source: branches/2.4/include/functions_comment.inc.php @ 18968

Last change on this file since 18968 was 13800, checked in by rvelices, 13 years ago

fix email on comment requiring validation even if the options is unchecked

  • Property svn:eol-style set to LF
File size: 11.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2012 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24//returns string action to perform on a new comment: validate, moderate, reject
25function user_comment_check($action, $comment)
26{
27  global $conf,$user;
28
29  if ($action=='reject')
30    return $action;
31
32  $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
33
34  if ($action==$my_action)
35    return $action;
36
37  // we do here only BASIC spam check (plugins can do more)
38  if ( !is_a_guest() )
39    return $action;
40
41  $link_count = preg_match_all( '/https?:\/\//',
42    $comment['content'], $matches);
43
44  if ( strpos($comment['author'], 'http://')!==false )
45  {
46    $link_count++;
47  }
48
49  if ( $link_count>$conf['comment_spam_max_links'] )
50  {
51    $_POST['cr'][] = 'links';
52    return $my_action;
53  }
54  return $action;
55}
56
57
58add_event_handler('user_comment_check', 'user_comment_check',
59  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
60
61/**
62 * Tries to insert a user comment in the database and returns one of :
63 * validate, moderate, reject
64 * @param array comm contains author, content, image_id
65 * @param string key secret key sent back to the browser
66 * @param array infos out array of messages
67 */
68function insert_user_comment( &$comm, $key, &$infos )
69{
70  global $conf, $user;
71
72  $comm = array_merge( $comm,
73    array(
74      'ip' => $_SERVER['REMOTE_ADDR'],
75      'agent' => $_SERVER['HTTP_USER_AGENT']
76    )
77   );
78
79  $infos = array();
80  if (!$conf['comments_validation'] or is_admin())
81  {
82    $comment_action='validate'; //one of validate, moderate, reject
83  }
84  else
85  {
86    $comment_action='moderate'; //one of validate, moderate, reject
87  }
88
89  // display author field if the user status is guest or generic
90  if (!is_classic_user())
91  {
92    if ( empty($comm['author']) )
93    {
94      $comm['author'] = 'guest';
95    }
96    $comm['author_id'] = $conf['guest_id'];
97    // if a guest try to use the name of an already existing user, he must be
98    // rejected
99    if ( $comm['author'] != 'guest' )
100    {
101      $query = '
102SELECT COUNT(*) AS user_exists
103  FROM '.USERS_TABLE.'
104  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
105      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
106      if ( $row['user_exists'] == 1 )
107      {
108        array_push($infos, l10n('This login is already used by another user') );
109        $comment_action='reject';
110      }
111    }
112  }
113  else
114  {
115    $comm['author'] = addslashes($user['username']);
116    $comm['author_id'] = $user['id'];
117  }
118
119  if ( empty($comm['content']) )
120  { // empty comment content
121    $comment_action='reject';
122  }
123
124  if ( !verify_ephemeral_key(@$key, $comm['image_id']) )
125  {
126    $comment_action='reject';
127    $_POST['cr'][] = 'key'; // rvelices: I use this outside to see how spam robots work
128  }
129
130  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
131  { // anti-flood system
132    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
133
134    $query = '
135SELECT count(1) FROM '.COMMENTS_TABLE.'
136  WHERE date > '.$reference_date.'
137    AND author_id = '.$comm['author_id'];
138    list($counter) = pwg_db_fetch_row(pwg_query($query));
139    if ( $counter > 0 )
140    {
141      array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
142      $comment_action='reject';
143    }
144  }
145
146  // perform more spam check
147  $comment_action = trigger_event('user_comment_check',
148      $comment_action, $comm
149    );
150
151  if ( $comment_action!='reject' )
152  {
153    $query = '
154INSERT INTO '.COMMENTS_TABLE.'
155  (author, author_id, content, date, validated, validation_date, image_id)
156  VALUES (
157    \''.$comm['author'].'\',
158    '.$comm['author_id'].',
159    \''.$comm['content'].'\',
160    NOW(),
161    \''.($comment_action=='validate' ? 'true':'false').'\',
162    '.($comment_action=='validate' ? 'NOW()':'NULL').',
163    '.$comm['image_id'].'
164  )
165';
166
167    pwg_query($query);
168
169    $comm['id'] = pwg_db_insert_id(COMMENTS_TABLE);
170
171    if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
172        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
173    {
174      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
175
176      $comment_url = get_absolute_root_url().'comments.php?comment_id='.$comm['id'];
177
178      $keyargs_content = array
179      (
180        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
181        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
182        get_l10n_args('', ''),
183        get_l10n_args('Manage this user comment: %s', $comment_url)
184      );
185
186      if ('moderate' == $comment_action)
187      {
188        $keyargs_content[] = get_l10n_args('', '');
189        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
190      }
191
192      pwg_mail_notification_admins
193      (
194        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
195        $keyargs_content
196      );
197    }
198  }
199  return $comment_action;
200}
201
202/**
203 * Tries to delete a user comment in the database
204 * only admin can delete all comments
205 * other users can delete their own comments
206 * so to avoid a new sql request we add author in where clause
207 *
208 * @param int or array of int comment_id
209 */
210function delete_user_comment($comment_id)
211{
212  $user_where_clause = '';
213  if (!is_admin())
214  {
215    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
216  }
217 
218  if (is_array($comment_id))
219    $where_clause = 'id IN('.implode(',', $comment_id).')';
220  else
221    $where_clause = 'id = '.$comment_id;
222   
223  $query = '
224DELETE FROM '.COMMENTS_TABLE.'
225  WHERE '.$where_clause.
226$user_where_clause.'
227;';
228  $result = pwg_query($query);
229 
230  if ($result) 
231  {
232    email_admin('delete', 
233                array('author' => $GLOBALS['user']['username'],
234                      'comment_id' => $comment_id
235                  ));
236  }
237 
238  trigger_action('user_comment_deletion', $comment_id);
239}
240
241/**
242 * Tries to update a user comment in the database
243 * only admin can update all comments
244 * users can edit their own comments if admin allow them
245 * so to avoid a new sql request we add author in where clause
246 *
247 * @param comment_id
248 * @param post_key
249 * @param content
250 */
251
252function update_user_comment($comment, $post_key)
253{
254  global $conf;
255
256  $comment_action = 'validate';
257
258  if ( !verify_ephemeral_key($post_key, $comment['image_id']) )
259  {
260    $comment_action='reject';
261  }
262  elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
263  {
264    $comment_action='validate'; //one of validate, moderate, reject
265  }
266  else
267  {
268    $comment_action='moderate'; //one of validate, moderate, reject
269  }
270
271  // perform more spam check
272  $comment_action =
273    trigger_event('user_comment_check',
274                  $comment_action,
275                  array_merge($comment,
276                              array('author' => $GLOBALS['user']['username'])
277                              )
278                  );
279
280  if ( $comment_action!='reject' )
281  {
282    $user_where_clause = '';
283    if (!is_admin())
284    {
285      $user_where_clause = '   AND author_id = \''.
286        $GLOBALS['user']['id'].'\'';
287    }
288
289    $query = '
290UPDATE '.COMMENTS_TABLE.'
291  SET content = \''.$comment['content'].'\',
292      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
293      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
294  WHERE id = '.$comment['comment_id'].
295$user_where_clause.'
296;';
297    $result = pwg_query($query);
298   
299    // mail admin and ask to validate the comment
300    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
301    {
302      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
303
304      $comment_url = get_absolute_root_url().'comments.php?comment_id='.$comment['comment_id'];
305
306      $keyargs_content = array
307      (
308        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
309        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
310        get_l10n_args('', ''),
311        get_l10n_args('Manage this user comment: %s', $comment_url),
312        get_l10n_args('', ''),
313        get_l10n_args('(!) This comment requires validation', ''),
314      );
315
316      pwg_mail_notification_admins
317      (
318        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
319        $keyargs_content
320      );
321    }
322    // just mail admin
323    else if ($result)
324    {
325      email_admin('edit', array('author' => $GLOBALS['user']['username'],
326                                'content' => stripslashes($comment['content'])) );
327    }
328  }
329 
330  return $comment_action;
331}
332
333function email_admin($action, $comment)
334{
335  global $conf;
336
337  if (!in_array($action, array('edit', 'delete'))
338      or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
339      or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
340  {
341    return;
342  }
343
344  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
345
346  $keyargs_content = array();
347  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
348  if ($action=='delete')
349  {
350    $keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
351                                       $comment['comment_id']
352                                       );
353  }
354  else
355  {
356    $keyargs_content[] = get_l10n_args('This author modified following comment:', '');
357    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
358  }
359
360  pwg_mail_notification_admins(get_l10n_args('Comment by %s',
361                                             $comment['author']),
362                               $keyargs_content
363                               );
364}
365
366function get_comment_author_id($comment_id, $die_on_error=true)
367{
368  $query = '
369SELECT
370    author_id
371  FROM '.COMMENTS_TABLE.'
372  WHERE id = '.$comment_id.'
373;';
374  $result = pwg_query($query);
375  if (pwg_db_num_rows($result) == 0)
376  {
377    if ($die_on_error)
378    {
379      fatal_error('Unknown comment identifier');
380    }
381    else
382    {
383      return false;
384    }
385  }
386 
387  list($author_id) = pwg_db_fetch_row($result);
388
389  return $author_id;
390}
391
392/**
393 * Tries to validate a user comment in the database
394 * @param int or array of int comment_id
395 */
396function validate_user_comment($comment_id)
397{
398  if (is_array($comment_id))
399    $where_clause = 'id IN('.implode(',', $comment_id).')';
400  else
401    $where_clause = 'id = '.$comment_id;
402   
403  $query = '
404UPDATE '.COMMENTS_TABLE.'
405  SET validated = \'true\'
406    , validation_date = NOW()
407  WHERE '.$where_clause.'
408;';
409  pwg_query($query);
410 
411  trigger_action('user_comment_validation', $comment_id);
412}
413?>
Note: See TracBrowser for help on using the repository browser.