<?php
/* Code adapted from include/picture_comment.inc.php and picture.php */
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');

// +-----------------------------------------------------------------------+
//				Category's infos
// +-----------------------------------------------------------------------+
$category = $page['category'];

$url_self = duplicate_index_url(array(
	'category' => array(
		'id'=>$category['id'], 
		'name'=>$category['name'], 
		'permalink'=>$category['permalink']
	), 
	array('start')
));


// +-----------------------------------------------------------------------+
//				Actions
// +-----------------------------------------------------------------------+
if (isset($_GET['action'])) {
	switch ($_GET['action']) {
		case 'edit_comment' : {
			check_pwg_token();
			include_once(COA_PATH.'include/functions_comment.inc.php'); // custom fonctions
			check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
			$author_id = get_comment_author_id($_GET['comment_to_edit']);

			if (can_manage_comment('edit', $author_id)) {
				if (!empty($_POST['content'])) {
					update_user_comment(array(
						'comment_id' => $_GET['comment_to_edit'],
						'image_id' => $category['id'],
						'content' => $_POST['content']
					), $_POST['key']);

					redirect($url_self);
				} else {
					$edit_comment = $_GET['comment_to_edit'];
					break;
				}
			}
		}
		
		case 'delete_comment' : {
			check_pwg_token();
			include_once(COA_PATH.'include/functions_comment.inc.php');
			check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
			$author_id = get_comment_author_id($_GET['comment_to_delete']);

			if (can_manage_comment('delete', $author_id)) {
				delete_user_comment($_GET['comment_to_delete']);
			}

			redirect($url_self);
		}
		
		case 'validate_comment' : {
			check_pwg_token();
			include_once(COA_PATH.'include/functions_comment.inc.php');
			check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
			$author_id = get_comment_author_id($_GET['comment_to_validate']);

			if (can_manage_comment('validate', $author_id)) {
				validate_user_comment($_GET['comment_to_validate']);
			}

			redirect($url_self);
		}
	}
}


// +-----------------------------------------------------------------------+
//				Insert comment
// +-----------------------------------------------------------------------+
if ($category['commentable'] and isset($_POST['content'])) {
	if (is_a_guest() and !$conf['comments_forall']) {
		die('Session expired');
	}

	$comm = array(
		'author' => trim( @$_POST['author'] ),
		'content' => trim( $_POST['content'] ),
		'image_id' => $category['id'],
	);

	include_once(COA_PATH.'include/functions_comment.inc.php');
	$comment_action = insert_user_comment($comm, @$_POST['key'], $infos);

	switch ($comment_action) {
		case 'moderate':
			array_push($infos, l10n('An administrator must authorize your comment before it is visible.'));
		case 'validate':
			array_push($infos, l10n('Your comment has been registered'));
			break;
		case 'reject':
			set_status_header(403);
			array_push($infos, l10n('Your comment has NOT been registered because it did not pass the validation rules'));
			break;
		default:
			trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
	}

	$template->assign(($comment_action=='reject') ? 'errors' : 'infos', $infos);
	trigger_action('user_comment_insertion', array_merge($comm, array('action'=>$comment_action)));
	
} elseif (isset($_POST['content'])) {
	set_status_header(403);
	die('ugly spammer');
}


// +-----------------------------------------------------------------------+
//				Display comments
// +-----------------------------------------------------------------------+
if ($category['commentable']) {
	if (!is_admin()) {
		$validated_clause = " AND validated = 'true'";
	} else {
		$validated_clause = null;
	}

	// number of comments for this picture
	$query = 'SELECT COUNT(*) AS nb_comments
		FROM '.COA_TABLE.'
		WHERE category_id = '.$category['id']
		.$validated_clause.'
	;';
	$row = pwg_db_fetch_assoc(pwg_query($query));

	// navigation bar creation, custom again
	if (isset($_GET['start_comments'])) {
		$page['start_comments'] = $_GET['start_comments'];
	} else {
		$page['start_comments'] = 0;
	}
	include_once(COA_PATH.'include/functions.inc.php');

	$navigation_bar = create_comment_navigation_bar(
		duplicate_index_url(array(), array('start')),
		$row['nb_comments'],
		$page['start_comments'],
		$conf['nb_comment_page']
	);

	$template->assign(array(
		'COMMENT_COUNT' => $row['nb_comments'],
		'comment_navbar' => $navigation_bar,
	));

	if ($row['nb_comments'] > 0) {
		// get comments
		$query = 'SELECT
				com.id,
				author,
				author_id,
				'.$conf['user_fields']['username'].' AS username,
				date,
				category_id,
				content,
				validated
			FROM '.COA_TABLE.' AS com
			LEFT JOIN '.USERS_TABLE.' AS u
			ON u.'.$conf['user_fields']['id'].' = author_id
			WHERE category_id = '.$category['id'].'
			'.$validated_clause.'
			ORDER BY date ASC
			LIMIT '.$conf['nb_comment_page'].' OFFSET '.$page['start_comments'].'
		;';
		$result = pwg_query($query);

		while ($row = pwg_db_fetch_assoc($result)) {
			// author
			if (!empty($row['author'])) {
				$author = $row['author'];
				if ($author == 'guest') {
					$author = l10n('guest');
				}
			} else {
				$author = stripslashes($row['username']);
			}
			
			// comment content
			$tpl_comment = array(
				'AUTHOR' => trigger_event('render_comment_author', $author),
				'DATE' => format_date($row['date'], true),
				'CONTENT' => trigger_event('render_comment_content', $row['content']),
			);
			
			// rights
			if (can_manage_comment('delete', $row['author_id'])) {
				$tpl_comment['U_DELETE'] = add_url_params($url_self, array(
					'action' => 'delete_comment',
					'comment_to_delete' => $row['id'],
					'pwg_token' => get_pwg_token(),
				));
			}
			if (can_manage_comment('edit', $row['author_id'])) {
				$tpl_comment['U_EDIT'] = add_url_params($url_self, array(
					'action' => 'edit_comment',
					'comment_to_edit' => $row['id'],
					'pwg_token' => get_pwg_token(),
				));
				if (isset($edit_comment) and ($row['id'] == $edit_comment)) {
					$key = get_ephemeral_key(2, $category['id']);
					$tpl_comment['IN_EDIT'] = true;
					$tpl_comment['KEY'] = $key;
					$tpl_comment['CONTENT'] = $row['content'];
				}
			}
			if (is_admin() AND $row['validated'] != 'true') {
				$tpl_comment['U_VALIDATE'] = add_url_params($url_self, array(
					'action' => 'validate_comment',
					'comment_to_validate' => $row['id'],
					'pwg_token' => get_pwg_token(),
				));
			}
			
			// template
			$template->append('comments', $tpl_comment);
		}
	}

	// comment form
	$show_add_comment_form = true;
	if (isset($edit_comment)) {
		$show_add_comment_form = false;
	}
	if (is_a_guest() and !$conf['comments_forall']) {
		$show_add_comment_form = false;
	}

	if ($show_add_comment_form) {
		$key = get_ephemeral_key(3, $category['id']);
		$content = null;
		if ('reject'===@$comment_action) {
			$content = htmlspecialchars(stripslashes($comm['content']));
		}
		$template->assign('comment_add', array(
			'F_ACTION' => $url_self,
			'KEY' => $key,
			'CONTENT' => $content,
			'SHOW_AUTHOR' => !is_classic_user(),
		));
	}
	
	// template
	$template->assign(array(
		'COA_PATH' => COA_PATH, // for css
		'COA_ABSOLUTE_PATH' => dirname(__FILE__) .'/../', // for template
	));
	
	$template->set_filename('comments_on_albums', dirname(__FILE__) .'/../template/coa_albums.tpl');
	$template->concat('PLUGIN_INDEX_CONTENT_END', $template->parse('comments_on_albums', true));
	
	$template->set_filename('comments_on_albums_messages', dirname(__FILE__) .'/../template/coa_messages.tpl');
	$template->concat('PLUGIN_INDEX_CONTENT_BEFORE', $template->parse('comments_on_albums_messages', true));
}

?>