source: trunk/admin/comments.php @ 4304

Last change on this file since 4304 was 4304, checked in by Eric, 14 years ago

Escape all login and username characters in database
Display correctly usernames

(I hope not to have made mistakes)

  • Property svn:eol-style set to LF
File size: 6.0 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30include_once(PHPWG_ROOT_PATH.'admin/include/functions_waiting.inc.php');
31
32// +-----------------------------------------------------------------------+
33// | Check Access and exit when user status is not ok                      |
34// +-----------------------------------------------------------------------+
35check_status(ACCESS_ADMINISTRATOR);
36
37// +-----------------------------------------------------------------------+
38// |                                actions                                |
39// +-----------------------------------------------------------------------+
40
41if (isset($_POST))
42{
43  $to_validate = array();
44  $to_reject = array();
45
46  if (isset($_POST['submit']) and !is_adviser())
47  {
48    foreach (explode(',', $_POST['list']) as $comment_id)
49    {
50      if (isset($_POST['action-'.$comment_id]))
51      {
52        switch ($_POST['action-'.$comment_id])
53        {
54          case 'reject' :
55          {
56            array_push($to_reject, $comment_id);
57            break;
58          }
59          case 'validate' :
60          {
61            array_push($to_validate, $comment_id);
62            break;
63          }
64        }
65      }
66    }
67  }
68  else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
69  {
70    $to_validate = explode(',', $_POST['list']);
71  }
72  else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
73  {
74    $to_reject = explode(',', $_POST['list']);
75  }
76
77  if (count($to_validate) > 0)
78  {
79    $query = '
80UPDATE '.COMMENTS_TABLE.'
81  SET validated = \'true\'
82    , validation_date = NOW()
83  WHERE id IN ('.implode(',', $to_validate).')
84;';
85    pwg_query($query);
86
87    array_push(
88      $page['infos'],
89      l10n_dec(
90        '%d user comment validated', '%d user comments validated',
91        count($to_validate)
92        )
93      );
94  }
95
96  if (count($to_reject) > 0)
97  {
98    $query = '
99DELETE
100  FROM '.COMMENTS_TABLE.'
101  WHERE id IN ('.implode(',', $to_reject).')
102;';
103    pwg_query($query);
104
105    array_push(
106      $page['infos'],
107      l10n_dec(
108        '%d user comment rejected', '%d user comments rejected',
109        count($to_reject)
110        )
111      );
112  }
113}
114
115// +-----------------------------------------------------------------------+
116// |                             template init                             |
117// +-----------------------------------------------------------------------+
118
119$template->set_filenames(array('comments'=>'comments.tpl'));
120
121// TabSheet initialization
122waiting_tabsheet();
123
124$template->assign(
125  array(
126    'F_ACTION' => get_root_url().'admin.php?page=comments'
127    )
128  );
129
130// +-----------------------------------------------------------------------+
131// |                           comments display                            |
132// +-----------------------------------------------------------------------+
133
134$list = array();
135
136$query = '
137SELECT c.id, c.image_id, c.date, c.author, '.
138$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext
139  FROM '.COMMENTS_TABLE.' AS c
140    INNER JOIN '.IMAGES_TABLE.' AS i
141      ON i.id = c.image_id
142    LEFT JOIN '.USERS_TABLE.' AS u
143      ON u.'.$conf['user_fields']['id'].' = c.author_id
144  WHERE validated = \'false\'
145  ORDER BY c.date DESC
146;';
147$result = pwg_query($query);
148while ($row = mysql_fetch_assoc($result))
149{
150  $thumb = get_thumbnail_url(
151      array(
152        'id'=>$row['image_id'],
153        'path'=>$row['path'],
154        'tn_ext'=>@$row['tn_ext']
155        )
156     );
157  if (empty($row['author_id'])) 
158  {
159    $author_name = $row['author'];
160  }
161  else
162  {
163    $author_name = stripslashes($row['username']);
164  }
165  $template->append(
166    'comments',
167    array(
168      'U_PICTURE' =>
169          PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
170          '&amp;image_id='.$row['image_id'],
171      'ID' => $row['id'],
172      'TN_SRC' => $thumb,
173      'AUTHOR' => trigger_event('render_comment_author', $author_name),
174      'DATE' => format_date($row['date'], true),
175      'CONTENT' => trigger_event('render_comment_content',$row['content'])
176      )
177    );
178
179  array_push($list, $row['id']);
180}
181
182$template->assign('LIST', implode(',', $list) );
183
184// +-----------------------------------------------------------------------+
185// |                           sending html code                           |
186// +-----------------------------------------------------------------------+
187
188$template->assign_var_from_handle('ADMIN_CONTENT', 'comments');
189
190?>
Note: See TracBrowser for help on using the repository browser.