Changeset 3450 for trunk/include

Timestamp:

Jun 23, 2009, 11:18:16 PM (15 years ago)

Author:

nikrou

Message:

Feature 1026 step 2 :
add author_id column so that guest cannot modify old users comments

Location:

trunk/include

Files:

• functions_comment.inc.php (modified) (9 diffs)
• functions_user.inc.php (modified) (2 diffs)
• picture_comment.inc.php (modified) (4 diffs)

trunk/include/functions_comment.inc.php

@@ -92 +92 @@
       $comm['author'] = 'guest';
     }
+    $comm['author_id'] = $conf['guest_id'];
     // if a guest try to use the name of an already existing user, he must be
     // rejected
@@ -110 +111 @@
   else
   {
-    $comm['author'] = $user['username'];
-  }
+    $comm['author'] = '';
+    $comm['author_id'] = $user['id'];
+  }
+
   if ( empty($comm['content']) )
   { // empty comment content
@@ -135 +138 @@
 SELECT id FROM '.COMMENTS_TABLE.'
   WHERE date > FROM_UNIXTIME('.$reference_date.')
-    AND author = "'.addslashes($comm['author']).'"';
+    AND author_id = '.$comm['author_id'];
     if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
     {
@@ -152 +155 @@
     $query = '
 INSERT INTO '.COMMENTS_TABLE.'
-  (author, content, date, validated, validation_date, image_id)
+  (author, author_id, content, date, validated, validation_date, image_id)
   VALUES (
     "'.addslashes($comm['author']).'",
+    '.$comm['author_id'].',
     "'.addslashes($comm['content']).'",
     NOW(),
@@ -167 +171 @@
     $comm['id'] = mysql_insert_id();
 
-    if
-      (
-        ($comment_action=='validate' and $conf['email_admin_on_comment'])
-        or
-        ($comment_action!='validate' and $conf['email_admin_on_comment_validation'])
-      )
+    if (($comment_action=='validate' and $conf['email_admin_on_comment']) or
+        ($comment_action!='validate' 
+         and $conf['email_admin_on_comment_validation']))
     {
       include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
 
-      $del_url =
-          get_absolute_root_url().'comments.php?delete='.$comm['id'];
-
+      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
+
+      if (empty($comm['author'])) 
+      {
+        $author_name = $user['username'];
+      }
+      else
+      {
+        $author_name = $comm['author'];
+      }
       $keyargs_content = array
       (
-        get_l10n_args('Author: %s', $comm['author']),
+        get_l10n_args('Author: %s', $author_name),
         get_l10n_args('Comment: %s', $comm['content']),
         get_l10n_args('', ''),
@@ -198 +206 @@
       pwg_mail_notification_admins
       (
-        get_l10n_args('Comment by %s', $comm['author']),
+        get_l10n_args('Comment by %s', $author_name),
         $keyargs_content
       );
@@ -219 +227 @@
   if (!is_admin())
   {
-    $user_where_clause = '   AND author = \''.$GLOBALS['user']['username'].'\'';
+    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
   }
   $query = '
@@ -265 +273 @@
 SELECT id FROM '.COMMENTS_TABLE.'
   WHERE date > FROM_UNIXTIME('.$reference_date.')
-    AND author = "'.$GLOBALS['user']['username'].'"';
+    AND author_id = '.$comm['author_id'];
     if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
     {
@@ -287 +295 @@
     if (!is_admin())
     {
-      $user_where_clause = '   AND author = \''.
-        $GLOBALS['user']['username'].'\'';
+      $user_where_clause = '   AND author_id = \''.
+        $GLOBALS['user']['id'].'\'';
     }
     $query = '

trunk/include/functions_user.inc.php

@@ -1203 +1203 @@
  * @return bool
  */
-function can_manage_comment($action, $comment_author) 
+function can_manage_comment($action, $comment_author_id) 
 {
   if (!in_array($action, array('delete','edit'))) {
@@ -1209 +1209 @@
   }
   return (is_admin() || 
-          (($GLOBALS['user']['username'] == $comment_author) 
+          (($GLOBALS['user']['id'] == $comment_author_id) 
+           && !is_a_guest()
            && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
 }

trunk/include/picture_comment.inc.php

@@ -129 +129 @@
 
     $query = '
-SELECT id,author,date,image_id,content,validated
-  FROM '.COMMENTS_TABLE.'
+SELECT com.id,author,author_id,username,date,image_id,content,validated
+  FROM '.COMMENTS_TABLE.' AS com
+  LEFT JOIN '.USERS_TABLE.' AS u
+    ON u.id = author_id
   WHERE image_id = '.$page['image_id'].
 $validated_clause.'
@@ -140 +142 @@
     while ($row = mysql_fetch_array($result))
     {
+      if (!empty($row['author'])) 
+      {
+        $author = $row['author'];
+        if ($author == 'guest')
+        {
+          $author = l10n('guest');
+        }
+      }
+      else
+      {
+        $author = $row['username'];
+      }
+
       $tpl_comment =
         array(
-          'AUTHOR' => trigger_event('render_comment_author',
-            empty($row['author'])
-            ? l10n('guest')
-            : $row['author']),
+          'AUTHOR' => trigger_event('render_comment_author', $author),
 
           'DATE' => format_date( $row['date'], true),
@@ -152 +164 @@
         );
 
-      if (can_manage_comment('delete', $row['author']))
+      if (can_manage_comment('delete', $row['author_id']))
       {
         $tpl_comment['U_DELETE'] =
@@ -162 +174 @@
                          );
       }
-      if (can_manage_comment('edit', $row['author']))
+      if (can_manage_comment('edit', $row['author_id']))
       {
         $tpl_comment['U_EDIT'] =