source: branches/1.6/include/picture_comment.inc.php @ 27047

Last change on this file since 27047 was 1621, checked in by rvelices, 18 years ago

bug 596: Comments can be entered on non commentable images
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.9 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-11-30 23:46:12 +0000 (Thu, 30 Nov 2006) $
10// | last modifier : $Author: rvelices $
11// | revision      : $Revision: 1621 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28/**
29 * This file is included by the picture page to manage user comments
30 *
31 */
32
33// the picture is commentable if it belongs at least to one category which
34// is commentable
35$page['show_comments'] = false;
36foreach ($related_categories as $category)
37{
38  if ($category['commentable'] == 'true')
39  {
40    $page['show_comments'] = true;
41  }
42}
43
44if ( isset( $_POST['content'] ) and !empty($_POST['content']) )
45{
46  if (!$page['show_comments'])
47  {
48    header('HTTP/1.1 403 Forbidden');
49    header('Status: 403 Forbidden');
50    die('Hacking attempt!');
51  }
52
53  $register_comment = true;
54  $author = !empty($_POST['author'])?$_POST['author']:$lang['guest'];
55  // if a guest try to use the name of an already existing user, he must be
56  // rejected
57  if ( $author != $user['username'] )
58  {
59    $query = 'SELECT COUNT(*) AS user_exists';
60    $query.= ' FROM '.USERS_TABLE;
61    $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
62    $query.= ';';
63    $row = mysql_fetch_array( pwg_query( $query ) );
64    if ( $row['user_exists'] == 1 )
65    {
66      $template->assign_block_vars(
67        'information',
68        array('INFORMATION'=>$lang['comment_user_exists']));
69      $register_comment = false;
70    }
71  }
72
73  if ( $register_comment )
74  {
75    // anti-flood system
76    $reference_date = time() - $conf['anti-flood_time'];
77    $query = 'SELECT id FROM '.COMMENTS_TABLE;
78    $query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
79    $query.= " AND author = '".$author."'";
80    $query.= ';';
81    if ( mysql_num_rows( pwg_query( $query ) ) == 0
82         or $conf['anti-flood_time'] == 0 )
83    {
84      list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
85
86      $data = array();
87      $data{'author'} = $author;
88      $data{'date'} = $dbnow;
89      $data{'image_id'} = $page['image_id'];
90      $data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES);
91
92      if (!$conf['comments_validation'] or is_admin())
93      {
94        $data{'validated'} = 'true';
95        $data{'validation_date'} = $dbnow;
96      }
97      else
98      {
99        $data{'validated'} = 'false';
100      }
101
102      include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
103      $fields = array('author', 'date', 'image_id', 'content', 'validated',
104                      'validation_date');
105      mass_inserts(COMMENTS_TABLE, $fields, array($data));
106
107      // information message
108      $message = $lang['comment_added'];
109
110      if (!$conf['comments_validation'] or is_admin())
111
112      if ( $conf['comments_validation'] and !is_admin() )
113      {
114        $message.= '<br />'.$lang['comment_to_validate'];
115      }
116      $template->assign_block_vars('information',
117                                   array('INFORMATION'=>$message));
118    }
119    else
120    {
121      // information message
122      $template->assign_block_vars(
123        'information',
124        array('INFORMATION'=>$lang['comment_anti-flood']));
125    }
126  }
127}
128
129if ($page['show_comments'])
130{
131  // number of comment for this picture
132  $query = 'SELECT COUNT(*) AS nb_comments';
133  $query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$page['image_id'];
134  $query.= " AND validated = 'true'";
135  $query.= ';';
136  $row = mysql_fetch_array( pwg_query( $query ) );
137
138  // navigation bar creation
139  if (!isset($page['start']))
140  {
141    $page['start'] = 0;
142  }
143
144  $page['navigation_bar'] = create_navigation_bar(
145    duplicate_picture_url(array(), array('start')),
146    $row['nb_comments'],
147    $page['start'],
148    $conf['nb_comment_page'],
149    true // We want a clean URL
150    );
151
152  $template->assign_block_vars(
153    'comments',
154    array(
155      'NB_COMMENT' => $row['nb_comments'],
156      'NAV_BAR' => $page['navigation_bar'],
157      )
158    );
159
160  if ($row['nb_comments'] > 0)
161  {
162    $query = '
163SELECT id,author,date,image_id,content
164  FROM '.COMMENTS_TABLE.'
165  WHERE image_id = '.$page['image_id'].'
166    AND validated = \'true\'
167  ORDER BY date ASC
168  LIMIT '.$page['start'].', '.$conf['nb_comment_page'].'
169;';
170    $result = pwg_query( $query );
171
172    while ($row = mysql_fetch_array($result))
173    {
174      $template->assign_block_vars(
175        'comments.comment',
176        array(
177          'COMMENT_AUTHOR' => empty($row['author'])
178            ? $lang['guest']
179            : $row['author'],
180
181          'COMMENT_DATE' => format_date(
182            $row['date'],
183            'mysql_datetime',
184            true),
185
186          'COMMENT' => parse_comment_content($row['content']),
187          )
188        );
189
190      if (is_admin())
191      {
192        $template->assign_block_vars(
193          'comments.comment.delete',
194          array(
195            'U_COMMENT_DELETE' =>
196              add_url_params(
197                    $url_self,
198                    array(
199                      'action'=>'delete_comment',
200                      'comment_to_delete'=>$row['id']
201                    )
202                )
203            )
204          );
205      }
206    }
207  }
208
209  if (!$user['is_the_guest']
210      or ($user['is_the_guest'] and $conf['comments_forall']))
211  {
212    $template->assign_block_vars('comments.add_comment', array());
213    // display author field if the user is not logged in
214    if (!$user['is_the_guest'])
215    {
216      $template->assign_block_vars(
217        'comments.add_comment.author_known',
218        array('KNOWN_AUTHOR'=>$user['username'])
219        );
220    }
221    else
222    {
223      $template->assign_block_vars(
224        'comments.add_comment.author_field', array()
225        );
226    }
227  }
228}
229
230?>
Note: See TracBrowser for help on using the repository browser.