PHP Script Recalling URL - SOLVED
Posted: Wed Oct 24, 2007 10:36 pm
Hi there. I have no experience with php or writing scripts. I just know basic html and asp. So, I am using this free comment script so that people can leave comments on my site. The script documentation says that it will recognize each different page that it is included in and only post comments for this page. But it is not doing this for me. Every single comment is registering just my home domain. And in my admin file, where i should be able to see the comments listed by url, I am unable to. The function is very simple, just one file. Can anyone look at it and see if there is something which could be done?
The variable href is coming from another file, the form template, and is
solved: by myself!! wow! REQUEST_URI was not recognized on my server but SCRIPT_NAME was.
Code: Select all
<?
/*
Scriptsmill comments script v1.03
Copyright (C) 2005-2006 ScriptsMill
E-Mail: info@scriptsmill.com
URL: http://www.scriptsmill.com
Author: Stanislav Perederiy
This file is part of ScriptsMill Comments.
ScriptsMill Comments is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
ScriptsMill Comments is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with ScriptsMill Comments; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
$COM_CONF['full_path'] = dirname(__FILE__);
include("{$COM_CONF['full_path']}/config.php");
if (! $COM_CONF['dbhost']) {
echo 'It seems that comments script is not properly installed. See readme.txt for more info.';
}
require("{$COM_CONF['full_path']}/lang/lang_{$COM_CONF['lang']}.php");
require("{$COM_CONF['full_path']}/akismet-class.php");
$comments_db_link = mysql_connect($COM_CONF['dbhost'],$COM_CONF['dbuser'],$COM_CONF['dbpassword']);
mysql_select_db($COM_CONF['dbname'], $comments_db_link);
main();
function main() {
if ($_REQUEST['action'] == 'add'){
add();
}
elseif ($_REQUEST['action'] == 'unsub'){
unsub();
}
elseif (1) {
view();
}
}
function check_for_errors() {
global $comments_db_link, $COM_CONF, $COM_LANG;
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$result = mysql_query("SELECT ip FROM {$COM_CONF['dbbannedipstable']} WHERE ip='$ip'", $comments_db_link);
if (mysql_num_rows($result)>0) {
$error_message.=$COM_LANG['not_allowed'] . "<br />";
}
if ($_REQUEST['disc_name'] == '') {
$error_message.=$_REQUEST['r_disc_name'] . "<br />";
}
if ($_REQUEST['disc_body'] == '') {
$error_message.=$_REQUEST['r_disc_body'] . "<br />";
}
if ($_REQUEST['disc_email'] != '') {
if (!is_email($_REQUEST['disc_email'])) {
$error_message.="Invalid email address" . "<br />";
}
}
return $error_message;
}
function flood_protection($INPUT) {
global $comments_db_link, $COM_CONF, $COM_LANG;
$result = mysql_query("select time from {$COM_CONF['dbmaintable']} where ip='{$_SERVER['REMOTE_ADDR']}' AND (UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP( time )) < {$COM_CONF['anti_flood_pause']}", $comments_db_link);
if (mysql_num_rows($result)>0) {
$error_message="Flood detected";
return $error_message;
}
$result = mysql_query("select ID from {$COM_CONF['dbmaintable']} where text='{$INPUT['disc_body']}' AND author='{$INPUT['disc_name']}' AND href='{$INPUT['href']}'", $comments_db_link);
if (mysql_num_rows($result)>0) {
$error_message="Flood detected";
return $error_message;
}
return "";
}
function spam_check($email, $name, $url, $text, $path_to_page, $ip) {
global $COM_CONF, $comments_db_link;
$try = 0;
while (!$valid && $try <= 3) {
