Control add_comment

P0WER

Joined: 2002-10-11
Posts: 2

Posted: Fri, 2002-10-11 05:44

hi

I modify the code to be able to control new the comment which is recorded on the page add_comment.php

Be careful !! you must have mail() fonction actived on php configuration
look at your phpinfo() if your're not sure or contact administrator.

/* existing code */

<?
// Hack check

if (strcmp($gallery->album->fields["public_comments"], "yes")) {
exit;
}
$error_text = "";

if (!strcmp($submit, "Save")) {
if ($commenter_name && $comment_text) {

$texte = stripslashes($comment_text);
$texte_url = urlencode($texte);
/* modification */

/*mail for post control of comment in gallery*/
$email_admin="comment-gallery@domaine.com";
$email_postmaster="postmaster@domaine.com";
$headers="Return-Path: ".$email_postmaster."rn";
$headers.="From: ".$email_admin."rn";
$sujet="Add of comment by".$commenter_name." in the gallery";

$date = date("d/m/Y");
$time = time("B / D d / j-m-Y / H:i:s");
$temps = getdate($time);
$dns = gethostbyaddr($REMOTE_ADDR);

$contenu=$sujet."rn";
$contenu.="rn"
."hi,

Summary of seized information:

Name : $commenter_name
IpNumber : $IPNumber
Comment : $texte
Photo :
http://www.domaine.com/gallery/search.php?searchstring=$texte_url

Enregistrement effectué le $date à $temps[hours]h$temps[minutes]m
par $REMOTE_ADDR - soit - $dns
avec $HTTP_USER_AGENT

mail("commentaire-gallery@domaine.com", $sujet, $contenu, $headers);

/* end modification */

$comment_text = removeTags($comment_text);
$commenter_name = removeTags($commenter_name);
$gallery->album->addComment($index, stripslashes($comment_text), $IPNumber, $commenter_name);
$gallery->album->save();
dismissAndReload();

..... continuation of the page ...

If you want bloked some IP, on the first line of code you can write :

if ( $REMOTE_ADDR == "193.252.194.83" ) { echo " sorry, it's impossible" ; die; }

Have a good day

David
http://www.annecyrandoroller.fr.fm

<A HREF="http://null" TARGET="_blank">null</A><A HREF="http://www.annecyrandoroller.fr.fm" TARGET="_blank">null</A>

mnstrgns

Joined: 2002-10-11
Posts: 2

Posted: Sat, 2002-10-12 16:56

I had a few probs as it was written
I modified the code as such below (with english translation)

<TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font class="pn-sub">Code:</font><HR></TD></TR><TR><TD><FONT class="pn-sub"><PRE>
<?
// Hack prevention.
if (!empty($HTTP_GET_VARS["GALLERY_BASEDIR"]) ||
!empty($HTTP_POST_VARS["GALLERY_BASEDIR"]) ||
!empty($HTTP_COOKIE_VARS["GALLERY_BASEDIR"])) {
print "Security violation
";
exit;
}
?>
<? require($GALLERY_BASEDIR . "init.php"); ?>
<?
// Hack check

if (strcmp($gallery->album->fields["public_comments"], "yes")) {
exit;
}

$error_text = "";

if (!strcmp($submit, "Save")) {
if ($commenter_name && $comment_text) {
$text = stripslashes($comment_text);
$text_url = urlencode($text);

/*mail for post control of comment in gallery*/
$email_admin="you@yourdomain.com";
$email_postmaster="you@yourdomain.com";
$headers="Return-Path: ".$email_postmaster."
";
$headers.="From: ".$email_admin."
";
$subject="Comment added by ".$commenter_name." to the gallery";

$date = date("d/m/Y");
$time = time("B / D d / j-m-Y / H:i:s");
$temps = getdate($time);
$dns = gethostbyaddr($REMOTE_ADDR);

$contents="
Summary of comment information:
Name : $commenter_name
IpNumber : $IPNumber
Comment : $text
Photo :
http://www.YOURDOMAIN.com/gallery/search.php?searchstring=$text_url

Recording carried out $date at $temps[hours]h$temps[minutes]m
by $REMOTE_ADDR
$dns with $HTTP_USER_AGENT ";
mail("you@yourdomain.com", $subject, $contents, $headers);

$comment_text = removeTags($comment_text);
$commenter_name = removeTags($commenter_name);
$gallery->album->addComment($index, stripslashes($comment_text), $IPNumber, $commenter_name);
$gallery->album->save();
dismissAndReload();
return;
} else {
$error_text = "Name and Comment are both required to save a new comment!";
}
}
?>
</TD></TR></TABLE>

P0WER

Joined: 2002-10-11
Posts: 2

Posted: Sat, 2002-10-12 19:49

Hello,

Sorry for my english, but i'm french

thank for the modification in the script, but I think the probleme can be fonction of magic_quote on your server.

Now, 2 news challenge :smile:

How find the photo without use the page shearch.php ? or how deleted a comment by a link on the mail ? :smile

good night

ajs279

Joined: 2002-09-01
Posts: 23

Posted: Wed, 2002-12-04 04:55

Quote:

How find the photo without use the page shearch.php ? or how deleted a comment by a link on the mail ? :smile

$photolocation=$gallery->album->getPhotoPath($index, $full)
as suggested by Beckett, will give you url of the photo as it sits in the albums directory. But that's no good, because you see only the picture file, and not the rest of the gallery appended stuff like comments, fwd/back, etc. I'm trying to figure out a way to strip the url and then add it to a hardcoded url (ie gallery/+filename instead of albums/filename), but I think there's an easier way to do it. Have to search through more of the files in teh classes directory.

beckett

Joined: 2002-08-16
Posts: 3474

Posted: Wed, 2002-12-04 05:50

Okay. I think :wink: I see what you're getting at.

Wouldn't you be able to generate the link... thus: (? :roll: )

We'd have somewhere near the top:

$id = $gallery->album->getPhotoId($index);
$myURL = makeAlbumUrl($albumName, $id);

Then in the text of the e-mail we'd have:

" ........ Photo : $myURL ....... "

Can someone try that out to see if I'm barking up the right tree?

As for a link from the e-mail to automatically delete? Hmm... not securely. You have to be logged in to be able to delete a comment... And you can't log in via the URL. You could do it insecurely by not authenticating... but then anyone could erase the comment if they knew the right URL. Hmm. Lemme think on that a bit.

-Beckett (

)

ajs279

Joined: 2002-09-01
Posts: 23

Posted: Fri, 2002-12-06 03:19

This didn't work out of the box, and I couldn't find the function code for makeAlbumUrl. But I looked through some other files and decided to preface the $albumName argument with gallery->session-> so I get this, it seemed reasonable:

$id = $gallery->album->getPhotoId($index);
$myURL = makeAlbumUrl($gallery->session->albumName, $id);

...and surprisingly it worked! Thanks Beckett!

midkiff

Joined: 2003-06-27
Posts: 70

Posted: Tue, 2003-09-09 21:09

I am getting the following error
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/mydamnpa/public_html/pics/add_comment.php:41) in /home/mydamnpa/public_html/pics/session.php on line 51

Enter your comment for this picture in the text box below.

After adding:
<?

// Hack prevention.

if (!empty($HTTP_GET_VARS["GALLERY_BASEDIR"]) ||

!empty($HTTP_POST_VARS["GALLERY_BASEDIR"]) ||

!empty($HTTP_COOKIE_VARS["GALLERY_BASEDIR"])) {

print "Security violation

";

exit;

}

?>

<? require($GALLERY_BASEDIR . "init.php"); ?>

<?

// Hack check

if (strcmp($gallery->album->fields["public_comments"], "yes")) {

exit;

}

$error_text = "";

if (!strcmp($submit, "Save")) {

if ($commenter_name && $comment_text) {

$text = stripslashes($comment_text);

$text_url = urlencode($text);

/*mail for post control of comment in gallery*/

$email_admin="admin@mydamnpage.com";

$email_postmaster="admin@mydamnpage.com";

$headers="Return-Path: ".$email_postmaster."

";

$headers.="From: ".$email_admin."

";

$subject="Comment added by ".$commenter_name." to the gallery";

$date = date("d/m/Y");

$time = time("B / D d / j-m-Y / H:i:s");

$temps = getdate($time);

$dns = gethostbyaddr($REMOTE_ADDR);

$contents="

Summary of comment information:

Name : $commenter_name

IpNumber : $IPNumber

Comment : $text

Photo :

http://www.mydamnpage.com/pics/search.php?searchstring=$text_url

Recording carried out $date at $temps[hours]h$temps[minutes]m

by $REMOTE_ADDR

$dns with $HTTP_USER_AGENT ";

mail("admin@mydamnpage.com", $subject, $contents, $headers);

$comment_text = removeTags($comment_text);

$commenter_name = removeTags($commenter_name);

$gallery->album->addComment($index, stripslashes($comment_text), $IPNumber, $commenter_name);

$gallery->album->save();

dismissAndReload();

return;

} else {

$error_text = "Name and Comment are both required to save a new comment!";

}

?>

Anyone have any ideas?

midkiff

Joined: 2003-06-27
Posts: 70

Posted: Tue, 2003-09-09 21:15

Nevermind i fixed it

P0WER Joined: 2002-10-11 Posts: 2	Posted: Fri, 2002-10-11 05:44
	hi I modify the code to be able to control new the comment which is recorded on the page add_comment.php Be careful !! you must have mail() fonction actived on php configuration look at your phpinfo() if your're not sure or contact administrator. /* existing code / <? // Hack check if (strcmp($gallery->album->fields["public_comments"], "yes")) { exit; } $error_text = ""; if (!strcmp($submit, "Save")) { if ($commenter_name && $comment_text) { $texte = stripslashes($comment_text); $texte_url = urlencode($texte); / modification / /mail for post control of comment in gallery/ $email_admin="comment-gallery@domaine.com"; $email_postmaster="postmaster@domaine.com"; $headers="Return-Path: ".$email_postmaster."rn"; $headers.="From: ".$email_admin."rn"; $sujet="Add of comment by".$commenter_name." in the gallery"; $date = date("d/m/Y"); $time = time("B / D d / j-m-Y / H:i:s"); $temps = getdate($time); $dns = gethostbyaddr($REMOTE_ADDR); $contenu=$sujet."rn"; $contenu.="rn" ."hi, Summary of seized information: Name : $commenter_name IpNumber : $IPNumber Comment : $texte Photo : http://www.domaine.com/gallery/search.php?searchstring=$texte_url Enregistrement effectué le $date à $temps[hours]h$temps[minutes]m par $REMOTE_ADDR - soit - $dns avec $HTTP_USER_AGENT mail("commentaire-gallery@domaine.com", $sujet, $contenu, $headers); / end modification */ $comment_text = removeTags($comment_text); $commenter_name = removeTags($commenter_name); $gallery->album->addComment($index, stripslashes($comment_text), $IPNumber, $commenter_name); $gallery->album->save(); dismissAndReload(); ..... continuation of the page ... If you want bloked some IP, on the first line of code you can write : if ( $REMOTE_ADDR == "193.252.194.83" ) { echo " sorry, it's impossible" ; die; } Have a good day David http://www.annecyrandoroller.fr.fm <!-- BBCode Start --><A HREF="http://null" TARGET="_blank">null</A><!-- BBCode End --><!-- BBCode Start --><A HREF="http://www.annecyrandoroller.fr.fm" TARGET="_blank">null</A><!-- BBCode End -->
	XUser login Username: * Password: * Create new account Request new password
mnstrgns Joined: 2002-10-11 Posts: 2	Posted: Sat, 2002-10-12 16:56
	I had a few probs as it was written I modified the code as such below (with english translation) <!-- BBCode Start --><TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font class="pn-sub">Code:</font><HR></TD></TR><TR><TD><FONT class="pn-sub"><PRE> <? // Hack prevention. if (!empty($HTTP_GET_VARS["GALLERY_BASEDIR"]) \|\| !empty($HTTP_POST_VARS["GALLERY_BASEDIR"]) \|\| !empty($HTTP_COOKIE_VARS["GALLERY_BASEDIR"])) { print "Security violation "; exit; } ?> <? require($GALLERY_BASEDIR . "init.php"); ?> <? // Hack check if (strcmp($gallery->album->fields["public_comments"], "yes")) { exit; } $error_text = ""; if (!strcmp($submit, "Save")) { if ($commenter_name && $comment_text) { $text = stripslashes($comment_text); $text_url = urlencode($text); /mail for post control of comment in gallery/ $email_admin="you@yourdomain.com"; $email_postmaster="you@yourdomain.com"; $headers="Return-Path: ".$email_postmaster." "; $headers.="From: ".$email_admin." "; $subject="Comment added by ".$commenter_name." to the gallery"; $date = date("d/m/Y"); $time = time("B / D d / j-m-Y / H:i:s"); $temps = getdate($time); $dns = gethostbyaddr($REMOTE_ADDR); $contents=" Summary of comment information: Name : $commenter_name IpNumber : $IPNumber Comment : $text Photo : http://www.YOURDOMAIN.com/gallery/search.php?searchstring=$text_url Recording carried out $date at $temps[hours]h$temps[minutes]m by $REMOTE_ADDR $dns with $HTTP_USER_AGENT "; mail("you@yourdomain.com", $subject, $contents, $headers); $comment_text = removeTags($comment_text); $commenter_name = removeTags($commenter_name); $gallery->album->addComment($index, stripslashes($comment_text), $IPNumber, $commenter_name); $gallery->album->save(); dismissAndReload(); return; } else { $error_text = "Name and Comment are both required to save a new comment!"; } } ?> </TD></TR></TABLE><!-- BBCode End -->

