Context Navigation

source: branches/2.1/comments.php @ 26036

Last change on this file since 26036 was 7487, checked in by plg, 14 years ago
bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is unknown.
Property svn:eol-style set to `LF`
File size: 15.2 KB

Rev	Line
[166]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[5196]	5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[166]	23
[579]	24	// +-----------------------------------------------------------------------+
	25	// \| initialization \|
	26	// +-----------------------------------------------------------------------+
[1598]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[3445]	29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
[345]	30
[1072]	31	// +-----------------------------------------------------------------------+
	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_GUEST);
	35
[796]	36	$sort_order = array(
[2223]	37	'DESC' => l10n('descending'),
	38	'ASC' => l10n('ascending')
[796]	39	);
	40
	41	// sort_by : database fields proposed for sorting comments list
	42	$sort_by = array(
[2223]	43	'date' => l10n('comment date'),
	44	'image_id' => l10n('picture')
[796]	45	);
	46
	47	// items_number : list of number of items to display per page
	48	$items_number = array(5,10,20,50,'all');
	49
	50	// since when display comments ?
	51	//
	52	$since_options = array(
	53	1 => array('label' => l10n('today'),
[4367]	54	'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
[796]	55	2 => array('label' => sprintf(l10n('last %d days'), 7),
[4367]	56	'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
[796]	57	3 => array('label' => sprintf(l10n('last %d days'), 30),
[4367]	58	'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
[796]	59	4 => array('label' => l10n('the beginning'),
	60	'clause' => '1=1') // stupid but generic
	61	);
	62
[4139]	63	if (!empty($_GET['since']) && is_numeric($_GET['since']))
	64	{
	65	$page['since'] = $_GET['since'];
	66	}
	67	else
	68	{
	69	$page['since'] = 4;
	70	}
[796]	71
	72	// on which field sorting
	73	//
	74	$page['sort_by'] = 'date';
	75	// if the form was submitted, it overloads default behaviour
[2757]	76	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]	77	{
[796]	78	$page['sort_by'] = $_GET['sort_by'];
[393]	79	}
[796]	80
	81	// order to sort
	82	//
[2223]	83	$page['sort_order'] = 'DESC';
[796]	84	// if the form was submitted, it overloads default behaviour
[2757]	85	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]	86	{
[2223]	87	$page['sort_order'] = $_GET['sort_order'];
[393]	88	}
[796]	89
	90	// number of items to display
	91	//
[1814]	92	$page['items_number'] = 10;
[796]	93	if (isset($_GET['items_number']))
	94	{
	95	$page['items_number'] = $_GET['items_number'];
	96	}
[3600]	97	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
[3520]	98	{
	99	$page['items_number'] = 10;
	100	}
[796]	101
[1716]	102	$page['where_clauses'] = array();
	103
[796]	104	// which category to filter on ?
	105	if (isset($_GET['cat']) and 0 != $_GET['cat'])
	106	{
[6909]	107	check_input_parameter('cat', $_GET, false, PATTERN_ID);
[7487]	108
	109	$category_ids = get_subcat_ids(array($_GET['cat']));
	110	if (empty($category_id))
	111	{
	112	$category_ids = array(-1);
	113	}
[6909]	114
[1716]	115	$page['where_clauses'][] =
[7487]	116	'category_id IN ('.implode(',', $category_ids).')';
[796]	117	}
	118
	119	// search a particular author
[4139]	120	if (!empty($_GET['author']))
[796]	121	{
[3487]	122	$page['where_clauses'][] =
	123	'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
	124	OR author = \''.$_GET['author'].'\'';
[796]	125	}
	126
[5195]	127	// search a specific comment (if you're coming directly from an admin
	128	// notification email)
	129	if (!empty($_GET['comment_id']))
	130	{
	131	check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
	132
	133	// currently, the $_GET['comment_id'] is only used by admins from email
	134	// for management purpose (validate/delete)
	135	if (!is_admin())
	136	{
	137	$login_url =
	138	get_root_url().'identification.php?redirect='
	139	.urlencode(urlencode($_SERVER['REQUEST_URI']))
	140	;
	141	redirect($login_url);
	142	}
	143
	144	$page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
	145	}
	146
[796]	147	// search a substring among comments content
[4139]	148	if (!empty($_GET['keyword']))
[796]	149	{
[1716]	150	$page['where_clauses'][] =
[796]	151	'('.
	152	implode(' AND ',
	153	array_map(
	154	create_function(
	155	'$s',
	156	'return "content LIKE \'%$s%\'";'
	157	),
[2012]	158	preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]	159	)
	160	).
	161	')';
	162	}
	163
[1716]	164	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
	165
[1598]	166	// which status to filter on ?
[1716]	167	if ( !is_admin() )
[1598]	168	{
[4367]	169	$page['where_clauses'][] = 'validated=\'true\'';
[1598]	170	}
	171
[1716]	172	$page['where_clauses'][] = get_sql_condition_FandF
	173	(
	174	array
	175	(
	176	'forbidden_categories' => 'category_id',
	177	'visible_categories' => 'category_id',
	178	'visible_images' => 'ic.image_id'
	179	),
	180	'', true
	181	);
[1598]	182
[579]	183	// +-----------------------------------------------------------------------+
	184	// \| comments management \|
	185	// +-----------------------------------------------------------------------+
[1598]	186
[5195]	187	$comment_id = null;
	188	$action = null;
	189
	190	$actions = array('delete', 'validate', 'edit');
	191	foreach ($actions as $loop_action)
	192	{
	193	if (isset($_GET[$loop_action]))
	194	{
[5199]	195	$action = $loop_action;
[5195]	196	check_input_parameter($action, $_GET, false, PATTERN_ID);
	197	$comment_id = $_GET[$action];
	198	break;
	199	}
[579]	200	}
[1617]	201
[5195]	202	if (isset($action))
[3445]	203	{
[5195]	204	check_pwg_token();
	205
	206	$comment_author_id = get_comment_author_id($comment_id);
[5199]	207
[5195]	208	if (can_manage_comment($action, $comment_author_id))
[3445]	209	{
[5195]	210	$perform_redirect = false;
[5199]	211
[5195]	212	if ('delete' == $action)
	213	{
	214	delete_user_comment($comment_id);
	215	$perform_redirect = true;
	216	}
[3445]	217
[5195]	218	if ('validate' == $action)
	219	{
	220	validate_user_comment($comment_id);
	221	$perform_redirect = true;
	222	}
[5199]	223
[5195]	224	if ('edit' == $action)
	225	{
	226	if (!empty($_POST['content']))
	227	{
	228	update_user_comment(
	229	array(
	230	'comment_id' => $_GET['edit'],
	231	'image_id' => $_POST['image_id'],
	232	'content' => $_POST['content']
	233	),
	234	$_POST['key']
	235	);
[5199]	236
[5195]	237	$edit_comment = null;
	238	}
	239	else
	240	{
	241	$edit_comment = $_GET['edit'];
	242	}
	243	}
[5199]	244
[5195]	245	if ($perform_redirect)
	246	{
	247	$redirect_url =
	248	PHPWG_ROOT_PATH
	249	.'comments.php'
	250	.get_query_string_diff(array('delete','validate','pwg_token'));
[5199]	251
[5195]	252	redirect($redirect_url);
	253	}
[3445]	254	}
	255	}
	256
[579]	257	// +-----------------------------------------------------------------------+
	258	// \| page header and options \|
	259	// +-----------------------------------------------------------------------+
[355]	260
[2268]	261	$title= l10n('User comments');
[850]	262	$page['body_id'] = 'theCommentsPage';
	263
[579]	264	$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]	265	$template->assign(
[579]	266	array(
[796]	267	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[4182]	268	'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
	269	'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
[579]	270	)
	271	);
[355]	272
[796]	273	// +-----------------------------------------------------------------------+
	274	// \| form construction \|
	275	// +-----------------------------------------------------------------------+
	276
	277	// Search in a particular category
[2223]	278	$blockname = 'categories';
[796]	279
	280	$query = '
[1861]	281	SELECT id, name, uppercats, global_rank
[1677]	282	FROM '.CATEGORIES_TABLE.'
	283	'.get_sql_condition_FandF
	284	(
	285	array
	286	(
	287	'forbidden_categories' => 'id',
	288	'visible_categories' => 'id'
	289	),
	290	'WHERE'
	291	).'
[796]	292	;';
	293	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
	294
	295	// Filter on recent comments...
[2223]	296	$tpl_var=array();
[796]	297	foreach ($since_options as $id => $option)
	298	{
[2223]	299	$tpl_var[ $id ] = $option['label'];
[355]	300	}
[2223]	301	$template->assign( 'since_options', $tpl_var);
	302	$template->assign( 'since_options_selected', $page['since']);
[796]	303
	304	// Sort by
[2223]	305	$template->assign( 'sort_by_options', $sort_by);
	306	$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]	307
	308	// Sorting order
[2223]	309	$template->assign( 'sort_order_options', $sort_order);
	310	$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]	311
	312
	313	// Number of items
	314	$blockname = 'items_number_option';
[2223]	315	$tpl_var=array();
[796]	316	foreach ($items_number as $option)
	317	{
[2223]	318	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]	319	}
[2223]	320	$template->assign( 'item_number_options', $tpl_var);
	321	$template->assign( 'item_number_options_selected', $page['items_number']);
[796]	322
[2223]	323
[579]	324	// +-----------------------------------------------------------------------+
[796]	325	// \| navigation bar \|
	326	// +-----------------------------------------------------------------------+
	327
	328	if (isset($_GET['start']) and is_numeric($_GET['start']))
	329	{
	330	$start = $_GET['start'];
	331	}
	332	else
	333	{
	334	$start = 0;
	335	}
	336
	337	$query = '
[3450]	338	SELECT COUNT(DISTINCT(com.id))
[796]	339	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[5199]	340	INNER JOIN '.COMMENTS_TABLE.' AS com
[796]	341	ON ic.image_id = com.image_id
[4139]	342	LEFT JOIN '.USERS_TABLE.' As u
	343	ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]	344	WHERE '.implode('
	345	AND ', $page['where_clauses']).'
[796]	346	;';
[4325]	347	list($counter) = pwg_db_fetch_row(pwg_query($query));
[796]	348
[1598]	349	$url = PHPWG_ROOT_PATH
	350	.'comments.php'
[5195]	351	.get_query_string_diff(array('start','delete','validate','pwg_token'));
[796]	352
	353	$navbar = create_navigation_bar($url,
	354	$counter,
	355	$start,
	356	$page['items_number'],
	357	'');
	358
[3172]	359	$template->assign('navbar', $navbar);
[796]	360
	361	// +-----------------------------------------------------------------------+
[579]	362	// \| last comments display \|
	363	// +-----------------------------------------------------------------------+
[355]	364
[796]	365	$comments = array();
	366	$element_ids = array();
	367	$category_ids = array();
	368
[579]	369	$query = '
[6602]	370	SELECT com.id AS comment_id,
	371	com.image_id,
	372	com.author,
	373	com.author_id,
	374	com.date,
	375	com.content,
	376	com.validated
[796]	377	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[3487]	378	INNER JOIN '.COMMENTS_TABLE.' AS com
[796]	379	ON ic.image_id = com.image_id
[4139]	380	LEFT JOIN '.USERS_TABLE.' As u
	381	ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]	382	WHERE '.implode('
	383	AND ', $page['where_clauses']).'
[6602]	384	GROUP BY comment_id,
	385	com.image_id,
	386	com.author,
	387	com.author_id,
	388	com.date,
	389	com.content,
	390	com.validated
[796]	391	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
	392	if ('all' != $page['items_number'])
	393	{
	394	$query.= '
[4334]	395	LIMIT '.$page['items_number'].' OFFSET '.$start;
[796]	396	}
	397	$query.= '
[579]	398	;';
[587]	399	$result = pwg_query($query);
[4325]	400	while ($row = pwg_db_fetch_assoc($result))
[393]	401	{
[796]	402	array_push($comments, $row);
	403	array_push($element_ids, $row['image_id']);
[393]	404	}
[796]	405
	406	if (count($comments) > 0)
[579]	407	{
[796]	408	// retrieving element informations
	409	$elements = array();
[579]	410	$query = '
[796]	411	SELECT id, name, file, path, tn_ext
[579]	412	FROM '.IMAGES_TABLE.'
[796]	413	WHERE id IN ('.implode(',', $element_ids).')
[579]	414	;';
[796]	415	$result = pwg_query($query);
[4325]	416	while ($row = pwg_db_fetch_assoc($result))
[579]	417	{
[796]	418	$elements[$row['id']] = $row;
[579]	419	}
[721]	420
[796]	421	// retrieving category informations
[579]	422	$query = '
[6602]	423	SELECT c.id, name, permalink, uppercats, com.id as comment_id
	424	FROM '.CATEGORIES_TABLE.' AS c
	425	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	426	ON c.id=ic.category_id
	427	LEFT JOIN '.COMMENTS_TABLE.' AS com
	428	ON ic.image_id=com.image_id
	429	'.get_sql_condition_FandF
	430	(
	431	array
	432	(
	433	'forbidden_categories' => 'c.id',
	434	'visible_categories' => 'c.id'
	435	),
	436	'WHERE'
	437	).'
[796]	438	;';
[6602]	439	$categories = hash_from_query($query, 'comment_id');
[796]	440
	441	foreach ($comments as $comment)
[579]	442	{
[796]	443	if (!empty($elements[$comment['image_id']]['name']))
[166]	444	{
[1598]	445	$name=$elements[$comment['image_id']]['name'];
[166]	446	}
[796]	447	else
	448	{
[1598]	449	$name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]	450	}
[1090]	451
[796]	452	// source of the thumbnail picture
[1598]	453	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
[1090]	454
[796]	455	// link to the full size picture
[1090]	456	$url = make_picture_url(
[796]	457	array(
[6602]	458	'category' => $categories[ $comment['comment_id'] ],
[5195]	459	'image_id' => $comment['image_id'],
	460	'image_file' => $elements[$comment['image_id']]['file'],
	461	)
	462	);
[5199]	463
[5195]	464	$tpl_comment = array(
	465	'U_PICTURE' => $url,
	466	'TN_SRC' => $thumbnail_src,
	467	'ALT' => $name,
	468	'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
	469	'DATE'=>format_date($comment['date'], true),
	470	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
	471	);
[1598]	472
[3487]	473	if (can_manage_comment('delete', $comment['author_id']))
[1598]	474	{
[5195]	475	$url =
	476	get_root_url()
	477	.'comments.php'
	478	.get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
[5199]	479
[5195]	480	$tpl_comment['U_DELETE'] = add_url_params(
	481	$url,
	482	array(
	483	'delete' => $comment['comment_id'],
	484	'pwg_token' => get_pwg_token(),
	485	)
	486	);
[3445]	487	}
[5199]	488
[3450]	489	if (can_manage_comment('edit', $comment['author_id']))
[3445]	490	{
[5195]	491	$url =
	492	get_root_url()
	493	.'comments.php'
	494	.get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
[5199]	495
[5195]	496	$tpl_comment['U_EDIT'] = add_url_params(
	497	$url,
	498	array(
	499	'edit' => $comment['comment_id'],
	500	'pwg_token' => get_pwg_token(),
	501	)
	502	);
[5199]	503
[3487]	504	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
[1598]	505	{
[3445]	506	$tpl_comment['IN_EDIT'] = true;
	507	$key = get_comment_post_key($comment['image_id']);
	508	$tpl_comment['KEY'] = $key;
	509	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
	510	$tpl_comment['CONTENT'] = $comment['content'];
[1598]	511	}
	512	}
[3445]	513
[5195]	514	if (can_manage_comment('validate', $comment['author_id']))
[3445]	515	{
[5195]	516	if ('true' != $comment['validated'])
	517	{
	518	$tpl_comment['U_VALIDATE'] = add_url_params(
	519	$url,
	520	array(
	521	'validate'=> $comment['comment_id'],
	522	'pwg_token' => get_pwg_token(),
	523	)
	524	);
	525	}
[3445]	526	}
[2223]	527	$template->append('comments', $tpl_comment);
[166]	528	}
[579]	529	}
	530	// +-----------------------------------------------------------------------+
	531	// \| html code display \|
	532	// +-----------------------------------------------------------------------+
[2107]	533	include(PHPWG_ROOT_PATH.'include/page_header.php');
[2223]	534	$template->pparse('comments');
[1598]	535	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]	536	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: