Context Navigation

source: extensions/GuestBook/include/guestbook.inc.php @ 17317

Last change on this file since 17317 was 17317, checked in by mistic100, 12 years ago
compatible with question_mark_in_urls=false
File size: 9.0 KB

Line
1	<?php
2	if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4	include(GUESTBOOK_PATH . '/include/functions.inc.php');
5
6	$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
7
8	// +-----------------------------------------------------------------------+
9	// \| actions \|
10	// +-----------------------------------------------------------------------+
11	if (isset($_GET['action']))
12	{
13	switch ($_GET['action'])
14	{
15	case 'edit_comment':
16	{
17	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
18
19	check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
20	$author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
21
22	if (can_manage_comment('edit', $author_id))
23	{
24	if (!empty($_POST['content']))
25	{
26	check_pwg_token();
27	$comment_action = update_user_comment_guestbook(
28	array(
29	'comment_id' => $_GET['comment_to_edit'],
30	'content' => $_POST['content']
31	),
32	$_POST['key']
33	);
34
35	$perform_redirect = false;
36	switch ($comment_action)
37	{
38	case 'moderate':
39	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
40	case 'validate':
41	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
42	$perform_redirect = true;
43	break;
44	case 'reject':
45	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
46	$perform_redirect = true;
47	break;
48	default:
49	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
50	}
51
52	if ($perform_redirect)
53	{
54	redirect($url_self);
55	}
56	unset($_POST['content']);
57	}
58	else
59	{
60	$edit_comment = $_GET['comment_to_edit'];
61	}
62	}
63	break;
64	}
65	case 'delete_comment' :
66	{
67	check_pwg_token();
68
69	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
70
71	check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
72
73	$author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
74
75	if (can_manage_comment('delete', $author_id))
76	{
77	delete_user_comment_guestbook($_GET['comment_to_delete']);
78	}
79
80	redirect($url_self);
81	}
82	case 'validate_comment' :
83	{
84	check_pwg_token();
85
86	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
87
88	check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
89
90	$author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
91
92	if (can_manage_comment('validate', $author_id))
93	{
94	validate_user_comment_guestbook($_GET['comment_to_validate']);
95	}
96
97	redirect($url_self);
98	}
99
100	}
101	}
102
103	// +-----------------------------------------------------------------------+
104	// \| add comment \|
105	// +-----------------------------------------------------------------------+
106	if ( isset( $_POST['content'] ) )
107	{
108	$comm = array(
109	'author' => trim( @$_POST['author'] ),
110	'email' => trim( @$_POST['email'] ),
111	'content' => trim( $_POST['content'] ),
112	'website' => trim( $_POST['website'] ),
113	'rate' => @$_POST['score'],
114	);
115
116	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
117
118	$comment_action = insert_user_comment_guestbook($comm, @$_POST['key'], $page['infos']);
119
120	switch ($comment_action)
121	{
122	case 'moderate':
123	array_push($page['infos'], l10n('An administrator must authorize your comment before it is visible.') );
124	case 'validate':
125	array_push($page['infos'], l10n('Your comment has been registered'));
126	break;
127	case 'reject':
128	set_status_header(403);
129	array_push($page['errors'], l10n('Your comment has NOT been registered because it did not pass the validation rules') );
130	break;
131	default:
132	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
133	}
134
135	// allow plugins to notify what's going on
136	trigger_action( 'user_comment_insertion',
137	array_merge($comm, array('action'=>$comment_action) )
138	);
139	}
140
141	// +-----------------------------------------------------------------------+
142	// \| display comments \|
143	// +-----------------------------------------------------------------------+
144	$where_clauses = array('1=1');
145	if ( !is_admin() )
146	{
147	array_push($where_clauses, 'validated = \'true\'');
148	}
149	if (isset($_GET['comment_id']))
150	{
151	array_push($where_clauses, 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']));
152	}
153
154	// number of comments for this picture
155	$query = '
156	SELECT
157	COUNT(*) AS nb_comments
158	FROM '.GUESTBOOK_TABLE.' as com
159	WHERE '.implode(' AND ', $where_clauses).'
160	;';
161	$row = pwg_db_fetch_assoc( pwg_query( $query ) );
162
163	// navigation bar creation
164	$page['start'] = 0;
165	if (isset($_GET['start']))
166	{
167	$page['start'] = $_GET['start'];
168	}
169
170	$navigation_bar = create_navigation_bar(
171	GUESTBOOK_URL,
172	$row['nb_comments'],
173	$page['start'],
174	$conf['guestbook']['nb_comment_page'],
175	false
176	);
177
178	$template->assign(
179	array(
180	'COMMENT_COUNT' => $row['nb_comments'],
181	'navbar' => $navigation_bar,
182	)
183	);
184
185	if ($row['nb_comments'] > 0)
186	{
187	$query = '
188	SELECT
189	com.id,
190	author,
191	author_id,
192	'.$conf['user_fields']['username'].' AS username,
193	date,
194	content,
195	validated,
196	website,
197	rate,
198	email
199	FROM '.GUESTBOOK_TABLE.' AS com
200	LEFT JOIN '.USERS_TABLE.' AS u
201	ON u.'.$conf['user_fields']['id'].' = author_id
202	WHERE '.implode(' AND ', $where_clauses).'
203	ORDER BY date DESC
204	LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
205	;';
206	$result = pwg_query( $query );
207
208	while ($row = pwg_db_fetch_assoc($result))
209	{
210	if (!empty($row['author']))
211	{
212	$author = $row['author'];
213	if ($author == 'guest')
214	{
215	$author = l10n('guest');
216	}
217	}
218	else
219	{
220	$author = stripslashes($row['username']);
221	}
222
223	$tpl_comment =
224	array(
225	'ID' => $row['id'],
226	'AUTHOR' => trigger_event('render_comment_author', $author),
227	'DATE' => format_date($row['date'], true),
228	'CONTENT' => trigger_event('render_comment_content',$row['content']),
229	'WEBSITE' => $row['website'],
230	);
231
232	if ($conf['guestbook']['activate_rating'])
233	{
234	$tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
235	}
236
237	if (is_admin() and !empty($row['email']))
238	{
239	$tpl_comment['EMAIL'] = $row['email'];
240	}
241
242	if (can_manage_comment('delete', $row['author_id']))
243	{
244	$tpl_comment['U_DELETE'] = add_url_params(
245	$url_self,
246	array(
247	'action'=>'delete_comment',
248	'comment_to_delete'=>$row['id'],
249	'pwg_token' => get_pwg_token(),
250	)
251	);
252	}
253	if (can_manage_comment('edit', $row['author_id']))
254	{
255	$tpl_comment['U_EDIT'] = add_url_params(
256	$url_self,
257	array(
258	'action'=>'edit_comment',
259	'comment_to_edit'=>$row['id'],
260	)
261	);
262	if (isset($edit_comment) and ($row['id'] == $edit_comment))
263	{
264	$tpl_comment['IN_EDIT'] = true;
265	$tpl_comment['KEY'] = get_ephemeral_key(2);
266	$tpl_comment['CONTENT'] = $row['content'];
267	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
268	$tpl_comment['U_CANCEL'] = $url_self;
269	}
270	}
271	if (is_admin())
272	{
273	if ($row['validated'] != 'true')
274	{
275	$tpl_comment['U_VALIDATE'] = add_url_params(
276	$url_self,
277	array(
278	'action' => 'validate_comment',
279	'comment_to_validate' => $row['id'],
280	'pwg_token' => get_pwg_token(),
281	)
282	);
283	}
284	}
285	$template->append('comments', $tpl_comment);
286	}
287	}
288
289	$show_add_comment_form = true;
290	if (isset($edit_comment))
291	{
292	$show_add_comment_form = false;
293	}
294
295	if ($show_add_comment_form)
296	{
297	foreach (array('content','author','website','email') as $el)
298	{
299	${$el} = '';
300	if ('reject'===@$comment_action and !empty($comm[$el]))
301	{
302	${$el} = htmlspecialchars( stripslashes($comm[$el]) );
303	}
304	}
305	$template->assign('comment_add',
306	array(
307	'F_ACTION' => $url_self,
308	'KEY' => get_ephemeral_key(3),
309	'CONTENT' => $content,
310	'SHOW_AUTHOR' => !is_classic_user(),
311	'AUTHOR' => $author ,
312	'WEBSITE' => $website ,
313	'EMAIL' => $email ,
314	'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
315	));
316	}
317
318	$template->assign('ABS_GUESTBOOK_PATH', dirname(__FILE__).'/../');
319	$template->assign('GUESTBOOK_PATH', GUESTBOOK_PATH);
320	$template->set_filename('index', dirname(__FILE__).'/../template/guestbook.tpl');
321
322	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: