Context Navigation

source: branches/2.0/comments.php @ 3519

Last change on this file since 3519 was 3519, checked in by vdigital, 15 years ago
Minor: prevent for non numeric values (except all)
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 12.2 KB

Rev	Line
[166]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[3046]	5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[166]	23
[579]	24	// +-----------------------------------------------------------------------+
	25	// \| initialization \|
	26	// +-----------------------------------------------------------------------+
[1598]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[345]	29
[1072]	30	// +-----------------------------------------------------------------------+
	31	// \| Check Access and exit when user status is not ok \|
	32	// +-----------------------------------------------------------------------+
	33	check_status(ACCESS_GUEST);
	34
[796]	35	$sort_order = array(
[2223]	36	'DESC' => l10n('descending'),
	37	'ASC' => l10n('ascending')
[796]	38	);
	39
	40	// sort_by : database fields proposed for sorting comments list
	41	$sort_by = array(
[2223]	42	'date' => l10n('comment date'),
	43	'image_id' => l10n('picture')
[796]	44	);
	45
	46	// items_number : list of number of items to display per page
	47	$items_number = array(5,10,20,50,'all');
	48
	49	// since when display comments ?
	50	//
	51	$since_options = array(
	52	1 => array('label' => l10n('today'),
	53	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
	54	2 => array('label' => sprintf(l10n('last %d days'), 7),
	55	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
	56	3 => array('label' => sprintf(l10n('last %d days'), 30),
	57	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
	58	4 => array('label' => l10n('the beginning'),
	59	'clause' => '1=1') // stupid but generic
	60	);
	61
[1716]	62	$page['since'] = isset($_GET['since']) ? $_GET['since'] : 4;
[796]	63
	64	// on which field sorting
	65	//
	66	$page['sort_by'] = 'date';
	67	// if the form was submitted, it overloads default behaviour
[2755]	68	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]	69	{
[796]	70	$page['sort_by'] = $_GET['sort_by'];
[393]	71	}
[796]	72
	73	// order to sort
	74	//
[2223]	75	$page['sort_order'] = 'DESC';
[796]	76	// if the form was submitted, it overloads default behaviour
[2755]	77	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]	78	{
[2223]	79	$page['sort_order'] = $_GET['sort_order'];
[393]	80	}
[796]	81
	82	// number of items to display
	83	//
[1814]	84	$page['items_number'] = 10;
[796]	85	if (isset($_GET['items_number']))
	86	{
	87	$page['items_number'] = $_GET['items_number'];
	88	}
[3519]	89	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
	90	{
	91	$page['items_number'] = 10;
	92	}
[796]	93
[1716]	94	$page['where_clauses'] = array();
	95
[796]	96	// which category to filter on ?
	97	if (isset($_GET['cat']) and 0 != $_GET['cat'])
	98	{
[1716]	99	$page['where_clauses'][] =
[796]	100	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
	101	}
	102
	103	// search a particular author
	104	if (isset($_GET['author']) and !empty($_GET['author']))
	105	{
[1716]	106	$page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\'';
[796]	107	}
	108
	109	// search a substring among comments content
	110	if (isset($_GET['keyword']) and !empty($_GET['keyword']))
	111	{
[1716]	112	$page['where_clauses'][] =
[796]	113	'('.
	114	implode(' AND ',
	115	array_map(
	116	create_function(
	117	'$s',
	118	'return "content LIKE \'%$s%\'";'
	119	),
[2012]	120	preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]	121	)
	122	).
	123	')';
	124	}
	125
[1716]	126	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
	127
[1598]	128	// which status to filter on ?
[1716]	129	if ( !is_admin() )
[1598]	130	{
[1716]	131	$page['where_clauses'][] = 'validated="true"';
[1598]	132	}
	133
[1716]	134	$page['where_clauses'][] = get_sql_condition_FandF
	135	(
	136	array
	137	(
	138	'forbidden_categories' => 'category_id',
	139	'visible_categories' => 'category_id',
	140	'visible_images' => 'ic.image_id'
	141	),
	142	'', true
	143	);
[1598]	144
[579]	145	// +-----------------------------------------------------------------------+
	146	// \| comments management \|
	147	// +-----------------------------------------------------------------------+
[1617]	148	if (isset($_GET['delete']) and is_numeric($_GET['delete'])
	149	and !is_adviser() )
	150	{// comments deletion
	151	check_status(ACCESS_ADMINISTRATOR);
	152	$query = '
[579]	153	DELETE FROM '.COMMENTS_TABLE.'
[1598]	154	WHERE id='.$_GET['delete'].'
[579]	155	;';
[1617]	156	pwg_query($query);
	157	}
[1598]	158
[1617]	159	if (isset($_GET['validate']) and is_numeric($_GET['validate'])
	160	and !is_adviser() )
	161	{ // comments validation
	162	check_status(ACCESS_ADMINISTRATOR);
	163	$query = '
[579]	164	UPDATE '.COMMENTS_TABLE.'
	165	SET validated = \'true\'
[1617]	166	, validation_date = NOW()
[1598]	167	WHERE id='.$_GET['validate'].'
[579]	168	;';
[1617]	169	pwg_query($query);
[579]	170	}
[1617]	171
[579]	172	// +-----------------------------------------------------------------------+
	173	// \| page header and options \|
	174	// +-----------------------------------------------------------------------+
[355]	175
[2268]	176	$title= l10n('User comments');
[850]	177	$page['body_id'] = 'theCommentsPage';
	178
[579]	179	$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]	180	$template->assign(
[579]	181	array(
[796]	182	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[2134]	183	'F_KEYWORD'=>@htmlspecialchars(stripslashes($_GET['keyword'])),
	184	'F_AUTHOR'=>@htmlspecialchars(stripslashes($_GET['author'])),
[579]	185	)
	186	);
[355]	187
[796]	188	// +-----------------------------------------------------------------------+
	189	// \| form construction \|
	190	// +-----------------------------------------------------------------------+
	191
	192	// Search in a particular category
[2223]	193	$blockname = 'categories';
[796]	194
	195	$query = '
[1861]	196	SELECT id, name, uppercats, global_rank
[1677]	197	FROM '.CATEGORIES_TABLE.'
	198	'.get_sql_condition_FandF
	199	(
	200	array
	201	(
	202	'forbidden_categories' => 'id',
	203	'visible_categories' => 'id'
	204	),
	205	'WHERE'
	206	).'
[796]	207	;';
	208	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
	209
	210	// Filter on recent comments...
[2223]	211	$tpl_var=array();
[796]	212	foreach ($since_options as $id => $option)
	213	{
[2223]	214	$tpl_var[ $id ] = $option['label'];
[355]	215	}
[2223]	216	$template->assign( 'since_options', $tpl_var);
	217	$template->assign( 'since_options_selected', $page['since']);
[796]	218
	219	// Sort by
[2223]	220	$template->assign( 'sort_by_options', $sort_by);
	221	$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]	222
	223	// Sorting order
[2223]	224	$template->assign( 'sort_order_options', $sort_order);
	225	$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]	226
	227
	228	// Number of items
	229	$blockname = 'items_number_option';
[2223]	230	$tpl_var=array();
[796]	231	foreach ($items_number as $option)
	232	{
[2223]	233	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]	234	}
[2223]	235	$template->assign( 'item_number_options', $tpl_var);
	236	$template->assign( 'item_number_options_selected', $page['items_number']);
[796]	237
[2223]	238
[579]	239	// +-----------------------------------------------------------------------+
[796]	240	// \| navigation bar \|
	241	// +-----------------------------------------------------------------------+
	242
	243	if (isset($_GET['start']) and is_numeric($_GET['start']))
	244	{
	245	$start = $_GET['start'];
	246	}
	247	else
	248	{
	249	$start = 0;
	250	}
	251
	252	$query = '
	253	SELECT COUNT(DISTINCT(id))
	254	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
	255	INNER JOIN '.COMMENTS_TABLE.' AS com
	256	ON ic.image_id = com.image_id
[1716]	257	WHERE '.implode('
	258	AND ', $page['where_clauses']).'
[796]	259	;';
	260	list($counter) = mysql_fetch_row(pwg_query($query));
	261
[1598]	262	$url = PHPWG_ROOT_PATH
	263	.'comments.php'
	264	.get_query_string_diff(array('start','delete','validate'));
[796]	265
	266	$navbar = create_navigation_bar($url,
	267	$counter,
	268	$start,
	269	$page['items_number'],
	270	'');
	271
[2223]	272	$template->assign('NAVBAR', $navbar);
[796]	273
	274	// +-----------------------------------------------------------------------+
[579]	275	// \| last comments display \|
	276	// +-----------------------------------------------------------------------+
[355]	277
[796]	278	$comments = array();
	279	$element_ids = array();
	280	$category_ids = array();
	281
[579]	282	$query = '
[796]	283	SELECT com.id AS comment_id
	284	, com.image_id
	285	, ic.category_id
	286	, com.author
	287	, com.date
	288	, com.content
[1598]	289	, com.validated
[796]	290	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
	291	INNER JOIN '.COMMENTS_TABLE.' AS com
	292	ON ic.image_id = com.image_id
[1716]	293	WHERE '.implode('
	294	AND ', $page['where_clauses']).'
[796]	295	GROUP BY comment_id
	296	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
	297	if ('all' != $page['items_number'])
	298	{
	299	$query.= '
	300	LIMIT '.$start.','.$page['items_number'];
	301	}
	302	$query.= '
[579]	303	;';
[587]	304	$result = pwg_query($query);
[1598]	305	while ($row = mysql_fetch_assoc($result))
[393]	306	{
[796]	307	array_push($comments, $row);
	308	array_push($element_ids, $row['image_id']);
	309	array_push($category_ids, $row['category_id']);
[393]	310	}
[796]	311
	312	if (count($comments) > 0)
[579]	313	{
[796]	314	// retrieving element informations
	315	$elements = array();
[579]	316	$query = '
[796]	317	SELECT id, name, file, path, tn_ext
[579]	318	FROM '.IMAGES_TABLE.'
[796]	319	WHERE id IN ('.implode(',', $element_ids).')
[579]	320	;';
[796]	321	$result = pwg_query($query);
[1598]	322	while ($row = mysql_fetch_assoc($result))
[579]	323	{
[796]	324	$elements[$row['id']] = $row;
[579]	325	}
[721]	326
[796]	327	// retrieving category informations
[579]	328	$query = '
[1866]	329	SELECT id, name, permalink, uppercats
[796]	330	FROM '.CATEGORIES_TABLE.'
	331	WHERE id IN ('.implode(',', $category_ids).')
	332	;';
[1866]	333	$categories = hash_from_query($query, 'id');
[796]	334
	335	foreach ($comments as $comment)
[579]	336	{
[796]	337	if (!empty($elements[$comment['image_id']]['name']))
[166]	338	{
[1598]	339	$name=$elements[$comment['image_id']]['name'];
[166]	340	}
[796]	341	else
	342	{
[1598]	343	$name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]	344	}
[1090]	345
[796]	346	// source of the thumbnail picture
[1598]	347	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
[1090]	348
[796]	349	// link to the full size picture
[1090]	350	$url = make_picture_url(
	351	array(
[1861]	352	'category' => $categories[ $comment['category_id'] ],
[1090]	353	'image_id' => $comment['image_id'],
	354	'image_file' => $elements[$comment['image_id']]['file'],
	355	)
	356	);
	357
[796]	358	$author = $comment['author'];
	359	if (empty($comment['author']))
[393]	360	{
[796]	361	$author = l10n('guest');
[166]	362	}
[1090]	363
[2223]	364	$tpl_comment =
[796]	365	array(
[1004]	366	'U_PICTURE' => $url,
[848]	367	'TN_SRC' => $thumbnail_src,
[1598]	368	'ALT' => $name,
[2030]	369	'AUTHOR' => trigger_event('render_comment_author', $author),
[3123]	370	'DATE'=>format_date($comment['date'], true),
[1598]	371	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
[2223]	372	);
[1598]	373
	374	if ( is_admin() )
	375	{
	376	$url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate'));
[2223]	377	$tpl_comment['U_DELETE'] = add_url_params($url,
[1598]	378	array('delete'=>$comment['comment_id'])
[2223]	379	);
	380
[1598]	381	if ($comment['validated'] != 'true')
	382	{
[2223]	383	$tpl_comment['U_VALIDATE'] = add_url_params($url,
[1598]	384	array('validate'=>$comment['comment_id'])
[2223]	385	);
[1598]	386	}
	387	}
[2223]	388	$template->append('comments', $tpl_comment);
[166]	389	}
[579]	390	}
	391	// +-----------------------------------------------------------------------+
	392	// \| html code display \|
	393	// +-----------------------------------------------------------------------+
[2107]	394	include(PHPWG_ROOT_PATH.'include/page_header.php');
[2223]	395	$template->pparse('comments');
[1598]	396	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]	397	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: