Context Navigation

source: trunk/include/picture_comment.inc.php @ 1685

Last change on this file since 1685 was 1617, checked in by rvelices, 18 years ago
feature 440: send mail to admin when comment is entered
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 9.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-11-22 04:41:25 +0000 (Wed, 22 Nov 2006) $
10	// \| last modifier : $Author: rvelices $
11	// \| revision : $Revision: 1617 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	/**
29	* This file is included by the picture page to manage user comments
30	*
31	*/
32	//returns string action to perform on a new comment: validate, moderate, reject
33	function user_comment_check($action, $comment, $picture)
34	{
35	global $conf,$user;
36
37	if ($action=='reject')
38	return $action;
39
40	$my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
41	if ($action==$my_action)
42	return $action;
43
44	// we do here only BASIC spam check (plugins can do more)
45	if ( !$user['is_the_guest'] )
46	return $action;
47
48	$link_count = preg_match_all( '/https?:\/\//',
49	$comment['content'], $matches);
50
51	if ( $link_count>$conf['comment_spam_max_links'] )
52	return $my_action;
53
54	if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] )
55	{
56	$rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
57	$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
58	$res = gethostbyname( $lookup );
59	if ( $lookup != $res )
60	return $my_action;
61	}
62
63	return $action;
64	}
65
66
67
68	add_event_handler('user_comment_check', 'user_comment_check',
69	EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
70
71
72	// the picture is commentable if it belongs at least to one category which
73	// is commentable
74	$page['show_comments'] = false;
75	foreach ($related_categories as $category)
76	{
77	if ($category['commentable'] == 'true')
78	{
79	$page['show_comments'] = true;
80	break;
81	}
82	}
83
84	if ( $page['show_comments'] and isset( $_POST['content'] ) )
85	{
86	if ( $user['is_the_guest'] and !$conf['comments_forall'] )
87	{
88	die ('Session expired');
89	}
90	if (!$conf['comments_validation'] or is_admin())
91	{
92	$comment_action='validate'; //one of validate, moderate, reject
93	}
94	else
95	{
96	$comment_action='moderate'; //one of validate, moderate, reject
97	}
98
99	$_POST['content'] = trim( stripslashes($_POST['content']) );
100
101	if ( $user['is_the_guest'] )
102	{
103	$author = empty($_POST['author'])?'guest':$_POST['author'];
104	// if a guest try to use the name of an already existing user, he must be
105	// rejected
106	if ( $author != 'guest' )
107	{
108	$query = 'SELECT COUNT(*) AS user_exists';
109	$query.= ' FROM '.USERS_TABLE;
110	$query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
111	$query.= ';';
112	$row = mysql_fetch_assoc( pwg_query( $query ) );
113	if ( $row['user_exists'] == 1 )
114	{
115	$template->assign_block_vars(
116	'information',
117	array('INFORMATION'=>$lang['comment_user_exists']));
118	$comment_action='reject';
119	}
120	}
121	}
122	else
123	{
124	$author = $user['username'];
125	}
126
127	$comm = array(
128	'author' => $author,
129	'content' => $_POST['content'],
130	'image_id' => $page['image_id'],
131	'ip' => $_SERVER['REMOTE_ADDR'],
132	'agent' => $_SERVER['HTTP_USER_AGENT']
133	);
134
135	if ($comment_action!='reject' and empty($comm['content']) )
136	{ // empty comment content
137	$comment_action='reject';
138	}
139
140	if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
141	{ // anti-flood system
142	$reference_date = time() - $conf['anti-flood_time'];
143	$query = 'SELECT id FROM '.COMMENTS_TABLE;
144	$query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
145	$query.= " AND author = '".$comm['author']."'";
146	$query.= ';';
147	if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
148	{
149	$template->assign_block_vars(
150	'information',
151	array('INFORMATION'=>$lang['comment_anti-flood']));
152	$comment_action='reject';
153	}
154	}
155
156	// perform more spam check
157	$comment_action = trigger_event('user_comment_check',
158	$comment_action, $comm, $picture['current']
159	);
160
161	if ( $comment_action!='reject' )
162	{
163	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
164
165	$data = $comm;
166	$data['date'] = $dbnow;
167	$data['content'] = addslashes(
168	// this htmlpsecialchars is not good here
169	htmlspecialchars($comm['content'],ENT_QUOTES)
170	);
171
172	if ($comment_action=='validate')
173	{
174	$data['validated'] = 'true';
175	$data['validation_date'] = $dbnow;
176	}
177	else
178	{
179	$data['validated'] = 'false';
180	}
181
182	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
183	$fields = array('author', 'date', 'image_id', 'content', 'validated',
184	'validation_date');
185	mass_inserts(COMMENTS_TABLE, $fields, array($data));
186	$comm['id'] = mysql_insert_id();
187
188	// information message
189	$message = $lang['comment_added'];
190	if ($comment_action!='validate')
191	{
192	$message.= '<br />'.$lang['comment_to_validate'];
193	}
194	$template->assign_block_vars('information',
195	array('INFORMATION'=>$message));
196	if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
197	or $conf['email_admin_on_comment_validation'] )
198	{
199	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
200
201	$del_url = get_host_url().cookie_path()
202	.'comments.php?delete='.$comm['id'];
203
204	$content =
205	'Author: '.$comm['author']."\n"
206	.'Comment: '.$comm['content']."\n"
207	.'IP: '.$comm['ip']."\n"
208	.'Browser: '.$comm['agent']."\n\n"
209	.'Delete: '.$del_url."\n";
210	if ($comment_action!='validate')
211	{
212	$content .=
213	'Validate: '.get_host_url().cookie_path()
214	.'comments.php?validate='.$comm['id'];
215	}
216	pwg_mail( get_webmaster_mail_address(), '',
217	'PWG comment by '.$comm['author'],
218	$content
219	);
220	}
221	}
222	else
223	{
224	$template->assign_block_vars('information',
225	array('INFORMATION'=>l10n('comment_not_added') )
226	);
227	}
228
229	// allow plugins to notify what's going on
230	trigger_action( 'user_comment_insertion',
231	array_merge($comm, array('action'=>$comment_action) )
232	);
233	}
234
235
236	if ($page['show_comments'])
237	{
238	// number of comment for this picture
239	$query = 'SELECT COUNT(*) AS nb_comments';
240	$query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$page['image_id'];
241	$query.= " AND validated = 'true'";
242	$query.= ';';
243	$row = mysql_fetch_array( pwg_query( $query ) );
244
245	// navigation bar creation
246	if (!isset($page['start']))
247	{
248	$page['start'] = 0;
249	}
250
251	$page['navigation_bar'] = create_navigation_bar(
252	duplicate_picture_url(array(), array('start')),
253	$row['nb_comments'],
254	$page['start'],
255	$conf['nb_comment_page'],
256	true // We want a clean URL
257	);
258
259	$template->assign_block_vars(
260	'comments',
261	array(
262	'NB_COMMENT' => $row['nb_comments'],
263	'NAV_BAR' => $page['navigation_bar'],
264	)
265	);
266
267	if ($row['nb_comments'] > 0)
268	{
269	$query = '
270	SELECT id,author,date,image_id,content
271	FROM '.COMMENTS_TABLE.'
272	WHERE image_id = '.$page['image_id'].'
273	AND validated = \'true\'
274	ORDER BY date ASC
275	LIMIT '.$page['start'].', '.$conf['nb_comment_page'].'
276	;';
277	$result = pwg_query( $query );
278
279	while ($row = mysql_fetch_array($result))
280	{
281	$template->assign_block_vars(
282	'comments.comment',
283	array(
284	'COMMENT_AUTHOR' => empty($row['author'])
285	? $lang['guest']
286	: $row['author'],
287
288	'COMMENT_DATE' => format_date(
289	$row['date'],
290	'mysql_datetime',
291	true),
292
293	'COMMENT' => trigger_event('render_comment_content',$row['content']),
294	)
295	);
296
297	if (is_admin())
298	{
299	$template->assign_block_vars(
300	'comments.comment.delete',
301	array(
302	'U_COMMENT_DELETE' =>
303	add_url_params(
304	$url_self,
305	array(
306	'action'=>'delete_comment',
307	'comment_to_delete'=>$row['id']
308	)
309	)
310	)
311	);
312	}
313	}
314	}
315
316	if (!$user['is_the_guest']
317	or ($user['is_the_guest'] and $conf['comments_forall']))
318	{
319	$template->assign_block_vars('comments.add_comment', array());
320	// display author field if the user is not logged in
321	if ($user['is_the_guest'])
322	{
323	$template->assign_block_vars(
324	'comments.add_comment.author_field', array()
325	);
326	}
327	}
328	}
329
330	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: