source: branches/1.5/comments.php @ 8406

Last change on this file since 8406 was 1005, checked in by nikrou, 19 years ago

Revert to revision 1002

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 13.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-01-15 13:49:29 +0000 (Sun, 15 Jan 2006) $
10// | last modifier : $Author: nikrou $
11// | revision      : $Revision: 1005 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// +-----------------------------------------------------------------------+
29// |                           initialization                              |
30// +-----------------------------------------------------------------------+
31if (!defined('IN_ADMIN'))
32{
33  define('PHPWG_ROOT_PATH','./');
34  include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
35}
36
37$sort_order = array(
38  'descending' => 'DESC',
39  'ascending' => 'ASC'
40  );
41
42// sort_by : database fields proposed for sorting comments list
43$sort_by = array(
44  'date' => 'comment date',
45  'image_id' => 'picture'
46  );
47
48// items_number : list of number of items to display per page
49$items_number = array(5,10,20,50,'all');
50
51// since when display comments ?
52//
53$since_options = array(
54  1 => array('label' => l10n('today'),
55             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
56  2 => array('label' => sprintf(l10n('last %d days'), 7),
57             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
58  3 => array('label' => sprintf(l10n('last %d days'), 30),
59             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
60  4 => array('label' => l10n('the beginning'),
61             'clause' => '1=1') // stupid but generic
62  );
63
64// since
65//
66$page['since'] = 1;
67if (isset($_GET['since']))
68{
69  if (!isset($since_options{ $_GET['since'] }))
70  {
71    die('Hacking attempt on "since" GET parameter');
72  }
73  else
74  {
75    $page['since'] = $_GET['since'];
76  }
77}
78
79// on which field sorting
80//
81$page['sort_by'] = 'date';
82// if the form was submitted, it overloads default behaviour
83if (isset($_GET['sort_by']))
84{
85  if (!isset($sort_by{ $_GET['sort_by'] }))
86  {
87    die('Hacking attempt on "sort_by" GET parameter');
88  }
89  else
90  {
91    $page['sort_by'] = $_GET['sort_by'];
92  }
93}
94
95// order to sort
96//
97$page['sort_order'] = $sort_order['descending'];
98// if the form was submitted, it overloads default behaviour
99if (isset($_GET['sort_order']))
100{
101  if (!isset($sort_order{ $_GET['sort_order'] }))
102  {
103    die('Hacking attempt on "sort_order" GET parameter');
104  }
105  else
106  {
107    $page['sort_order'] = $sort_order[$_GET['sort_order']];
108  }
109}
110
111// number of items to display
112//
113$page['items_number'] = 5;
114if (isset($_GET['items_number']))
115{
116  if (!in_array($_GET['items_number'], $items_number))
117  {
118    die('Hacking attempt on "items_number" GET parameter');
119  }
120  else
121  {
122    $page['items_number'] = $_GET['items_number'];
123  }
124}
125
126// which category to filter on ?
127$page['cat_clause'] = '1=1';
128if (isset($_GET['cat']))
129{
130  if (''.intval($_GET['cat']) != ''.$_GET['cat'])
131  {
132    die('Hacking attempt on "cat" GET parameter');
133  }
134  else if (0 != $_GET['cat'])
135  {
136    $page['cat_clause'] =
137      'category_id IN ('.
138      implode(
139        ',',
140        get_subcat_ids(array($_GET['cat']))
141        ).
142      ')'
143      ;
144  }
145}
146
147// search a particular author
148$page['author_clause'] = '1=1';
149if (isset($_GET['author']) and !empty($_GET['author']))
150{
151  if (function_exists('mysql_real_escape_string'))
152  {
153    $author = mysql_real_escape_string($_GET['author']);
154  }
155  else
156  {
157    $author = mysql_escape_string($_GET['author']);
158  }
159
160  $page['author_clause'] = 'author = \''.$author.'\'';
161}
162
163// search a substring among comments content
164$page['keyword_clause'] = '1=1';
165if (isset($_GET['keyword']) and !empty($_GET['keyword']))
166{
167  if (function_exists('mysql_real_escape_string'))
168  {
169    $keyword = mysql_real_escape_string($_GET['keyword']);
170  }
171  else
172  {
173    $keyword = mysql_escape_string($_GET['keyword']);
174  }
175  $page['keyword_clause'] =
176    '('.
177    implode(
178      ' AND ',
179      array_map(
180        create_function(
181          '$s',
182          'return "content LIKE \'%$s%\'";'
183          ),
184        preg_split('/[\s,;]+/', $keyword)
185        )
186      ).
