Created
September 8, 2020 03:56
-
-
Save loveyu/eede8101a9dcca03fc7293621a1f6161 to your computer and use it in GitHub Desktop.
wordpress 自定义评论提交
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
header("Content-Type: text/html; charset=utf-8"); | |
function err($error){ | |
header('HTTP/1.1 405 Method Not Allowed'); | |
echo $error; | |
comment_error_record($error); | |
exit; | |
} | |
function is_black_author($author){ | |
$author = trim(strtolower($author)); | |
foreach([ | |
'seo', | |
'排行榜', | |
'销量', | |
'赚钱', | |
'新闻网', | |
'婚纱摄影', | |
'公司', | |
'网站优化', | |
'关键词', | |
'厂家', | |
'品牌', | |
'液压机', | |
'烘干机', | |
'服务器', | |
'生产', | |
'美容', | |
'护肤', | |
'教程', | |
'价格', | |
'培训', | |
'化妆', | |
'网贷', | |
'.com', | |
'销售'] as $p){ | |
if(strpos($author, $p) !== false){ | |
err("当前名称中不允许包含“{$p}”字符,请换个名字."); | |
} | |
} | |
} | |
//if('POST' != $_SERVER['REQUEST_METHOD']){ | |
if(!isset($_POST['comment_post_ID'])){ | |
header('Allow: POST'); | |
header('HTTP/1.1 405 Method Not Allowed'); | |
header('Content-Type: text/plain'); | |
exit; | |
} | |
require(dirname(__FILE__) . '/../../../wp-load.php'); | |
nocache_headers(); | |
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int)$_POST['comment_post_ID'] : 0; | |
$post = get_post($comment_post_ID); | |
if(empty($post->comment_status)){ | |
do_action('comment_id_not_found', $comment_post_ID); | |
err(__('Invalid comment status.')); | |
} | |
// get_post_status() will get the parent status for attachments. | |
$status = get_post_status($post); | |
$status_obj = get_post_status_object($status); | |
if(!comments_open($comment_post_ID)){ | |
do_action('comment_closed', $comment_post_ID); | |
err(__('Sorry, comments are closed for this item.')); | |
} elseif('trash' == $status){ | |
do_action('comment_on_trash', $comment_post_ID); | |
err(__('Invalid comment status.')); | |
} elseif(!$status_obj->public && !$status_obj->private){ | |
do_action('comment_on_draft', $comment_post_ID); | |
err(__('Invalid comment status.')); | |
} elseif(post_password_required($comment_post_ID)){ | |
do_action('comment_on_password_protected', $comment_post_ID); | |
err(__('Password Protected')); | |
} else{ | |
do_action('pre_comment_on_post', $comment_post_ID); | |
} | |
$comment_author = (isset($_POST['author'])) ? trim(strip_tags($_POST['author'])) : NULL; | |
$comment_author_email = (isset($_POST['email'])) ? trim($_POST['email']) : NULL; | |
$comment_author_url = (isset($_POST['url'])) ? trim($_POST['url']) : NULL; | |
$comment_content = (isset($_POST['comment'])) ? trim($_POST['comment']) : ""; | |
if(isset($_POST['wx7x']) && $_POST['wx7x']!="" && $comment_content===""){ | |
$comment_content = $_POST['wx7x']; | |
} | |
is_black_author($comment_author); | |
// If the user is logged in | |
$user = wp_get_current_user(); | |
if($user->exists()){ | |
if(empty($user->display_name)){ | |
$user->display_name = $user->user_login; | |
} | |
$comment_author = wp_slash($user->display_name); | |
$comment_author_email = wp_slash($user->user_email); | |
$comment_author_url = wp_slash($user->user_url); | |
if(current_user_can('unfiltered_html')){ | |
if(!isset($_POST['_wp_unfiltered_html_comment']) || !wp_verify_nonce($_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID) | |
){ | |
kses_remove_filters(); // start with a clean slate | |
kses_init_filters(); // set up the filters | |
} | |
} | |
} else{ | |
if(get_option('comment_registration') || 'private' == $status){ | |
err(__('Sorry, you must be logged in to post a comment.')); | |
} | |
} | |
$comment_type = ''; | |
if(get_option('require_name_email') && !$user->exists()){ | |
if(6 > strlen($comment_author_email) || '' == $comment_author){ | |
err(__('<strong>ERROR</strong>: please fill the required fields (name, email).')); | |
} elseif(!is_email($comment_author_email)){ | |
err(__('<strong>ERROR</strong>: please enter a valid email address.')); | |
} | |
} | |
if('' == $comment_content){ | |
err(__('<strong>ERROR</strong>: please type a comment.')); | |
} | |
//重复评论检测 | |
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '" . esc_sql($comment_post_ID) . "' AND ( comment_author = '$comment_author' "; | |
if($comment_author_email){ | |
$dupe .= "OR comment_author_email = '" . esc_sql($comment_author_email) . "' "; | |
} | |
$dupe .= ") AND comment_content = '" . esc_sql($comment_content) . "' LIMIT 1"; | |
if($wpdb->get_var($dupe)){ | |
err(__('Duplicate comment detected; it looks as though you’ve already said that!')); | |
} | |
//评论速度检测 | |
if($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))){ | |
$time_lastcomment = mysql2date('U', $lasttime, false); | |
$time_newcomment = mysql2date('U', current_time('mysql', 1), false); | |
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); | |
if($flood_die){ | |
err(__('你提交评论频率过快,可以等待十秒后重试!')); | |
} | |
} | |
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; | |
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); | |
$comment_id = wp_new_comment($commentdata); | |
$comment = get_comment($comment_id); | |
do_action('set_comment_cookies', $comment, $user); | |
$comment_depth = 1; //为评论的 class 属性准备的 | |
$tmp_c = $comment; | |
while($tmp_c->comment_parent != 0){ | |
$comment_depth++; | |
$tmp_c = get_comment($tmp_c->comment_parent); | |
} | |
?> | |
<li id="comment-<?php comment_ID(); ?>" <?php comment_class(empty($args['has_children']) ? '' : 'parent'); ?>> | |
<article id="div-comment-<?php comment_ID(); ?>" class="comment-body"> | |
<footer class="comment-meta"> | |
<div class="comment-author vcard"> | |
<?php echo get_avatar($comment, 42) ?> | |
<?php printf(__('%s <span class="says">says:</span>'), sprintf('<b class="fn">%s</b>', get_comment_author_link())); ?> | |
</div> | |
<div class="comment-metadata"> | |
<a href="<?php echo esc_url(get_comment_link($comment->comment_ID)); ?>"> | |
<time datetime="<?php comment_time('c'); ?>"> | |
<?php printf(_x('%1$s at %2$s', '1: date, 2: time'), get_comment_date(), get_comment_time()); ?> | |
</time> | |
</a> | |
<?php edit_comment_link(__('Edit'), '<span class="edit-link">', '</span>'); ?> | |
</div> | |
<?php if('0' == $comment->comment_approved) : ?> | |
<p class="comment-awaiting-moderation"><?php _e('Your comment is awaiting moderation.'); ?></p> | |
<?php endif; ?> | |
</footer> | |
<div class="comment-content"> | |
<?php comment_text(); ?> | |
</div> | |
<div class="reply"></div> | |
</article> | |
</li> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment