source: trunk/comments.php @ 4423

Revision 4385, 13.5 KB checked in by nikrou, 10 years ago (diff)

Feature_1255 :

  • single quotes in queries
  • start using $confdblayer
  • Property svn:eol-style set to LF
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_GUEST);
35
36$sort_order = array(
37  'DESC' => l10n('descending'),
38  'ASC'  => l10n('ascending')
39  );
40
41// sort_by : database fields proposed for sorting comments list
42$sort_by = array(
43  'date' => l10n('comment date'),
44  'image_id' => l10n('picture')
45  );
46
47// items_number : list of number of items to display per page
48$items_number = array(5,10,20,50,'all');
49
50// since when display comments ?
51//
52$since_options = array(
53  1 => array('label' => l10n('today'),
54             'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
55  2 => array('label' => sprintf(l10n('last %d days'), 7),
56             'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
57  3 => array('label' => sprintf(l10n('last %d days'), 30),
58             'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
59  4 => array('label' => l10n('the beginning'),
60             'clause' => '1=1') // stupid but generic
61  );
62
63if (!empty($_GET['since']) && is_numeric($_GET['since']))
64{
65  $page['since'] = $_GET['since'];
66}
67else
68{
69  $page['since'] = 4;
70}
71
72// on which field sorting
73//
74$page['sort_by'] = 'date';
75// if the form was submitted, it overloads default behaviour
76if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
77{
78  $page['sort_by'] = $_GET['sort_by'];
79}
80
81// order to sort
82//
83$page['sort_order'] = 'DESC';
84// if the form was submitted, it overloads default behaviour
85if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
86{
87  $page['sort_order'] = $_GET['sort_order'];
88}
89
90// number of items to display
91//
92$page['items_number'] = 10;
93if (isset($_GET['items_number']))
94{
95  $page['items_number'] = $_GET['items_number'];
96}
97if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
98{
99  $page['items_number'] = 10;
100}
101
102$page['where_clauses'] = array();
103
104// which category to filter on ?
105if (isset($_GET['cat']) and 0 != $_GET['cat'])
106{
107  $page['where_clauses'][] =
108    'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
109}
110
111// search a particular author
112if (!empty($_GET['author']))
113{
114  $page['where_clauses'][] =
115    'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
116     OR author = \''.$_GET['author'].'\'';
117}
118
119// search a substring among comments content
120if (!empty($_GET['keyword']))
121{
122  $page['where_clauses'][] =
123    '('.
124    implode(' AND ',
125            array_map(
126              create_function(
127                '$s',
128                'return "content LIKE \'%$s%\'";'
129                ),
130              preg_split('/[\s,;]+/', $_GET['keyword'] )
131              )
132      ).
133    ')';
134}
135
136$page['where_clauses'][] = $since_options[$page['since']]['clause'];
137
138// which status to filter on ?
139if ( !is_admin() )
140{
141  $page['where_clauses'][] = 'validated=\'true\'';
142}
143
144$page['where_clauses'][] = get_sql_condition_FandF
145  (
146    array
147      (
148        'forbidden_categories' => 'category_id',
149        'visible_categories' => 'category_id',
150        'visible_images' => 'ic.image_id'
151      ),
152    '', true
153  );
154
155// +-----------------------------------------------------------------------+
156// |                         comments management                           |
157// +-----------------------------------------------------------------------+
158if (isset($_GET['delete']) and is_numeric($_GET['delete'])
159    and (is_admin() || $conf['user_can_delete_comment']))
160{// comments deletion
161  delete_user_comment($_GET['delete']);
162}
163
164if (isset($_GET['validate']) and is_numeric($_GET['validate'])
165      and !is_adviser() )
166{  // comments validation
167  check_status(ACCESS_ADMINISTRATOR);
168  $query = '
169UPDATE '.COMMENTS_TABLE.'
170  SET validated = \'true\'
171  , validation_date = NOW()
172  WHERE id='.$_GET['validate'].'
173;';
174  pwg_query($query);
175}
176
177if (isset($_GET['edit']) and is_numeric($_GET['edit'])
178    and (is_admin() || $conf['user_can_edit_comment']))
179{
180  if (!empty($_POST['content']))
181  {
182    update_user_comment(array('comment_id' => $_GET['edit'],
183                              'image_id' => $_POST['image_id'],
184                              'content' => $_POST['content']),
185                        $_POST['key']
186                        );
187
188    $edit_comment = null;
189  }
190  else
191  {
192    $edit_comment = $_GET['edit'];
193  }
194}
195
196// +-----------------------------------------------------------------------+
197// |                       page header and options                         |
198// +-----------------------------------------------------------------------+
199
200$title= l10n('User comments');
201$page['body_id'] = 'theCommentsPage';
202
203$template->set_filenames(array('comments'=>'comments.tpl'));
204$template->assign(
205  array(
206    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
207    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
208    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
209    )
210  );
211
212// +-----------------------------------------------------------------------+
213// |                          form construction                            |
214// +-----------------------------------------------------------------------+
215
216// Search in a particular category
217$blockname = 'categories';
218
219$query = '
220SELECT id, name, uppercats, global_rank
221  FROM '.CATEGORIES_TABLE.'
222'.get_sql_condition_FandF
223  (
224    array
225      (
226        'forbidden_categories' => 'id',
227        'visible_categories' => 'id'
228      ),
229    'WHERE'
230  ).'
231;';
232display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
233
234// Filter on recent comments...
235$tpl_var=array();
236foreach ($since_options as $id => $option)
237{
238  $tpl_var[ $id ] = $option['label'];
239}
240$template->assign( 'since_options', $tpl_var);
241$template->assign( 'since_options_selected', $page['since']);
242
243// Sort by
244$template->assign( 'sort_by_options', $sort_by);
245$template->assign( 'sort_by_options_selected', $page['sort_by']);
246
247// Sorting order
248$template->assign( 'sort_order_options', $sort_order);
249$template->assign( 'sort_order_options_selected', $page['sort_order']);
250
251
252// Number of items
253$blockname = 'items_number_option';
254$tpl_var=array();
255foreach ($items_number as $option)
256{
257  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
258}
259$template->assign( 'item_number_options', $tpl_var);
260$template->assign( 'item_number_options_selected', $page['items_number']);
261
262
263// +-----------------------------------------------------------------------+
264// |                            navigation bar                             |
265// +-----------------------------------------------------------------------+
266
267if (isset($_GET['start']) and is_numeric($_GET['start']))
268{
269  $start = $_GET['start'];
270}
271else
272{
273  $start = 0;
274}
275
276$query = '
277SELECT COUNT(DISTINCT(com.id))
278  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
279    INNER JOIN '.COMMENTS_TABLE.' AS com   
280    ON ic.image_id = com.image_id
281    LEFT JOIN '.USERS_TABLE.' As u
282    ON u.'.$conf['user_fields']['id'].' = com.author_id
283  WHERE '.implode('
284    AND ', $page['where_clauses']).'
285;';
286list($counter) = pwg_db_fetch_row(pwg_query($query));
287
288$url = PHPWG_ROOT_PATH
289    .'comments.php'
290    .get_query_string_diff(array('start','delete','validate'));
291
292$navbar = create_navigation_bar($url,
293                                $counter,
294                                $start,
295                                $page['items_number'],
296                                '');
297
298$template->assign('navbar', $navbar);
299
300// +-----------------------------------------------------------------------+
301// |                        last comments display                          |
302// +-----------------------------------------------------------------------+
303
304$comments = array();
305$element_ids = array();
306$category_ids = array();
307
308$query = '
309SELECT com.id AS comment_id
310     , com.image_id
311     , ic.category_id
312     , com.author
313     , com.author_id
314     , com.date
315     , com.content
316     , com.validated
317  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
318    INNER JOIN '.COMMENTS_TABLE.' AS com
319    ON ic.image_id = com.image_id
320    LEFT JOIN '.USERS_TABLE.' As u
321    ON u.'.$conf['user_fields']['id'].' = com.author_id
322  WHERE '.implode('
323    AND ', $page['where_clauses']).'
324  GROUP BY comment_id, com.image_id, ic.category_id, com.author,
325           com.author_id, com.date, com.content, com.validated
326  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
327if ('all' != $page['items_number'])
328{
329  $query.= '
330  LIMIT '.$page['items_number'].' OFFSET '.$start;
331}
332$query.= '
333;';
334$result = pwg_query($query);
335while ($row = pwg_db_fetch_assoc($result))
336{
337  array_push($comments, $row);
338  array_push($element_ids, $row['image_id']);
339  array_push($category_ids, $row['category_id']);
340}
341
342if (count($comments) > 0)
343{
344  // retrieving element informations
345  $elements = array();
346  $query = '
347SELECT id, name, file, path, tn_ext
348  FROM '.IMAGES_TABLE.'
349  WHERE id IN ('.implode(',', $element_ids).')
350;';
351  $result = pwg_query($query);
352  while ($row = pwg_db_fetch_assoc($result))
353  {
354    $elements[$row['id']] = $row;
355  }
356
357  // retrieving category informations
358  $query = '
359SELECT id, name, permalink, uppercats
360  FROM '.CATEGORIES_TABLE.'
361  WHERE id IN ('.implode(',', $category_ids).')
362;';
363  $categories = hash_from_query($query, 'id');
364
365  foreach ($comments as $comment)
366  {
367    if (!empty($elements[$comment['image_id']]['name']))
368    {
369      $name=$elements[$comment['image_id']]['name'];
370    }
371    else
372    {
373      $name=get_name_from_file($elements[$comment['image_id']]['file']);
374    }
375
376    // source of the thumbnail picture
377    $thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
378
379    // link to the full size picture
380    $url = make_picture_url(
381            array(
382              'category' => $categories[ $comment['category_id'] ],
383              'image_id' => $comment['image_id'],
384              'image_file' => $elements[$comment['image_id']]['file'],
385            )
386          );
387
388    $tpl_comment =
389      array(
390        'U_PICTURE' => $url,
391        'TN_SRC' => $thumbnail_src,
392        'ALT' => $name,
393        'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
394        'DATE'=>format_date($comment['date'], true),
395        'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
396        );
397
398    if (can_manage_comment('delete', $comment['author_id']))
399    {
400      $url = get_root_url().'comments.php'
401        .get_query_string_diff(array('delete','validate','edit'));
402      $tpl_comment['U_DELETE'] =
403        add_url_params($url,
404                       array('delete'=>$comment['comment_id'])
405                       );
406    }
407    if (can_manage_comment('edit', $comment['author_id']))
408    {
409      $url = get_root_url().'comments.php'
410        .get_query_string_diff(array('edit', 'delete','validate'));
411      $tpl_comment['U_EDIT'] =
412        add_url_params($url,
413                       array('edit'=>$comment['comment_id'])
414                       );
415      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
416      {
417        $tpl_comment['IN_EDIT'] = true;
418        $key = get_comment_post_key($comment['image_id']);
419        $tpl_comment['KEY'] = $key;
420        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
421        $tpl_comment['CONTENT'] = $comment['content'];
422      }
423    }
424
425    if ( is_admin() && $comment['validated'] != 'true')
426    {
427      $tpl_comment['U_VALIDATE'] =
428        add_url_params($url,
429                       array('validate'=>$comment['comment_id'])
430                       );
431    }
432    $template->append('comments', $tpl_comment);
433  }
434}
435// +-----------------------------------------------------------------------+
436// |                           html code display                           |
437// +-----------------------------------------------------------------------+
438include(PHPWG_ROOT_PATH.'include/page_header.php');
439$template->pparse('comments');
440include(PHPWG_ROOT_PATH.'include/page_tail.php');
441?>
Note: See TracBrowser for help on using the repository browser.