Changeset 3445


Ignore:
Timestamp:
06/23/09 15:44:58 (11 years ago)
Author:
nikrou
Message:

Feature 1026 : Modify / delete comments for users

+ update config table content
+ minor modification of Sylvia theme
+ need refactoring

Location:
trunk
Files:
3 added
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/configuration.php

    r3282 r3445  
    7070    'email_admin_on_comment', 
    7171    'email_admin_on_comment_validation', 
     72    'user_can_delete_comment', 
     73    'user_can_edit_comment', 
     74    'email_admin_on_comment_edition', 
     75    'email_admin_on_comment_deletion' 
    7276  ); 
    7377 
  • trunk/admin/template/goto/configuration.tpl

    r3283 r3445  
    144144      </label> 
    145145    </li> 
     146 
     147    <li> 
     148      <label> 
     149        <span class="property">{'Allow users to edit theirs owns comments'|@translate}</span> 
     150        <input type="checkbox" name="user_can_edit_comment" {if ($comments.user_can_edit_comment)}checked="checked"{/if}> 
     151      </label> 
     152    </li> 
     153    <li> 
     154      <label> 
     155        <span class="property">{'Allow users to delete theirs owns comments'|@translate}</span> 
     156        <input type="checkbox" name="user_can_delete_comment" {if ($comments.user_can_delete_comment)}checked="checked"{/if}> 
     157      </label> 
     158    </li> 
     159    <li> 
     160      <label> 
     161        <span class="property">{'Email administrators when a comment is modified'|@translate}</span> 
     162        <input type="checkbox" name="email_admin_on_comment_edition" {if ($comments.email_admin_on_comment_edition)}checked="checked"{/if}> 
     163      </label> 
     164    </li> 
     165    <li> 
     166      <label> 
     167        <span class="property">{'Email administrators when a comment is deleted'|@translate}</span> 
     168        <input type="checkbox" name="email_admin_on_comment_deletion" {if ($comments.email_admin_on_comment_deletion)}checked="checked"{/if}> 
     169      </label> 
     170    </li> 
     171 
    146172  </ul> 
    147173</fieldset> 
  • trunk/comments.php

    r3405 r3445  
    2727define('PHPWG_ROOT_PATH','./'); 
    2828include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); 
     29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 
    2930 
    3031// +-----------------------------------------------------------------------+ 
     
    143144// +-----------------------------------------------------------------------+ 
    144145if (isset($_GET['delete']) and is_numeric($_GET['delete']) 
    145       and !is_adviser() ) 
     146    and (is_admin() || $conf['user_can_delete_comment'])) 
    146147{// comments deletion 
    147   check_status(ACCESS_ADMINISTRATOR); 
    148   $query = ' 
    149 DELETE FROM '.COMMENTS_TABLE.' 
    150   WHERE id='.$_GET['delete'].' 
    151 ;'; 
    152   pwg_query($query); 
     148  delete_user_comment($_GET['delete']); 
    153149} 
    154150 
     
    164160;'; 
    165161  pwg_query($query); 
     162} 
     163 
     164if (isset($_GET['edit']) and is_numeric($_GET['edit']) 
     165    and (is_admin() || $conf['user_can_edit_comment'])) 
     166{ 
     167  if (!empty($_POST['content']))  
     168  { 
     169    update_user_comment(array('comment_id' => $_GET['edit'],  
     170                              'image_id' => $_POST['image_id'], 
     171                              'content' => $_POST['content']), 
     172                        $_POST['key'] 
     173                        );  
     174 
     175    $edit_comment = null; 
     176  } 
     177  else  
     178  { 
     179    $edit_comment = $_GET['edit']; 
     180  } 
    166181} 
    167182 
     
    368383        ); 
    369384 
    370     if ( is_admin() ) 
    371     { 
    372       $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate')); 
    373       $tpl_comment['U_DELETE'] = add_url_params($url, 
    374                           array('delete'=>$comment['comment_id']) 
    375                          ); 
    376  
    377       if ($comment['validated'] != 'true') 
     385    if (can_manage_comment('delete', $comment['author']))  
     386    { 
     387      $url = get_root_url().'comments.php' 
     388        .get_query_string_diff(array('delete','validate','edit')); 
     389      $tpl_comment['U_DELETE'] =  
     390        add_url_params($url, 
     391                       array('delete'=>$comment['comment_id']) 
     392                       ); 
     393    } 
     394    if (can_manage_comment('edit', $comment['author'])) 
     395    { 
     396      $url = get_root_url().'comments.php' 
     397        .get_query_string_diff(array('edit', 'delete','validate')); 
     398      $tpl_comment['U_EDIT'] =  
     399        add_url_params($url, 
     400                       array('edit'=>$comment['comment_id']) 
     401                       ); 
     402      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))  
    378403      { 
    379         $tpl_comment['U_VALIDATE'] = add_url_params($url, 
    380                             array('validate'=>$comment['comment_id']) 
    381                            ); 
     404        $tpl_comment['IN_EDIT'] = true; 
     405        $key = get_comment_post_key($comment['image_id']); 
     406        $tpl_comment['KEY'] = $key; 
     407        $tpl_comment['IMAGE_ID'] = $comment['image_id']; 
     408        $tpl_comment['CONTENT'] = $comment['content']; 
    382409      } 
     410    } 
     411 
     412    if ( is_admin() && $comment['validated'] != 'true') 
     413    { 
     414      $tpl_comment['U_VALIDATE'] =  
     415        add_url_params($url, 
     416                       array('validate'=>$comment['comment_id']) 
     417                       ); 
    383418    } 
    384419    $template->append('comments', $tpl_comment); 
  • trunk/include/functions_comment.inc.php

    r3282 r3445  
    206206} 
    207207 
     208/** 
     209 * Tries to delete a user comment in the database 
     210 * only admin can delete all comments 
     211 * other users can delete their own comments  
     212 * so to avoid a new sql request we add author in where clause 
     213 * 
     214 * @param comment_id  
     215 */ 
     216 
     217function delete_user_comment($comment_id) { 
     218  $user_where_clause = ''; 
     219  if (!is_admin()) 
     220  { 
     221    $user_where_clause = '   AND author = \''.$GLOBALS['user']['username'].'\''; 
     222  } 
     223  $query = ' 
     224DELETE FROM '.COMMENTS_TABLE.' 
     225  WHERE id = '.$comment_id. 
     226$user_where_clause.' 
     227;'; 
     228  $result = pwg_query($query); 
     229  if ($result) { 
     230    email_admin('delete', array('author' => $GLOBALS['user']['username'])); 
     231  } 
     232} 
     233 
     234/** 
     235 * Tries to update a user comment in the database 
     236 * only admin can update all comments 
     237 * users can edit their own comments if admin allow them 
     238 * so to avoid a new sql request we add author in where clause 
     239 * 
     240 * @param comment_id  
     241 * @param post_key 
     242 * @param content 
     243 */ 
     244 
     245function update_user_comment($comment, $post_key) { 
     246  global $conf; 
     247 
     248  $comment_action = 'validate'; 
     249 
     250  $key = explode( ':', $post_key ); 
     251  if ( count($key)!=2 
     252       or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago 
     253       or $key[0]<time()-3600 // 60 minutes expiration 
     254       or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key'] 
     255                    ) != $key[1] 
     256       ) 
     257  { 
     258    $comment_action='reject'; 
     259  } 
     260 
     261  if ($comment_action!='reject' and $conf['anti-flood_time']>0 ) 
     262  { // anti-flood system 
     263    $reference_date = time() - $conf['anti-flood_time']; 
     264    $query = ' 
     265SELECT id FROM '.COMMENTS_TABLE.' 
     266  WHERE date > FROM_UNIXTIME('.$reference_date.') 
     267    AND author = "'.$GLOBALS['user']['username'].'"'; 
     268    if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) 
     269    { 
     270      array_push( $infos, l10n('comment_anti-flood') ); 
     271      $comment_action='reject'; 
     272    } 
     273  } 
     274 
     275  // perform more spam check 
     276  $comment_action =  
     277    trigger_event('user_comment_check', 
     278                  $comment_action,  
     279                  array_merge($comment,  
     280                              array('author' => $GLOBALS['user']['username']) 
     281                              ) 
     282                  ); 
     283 
     284  if ( $comment_action!='reject' ) 
     285  { 
     286    $user_where_clause = ''; 
     287    if (!is_admin()) 
     288    { 
     289      $user_where_clause = '   AND author = \''. 
     290        $GLOBALS['user']['username'].'\''; 
     291    } 
     292    $query = ' 
     293UPDATE '.COMMENTS_TABLE.' 
     294  SET content = \''.$comment['content'].'\', 
     295      validation_date = now() 
     296  WHERE id = '.$comment['comment_id']. 
     297$user_where_clause.' 
     298;'; 
     299    $result = pwg_query($query); 
     300    if ($result) { 
     301      email_admin('edit', array('author' => $GLOBALS['user']['username'], 
     302                                'content' => $comment['content'])); 
     303    } 
     304  } 
     305} 
     306 
     307function email_admin($action, $comment) { 
     308  global $conf; 
     309 
     310  if (!in_array($action, array('edit', 'delete')) 
     311      or (($action=='edit') and !$conf['email_admin_on_comment_edition']) 
     312      or (($action=='delete') and !$conf['email_admin_on_comment_deletion'])) 
     313  { 
     314    return; 
     315  } 
     316 
     317  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 
     318   
     319  $keyargs_content = array(); 
     320  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']); 
     321  if ($action=='delete')  
     322  { 
     323    $keyargs_content[] = get_l10n_args('This author remove comment with id %d', 
     324                                       $comment['comment_id'] 
     325                                       ); 
     326  } 
     327  else 
     328  { 
     329    $keyargs_content[] = get_l10n_args('This author modified following comment:', ''); 
     330    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); 
     331  } 
     332   
     333  pwg_mail_notification_admins(get_l10n_args('Comment by %s',  
     334                                             $comment['author']), 
     335                               $keyargs_content 
     336                               ); 
     337} 
    208338?> 
  • trunk/include/functions_user.inc.php

    r3282 r3445  
    11961196 
    11971197  return ($user['adviser'] == 'true'); 
     1198} 
     1199 
     1200/* 
     1201 * Return if current user can edit/delete a comment 
     1202 * @param action edit/delete 
     1203 * @return bool 
     1204 */ 
     1205function can_manage_comment($action, $comment_author)  
     1206{ 
     1207  if (!in_array($action, array('delete','edit'))) { 
     1208    return false; 
     1209  } 
     1210  return (is_admin() ||  
     1211          (($GLOBALS['user']['username'] == $comment_author)  
     1212           && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)])); 
    11981213} 
    11991214 
  • trunk/include/picture_comment.inc.php

    r3409 r3445  
    152152        ); 
    153153 
     154      if (can_manage_comment('delete', $row['author'])) 
     155      { 
     156        $tpl_comment['U_DELETE'] = 
     157          add_url_params($url_self, 
     158                         array( 
     159                           'action'=>'delete_comment', 
     160                           'comment_to_delete'=>$row['id'] 
     161                               ) 
     162                         ); 
     163      } 
     164      if (can_manage_comment('edit', $row['author'])) 
     165      { 
     166        $tpl_comment['U_EDIT'] = 
     167          add_url_params($url_self, 
     168                         array( 
     169                           'action'=>'edit_comment', 
     170                           'comment_to_edit'=>$row['id'] 
     171                               ) 
     172                         ); 
     173        if (isset($edit_comment) and ($row['id'] == $edit_comment)) 
     174        { 
     175          $tpl_comment['IN_EDIT'] = true; 
     176          $key = get_comment_post_key($page['image_id']); 
     177          $tpl_comment['KEY'] = $key; 
     178          $tpl_comment['CONTENT'] = $row['content']; 
     179        } 
     180      } 
    154181      if (is_admin()) 
    155182      { 
    156         $tpl_comment['U_DELETE'] = 
    157             add_url_params( 
    158                   $url_self, 
    159                   array( 
    160                     'action'=>'delete_comment', 
    161                     'comment_to_delete'=>$row['id'] 
    162                   ) 
    163               ); 
    164183        if ($row['validated'] != 'true') 
    165184        { 
     
    177196 
    178197  if (!is_a_guest() 
    179       or (is_a_guest() and $conf['comments_forall'])) 
     198      or (is_a_guest() and $conf['comments_forall']) 
     199      and (isset($edit_comment) and ($edit_comment != null))) 
    180200  { 
    181201    $key = get_comment_post_key($page['image_id']); 
  • trunk/install/config.sql

    r3282 r3445  
    55INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_validation','false','administrators validate users comments before becoming visible'); 
    66INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_forall','false','even guest not registered can post comments'); 
     7INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_delete_comment','false','administrators can allow user delete their own comments'); 
     8INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_edit_comment','false','administrators can allow user edit their own comments'); 
     9INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_edition','false','Send an email to the administrators when a comment is modified'); 
     10INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_deletion','false','Send an email to the administrators when a comment is deleted'); 
    711INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_locked','false','Lock your gallery temporary for non admin users'); 
    812INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_title','Piwigo demonstration site','Title at top of each page and for RSS feed'); 
  • trunk/language/fr_FR/admin.lang.php

    r3382 r3445  
    7272$lang['Check for upgrade'] = 'Dernière version ?'; 
    7373$lang['Comments for all'] = 'Commentaires pour tous'; 
     74$lang['Allow users to edit theirs owns comments'] = 'Autoriser les utilisateurs à modifier leurs propres commentaires'; 
     75$lang['Allow users to delete theirs owns comments'] = 'Autoriser les utilisateurs à supprimer leurs propres commentaires'; 
     76$lang['Email administrators when a comment is modified'] = 'Notifier les administrateurs quand un commentaire est modifié'; 
     77$lang['Email administrators when a comment is deleted'] = 'Notifier les administrateurs quand un commentaire est supprimé'; 
    7478$lang['Controversy'] = 'Controverse'; 
    7579$lang['Current name'] = 'Nom courant'; 
  • trunk/language/fr_FR/common.lang.php

    r3282 r3445  
    161161$lang['comments'] = 'Commentaires'; 
    162162$lang['comments_add'] = 'Ajouter un commentaire'; 
     163$lang['Edit a comment'] = 'Editer un commentaire'; 
    163164$lang['created after %s (%s)'] = 'créée après le %s (%s)'; 
    164165$lang['created before %s (%s)'] = 'créée avant le %s (%s)'; 
  • trunk/picture.php

    r3409 r3445  
    2626include(PHPWG_ROOT_PATH.'include/section_init.inc.php'); 
    2727include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); 
     28include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 
    2829 
    2930// Check Access and exit when user status is not ok 
     
    308309      redirect($url_self); 
    309310    } 
     311    case 'edit_comment' : 
     312    { 
     313      if (isset($_GET['comment_to_edit']) 
     314          and is_numeric($_GET['comment_to_edit']) 
     315          and (is_admin() || $conf['user_can_edit_comment'])) 
     316      { 
     317        if (!empty($_POST['content']))  
     318        { 
     319          update_user_comment(array('comment_id' => $_GET['comment_to_edit'],  
     320                                    'image_id' => $page['image_id'], 
     321                                    'content' => $_POST['content']), 
     322                              $_POST['key'] 
     323                              );  
     324          redirect($url_self); 
     325        } else { 
     326          $edit_comment = $_GET['comment_to_edit']; 
     327          break; 
     328        } 
     329      } 
     330    } 
    310331    case 'delete_comment' : 
    311332    { 
    312333      if (isset($_GET['comment_to_delete']) 
    313334          and is_numeric($_GET['comment_to_delete']) 
    314           and is_admin() and !is_adviser() ) 
     335          and (is_admin() || $conf['user_can_delete_comment'])) 
    315336      { 
    316         $query = ' 
    317 DELETE FROM '.COMMENTS_TABLE.' 
    318   WHERE id = '.$_GET['comment_to_delete'].' 
    319 ;'; 
    320         pwg_query( $query ); 
     337        delete_user_comment($_GET['comment_to_delete']); 
    321338      } 
    322  
    323339      redirect($url_self); 
    324340    } 
     
    593609 
    594610 
    595  
    596611$page['body_id'] = 'thePicturePage'; 
    597612 
     
    948963$template->assign( 'ELEMENT_CONTENT', $element_content ); 
    949964 
    950  
    951965// +-----------------------------------------------------------------------+ 
    952966// |                               sub pages                               | 
  • trunk/template/yoga/comment_list.tpl

    r3282 r3445  
    33{foreach from=$comments item=comment name=comment_loop} 
    44<li> 
    5         <div class="thumbnailCategory {if $smarty.foreach.comment_loop.index is odd}odd{else}even{/if}"> 
     5  <div class="thumbnailCategory {if $smarty.foreach.comment_loop.index is odd}odd{else}even{/if}"> 
    66    {if isset($comment.TN_SRC)} 
    77    <div class="illustration"> 
     
    1111    </div> 
    1212    {/if} 
    13     <div class="description"> 
    14       {if isset($comment.U_DELETE) or isset($comment.U_VALIDATE) } 
     13    <div class="description" style="height:{if ($comment.IN_EDIT==1)}200{/if}px"> 
     14      {if isset($comment.U_DELETE) or isset($comment.U_VALIDATE) or isset($comment.U_EDIT) } 
    1515      <ul class="actions" style="float:right"> 
    1616        {if isset($comment.U_DELETE)} 
    1717        <li> 
    18           <a href="{$comment.U_DELETE}" title="{'delete this comment'|@translate}"> 
     18          <a href="{$comment.U_DELETE}" title="{'delete this comment'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:javascript}');"> 
    1919            <img src="{$ROOT_URL}{$themeconf.icon_dir}/delete.png" class="button" alt="[delete]"> 
     20          </a> 
     21        </li> 
     22        {/if} 
     23        {if isset($comment.U_EDIT) and ($comment.IN_EDIT!=1)} 
     24        <li> 
     25          <a class="editComment" href="{$comment.U_EDIT}#edit_comment" title="{'edit this comment'|@translate}"> 
     26            <img src="{$ROOT_URL}{$themeconf.icon_dir}/edit.png" class="button" alt="[edit]"> 
    2027          </a> 
    2128        </li> 
     
    3138      {/if} 
    3239      <span class="author">{$comment.AUTHOR}</span> - <span class="date">{$comment.DATE}</span> 
     40      {if ($comment.IN_EDIT==1)} 
     41      <a name="edit_comment"></a> 
     42      <form  method="post" action="{$comment.U_EDIT}" class="filter" id="editComment"> 
     43        <fieldset> 
     44          <legend>{'Edit a comment'|@translate}</legend> 
     45          <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label> 
     46          <input type="hidden" name="key" value="{$comment.KEY}"> 
     47          <input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}"> 
     48          <input class="submit" type="submit" value="{'Submit'|@translate}"> 
     49        </fieldset> 
     50      </form> 
     51      {else}       
    3352      <blockquote>{$comment.CONTENT}</blockquote> 
     53      {/if} 
    3454    </div> 
    3555  </div> 
    36 </li> 
    37 {if isset($comment_separator)} 
    38 <hr> 
    39 {/if} 
     56<li> 
    4057{/foreach} 
    4158</ul> 
  • trunk/template/yoga/picture.tpl

    r3283 r3445  
    258258 
    259259        {if isset($comments)} 
    260                 {include file='comment_list.tpl' comment_separator=true} 
     260                {include file='comment_list.tpl'} 
    261261        {/if} 
    262262 
  • trunk/template/yoga/theme/Sylvia/theme.css

    r3283 r3445  
    11.content div.thumbnailCategory div.illustration {  
    22        width:165px !important; /* Usable range 162px-360px , optimal : Thumbnail width + 40px */  
    3 } 
    4 .content div.thumbnailCategory {  
    5         height: 180px !important; /* Usable range 172px-250px , optimal : Thumbnail height + 30px */  
    6 } 
    7 .content div.thumbnailCategory div.description .text {  
    8         height: 130px !important; /* -42px than previous one */  
    93} 
    104#comments div.thumbnailCategory div.illustration {  
     
    222216        margin: 0;  
    223217        padding:15px 10px 3px 0;  
    224         overflow: hidden !important;  
     218        overflow-x: hidden !important;  
    225219} 
    226220.content .thumbnailCategory div.description .text {  
Note: See TracChangeset for help on using the changeset viewer.