Context Navigation

source: trunk/include/functions_comment.inc.php @ 14086

Last change on this file since 14086 was 13800, checked in by rvelices, 13 years ago
fix email on comment requiring validation even if the options is unchecked
Property svn:eol-style set to `LF`
File size: 11.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2012 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	//returns string action to perform on a new comment: validate, moderate, reject
25	function user_comment_check($action, $comment)
26	{
27	global $conf,$user;
28
29	if ($action=='reject')
30	return $action;
31
32	$my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
33
34	if ($action==$my_action)
35	return $action;
36
37	// we do here only BASIC spam check (plugins can do more)
38	if ( !is_a_guest() )
39	return $action;
40
41	$link_count = preg_match_all( '/https?:\/\//',
42	$comment['content'], $matches);
43
44	if ( strpos($comment['author'], 'http://')!==false )
45	{
46	$link_count++;
47	}
48
49	if ( $link_count>$conf['comment_spam_max_links'] )
50	{
51	$_POST['cr'][] = 'links';
52	return $my_action;
53	}
54	return $action;
55	}
56
57
58	add_event_handler('user_comment_check', 'user_comment_check',
59	EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
60
61	/**
62	* Tries to insert a user comment in the database and returns one of :
63	* validate, moderate, reject
64	* @param array comm contains author, content, image_id
65	* @param string key secret key sent back to the browser
66	* @param array infos out array of messages
67	*/
68	function insert_user_comment( &$comm, $key, &$infos )
69	{
70	global $conf, $user;
71
72	$comm = array_merge( $comm,
73	array(
74	'ip' => $_SERVER['REMOTE_ADDR'],
75	'agent' => $_SERVER['HTTP_USER_AGENT']
76	)
77	);
78
79	$infos = array();
80	if (!$conf['comments_validation'] or is_admin())
81	{
82	$comment_action='validate'; //one of validate, moderate, reject
83	}
84	else
85	{
86	$comment_action='moderate'; //one of validate, moderate, reject
87	}
88
89	// display author field if the user status is guest or generic
90	if (!is_classic_user())
91	{
92	if ( empty($comm['author']) )
93	{
94	$comm['author'] = 'guest';
95	}
96	$comm['author_id'] = $conf['guest_id'];
97	// if a guest try to use the name of an already existing user, he must be
98	// rejected
99	if ( $comm['author'] != 'guest' )
100	{
101	$query = '
102	SELECT COUNT(*) AS user_exists
103	FROM '.USERS_TABLE.'
104	WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
105	$row = pwg_db_fetch_assoc( pwg_query( $query ) );
106	if ( $row['user_exists'] == 1 )
107	{
108	array_push($infos, l10n('This login is already used by another user') );
109	$comment_action='reject';
110	}
111	}
112	}
113	else
114	{
115	$comm['author'] = addslashes($user['username']);
116	$comm['author_id'] = $user['id'];
117	}
118
119	if ( empty($comm['content']) )
120	{ // empty comment content
121	$comment_action='reject';
122	}
123
124	if ( !verify_ephemeral_key(@$key, $comm['image_id']) )
125	{
126	$comment_action='reject';
127	$_POST['cr'][] = 'key'; // rvelices: I use this outside to see how spam robots work
128	}
129
130	if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
131	{ // anti-flood system
132	$reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
133
134	$query = '
135	SELECT count(1) FROM '.COMMENTS_TABLE.'
136	WHERE date > '.$reference_date.'
137	AND author_id = '.$comm['author_id'];
138	list($counter) = pwg_db_fetch_row(pwg_query($query));
139	if ( $counter > 0 )
140	{
141	array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
142	$comment_action='reject';
143	}
144	}
145
146	// perform more spam check
147	$comment_action = trigger_event('user_comment_check',
148	$comment_action, $comm
149	);
150
151	if ( $comment_action!='reject' )
152	{
153	$query = '
154	INSERT INTO '.COMMENTS_TABLE.'
155	(author, author_id, content, date, validated, validation_date, image_id)
156	VALUES (
157	\''.$comm['author'].'\',
158	'.$comm['author_id'].',
159	\''.$comm['content'].'\',
160	NOW(),
161	\''.($comment_action=='validate' ? 'true':'false').'\',
162	'.($comment_action=='validate' ? 'NOW()':'NULL').',
163	'.$comm['image_id'].'
164	)
165	';
166
167	pwg_query($query);
168
169	$comm['id'] = pwg_db_insert_id(COMMENTS_TABLE);
170
171	if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
172	or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
173	{
174	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
175
176	$comment_url = get_absolute_root_url().'comments.php?comment_id='.$comm['id'];
177
178	$keyargs_content = array
179	(
180	get_l10n_args('Author: %s', stripslashes($comm['author']) ),
181	get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
182	get_l10n_args('', ''),
183	get_l10n_args('Manage this user comment: %s', $comment_url)
184	);
185
186	if ('moderate' == $comment_action)
187	{
188	$keyargs_content[] = get_l10n_args('', '');
189	$keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
190	}
191
192	pwg_mail_notification_admins
193	(
194	get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
195	$keyargs_content
196	);
197	}
198	}
199	return $comment_action;
200	}
201
202	/**
203	* Tries to delete a user comment in the database
204	* only admin can delete all comments
205	* other users can delete their own comments
206	* so to avoid a new sql request we add author in where clause
207	*
208	* @param int or array of int comment_id
209	*/
210	function delete_user_comment($comment_id)
211	{
212	$user_where_clause = '';
213	if (!is_admin())
214	{
215	$user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
216	}
217
218	if (is_array($comment_id))
219	$where_clause = 'id IN('.implode(',', $comment_id).')';
220	else
221	$where_clause = 'id = '.$comment_id;
222
223	$query = '
224	DELETE FROM '.COMMENTS_TABLE.'
225	WHERE '.$where_clause.
226	$user_where_clause.'
227	;';
228	$result = pwg_query($query);
229
230	if ($result)
231	{
232	email_admin('delete',
233	array('author' => $GLOBALS['user']['username'],
234	'comment_id' => $comment_id
235	));
236	}
237
238	trigger_action('user_comment_deletion', $comment_id);
239	}
240
241	/**
242	* Tries to update a user comment in the database
243	* only admin can update all comments
244	* users can edit their own comments if admin allow them
245	* so to avoid a new sql request we add author in where clause
246	*
247	* @param comment_id
248	* @param post_key
249	* @param content
250	*/
251
252	function update_user_comment($comment, $post_key)
253	{
254	global $conf;
255
256	$comment_action = 'validate';
257
258	if ( !verify_ephemeral_key($post_key, $comment['image_id']) )
259	{
260	$comment_action='reject';
261	}
262	elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
263	{
264	$comment_action='validate'; //one of validate, moderate, reject
265	}
266	else
267	{
268	$comment_action='moderate'; //one of validate, moderate, reject
269	}
270
271	// perform more spam check
272	$comment_action =
273	trigger_event('user_comment_check',
274	$comment_action,
275	array_merge($comment,
276	array('author' => $GLOBALS['user']['username'])
277	)
278	);
279
280	if ( $comment_action!='reject' )
281	{
282	$user_where_clause = '';
283	if (!is_admin())
284	{
285	$user_where_clause = ' AND author_id = \''.
286	$GLOBALS['user']['id'].'\'';
287	}
288
289	$query = '
290	UPDATE '.COMMENTS_TABLE.'
291	SET content = \''.$comment['content'].'\',
292	validated = \''.($comment_action=='validate' ? 'true':'false').'\',
293	validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
294	WHERE id = '.$comment['comment_id'].
295	$user_where_clause.'
296	;';
297	$result = pwg_query($query);
298
299	// mail admin and ask to validate the comment
300	if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action)
301	{
302	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
303
304	$comment_url = get_absolute_root_url().'comments.php?comment_id='.$comment['comment_id'];
305
306	$keyargs_content = array
307	(
308	get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
309	get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
310	get_l10n_args('', ''),
311	get_l10n_args('Manage this user comment: %s', $comment_url),
312	get_l10n_args('', ''),
313	get_l10n_args('(!) This comment requires validation', ''),
314	);
315
316	pwg_mail_notification_admins
317	(
318	get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
319	$keyargs_content
320	);
321	}
322	// just mail admin
323	else if ($result)
324	{
325	email_admin('edit', array('author' => $GLOBALS['user']['username'],
326	'content' => stripslashes($comment['content'])) );
327	}
328	}
329
330	return $comment_action;
331	}
332
333	function email_admin($action, $comment)
334	{
335	global $conf;
336
337	if (!in_array($action, array('edit', 'delete'))
338	or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
339	or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
340	{
341	return;
342	}
343
344	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
345
346	$keyargs_content = array();
347	$keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
348	if ($action=='delete')
349	{
350	$keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
351	$comment['comment_id']
352	);
353	}
354	else
355	{
356	$keyargs_content[] = get_l10n_args('This author modified following comment:', '');
357	$keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
358	}
359
360	pwg_mail_notification_admins(get_l10n_args('Comment by %s',
361	$comment['author']),
362	$keyargs_content
363	);
364	}
365
366	function get_comment_author_id($comment_id, $die_on_error=true)
367	{
368	$query = '
369	SELECT
370	author_id
371	FROM '.COMMENTS_TABLE.'
372	WHERE id = '.$comment_id.'
373	;';
374	$result = pwg_query($query);
375	if (pwg_db_num_rows($result) == 0)
376	{
377	if ($die_on_error)
378	{
379	fatal_error('Unknown comment identifier');
380	}
381	else
382	{
383	return false;
384	}
385	}
386
387	list($author_id) = pwg_db_fetch_row($result);
388
389	return $author_id;
390	}
391
392	/**
393	* Tries to validate a user comment in the database
394	* @param int or array of int comment_id
395	*/
396	function validate_user_comment($comment_id)
397	{
398	if (is_array($comment_id))
399	$where_clause = 'id IN('.implode(',', $comment_id).')';
400	else
401	$where_clause = 'id = '.$comment_id;
402
403	$query = '
404	UPDATE '.COMMENTS_TABLE.'
405	SET validated = \'true\'
406	, validation_date = NOW()
407	WHERE '.$where_clause.'
408	;';
409	pwg_query($query);
410
411	trigger_action('user_comment_validation', $comment_id);
412	}
413	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: