source: branches/2.1/include/picture_comment.inc.php @ 12321

Last change on this file since 12321 was 6438, checked in by rvelices, 14 years ago

merge r6437 from trunk to branch 2.1

  • do not remove slashes before calling insert_user_comment (homogeneity with update_user_comment and general use of slashes in piwigo)
  • when using a modifier on a non array variable use @| instead of | (generated code is simpler and faster)
  • Property svn:eol-style set to LF
File size: 6.9 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24/**
25 * This file is included by the picture page to manage user comments
26 *
27 */
28
29// the picture is commentable if it belongs at least to one category which
30// is commentable
31$page['show_comments'] = false;
32foreach ($related_categories as $category)
33{
34  if ($category['commentable'] == 'true')
35  {
36    $page['show_comments'] = true;
37    break;
38  }
39}
40
41if ( $page['show_comments'] and isset( $_POST['content'] ) )
42{
43  if ( is_a_guest() and !$conf['comments_forall'] )
44  {
45    die ('Session expired');
46  }
47
48  $comm = array(
49    'author' => trim( @$_POST['author'] ),
50    'content' => trim( $_POST['content'] ),
51    'image_id' => $page['image_id'],
52   );
53
54  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
55
56  $comment_action = insert_user_comment($comm, @$_POST['key'], $infos );
57
58  switch ($comment_action)
59  {
60    case 'moderate':
61      array_push( $infos, l10n('An administrator must authorize your comment before it is visible.') );
62    case 'validate':
63      array_push( $infos, l10n('Your comment has been registered'));
64      break;
65    case 'reject':
66      set_status_header(403);
67      array_push($infos, l10n('Your comment has NOT been registered because it did not pass the validation rules') );
68      break;
69    default:
70      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
71  }
72
73  $template->assign(
74      ($comment_action=='reject') ? 'errors' : 'infos',
75      $infos
76    );
77
78  // allow plugins to notify what's going on
79  trigger_action( 'user_comment_insertion',
80      array_merge($comm, array('action'=>$comment_action) )
81    );
82}
83elseif ( isset($_POST['content']) )
84{
85  set_status_header(403);
86  die('ugly spammer');
87}
88
89if ($page['show_comments'])
90{
91  if ( !is_admin() )
92  {
93    $validated_clause = '  AND validated = \'true\'';
94  }
95  else
96  {
97    $validated_clause = '';
98  }
99
100  // number of comments for this picture
101  $query = '
102SELECT
103    COUNT(*) AS nb_comments
104  FROM '.COMMENTS_TABLE.'
105  WHERE image_id = '.$page['image_id']
106  .$validated_clause.'
107;';
108  $row = pwg_db_fetch_assoc( pwg_query( $query ) );
109
110  // navigation bar creation
111  if (!isset($page['start']))
112  {
113    $page['start'] = 0;
114  }
115
116  $navigation_bar = create_navigation_bar(
117    duplicate_picture_url(array(), array('start')),
118    $row['nb_comments'],
119    $page['start'],
120    $conf['nb_comment_page'],
121    true // We want a clean URL
122    );
123
124  $template->assign(
125    array(
126      'COMMENT_COUNT' => $row['nb_comments'],
127      'navbar' => $navigation_bar,
128      )
129    );
130
131  if ($row['nb_comments'] > 0)
132  {
133    $query = '
134SELECT
135    com.id,
136    author,
137    author_id,
138    '.$conf['user_fields']['username'].' AS username,
139    date,
140    image_id,
141    content,
142    validated
143  FROM '.COMMENTS_TABLE.' AS com
144  LEFT JOIN '.USERS_TABLE.' AS u
145    ON u.'.$conf['user_fields']['id'].' = author_id
146  WHERE image_id = '.$page['image_id'].'
147    '.$validated_clause.'
148  ORDER BY date ASC
149  LIMIT '.$conf['nb_comment_page'].' OFFSET '.$page['start'].'
150;';
151    $result = pwg_query( $query );
152
153    while ($row = pwg_db_fetch_assoc($result))
154    {
155      if (!empty($row['author']))
156      {
157        $author = $row['author'];
158        if ($author == 'guest')
159        {
160          $author = l10n('guest');
161        }
162      }
163      else
164      {
165        $author = stripslashes($row['username']);
166      }
167
168      $tpl_comment =
169        array(
170          'AUTHOR' => trigger_event('render_comment_author', $author),
171
172          'DATE' => format_date( $row['date'], true),
173
174          'CONTENT' => trigger_event('render_comment_content',$row['content']),
175        );
176
177      if (can_manage_comment('delete', $row['author_id']))
178      {
179        $tpl_comment['U_DELETE'] = add_url_params(
180          $url_self,
181          array(
182            'action'=>'delete_comment',
183            'comment_to_delete'=>$row['id'],
184            'pwg_token' => get_pwg_token(),
185            )
186          );
187      }
188      if (can_manage_comment('edit', $row['author_id']))
189      {
190        $tpl_comment['U_EDIT'] = add_url_params(
191          $url_self,
192          array(
193            'action'=>'edit_comment',
194            'comment_to_edit'=>$row['id'],
195            'pwg_token' => get_pwg_token(),
196            )
197          );
198        if (isset($edit_comment) and ($row['id'] == $edit_comment))
199        {
200          $tpl_comment['IN_EDIT'] = true;
201          $key = get_comment_post_key($page['image_id']);
202          $tpl_comment['KEY'] = $key;
203          $tpl_comment['CONTENT'] = $row['content'];
204        }
205      }
206      if (is_admin())
207      {
208        if ($row['validated'] != 'true')
209        {
210          $tpl_comment['U_VALIDATE'] = add_url_params(
211            $url_self,
212            array(
213              'action' => 'validate_comment',
214              'comment_to_validate' => $row['id'],
215              'pwg_token' => get_pwg_token(),
216              )
217            );
218        }
219      }
220      $template->append('comments', $tpl_comment);
221    }
222  }
223
224  $show_add_comment_form = true;
225  if (isset($edit_comment))
226  {
227    $show_add_comment_form = false;
228  }
229  if (is_a_guest() and !$conf['comments_forall'])
230  {
231    $show_add_comment_form = false;
232  }
233
234  if ($show_add_comment_form)
235  {
236    $key = get_comment_post_key($page['image_id']);
237    $content = '';
238    if ('reject'===@$comment_action)
239    {
240      $content = htmlspecialchars( stripslashes($comm['content']) );
241    }
242    $template->assign('comment_add',
243        array(
244          'F_ACTION' => $url_self,
245          'KEY' => $key,
246          'CONTENT' => $content,
247          'SHOW_AUTHOR' => !is_classic_user()
248        ));
249  }
250}
251
252?>
Note: See TracBrowser for help on using the repository browser.