source: branches/2.0/comments.php @ 19276

Last change on this file since 19276 was 5003, checked in by plg, 15 years ago

improvement: avoid the use of @ instead of a real test

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 13.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29
30// +-----------------------------------------------------------------------+
31// | Check Access and exit when user status is not ok                      |
32// +-----------------------------------------------------------------------+
33check_status(ACCESS_GUEST);
34
35$sort_order = array(
36  'DESC' => l10n('descending'),
37  'ASC'  => l10n('ascending')
38  );
39
40// sort_by : database fields proposed for sorting comments list
41$sort_by = array(
42  'date' => l10n('comment date'),
43  'image_id' => l10n('picture')
44  );
45
46// items_number : list of number of items to display per page
47$items_number = array(5,10,20,50,'all');
48
49// since when display comments ?
50//
51$since_options = array(
52  1 => array('label' => l10n('today'),
53             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
54  2 => array('label' => sprintf(l10n('last %d days'), 7),
55             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
56  3 => array('label' => sprintf(l10n('last %d days'), 30),
57             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
58  4 => array('label' => l10n('the beginning'),
59             'clause' => '1=1') // stupid but generic
60  );
61
62if (!empty($_GET['since']) && is_numeric($_GET['since']))
63{
64  $page['since'] = $_GET['since'];
65}
66else
67{
68  $page['since'] = 4;
69}
70
71// on which field sorting
72//
73$page['sort_by'] = 'date';
74// if the form was submitted, it overloads default behaviour
75if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
76{
77  $page['sort_by'] = $_GET['sort_by'];
78}
79
80// order to sort
81//
82$page['sort_order'] = 'DESC';
83// if the form was submitted, it overloads default behaviour
84if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
85{
86  $page['sort_order'] = $_GET['sort_order'];
87}
88
89// number of items to display
90//
91$page['items_number'] = 10;
92if (isset($_GET['items_number']))
93{
94  $page['items_number'] = $_GET['items_number'];
95}
96if ( !is_numeric($page['items_number']) and $page['items_number']!='all' ) 
97{
98  $page['items_number'] = 10;
99}
100
101$page['where_clauses'] = array();
102
103// which category to filter on ?
104if (isset($_GET['cat']) and 0 != $_GET['cat'])
105{
106  $page['where_clauses'][] =
107    'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
108}
109
110// search a particular author
111if (!empty($_GET['author']))
112{
113  $page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\'';
114}
115
116// search a specific comment (if you're coming directly from an admin
117// notification email)
118if (!empty($_GET['comment_id']))
119{
120  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
121
122  // currently, the $_GET['comment_id'] is only used by admins from email
123  // for management purpose (validate/delete)
124  if (!is_admin())
125  {
126    $login_url =
127      get_root_url().'identification.php?redirect='
128      .urlencode(urlencode($_SERVER['REQUEST_URI']))
129      ;
130    redirect($login_url);
131  }
132
133  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
134}
135
136// search a substring among comments content
137if (!empty($_GET['keyword']))
138{
139  $page['where_clauses'][] =
140    '('.
141    implode(' AND ',
142            array_map(
143              create_function(
144                '$s',
145                'return "content LIKE \'%$s%\'";'
146                ),
147              preg_split('/[\s,;]+/', $_GET['keyword'] )
148              )
149      ).
150    ')';
151}
152
153$page['where_clauses'][] = $since_options[$page['since']]['clause'];
154
155// which status to filter on ?
156if ( !is_admin() )
157{
158  $page['where_clauses'][] = 'validated="true"';
159}
160
161$page['where_clauses'][] = get_sql_condition_FandF
162  (
163    array
164      (
165        'forbidden_categories' => 'category_id',
166        'visible_categories' => 'category_id',
167        'visible_images' => 'ic.image_id'
168      ),
169    '', true
170  );
171
172// +-----------------------------------------------------------------------+
173// |                         comments management                           |
174// +-----------------------------------------------------------------------+
175
176if (isset($_GET['delete']) or isset($_GET['validate']))
177{
178  check_pwg_token();
179 
180  if (!is_adviser())
181  {
182    check_status(ACCESS_ADMINISTRATOR);
183
184    if (isset($_GET['delete']))
185    {
186      check_input_parameter('delete', $_GET, false, PATTERN_ID);
187     
188      $query = '
189DELETE
190  FROM '.COMMENTS_TABLE.'
191  WHERE id = '.$_GET['delete'].'
192;';
193      pwg_query($query);
194    }
195
196    if (isset($_GET['validate']))
197    {
198      check_input_parameter('validate', $_GET, false, PATTERN_ID);
199     
200      $query = '
201UPDATE '.COMMENTS_TABLE.'
202  SET validated = "true"
203    , validation_date = NOW()
204  WHERE id = '.$_GET['validate'].'
205;';
206      pwg_query($query);
207    }
208
209    $redirect_url =
210      PHPWG_ROOT_PATH
211      .'comments.php'
212      .get_query_string_diff(array('delete','validate','pwg_token'));
213    redirect($redirect_url);
214  }
215}
216
217// +-----------------------------------------------------------------------+
218// |                       page header and options                         |
219// +-----------------------------------------------------------------------+
220
221$title= l10n('User comments');
222$page['body_id'] = 'theCommentsPage';
223
224$template->set_filenames(array('comments'=>'comments.tpl'));
225$template->assign(
226  array(
227    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
228    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
229    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
230    )
231  );
232
233// +-----------------------------------------------------------------------+
234// |                          form construction                            |
235// +-----------------------------------------------------------------------+
236
237// Search in a particular category
238$blockname = 'categories';
239
240$query = '
241SELECT id, name, uppercats, global_rank
242  FROM '.CATEGORIES_TABLE.'
243'.get_sql_condition_FandF
244  (
245    array
246      (
247        'forbidden_categories' => 'id',
248        'visible_categories' => 'id'
249      ),
250    'WHERE'
251  ).'
252;';
253display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
254
255// Filter on recent comments...
256$tpl_var=array();
257foreach ($since_options as $id => $option)
258{
259  $tpl_var[ $id ] = $option['label'];
260}
261$template->assign( 'since_options', $tpl_var);
262$template->assign( 'since_options_selected', $page['since']);
263
264// Sort by
265$template->assign( 'sort_by_options', $sort_by);
266$template->assign( 'sort_by_options_selected', $page['sort_by']);
267
268// Sorting order
269$template->assign( 'sort_order_options', $sort_order);
270$template->assign( 'sort_order_options_selected', $page['sort_order']);
271
272
273// Number of items
274$blockname = 'items_number_option';
275$tpl_var=array();
276foreach ($items_number as $option)
277{
278  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
279}
280$template->assign( 'item_number_options', $tpl_var);
281$template->assign( 'item_number_options_selected', $page['items_number']);
282
283
284// +-----------------------------------------------------------------------+
285// |                            navigation bar                             |
286// +-----------------------------------------------------------------------+
287
288if (isset($_GET['start']) and is_numeric($_GET['start']))
289{
290  $start = $_GET['start'];
291}
292else
293{
294  $start = 0;
295}
296
297$query = '
298SELECT COUNT(DISTINCT(com.id))
299  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
300    INNER JOIN '.COMMENTS_TABLE.' AS com   
301    ON ic.image_id = com.image_id
302  WHERE '.implode('
303    AND ', $page['where_clauses']).'
304;';
305list($counter) = mysql_fetch_row(pwg_query($query));
306
307$url = PHPWG_ROOT_PATH
308    .'comments.php'
309  .get_query_string_diff(array('start','delete','validate','pwg_token'));
310
311$navbar = create_navigation_bar($url,
312                                $counter,
313                                $start,
314                                $page['items_number'],
315                                '');
316
317$template->assign('NAVBAR', $navbar);
318
319// +-----------------------------------------------------------------------+
320// |                        last comments display                          |
321// +-----------------------------------------------------------------------+
322
323$comments = array();
324$element_ids = array();
325$category_ids = array();
326
327$query = '
328SELECT com.id AS comment_id
329     , com.image_id
330     , ic.category_id
331     , com.author
332     , com.date
333     , com.content
334     , com.validated
335  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
336    INNER JOIN '.COMMENTS_TABLE.' AS com
337    ON ic.image_id = com.image_id
338  WHERE '.implode('
339    AND ', $page['where_clauses']).'
340  GROUP BY comment_id
341  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
342if ('all' != $page['items_number'])
343{
344  $query.= '
345  LIMIT '.$start.','.$page['items_number'];
346}
347$query.= '
348;';
349$result = pwg_query($query);
350while ($row = mysql_fetch_assoc($result))
351{
352  array_push($comments, $row);
353  array_push($element_ids, $row['image_id']);
354  array_push($category_ids, $row['category_id']);
355}
356
357if (count($comments) > 0)
358{
359  // retrieving element informations
360  $elements = array();
361  $query = '
362SELECT id, name, file, path, tn_ext
363  FROM '.IMAGES_TABLE.'
364  WHERE id IN ('.implode(',', $element_ids).')
365;';
366  $result = pwg_query($query);
367  while ($row = mysql_fetch_assoc($result))
368  {
369    $elements[$row['id']] = $row;
370  }
371
372  // retrieving category informations
373  $query = '
374SELECT id, name, permalink, uppercats
375  FROM '.CATEGORIES_TABLE.'
376  WHERE id IN ('.implode(',', $category_ids).')
377;';
378  $categories = hash_from_query($query, 'id');
379
380  foreach ($comments as $comment)
381  {
382    if (!empty($elements[$comment['image_id']]['name']))
383    {
384      $name=$elements[$comment['image_id']]['name'];
385    }
386    else
387    {
388      $name=get_name_from_file($elements[$comment['image_id']]['file']);
389    }
390
391    // source of the thumbnail picture
392    $thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
393
394    // link to the full size picture
395    $url = make_picture_url(
396            array(
397              'category' => $categories[ $comment['category_id'] ],
398              'image_id' => $comment['image_id'],
399              'image_file' => $elements[$comment['image_id']]['file'],
400            )
401          );
402
403    $author = $comment['author'];
404    if (empty($comment['author']))
405    {
406      $author = l10n('guest');
407    }
408
409    $tpl_comment =
410      array(
411        'U_PICTURE' => $url,
412        'TN_SRC' => $thumbnail_src,
413        'ALT' => $name,
414        'AUTHOR' => trigger_event('render_comment_author', $author),
415        'DATE'=>format_date($comment['date'], true),
416        'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
417        );
418
419    if ( is_admin() )
420    {
421      $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate','pwg_token'));
422     
423      $tpl_comment['U_DELETE'] = add_url_params(
424        $url,
425        array(
426          'delete' => $comment['comment_id'],
427          'pwg_token' => get_pwg_token(),
428          )
429        );
430
431      if ($comment['validated'] != 'true')
432      {
433        $tpl_comment['U_VALIDATE'] = add_url_params(
434          $url,
435          array(
436            'validate' => $comment['comment_id'],
437            'pwg_token' => get_pwg_token(),
438            )
439          );
440      }
441    }
442    $template->append('comments', $tpl_comment);
443  }
444}
445// +-----------------------------------------------------------------------+
446// |                           html code display                           |
447// +-----------------------------------------------------------------------+
448include(PHPWG_ROOT_PATH.'include/page_header.php');
449$template->pparse('comments');
450include(PHPWG_ROOT_PATH.'include/page_tail.php');
451?>
Note: See TracBrowser for help on using the repository browser.