source: trunk/comments.php @ 19139

Last change on this file since 19139 was 18995, checked in by mistic100, 12 years ago

feature:2786 Allow to edit website url in user comments + improve "user experience" on comment edition

  • Property svn:eol-style set to LF
File size: 17.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2012 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31if (!$conf['activate_comments'])
32{
33  page_not_found(null);
34}
35
36// +-----------------------------------------------------------------------+
37// | Check Access and exit when user status is not ok                      |
38// +-----------------------------------------------------------------------+
39check_status(ACCESS_GUEST);
40
41$sort_order = array(
42  'DESC' => l10n('descending'),
43  'ASC'  => l10n('ascending')
44  );
45
46// sort_by : database fields proposed for sorting comments list
47$sort_by = array(
48  'date' => l10n('comment date'),
49  'image_id' => l10n('photo')
50  );
51
52// items_number : list of number of items to display per page
53$items_number = array(5,10,20,50,'all');
54
55// since when display comments ?
56//
57$since_options = array(
58  1 => array('label' => l10n('today'),
59             'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
60  2 => array('label' => sprintf(l10n('last %d days'), 7),
61             'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
62  3 => array('label' => sprintf(l10n('last %d days'), 30),
63             'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
64  4 => array('label' => l10n('the beginning'),
65             'clause' => '1=1') // stupid but generic
66  );
67 
68trigger_action('loc_begin_comments');
69
70if (!empty($_GET['since']) && is_numeric($_GET['since']))
71{
72  $page['since'] = $_GET['since'];
73}
74else
75{
76  $page['since'] = 4;
77}
78
79// on which field sorting
80//
81$page['sort_by'] = 'date';
82// if the form was submitted, it overloads default behaviour
83if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
84{
85  $page['sort_by'] = $_GET['sort_by'];
86}
87
88// order to sort
89//
90$page['sort_order'] = 'DESC';
91// if the form was submitted, it overloads default behaviour
92if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
93{
94  $page['sort_order'] = $_GET['sort_order'];
95}
96
97// number of items to display
98//
99$page['items_number'] = 10;
100if (isset($_GET['items_number']))
101{
102  $page['items_number'] = $_GET['items_number'];
103}
104if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
105{
106  $page['items_number'] = 10;
107}
108
109$page['where_clauses'] = array();
110
111// which category to filter on ?
112if (isset($_GET['cat']) and 0 != $_GET['cat'])
113{
114  check_input_parameter('cat', $_GET, false, PATTERN_ID);
115
116  $category_ids = get_subcat_ids(array($_GET['cat']));
117  if (empty($category_ids))
118  {
119    $category_ids = array(-1);
120  }
121
122  $page['where_clauses'][] =
123    'category_id IN ('.implode(',', $category_ids).')';
124}
125
126// search a particular author
127if (!empty($_GET['author']))
128{
129  $page['where_clauses'][] =
130    'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
131     OR author = \''.$_GET['author'].'\'';
132}
133
134// search a specific comment (if you're coming directly from an admin
135// notification email)
136if (!empty($_GET['comment_id']))
137{
138  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
139
140  // currently, the $_GET['comment_id'] is only used by admins from email
141  // for management purpose (validate/delete)
142  if (!is_admin())
143  {
144    $login_url =
145      get_root_url().'identification.php?redirect='
146      .urlencode(urlencode($_SERVER['REQUEST_URI']))
147      ;
148    redirect($login_url);
149  }
150
151  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
152}
153
154// search a substring among comments content
155if (!empty($_GET['keyword']))
156{
157  $page['where_clauses'][] =
158    '('.
159    implode(' AND ',
160            array_map(
161              create_function(
162                '$s',
163                'return "content LIKE \'%$s%\'";'
164                ),
165              preg_split('/[\s,;]+/', $_GET['keyword'] )
166              )
167      ).
168    ')';
169}
170
171$page['where_clauses'][] = $since_options[$page['since']]['clause'];
172
173// which status to filter on ?
174if ( !is_admin() )
175{
176  $page['where_clauses'][] = 'validated=\'true\'';
177}
178
179$page['where_clauses'][] = get_sql_condition_FandF
180  (
181    array
182      (
183        'forbidden_categories' => 'category_id',
184        'visible_categories' => 'category_id',
185        'visible_images' => 'ic.image_id'
186      ),
187    '', true
188  );
189
190// +-----------------------------------------------------------------------+
191// |                         comments management                           |
192// +-----------------------------------------------------------------------+
193
194$comment_id = null;
195$action = null;
196
197$actions = array('delete', 'validate', 'edit');
198foreach ($actions as $loop_action)
199{
200  if (isset($_GET[$loop_action]))
201  {
202    $action = $loop_action;
203    check_input_parameter($action, $_GET, false, PATTERN_ID);
204    $comment_id = $_GET[$action];
205    break;
206  }
207}
208
209if (isset($action))
210{
211  $comment_author_id = get_comment_author_id($comment_id);
212
213  if (can_manage_comment($action, $comment_author_id))
214  {
215    $perform_redirect = false;
216
217    if ('delete' == $action)
218    {
219      check_pwg_token();
220      delete_user_comment($comment_id);
221      $perform_redirect = true;
222    }
223
224    if ('validate' == $action)
225    {
226      check_pwg_token();
227      validate_user_comment($comment_id);
228      $perform_redirect = true;
229    }
230
231    if ('edit' == $action)
232    {
233      if (!empty($_POST['content']))
234      {
235        check_pwg_token();
236        $comment_action = update_user_comment(
237          array(
238            'comment_id' => $_GET['edit'],
239            'image_id' => $_POST['image_id'],
240            'content' => $_POST['content'],
241            'website_url' => @$_POST['website_url'],
242            ),
243          $_POST['key']
244          );
245       
246        switch ($comment_action)
247        {
248          case 'moderate':
249            $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
250          case 'validate':
251            $_SESSION['page_infos'][] = l10n('Your comment has been registered');
252            $perform_redirect = true;
253            break;
254          case 'reject':
255            $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
256            break;
257          default:
258            trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
259        }
260      }
261     
262      $edit_comment = $_GET['edit'];
263    }
264
265    if ($perform_redirect)
266    {
267      $redirect_url =
268        PHPWG_ROOT_PATH
269        .'comments.php'
270        .get_query_string_diff(array('delete','edit','validate','pwg_token'));
271
272      redirect($redirect_url);
273    }
274  }
275}
276
277// +-----------------------------------------------------------------------+
278// |                       page header and options                         |
279// +-----------------------------------------------------------------------+
280
281$title= l10n('User comments');
282$page['body_id'] = 'theCommentsPage';
283
284$template->set_filenames(array('comments'=>'comments.tpl'));
285$template->assign(
286  array(
287    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
288    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
289    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
290    )
291  );
292
293// +-----------------------------------------------------------------------+
294// |                          form construction                            |
295// +-----------------------------------------------------------------------+
296
297// Search in a particular category
298$blockname = 'categories';
299
300$query = '
301SELECT id, name, uppercats, global_rank
302  FROM '.CATEGORIES_TABLE.'
303'.get_sql_condition_FandF
304  (
305    array
306      (
307        'forbidden_categories' => 'id',
308        'visible_categories' => 'id'
309      ),
310    'WHERE'
311  ).'
312;';
313display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
314
315// Filter on recent comments...
316$tpl_var=array();
317foreach ($since_options as $id => $option)
318{
319  $tpl_var[ $id ] = $option['label'];
320}
321$template->assign( 'since_options', $tpl_var);
322$template->assign( 'since_options_selected', $page['since']);
323
324// Sort by
325$template->assign( 'sort_by_options', $sort_by);
326$template->assign( 'sort_by_options_selected', $page['sort_by']);
327
328// Sorting order
329$template->assign( 'sort_order_options', $sort_order);
330$template->assign( 'sort_order_options_selected', $page['sort_order']);
331
332
333// Number of items
334$blockname = 'items_number_option';
335$tpl_var=array();
336foreach ($items_number as $option)
337{
338  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
339}
340$template->assign( 'item_number_options', $tpl_var);
341$template->assign( 'item_number_options_selected', $page['items_number']);
342
343
344// +-----------------------------------------------------------------------+
345// |                            navigation bar                             |
346// +-----------------------------------------------------------------------+
347
348if (isset($_GET['start']) and is_numeric($_GET['start']))
349{
350  $start = $_GET['start'];
351}
352else
353{
354  $start = 0;
355}
356
357$query = '
358SELECT COUNT(DISTINCT(com.id))
359  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
360    INNER JOIN '.COMMENTS_TABLE.' AS com
361    ON ic.image_id = com.image_id
362    LEFT JOIN '.USERS_TABLE.' As u
363    ON u.'.$conf['user_fields']['id'].' = com.author_id
364  WHERE '.implode('
365    AND ', $page['where_clauses']).'
366;';
367list($counter) = pwg_db_fetch_row(pwg_query($query));
368
369$url = PHPWG_ROOT_PATH
370    .'comments.php'
371  .get_query_string_diff(array('start','delete','validate','pwg_token'));
372
373$navbar = create_navigation_bar($url,
374                                $counter,
375                                $start,
376                                $page['items_number'],
377                                '');
378
379$template->assign('navbar', $navbar);
380
381$url_self = PHPWG_ROOT_PATH
382    .'comments.php'
383  .get_query_string_diff(array('edit','delete','validate','pwg_token'));
384
385// +-----------------------------------------------------------------------+
386// |                        last comments display                          |
387// +-----------------------------------------------------------------------+
388
389$comments = array();
390$element_ids = array();
391$category_ids = array();
392
393$query = '
394SELECT com.id AS comment_id,
395       com.image_id,
396       com.author,
397       com.author_id,
398       u.'.$conf['user_fields']['email'].' AS user_email,
399       com.email,
400       com.date,
401       com.website_url,
402       com.content,
403       com.validated
404  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
405    INNER JOIN '.COMMENTS_TABLE.' AS com
406    ON ic.image_id = com.image_id
407    LEFT JOIN '.USERS_TABLE.' As u
408    ON u.'.$conf['user_fields']['id'].' = com.author_id
409  WHERE '.implode('
410    AND ', $page['where_clauses']).'
411  GROUP BY comment_id,
412       com.image_id,
413       com.author,
414       com.author_id,
415       com.date,
416       com.content,
417       com.validated
418  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
419if ('all' != $page['items_number'])
420{
421  $query.= '
422  LIMIT '.$page['items_number'].' OFFSET '.$start;
423}
424$query.= '
425;';
426$result = pwg_query($query);
427while ($row = pwg_db_fetch_assoc($result))
428{
429  array_push($comments, $row);
430  array_push($element_ids, $row['image_id']);
431}
432
433if (count($comments) > 0)
434{
435  // retrieving element informations
436  $elements = array();
437  $query = '
438SELECT *
439  FROM '.IMAGES_TABLE.'
440  WHERE id IN ('.implode(',', $element_ids).')
441;';
442  $result = pwg_query($query);
443  while ($row = pwg_db_fetch_assoc($result))
444  {
445    $elements[$row['id']] = $row;
446  }
447
448  // retrieving category informations
449  $query = '
450SELECT c.id, name, permalink, uppercats, com.id as comment_id
451  FROM '.CATEGORIES_TABLE.' AS c
452  LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
453  ON c.id=ic.category_id
454  LEFT JOIN '.COMMENTS_TABLE.' AS com
455  ON ic.image_id=com.image_id
456  '.get_sql_condition_FandF
457    (
458      array
459      (
460        'forbidden_categories' => 'c.id',
461        'visible_categories' => 'c.id'
462       ),
463      'WHERE'
464     ).'
465;';
466  $categories = hash_from_query($query, 'comment_id');
467
468  foreach ($comments as $comment)
469  {
470    if (!empty($elements[$comment['image_id']]['name']))
471    {
472      $name=$elements[$comment['image_id']]['name'];
473    }
474    else
475    {
476      $name=get_name_from_file($elements[$comment['image_id']]['file']);
477    }
478
479    // source of the thumbnail picture
480    $src_image = new SrcImage($elements[$comment['image_id']]);
481
482    // link to the full size picture
483    $url = make_picture_url(
484      array(
485        'category' => $categories[ $comment['comment_id'] ],
486        'image_id' => $comment['image_id'],
487        'image_file' => $elements[$comment['image_id']]['file'],
488        )
489      );
490     
491    $email = null;
492    if (!empty($comment['user_email']))
493    {
494      $email = $comment['user_email'];
495    }
496    else if (!empty($comment['email']))
497    {
498      $email = $comment['email'];
499    }
500
501    $tpl_comment = array(
502      'ID' => $comment['comment_id'],
503      'U_PICTURE' => $url,
504      'src_image' => $src_image,
505      'ALT' => $name,
506      'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
507      'WEBSITE_URL' => $comment['website_url'],
508      'DATE'=>format_date($comment['date'], true),
509      'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
510      );
511     
512    if (is_admin())
513    {
514      $tpl_comment['EMAIL'] = $email;
515    }
516
517    if (can_manage_comment('delete', $comment['author_id']))
518    {
519      $url =
520        get_root_url()
521        .'comments.php'
522        .get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
523
524      $tpl_comment['U_DELETE'] = add_url_params(
525        $url,
526        array(
527          'delete' => $comment['comment_id'],
528          'pwg_token' => get_pwg_token(),
529          )
530        );
531    }
532
533    if (can_manage_comment('edit', $comment['author_id']))
534    {
535      $url =
536        get_root_url()
537        .'comments.php'
538        .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
539
540      $tpl_comment['U_EDIT'] = add_url_params(
541        $url,
542        array(
543          'edit' => $comment['comment_id']
544          )
545        );
546
547      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
548      {
549        $tpl_comment['IN_EDIT'] = true;
550        $key = get_ephemeral_key(2, $comment['image_id']);
551        $tpl_comment['KEY'] = $key;
552        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
553        $tpl_comment['CONTENT'] = $comment['content'];
554        $tpl_comment['PWG_TOKEN'] = get_pwg_token();
555        $tpl_comment['U_CANCEL'] = $url_self;
556      }
557    }
558
559    if (can_manage_comment('validate', $comment['author_id']))
560    {
561      if ('true' != $comment['validated'])
562      {
563        $tpl_comment['U_VALIDATE'] = add_url_params(
564          $url,
565          array(
566            'validate'=> $comment['comment_id'],
567            'pwg_token' => get_pwg_token(),
568            )
569          );
570      }
571    }
572    $template->append('comments', $tpl_comment);
573  }
574}
575
576$derivative_params = trigger_event('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
577$template->assign( 'derivative_params', $derivative_params );
578
579// include menubar
580$themeconf = $template->get_template_vars('themeconf');
581if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
582{
583  include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
584}
585
586// +-----------------------------------------------------------------------+
587// |                           html code display                           |
588// +-----------------------------------------------------------------------+
589include(PHPWG_ROOT_PATH.'include/page_header.php');
590trigger_action('loc_end_comments');
591include(PHPWG_ROOT_PATH.'include/page_messages.php');
592$template->pparse('comments');
593include(PHPWG_ROOT_PATH.'include/page_tail.php');
594?>
Note: See TracBrowser for help on using the repository browser.