loveyu/comments-ajax-8Lxhzl32Y243.php

## comments-ajax-8Lxhzl32Y243.php
<?php
header("Content-Type: text/html; charset=utf-8");
function err($error){
	header('HTTP/1.1 405 Method Not Allowed');
	echo $error;
	comment_error_record($error);
	exit;
}

function is_black_author($author){
	$author = trim(strtolower($author));
	foreach([
		'seo',
		'排行榜',
		'销量',
		'赚钱',
		'新闻网',
		'婚纱摄影',
		'公司',
		'网站优化',
		'关键词',
		'厂家',
		'品牌',
		'液压机',
		'烘干机',
		'服务器',
		'生产',
		'美容',
		'护肤',
		'教程',
		'价格',
		'培训',
		'化妆',
		'网贷',
		'.com',
		'销售'] as $p){
		if(strpos($author, $p) !== false){
			err("当前名称中不允许包含“{$p}”字符，请换个名字.");
		}
	}
}

//if('POST' != $_SERVER['REQUEST_METHOD']){
if(!isset($_POST['comment_post_ID'])){
	header('Allow: POST');
	header('HTTP/1.1 405 Method Not Allowed');
	header('Content-Type: text/plain');
	exit;
}
require(dirname(__FILE__) . '/../../../wp-load.php');
nocache_headers();

$comment_post_ID = isset($_POST['comment_post_ID']) ? (int)$_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
if(empty($post->comment_status)){
	do_action('comment_id_not_found', $comment_post_ID);
	err(__('Invalid comment status.'));
}

// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);

$status_obj = get_post_status_object($status);

if(!comments_open($comment_post_ID)){
	do_action('comment_closed', $comment_post_ID);
	err(__('Sorry, comments are closed for this item.'));
} elseif('trash' == $status){
	do_action('comment_on_trash', $comment_post_ID);
	err(__('Invalid comment status.'));
} elseif(!$status_obj->public && !$status_obj->private){
	do_action('comment_on_draft', $comment_post_ID);
	err(__('Invalid comment status.'));
} elseif(post_password_required($comment_post_ID)){
	do_action('comment_on_password_protected', $comment_post_ID);
	err(__('Password Protected'));
} else{
	do_action('pre_comment_on_post', $comment_post_ID);
}

$comment_author = (isset($_POST['author'])) ? trim(strip_tags($_POST['author'])) : NULL;
$comment_author_email = (isset($_POST['email'])) ? trim($_POST['email']) : NULL;
$comment_author_url = (isset($_POST['url'])) ? trim($_POST['url']) : NULL;
$comment_content = (isset($_POST['comment'])) ? trim($_POST['comment']) : "";
if(isset($_POST['wx7x']) && $_POST['wx7x']!="" && $comment_content===""){
	$comment_content = $_POST['wx7x'];
}

is_black_author($comment_author);

// If the user is logged in
$user = wp_get_current_user();
if($user->exists()){
	if(empty($user->display_name)){
		$user->display_name = $user->user_login;
	}
	$comment_author = wp_slash($user->display_name);
	$comment_author_email = wp_slash($user->user_email);
	$comment_author_url = wp_slash($user->user_url);
	if(current_user_can('unfiltered_html')){
		if(!isset($_POST['_wp_unfiltered_html_comment']) || !wp_verify_nonce($_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)
		){
			kses_remove_filters(); // start with a clean slate
			kses_init_filters(); // set up the filters
		}
	}
} else{
	if(get_option('comment_registration') || 'private' == $status){
		err(__('Sorry, you must be logged in to post a comment.'));
	}
}

$comment_type = '';

if(get_option('require_name_email') && !$user->exists()){
	if(6 > strlen($comment_author_email) || '' == $comment_author){
		err(__('<strong>ERROR</strong>: please fill the required fields (name, email).'));
	} elseif(!is_email($comment_author_email)){
		err(__('<strong>ERROR</strong>: please enter a valid email address.'));
	}
}

if('' == $comment_content){
	err(__('<strong>ERROR</strong>: please type a comment.'));
}

//重复评论检测
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '" . esc_sql($comment_post_ID) . "' AND ( comment_author = '$comment_author' ";
if($comment_author_email){
	$dupe .= "OR comment_author_email = '" . esc_sql($comment_author_email) . "' ";
}
$dupe .= ") AND comment_content = '" . esc_sql($comment_content) . "' LIMIT 1";
if($wpdb->get_var($dupe)){
	err(__('Duplicate comment detected; it looks as though you&#8217;ve already said that!'));
}
//评论速度检测
if($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))){
	$time_lastcomment = mysql2date('U', $lasttime, false);
	$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
	$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
	if($flood_die){
		err(__('你提交评论频率过快，可以等待十秒后重试！'));
	}
}

$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;

$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');


$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);


$comment_depth = 1; //为评论的 class 属性准备的
$tmp_c = $comment;
while($tmp_c->comment_parent != 0){
	$comment_depth++;
	$tmp_c = get_comment($tmp_c->comment_parent);
}
?>
<li id="comment-<?php comment_ID(); ?>" <?php comment_class(empty($args['has_children']) ? '' : 'parent'); ?>>
	<article id="div-comment-<?php comment_ID(); ?>" class="comment-body">
		<footer class="comment-meta">
			<div class="comment-author vcard">
				<?php echo get_avatar($comment, 42) ?>
				<?php printf(__('%s <span class="says">says:</span>'), sprintf('<b class="fn">%s</b>', get_comment_author_link())); ?>
			</div>
			<div class="comment-metadata">
				<a href="<?php echo esc_url(get_comment_link($comment->comment_ID)); ?>">
					<time datetime="<?php comment_time('c'); ?>">
						<?php printf(_x('%1$s at %2$s', '1: date, 2: time'), get_comment_date(), get_comment_time()); ?>
					</time>
				</a>
				<?php edit_comment_link(__('Edit'), '<span class="edit-link">', '</span>'); ?>
			</div>
			<?php if('0' == $comment->comment_approved) : ?>
				<p class="comment-awaiting-moderation"><?php _e('Your comment is awaiting moderation.'); ?></p>
			<?php endif; ?>
		</footer>
		<div class="comment-content">
			<?php comment_text(); ?>
		</div>
		<div class="reply"></div>
	</article>
</li>
	<?php
	header("Content-Type: text/html; charset=utf-8");
	function err($error){
	header('HTTP/1.1 405 Method Not Allowed');
	echo $error;
	comment_error_record($error);
	exit;
	}

	function is_black_author($author){
	$author = trim(strtolower($author));
	foreach([
	'seo',
	'排行榜',
	'销量',
	'赚钱',
	'新闻网',
	'婚纱摄影',
	'公司',
	'网站优化',
	'关键词',
	'厂家',
	'品牌',
	'液压机',
	'烘干机',
	'服务器',
	'生产',
	'美容',
	'护肤',
	'教程',
	'价格',
	'培训',
	'化妆',
	'网贷',
	'.com',
	'销售'] as $p){
	if(strpos($author, $p) !== false){
	err("当前名称中不允许包含“{$p}”字符，请换个名字.");
	}
	}
	}

	//if('POST' != $_SERVER['REQUEST_METHOD']){
	if(!isset($_POST['comment_post_ID'])){
	header('Allow: POST');
	header('HTTP/1.1 405 Method Not Allowed');
	header('Content-Type: text/plain');
	exit;
	}
	require(dirname(__FILE__) . '/../../../wp-load.php');
	nocache_headers();

	$comment_post_ID = isset($_POST['comment_post_ID']) ? (int)$_POST['comment_post_ID'] : 0;
	$post = get_post($comment_post_ID);
	if(empty($post->comment_status)){
	do_action('comment_id_not_found', $comment_post_ID);
	err(__('Invalid comment status.'));
	}

	// get_post_status() will get the parent status for attachments.
	$status = get_post_status($post);

	$status_obj = get_post_status_object($status);

	if(!comments_open($comment_post_ID)){
	do_action('comment_closed', $comment_post_ID);
	err(__('Sorry, comments are closed for this item.'));
	} elseif('trash' == $status){
	do_action('comment_on_trash', $comment_post_ID);
	err(__('Invalid comment status.'));
	} elseif(!$status_obj->public && !$status_obj->private){
	do_action('comment_on_draft', $comment_post_ID);
	err(__('Invalid comment status.'));
	} elseif(post_password_required($comment_post_ID)){
	do_action('comment_on_password_protected', $comment_post_ID);
	err(__('Password Protected'));
	} else{
	do_action('pre_comment_on_post', $comment_post_ID);
	}

	$comment_author = (isset($_POST['author'])) ? trim(strip_tags($_POST['author'])) : NULL;
	$comment_author_email = (isset($_POST['email'])) ? trim($_POST['email']) : NULL;
	$comment_author_url = (isset($_POST['url'])) ? trim($_POST['url']) : NULL;
	$comment_content = (isset($_POST['comment'])) ? trim($_POST['comment']) : "";
	if(isset($_POST['wx7x']) && $_POST['wx7x']!="" && $comment_content===""){
	$comment_content = $_POST['wx7x'];
	}

	is_black_author($comment_author);

	// If the user is logged in
	$user = wp_get_current_user();
	if($user->exists()){
	if(empty($user->display_name)){
	$user->display_name = $user->user_login;
	}
	$comment_author = wp_slash($user->display_name);
	$comment_author_email = wp_slash($user->user_email);
	$comment_author_url = wp_slash($user->user_url);
	if(current_user_can('unfiltered_html')){
	if(!isset($_POST['_wp_unfiltered_html_comment']) \|\| !wp_verify_nonce($_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)
	){
	kses_remove_filters(); // start with a clean slate
	kses_init_filters(); // set up the filters
	}
	}
	} else{
	if(get_option('comment_registration') \|\| 'private' == $status){
	err(__('Sorry, you must be logged in to post a comment.'));
	}
	}

	$comment_type = '';

	if(get_option('require_name_email') && !$user->exists()){
	if(6 > strlen($comment_author_email) \|\| '' == $comment_author){
	err(__('<strong>ERROR</strong>: please fill the required fields (name, email).'));
	} elseif(!is_email($comment_author_email)){
	err(__('<strong>ERROR</strong>: please enter a valid email address.'));
	}
	}

	if('' == $comment_content){
	err(__('<strong>ERROR</strong>: please type a comment.'));
	}

	//重复评论检测
	$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '" . esc_sql($comment_post_ID) . "' AND ( comment_author = '$comment_author' ";
	if($comment_author_email){
	$dupe .= "OR comment_author_email = '" . esc_sql($comment_author_email) . "' ";
	}
	$dupe .= ") AND comment_content = '" . esc_sql($comment_content) . "' LIMIT 1";
	if($wpdb->get_var($dupe)){
	err(__('Duplicate comment detected; it looks as though you’ve already said that!'));
	}
	//评论速度检测
	if($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))){
	$time_lastcomment = mysql2date('U', $lasttime, false);
	$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
	$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
	if($flood_die){
	err(__('你提交评论频率过快，可以等待十秒后重试！'));
	}
	}

	$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;

	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');


	$comment_id = wp_new_comment($commentdata);
	$comment = get_comment($comment_id);
	do_action('set_comment_cookies', $comment, $user);


	$comment_depth = 1; //为评论的 class 属性准备的
	$tmp_c = $comment;
	while($tmp_c->comment_parent != 0){
	$comment_depth++;
	$tmp_c = get_comment($tmp_c->comment_parent);
	}
	?>
	<li id="comment-<?php comment_ID(); ?>" <?php comment_class(empty($args['has_children']) ? '' : 'parent'); ?>>
	<article id="div-comment-<?php comment_ID(); ?>" class="comment-body">
	<footer class="comment-meta">
	<div class="comment-author vcard">
	<?php echo get_avatar($comment, 42) ?>
	<?php printf(__('%s <span class="says">says:</span>'), sprintf('<b class="fn">%s</b>', get_comment_author_link())); ?>
	</div>
	<div class="comment-metadata">
	<a href="<?php echo esc_url(get_comment_link($comment->comment_ID)); ?>">
	<time datetime="<?php comment_time('c'); ?>">
	<?php printf(_x('%1$s at %2$s', '1: date, 2: time'), get_comment_date(), get_comment_time()); ?>
	</time>
	</a>
	<?php edit_comment_link(__('Edit'), '<span class="edit-link">', '</span>'); ?>
	</div>
	<?php if('0' == $comment->comment_approved) : ?>
	<p class="comment-awaiting-moderation"><?php _e('Your comment is awaiting moderation.'); ?></p>
	<?php endif; ?>
	</footer>
	<div class="comment-content">
	<?php comment_text(); ?>
	</div>
	<div class="reply"></div>
	</article>
	</li>