Context Navigation

comments.php @ 5002

Last change on this file since 5002 was 4508, checked in by plg, 14 years ago

bug 1328: implement check_pwg_token for emails on user comments management.

The check_pwg_token and get_pwg_token functions were moved to the public side
(for use on comments.php)

The email sent to admins on new user comment does not directly includes
validate/delete actions.

Property svn:eol-style set to LF
Property svn:keywords set to Author Date Id Revision

File size: 13.2 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	// +-----------------------------------------------------------------------+
25	// \| initialization \|
26	// +-----------------------------------------------------------------------+
27	define('PHPWG_ROOT_PATH','./');
28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29
30	// +-----------------------------------------------------------------------+
31	// \| Check Access and exit when user status is not ok \|
32	// +-----------------------------------------------------------------------+
33	check_status(ACCESS_GUEST);
34
35	$sort_order = array(
36	'DESC' => l10n('descending'),
37	'ASC' => l10n('ascending')
38	);
39
40	// sort_by : database fields proposed for sorting comments list
41	$sort_by = array(
42	'date' => l10n('comment date'),
43	'image_id' => l10n('picture')
44	);
45
46	// items_number : list of number of items to display per page
47	$items_number = array(5,10,20,50,'all');
48
49	// since when display comments ?
50	//
51	$since_options = array(
52	1 => array('label' => l10n('today'),
53	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
54	2 => array('label' => sprintf(l10n('last %d days'), 7),
55	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
56	3 => array('label' => sprintf(l10n('last %d days'), 30),
57	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
58	4 => array('label' => l10n('the beginning'),
59	'clause' => '1=1') // stupid but generic
60	);
61
62	if (!empty($_GET['since']) && is_numeric($_GET['since']))
63	{
64	$page['since'] = $_GET['since'];
65	}
66	else
67	{
68	$page['since'] = 4;
69	}
70
71	// on which field sorting
72	//
73	$page['sort_by'] = 'date';
74	// if the form was submitted, it overloads default behaviour
75	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
76	{
77	$page['sort_by'] = $_GET['sort_by'];
78	}
79
80	// order to sort
81	//
82	$page['sort_order'] = 'DESC';
83	// if the form was submitted, it overloads default behaviour
84	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
85	{
86	$page['sort_order'] = $_GET['sort_order'];
87	}
88
89	// number of items to display
90	//
91	$page['items_number'] = 10;
92	if (isset($_GET['items_number']))
93	{
94	$page['items_number'] = $_GET['items_number'];
95	}
96	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
97	{
98	$page['items_number'] = 10;
99	}
100
101	$page['where_clauses'] = array();
102
103	// which category to filter on ?
104	if (isset($_GET['cat']) and 0 != $_GET['cat'])
105	{
106	$page['where_clauses'][] =
107	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
108	}
109
110	// search a particular author
111	if (!empty($_GET['author']))
112	{
113	$page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\'';
114	}
115
116	// search a specific comment (if you're coming directly from an admin
117	// notification email)
118	if (!empty($_GET['comment_id']))
119	{
120	check_input_parameter('comment_id', $_GET['comment_id'], false, PATTERN_ID);
121
122	// currently, the $_GET['comment_id'] is only used by admins from email
123	// for management purpose (validate/delete)
124	if (!is_admin())
125	{
126	$login_url =
127	get_root_url().'identification.php?redirect='
128	.urlencode(urlencode($_SERVER['REQUEST_URI']))
129	;
130	redirect($login_url);
131	}
132
133	$page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
134	}
135
136	// search a substring among comments content
137	if (!empty($_GET['keyword']))
138	{
139	$page['where_clauses'][] =
140	'('.
141	implode(' AND ',
142	array_map(
143	create_function(
144	'$s',
145	'return "content LIKE \'%$s%\'";'
146	),
147	preg_split('/[\s,;]+/', $_GET['keyword'] )
148	)
149	).
150	')';
151	}
152
153	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
154
155	// which status to filter on ?
156	if ( !is_admin() )
157	{
158	$page['where_clauses'][] = 'validated="true"';
159	}
160
161	$page['where_clauses'][] = get_sql_condition_FandF
162	(
163	array
164	(
165	'forbidden_categories' => 'category_id',
166	'visible_categories' => 'category_id',
167	'visible_images' => 'ic.image_id'
168	),
169	'', true
170	);
171
172	// +-----------------------------------------------------------------------+
173	// \| comments management \|
174	// +-----------------------------------------------------------------------+
175
176	if (isset($_GET['delete']) or isset($_GET['validate']))
177	{
178	check_pwg_token();
179
180	if (!is_adviser())
181	{
182	check_status(ACCESS_ADMINISTRATOR);
183
184	if (isset($_GET['delete']))
185	{
186	check_input_parameter('delete', $_GET['delete'], false, PATTERN_ID);
187
188	$query = '
189	DELETE
190	FROM '.COMMENTS_TABLE.'
191	WHERE id = '.$_GET['delete'].'
192	;';
193	pwg_query($query);
194	}
195
196	if (isset($_GET['validate']))
197	{
198	check_input_parameter('validate', $_GET['validate'], false, PATTERN_ID);
199
200	$query = '
201	UPDATE '.COMMENTS_TABLE.'
202	SET validated = "true"
203	, validation_date = NOW()
204	WHERE id = '.$_GET['validate'].'
205	;';
206	pwg_query($query);
207	}
208
209	$redirect_url =
210	PHPWG_ROOT_PATH
211	.'comments.php'
212	.get_query_string_diff(array('delete','validate','pwg_token'));
213	redirect($redirect_url);
214	}
215	}
216
217	// +-----------------------------------------------------------------------+
218	// \| page header and options \|
219	// +-----------------------------------------------------------------------+
220
221	$title= l10n('User comments');
222	$page['body_id'] = 'theCommentsPage';
223
224	$template->set_filenames(array('comments'=>'comments.tpl'));
225	$template->assign(
226	array(
227	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
228	'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
229	'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
230	)
231	);
232
233	// +-----------------------------------------------------------------------+
234	// \| form construction \|
235	// +-----------------------------------------------------------------------+
236
237	// Search in a particular category
238	$blockname = 'categories';
239
240	$query = '
241	SELECT id, name, uppercats, global_rank
242	FROM '.CATEGORIES_TABLE.'
243	'.get_sql_condition_FandF
244	(
245	array
246	(
247	'forbidden_categories' => 'id',
248	'visible_categories' => 'id'
249	),
250	'WHERE'
251	).'
252	;';
253	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
254
255	// Filter on recent comments...
256	$tpl_var=array();
257	foreach ($since_options as $id => $option)
258	{
259	$tpl_var[ $id ] = $option['label'];
260	}
261	$template->assign( 'since_options', $tpl_var);
262	$template->assign( 'since_options_selected', $page['since']);
263
264	// Sort by
265	$template->assign( 'sort_by_options', $sort_by);
266	$template->assign( 'sort_by_options_selected', $page['sort_by']);
267
268	// Sorting order
269	$template->assign( 'sort_order_options', $sort_order);
270	$template->assign( 'sort_order_options_selected', $page['sort_order']);
271
272
273	// Number of items
274	$blockname = 'items_number_option';
275	$tpl_var=array();
276	foreach ($items_number as $option)
277	{
278	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
279	}
280	$template->assign( 'item_number_options', $tpl_var);
281	$template->assign( 'item_number_options_selected', $page['items_number']);
282
283
284	// +-----------------------------------------------------------------------+
285	// \| navigation bar \|
286	// +-----------------------------------------------------------------------+
287
288	if (isset($_GET['start']) and is_numeric($_GET['start']))
289	{
290	$start = $_GET['start'];
291	}
292	else
293	{
294	$start = 0;
295	}
296
297	$query = '
298	SELECT COUNT(DISTINCT(com.id))
299	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
300	INNER JOIN '.COMMENTS_TABLE.' AS com
301	ON ic.image_id = com.image_id
302	WHERE '.implode('
303	AND ', $page['where_clauses']).'
304	;';
305	list($counter) = mysql_fetch_row(pwg_query($query));
306
307	$url = PHPWG_ROOT_PATH
308	.'comments.php'
309	.get_query_string_diff(array('start','delete','validate','pwg_token'));
310
311	$navbar = create_navigation_bar($url,
312	$counter,
313	$start,
314	$page['items_number'],
315	'');
316
317	$template->assign('NAVBAR', $navbar);
318
319	// +-----------------------------------------------------------------------+
320	// \| last comments display \|
321	// +-----------------------------------------------------------------------+
322
323	$comments = array();
324	$element_ids = array();
325	$category_ids = array();
326
327	$query = '
328	SELECT com.id AS comment_id
329	, com.image_id
330	, ic.category_id
331	, com.author
332	, com.date
333	, com.content
334	, com.validated
335	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
336	INNER JOIN '.COMMENTS_TABLE.' AS com
337	ON ic.image_id = com.image_id
338	WHERE '.implode('
339	AND ', $page['where_clauses']).'
340	GROUP BY comment_id
341	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
342	if ('all' != $page['items_number'])
343	{
344	$query.= '
345	LIMIT '.$start.','.$page['items_number'];
346	}
347	$query.= '
348	;';
349	$result = pwg_query($query);
350	while ($row = mysql_fetch_assoc($result))
351	{
352	array_push($comments, $row);
353	array_push($element_ids, $row['image_id']);
354	array_push($category_ids, $row['category_id']);
355	}
356
357	if (count($comments) > 0)
358	{
359	// retrieving element informations
360	$elements = array();
361	$query = '
362	SELECT id, name, file, path, tn_ext
363	FROM '.IMAGES_TABLE.'
364	WHERE id IN ('.implode(',', $element_ids).')
365	;';
366	$result = pwg_query($query);
367	while ($row = mysql_fetch_assoc($result))
368	{
369	$elements[$row['id']] = $row;
370	}
371
372	// retrieving category informations
373	$query = '
374	SELECT id, name, permalink, uppercats
375	FROM '.CATEGORIES_TABLE.'
376	WHERE id IN ('.implode(',', $category_ids).')
377	;';
378	$categories = hash_from_query($query, 'id');
379
380	foreach ($comments as $comment)
381	{
382	if (!empty($elements[$comment['image_id']]['name']))
383	{
384	$name=$elements[$comment['image_id']]['name'];
385	}
386	else
387	{
388	$name=get_name_from_file($elements[$comment['image_id']]['file']);
389	}
390
391	// source of the thumbnail picture
392	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
393
394	// link to the full size picture
395	$url = make_picture_url(
396	array(
397	'category' => $categories[ $comment['category_id'] ],
398	'image_id' => $comment['image_id'],
399	'image_file' => $elements[$comment['image_id']]['file'],
400	)
401	);
402
403	$author = $comment['author'];
404	if (empty($comment['author']))
405	{
406	$author = l10n('guest');
407	}
408
409	$tpl_comment =
410	array(
411	'U_PICTURE' => $url,
412	'TN_SRC' => $thumbnail_src,
413	'ALT' => $name,
414	'AUTHOR' => trigger_event('render_comment_author', $author),
415	'DATE'=>format_date($comment['date'], true),
416	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
417	);
418
419	if ( is_admin() )
420	{
421	$url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate','pwg_token'));
422
423	$tpl_comment['U_DELETE'] = add_url_params(
424	$url,
425	array(
426	'delete' => $comment['comment_id'],
427	'pwg_token' => get_pwg_token(),
428	)
429	);
430
431	if ($comment['validated'] != 'true')
432	{
433	$tpl_comment['U_VALIDATE'] = add_url_params(
434	$url,
435	array(
436	'validate' => $comment['comment_id'],
437	'pwg_token' => get_pwg_token(),
438	)
439	);
440	}
441	}
442	$template->append('comments', $tpl_comment);
443	}
444	}
445	// +-----------------------------------------------------------------------+
446	// \| html code display \|
447	// +-----------------------------------------------------------------------+
448	include(PHPWG_ROOT_PATH.'include/page_header.php');
449	$template->pparse('comments');
450	include(PHPWG_ROOT_PATH.'include/page_tail.php');
451	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/2.0/comments.php @ 5002

Download in other formats: