source: branches/2.1/comments.php @ 21243

Last change on this file since 21243 was 7487, checked in by plg, 14 years ago

bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is
unknown.

  • Property svn:eol-style set to LF
File size: 15.2 KB
RevLine 
[166]1<?php
[354]2// +-----------------------------------------------------------------------+
[2297]3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
[5196]5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
[2297]6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
[166]23
[579]24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
[1598]27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[3445]29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
[345]30
[1072]31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_GUEST);
35
[796]36$sort_order = array(
[2223]37  'DESC' => l10n('descending'),
38  'ASC'  => l10n('ascending')
[796]39  );
40
41// sort_by : database fields proposed for sorting comments list
42$sort_by = array(
[2223]43  'date' => l10n('comment date'),
44  'image_id' => l10n('picture')
[796]45  );
46
47// items_number : list of number of items to display per page
48$items_number = array(5,10,20,50,'all');
49
50// since when display comments ?
51//
52$since_options = array(
53  1 => array('label' => l10n('today'),
[4367]54             'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
[796]55  2 => array('label' => sprintf(l10n('last %d days'), 7),
[4367]56             'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
[796]57  3 => array('label' => sprintf(l10n('last %d days'), 30),
[4367]58             'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
[796]59  4 => array('label' => l10n('the beginning'),
60             'clause' => '1=1') // stupid but generic
61  );
62
[4139]63if (!empty($_GET['since']) && is_numeric($_GET['since']))
64{
65  $page['since'] = $_GET['since'];
66}
67else
68{
69  $page['since'] = 4;
70}
[796]71
72// on which field sorting
73//
74$page['sort_by'] = 'date';
75// if the form was submitted, it overloads default behaviour
[2757]76if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]77{
[796]78  $page['sort_by'] = $_GET['sort_by'];
[393]79}
[796]80
81// order to sort
82//
[2223]83$page['sort_order'] = 'DESC';
[796]84// if the form was submitted, it overloads default behaviour
[2757]85if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]86{
[2223]87  $page['sort_order'] = $_GET['sort_order'];
[393]88}
[796]89
90// number of items to display
91//
[1814]92$page['items_number'] = 10;
[796]93if (isset($_GET['items_number']))
94{
95  $page['items_number'] = $_GET['items_number'];
96}
[3600]97if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
[3520]98{
99  $page['items_number'] = 10;
100}
[796]101
[1716]102$page['where_clauses'] = array();
103
[796]104// which category to filter on ?
105if (isset($_GET['cat']) and 0 != $_GET['cat'])
106{
[6909]107  check_input_parameter('cat', $_GET, false, PATTERN_ID);
[7487]108
109  $category_ids = get_subcat_ids(array($_GET['cat']));
110  if (empty($category_id))
111  {
112    $category_ids = array(-1);
113  }
[6909]114 
[1716]115  $page['where_clauses'][] =
[7487]116    'category_id IN ('.implode(',', $category_ids).')';
[796]117}
118
119// search a particular author
[4139]120if (!empty($_GET['author']))
[796]121{
[3487]122  $page['where_clauses'][] =
123    'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
124     OR author = \''.$_GET['author'].'\'';
[796]125}
126
[5195]127// search a specific comment (if you're coming directly from an admin
128// notification email)
129if (!empty($_GET['comment_id']))
130{
131  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
132
133  // currently, the $_GET['comment_id'] is only used by admins from email
134  // for management purpose (validate/delete)
135  if (!is_admin())
136  {
137    $login_url =
138      get_root_url().'identification.php?redirect='
139      .urlencode(urlencode($_SERVER['REQUEST_URI']))
140      ;
141    redirect($login_url);
142  }
143
144  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
145}
146
[796]147// search a substring among comments content
[4139]148if (!empty($_GET['keyword']))
[796]149{
[1716]150  $page['where_clauses'][] =
[796]151    '('.
152    implode(' AND ',
153            array_map(
154              create_function(
155                '$s',
156                'return "content LIKE \'%$s%\'";'
157                ),
[2012]158              preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]159              )
160      ).
161    ')';
162}
163
[1716]164$page['where_clauses'][] = $since_options[$page['since']]['clause'];
165
[1598]166// which status to filter on ?
[1716]167if ( !is_admin() )
[1598]168{
[4367]169  $page['where_clauses'][] = 'validated=\'true\'';
[1598]170}
171
[1716]172$page['where_clauses'][] = get_sql_condition_FandF
173  (
174    array
175      (
176        'forbidden_categories' => 'category_id',
177        'visible_categories' => 'category_id',
178        'visible_images' => 'ic.image_id'
179      ),
180    '', true
181  );
[1598]182
[579]183// +-----------------------------------------------------------------------+
184// |                         comments management                           |
185// +-----------------------------------------------------------------------+
[1598]186
[5195]187$comment_id = null;
188$action = null;
189
190$actions = array('delete', 'validate', 'edit');
191foreach ($actions as $loop_action)
192{
193  if (isset($_GET[$loop_action]))
194  {
[5199]195    $action = $loop_action;
[5195]196    check_input_parameter($action, $_GET, false, PATTERN_ID);
197    $comment_id = $_GET[$action];
198    break;
199  }
[579]200}
[1617]201
[5195]202if (isset($action))
[3445]203{
[5195]204  check_pwg_token();
205
206  $comment_author_id = get_comment_author_id($comment_id);
[5199]207
[5195]208  if (can_manage_comment($action, $comment_author_id))
[3445]209  {
[5195]210    $perform_redirect = false;
[5199]211
[5195]212    if ('delete' == $action)
213    {
214      delete_user_comment($comment_id);
215      $perform_redirect = true;
216    }
[3445]217
[5195]218    if ('validate' == $action)
219    {
220      validate_user_comment($comment_id);
221      $perform_redirect = true;
222    }
[5199]223
[5195]224    if ('edit' == $action)
225    {
226      if (!empty($_POST['content']))
227      {
228        update_user_comment(
229          array(
230            'comment_id' => $_GET['edit'],
231            'image_id' => $_POST['image_id'],
232            'content' => $_POST['content']
233            ),
234          $_POST['key']
235          );
[5199]236
[5195]237        $edit_comment = null;
238      }
239      else
240      {
241        $edit_comment = $_GET['edit'];
242      }
243    }
[5199]244
[5195]245    if ($perform_redirect)
246    {
247      $redirect_url =
248        PHPWG_ROOT_PATH
249        .'comments.php'
250        .get_query_string_diff(array('delete','validate','pwg_token'));
[5199]251
[5195]252      redirect($redirect_url);
253    }
[3445]254  }
255}
256
[579]257// +-----------------------------------------------------------------------+
258// |                       page header and options                         |
259// +-----------------------------------------------------------------------+
[355]260
[2268]261$title= l10n('User comments');
[850]262$page['body_id'] = 'theCommentsPage';
263
[579]264$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]265$template->assign(
[579]266  array(
[796]267    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[4182]268    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
269    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
[579]270    )
271  );
[355]272
[796]273// +-----------------------------------------------------------------------+
274// |                          form construction                            |
275// +-----------------------------------------------------------------------+
276
277// Search in a particular category
[2223]278$blockname = 'categories';
[796]279
280$query = '
[1861]281SELECT id, name, uppercats, global_rank
[1677]282  FROM '.CATEGORIES_TABLE.'
283'.get_sql_condition_FandF
284  (
285    array
286      (
287        'forbidden_categories' => 'id',
288        'visible_categories' => 'id'
289      ),
290    'WHERE'
291  ).'
[796]292;';
293display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
294
295// Filter on recent comments...
[2223]296$tpl_var=array();
[796]297foreach ($since_options as $id => $option)
298{
[2223]299  $tpl_var[ $id ] = $option['label'];
[355]300}
[2223]301$template->assign( 'since_options', $tpl_var);
302$template->assign( 'since_options_selected', $page['since']);
[796]303
304// Sort by
[2223]305$template->assign( 'sort_by_options', $sort_by);
306$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]307
308// Sorting order
[2223]309$template->assign( 'sort_order_options', $sort_order);
310$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]311
312
313// Number of items
314$blockname = 'items_number_option';
[2223]315$tpl_var=array();
[796]316foreach ($items_number as $option)
317{
[2223]318  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]319}
[2223]320$template->assign( 'item_number_options', $tpl_var);
321$template->assign( 'item_number_options_selected', $page['items_number']);
[796]322
[2223]323
[579]324// +-----------------------------------------------------------------------+
[796]325// |                            navigation bar                             |
326// +-----------------------------------------------------------------------+
327
328if (isset($_GET['start']) and is_numeric($_GET['start']))
329{
330  $start = $_GET['start'];
331}
332else
333{
334  $start = 0;
335}
336
337$query = '
[3450]338SELECT COUNT(DISTINCT(com.id))
[796]339  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[5199]340    INNER JOIN '.COMMENTS_TABLE.' AS com
[796]341    ON ic.image_id = com.image_id
[4139]342    LEFT JOIN '.USERS_TABLE.' As u
343    ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]344  WHERE '.implode('
345    AND ', $page['where_clauses']).'
[796]346;';
[4325]347list($counter) = pwg_db_fetch_row(pwg_query($query));
[796]348
[1598]349$url = PHPWG_ROOT_PATH
350    .'comments.php'
[5195]351  .get_query_string_diff(array('start','delete','validate','pwg_token'));
[796]352
353$navbar = create_navigation_bar($url,
354                                $counter,
355                                $start,
356                                $page['items_number'],
357                                '');
358
[3172]359$template->assign('navbar', $navbar);
[796]360
361// +-----------------------------------------------------------------------+
[579]362// |                        last comments display                          |
363// +-----------------------------------------------------------------------+
[355]364
[796]365$comments = array();
366$element_ids = array();
367$category_ids = array();
368
[579]369$query = '
[6602]370SELECT com.id AS comment_id,
371       com.image_id,
372       com.author,
373       com.author_id,
374       com.date,
375       com.content,
376       com.validated
[796]377  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[3487]378    INNER JOIN '.COMMENTS_TABLE.' AS com
[796]379    ON ic.image_id = com.image_id
[4139]380    LEFT JOIN '.USERS_TABLE.' As u
381    ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]382  WHERE '.implode('
383    AND ', $page['where_clauses']).'
[6602]384  GROUP BY comment_id,
385       com.image_id,
386       com.author,
387       com.author_id,
388       com.date,
389       com.content,
390       com.validated
[796]391  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
392if ('all' != $page['items_number'])
393{
394  $query.= '
[4334]395  LIMIT '.$page['items_number'].' OFFSET '.$start;
[796]396}
397$query.= '
[579]398;';
[587]399$result = pwg_query($query);
[4325]400while ($row = pwg_db_fetch_assoc($result))
[393]401{
[796]402  array_push($comments, $row);
403  array_push($element_ids, $row['image_id']);
[393]404}
[796]405
406if (count($comments) > 0)
[579]407{
[796]408  // retrieving element informations
409  $elements = array();
[579]410  $query = '
[796]411SELECT id, name, file, path, tn_ext
[579]412  FROM '.IMAGES_TABLE.'
[796]413  WHERE id IN ('.implode(',', $element_ids).')
[579]414;';
[796]415  $result = pwg_query($query);
[4325]416  while ($row = pwg_db_fetch_assoc($result))
[579]417  {
[796]418    $elements[$row['id']] = $row;
[579]419  }
[721]420
[796]421  // retrieving category informations
[579]422  $query = '
[6602]423SELECT c.id, name, permalink, uppercats, com.id as comment_id
424  FROM '.CATEGORIES_TABLE.' AS c
425  LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
426  ON c.id=ic.category_id
427  LEFT JOIN '.COMMENTS_TABLE.' AS com
428  ON ic.image_id=com.image_id
429  '.get_sql_condition_FandF
430    (
431      array
432      (
433        'forbidden_categories' => 'c.id',
434        'visible_categories' => 'c.id'
435       ),
436      'WHERE'
437     ).'
[796]438;';
[6602]439  $categories = hash_from_query($query, 'comment_id');
[796]440
441  foreach ($comments as $comment)
[579]442  {
[796]443    if (!empty($elements[$comment['image_id']]['name']))
[166]444    {
[1598]445      $name=$elements[$comment['image_id']]['name'];
[166]446    }
[796]447    else
448    {
[1598]449      $name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]450    }
[1090]451
[796]452    // source of the thumbnail picture
[1598]453    $thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
[1090]454
[796]455    // link to the full size picture
[1090]456    $url = make_picture_url(
[796]457      array(
[6602]458        'category' => $categories[ $comment['comment_id'] ],
[5195]459        'image_id' => $comment['image_id'],
460        'image_file' => $elements[$comment['image_id']]['file'],
461        )
462      );
[5199]463
[5195]464    $tpl_comment = array(
465      'U_PICTURE' => $url,
466      'TN_SRC' => $thumbnail_src,
467      'ALT' => $name,
468      'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
469      'DATE'=>format_date($comment['date'], true),
470      'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
471      );
[1598]472
[3487]473    if (can_manage_comment('delete', $comment['author_id']))
[1598]474    {
[5195]475      $url =
476        get_root_url()
477        .'comments.php'
478        .get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
[5199]479
[5195]480      $tpl_comment['U_DELETE'] = add_url_params(
481        $url,
482        array(
483          'delete' => $comment['comment_id'],
484          'pwg_token' => get_pwg_token(),
485          )
486        );
[3445]487    }
[5199]488
[3450]489    if (can_manage_comment('edit', $comment['author_id']))
[3445]490    {
[5195]491      $url =
492        get_root_url()
493        .'comments.php'
494        .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
[5199]495
[5195]496      $tpl_comment['U_EDIT'] = add_url_params(
497        $url,
498        array(
499          'edit' => $comment['comment_id'],
500          'pwg_token' => get_pwg_token(),
501          )
502        );
[5199]503
[3487]504      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
[1598]505      {
[3445]506        $tpl_comment['IN_EDIT'] = true;
507        $key = get_comment_post_key($comment['image_id']);
508        $tpl_comment['KEY'] = $key;
509        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
510        $tpl_comment['CONTENT'] = $comment['content'];
[1598]511      }
512    }
[3445]513
[5195]514    if (can_manage_comment('validate', $comment['author_id']))
[3445]515    {
[5195]516      if ('true' != $comment['validated'])
517      {
518        $tpl_comment['U_VALIDATE'] = add_url_params(
519          $url,
520          array(
521            'validate'=> $comment['comment_id'],
522            'pwg_token' => get_pwg_token(),
523            )
524          );
525      }
[3445]526    }
[2223]527    $template->append('comments', $tpl_comment);
[166]528  }
[579]529}
530// +-----------------------------------------------------------------------+
531// |                           html code display                           |
532// +-----------------------------------------------------------------------+
[2107]533include(PHPWG_ROOT_PATH.'include/page_header.php');
[2223]534$template->pparse('comments');
[1598]535include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]536?>
Note: See TracBrowser for help on using the repository browser.