source: extensions/Comments_on_Albums/include/functions_comment.inc.php @ 14528

Last change on this file since 14528 was 14528, checked in by mistic100, 12 years ago

update for 2.4
delete useless admin page
now compatible with RV Thumb Scroller
File size: 10.6 KB
Line 
1<?php
2/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3
4//returns string action to perform on a new comment: validate, moderate, reject
5function user_comment_check_albums($action, $comment)
6{
7  global $conf,$user;
8
9  if ($action=='reject')
10  return $action;
11
12  $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
13
14  if ($action==$my_action)
15  return $action;
16
17  // we do here only BASIC spam check (plugins can do more)
18  if ( !is_a_guest() )
19  return $action;
20
21  $link_count = preg_match_all( '/https?:\/\//',
22  $comment['content'], $matches);
23
24  if ( strpos($comment['author'], 'http://')!==false )
25  {
26  $link_count++;
27  }
28
29  if ( $link_count>$conf['comment_spam_max_links'] )
30  return $my_action;
31
32  return $action;
33}
34
35add_event_handler('user_comment_check_albums', 'user_comment_check_albums',
36  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
37
38/**
39 * Tries to insert a user comment in the database and returns one of :
40 * validate, moderate, reject
41 * @param array comm contains author, content, category_id
42 * @param string key secret key sent back to the browser
43 * @param array infos out array of messages
44 */
45function insert_user_comment_albums( &$comm, $key, &$infos )
46{
47  global $conf, $user;
48
49  $comm = array_merge( $comm,
50    array(
51      'ip' => $_SERVER['REMOTE_ADDR'],
52      'agent' => $_SERVER['HTTP_USER_AGENT']
53    )
54   );
55
56  $infos = array();
57  if (!$conf['comments_validation'] or is_admin())
58  {
59    $comment_action='validate'; //one of validate, moderate, reject
60  }
61  else
62  {
63    $comment_action='moderate'; //one of validate, moderate, reject
64  }
65
66  // display author field if the user status is guest or generic
67  if (!is_classic_user())
68  {
69    if ( empty($comm['author']) )
70    {
71      $comm['author'] = 'guest';
72    }
73    $comm['author_id'] = $conf['guest_id'];
74    // if a guest try to use the name of an already existing user, he must be
75    // rejected
76    if ( $comm['author'] != 'guest' )
77    {
78      $query = '
79SELECT COUNT(*) AS user_exists
80  FROM '.USERS_TABLE.'
81  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
82      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
83      if ( $row['user_exists'] == 1 )
84      {
85        array_push($infos, l10n('This login is already used by another user') );
86        $comment_action='reject';
87      }
88    }
89  }
90  else
91  {
92    $comm['author'] = addslashes($user['username']);
93    $comm['author_id'] = $user['id'];
94  }
95
96  if ( empty($comm['content']) )
97  { // empty comment content
98    $comment_action='reject';
99  }
100
101  if ( !verify_ephemeral_key(@$key, $comm['category_id']) )
102  {
103    $comment_action='reject';
104    $_POST['cr'][] = 'key';
105  }
106
107  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
108  { // anti-flood system
109    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
110
111    $query = '
112SELECT count(1) FROM '.COA_TABLE.'
113  WHERE date > '.$reference_date.'
114    AND author_id = '.$comm['author_id'];
115    list($counter) = pwg_db_fetch_row(pwg_query($query));
116    if ( $counter > 0 )
117    {
118      array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
119      $comment_action='reject';
120    }
121  }
122
123  // perform more spam check
124  $comment_action = trigger_event('user_comment_check_albums',
125      $comment_action, $comm
126    );
127
128  if ( $comment_action!='reject' )
129  {
130    $query = '
131INSERT INTO '.COA_TABLE.'
132  (author, author_id, content, date, validated, validation_date, category_id)
133  VALUES (
134    \''.$comm['author'].'\',
135    '.$comm['author_id'].',
136    \''.$comm['content'].'\',
137    NOW(),
138    \''.($comment_action=='validate' ? 'true':'false').'\',
139    '.($comment_action=='validate' ? 'NOW()':'NULL').',
140    '.$comm['category_id'].'
141  )
142';
143
144    pwg_query($query);
145
146    $comm['id'] = pwg_db_insert_id(COA_TABLE);
147
148    if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
149        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
150    {
151      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
152
153      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&amp;comment_id='.$comm['id'];
154
155      $keyargs_content = array
156      (
157        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
158        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
159        get_l10n_args('', ''),
160        get_l10n_args('Manage this user comment: %s', $comment_url)
161      );
162
163      if ('moderate' == $comment_action)
164      {
165        $keyargs_content[] = get_l10n_args('', '');
166        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
167      }
168
169      pwg_mail_notification_admins
170      (
171        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
172        $keyargs_content
173      );
174    }
175  }
176  return $comment_action;
177}
178
179/**
180 * Tries to delete a user comment in the database
181 * only admin can delete all comments
182 * other users can delete their own comments
183 * so to avoid a new sql request we add author in where clause
184 *
185 * @param comment_id
186 */
187function delete_user_comment_albums($comment_id) 
188{
189  $user_where_clause = '';
190  if (!is_admin())
191  {
192    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
193  }
194 
195  if (is_array($comment_id))
196    $where_clause = 'id IN('.implode(',', $comment_id).')';
197  else
198    $where_clause = 'id = '.$comment_id;
199 
200  $query = '
201DELETE FROM '.COA_TABLE.'
202  WHERE '.$where_clause.
203$user_where_clause.'
204;';
205  $result = pwg_query($query);
206 
207  if ($result) 
208  {
209    email_admin('delete', 
210                array('author' => $GLOBALS['user']['username'],
211                      'comment_id' => $comment_id
212                  ));
213  }
214 
215  trigger_action('user_comment_deletion', $comment_id, 'category');
216}
217
218/**
219 * Tries to update a user comment in the database
220 * only admin can update all comments
221 * users can edit their own comments if admin allow them
222 * so to avoid a new sql request we add author in where clause
223 *
224 * @param comment_id
225 * @param post_key
226 * @param content
227 */
228function update_user_comment_albums($comment, $post_key)
229{
230  global $conf;
231
232  $comment_action = 'validate';
233
234  if ( !verify_ephemeral_key($post_key, $comment['category_id']) )
235  {
236    $comment_action='reject';
237  }
238  elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
239  {
240    $comment_action='validate'; //one of validate, moderate, reject
241  }
242  else
243  {
244    $comment_action='moderate'; //one of validate, moderate, reject
245  }
246
247  // perform more spam check
248  $comment_action =
249    trigger_event('user_comment_check',
250      $comment_action,
251      array_merge($comment,
252            array('author' => $GLOBALS['user']['username'])
253            )
254      );
255
256  if ( $comment_action!='reject' )
257  {
258    $user_where_clause = '';
259    if (!is_admin())
260    {
261      $user_where_clause = '   AND author_id = \''.
262  $GLOBALS['user']['id'].'\'';
263    }
264
265    $query = '
266UPDATE '.COA_TABLE.'
267  SET content = \''.$comment['content'].'\',
268      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
269      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
270  WHERE id = '.$comment['comment_id'].
271$user_where_clause.'
272;';
273    $result = pwg_query($query);
274   
275    // mail admin and ask to validate the comment
276    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
277    {
278      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
279
280      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&amp;comment_id='.$comment['comment_id'];
281
282      $keyargs_content = array
283      (
284        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
285        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
286        get_l10n_args('', ''),
287        get_l10n_args('Manage this user comment: %s', $comment_url),
288        get_l10n_args('', ''),
289        get_l10n_args('(!) This comment requires validation', ''),
290      );
291
292      pwg_mail_notification_admins
293      (
294        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
295        $keyargs_content
296      );
297    }
298    // just mail admin
299    else if ($result)
300    {
301      email_admin('edit', array('author' => $GLOBALS['user']['username'],
302        'content' => stripslashes($comment['content'])) );
303    }
304  }
305 
306  return $comment_action;
307}
308
309if (!function_exists('email_admin')) 
310{
311  function email_admin($action, $comment)
312  {
313    global $conf;
314
315    if (!in_array($action, array('edit', 'delete'))
316      or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
317      or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
318    {
319    return;
320    }
321
322    include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
323
324    $keyargs_content = array();
325    $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
326    if ($action=='delete')
327    {
328    $keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
329               $comment['comment_id']
330               );
331    }
332    else
333    {
334    $keyargs_content[] = get_l10n_args('This author modified following comment:', '');
335    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
336    }
337
338    pwg_mail_notification_admins(get_l10n_args('Comment by %s',
339               $comment['author']),
340             $keyargs_content
341             );
342  }
343}
344
345function get_comment_author_id_albums($comment_id, $die_on_error=true)
346{
347  $query = '
348SELECT
349    author_id
350  FROM '.COA_TABLE.'
351  WHERE id = '.$comment_id.'
352;';
353  $result = pwg_query($query);
354  if (pwg_db_num_rows($result) == 0)
355  {
356    if ($die_on_error)
357    {
358      fatal_error('Unknown comment identifier');
359    }
360    else
361    {
362      return false;
363    }
364  }
365 
366  list($author_id) = pwg_db_fetch_row($result);
367
368  return $author_id;
369}
370
371/**
372 * Tries to validate a user comment in the database
373 * @param int or array of int comment_id
374 */
375function validate_user_comment_albums($comment_id)
376{
377  if (is_array($comment_id))
378    $where_clause = 'id IN('.implode(',', $comment_id).')';
379  else
380    $where_clause = 'id = '.$comment_id;
381   
382  $query = '
383UPDATE '.COA_TABLE.'
384  SET validated = \'true\'
385    , validation_date = NOW()
386  WHERE '.$where_clause.'
387;';
388  pwg_query($query);
389 
390  trigger_action('user_comment_validation', $comment_id, 'category');
391}
392?>
Note: See TracBrowser for help on using the repository browser.