Context Navigation

source: trunk/comments.php @ 3452

Last change on this file since 3452 was 3452, checked in by nikrou, 15 years ago
Fix two problem with Feature 1026 : use of $confuser_fields username and $confuser_fields id instead of username and id escape comment content before editing it.
Property svn:eol-style set to `LF`
File size: 13.5 KB

Rev	Line
[166]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[3049]	5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[166]	23
[579]	24	// +-----------------------------------------------------------------------+
	25	// \| initialization \|
	26	// +-----------------------------------------------------------------------+
[1598]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[3445]	29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
[345]	30
[1072]	31	// +-----------------------------------------------------------------------+
	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_GUEST);
	35
[796]	36	$sort_order = array(
[2223]	37	'DESC' => l10n('descending'),
	38	'ASC' => l10n('ascending')
[796]	39	);
	40
	41	// sort_by : database fields proposed for sorting comments list
	42	$sort_by = array(
[2223]	43	'date' => l10n('comment date'),
	44	'image_id' => l10n('picture')
[796]	45	);
	46
	47	// items_number : list of number of items to display per page
	48	$items_number = array(5,10,20,50,'all');
	49
	50	// since when display comments ?
	51	//
	52	$since_options = array(
	53	1 => array('label' => l10n('today'),
	54	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
	55	2 => array('label' => sprintf(l10n('last %d days'), 7),
	56	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
	57	3 => array('label' => sprintf(l10n('last %d days'), 30),
	58	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
	59	4 => array('label' => l10n('the beginning'),
	60	'clause' => '1=1') // stupid but generic
	61	);
	62
[1716]	63	$page['since'] = isset($_GET['since']) ? $_GET['since'] : 4;
[796]	64
	65	// on which field sorting
	66	//
	67	$page['sort_by'] = 'date';
	68	// if the form was submitted, it overloads default behaviour
[2757]	69	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]	70	{
[796]	71	$page['sort_by'] = $_GET['sort_by'];
[393]	72	}
[796]	73
	74	// order to sort
	75	//
[2223]	76	$page['sort_order'] = 'DESC';
[796]	77	// if the form was submitted, it overloads default behaviour
[2757]	78	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]	79	{
[2223]	80	$page['sort_order'] = $_GET['sort_order'];
[393]	81	}
[796]	82
	83	// number of items to display
	84	//
[1814]	85	$page['items_number'] = 10;
[796]	86	if (isset($_GET['items_number']))
	87	{
	88	$page['items_number'] = $_GET['items_number'];
	89	}
	90
[1716]	91	$page['where_clauses'] = array();
	92
[796]	93	// which category to filter on ?
	94	if (isset($_GET['cat']) and 0 != $_GET['cat'])
	95	{
[1716]	96	$page['where_clauses'][] =
[796]	97	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
	98	}
	99
	100	// search a particular author
	101	if (isset($_GET['author']) and !empty($_GET['author']))
	102	{
[3450]	103	$page['where_clauses'][] =
[3452]	104	'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\'
[3450]	105	OR author = \''.addslashes($_GET['author']).'\'';
[796]	106	}
	107
	108	// search a substring among comments content
	109	if (isset($_GET['keyword']) and !empty($_GET['keyword']))
	110	{
[1716]	111	$page['where_clauses'][] =
[796]	112	'('.
	113	implode(' AND ',
	114	array_map(
	115	create_function(
	116	'$s',
	117	'return "content LIKE \'%$s%\'";'
	118	),
[2012]	119	preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]	120	)
	121	).
	122	')';
	123	}
	124
[1716]	125	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
	126
[1598]	127	// which status to filter on ?
[1716]	128	if ( !is_admin() )
[1598]	129	{
[1716]	130	$page['where_clauses'][] = 'validated="true"';
[1598]	131	}
	132
[1716]	133	$page['where_clauses'][] = get_sql_condition_FandF
	134	(
	135	array
	136	(
	137	'forbidden_categories' => 'category_id',
	138	'visible_categories' => 'category_id',
	139	'visible_images' => 'ic.image_id'
	140	),
	141	'', true
	142	);
[1598]	143
[579]	144	// +-----------------------------------------------------------------------+
	145	// \| comments management \|
	146	// +-----------------------------------------------------------------------+
[1617]	147	if (isset($_GET['delete']) and is_numeric($_GET['delete'])
[3445]	148	and (is_admin() \|\| $conf['user_can_delete_comment']))
[1617]	149	{// comments deletion
[3445]	150	delete_user_comment($_GET['delete']);
[1617]	151	}
[1598]	152
[1617]	153	if (isset($_GET['validate']) and is_numeric($_GET['validate'])
	154	and !is_adviser() )
	155	{ // comments validation
	156	check_status(ACCESS_ADMINISTRATOR);
	157	$query = '
[579]	158	UPDATE '.COMMENTS_TABLE.'
	159	SET validated = \'true\'
[1617]	160	, validation_date = NOW()
[1598]	161	WHERE id='.$_GET['validate'].'
[579]	162	;';
[1617]	163	pwg_query($query);
[579]	164	}
[1617]	165
[3445]	166	if (isset($_GET['edit']) and is_numeric($_GET['edit'])
	167	and (is_admin() \|\| $conf['user_can_edit_comment']))
	168	{
	169	if (!empty($_POST['content']))
	170	{
	171	update_user_comment(array('comment_id' => $_GET['edit'],
	172	'image_id' => $_POST['image_id'],
	173	'content' => $_POST['content']),
	174	$_POST['key']
	175	);
	176
	177	$edit_comment = null;
	178	}
	179	else
	180	{
	181	$edit_comment = $_GET['edit'];
	182	}
	183	}
	184
[579]	185	// +-----------------------------------------------------------------------+
	186	// \| page header and options \|
	187	// +-----------------------------------------------------------------------+
[355]	188
[2268]	189	$title= l10n('User comments');
[850]	190	$page['body_id'] = 'theCommentsPage';
	191
[579]	192	$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]	193	$template->assign(
[579]	194	array(
[796]	195	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[2134]	196	'F_KEYWORD'=>@htmlspecialchars(stripslashes($_GET['keyword'])),
	197	'F_AUTHOR'=>@htmlspecialchars(stripslashes($_GET['author'])),
[579]	198	)
	199	);
[355]	200
[796]	201	// +-----------------------------------------------------------------------+
	202	// \| form construction \|
	203	// +-----------------------------------------------------------------------+
	204
	205	// Search in a particular category
[2223]	206	$blockname = 'categories';
[796]	207
	208	$query = '
[1861]	209	SELECT id, name, uppercats, global_rank
[1677]	210	FROM '.CATEGORIES_TABLE.'
	211	'.get_sql_condition_FandF
	212	(
	213	array
	214	(
	215	'forbidden_categories' => 'id',
	216	'visible_categories' => 'id'
	217	),
	218	'WHERE'
	219	).'
[796]	220	;';
	221	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
	222
	223	// Filter on recent comments...
[2223]	224	$tpl_var=array();
[796]	225	foreach ($since_options as $id => $option)
	226	{
[2223]	227	$tpl_var[ $id ] = $option['label'];
[355]	228	}
[2223]	229	$template->assign( 'since_options', $tpl_var);
	230	$template->assign( 'since_options_selected', $page['since']);
[796]	231
	232	// Sort by
[2223]	233	$template->assign( 'sort_by_options', $sort_by);
	234	$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]	235
	236	// Sorting order
[2223]	237	$template->assign( 'sort_order_options', $sort_order);
	238	$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]	239
	240
	241	// Number of items
	242	$blockname = 'items_number_option';
[2223]	243	$tpl_var=array();
[796]	244	foreach ($items_number as $option)
	245	{
[2223]	246	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]	247	}
[2223]	248	$template->assign( 'item_number_options', $tpl_var);
	249	$template->assign( 'item_number_options_selected', $page['items_number']);
[796]	250
[2223]	251
[579]	252	// +-----------------------------------------------------------------------+
[796]	253	// \| navigation bar \|
	254	// +-----------------------------------------------------------------------+
	255
	256	if (isset($_GET['start']) and is_numeric($_GET['start']))
	257	{
	258	$start = $_GET['start'];
	259	}
	260	else
	261	{
	262	$start = 0;
	263	}
	264
	265	$query = '
[3450]	266	SELECT COUNT(DISTINCT(com.id))
[796]	267	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
	268	INNER JOIN '.COMMENTS_TABLE.' AS com
	269	ON ic.image_id = com.image_id
[3450]	270	LEFT JOIN '.USERS_TABLE.' As u
[3452]	271	ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]	272	WHERE '.implode('
	273	AND ', $page['where_clauses']).'
[796]	274	;';
	275	list($counter) = mysql_fetch_row(pwg_query($query));
	276
[1598]	277	$url = PHPWG_ROOT_PATH
	278	.'comments.php'
	279	.get_query_string_diff(array('start','delete','validate'));
[796]	280
	281	$navbar = create_navigation_bar($url,
	282	$counter,
	283	$start,
	284	$page['items_number'],
	285	'');
	286
[3172]	287	$template->assign('navbar', $navbar);
[796]	288
	289	// +-----------------------------------------------------------------------+
[579]	290	// \| last comments display \|
	291	// +-----------------------------------------------------------------------+
[355]	292
[796]	293	$comments = array();
	294	$element_ids = array();
	295	$category_ids = array();
	296
[579]	297	$query = '
[796]	298	SELECT com.id AS comment_id
	299	, com.image_id
	300	, ic.category_id
	301	, com.author
[3450]	302	, com.author_id
[3452]	303	, '.$conf['user_fields']['username'].' AS username
[796]	304	, com.date
	305	, com.content
[1598]	306	, com.validated
[796]	307	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[3450]	308	INNER JOIN '.COMMENTS_TABLE.' AS com
[796]	309	ON ic.image_id = com.image_id
[3450]	310	LEFT JOIN '.USERS_TABLE.' AS u
[3452]	311	ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]	312	WHERE '.implode('
	313	AND ', $page['where_clauses']).'
[796]	314	GROUP BY comment_id
	315	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
	316	if ('all' != $page['items_number'])
	317	{
	318	$query.= '
	319	LIMIT '.$start.','.$page['items_number'];
	320	}
	321	$query.= '
[579]	322	;';
[587]	323	$result = pwg_query($query);
[1598]	324	while ($row = mysql_fetch_assoc($result))
[393]	325	{
[796]	326	array_push($comments, $row);
	327	array_push($element_ids, $row['image_id']);
	328	array_push($category_ids, $row['category_id']);
[393]	329	}
[796]	330
	331	if (count($comments) > 0)
[579]	332	{
[796]	333	// retrieving element informations
	334	$elements = array();
[579]	335	$query = '
[796]	336	SELECT id, name, file, path, tn_ext
[579]	337	FROM '.IMAGES_TABLE.'
[796]	338	WHERE id IN ('.implode(',', $element_ids).')
[579]	339	;';
[796]	340	$result = pwg_query($query);
[1598]	341	while ($row = mysql_fetch_assoc($result))
[579]	342	{
[796]	343	$elements[$row['id']] = $row;
[579]	344	}
[721]	345
[796]	346	// retrieving category informations
[579]	347	$query = '
[1866]	348	SELECT id, name, permalink, uppercats
[796]	349	FROM '.CATEGORIES_TABLE.'
	350	WHERE id IN ('.implode(',', $category_ids).')
	351	;';
[1866]	352	$categories = hash_from_query($query, 'id');
[796]	353
	354	foreach ($comments as $comment)
[579]	355	{
[796]	356	if (!empty($elements[$comment['image_id']]['name']))
[166]	357	{
[1598]	358	$name=$elements[$comment['image_id']]['name'];
[166]	359	}
[796]	360	else
	361	{
[1598]	362	$name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]	363	}
[1090]	364
[796]	365	// source of the thumbnail picture
[1598]	366	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
[1090]	367
[796]	368	// link to the full size picture
[1090]	369	$url = make_picture_url(
	370	array(
[1861]	371	'category' => $categories[ $comment['category_id'] ],
[1090]	372	'image_id' => $comment['image_id'],
	373	'image_file' => $elements[$comment['image_id']]['file'],
	374	)
	375	);
	376
[3450]	377	if (!empty($comment['author']))
[393]	378	{
[3450]	379	$author = $comment['author'];
	380	if ($author == 'guest')
	381	{
	382	$author = l10n('guest');
	383	}
[166]	384	}
[3450]	385	else
	386	{
	387	$author = $comment['username'];
	388	}
[1090]	389
[2223]	390	$tpl_comment =
[796]	391	array(
[1004]	392	'U_PICTURE' => $url,
[848]	393	'TN_SRC' => $thumbnail_src,
[1598]	394	'ALT' => $name,
[2030]	395	'AUTHOR' => trigger_event('render_comment_author', $author),
[3122]	396	'DATE'=>format_date($comment['date'], true),
[1598]	397	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
[2223]	398	);
[1598]	399
[3450]	400	if (can_manage_comment('delete', $comment['author_id']))
[1598]	401	{
[3445]	402	$url = get_root_url().'comments.php'
	403	.get_query_string_diff(array('delete','validate','edit'));
	404	$tpl_comment['U_DELETE'] =
	405	add_url_params($url,
	406	array('delete'=>$comment['comment_id'])
	407	);
	408	}
[3450]	409	if (can_manage_comment('edit', $comment['author_id']))
[3445]	410	{
	411	$url = get_root_url().'comments.php'
	412	.get_query_string_diff(array('edit', 'delete','validate'));
	413	$tpl_comment['U_EDIT'] =
	414	add_url_params($url,
	415	array('edit'=>$comment['comment_id'])
	416	);
	417	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
[1598]	418	{
[3445]	419	$tpl_comment['IN_EDIT'] = true;
	420	$key = get_comment_post_key($comment['image_id']);
	421	$tpl_comment['KEY'] = $key;
	422	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
	423	$tpl_comment['CONTENT'] = $comment['content'];
[1598]	424	}
	425	}
[3445]	426
	427	if ( is_admin() && $comment['validated'] != 'true')
	428	{
	429	$tpl_comment['U_VALIDATE'] =
	430	add_url_params($url,
	431	array('validate'=>$comment['comment_id'])
	432	);
	433	}
[2223]	434	$template->append('comments', $tpl_comment);
[166]	435	}
[579]	436	}
	437	// +-----------------------------------------------------------------------+
	438	// \| html code display \|
	439	// +-----------------------------------------------------------------------+
[2107]	440	include(PHPWG_ROOT_PATH.'include/page_header.php');
[2223]	441	$template->pparse('comments');
[1598]	442	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]	443	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: