Context Navigation

source: trunk/include/functions_comment.inc.php @ 6316

Last change on this file since 6316 was 6316, checked in by plg, 14 years ago

merge r6313 from branch 2.1 to trunk

bug 1685 fixed: typo on identification.php link

Property svn:eol-style set to LF
Property svn:mergeinfo set to
/branches/2.0/include/functions_comment.inc.php merged eligible
/branches/2.1/include/functions_comment.inc.php merged eligible

File size: 10.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	//returns string action to perform on a new comment: validate, moderate, reject
25	function user_comment_check($action, $comment)
26	{
27	global $conf,$user;
28
29	if ($action=='reject')
30	return $action;
31
32	$my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
33
34	if ($action==$my_action)
35	return $action;
36
37	// we do here only BASIC spam check (plugins can do more)
38	if ( !is_a_guest() )
39	return $action;
40
41	$link_count = preg_match_all( '/https?:\/\//',
42	$comment['content'], $matches);
43
44	if ( strpos($comment['author'], 'http://')!==false )
45	{
46	$link_count++;
47	}
48
49	if ( $link_count>$conf['comment_spam_max_links'] )
50	return $my_action;
51
52	return $action;
53	}
54
55
56	add_event_handler('user_comment_check', 'user_comment_check',
57	EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
58
59	/**
60	* Tries to insert a user comment in the database and returns one of :
61	* validate, moderate, reject
62	* @param array comm contains author, content, image_id
63	* @param string key secret key sent back to the browser
64	* @param array infos out array of messages
65	*/
66	function insert_user_comment( &$comm, $key, &$infos )
67	{
68	global $conf, $user;
69
70	$comm = array_merge( $comm,
71	array(
72	'ip' => $_SERVER['REMOTE_ADDR'],
73	'agent' => $_SERVER['HTTP_USER_AGENT']
74	)
75	);
76
77	$infos = array();
78	if (!$conf['comments_validation'] or is_admin())
79	{
80	$comment_action='validate'; //one of validate, moderate, reject
81	}
82	else
83	{
84	$comment_action='moderate'; //one of validate, moderate, reject
85	}
86
87	// display author field if the user status is guest or generic
88	if (!is_classic_user())
89	{
90	if ( empty($comm['author']) )
91	{
92	$comm['author'] = 'guest';
93	}
94	$comm['author_id'] = $conf['guest_id'];
95	// if a guest try to use the name of an already existing user, he must be
96	// rejected
97	if ( $comm['author'] != 'guest' )
98	{
99	$query = '
100	SELECT COUNT(*) AS user_exists
101	FROM '.USERS_TABLE.'
102	WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
103	$row = pwg_db_fetch_assoc( pwg_query( $query ) );
104	if ( $row['user_exists'] == 1 )
105	{
106	array_push($infos, l10n('This login is already used by another user') );
107	$comment_action='reject';
108	}
109	}
110	}
111	else
112	{
113	$comm['author'] = addslashes($user['username']);
114	$comm['author_id'] = $user['id'];
115	}
116
117	if ( empty($comm['content']) )
118	{ // empty comment content
119	$comment_action='reject';
120	}
121
122	$key = explode( ':', @$key );
123	if ( count($key)!=2
124	or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
125	or $key[0]<time()-3600 // 60 minutes expiration
126	or hash_hmac(
127	'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
128	) != $key[1]
129	)
130	{
131	$comment_action='reject';
132	}
133
134	if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
135	{ // anti-flood system
136	$reference_date = time() - $conf['anti-flood_time'];
137	$query = '
138	SELECT id FROM '.COMMENTS_TABLE.'
139	WHERE date > FROM_UNIXTIME('.$reference_date.')
140	AND author_id = '.$comm['author_id'];
141	if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 )
142	{
143	array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
144	$comment_action='reject';
145	}
146	}
147
148	// perform more spam check
149	$comment_action = trigger_event('user_comment_check',
150	$comment_action, $comm
151	);
152
153	if ( $comment_action!='reject' )
154	{
155	$query = '
156	INSERT INTO '.COMMENTS_TABLE.'
157	(author, author_id, content, date, validated, validation_date, image_id)
158	VALUES (
159	"'.$comm['author'].'",
160	'.$comm['author_id'].',
161	"'.$comm['content'].'",
162	NOW(),
163	"'.($comment_action=='validate' ? 'true':'false').'",
164	'.($comment_action=='validate' ? 'NOW()':'NULL').',
165	'.$comm['image_id'].'
166	)
167	';
168
169	pwg_query($query);
170
171	$comm['id'] = pwg_db_insert_id(COMMENTS_TABLE);
172
173	if ($conf['email_admin_on_comment']
174	or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
175	{
176	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
177
178	$comment_url = get_absolute_root_url().'comments.php?comment_id='.$comm['id'];
179
180	$keyargs_content = array
181	(
182	get_l10n_args('Author: %s', stripslashes($comm['author']) ),
183	get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
184	get_l10n_args('', ''),
185	get_l10n_args('Manage this user comment: %s', $comment_url)
186	);
187
188	if ('moderate' == $comment_action)
189	{
190	$keyargs_content[] = get_l10n_args('', '');
191	$keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
192	}
193
194	pwg_mail_notification_admins
195	(
196	get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
197	$keyargs_content
198	);
199	}
200	}
201	return $comment_action;
202	}
203
204	/**
205	* Tries to delete a user comment in the database
206	* only admin can delete all comments
207	* other users can delete their own comments
208	* so to avoid a new sql request we add author in where clause
209	*
210	* @param comment_id
211	*/
212	function delete_user_comment($comment_id) {
213	$user_where_clause = '';
214	if (!is_admin())
215	{
216	$user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
217	}
218	$query = '
219	DELETE FROM '.COMMENTS_TABLE.'
220	WHERE id = '.$comment_id.
221	$user_where_clause.'
222	;';
223	$result = pwg_query($query);
224	if ($result) {
225	email_admin('delete',
226	array('author' => $GLOBALS['user']['username'],
227	'comment_id' => $comment_id
228	));
229	}
230	}
231
232	/**
233	* Tries to update a user comment in the database
234	* only admin can update all comments
235	* users can edit their own comments if admin allow them
236	* so to avoid a new sql request we add author in where clause
237	*
238	* @param comment_id
239	* @param post_key
240	* @param content
241	*/
242
243	function update_user_comment($comment, $post_key)
244	{
245	global $conf;
246
247	$comment_action = 'validate';
248
249	$key = explode( ':', $post_key );
250	if ( count($key)!=2
251	or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
252	or $key[0]<time()-3600 // 60 minutes expiration
253	or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key']
254	) != $key[1]
255	)
256	{
257	$comment_action='reject';
258	}
259
260	/* ? this is a MySql Error - author_id is not defined
261	if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
262	{ // anti-flood system
263	$reference_date = time() - $conf['anti-flood_time'];
264	$query = '
265	SELECT id FROM '.COMMENTS_TABLE.'
266	WHERE date > FROM_UNIXTIME('.$reference_date.')
267	AND author_id = '.$comm['author_id'];
268	if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 )
269	{
270	//?? array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
271	$comment_action='reject';
272	}
273	}
274	*/
275	// perform more spam check
276	$comment_action =
277	trigger_event('user_comment_check',
278	$comment_action,
279	array_merge($comment,
280	array('author' => $GLOBALS['user']['username'])
281	)
282	);
283
284	if ( $comment_action!='reject' )
285	{
286	$user_where_clause = '';
287	if (!is_admin())
288	{
289	$user_where_clause = ' AND author_id = \''.
290	$GLOBALS['user']['id'].'\'';
291	}
292	$query = '
293	UPDATE '.COMMENTS_TABLE.'
294	SET content = \''.$comment['content'].'\',
295	validation_date = now()
296	WHERE id = '.$comment['comment_id'].
297	$user_where_clause.'
298	;';
299	$result = pwg_query($query);
300	if ($result) {
301	email_admin('edit', array('author' => $GLOBALS['user']['username'],
302	'content' => stripslashes($comment['content'])) );
303	}
304	}
305	}
306
307	function email_admin($action, $comment)
308	{
309	global $conf;
310
311	if (!in_array($action, array('edit', 'delete'))
312	or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
313	or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
314	{
315	return;
316	}
317
318	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
319
320	$keyargs_content = array();
321	$keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
322	if ($action=='delete')
323	{
324	$keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
325	$comment['comment_id']
326	);
327	}
328	else
329	{
330	$keyargs_content[] = get_l10n_args('This author modified following comment:', '');
331	$keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
332	}
333
334	pwg_mail_notification_admins(get_l10n_args('Comment by %s',
335	$comment['author']),
336	$keyargs_content
337	);
338	}
339
340	function get_comment_author_id($comment_id, $die_on_error=true)
341	{
342	$query = '
343	SELECT
344	author_id
345	FROM '.COMMENTS_TABLE.'
346	WHERE id = '.$comment_id.'
347	;';
348	$result = pwg_query($query);
349	if (pwg_db_num_rows($result) == 0)
350	{
351	if ($die_on_error)
352	{
353	fatal_error('Unknown comment identifier');
354	}
355	else
356	{
357	return false;
358	}
359	}
360
361	list($author_id) = pwg_db_fetch_row($result);
362
363	return $author_id;
364	}
365
366	function validate_user_comment($comment_id)
367	{
368	$query = '
369	UPDATE '.COMMENTS_TABLE.'
370	SET validated = "true"
371	, validation_date = NOW()
372	WHERE id = '.$comment_id.'
373	;';
374	pwg_query($query);
375	}
376	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: