source: extensions/Comments_on_Albums/trunk/include/functions_comment.inc.php @ 26110

Last change on this file since 26110 was 26110, checked in by mistic100, 10 years ago

use new trigger methods and add extra param
File size: 10.5 KB
Line 
1<?php
2/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3defined('COA_ID') or die('Hacking attempt!');
4
5include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
6
7/**
8 * Tries to insert a user comment and returns action to perform.
9 *
10 * @param array &$comm
11 * @param string $key secret key sent back to the browser
12 * @param array &$infos output array of error messages
13 * @return string validate, moderate, reject
14 */
15function insert_user_comment_albums(&$comm, $key, &$infos)
16{
17  global $conf, $user;
18
19  $comm = array_merge( $comm,
20    array(
21      'ip' => $_SERVER['REMOTE_ADDR'],
22      'agent' => $_SERVER['HTTP_USER_AGENT']
23    )
24   );
25
26  $infos = array();
27  if (!$conf['comments_validation'] or is_admin())
28  {
29    $comment_action='validate'; //one of validate, moderate, reject
30  }
31  else
32  {
33    $comment_action='moderate'; //one of validate, moderate, reject
34  }
35
36  // display author field if the user status is guest or generic
37  if (!is_classic_user())
38  {
39    if (empty($comm['author']))
40    {
41      if ($conf['comments_author_mandatory'])
42      {
43        $infos[] = l10n('Username is mandatory');
44        $comment_action='reject';
45      }
46      $comm['author'] = 'guest';
47    }
48    $comm['author_id'] = $conf['guest_id'];
49    // if a guest try to use the name of an already existing user,
50    // he must be rejected
51    if ($comm['author'] != 'guest')
52    {
53      $query = '
54SELECT COUNT(*) AS user_exists
55  FROM '.USERS_TABLE.'
56  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'
57;";
58      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
59      if ($row['user_exists'] == 1)
60      {
61        $infos[] = l10n('This login is already used by another user');
62        $comment_action='reject';
63      }
64    }
65  }
66  else
67  {
68    $comm['author'] = addslashes($user['username']);
69    $comm['author_id'] = $user['id'];
70  }
71
72  // content
73  if (empty($comm['content']))
74  {
75    $comment_action='reject';
76  }
77
78  // key
79  if (!verify_ephemeral_key(@$key, $comm['category_id']))
80  {
81    $comment_action='reject';
82    $_POST['cr'][] = 'key';
83  }
84
85  // website
86  if (!empty($comm['website_url']))
87  {
88    if (!preg_match('/^https?/i', $comm['website_url']))
89    {
90      $comm['website_url'] = 'http://'.$comm['website_url'];
91    }
92    if (!url_check_format($comm['website_url']))
93    {
94      $infos[] = l10n('Your website URL is invalid');
95      $comment_action='reject';
96    }
97  }
98
99  // email
100  if (empty($comm['email']))
101  {
102    if (!empty($user['email']))
103    {
104      $comm['email'] = $user['email'];
105    }
106    else if ($conf['comments_email_mandatory'])
107    {
108      $infos[] = l10n('Email address is missing. Please specify an email address.');
109      $comment_action='reject';
110    }
111  }
112  else if (!email_check_format($comm['email']))
113  {
114    $infos[] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
115    $comment_action='reject';
116  }
117
118  // anonymous id = ip address
119  $ip_components = explode('.', $comm['ip']);
120  if (count($ip_components) > 3)
121  {
122    array_pop($ip_components);
123  }
124  $comm['anonymous_id'] = implode('.', $ip_components);
125
126  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
127  { // anti-flood system
128    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
129
130    $query = '
131SELECT count(1) FROM '.COA_TABLE.'
132  WHERE date > '.$reference_date.'
133    AND author_id = '.$comm['author_id'];
134    if (!is_classic_user())
135    {
136      $query.= '
137      AND anonymous_id = "'.$comm['anonymous_id'].'"';
138    }
139    $query.= '
140;';
141
142    list($counter) = pwg_db_fetch_row(pwg_query($query));
143    if ($counter > 0)
144    {
145      $infos[] = l10n('Anti-flood system : please wait for a moment before trying to post another comment');
146      $comment_action='reject';
147    }
148  }
149
150  // perform more spam check
151  $comment_action = trigger_change('user_comment_check',
152      $comment_action, $comm, 'album'
153    );
154
155  if ($comment_action!='reject')
156  {
157    $query = '
158INSERT INTO '.COA_TABLE.'
159  (author, author_id, anonymous_id, content, date, validated, validation_date, category_id, website_url, email)
160  VALUES (
161    \''.$comm['author'].'\',
162    '.$comm['author_id'].',
163    \''.$comm['anonymous_id'].'\',
164    \''.$comm['content'].'\',
165    NOW(),
166    \''.($comment_action=='validate' ? 'true':'false').'\',
167    '.($comment_action=='validate' ? 'NOW()':'NULL').',
168    '.$comm['category_id'].',
169    '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').',
170    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
171  )
172';
173    pwg_query($query);
174    $comm['id'] = pwg_db_insert_id(COA_TABLE);
175
176    if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
177        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
178    {
179      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
180
181      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comm['id'];
182
183      $keyargs_content = array
184      (
185        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
186        get_l10n_args('Email: %s', stripslashes($comm['email']) ),
187        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
188        get_l10n_args('', ''),
189        get_l10n_args('Manage this user comment: %s', $comment_url)
190      );
191
192      if ('moderate' == $comment_action)
193      {
194        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
195      }
196
197      pwg_mail_notification_admins(
198        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
199        $keyargs_content
200      );
201    }
202  }
203
204  return $comment_action;
205}
206
207/**
208 * Tries to delete a (or more) user comment.
209 *    only admin can delete all comments
210 *    other users can delete their own comments
211 *
212 * @param int|int[] $comment_id
213 * @return bool false if nothing deleted
214 */
215function delete_user_comment_albums($comment_id)
216{
217  $user_where_clause = '';
218  if (!is_admin())
219  {
220    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
221  }
222
223  if (is_array($comment_id))
224  {
225    $where_clause = 'id IN('.implode(',', $comment_id).')';
226  }
227  else
228  {
229    $where_clause = 'id = '.$comment_id;
230  }
231
232  $query = '
233DELETE FROM '.COA_TABLE.'
234  WHERE '.$where_clause.
235$user_where_clause.'
236;';
237
238  if (pwg_db_changes(pwg_query($query)))
239  {
240    email_admin('delete',
241                array('author' => $GLOBALS['user']['username'],
242                      'comment_id' => $comment_id
243                  ));
244    trigger_notify('user_comment_deletion', $comment_id, 'album');
245
246    return true;
247  }
248
249  return false;
250}
251
252/**
253 * Tries to update a user comment
254 *    only admin can update all comments
255 *    users can edit their own comments if admin allow them
256 *
257 * @param array $comment
258 * @param string $post_key secret key sent back to the browser
259 * @return string validate, moderate, reject
260 */
261function update_user_comment_albums($comment, $post_key)
262{
263  global $conf;
264
265  $comment_action = 'validate';
266
267  if (!verify_ephemeral_key($post_key, $comment['category_id']))
268  {
269    $comment_action='reject';
270  }
271  elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
272  {
273    $comment_action='validate'; //one of validate, moderate, reject
274  }
275  else
276  {
277    $comment_action='moderate'; //one of validate, moderate, reject
278  }
279
280  // perform more spam check
281  $comment_action =
282    trigger_change('user_comment_check',
283      $comment_action,
284      array_merge($comment,
285            array('author' => $GLOBALS['user']['username'])
286            ),
287      'album'
288      );
289
290  // website
291  if (!empty($comment['website_url']))
292  {
293    if (!preg_match('/^https?/i', $comment['website_url']))
294    {
295      $comment['website_url'] = 'http://'.$comment['website_url'];
296    }
297    if (!url_check_format($comment['website_url']))
298    {
299      $page['errors'][] = l10n('Your website URL is invalid');
300      $comment_action='reject';
301    }
302  }
303
304  if ( $comment_action!='reject' )
305  {
306    $user_where_clause = '';
307    if (!is_admin())
308    {
309      $user_where_clause = '   AND author_id = \''.
310  $GLOBALS['user']['id'].'\'';
311    }
312
313    $query = '
314UPDATE '.COA_TABLE.'
315  SET content = \''.$comment['content'].'\',
316      website_url = '.(!empty($comment['website_url']) ? '\''.$comment['website_url'].'\'' : 'NULL').',
317      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
318      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
319  WHERE id = '.$comment['comment_id'].
320$user_where_clause.'
321;';
322    $result = pwg_query($query);
323
324    // mail admin and ask to validate the comment
325    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action)
326    {
327      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
328
329      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&amp;comment_id='.$comment['comment_id'];
330
331      $keyargs_content = array
332      (
333        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
334        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
335        get_l10n_args('', ''),
336        get_l10n_args('Manage this user comment: %s', $comment_url),
337        get_l10n_args('(!) This comment requires validation', ''),
338      );
339
340      pwg_mail_notification_admins(
341        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
342        $keyargs_content
343      );
344    }
345    // just mail admin
346    else if ($result)
347    {
348      email_admin('edit', array('author' => $GLOBALS['user']['username'],
349        'content' => stripslashes($comment['content'])) );
350    }
351  }
352
353  return $comment_action;
354}
355
356/**
357 * Returns the author id of a comment
358 *
359 * @param int $comment_id
360 * @param bool $die_on_error
361 * @return int
362 */
363function get_comment_author_id_albums($comment_id, $die_on_error=true)
364{
365  $query = '
366SELECT
367    author_id
368  FROM '.COA_TABLE.'
369  WHERE id = '.$comment_id.'
370;';
371  $result = pwg_query($query);
372  if (pwg_db_num_rows($result) == 0)
373  {
374    if ($die_on_error)
375    {
376      fatal_error('Unknown comment identifier');
377    }
378    else
379    {
380      return false;
381    }
382  }
383
384  list($author_id) = pwg_db_fetch_row($result);
385
386  return $author_id;
387}
388
389/**
390 * Tries to validate a user comment.
391 *
392 * @param int|int[] $comment_id
393 */
394function validate_user_comment_albums($comment_id)
395{
396  if (is_array($comment_id))
397  {
398    $where_clause = 'id IN('.implode(',', $comment_id).')';
399  }
400  else
401  {
402    $where_clause = 'id = '.$comment_id;
403  }
404
405  $query = '
406UPDATE '.COA_TABLE.'
407  SET validated = \'true\'
408    , validation_date = NOW()
409  WHERE '.$where_clause.'
410;';
411  pwg_query($query);
412
413  trigger_notify('user_comment_validation', $comment_id, 'album');
414}
Note: See TracBrowser for help on using the repository browser.