[9624] | 1 | <?php |
---|
| 2 | /* Code adapted from include/picture_comment.inc.php and picture.php */ |
---|
| 3 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 4 | |
---|
| 5 | // +-----------------------------------------------------------------------+ |
---|
| 6 | // Category's infos |
---|
| 7 | // +-----------------------------------------------------------------------+ |
---|
| 8 | $category = $page['category']; |
---|
| 9 | |
---|
| 10 | $url_self = duplicate_index_url(array( |
---|
| 11 | 'category' => array( |
---|
| 12 | 'id'=>$category['id'], |
---|
| 13 | 'name'=>$category['name'], |
---|
| 14 | 'permalink'=>$category['permalink'] |
---|
| 15 | ), |
---|
| 16 | array('start') |
---|
| 17 | )); |
---|
| 18 | |
---|
| 19 | |
---|
| 20 | // +-----------------------------------------------------------------------+ |
---|
| 21 | // Actions |
---|
| 22 | // +-----------------------------------------------------------------------+ |
---|
| 23 | if (isset($_GET['action'])) { |
---|
| 24 | switch ($_GET['action']) { |
---|
| 25 | case 'edit_comment' : { |
---|
| 26 | check_pwg_token(); |
---|
| 27 | include_once(COA_PATH.'include/functions_comment.inc.php'); // custom fonctions |
---|
| 28 | check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID); |
---|
| 29 | $author_id = get_comment_author_id($_GET['comment_to_edit']); |
---|
| 30 | |
---|
| 31 | if (can_manage_comment('edit', $author_id)) { |
---|
| 32 | if (!empty($_POST['content'])) { |
---|
| 33 | update_user_comment(array( |
---|
| 34 | 'comment_id' => $_GET['comment_to_edit'], |
---|
| 35 | 'image_id' => $category['id'], |
---|
| 36 | 'content' => $_POST['content'] |
---|
| 37 | ), $_POST['key']); |
---|
| 38 | |
---|
| 39 | redirect($url_self); |
---|
| 40 | } else { |
---|
| 41 | $edit_comment = $_GET['comment_to_edit']; |
---|
| 42 | break; |
---|
| 43 | } |
---|
| 44 | } |
---|
| 45 | } |
---|
| 46 | |
---|
| 47 | case 'delete_comment' : { |
---|
| 48 | check_pwg_token(); |
---|
| 49 | include_once(COA_PATH.'include/functions_comment.inc.php'); |
---|
| 50 | check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID); |
---|
| 51 | $author_id = get_comment_author_id($_GET['comment_to_delete']); |
---|
| 52 | |
---|
| 53 | if (can_manage_comment('delete', $author_id)) { |
---|
| 54 | delete_user_comment($_GET['comment_to_delete']); |
---|
| 55 | } |
---|
| 56 | |
---|
| 57 | redirect($url_self); |
---|
| 58 | } |
---|
| 59 | |
---|
| 60 | case 'validate_comment' : { |
---|
| 61 | check_pwg_token(); |
---|
| 62 | include_once(COA_PATH.'include/functions_comment.inc.php'); |
---|
| 63 | check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID); |
---|
| 64 | $author_id = get_comment_author_id($_GET['comment_to_validate']); |
---|
| 65 | |
---|
| 66 | if (can_manage_comment('validate', $author_id)) { |
---|
| 67 | validate_user_comment($_GET['comment_to_validate']); |
---|
| 68 | } |
---|
| 69 | |
---|
| 70 | redirect($url_self); |
---|
| 71 | } |
---|
| 72 | } |
---|
| 73 | } |
---|
| 74 | |
---|
| 75 | |
---|
| 76 | // +-----------------------------------------------------------------------+ |
---|
| 77 | // Insert comment |
---|
| 78 | // +-----------------------------------------------------------------------+ |
---|
| 79 | if ($category['commentable'] and isset($_POST['content'])) { |
---|
| 80 | if (is_a_guest() and !$conf['comments_forall']) { |
---|
| 81 | die('Session expired'); |
---|
| 82 | } |
---|
| 83 | |
---|
| 84 | $comm = array( |
---|
| 85 | 'author' => trim( @$_POST['author'] ), |
---|
| 86 | 'content' => trim( $_POST['content'] ), |
---|
| 87 | 'image_id' => $category['id'], |
---|
| 88 | ); |
---|
| 89 | |
---|
| 90 | include_once(COA_PATH.'include/functions_comment.inc.php'); |
---|
| 91 | $comment_action = insert_user_comment($comm, @$_POST['key'], $infos); |
---|
| 92 | |
---|
| 93 | switch ($comment_action) { |
---|
| 94 | case 'moderate': |
---|
| 95 | array_push($infos, l10n('An administrator must authorize your comment before it is visible.')); |
---|
| 96 | case 'validate': |
---|
| 97 | array_push($infos, l10n('Your comment has been registered')); |
---|
| 98 | break; |
---|
| 99 | case 'reject': |
---|
| 100 | set_status_header(403); |
---|
| 101 | array_push($infos, l10n('Your comment has NOT been registered because it did not pass the validation rules')); |
---|
| 102 | break; |
---|
| 103 | default: |
---|
| 104 | trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING); |
---|
| 105 | } |
---|
| 106 | |
---|
| 107 | $template->assign(($comment_action=='reject') ? 'errors' : 'infos', $infos); |
---|
| 108 | trigger_action('user_comment_insertion', array_merge($comm, array('action'=>$comment_action))); |
---|
| 109 | |
---|
| 110 | } elseif (isset($_POST['content'])) { |
---|
| 111 | set_status_header(403); |
---|
| 112 | die('ugly spammer'); |
---|
| 113 | } |
---|
| 114 | |
---|
| 115 | |
---|
| 116 | // +-----------------------------------------------------------------------+ |
---|
| 117 | // Display comments |
---|
| 118 | // +-----------------------------------------------------------------------+ |
---|
| 119 | if ($category['commentable']) { |
---|
| 120 | if (!is_admin()) { |
---|
| 121 | $validated_clause = " AND validated = 'true'"; |
---|
| 122 | } else { |
---|
| 123 | $validated_clause = null; |
---|
| 124 | } |
---|
| 125 | |
---|
| 126 | // number of comments for this picture |
---|
| 127 | $query = 'SELECT COUNT(*) AS nb_comments |
---|
| 128 | FROM '.COA_TABLE.' |
---|
| 129 | WHERE category_id = '.$category['id'] |
---|
| 130 | .$validated_clause.' |
---|
| 131 | ;'; |
---|
| 132 | $row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 133 | |
---|
| 134 | // navigation bar creation, custom again |
---|
| 135 | if (isset($_GET['start_comments'])) { |
---|
| 136 | $page['start_comments'] = $_GET['start_comments']; |
---|
| 137 | } else { |
---|
| 138 | $page['start_comments'] = 0; |
---|
| 139 | } |
---|
| 140 | include_once(COA_PATH.'include/functions.inc.php'); |
---|
| 141 | |
---|
| 142 | $navigation_bar = create_comment_navigation_bar( |
---|
| 143 | duplicate_index_url(array(), array('start')), |
---|
| 144 | $row['nb_comments'], |
---|
| 145 | $page['start_comments'], |
---|
| 146 | $conf['nb_comment_page'] |
---|
| 147 | ); |
---|
| 148 | |
---|
| 149 | $template->assign(array( |
---|
| 150 | 'COMMENT_COUNT' => $row['nb_comments'], |
---|
| 151 | 'comment_navbar' => $navigation_bar, |
---|
| 152 | )); |
---|
| 153 | |
---|
| 154 | if ($row['nb_comments'] > 0) { |
---|
| 155 | // get comments |
---|
| 156 | $query = 'SELECT |
---|
| 157 | com.id, |
---|
| 158 | author, |
---|
| 159 | author_id, |
---|
| 160 | '.$conf['user_fields']['username'].' AS username, |
---|
| 161 | date, |
---|
| 162 | category_id, |
---|
| 163 | content, |
---|
| 164 | validated |
---|
| 165 | FROM '.COA_TABLE.' AS com |
---|
| 166 | LEFT JOIN '.USERS_TABLE.' AS u |
---|
| 167 | ON u.'.$conf['user_fields']['id'].' = author_id |
---|
| 168 | WHERE category_id = '.$category['id'].' |
---|
| 169 | '.$validated_clause.' |
---|
| 170 | ORDER BY date ASC |
---|
| 171 | LIMIT '.$conf['nb_comment_page'].' OFFSET '.$page['start_comments'].' |
---|
| 172 | ;'; |
---|
| 173 | $result = pwg_query($query); |
---|
| 174 | |
---|
| 175 | while ($row = pwg_db_fetch_assoc($result)) { |
---|
| 176 | // author |
---|
| 177 | if (!empty($row['author'])) { |
---|
| 178 | $author = $row['author']; |
---|
| 179 | if ($author == 'guest') { |
---|
| 180 | $author = l10n('guest'); |
---|
| 181 | } |
---|
| 182 | } else { |
---|
| 183 | $author = stripslashes($row['username']); |
---|
| 184 | } |
---|
| 185 | |
---|
| 186 | // comment content |
---|
| 187 | $tpl_comment = array( |
---|
| 188 | 'AUTHOR' => trigger_event('render_comment_author', $author), |
---|
| 189 | 'DATE' => format_date($row['date'], true), |
---|
| 190 | 'CONTENT' => trigger_event('render_comment_content', $row['content']), |
---|
| 191 | ); |
---|
| 192 | |
---|
| 193 | // rights |
---|
| 194 | if (can_manage_comment('delete', $row['author_id'])) { |
---|
| 195 | $tpl_comment['U_DELETE'] = add_url_params($url_self, array( |
---|
| 196 | 'action' => 'delete_comment', |
---|
| 197 | 'comment_to_delete' => $row['id'], |
---|
| 198 | 'pwg_token' => get_pwg_token(), |
---|
| 199 | )); |
---|
| 200 | } |
---|
| 201 | if (can_manage_comment('edit', $row['author_id'])) { |
---|
| 202 | $tpl_comment['U_EDIT'] = add_url_params($url_self, array( |
---|
| 203 | 'action' => 'edit_comment', |
---|
| 204 | 'comment_to_edit' => $row['id'], |
---|
| 205 | 'pwg_token' => get_pwg_token(), |
---|
| 206 | )); |
---|
| 207 | if (isset($edit_comment) and ($row['id'] == $edit_comment)) { |
---|
| 208 | $key = get_ephemeral_key(2, $category['id']); |
---|
| 209 | $tpl_comment['IN_EDIT'] = true; |
---|
| 210 | $tpl_comment['KEY'] = $key; |
---|
| 211 | $tpl_comment['CONTENT'] = $row['content']; |
---|
| 212 | } |
---|
| 213 | } |
---|
| 214 | if (is_admin() AND $row['validated'] != 'true') { |
---|
| 215 | $tpl_comment['U_VALIDATE'] = add_url_params($url_self, array( |
---|
| 216 | 'action' => 'validate_comment', |
---|
| 217 | 'comment_to_validate' => $row['id'], |
---|
| 218 | 'pwg_token' => get_pwg_token(), |
---|
| 219 | )); |
---|
| 220 | } |
---|
| 221 | |
---|
| 222 | // template |
---|
| 223 | $template->append('comments', $tpl_comment); |
---|
| 224 | } |
---|
| 225 | } |
---|
| 226 | |
---|
| 227 | // comment form |
---|
| 228 | $show_add_comment_form = true; |
---|
| 229 | if (isset($edit_comment)) { |
---|
| 230 | $show_add_comment_form = false; |
---|
| 231 | } |
---|
| 232 | if (is_a_guest() and !$conf['comments_forall']) { |
---|
| 233 | $show_add_comment_form = false; |
---|
| 234 | } |
---|
| 235 | |
---|
| 236 | if ($show_add_comment_form) { |
---|
| 237 | $key = get_ephemeral_key(3, $category['id']); |
---|
| 238 | $content = null; |
---|
| 239 | if ('reject'===@$comment_action) { |
---|
| 240 | $content = htmlspecialchars(stripslashes($comm['content'])); |
---|
| 241 | } |
---|
| 242 | $template->assign('comment_add', array( |
---|
| 243 | 'F_ACTION' => $url_self, |
---|
| 244 | 'KEY' => $key, |
---|
| 245 | 'CONTENT' => $content, |
---|
| 246 | 'SHOW_AUTHOR' => !is_classic_user(), |
---|
| 247 | )); |
---|
| 248 | } |
---|
| 249 | |
---|
| 250 | // template |
---|
| 251 | $template->assign(array( |
---|
| 252 | 'COA_PATH' => COA_PATH, // for css |
---|
| 253 | 'COA_ABSOLUTE_PATH' => dirname(__FILE__) .'/../', // for template |
---|
| 254 | )); |
---|
| 255 | |
---|
| 256 | $template->set_filename('comments_on_albums', dirname(__FILE__) .'/../template/coa_albums.tpl'); |
---|
| 257 | $template->concat('PLUGIN_INDEX_CONTENT_END', $template->parse('comments_on_albums', true)); |
---|
| 258 | |
---|
| 259 | $template->set_filename('comments_on_albums_messages', dirname(__FILE__) .'/../template/coa_messages.tpl'); |
---|
| 260 | $template->concat('PLUGIN_INDEX_CONTENT_BEFORE', $template->parse('comments_on_albums_messages', true)); |
---|
| 261 | } |
---|
| 262 | |
---|
| 263 | ?> |
---|