Context Navigation

source: branches/2.3/include/functions_comment.inc.php @ 16878

Last change on this file since 16878 was 12597, checked in by mistic100, 13 years ago
merge r12596 from trunk: feature 2500: make 'validate_user_comment' and 'delete_user_comment' working with array
Property svn:eol-style set to `LF`
File size: 11.5 KB

Rev	Line
[1849]	1	<?php
	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[8728]	5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[1849]	23
	24	//returns string action to perform on a new comment: validate, moderate, reject
	25	function user_comment_check($action, $comment)
	26	{
	27	global $conf,$user;
	28
	29	if ($action=='reject')
	30	return $action;
	31
	32	$my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
	33
	34	if ($action==$my_action)
	35	return $action;
	36
	37	// we do here only BASIC spam check (plugins can do more)
[2029]	38	if ( !is_a_guest() )
[1849]	39	return $action;
	40
	41	$link_count = preg_match_all( '/https?:\/\//',
	42	$comment['content'], $matches);
	43
	44	if ( strpos($comment['author'], 'http://')!==false )
	45	{
	46	$link_count++;
	47	}
[2155]	48
[1849]	49	if ( $link_count>$conf['comment_spam_max_links'] )
	50	return $my_action;
	51
	52	return $action;
	53	}
	54
	55
	56	add_event_handler('user_comment_check', 'user_comment_check',
	57	EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
	58
	59	/**
	60	* Tries to insert a user comment in the database and returns one of :
	61	* validate, moderate, reject
	62	* @param array comm contains author, content, image_id
	63	* @param string key secret key sent back to the browser
	64	* @param array infos out array of messages
	65	*/
	66	function insert_user_comment( &$comm, $key, &$infos )
	67	{
	68	global $conf, $user;
[2155]	69
	70	$comm = array_merge( $comm,
[1849]	71	array(
	72	'ip' => $_SERVER['REMOTE_ADDR'],
	73	'agent' => $_SERVER['HTTP_USER_AGENT']
	74	)
	75	);
	76
	77	$infos = array();
	78	if (!$conf['comments_validation'] or is_admin())
	79	{
	80	$comment_action='validate'; //one of validate, moderate, reject
	81	}
	82	else
	83	{
	84	$comment_action='moderate'; //one of validate, moderate, reject
	85	}
	86
[2029]	87	// display author field if the user status is guest or generic
	88	if (!is_classic_user())
[1849]	89	{
	90	if ( empty($comm['author']) )
	91	{
	92	$comm['author'] = 'guest';
	93	}
[3450]	94	$comm['author_id'] = $conf['guest_id'];
[1849]	95	// if a guest try to use the name of an already existing user, he must be
	96	// rejected
	97	if ( $comm['author'] != 'guest' )
	98	{
	99	$query = '
	100	SELECT COUNT(*) AS user_exists
	101	FROM '.USERS_TABLE.'
[4304]	102	WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
[4325]	103	$row = pwg_db_fetch_assoc( pwg_query( $query ) );
[1849]	104	if ( $row['user_exists'] == 1 )
	105	{
[5021]	106	array_push($infos, l10n('This login is already used by another user') );
[1849]	107	$comment_action='reject';
	108	}
	109	}
	110	}
	111	else
	112	{
[3600]	113	$comm['author'] = addslashes($user['username']);
[3450]	114	$comm['author_id'] = $user['id'];
[1849]	115	}
[3450]	116
[1849]	117	if ( empty($comm['content']) )
	118	{ // empty comment content
	119	$comment_action='reject';
	120	}
	121
[7495]	122	if ( !verify_ephemeral_key(@$key, $comm['image_id']) )
[1849]	123	{
	124	$comment_action='reject';
	125	}
[2155]	126
[7784]	127	if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
[1849]	128	{ // anti-flood system
[6604]	129	$reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
	130
[1849]	131	$query = '
[6604]	132	SELECT count(1) FROM '.COMMENTS_TABLE.'
	133	WHERE date > '.$reference_date.'
[3450]	134	AND author_id = '.$comm['author_id'];
[6604]	135	list($counter) = pwg_db_fetch_row(pwg_query($query));
	136	if ( $counter > 0 )
[1849]	137	{
[5021]	138	array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
[1849]	139	$comment_action='reject';
	140	}
	141	}
	142
	143	// perform more spam check
	144	$comment_action = trigger_event('user_comment_check',
	145	$comment_action, $comm
	146	);
	147
	148	if ( $comment_action!='reject' )
	149	{
	150	$query = '
	151	INSERT INTO '.COMMENTS_TABLE.'
[3450]	152	(author, author_id, content, date, validated, validation_date, image_id)
[1849]	153	VALUES (
[6589]	154	\''.$comm['author'].'\',
[3450]	155	'.$comm['author_id'].',
[6589]	156	\''.$comm['content'].'\',
[1849]	157	NOW(),
[6589]	158	\''.($comment_action=='validate' ? 'true':'false').'\',
[1849]	159	'.($comment_action=='validate' ? 'NOW()':'NULL').',
[2155]	160	'.$comm['image_id'].'
[1849]	161	)
	162	';
	163
	164	pwg_query($query);
	165
[4892]	166	$comm['id'] = pwg_db_insert_id(COMMENTS_TABLE);
[1849]	167
[5195]	168	if ($conf['email_admin_on_comment']
	169	or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
[1849]	170	{
	171	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	172
[5195]	173	$comment_url = get_absolute_root_url().'comments.php?comment_id='.$comm['id'];
[1849]	174
[1908]	175	$keyargs_content = array
	176	(
[3600]	177	get_l10n_args('Author: %s', stripslashes($comm['author']) ),
[3488]	178	get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
[1908]	179	get_l10n_args('', ''),
[5195]	180	get_l10n_args('Manage this user comment: %s', $comment_url)
[1908]	181	);
[1849]	182
[5195]	183	if ('moderate' == $comment_action)
[1849]	184	{
[5195]	185	$keyargs_content[] = get_l10n_args('', '');
	186	$keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
[1849]	187	}
	188
[1908]	189	pwg_mail_notification_admins
[1849]	190	(
[3600]	191	get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
[1908]	192	$keyargs_content
[1849]	193	);
	194	}
	195	}
	196	return $comment_action;
	197	}
	198
[3445]	199	/**
	200	* Tries to delete a user comment in the database
	201	* only admin can delete all comments
[3488]	202	* other users can delete their own comments
[3445]	203	* so to avoid a new sql request we add author in where clause
	204	*
[12597]	205	* @param int or array of int comment_id
[3445]	206	*/
[12597]	207	function delete_user_comment($comment_id)
	208	{
[3445]	209	$user_where_clause = '';
	210	if (!is_admin())
	211	{
[3450]	212	$user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
[3445]	213	}
[12597]	214
	215	if (is_array($comment_id))
	216	$where_clause = 'id IN('.implode(',', $comment_id).')';
	217	else
	218	$where_clause = 'id = '.$comment_id;
	219
[3445]	220	$query = '
	221	DELETE FROM '.COMMENTS_TABLE.'
[12597]	222	WHERE '.$where_clause.
[3445]	223	$user_where_clause.'
	224	;';
	225	$result = pwg_query($query);
[12597]	226
	227	if ($result)
	228	{
[5707]	229	email_admin('delete',
	230	array('author' => $GLOBALS['user']['username'],
	231	'comment_id' => $comment_id
	232	));
[3445]	233	}
[12557]	234
	235	trigger_action('user_comment_deletion', $comment_id);
[3445]	236	}
	237
	238	/**
	239	* Tries to update a user comment in the database
	240	* only admin can update all comments
	241	* users can edit their own comments if admin allow them
	242	* so to avoid a new sql request we add author in where clause
	243	*
[3488]	244	* @param comment_id
[3445]	245	* @param post_key
	246	* @param content
	247	*/
	248
[3488]	249	function update_user_comment($comment, $post_key)
	250	{
[3445]	251	global $conf;
	252
	253	$comment_action = 'validate';
	254
[7495]	255	if ( !verify_ephemeral_key($post_key, $comment['image_id']) )
[3445]	256	{
	257	$comment_action='reject';
	258	}
[11253]	259	elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
	260	{
	261	$comment_action='validate'; //one of validate, moderate, reject
	262	}
	263	else
	264	{
	265	$comment_action='moderate'; //one of validate, moderate, reject
	266	}
[3445]	267
	268	// perform more spam check
[3488]	269	$comment_action =
[3445]	270	trigger_event('user_comment_check',
[3488]	271	$comment_action,
	272	array_merge($comment,
[3445]	273	array('author' => $GLOBALS['user']['username'])
	274	)
	275	);
	276
	277	if ( $comment_action!='reject' )
	278	{
	279	$user_where_clause = '';
	280	if (!is_admin())
	281	{
[3450]	282	$user_where_clause = ' AND author_id = \''.
