Comments Class
categoryAPI
edit_calendar31 Mar 2026
Comments Class
The Comments class manages the reader feedback system in GeniXCMS. It handles comment submission, moderation, spam protection, and threaded rendering for posts and pages.
🚀 Quick Start (Frontend)
To display the comment system on a post or page template, use the following methods:
// 1. Display the count of comments
echo Db::$num_rows; // After showList() is called
// 2. Display the list of comments
echo Comments::showList(['max' => 10]);
// 3. Display the comment submission form
echo Comments::form();⚙️ Public API Reference
Comments::form()
Renders the complete HTML comment form (Bootstrap-based).
- Features:
- Automatically pre-fills name/email for logged-in users.
- Integrates Google reCAPTCHA if enabled.
- Includes client-side validaton via
Comments::validateJsComment(). - Supports parent-child threading via a "Reply" button that sets a hidden parent ID.
Comments::showList(array $vars)
Renders the threaded comment list and pagination for the current post.
| Parameter | Type | Required | Description |
|---|---|---|---|
$vars['max'] |
int |
✅ | The number of top-level comments to show per page. |
Example: echo Comments::showList(['max' => 5]);
Comments::recent(array $vars)
Fetches a list of recent comments across the site.
| Key | Type | Default | Description |
|---|---|---|---|
num |
int |
10 |
Number of comments to fetch. |
type |
string |
'post' |
The post type to filter (e.g., 'post', 'page'). |
post_id |
int |
null |
Optional, filter by a specific post. |
Comments::addComment(array $vars)
Processes the submission of a new comment (typically from $_POST).
- Validation:
- CSRF Protection (using
Token). - Spam Word filtering.
- Rate Limiting (default 60s delay between comments).
- Captcha verification (if enabled).
- CSRF Protection (using
- Default Status: Logged-in users' comments are published automatically (
status=1), while guests' comments are set to pending (status=2).
🛡️ Spam Protection & Security
The class includes three primary lines of defense:
- Bad Words Filter: Scans content against a list of ~300+ spam phrases (see
Comments::spamWord()). - Rate Limiting: Users are prevented from posting more than one comment every 60 seconds (configurable via
Comments::checkLastComment($delay)). - Captchas: Supports Google v2 ReCaptcha via the
Xaptchaclass integration.
📂 Administrative Methods
These methods are typically used in the backend (inc/lib/Control/Backend/comments.control.php):
| Method | Description |
|---|---|
Comments::publish($id) |
Set status to 1 (Published). |
Comments::unpublish($id) |
Set status to 0 (Unpublished/Spam). |
Comments::pending($id) |
Set status to 2 (Pending Moderation). |
Comments::delete($id) |
Permanently removes a comment record. |
Comments::isEnable() |
Returns true if comments_enable is 'on' in site options. |
📐 Database Schema (comments table)
| Field | Description |
|---|---|
userid |
Unique ID if the commenter is logged in. |
name |
Display name. |
email |
Contact email (gravatar compatible). |
comment |
Sanitized HTML content. |
parent |
The ID of the parent comment (0 for top-level). |
status |
0=Unpublished/Spam, 1=Published, 2=Pending. |
See Also
- Posts Class — How comments relate to content.
- Xaptcha Class — Anti-spam captcha engine.
- Options Class — Comment system configuration.