Context Navigation

source: trunk/comments.php @ 1646

Last change on this file since 1646 was 1646, checked in by vdigital, 17 years ago

0000597: Unvalidated comments are displayed on public side

Just add a comment filter to avoid showing unvalidated comment to non admin people.

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 13.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $Id: comments.php 1646 2006-12-09 08:57:43Z vdigital $
9	// \| last update : $Date: 2006-12-09 08:57:43 +0000 (Sat, 09 Dec 2006) $
10	// \| last modifier : $Author: vdigital $
11	// \| revision : $Revision: 1646 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	// +-----------------------------------------------------------------------+
29	// \| initialization \|
30	// +-----------------------------------------------------------------------+
31	define('PHPWG_ROOT_PATH','./');
32	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
33
34	// +-----------------------------------------------------------------------+
35	// \| Check Access and exit when user status is not ok \|
36	// +-----------------------------------------------------------------------+
37	check_status(ACCESS_GUEST);
38
39	$sort_order = array(
40	'descending' => 'DESC',
41	'ascending' => 'ASC'
42	);
43
44	// sort_by : database fields proposed for sorting comments list
45	$sort_by = array(
46	'date' => 'comment date',
47	'image_id' => 'picture'
48	);
49
50	// items_number : list of number of items to display per page
51	$items_number = array(5,10,20,50,'all');
52
53	// since when display comments ?
54	//
55	$since_options = array(
56	1 => array('label' => l10n('today'),
57	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
58	2 => array('label' => sprintf(l10n('last %d days'), 7),
59	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
60	3 => array('label' => sprintf(l10n('last %d days'), 30),
61	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
62	4 => array('label' => l10n('the beginning'),
63	'clause' => '1=1') // stupid but generic
64	);
65
66	$page['since'] = isset($_GET['since']) ? $_GET['since'] : 3;
67
68	// on which field sorting
69	//
70	$page['sort_by'] = 'date';
71	// if the form was submitted, it overloads default behaviour
72	if (isset($_GET['sort_by']))
73	{
74	$page['sort_by'] = $_GET['sort_by'];
75	}
76
77	// order to sort
78	//
79	$page['sort_order'] = $sort_order['descending'];
80	// if the form was submitted, it overloads default behaviour
81	if (isset($_GET['sort_order']))
82	{
83	$page['sort_order'] = $sort_order[$_GET['sort_order']];
84	}
85
86	// number of items to display
87	//
88	$page['items_number'] = 5;
89	if (isset($_GET['items_number']))
90	{
91	$page['items_number'] = $_GET['items_number'];
92	}
93
94	// which category to filter on ?
95	$page['cat_clause'] = '1=1';
96	if (isset($_GET['cat']) and 0 != $_GET['cat'])
97	{
98	$page['cat_clause'] =
99	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
100	}
101
102	// search a particular author
103	$page['author_clause'] = '1=1';
104	if (isset($_GET['author']) and !empty($_GET['author']))
105	{
106	if (function_exists('mysql_real_escape_string'))
107	{
108	$author = mysql_real_escape_string($_GET['author']);
109	}
110	else
111	{
112	$author = mysql_escape_string($_GET['author']);
113	}
114
115	$page['author_clause'] = 'author = \''.$author.'\'';
116	}
117
118	// search a substring among comments content
119	$page['keyword_clause'] = '1=1';
120	if (isset($_GET['keyword']) and !empty($_GET['keyword']))
121	{
122	if (function_exists('mysql_real_escape_string'))
123	{
124	$keyword = mysql_real_escape_string($_GET['keyword']);
125	}
126	else
127	{
128	$keyword = mysql_escape_string($_GET['keyword']);
129	}
130	$page['keyword_clause'] =
131	'('.
132	implode(' AND ',
133	array_map(
134	create_function(
135	'$s',
136	'return "content LIKE \'%$s%\'";'
137	),
138	preg_split('/[\s,;]+/', $keyword)
139	)
140	).
141	')';
142	}
143
144	// which status to filter on ?
145	if ( is_admin() )
146	{
147	$page['status_clause'] = '1=1';
148	}
149	else
150	{
151	$page['status_clause'] = 'validated="true"';
152	}
153
154
155	// +-----------------------------------------------------------------------+
156	// \| comments management \|
157	// +-----------------------------------------------------------------------+
158	if (isset($_GET['delete']) and is_numeric($_GET['delete'])
159	and !is_adviser() )
160	{// comments deletion
161	check_status(ACCESS_ADMINISTRATOR);
162	$query = '
163	DELETE FROM '.COMMENTS_TABLE.'
164	WHERE id='.$_GET['delete'].'
165	;';
166	pwg_query($query);
167	}
168
169	if (isset($_GET['validate']) and is_numeric($_GET['validate'])
170	and !is_adviser() )
171	{ // comments validation
172	check_status(ACCESS_ADMINISTRATOR);
173	$query = '
174	UPDATE '.COMMENTS_TABLE.'
175	SET validated = \'true\'
176	, validation_date = NOW()
177	WHERE id='.$_GET['validate'].'
178	;';
179	pwg_query($query);
180	}
181
182	// +-----------------------------------------------------------------------+
183	// \| page header and options \|
184	// +-----------------------------------------------------------------------+
185
186	$title= l10n('title_comments');
187	$page['body_id'] = 'theCommentsPage';
188	include(PHPWG_ROOT_PATH.'include/page_header.php');
189
190	$template->set_filenames(array('comments'=>'comments.tpl'));
191	$template->assign_vars(
192	array(
193	'L_COMMENT_TITLE' => $title,
194
195	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
196	'F_KEYWORD'=>@$_GET['keyword'],
197	'F_AUTHOR'=>@$_GET['author'],
198
199	'U_HOME' => make_index_url(),
200	)
201	);
202
203	// +-----------------------------------------------------------------------+
204	// \| form construction \|
205	// +-----------------------------------------------------------------------+
206
207	// Search in a particular category
208	$blockname = 'category';
209
210	$template->assign_block_vars(
211	$blockname,
212	array('SELECTED' => '',
213	'VALUE'=> 0,
214	'OPTION' => '------------'
215	));
216
217	$query = '
218	SELECT id,name,uppercats,global_rank
219	FROM '.CATEGORIES_TABLE;
220	if ($user['forbidden_categories'] != '')
221	{
222	$query.= '
223	WHERE id NOT IN ('.$user['forbidden_categories'].')';
224	}
225	$query.= '
226	;';
227	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
228
229	// Filter on recent comments...
230	$blockname = 'since_option';
231
232	foreach ($since_options as $id => $option)
233	{
234	$selected = ($id == $page['since']) ? 'selected="selected"' : '';
235
236	$template->assign_block_vars(
237	$blockname,
238	array('SELECTED' => $selected,
239	'VALUE'=> $id,
240	'CONTENT' => $option['label']
241	));
242	}
243
244	// Sort by
245	$blockname = 'sort_by_option';
246
247	foreach ($sort_by as $key => $value)
248	{
249	$selected = ($key == $page['sort_by']) ? 'selected="selected"' : '';
250
251	$template->assign_block_vars(
252	$blockname,
253	array('SELECTED' => $selected,
254	'VALUE'=> $key,
255	'CONTENT' => l10n($value)
256	));
257	}
258
259	// Sorting order
260	$blockname = 'sort_order_option';
261
262	foreach (array_keys($sort_order) as $option)
263	{
264	$selected = ($option == $page['sort_order']) ? 'selected="selected"' : '';
265
266	$template->assign_block_vars(
267	$blockname,
268	array('SELECTED' => $selected,
269	'VALUE'=> $option,
270	'CONTENT' => l10n($option)
271	));
272	}
273
274	// Number of items
275	$blockname = 'items_number_option';
276
277	foreach ($items_number as $option)
278	{
279	$selected = ($option == $page['items_number']) ? 'selected="selected"' : '';
280
281	$template->assign_block_vars(
282	$blockname,
283	array('SELECTED' => $selected,
284	'VALUE'=> $option,
285	'CONTENT' => is_numeric($option) ? $option : l10n($option)
286	));
287	}
288
289	// +-----------------------------------------------------------------------+
290	// \| navigation bar \|
291	// +-----------------------------------------------------------------------+
292
293	if (isset($_GET['start']) and is_numeric($_GET['start']))
294	{
295	$start = $_GET['start'];
296	}
297	else
298	{
299	$start = 0;
300	}
301
302	// Comments_validation is required and is not admin => Only validated
303	$comment_fltr = '';
304	if ( $conf['comments_validation'] and !is_admin() )
305	{
306	$comment_fltr = 'AND com.validated = \'true\'';
307	}
308
309	$query = '
310	SELECT COUNT(DISTINCT(id))
311	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
312	INNER JOIN '.COMMENTS_TABLE.' AS com
313	ON ic.image_id = com.image_id
314	WHERE '.$since_options[$page['since']]['clause'].'
315	AND '.$page['cat_clause'].'
316	AND '.$page['author_clause'].'
317	AND '.$page['keyword_clause'].'
318	'.$comment_fltr.'
319	AND '.$page['status_clause'];
320	if ($user['forbidden_categories'] != '')
321	{
322	$query.= '
323	AND category_id NOT IN ('.$user['forbidden_categories'].')';
324	}
325	$query.= '
326	;';
327	list($counter) = mysql_fetch_row(pwg_query($query));
328
329	$url = PHPWG_ROOT_PATH
330	.'comments.php'
331	.get_query_string_diff(array('start','delete','validate'));
332
333	$navbar = create_navigation_bar($url,
334	$counter,
335	$start,
336	$page['items_number'],
337	'');
338
339	$template->assign_vars(array('NAVBAR' => $navbar));
340
341	// +-----------------------------------------------------------------------+
342	// \| last comments display \|
343	// +-----------------------------------------------------------------------+
344
345	$comments = array();
346	$element_ids = array();
347	$category_ids = array();
348
349	$query = '
350	SELECT com.id AS comment_id
351	, com.image_id
352	, ic.category_id
353	, com.author
354	, com.date
355	, com.content
356	, com.id AS comment_id
357	, com.validated
358	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
359	INNER JOIN '.COMMENTS_TABLE.' AS com
360	ON ic.image_id = com.image_id
361	WHERE '.$since_options[$page['since']]['clause'].'
362	AND '.$page['cat_clause'].'
363	AND '.$page['author_clause'].'
364	AND '.$page['keyword_clause'].'
365	'.$comment_fltr.'
366	AND '.$page['status_clause'];
367	if ($user['forbidden_categories'] != '')
368	{
369	$query.= '
370	AND category_id NOT IN ('.$user['forbidden_categories'].')';
371	}
372	$query.= '
373	GROUP BY comment_id
374	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
375	if ('all' != $page['items_number'])
376	{
377	$query.= '
378	LIMIT '.$start.','.$page['items_number'];
379	}
380	$query.= '
381	;';
382	$result = pwg_query($query);
383	while ($row = mysql_fetch_assoc($result))
384	{
385	array_push($comments, $row);
386	array_push($element_ids, $row['image_id']);
387	array_push($category_ids, $row['category_id']);
388	}
389
390	if (count($comments) > 0)
391	{
392	// retrieving element informations
393	$elements = array();
394	$query = '
395	SELECT id, name, file, path, tn_ext
396	FROM '.IMAGES_TABLE.'
397	WHERE id IN ('.implode(',', $element_ids).')
398	;';
399	$result = pwg_query($query);
400	while ($row = mysql_fetch_assoc($result))
401	{
402	$elements[$row['id']] = $row;
403	}
404
405	// retrieving category informations
406	$categories = array();
407	$query = '
408	SELECT id, name, uppercats
409	FROM '.CATEGORIES_TABLE.'
410	WHERE id IN ('.implode(',', $category_ids).')
411	;';
412	$result = pwg_query($query);
413	while ($row = mysql_fetch_assoc($result))
414	{
415	$categories[$row['id']] = $row;
416	}
417
418	foreach ($comments as $comment)
419	{
420	if (!empty($elements[$comment['image_id']]['name']))
421	{
422	$name=$elements[$comment['image_id']]['name'];
423	}
424	else
425	{
426	$name=get_name_from_file($elements[$comment['image_id']]['file']);
427	}
428
429	// source of the thumbnail picture
430	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
431
432	// link to the full size picture
433	$url = make_picture_url(
434	array(
435	'category' => $comment['category_id'],
436	'cat_name' => $categories[ $comment['category_id']] ['name'],
437	'image_id' => $comment['image_id'],
438	'image_file' => $elements[$comment['image_id']]['file'],
439	)
440	);
441
442	$author = $comment['author'];
443	if (empty($comment['author']))
444	{
445	$author = l10n('guest');
446	}
447
448	$template->assign_block_vars(
449	'comment',
450	array(
451	'U_PICTURE' => $url,
452	'TN_SRC' => $thumbnail_src,
453	'ALT' => $name,
454	'AUTHOR' => $author,
455	'DATE'=>format_date($comment['date'],'mysql_datetime',true),
456	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
457	));
458
459	if ( is_admin() )
460	{
461	$url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate'));
462	$template->assign_block_vars(
463	'comment.action_delete',
464	array(
465	'U_DELETE' => add_url_params($url,
466	array('delete'=>$comment['comment_id'])
467	),
468	));
469	if ($comment['validated'] != 'true')
470	{
471	$template->assign_block_vars(
472	'comment.action_validate',
473	array(
474	'U_VALIDATE' => add_url_params($url,
475	array('validate'=>$comment['comment_id'])
476	),
477	));
478	}
479	}
480	}
481	}
482	// +-----------------------------------------------------------------------+
483	// \| html code display \|
484	// +-----------------------------------------------------------------------+
485	$template->assign_block_vars('title',array());
486	$template->parse('comments');
487	include(PHPWG_ROOT_PATH.'include/page_tail.php');
488	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: