source: extensions/Comments_on_Albums/trunk/include/functions_comment.inc.php @ 26089

Last change on this file since 26089 was 26089, checked in by mistic100, 10 years ago

update for 2.6 + clean
File size: 10.5 KB
Line 
1<?php
2/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3defined('COA_ID') or die('Hacking attempt!');
4
5include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
6
7/**
8 * Tries to insert a user comment and returns action to perform.
9 *
10 * @param array &$comm
11 * @param string $key secret key sent back to the browser
12 * @param array &$infos output array of error messages
13 * @return string validate, moderate, reject
14 */
15function insert_user_comment_albums(&$comm, $key, &$infos)
16{
17  global $conf, $user;
18
19  $comm = array_merge( $comm,
20    array(
21      'ip' => $_SERVER['REMOTE_ADDR'],
22      'agent' => $_SERVER['HTTP_USER_AGENT']
23    )
24   );
25
26  $infos = array();
27  if (!$conf['comments_validation'] or is_admin())
28  {
29    $comment_action='validate'; //one of validate, moderate, reject
30  }
31  else
32  {
33    $comment_action='moderate'; //one of validate, moderate, reject
34  }
35
36  // display author field if the user status is guest or generic
37  if (!is_classic_user())
38  {
39    if (empty($comm['author']))
40    {
41      if ($conf['comments_author_mandatory'])
42      {
43        $infos[] = l10n('Username is mandatory');
44        $comment_action='reject';
45      }
46      $comm['author'] = 'guest';
47    }
48    $comm['author_id'] = $conf['guest_id'];
49    // if a guest try to use the name of an already existing user,
50    // he must be rejected
51    if ($comm['author'] != 'guest')
52    {
53      $query = '
54SELECT COUNT(*) AS user_exists
55  FROM '.USERS_TABLE.'
56  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'
57;";
58      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
59      if ($row['user_exists'] == 1)
60      {
61        $infos[] = l10n('This login is already used by another user');
62        $comment_action='reject';
63      }
64    }
65  }
66  else
67  {
68    $comm['author'] = addslashes($user['username']);
69    $comm['author_id'] = $user['id'];
70  }
71
72  // content
73  if (empty($comm['content']))
74  {
75    $comment_action='reject';
76  }
77
78  // key
79  if (!verify_ephemeral_key(@$key, $comm['category_id']))
80  {
81    $comment_action='reject';
82    $_POST['cr'][] = 'key';
83  }
84
85  // website
86  if (!empty($comm['website_url']))
87  {
88    if (!preg_match('/^https?/i', $comm['website_url']))
89    {
90      $comm['website_url'] = 'http://'.$comm['website_url'];
91    }
92    if (!url_check_format($comm['website_url']))
93    {
94      $infos[] = l10n('Your website URL is invalid');
95      $comment_action='reject';
96    }
97  }
98
99  // email
100  if (empty($comm['email']))
101  {
102    if (!empty($user['email']))
103    {
104      $comm['email'] = $user['email'];
105    }
106    else if ($conf['comments_email_mandatory'])
107    {
108      $infos[] = l10n('Email address is missing. Please specify an email address.');
109      $comment_action='reject';
110    }
111  }
112  else if (!email_check_format($comm['email']))
113  {
114    $infos[] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
115    $comment_action='reject';
116  }
117
118  // anonymous id = ip address
119  $ip_components = explode('.', $comm['ip']);
120  if (count($ip_components) > 3)
121  {
122    array_pop($ip_components);
123  }
124  $comm['anonymous_id'] = implode('.', $ip_components);
125
126  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
127  { // anti-flood system
128    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
129
130    $query = '
131SELECT count(1) FROM '.COA_TABLE.'
132  WHERE date > '.$reference_date.'
133    AND author_id = '.$comm['author_id'];
134    if (!is_classic_user())
135    {
136      $query.= '
137      AND anonymous_id = "'.$comm['anonymous_id'].'"';
138    }
139    $query.= '
140;';
141
142    list($counter) = pwg_db_fetch_row(pwg_query($query));
143    if ($counter > 0)
144    {
145      $infos[] = l10n('Anti-flood system : please wait for a moment before trying to post another comment');
146      $comment_action='reject';
147    }
148  }
149
150  // perform more spam check
151  $comment_action = trigger_event('user_comment_check',
152      $comment_action, $comm
153    );
154
155  if ($comment_action!='reject')
156  {
157    $query = '
158INSERT INTO '.COA_TABLE.'
159  (author, author_id, anonymous_id, content, date, validated, validation_date, category_id, website_url, email)
160  VALUES (
161    \''.$comm['author'].'\',
162    '.$comm['author_id'].',
163    \''.$comm['anonymous_id'].'\',
164    \''.$comm['content'].'\',
165    NOW(),
166    \''.($comment_action=='validate' ? 'true':'false').'\',
167    '.($comment_action=='validate' ? 'NOW()':'NULL').',
168    '.$comm['category_id'].',
169    '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').',
170    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
171  )
172';
173    pwg_query($query);
174    $comm['id'] = pwg_db_insert_id(COA_TABLE);
175
176    if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
177        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
178    {
179      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
180
181      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comm['id'];
182
183      $keyargs_content = array
184      (
185        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
186        get_l10n_args('Email: %s', stripslashes($comm['email']) ),
187        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
188        get_l10n_args('', ''),
189        get_l10n_args('Manage this user comment: %s', $comment_url)
190      );
191
192      if ('moderate' == $comment_action)
193      {
194        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
195      }
196
197      pwg_mail_notification_admins(
198        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
199        $keyargs_content
200      );
201    }
202  }
203
204  return $comment_action;
205}
206
207/**
208 * Tries to delete a (or more) user comment.
209 *    only admin can delete all comments
210 *    other users can delete their own comments
211 *
212 * @param int|int[] $comment_id
213 * @return bool false if nothing deleted
214 */
215function delete_user_comment_albums($comment_id)
216{
217  $user_where_clause = '';
218  if (!is_admin())
219  {
220    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
221  }
222
223  if (is_array($comment_id))
224  {
225    $where_clause = 'id IN('.implode(',', $comment_id).')';
226  }
227  else
228  {
229    $where_clause = 'id = '.$comment_id;
230  }
231
232  $query = '
233DELETE FROM '.COA_TABLE.'
234  WHERE '.$where_clause.
235$user_where_clause.'
236;';
237
238  if (pwg_db_changes(pwg_query($query)))
239  {
240    email_admin('delete',
241                array('author' => $GLOBALS['user']['username'],
242                      'comment_id' => $comment_id
243                  ));
244    trigger_action('user_comment_deletion', $comment_id, 'category');
245
246    return true;
247  }
248
249  return false;
250}
251
252/**
253 * Tries to update a user comment
254 *    only admin can update all comments
255 *    users can edit their own comments if admin allow them
256 *
257 * @param array $comment
258 * @param string $post_key secret key sent back to the browser
259 * @return string validate, moderate, reject
260 */
261function update_user_comment_albums($comment, $post_key)
262{
263  global $conf;
264
265  $comment_action = 'validate';
266
267  if (!verify_ephemeral_key($post_key, $comment['category_id']))
268  {
269    $comment_action='reject';
270  }
271  elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
272  {
273    $comment_action='validate'; //one of validate, moderate, reject
274  }
275  else
276  {
277    $comment_action='moderate'; //one of validate, moderate, reject
278  }
279
280  // perform more spam check
281  $comment_action =
282    trigger_event('user_comment_check',
283      $comment_action,
284      array_merge($comment,
285            array('author' => $GLOBALS['user']['username'])
286            )
287      );
288
289  // website
290  if (!empty($comment['website_url']))
291  {
292    if (!preg_match('/^https?/i', $comment['website_url']))
293    {
294      $comment['website_url'] = 'http://'.$comment['website_url'];
295    }
296    if (!url_check_format($comment['website_url']))
297    {
298      $page['errors'][] = l10n('Your website URL is invalid');
299      $comment_action='reject';
300    }
301  }
302
303  if ( $comment_action!='reject' )
304  {
305    $user_where_clause = '';
306    if (!is_admin())
307    {
308      $user_where_clause = '   AND author_id = \''.
309  $GLOBALS['user']['id'].'\'';
310    }
311
312    $query = '
313UPDATE '.COA_TABLE.'
314  SET content = \''.$comment['content'].'\',
315      website_url = '.(!empty($comment['website_url']) ? '\''.$comment['website_url'].'\'' : 'NULL').',
316      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
317      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
318  WHERE id = '.$comment['comment_id'].
319$user_where_clause.'
320;';
321    $result = pwg_query($query);
322
323    // mail admin and ask to validate the comment
324    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action)
325    {
326      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
327
328      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&amp;comment_id='.$comment['comment_id'];
329
330      $keyargs_content = array
331      (
332        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
333        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
334        get_l10n_args('', ''),
335        get_l10n_args('Manage this user comment: %s', $comment_url),
336        get_l10n_args('(!) This comment requires validation', ''),
337      );
338
339      pwg_mail_notification_admins(
340        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
341        $keyargs_content
342      );
343    }
344    // just mail admin
345    else if ($result)
346    {
347      email_admin('edit', array('author' => $GLOBALS['user']['username'],
348        'content' => stripslashes($comment['content'])) );
349    }
350  }
351
352  return $comment_action;
353}
354
355/**
356 * Returns the author id of a comment
357 *
358 * @param int $comment_id
359 * @param bool $die_on_error
360 * @return int
361 */
362function get_comment_author_id_albums($comment_id, $die_on_error=true)
363{
364  $query = '
365SELECT
366    author_id
367  FROM '.COA_TABLE.'
368  WHERE id = '.$comment_id.'
369;';
370  $result = pwg_query($query);
371  if (pwg_db_num_rows($result) == 0)
372  {
373    if ($die_on_error)
374    {
375      fatal_error('Unknown comment identifier');
376    }
377    else
378    {
379      return false;
380    }
381  }
382
383  list($author_id) = pwg_db_fetch_row($result);
384
385  return $author_id;
386}
387
388/**
389 * Tries to validate a user comment.
390 *
391 * @param int|int[] $comment_id
392 */
393function validate_user_comment_albums($comment_id)
394{
395  if (is_array($comment_id))
396  {
397    $where_clause = 'id IN('.implode(',', $comment_id).')';
398  }
399  else
400  {
401    $where_clause = 'id = '.$comment_id;
402  }
403
404  $query = '
405UPDATE '.COA_TABLE.'
406  SET validated = \'true\'
407    , validation_date = NOW()
408  WHERE '.$where_clause.'
409;';
410  pwg_query($query);
411
412  trigger_action('user_comment_validation', $comment_id, 'category');
413}
Note: See TracBrowser for help on using the repository browser.