otoz na mojej stronie mam mozliwosc dodawania komentarzy, problem polega na tym ze jakies robociki coraz wiecej spamuja i dodaja niechciany przeze mnie tekst
sam malo sie znam na php i mialbym prosbe czy ktos nie pomogl by mi w przerobieniu skryptu dodawania komentarzy?
chodziloby o to aby skrypt "rozpoznawał" czy w tekscie sa ciagi znakow (bez wzgledu na wielkosc liter):
<a
[url
jezeli tak to nie dodawal by komentarza i zwracal komunikat: cos jak jest w anti-flood
tak wyglada kod dodawania komentarza (mam nadzieje ze caly):
Kod
//------------------------------------------------------ comment registeration
if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
{
$register_comment = true;
$author = !empty($_POST['author'])?$_POST['author']:$lang['guest'];
// if a guest try to use the name of an already existing user, he must be
// rejected
if ( $author != $user['username'] )
{
$query = 'SELECT COUNT(*) AS user_exists';
$query.= ' FROM '.USERS_TABLE;
$query.= " WHERE username = '".$author."'";
$query.= ';';
$row = mysql_fetch_array( pwg_query( $query ) );
if ( $row['user_exists'] == 1 )
{
$template->assign_block_vars(
'information',
array('INFORMATION'=>$lang['comment_user_exists']));
$register_comment = false;
}
}
if ( $register_comment )
{
// anti-flood system
$reference_date = time() - $conf['anti-flood_time'];
$query = 'SELECT id FROM '.COMMENTS_TABLE;
$query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
$query.= " AND author = '".$author."'";
$query.= ';';
if ( mysql_num_rows( pwg_query( $query ) ) == 0
or $conf['anti-flood_time'] == 0 )
{
$query = 'INSERT INTO '.COMMENTS_TABLE;
$query.= ' (author,date,image_id,content,validated) VALUES (';
$query.= "'".$author."'";
$query.= ',NOW(),'.$_GET['image_id'];
$query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
{
$query.= ",'true'";
}
else
{
$query.= ",'false'";
}
$query.= ');';
pwg_query( $query );
// information message
$message = $lang['comment_added'];
if ( $conf['comments_validation'] and $user['status'] != 'admin' )
{
$message.= '<br />'.$lang['comment_to_validate'];
}
$template->assign_block_vars('information',
array('INFORMATION'=>$message));
// notification to the administrators
if ( $conf['mail_notification'] )
{
// find any related category (can be unreachable to this admin)
$category = $related_categories[0];
// locally, we change the $conf['level_separator']
$conf_separator = $conf['level_separator'];
$conf['level_separator'] = ' > ';
$cat_name = get_cat_display_name_cache($category['uppercats'],
'',
false);
$conf['level_separator'] = $conf_separator;
$cat_name = strip_tags( $cat_name );
notify( 'comment', $cat_name.' > '.$picture['current']['name']);
}
}
else
{
// information message
$template->assign_block_vars(
'information',
array('INFORMATION'=>$lang['comment_anti-flood']));
}
}
}
if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
{
$register_comment = true;
$author = !empty($_POST['author'])?$_POST['author']:$lang['guest'];
// if a guest try to use the name of an already existing user, he must be
// rejected
if ( $author != $user['username'] )
{
$query = 'SELECT COUNT(*) AS user_exists';
$query.= ' FROM '.USERS_TABLE;
$query.= " WHERE username = '".$author."'";
$query.= ';';
$row = mysql_fetch_array( pwg_query( $query ) );
if ( $row['user_exists'] == 1 )
{
$template->assign_block_vars(
'information',
array('INFORMATION'=>$lang['comment_user_exists']));
$register_comment = false;
}
}
if ( $register_comment )
{
// anti-flood system
$reference_date = time() - $conf['anti-flood_time'];
$query = 'SELECT id FROM '.COMMENTS_TABLE;
$query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
$query.= " AND author = '".$author."'";
$query.= ';';
if ( mysql_num_rows( pwg_query( $query ) ) == 0
or $conf['anti-flood_time'] == 0 )
{
$query = 'INSERT INTO '.COMMENTS_TABLE;
$query.= ' (author,date,image_id,content,validated) VALUES (';
$query.= "'".$author."'";
$query.= ',NOW(),'.$_GET['image_id'];
$query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
{
$query.= ",'true'";
}
else
{
$query.= ",'false'";
}
$query.= ');';
pwg_query( $query );
// information message
$message = $lang['comment_added'];
if ( $conf['comments_validation'] and $user['status'] != 'admin' )
{
$message.= '<br />'.$lang['comment_to_validate'];
}
$template->assign_block_vars('information',
array('INFORMATION'=>$message));
// notification to the administrators
if ( $conf['mail_notification'] )
{
// find any related category (can be unreachable to this admin)
$category = $related_categories[0];
// locally, we change the $conf['level_separator']
$conf_separator = $conf['level_separator'];
$conf['level_separator'] = ' > ';
$cat_name = get_cat_display_name_cache($category['uppercats'],
'',
false);
$conf['level_separator'] = $conf_separator;
$cat_name = strip_tags( $cat_name );
notify( 'comment', $cat_name.' > '.$picture['current']['name']);
}
}
else
{
// information message
$template->assign_block_vars(
'information',
array('INFORMATION'=>$lang['comment_anti-flood']));
}
}
}