	283	$GLOBALS['user']['id'].'\'';
[3445]	284	}
[10097]	285
[3445]	286	$query = '
	287	UPDATE '.COMMENTS_TABLE.'
	288	SET content = \''.$comment['content'].'\',
[10097]	289	validated = \''.($comment_action=='validate' ? 'true':'false').'\',
	290	validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
[3445]	291	WHERE id = '.$comment['comment_id'].
	292	$user_where_clause.'
	293	;';
	294	$result = pwg_query($query);
[10097]	295
	296	// mail admin and ask to validate the comment
	297	if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action)
	298	{
	299	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	300
	301	$comment_url = get_absolute_root_url().'comments.php?comment_id='.$comment['comment_id'];
	302
	303	$keyargs_content = array
	304	(
	305	get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
	306	get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
	307	get_l10n_args('', ''),
	308	get_l10n_args('Manage this user comment: %s', $comment_url),
	309	get_l10n_args('', ''),
	310	get_l10n_args('(!) This comment requires validation', ''),
	311	);
	312
	313	pwg_mail_notification_admins
	314	(
	315	get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
	316	$keyargs_content
	317	);
	318	}
	319	// just mail admin
	320	else if ($result)
	321	{
[3445]	322	email_admin('edit', array('author' => $GLOBALS['user']['username'],
[3488]	323	'content' => stripslashes($comment['content'])) );
[3445]	324	}
	325	}
[10097]	326
	327	return $comment_action;
[3445]	328	}
	329
[3488]	330	function email_admin($action, $comment)
	331	{
[3445]	332	global $conf;
	333
	334	if (!in_array($action, array('edit', 'delete'))
	335	or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
	336	or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
	337	{
	338	return;
	339	}
	340
	341	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
[3488]	342
[3445]	343	$keyargs_content = array();
	344	$keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
[3488]	345	if ($action=='delete')
[3445]	346	{
[3488]	347	$keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
[3445]	348	$comment['comment_id']
	349	);
	350	}
	351	else
	352	{
	353	$keyargs_content[] = get_l10n_args('This author modified following comment:', '');
	354	$keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
	355	}
[3488]	356
	357	pwg_mail_notification_admins(get_l10n_args('Comment by %s',
[3445]	358	$comment['author']),
	359	$keyargs_content
	360	);
	361	}
[5195]	362
	363	function get_comment_author_id($comment_id, $die_on_error=true)
	364	{
	365	$query = '
	366	SELECT
	367	author_id
	368	FROM '.COMMENTS_TABLE.'
	369	WHERE id = '.$comment_id.'
	370	;';
	371	$result = pwg_query($query);
	372	if (pwg_db_num_rows($result) == 0)
	373	{
	374	if ($die_on_error)
	375	{
	376	fatal_error('Unknown comment identifier');
	377	}
	378	else
	379	{
	380	return false;
	381	}
	382	}
	383
	384	list($author_id) = pwg_db_fetch_row($result);
	385
	386	return $author_id;
	387	}
	388
[12597]	389	/**
	390	* Tries to validate a user comment in the database
	391	* @param int or array of int comment_id
	392	*/
[5195]	393	function validate_user_comment($comment_id)
	394	{
[12597]	395	if (is_array($comment_id))
	396	$where_clause = 'id IN('.implode(',', $comment_id).')';
	397	else
	398	$where_clause = 'id = '.$comment_id;
	399
[5195]	400	$query = '
	401	UPDATE '.COMMENTS_TABLE.'
[6589]	402	SET validated = \'true\'
[5195]	403	, validation_date = NOW()
[12597]	404	WHERE '.$where_clause.'
[5195]	405	;';
	406	pwg_query($query);
[12557]	407
	408	trigger_action('user_comment_validation', $comment_id);
[5195]	409	}
[1849]	410	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: