source: extensions/CommentEditor/include/ce_functions.inc.php @ 3476

<?php
/* $Id: ce_functions.inc.php,v 1.7 2009/06/29 11:43:18 Criss Exp $ */
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');

/**
 * Include class file
 * @param $aClassName
 * @return unknown_type
 */
function ce_require_class($aClassName) {
  require_once CE_CLASSES .strtolower($aClassName) . '.class.php';
}

function ce_clean_obsolete_files($obsolete_file_list) {
  if (!file_exists(CE_PATH.$obsolete_file_list)) {
    return TRUE;
  }
  $obsolete = file(CE_PATH.$obsolete_file_list);
  array_push($obsolete, $obsolete_file_list);
  return ce_clean_obsolete_list($obsolete);
}

function ce_clean_obsolete_list($file_list = array(), &$errors = array()) {
  if (!function_exists('unlink')) {
      // No unlink available...
      array_push($errors, l10n('ce_no_unlink'));
      return FALSE;
  }
  $success = TRUE;
  foreach ($file_list as $file) {
    $file = CE_PATH . $file;
    if (file_exists($file)) {
      // Remove obsolete file
      $success &= unlink($file);
    }
  }
  if (!$success) {
      array_push($errors, l10n('ce_unlink_errors'));
  }
  return $success;
}

if (!function_exists('update_user_comment')) {

/**
 * Changed from Piwigo core function  insert_user_comment
 */

/**
 * Tries to update a user comment in the database and returns one of :
 * validate, moderate, reject
 * @param array comm contains author, content, image_id
 * @param string key secret key sent back to the browser
 * @param array infos out array of messages
 */
function update_user_comment( &$comm, $key, &$infos )
{
  global $conf, $user;

  $comm = array_merge( $comm,
    array(
      'ip' => $_SERVER['REMOTE_ADDR'],
      'agent' => $_SERVER['HTTP_USER_AGENT']
    )
   );

  $infos = array();
  if (!$conf['comments_validation'] or is_admin())
  {
    $comment_action='validate'; //one of validate, moderate, reject
  }
  else
  {
    $comment_action='moderate'; //one of validate, moderate, reject
  }

  // display author field if the user status is guest or generic
  if (!is_classic_user())
  {
    if ( empty($comm['author']) )
    {
      $comm['author'] = 'guest';
    }
    // if a guest try to use the name of an already existing user, he must be
    // rejected
    if ( $comm['author'] != 'guest' )
    {
      $query = '
SELECT COUNT(*) AS user_exists
  FROM '.USERS_TABLE.'
  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
      $row = mysql_fetch_assoc( pwg_query( $query ) );
      if ( $row['user_exists'] == 1 )
      {
        array_push($infos, l10n('comment_user_exists') );
        $comment_action='reject';
      }
    }
  }
  else
  {
    if ( empty($comm['author'])) {
        $comm['author'] = $user[$conf['user_fields']['username']];
    }
  }
  if ( empty($comm['content']) )
  { // empty comment content
    $comment_action='reject';
  }

//  $key = explode( ':', @$key );
//  if ( count($key)!=2
//        or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
//        or $key[0]<time()-3600 // 60 minutes expiration
//        or hash_hmac(
//              'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
//            ) != $key[1]
//      )
//  {
//    $comment_action='reject';
//  }

  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
  { // anti-flood system
    $reference_date = time() - $conf['anti-flood_time'];
    $query = '
SELECT id FROM '.COMMENTS_TABLE.'
  WHERE date > FROM_UNIXTIME('.$reference_date.')
    AND author = "'.addslashes($comm['author']).'"';
    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
    {
      array_push( $infos, l10n('comment_anti-flood') );
      $comment_action='reject';
    }
  }

  // perform more spam check
  $comment_action = trigger_event('user_comment_check',
      $comment_action, $comm
    );

  if ( $comment_action!='reject' )
  {

    $query = 'UPDATE '.COMMENTS_TABLE;
    $query.= ' SET author="'.addslashes($comm['author']).'"';
    $query.= '    ,content="'.addslashes($comm['content']).'"';
    if ('moderate' == $comment_action) {
        $query.=',validated="false"';
        $query.=', validation_date=NULL';
    }
    $query.=' WHERE (id='.$comm['comment_id'].' AND image_id='.$comm['image_id'].')';
    pwg_query($query);

    if
      (
        ($comment_action=='validate' and $conf['email_admin_on_comment'])
        or
        ($comment_action!='validate' and $conf['email_admin_on_comment_validation'])
      )
    {
      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');

      $del_url =
          get_absolute_root_url().'comments.php?delete='.$comm['comment_id'];

      $keyargs_content = array
      (
        get_l10n_args('Author: %s', $comm['author']),
        get_l10n_args('Comment: %s', $comm['content']),
        get_l10n_args('', ''),
        get_l10n_args('Delete: %s', $del_url)
      );

      if ($comment_action!='validate')
      {
        $keyargs_content[] =
          get_l10n_args('', '');
        $keyargs_content[] =
          get_l10n_args('Validate: %s',
            get_absolute_root_url().'comments.php?validate='.$comm['comment_id']);
      }

      pwg_mail_notification_admins
      (
        get_l10n_args('Comment by %s', $comm['author']),
        $keyargs_content
      );
    }
  }
  return $comment_action;
}

} // function_exists

?>