// Initialize and verify API key
$akismet = new Akismet($COM_CONF['site_url'], $COM_CONF['akismet_apikey']);
$result = $akismet->isKeyValid();
// Possible values: 'valid', 'invalid', 'no connect'
if ($result != 'valid') {
if (($result == 'invalid')) {
// Invalid key
return 2;
} else {
// Could not connect to the Akismet server
$try++;
}
}
else {
$valid = 1;
}
}
if (!$valid) {
return 3; // Could not connect to the Akismet server
}
// Pass comment info to the class
$akismet->setCommentAuthorEmail($email);
$akismet->setCommentAuthor($name);
$akismet->setCommentAuthorURL($url);
$akismet->setCommentContent($text);
$akismet->setUserIP($ip);
$akismet->setPermalink($COM_CONF['site_url'] . $path_to_page);
$akismet->setCommentType('Comment');
$try = 0;
while ($try <= 3) {
// Check the comment for spam
$result = $akismet->isCommentSpam();
// Possible values: 'false' (not spam), 'true' (spam), 'no connect'
if ($result != 'false') {
if ($result == 'true') {
// The comment is spam
return 1;
} else {
// Could not connect to the Akismet server
$try++;
}
} else {
return 0;
}
}
return 3; // Could not connect to the Akismet server
}
function add() {
global $comments_db_link, $COM_CONF, $COM_LANG;
foreach ($_REQUEST as $key => $value) {
if ($key == 'disc_body') {
$comment_text=stripslashes($value);
}
$_REQUEST[$key] = str_replace('<', '<', $_REQUEST[$key]);
$_REQUEST[$key] = str_replace('>', '>', $_REQUEST[$key]);
if (get_magic_quotes_gpc()) {
$_REQUEST[$key] = stripslashes($_REQUEST[$key]);
}
$_REQUEST[$key] = mysql_escape_string($_REQUEST[$key]);
}
$_REQUEST['href'] = str_replace('%2F', '/', $_REQUEST['href']);
$_REQUEST['href'] = str_replace('%3F', '?', $_REQUEST['href']);
$_REQUEST['href'] = str_replace('%26', '&', $_REQUEST['href']);
$_REQUEST['href'] = str_replace('%3D', '=', $_REQUEST['href']);
if ($_REQUEST['dont_show_email'] != '') { $dont_show="1"; }
else { $dont_show="0"; }
$error_message = check_for_errors();
$error_message .= flood_protection($_REQUEST);
if ($COM_CONF['ckeck_for_spam']) {
if (!$error_message) {
$spam_check_result = spam_check($_REQUEST['disc_email'], $_REQUEST['disc_name'], "", $comment_text, $_REQUEST['href'], "");
if ($spam_check_result == 1) {
$error_message .= "<br>Your comment suspected as spam.";
mysql_query("INSERT INTO {$COM_CONF['dbjunktable']} VALUES (NULL, NOW(), '{$_REQUEST['href']}', '{$_REQUEST['disc_body']}', '{$_REQUEST['disc_name']}', '{$_REQUEST['disc_email']}', '$dont_show', '{$_SERVER['REMOTE_ADDR']}')", $comments_db_link);
}
if ($spam_check_result == 2) {
$error_message .= "<br>Invalid WordPress API key";
}
if ($spam_check_result == 3) {
$error_message .= "<br>Could not connect to the Akismet server";
}
}
}
if ($error_message) {
print "The following errors occured:<br>$error_message<br><br>
Please <a href=\"javascript:history.go(-1)\">get back</a> and try again.";
return 0;
}
mysql_query("INSERT INTO {$COM_CONF['dbmaintable']} VALUES (NULL, NOW(), '{$_REQUEST['href']}', '{$_REQUEST['disc_body']}', '{$_REQUEST['disc_name']}', '{$_REQUEST['disc_email']}', '$dont_show', '{$_SERVER['REMOTE_ADDR']}')", $comments_db_link);
if ($_REQUEST['email_me'] != '' && $_REQUEST['disc_email'] != '') {
$result = mysql_query("select COUNT(*) from {$COM_CONF['dbemailstable']} where href='{$_REQUEST['href']}' AND email='{$_REQUEST['disc_email']}'", $comments_db_link);
list ($count) = mysql_fetch_row($result);
if ($count == 0) {
$hash=md5($email . $COM_CONF['copy_random_seed']);
mysql_query("INSERT INTO {$COM_CONF['dbemailstable']} VALUES (NULL, '{$_REQUEST['disc_email']}', '{$_REQUEST['href']}', '$hash')", $comments_db_link);
}
}
if ($COM_CONF['email_admin']) {
notify_admin($_REQUEST['href'], $_REQUEST['disc_name'], $_REQUEST['disc_email'], $comment_text, "{$_SERVER['REMOTE_ADDR']}, {$_SERVER['HTTP_USER_AGENT']}");
}
notify_users($_REQUEST['href'], $_REQUEST['disc_name'], $_REQUEST['disc_email']);
header("HTTP/1.1 302");
header("Location: {$COM_CONF['site_url']}{$_REQUEST['href']}");
print "<a href=\"{$COM_CONF['site_url']}{$_REQUEST['href']}\">Click here to get back.</a>";
}
function notify_admin($href, $name, $email, $text, $ip) {
global $comments_db_link, $COM_CONF, $COM_LANG;
$headers = "From: Comments <{$COM_CONF['email_from']}>\r\n";
$text_of_message="
{$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href
{$COM_LANG['email_from']}: $name <$email>
$text
$ip
";
mail($COM_CONF['email_admin'], "{$COM_LANG['email_new_comment']} $href", $text_of_message, $headers);
}
function notify_users($href, $name, $email_from) {
global $comments_db_link, $COM_CONF, $COM_LANG;
$headers = "From: Comments <{$COM_CONF['email_from']}>\n";
$result=mysql_query("select email, hash from {$COM_CONF['dbemailstable']} where href='$href'", $comments_db_link);
while (list($email, $hash) = mysql_fetch_row($result)) {
if ($email != $email_from) {
$text_of_message="
{$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href
{$COM_LANG['email_from']}: $name
{$COM_LANG['email_to_unsubscribe']}
{$COM_CONF['site_url']}{$COM_CONF['script_url']}?action=unsub&page=$href&id=$hash
";
mail($email, "{$COM_LANG['email_new_comment']} $href",$text_of_message, $headers);
}
}
}
function unsub() {
global $comments_db_link, $COM_CONF, $COM_LANG;
$id=mysql_escape_string($_REQUEST['id']);
$href=mysql_escape_string($_REQUEST['page']);
mysql_query("delete from {$COM_CONF['dbemailstable']} where href='$href' AND hash='$id'", $comments_db_link);
if (mysql_affected_rows() > 0) {
print "{$COM_LANG['unsubscribed']}";
}
else {
print "{$COM_LANG['not_unsubscribed']}";
}
}
function view() {
global $comments_db_link, $COM_CONF, $COM_LANG;
$request_uri = mysql_escape_string($_SERVER['REQUEST_URI']);
$result = mysql_query("select time, text, author, email, dont_show_email from {$COM_CONF['dbmaintable']} where href='$request_uri' order by time {$COM_CONF['sort_order']}", $comments_db_link);
$comments_count=0;
$time=$text=$author=$email=$dont_show_email=array();
while (list($time[$comments_count], $text[$comments_count], $author[$comments_count], $email[$comments_count], $dont_show_email[$comments_count])=mysql_fetch_array($result)) {
$text[$comments_count] = wordwrap($text[$comments_count], 75, "\n", 1);
$time[$comments_count] = format_date($time[$comments_count]);
$comments_count++;
}
require("{$COM_CONF['full_path']}/templates/{$COM_CONF['template']}.php");
}
function format_date ($date) {
global $COM_LANG;
$year = substr($date, 0, 4);
$month = intval(substr($date, 5, 2)) - 1;
$day = substr($date, 8, 2);
$hour = substr($date, 11, 2);
$min = substr($date, 14, 2);
return "$day {$COM_LANG['months'][$month]} $year, $hour:$min";
}
function is_email($Addr)
{
$p = '/^[a-z0-9!#$%&*+-=?^_`{|}~]+(\.[a-z0-9!#$%&*+-=?^_`{|}~]+)*';
$p.= '@([-a-z0-9]+\.)+([a-z]{2,3}';
$p.= '|info|arpa|aero|coop|name|museum)$/ix';
return preg_match($p, $Addr);
}
?>Code: Select all
<input type=hidden name="href" value="{$_SERVER['REQUEST_URI']}">