P0WER Joined: 2002-10-11 Posts: 2	Posted: Sat, 2002-10-12 19:49
	Hello, Sorry for my english, but i'm french thank for the modification in the script, but I think the probleme can be fonction of magic_quote on your server. Now, 2 news challenge :smile: How find the photo without use the page shearch.php ? or how deleted a comment by a link on the mail ? :smile good night

ajs279 Joined: 2002-09-01 Posts: 23	Posted: Wed, 2002-12-04 04:55
	Quote: How find the photo without use the page shearch.php ? or how deleted a comment by a link on the mail ? :smile $photolocation=$gallery->album->getPhotoPath($index, $full) as suggested by Beckett, will give you url of the photo as it sits in the albums directory. But that's no good, because you see only the picture file, and not the rest of the gallery appended stuff like comments, fwd/back, etc. I'm trying to figure out a way to strip the url and then add it to a hardcoded url (ie gallery/+filename instead of albums/filename), but I think there's an easier way to do it. Have to search through more of the files in teh classes directory.

beckett Joined: 2002-08-16 Posts: 3474	Posted: Wed, 2002-12-04 05:50
	Okay. I think :wink: I see what you're getting at. Wouldn't you be able to generate the link... thus: (? :roll: ) We'd have somewhere near the top: $id = $gallery->album->getPhotoId($index); $myURL = makeAlbumUrl($albumName, $id); Then in the text of the e-mail we'd have: " ........ Photo : $myURL ....... " Can someone try that out to see if I'm barking up the right tree? As for a link from the e-mail to automatically delete? Hmm... not securely. You have to be logged in to be able to delete a comment... And you can't log in via the URL. You could do it insecurely by not authenticating... but then anyone could erase the comment if they knew the right URL. Hmm. Lemme think on that a bit. -Beckett ( )

ajs279 Joined: 2002-09-01 Posts: 23	Posted: Fri, 2002-12-06 03:19
	This didn't work out of the box, and I couldn't find the function code for makeAlbumUrl. But I looked through some other files and decided to preface the $albumName argument with gallery->session-> so I get this, it seemed reasonable: $id = $gallery->album->getPhotoId($index); $myURL = makeAlbumUrl($gallery->session->albumName, $id); ...and surprisingly it worked! Thanks Beckett!

midkiff Joined: 2003-06-27 Posts: 70	Posted: Tue, 2003-09-09 21:09
	I am getting the following error Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/mydamnpa/public_html/pics/add_comment.php:41) in /home/mydamnpa/public_html/pics/session.php on line 51 Enter your comment for this picture in the text box below. After adding: <? // Hack prevention. if (!empty($HTTP_GET_VARS["GALLERY_BASEDIR"]) \|\| !empty($HTTP_POST_VARS["GALLERY_BASEDIR"]) \|\| !empty($HTTP_COOKIE_VARS["GALLERY_BASEDIR"])) { print "Security violation "; exit; } ?> <? require($GALLERY_BASEDIR . "init.php"); ?> <? // Hack check if (strcmp($gallery->album->fields["public_comments"], "yes")) { exit; } $error_text = ""; if (!strcmp($submit, "Save")) { if ($commenter_name && $comment_text) { $text = stripslashes($comment_text); $text_url = urlencode($text); /mail for post control of comment in gallery/ $email_admin="admin@mydamnpage.com"; $email_postmaster="admin@mydamnpage.com"; $headers="Return-Path: ".$email_postmaster." "; $headers.="From: ".$email_admin." "; $subject="Comment added by ".$commenter_name." to the gallery"; $date = date("d/m/Y"); $time = time("B / D d / j-m-Y / H:i:s"); $temps = getdate($time); $dns = gethostbyaddr($REMOTE_ADDR); $contents=" Summary of comment information: Name : $commenter_name IpNumber : $IPNumber Comment : $text Photo : http://www.mydamnpage.com/pics/search.php?searchstring=$text_url Recording carried out $date at $temps[hours]h$temps[minutes]m by $REMOTE_ADDR $dns with $HTTP_USER_AGENT "; mail("admin@mydamnpage.com", $subject, $contents, $headers); $comment_text = removeTags($comment_text); $commenter_name = removeTags($commenter_name); $gallery->album->addComment($index, stripslashes($comment_text), $IPNumber, $commenter_name); $gallery->album->save(); dismissAndReload(); return; } else { $error_text = "Name and Comment are both required to save a new comment!"; } } ?> Anyone have any ideas?

midkiff Joined: 2003-06-27 Posts: 70	Posted: Tue, 2003-09-09 21:15
	Nevermind i fixed it

Control add_comment

XUser login