187    ')'
188    ;
189}
190
191// +-----------------------------------------------------------------------+
192// |                         comments management                           |
193// +-----------------------------------------------------------------------+
194// comments deletion
195if (isset($_POST['delete']) and count($_POST['comment_id']) > 0)
196{
197  $query = '
198DELETE FROM '.COMMENTS_TABLE.'
199  WHERE id IN ('.implode(',', $_POST['comment_id']).')
200;';
201  pwg_query($query);
202}
203// comments validation
204if (isset($_POST['validate']) and count($_POST['comment_id']) > 0)
205{
206  $query = '
207UPDATE '.COMMENTS_TABLE.'
208  SET validated = \'true\'
209    , validation_date = NOW()
210  WHERE id IN ('.implode(',', $_POST['comment_id']).')
211;';
212  pwg_query($query);
213}
214// +-----------------------------------------------------------------------+
215// |                       page header and options                         |
216// +-----------------------------------------------------------------------+
217
218$title= l10n('title_comments');
219$page['body_id'] = 'theCommentsPage';
220include(PHPWG_ROOT_PATH.'include/page_header.php');
221
222$template->set_filenames(array('comments'=>'comments.tpl'));
223$template->assign_vars(
224  array(
225    'L_COMMENT_TITLE' => $title,
226
227    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
228    'F_KEYWORD'=>@$_GET['keyword'],
229    'F_AUTHOR'=>@$_GET['author'],
230   
231    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php')
232    )
233  );
234
235// +-----------------------------------------------------------------------+
236// |                          form construction                            |
237// +-----------------------------------------------------------------------+
238
239// Search in a particular category
240$blockname = 'category';
241
242$template->assign_block_vars(
243  $blockname,
244  array('SELECTED' => '',
245        'VALUE'=> 0,
246        'OPTION' => '------------'
247    ));
248
249$query = '
250SELECT id,name,uppercats,global_rank
251  FROM '.CATEGORIES_TABLE;
252if ($user['forbidden_categories'] != '')
253{
254  $query.= '
255    WHERE id NOT IN ('.$user['forbidden_categories'].')';
256}
257$query.= '
258;';
259display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
260
261// Filter on recent comments...
262$blockname = 'since_option';
263
264foreach ($since_options as $id => $option)
265{
266  $selected = ($id == $page['since']) ? 'selected="selected"' : '';
267 
268  $template->assign_block_vars(
269    $blockname,
270    array('SELECTED' => $selected,
271          'VALUE'=> $id,
272          'CONTENT' => $option['label']
273      ));
274}
275
276// Sort by
277$blockname = 'sort_by_option';
278
279foreach ($sort_by as $key => $value)
280{
281  $selected = ($key == $page['sort_by']) ? 'selected="selected"' : '';
282
283  $template->assign_block_vars(
284    $blockname,
285    array('SELECTED' => $selected,
286          'VALUE'=> $key,
287          'CONTENT' => l10n($value)
288      ));
289}
290
291// Sorting order
292$blockname = 'sort_order_option';
293
294foreach (array_keys($sort_order) as $option)
295{
296  $selected = ($option == $page['sort_order']) ? 'selected="selected"' : '';
297
298  $template->assign_block_vars(
299    $blockname,
300    array('SELECTED' => $selected,
301          'VALUE'=> $option,
302          'CONTENT' => l10n($option)
303      ));
304}
305
306// Number of items
307$blockname = 'items_number_option';
308
309foreach ($items_number as $option)
310{
311  $selected = ($option == $page['items_number']) ? 'selected="selected"' : '';
312
313  $template->assign_block_vars(
314    $blockname,
315    array('SELECTED' => $selected,
316          'VALUE'=> $option,
317          'CONTENT' => is_numeric($option) ? $option : l10n($option)
318      ));
319}
320
321// +-----------------------------------------------------------------------+
322// |                            navigation bar                             |
323// +-----------------------------------------------------------------------+
324
325if (isset($_GET['start']) and is_numeric($_GET['start']))
326{
327  $start = $_GET['start'];
328}
329else
330{
331  $start = 0;
332}
333
334$query = '
335SELECT COUNT(DISTINCT(id))
336  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
337    INNER JOIN '.COMMENTS_TABLE.' AS com
338    ON ic.image_id = com.image_id
339  WHERE validated = \'true\'
340    AND '.$since_options[$page['since']]['clause'].'
341    AND '.$page['cat_clause'].'
342    AND '.$page['author_clause'].'
343    AND '.$page['keyword_clause'];
344if ($user['forbidden_categories'] != '')
345{
346  $query.= '
347    AND category_id NOT IN ('.$user['forbidden_categories'].')';
348}
349$query.= '
350;';
351list($counter) = mysql_fetch_row(pwg_query($query));
352
353$url = PHPWG_ROOT_PATH.'comments.php?t=1'.get_query_string_diff(array('start'));
354
355$navbar = create_navigation_bar($url,
356                                $counter,
357                                $start,
358                                $page['items_number'],
359                                '');
360
361$template->assign_vars(array('NAVBAR' => $navbar));
362
363// +-----------------------------------------------------------------------+
364// |                        last comments display                          |
365// +-----------------------------------------------------------------------+
366
367$comments = array();
368$element_ids = array();
369$category_ids = array();
370
371$query = '
372SELECT com.id AS comment_id
373     , com.image_id
374     , ic.category_id
375     , com.author
376     , com.date
377     , com.content
378     , com.id AS comment_id
379  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
380    INNER JOIN '.COMMENTS_TABLE.' AS com
381    ON ic.image_id = com.image_id
382  WHERE validated = \'true\'
383    AND '.$since_options[$page['since']]['clause'].'
384    AND '.$page['cat_clause'].'
385    AND '.$page['author_clause'].'
386    AND '.$page['keyword_clause'];
387if ($user['forbidden_categories'] != '')
388{
389  $query.= '
390    AND category_id NOT IN ('.$user['forbidden_categories'].')';
391}
392$query.= '
393  GROUP BY comment_id
394  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
395if ('all' != $page['items_number'])
396{
397  $query.= '
398  LIMIT '.$start.','.$page['items_number'];
399}
400$query.= '
401;';
402$result = pwg_query($query);
403while ($row = mysql_fetch_array($result))
404{
405  array_push($comments, $row);
406  array_push($element_ids, $row['image_id']);
407  array_push($category_ids, $row['category_id']);
408}
409
410if (count($comments) > 0)
411{
412  // retrieving element informations
413  $elements = array();
414  $query = '
415SELECT id, name, file, path, tn_ext
416  FROM '.IMAGES_TABLE.'
417  WHERE id IN ('.implode(',', $element_ids).')
418;';
419  $result = pwg_query($query);
420  while ($row = mysql_fetch_array($result))
421  {
422    $elements[$row['id']] = $row;
423  }
424
425  // retrieving category informations
426  $categories = array();
427  $query = '
428SELECT id, uppercats
429  FROM '.CATEGORIES_TABLE.'
430  WHERE id IN ('.implode(',', $category_ids).')
431;';
432  $result = pwg_query($query);
433  while ($row = mysql_fetch_array($result))
434  {
435    $categories[$row['id']] = $row;
436  }
437
438  foreach ($comments as $comment)
439  {
440    // name of the picture
441    $name = get_cat_display_name_cache(
442      $categories[$comment['category_id']]['uppercats'], '', false);
443    $name.= $conf['level_separator'];
444    if (!empty($elements[$comment['image_id']]['name']))
445    {
446      $name.= $elements[$comment['image_id']]['name'];
447    }
448    else
449    {
450      $name.= get_name_from_file($elements[$comment['image_id']]['file']);
451    }
452   
453    // source of the thumbnail picture
454    $thumbnail_src = get_thumbnail_src(
455      $elements[$comment['image_id']]['path'],
456      @$elements[$comment['image_id']]['tn_ext']
457      );
458 
459    // link to the full size picture
460    $url = PHPWG_ROOT_PATH.'picture.php?cat='.$comment['category_id'];
461    $url.= '&amp;image_id='.$comment['image_id'];
462   
463    $template->assign_block_vars(
464      'picture',
465      array(
466        'TITLE_IMG'=>$name,
467        'I_THUMB'=>$thumbnail_src,
468        'U_THUMB'=>add_session_id($url)
469        ));
470   
471    $author = $comment['author'];
472    if (empty($comment['author']))
473    {
474      $author = l10n('guest');
475    }
476   
477    $template->assign_block_vars(
478      'comment',
479      array(
480        'U_PICTURE' => add_session_id($url),
481        'TN_SRC' => $thumbnail_src,
482        'AUTHOR' => $author,
483        'DATE'=>format_date($comment['date'],'mysql_datetime',true),
484        'CONTENT'=>parse_comment_content($comment['content']),
485        ));
486  }
487}
488// +-----------------------------------------------------------------------+
489// |                           html code display                           |
490// +-----------------------------------------------------------------------+
491if (defined('IN_ADMIN'))
492{
493  $template->assign_var_from_handle('ADMIN_CONTENT', 'comments');
494}
495else
496{
497  $template->assign_block_vars('title',array());
498  $template->parse('comments');
499  include(PHPWG_ROOT_PATH.'include/page_tail.php');
500}
501?>
Note: See TracBrowser for help on using the repository browser.