Context Navigation

source: extensions/GuestBook/include/guestbook.inc.php @ 20181

Last change on this file since 20181 was 20181, checked in by mistic100, 11 years ago
impove display, add LiveValidation
File size: 9.2 KB

Line
1	<?php
2	if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4	global $user;
5
6	include(GUESTBOOK_PATH . '/include/functions.inc.php');
7
8	$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
9
10	// +-----------------------------------------------------------------------+
11	// \| actions \|
12	// +-----------------------------------------------------------------------+
13	if (isset($_GET['action']))
14	{
15	switch ($_GET['action'])
16	{
17	case 'edit_comment':
18	{
19	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
20
21	check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
22	$author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
23
24	if (can_manage_comment('edit', $author_id))
25	{
26	if (!empty($_POST['content']))
27	{
28	check_pwg_token();
29	$comment_action = update_user_comment_guestbook(
30	array(
31	'comment_id' => $_GET['comment_to_edit'],
32	'content' => $_POST['content']
33	),
34	$_POST['key']
35	);
36
37	$perform_redirect = false;
38	switch ($comment_action)
39	{
40	case 'moderate':
41	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
42	case 'validate':
43	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
44	$perform_redirect = true;
45	break;
46	case 'reject':
47	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
48	$perform_redirect = true;
49	break;
50	default:
51	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
52	}
53
54	if ($perform_redirect)
55	{
56	redirect($url_self);
57	}
58	unset($_POST['content']);
59	}
60	else
61	{
62	$edit_comment = $_GET['comment_to_edit'];
63	}
64	}
65	break;
66	}
67	case 'delete_comment' :
68	{
69	check_pwg_token();
70
71	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
72
73	check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
74
75	$author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
76
77	if (can_manage_comment('delete', $author_id))
78	{
79	delete_user_comment_guestbook($_GET['comment_to_delete']);
80	}
81
82	redirect($url_self);
83	}
84	case 'validate_comment' :
85	{
86	check_pwg_token();
87
88	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
89
90	check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
91
92	$author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
93
94	if (can_manage_comment('validate', $author_id))
95	{
96	validate_user_comment_guestbook($_GET['comment_to_validate']);
97	}
98
99	redirect($url_self);
100	}
101
102	}
103	}
104
105	// +-----------------------------------------------------------------------+
106	// \| add comment \|
107	// +-----------------------------------------------------------------------+
108	if ( isset( $_POST['content'] ) )
109	{
110	$comm = array(
111	'author' => trim( @$_POST['author'] ),
112	'email' => trim( @$_POST['email'] ),
113	'content' => trim( $_POST['content'] ),
114	'website' => trim( $_POST['website'] ),
115	'rate' => @$_POST['score'],
116	);
117
118	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
119
120	$comment_action = insert_user_comment_guestbook($comm, @$_POST['key']);
121
122	switch ($comment_action)
123	{
124	case 'moderate':
125	array_push($page['infos'], l10n('An administrator must authorize your comment before it is visible.') );
126	case 'validate':
127	array_push($page['infos'], l10n('Your comment has been registered'));
128	break;
129	case 'reject':
130	set_status_header(403);
131	array_push($page['errors'], l10n('Your comment has NOT been registered because it did not pass the validation rules') );
132	break;
133	default:
134	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
135	}
136
137	// allow plugins to notify what's going on
138	trigger_action( 'user_comment_insertion',
139	array_merge($comm, array('action'=>$comment_action) )
140	);
141	}
142
143	// +-----------------------------------------------------------------------+
144	// \| display comments \|
145	// +-----------------------------------------------------------------------+
146	$where_clauses = array('1=1');
147	if ( !is_admin() )
148	{
149	array_push($where_clauses, 'validated = \'true\'');
150	}
151	if (isset($_GET['comment_id']))
152	{
153	array_push($where_clauses, 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']));
154	}
155
156	// number of comments for this picture
157	$query = '
158	SELECT
159	COUNT(*) AS nb_comments
160	FROM '.GUESTBOOK_TABLE.' as com
161	WHERE '.implode(' AND ', $where_clauses).'
162	;';
163	$row = pwg_db_fetch_assoc( pwg_query( $query ) );
164
165	// navigation bar creation
166	$page['start'] = 0;
167	if (isset($_GET['start']))
168	{
169	$page['start'] = $_GET['start'];
170	}
171
172	$navigation_bar = create_navigation_bar(
173	GUESTBOOK_URL,
174	$row['nb_comments'],
175	$page['start'],
176	$conf['guestbook']['nb_comment_page'],
177	false
178	);
179
180	$template->assign(
181	array(
182	'COMMENT_COUNT' => $row['nb_comments'],
183	'navbar' => $navigation_bar,
184	)
185	);
186
187	if ($row['nb_comments'] > 0)
188	{
189	$query = '
190	SELECT
191	com.id,
192	author,
193	author_id,
194	'.$conf['user_fields']['username'].' AS username,
195	date,
196	content,
197	validated,
198	website,
199	rate,
200	email
201	FROM '.GUESTBOOK_TABLE.' AS com
202	LEFT JOIN '.USERS_TABLE.' AS u
203	ON u.'.$conf['user_fields']['id'].' = author_id
204	WHERE '.implode(' AND ', $where_clauses).'
205	ORDER BY date DESC
206	LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
207	;';
208	$result = pwg_query( $query );
209
210	while ($row = pwg_db_fetch_assoc($result))
211	{
212	if (!empty($row['author']))
213	{
214	$author = $row['author'];
215	if ($author == 'guest')
216	{
217	$author = l10n('guest');
218	}
219	}
220	else
221	{
222	$author = stripslashes($row['username']);
223	}
224
225	$tpl_comment =
226	array(
227	'ID' => $row['id'],
228	'AUTHOR' => trigger_event('render_comment_author', $author),
229	'DATE' => format_date($row['date'], true),
230	'CONTENT' => trigger_event('render_comment_content',$row['content']),
231	'WEBSITE' => $row['website'],
232	);
233
234	if ($conf['guestbook']['activate_rating'])
235	{
236	$tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
237	}
238
239	if (is_admin() and !empty($row['email']))
240	{
241	$tpl_comment['EMAIL'] = $row['email'];
242	}
243
244	if (can_manage_comment('delete', $row['author_id']))
245	{
246	$tpl_comment['U_DELETE'] = add_url_params(
247	$url_self,
248	array(
249	'action'=>'delete_comment',
250	'comment_to_delete'=>$row['id'],
251	'pwg_token' => get_pwg_token(),
252	)
253	);
254	}
255	if (can_manage_comment('edit', $row['author_id']))
256	{
257	$tpl_comment['U_EDIT'] = add_url_params(
258	$url_self,
259	array(
260	'action'=>'edit_comment',
261	'comment_to_edit'=>$row['id'],
262	)
263	);
264	if (isset($edit_comment) and ($row['id'] == $edit_comment))
265	{
266	$tpl_comment['IN_EDIT'] = true;
267	$tpl_comment['KEY'] = get_ephemeral_key(2);
268	$tpl_comment['CONTENT'] = $row['content'];
269	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
270	$tpl_comment['U_CANCEL'] = $url_self;
271	}
272	}
273	if (is_admin())
274	{
275	if ($row['validated'] != 'true')
276	{
277	$tpl_comment['U_VALIDATE'] = add_url_params(
278	$url_self,
279	array(
280	'action' => 'validate_comment',
281	'comment_to_validate' => $row['id'],
282	'pwg_token' => get_pwg_token(),
283	)
284	);
285	}
286	}
287	$template->append('comments', $tpl_comment);
288	}
289	}
290
291	$show_add_comment_form = true;
292	if (isset($edit_comment))
293	{
294	$show_add_comment_form = false;
295	}
296
297	if ($show_add_comment_form)
298	{
299	foreach (array('content','author','website','email') as $el)
300	{
301	${$el} = '';
302	if ('reject'===@$comment_action and !empty($comm[$el]))
303	{
304	${$el} = htmlspecialchars( stripslashes($comm[$el]) );
305	}
306	}
307	if (is_classic_user())
308	{
309	$author = $user['username'];
310	$email = $user['email'];
311	}
312	if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility
313	{
314	$conf['comments_email_mandatory'] = false;
315	}
316
317	$template->assign('comment_add',
318	array(
319	'F_ACTION' => $url_self,
320	'KEY' => get_ephemeral_key(3),
321	'CONTENT' => $content,
322	'IS_LOGGED' => is_classic_user(),
323	'AUTHOR' => $author,
324	'WEBSITE' => $website,
325	'EMAIL' => $email,
326	'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
327	'EMAIL_MANDATORY' => $conf['comments_email_mandatory'],
328	));
329	}
330
331	$template->assign('ABS_GUESTBOOK_PATH', dirname(__FILE__).'/../');
332	$template->assign('GUESTBOOK_PATH', GUESTBOOK_PATH);
333
334	$template->set_filename('index', dirname(__FILE__).'/../template/guestbook.tpl');
335
336	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: