serendipity_db_escape_string(isset($commentInfo['status']) ? $commentInfo['status'] : (serendipity_db_bool($ca['moderate_comments']) ? 'pending' : 'approved')); - $t = serendipity_db_escape_string(isset($commentInfo['time']) ? $commentInfo['time'] : time()); - $referer = substr((isset($_SESSION['HTTP_REFERER']) ? serendipity_db_escape_string($_SESSION['HTTP_REFERER']) : ''), 0, 200); - - $query = "SELECT a.email, e.title, a.mail_comments, a.mail_trackbacks - FROM {$serendipity['dbPrefix']}entries e, {$serendipity['dbPrefix']}authors a - WHERE e.id = '". (int)$id ."' - AND e.isdraft = 'false' - AND e.authorid = a.authorid"; - if (!serendipity_db_bool($serendipity['showFutureEntries'])) { - $query .= " AND e.timestamp <= " . serendipity_db_time(); - - } - - $row = serendipity_db_query($query, true); // Get info on author/entry - if (!is_array($row) || empty($id)) { - // No associated entry found. - return false; - } - - if (isset($commentInfo['subscribe'])) { - $subscribe = 'true'; - } else { - $subscribe = 'false'; - } - - $query = "INSERT INTO {$serendipity['dbPrefix']}comments (entry_id, parent_id, ip, author, email, url, body, type, timestamp, title, subscribed, status, referer)"; - $query .= " VALUES ('". (int)$id ."', '$parentid', '$ip', '$name', '$email', '$url', '$commentsFixed', '$type', '$t', '$title', '$subscribe', '$status', '$referer')"; - - serendipity_db_query($query); - $cid = serendipity_db_insert_id('comments', 'id'); - - // Send mail to the author if he chose to receive these mails, or if the comment is awaiting moderation - if (serendipity_db_bool($ca['moderate_comments']) - || ($type == 'NORMAL' && serendipity_db_bool($row['mail_comments'])) - || ($type == 'TRACKBACK' && serendipity_db_bool($row['mail_trackbacks']))) { - serendipity_sendComment($cid, $row['email'], $name, $email, $url, $id, $row['title'], $comments, $type, serendipity_db_bool($ca['moderate_comments'])); - } - - // Approve with force, if moderation is disabled - if (empty($ca['moderate_comments']) || serendipity_db_bool($ca['moderate_comments']) == false) { - serendipity_approveComment($cid, $id, true); - } - serendipity_purgeEntry($id, $t); + serendipity_insertComment($id, $commentInfo, $type, $source, $ca); return true; } else { return false; diff --git a/lang/UTF-8/serendipity_lang_de.inc.php b/lang/UTF-8/serendipity_lang_de.inc.php index b2622dc0..5bf0d685 100644 --- a/lang/UTF-8/serendipity_lang_de.inc.php +++ b/lang/UTF-8/serendipity_lang_de.inc.php @@ -920,3 +920,6 @@ @define('COMMENT_NOTOKENMATCH', 'Der Kommentar-Link ist nicht mehr gültig, oder Kommentar #%s wurde bereits akzeptiert oder gelöscht.'); @define('TRACKBACK_NOTOKENMATCH', 'Der Kommentar-Link ist nicht mehr gültig, oder Trackback #%s wurde bereits akzeptiert oder gelöscht.'); @define('BADTOKEN', 'Ungültiger Kommentar-Link'); + +@define('CONFIRMATION_MAIL_ALWAYS', "Hallo %s,\n\nSie haben einen neuen Kommentar zu \"%s\" erstellt. Ihr Kommentar war:\n\n%s\n\nDer Betreiber dieses Blogs hat die Bestätigung per E-Mail gewünscht, daher müssen Sie folgenden Link anklicken:\n<%s>\n"); +@define('CONFIRMATION_MAIL_ONCE', "Hallo %s,\n\nSie haben einen neuen Kommentar zu \"%s\" erstellt. Ihr Kommentar war:\n\n%s\n\nDer Betreiber dieses Blogs hat die Bestätigung per E-Mail gewünscht, daher müssen Sie folgenden Link anklicken:\n<%s>\n\nNachdem Sie dies getan haben, können Sie auf dem Blog jederzeit mit ihrem Namen und E-Mail-Adresse ohne weitere Freischaltung kommentieren."); diff --git a/lang/UTF-8/serendipity_lang_en.inc.php b/lang/UTF-8/serendipity_lang_en.inc.php index e284e36c..00fa11fb 100644 --- a/lang/UTF-8/serendipity_lang_en.inc.php +++ b/lang/UTF-8/serendipity_lang_en.inc.php @@ -920,3 +920,6 @@ @define('COMMENT_NOTOKENMATCH', 'Moderation link has expired or comment #%s has already been approved or deleted'); @define('TRACKBACK_NOTOKENMATCH', 'Moderation link has expired or trackback #%s has already been approved or deleted'); @define('BADTOKEN', 'Invalid Moderation Link'); + +@define('CONFIRMATION_MAIL_ALWAYS', "Hello %s,\n\nYou have sent a new comment to \"%s\". Your comment was:\n\n%s\n\nThe owner of the blog has enabled mail verification, so you need to click on the following link to authenticate your comment:\n<%s>\n"); +@define('CONFIRMATION_MAIL_ONCE', "Hello %s,\n\nYou have sent a new comment to \"%s\". Your comment was:\n\n%s\n\nThe owner of the blog has enabled one-time mail verification, so you need to click on the following link to authenticate your comment:\n<%s>\n\nAfter you have done that, you can always post comments on that blog with your username and e-mail address without receiving such notifications."); diff --git a/lang/serendipity_lang_de.inc.php b/lang/serendipity_lang_de.inc.php index f956e83f..24954a06 100644 --- a/lang/serendipity_lang_de.inc.php +++ b/lang/serendipity_lang_de.inc.php @@ -920,3 +920,6 @@ @define('COMMENT_NOTOKENMATCH', 'Der Kommentar-Link ist nicht mehr gültig, oder Kommentar #%s wurde bereits akzeptiert oder gelöscht.'); @define('TRACKBACK_NOTOKENMATCH', 'Der Kommentar-Link ist nicht mehr gültig, oder Trackback #%s wurde bereits akzeptiert oder gelöscht.'); @define('BADTOKEN', 'Ungültiger Kommentar-Link'); + +@define('CONFIRMATION_MAIL_ALWAYS', "Hallo %s,\n\nSie haben einen neuen Kommentar zu \"%s\" erstellt. Ihr Kommentar war:\n\n%s\n\nDer Betreiber dieses Blogs hat die Bestätigung per E-Mail gewünscht, daher müssen Sie folgenden Link anklicken:\n<%s>\n"); +@define('CONFIRMATION_MAIL_ONCE', "Hallo %s,\n\nSie haben einen neuen Kommentar zu \"%s\" erstellt. Ihr Kommentar war:\n\n%s\n\nDer Betreiber dieses Blogs hat die Bestätigung per E-Mail gewünscht, daher müssen Sie folgenden Link anklicken:\n<%s>\n\nNachdem Sie dies getan haben, können Sie auf dem Blog jederzeit mit ihrem Namen und E-Mail-Adresse ohne weitere Freischaltung kommentieren."); diff --git a/lang/serendipity_lang_en.inc.php b/lang/serendipity_lang_en.inc.php index 6501203e..3bad4ec1 100644 --- a/lang/serendipity_lang_en.inc.php +++ b/lang/serendipity_lang_en.inc.php @@ -920,3 +920,6 @@ @define('COMMENT_NOTOKENMATCH', 'Moderation link has expired or comment #%s has already been approved or deleted'); @define('TRACKBACK_NOTOKENMATCH', 'Moderation link has expired or trackback #%s has already been approved or deleted'); @define('BADTOKEN', 'Invalid Moderation Link'); + +@define('CONFIRMATION_MAIL_ALWAYS', "Hello %s,\n\nYou have sent a new comment to \"%s\". Your comment was:\n\n%s\n\nThe owner of the blog has enabled mail verification, so you need to click on the following link to authenticate your comment:\n<%s>\n"); +@define('CONFIRMATION_MAIL_ONCE', "Hello %s,\n\nYou have sent a new comment to \"%s\". Your comment was:\n\n%s\n\nThe owner of the blog has enabled one-time mail verification, so you need to click on the following link to authenticate your comment:\n<%s>\n\nAfter you have done that, you can always post comments on that blog with your username and e-mail address without receiving such notifications."); diff --git a/plugins/serendipity_event_spamblock/UTF-8/lang_de.inc.php b/plugins/serendipity_event_spamblock/UTF-8/lang_de.inc.php index 05444272..36457c1d 100644 --- a/plugins/serendipity_event_spamblock/UTF-8/lang_de.inc.php +++ b/plugins/serendipity_event_spamblock/UTF-8/lang_de.inc.php @@ -116,4 +116,8 @@ @define('PLUGIN_EVENT_SPAMBLOCK_TRACKBACKIPVALIDATION_DESC', 'Soll die IP des Senders bei Trackbacks/Pingbacks mit der IP des Hosts übereinstimmen, auf den der Kommentar gesetzt werden soll? (EMPFOHLEN!)'); @define('PLUGIN_EVENT_SPAMBLOCK_REASON_IPVALIDATION', 'IP Validierung : %s [%s] != Sender IP [%s]'); -?> +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_DESC', 'Falls deaktiviert wird keine E-Mail-Prüfung ausgeführt. Falls auf "Ja" gesetzt wird eine E-Mail-Adresse auf syntaktische Korrektheit geprüft. "Immer bestätigen" bedeutet, dass ein Kommentator seine Kommentare jedesmal per E-Mail bestätigen muss. "Einmal bestätigen" heißt, dass er beim ersten Kommentare seine Identität bestätigt, und danach immer ohne weitere Moderation kommentieren darf.'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ONCE', 'Einmal bestätigen'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ALWAYS', 'Immer bestätigen'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_MAIL', 'Sie erhalten nun eine E-Mail-Benachrichtigung, mit der Sie ihren Kommentar freischalten können.'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_INFO', 'Um einen Kommentar hinterlassen zu können, erhalten Sie nach dem Kommentieren eine E-Mail mit Aktivierungslink an ihre angegebene Adresse.'); diff --git a/plugins/serendipity_event_spamblock/lang_de.inc.php b/plugins/serendipity_event_spamblock/lang_de.inc.php index 5e185470..917d1f2f 100644 --- a/plugins/serendipity_event_spamblock/lang_de.inc.php +++ b/plugins/serendipity_event_spamblock/lang_de.inc.php @@ -116,4 +116,8 @@ @define('PLUGIN_EVENT_SPAMBLOCK_TRACKBACKIPVALIDATION_DESC', 'Soll die IP des Senders bei Trackbacks/Pingbacks mit der IP des Hosts übereinstimmen, auf den der Kommentar gesetzt werden soll? (EMPFOHLEN!)'); @define('PLUGIN_EVENT_SPAMBLOCK_REASON_IPVALIDATION', 'IP Validierung : %s [%s] != Sender IP [%s]'); -?> +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_DESC', 'Falls deaktiviert wird keine E-Mail-Prüfung ausgeführt. Falls auf "Ja" gesetzt wird eine E-Mail-Adresse auf syntaktische Korrektheit geprüft. "Immer bestätigen" bedeutet, dass ein Kommentator seine Kommentare jedesmal per E-Mail bestätigen muss. "Einmal bestätigen" heißt, dass er beim ersten Kommentare seine Identität bestätigt, und danach immer ohne weitere Moderation kommentieren darf.'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ONCE', 'Einmal bestätigen'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ALWAYS', 'Immer bestätigen'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_MAIL', 'Sie erhalten nun eine E-Mail-Benachrichtigung, mit der Sie ihren Kommentar freischalten können.'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_INFO', 'Um einen Kommentar hinterlassen zu können, erhalten Sie nach dem Kommentieren eine E-Mail mit Aktivierungslink an ihre angegebene Adresse.'); diff --git a/plugins/serendipity_event_spamblock/lang_en.inc.php b/plugins/serendipity_event_spamblock/lang_en.inc.php index 2d6ff163..be8b1699 100644 --- a/plugins/serendipity_event_spamblock/lang_en.inc.php +++ b/plugins/serendipity_event_spamblock/lang_en.inc.php @@ -128,4 +128,8 @@ @define('PLUGIN_EVENT_SPAMBLOCK_TRACKBACKIPVALIDATION_DESC', 'Should the IP of the sender match the IP of the host, a trackback/pingback is set to? (RECOMMENDED!)'); @define('PLUGIN_EVENT_SPAMBLOCK_REASON_IPVALIDATION', 'IP validation: %s [%s] != sender ip [%s]'); -?> +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_DESC', 'If disabled, no email checking will be performed. If set to "Yes", the commenting user must supply a valid e-mail address. If set to "Confirm always", the commenting user will need to approve his comments always via email (by clicking a mailed link). If set to "Confirm once", the user has to confirm his comment once and will then always be allowed to pass comment moderation.'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ONCE', 'Confirm once'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ALWAYS', 'Confirm always'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_MAIL', 'You will now receive an email notification with which you can approve your comment.'); +@define('PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_INFO', 'To leave a comment you must approve it via e-mail, which will be sent to your address after submission.'); diff --git a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php index fafa2ec6..cb3656c2 100644 --- a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php +++ b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php @@ -157,10 +157,15 @@ var $filter_defaults; break; case 'checkmail': - $propbag->add('type', 'boolean'); + $propbag->add('type', 'radio'); $propbag->add('name', PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL); - $propbag->add('description', ''); - $propbag->add('default', false); + $propbag->add('description', PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_DESC); + $propbag->add('default', 'false'); + $propbag->add('radio', array( + 'value' => array('false', 'true', 'verify_once', 'verify_always'), + 'desc' => array(NO, YES, PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ONCE, PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_ALWAYS) + )); + $propbag->add('radio_per_row', '1'); break; case 'required_fields': @@ -735,6 +740,7 @@ var $filter_defaults; $serendipity['csuccess'] = 'true'; $logfile = $this->logfile = $this->get_config('logfile', $serendipity['serendipityPath'] . 'spamblock.log'); $required_fields = $this->get_config('required_fields', ''); + $checkmail = $this->get_config('checkmail'); // Check CSRF [comments only, cannot be applied to trackbacks] if ($addData['type'] == 'NORMAL' && serendipity_db_bool($this->get_config('csrf', true))) { @@ -758,7 +764,7 @@ var $filter_defaults; } } } - + /* if ($addData['type'] != 'NORMAL' && empty($addData['name'])) { $eventData = array('allow_coments' => false); @@ -772,6 +778,26 @@ var $filter_defaults; return true; } + // Check if the user has verified himself via email already. + if ($addData['type'] == 'NORMAL' && (string)$checkmail === 'verify_once') { + $auth = serendipity_db_query("SELECT * + FROM {$serendipity['dbPrefix']}options + WHERE okey = 'mail_confirm' + AND name = '" . serendipity_db_escape_string($addData['email']) . "' + AND value = '" . serendipity_db_escape_string($addData['name']) . "'", true); + if (!is_array($auth)) { + $this->log($logfile, $eventData['id'], 'MODERATE', PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_MAIL, $addData); + $eventData['moderate_comments'] = true; + $eventData['status'] = 'confirm1'; + $serendipity['csuccess'] = 'moderate'; + $serendipity['moderate_reason'] = PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_MAIL; + return false; + } else { + // User is allowed to post message, bypassing other checks as if he were logged in. + return true; + } + } + // Check if entry title is the same as comment body if (serendipity_db_bool($this->get_config('entrytitle')) && trim($eventData['title']) == trim($addData['comment'])) { $this->log($logfile, $eventData['id'], 'REJECTED', PLUGIN_EVENT_SPAMBLOCK_REASON_TITLE, $addData); @@ -1103,6 +1129,15 @@ var $filter_defaults; } } + if ($addData['type'] == 'NORMAL' && (string)$checkmail === 'verify_always') { + $this->log($logfile, $eventData['id'], 'MODERATE', PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_MAIL, $addData); + $eventData['moderate_comments'] = true; + $eventData['status'] = 'confirm'; + $serendipity['csuccess'] = 'moderate'; + $serendipity['moderate_reason'] = PLUGIN_EVENT_SPAMBLOCK_CHECKMAIL_VERIFICATION_MAIL; + return false; + } + // Check invalid email if ($addData['type'] == 'NORMAL' && serendipity_db_bool($this->get_config('checkmail', false))) { if (!empty($addData['email']) && strstr($addData['email'], '@') === false) { @@ -1125,6 +1160,10 @@ var $filter_defaults; if (serendipity_db_bool($this->get_config('hide_email', false))) { echo '