<?php
/**
 * Handles Comment Post to WordPress and prevents duplicate comment posting.
 *
 * @package WordPress
 */

//if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {
// header('Allow: POST');
// header('HTTP/1.1 405 Method Not Allowed');
// header('Content-Type: text/plain');
// exit;
//}

/** Sets up the WordPress Environment. */
if ( defined('ABSPATH') )
 require_once(ABSPATH . 'wp-load.php');
else
 require_once('../wp-load.php');
//nocache_headers();

function et_new_comment( $commentdata ) {
 $commentdata = apply_filters('preprocess_comment', $commentdata);

 $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
 if ( isset($commentdata['user_ID']) )
  $commentdata['user_id'] = $commentdata['user_ID'] = (int) $commentdata['user_ID'];
 elseif ( isset($commentdata['user_id']) )
  $commentdata['user_id'] = (int) $commentdata['user_id'];

 $commentdata['comment_parent'] = isset($commentdata['comment_parent']) ? absint($commentdata['comment_parent']) : 0;
 $parent_status = ( 0 < $commentdata['comment_parent'] ) ? wp_get_comment_status($commentdata['comment_parent']) : '';
 $commentdata['comment_parent'] = ( 'approved' == $parent_status || 'unapproved' == $parent_status ) ? $commentdata['comment_parent'] : 0;

 $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );
 $commentdata['comment_agent']     = substr($_SERVER['HTTP_USER_AGENT'], 0, 254);

 $commentdata['comment_date']     = current_time('mysql');
 $commentdata['comment_date_gmt'] = current_time('mysql', 1);

 $commentdata = wp_filter_comment($commentdata);

 //$commentdata['comment_approved'] = wp_allow_comment($commentdata);
 $commentdata['comment_approved'] =1;
 
 $comment_ID = wp_insert_comment($commentdata);
 
 do_action('comment_post', $comment_ID, $commentdata['comment_approved']);

 if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching
  if ( '0' == $commentdata['comment_approved'] )
   wp_notify_moderator($comment_ID);

  $post = &get_post($commentdata['comment_post_ID']); // Don't notify if it's your own comment

        if ( get_option('comments_notify') && $commentdata['comment_approved'] && ( ! isset( $commentdata['user_id'] ) || $post->post_author != $commentdata['user_id'] ) )
            wp_notify_postauthor($comment_ID, isset( $commentdata['comment_type'] ) ? $commentdata['comment_type'] : '' );
    }

 return $comment_ID;
}


$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
/*
$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );

if ( empty($status->comment_status) ) {
 //do_action('comment_id_not_found', $comment_post_ID);
 echo('[err]comment_post_ID not found[/err]');
 exit;
} else*/

$post = get_post($comment_post_ID);

if ( empty($post->comment_status) ) {
 //do_action('comment_id_not_found', $comment_post_ID);
 echo('[err]comment_post_ID not found[/err]');
    exit;
}

// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);

$status_obj = get_post_status_object($status);

if ( !comments_open($comment_post_ID) ) {
 echo('[err]Sorry, comments are closed for this item.[/err]') ;
 //do_action('comment_closed', $comment_post_ID);
 //wp_die( __('Sorry, comments are closed for this item.') );
 exit;
} elseif ( 'trash' == $status ) {            //} elseif ( 'trash' == $status->post_status ) {
 //do_action('comment_on_trash', $comment_post_ID);
 echo('[err]comment_on_trash[/err]');    
 exit;
} elseif ( post_password_required($comment_post_ID) ) {
 //do_action('comment_on_password_protected', $comment_post_ID);
 echo('[err]comment_on_password_protected[/err]');
 exit;
} else {
 do_action('pre_comment_on_post', $comment_post_ID);
}
//zzcity add
$ruser=$_POST['ruser'];
if(isset($ruser)){
 $rusers=explode(",",$ruser);
 $ri=rand(0,count($rusers)-1);
 $comment_author       = ( isset($rusers[$ri]) )  ? trim(strip_tags($rusers[$ri])) : null;
}else{
 $ruser=$_POST['log'];
 $comment_author       = ( isset($ruser) )  ? trim(strip_tags($ruser)) : null;
}

//$comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
//$comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
$comment_content      = ( isset($_POST['content']) ) ? trim($_POST['content']) : null; //zzcity

// If the user is logged in
/*$user = wp_get_current_user();
if ( $user->ID ) {
 if ( empty( $user->display_name ) )
  $user->display_name=$user->user_login;
 $comment_author       = $wpdb->escape($user->display_name);
 $comment_author_email = $wpdb->escape($user->user_email);
 $comment_author_url   = $wpdb->escape($user->user_url);
 if ( current_user_can('unfiltered_html') ) {
  if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
   kses_remove_filters(); // start with a clean slate
   kses_init_filters(); // set up the filters
  }
 }
} else {
    if ( get_option('comment_registration') || 'private' == $status )
        wp_die( __('Sorry, you must be logged in to post a comment.') );
}

*/
$comment_type = '';

/*if ( get_option('require_name_email') && !$user->ID ) {
 if ( 6 > strlen($comment_author_email) || '' == $comment_author )
        wp_die( __('<strong>ERROR</strong>: please fill the required fields (name, email).') );
    elseif ( !is_email($comment_author_email))
        wp_die( __('<strong>ERROR</strong>: please enter a valid email address.') );
}
*/
if ( '' == $comment_content )
// wp_die( __('Error: please type a comment.') );
 exit('[err]comment is null[/err]');
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;

$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');

$comment_id = et_new_comment( $commentdata );

if($comment_id ){
echo('[ok]comment_id='.$comment_id);}

/*$comment = get_comment($comment_id);
if ( !$user->ID ) {
 $comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
 setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
 setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
 setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);}
*/


/*$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
$location = apply_filters('comment_post_redirect', $location, $comment);

wp_redirect($location);
*/
?>