1 | <?php |
---|
2 | /* $Id: ce_plugin.class.php,v 1.7 2009/06/22 12:25:04 Criss Exp $ */ |
---|
3 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
4 | |
---|
5 | ce_require_class("CE_Comment"); |
---|
6 | |
---|
7 | /** |
---|
8 | * CE_Plugin class |
---|
9 | */ |
---|
10 | class CE_Plugin { |
---|
11 | |
---|
12 | var $comments_ids; |
---|
13 | private static $url_prefix = null; |
---|
14 | |
---|
15 | |
---|
16 | function CE_Plugin() { |
---|
17 | if (null == self::$url_prefix) { |
---|
18 | self::$url_prefix = get_root_url() . 'index.php?' . CE_ACTION . '='; |
---|
19 | } |
---|
20 | } |
---|
21 | |
---|
22 | /* ************************ */ |
---|
23 | /* ** Trigger management ** */ |
---|
24 | /* ************************ */ |
---|
25 | |
---|
26 | /** |
---|
27 | * Update comment ID array |
---|
28 | */ |
---|
29 | function render_comment_content($content) { |
---|
30 | $author = null; |
---|
31 | $id = null; |
---|
32 | switch (script_basename()) { |
---|
33 | case "comments": |
---|
34 | global $comment; |
---|
35 | $author = $comment['author']; |
---|
36 | $id = $comment['comment_id']; |
---|
37 | break; |
---|
38 | case "picture": |
---|
39 | global $row; |
---|
40 | $author = $row['author']; |
---|
41 | $id = $row['id']; |
---|
42 | break; |
---|
43 | default: |
---|
44 | // Not in right script |
---|
45 | return $content; |
---|
46 | } |
---|
47 | global $template, $user; |
---|
48 | if ((!is_a_guest() and ($user['username'] == $author)) |
---|
49 | or is_admin()) { |
---|
50 | $key = count($template->get_template_vars('comments')); |
---|
51 | $this->comments_ids[$key] = $id; |
---|
52 | } |
---|
53 | return $content; |
---|
54 | } |
---|
55 | |
---|
56 | /** |
---|
57 | * Check whether the page contains comments. |
---|
58 | * Add an edit link if user is allowed to edit comment |
---|
59 | */ |
---|
60 | function loc_begin_page_header() { |
---|
61 | global $template; |
---|
62 | $comments = $template->get_template_vars('comments'); |
---|
63 | if (!isset($comments) or (null == $comments)) { |
---|
64 | // No comment... |
---|
65 | return; |
---|
66 | } |
---|
67 | foreach ($comments as $key => $value) { |
---|
68 | if (isset($this->comments_ids[$key])) { |
---|
69 | // User allowed to have edit link |
---|
70 | $comments[$key]['U_ID'] = $this->comments_ids[$key]; |
---|
71 | $comments[$key]['DATE'] .= ' - <a href="' . $this->getEditUrlPrefix(); |
---|
72 | $comments[$key]['DATE'] .= $comments[$key]['U_ID'] . '">'; |
---|
73 | $comments[$key]['DATE'] .= 'Edit'; |
---|
74 | $comments[$key]['DATE'] .= '</a>'; |
---|
75 | } |
---|
76 | } |
---|
77 | $template->assign('comments', $comments); |
---|
78 | } |
---|
79 | |
---|
80 | /** |
---|
81 | * Check whether a comment edit or update is requested. |
---|
82 | */ |
---|
83 | function loc_end_index() { |
---|
84 | $comment_id = ""; |
---|
85 | $action = $this->isCommentEdit($_SERVER['QUERY_STRING'], $comment_id); |
---|
86 | switch ($action) { |
---|
87 | case CE_ACTION_EDIT: |
---|
88 | // Edit |
---|
89 | $this->editComment($comment_id); |
---|
90 | break; |
---|
91 | case CE_ACTION_UPDATE: |
---|
92 | $this->updateComment(); |
---|
93 | break; |
---|
94 | case CE_ACTION_ERROR: |
---|
95 | $infos = array('comment_edit_forbidden'); |
---|
96 | $this->displayError($infos); |
---|
97 | break; |
---|
98 | case CE_ACTION_NONE: |
---|
99 | // Not an edit mode |
---|
100 | break; |
---|
101 | } |
---|
102 | } |
---|
103 | |
---|
104 | /* ************************ */ |
---|
105 | /* ** Private functions ** */ |
---|
106 | /* ************************ */ |
---|
107 | |
---|
108 | function getTemplate($p_template = 'edit.tpl') { |
---|
109 | return realpath(CE_TEMPLATE . $p_template); |
---|
110 | } |
---|
111 | |
---|
112 | function isCommentEdit($p_query_string, &$p_comment_id) { |
---|
113 | $params = split('\&', $p_query_string); |
---|
114 | $action = CE_ACTION_NONE; |
---|
115 | $comment_id = ""; |
---|
116 | foreach ($params as $current_param) { |
---|
117 | $key_value = split('=', $current_param); |
---|
118 | if (isset($key_value[1])) { |
---|
119 | if (CE_ACTION == $key_value[0] && CE_ACTION_NONE == $action) { |
---|
120 | //CE_ACTION_EDIT == $lKeyVal[1] |
---|
121 | switch ($key_value[1]) { |
---|
122 | case CE_ACTION_EDIT: |
---|
123 | case CE_ACTION_UPDATE: |
---|
124 | $action = $key_value[1]; |
---|
125 | break; |
---|
126 | } |
---|
127 | } |
---|
128 | if (CE_ID == $key_value[0]) { |
---|
129 | $comment_id = $key_value[1]; |
---|
130 | } |
---|
131 | } |
---|
132 | } |
---|
133 | if (CE_ACTION_EDIT == $action) { |
---|
134 | if (is_numeric($comment_id)) { |
---|
135 | $p_comment_id = intval($comment_id); |
---|
136 | } else { |
---|
137 | $action = CE_ACTION_ERROR; |
---|
138 | } |
---|
139 | } |
---|
140 | return $action; |
---|
141 | } |
---|
142 | |
---|
143 | function isEditAllowed($p_comment) { |
---|
144 | if ((FALSE == $p_comment->getInfo()) or |
---|
145 | is_a_guest()) { |
---|
146 | return false; |
---|
147 | } |
---|
148 | if (is_admin()) { |
---|
149 | return true; |
---|
150 | } |
---|
151 | global $user; |
---|
152 | return $p_comment->isAuthor($user['username']); |
---|
153 | } |
---|
154 | |
---|
155 | function editComment($p_comment_id) { |
---|
156 | // Include language advices |
---|
157 | load_language('plugin.lang', CE_PATH); |
---|
158 | |
---|
159 | $comment = new CE_Comment($p_comment_id); |
---|
160 | $infos = array(); |
---|
161 | if (!$this->isEditAllowed($comment)) { |
---|
162 | // Not allowed |
---|
163 | array_push($infos, 'comment_edit_forbidden'); |
---|
164 | $this->displayError($infos); |
---|
165 | return; |
---|
166 | } |
---|
167 | $this->displayComment($comment); |
---|
168 | } |
---|
169 | |
---|
170 | function updateComment() { |
---|
171 | // Include language advices |
---|
172 | load_language('plugin.lang', CE_PATH); |
---|
173 | |
---|
174 | $infos = array(); |
---|
175 | if ((!isset($_POST['commentid'])) or |
---|
176 | (!isset($_POST['imageid']))) { |
---|
177 | array_push($infos, 'comment_access_invalid'); |
---|
178 | $this->displayError($infos); |
---|
179 | return; |
---|
180 | } |
---|
181 | if (!is_numeric($_POST['imageid'])) { |
---|
182 | array_push($infos, 'comment_access_invalid'); |
---|
183 | $this->displayError($infos); |
---|
184 | return; |
---|
185 | } |
---|
186 | $comment = new CE_Comment($_POST['commentid']); |
---|
187 | |
---|
188 | if (!$this->isEditAllowed($comment)) { |
---|
189 | array_push($infos, 'comment_edit_forbidden'); |
---|
190 | $this->displayError($infos); |
---|
191 | return; |
---|
192 | } |
---|
193 | $image_id = $comment->getInfo('image_id'); |
---|
194 | if (intval($_POST['imageid']) != intval($image_id)) { |
---|
195 | array_push($infos, 'comment_access_invalid'); |
---|
196 | $this->displayError($infos); |
---|
197 | return; |
---|
198 | } |
---|
199 | if (isset($_POST['author'])) { |
---|
200 | $comment->setInfo('author', $_POST['author']); |
---|
201 | } else if ((isset($_POST['freeauthorck'])) and |
---|
202 | (isset($_POST['freeauthor']))) { |
---|
203 | // Free author |
---|
204 | $new_author = trim(stripslashes($_POST['freeauthor'])); |
---|
205 | $new_author = $comment->validateAuthor($new_author); |
---|
206 | $comment->setInfo('author', $new_author); |
---|
207 | } |
---|
208 | |
---|
209 | $comment_array = array( |
---|
210 | 'author' => trim( stripslashes($comment->getInfo('author')) ), |
---|
211 | 'content' => trim( stripslashes($_POST['content']) ), |
---|
212 | 'image_id' => $image_id, |
---|
213 | 'comment_id' => $comment->getInfo('comment_id'), |
---|
214 | ); |
---|
215 | $comment_action = update_user_comment($comment_array, @$_POST['key'], $infos ); |
---|
216 | |
---|
217 | switch ($comment_action) { |
---|
218 | case 'moderate': |
---|
219 | array_push( $infos, 'comment_to_validate' ); |
---|
220 | case 'validate': |
---|
221 | array_push( $infos, 'comment_added'); |
---|
222 | break; |
---|
223 | case 'reject': |
---|
224 | set_status_header(403); |
---|
225 | array_push($infos, 'comment_not_added' ); |
---|
226 | break; |
---|
227 | default: |
---|
228 | trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING); |
---|
229 | } |
---|
230 | // allow plugins to notify what's going on |
---|
231 | trigger_action( 'user_comment_insertion', |
---|
232 | array_merge($comment_array, array('action'=>$comment_action))); |
---|
233 | if ($comment_action=='reject') { |
---|
234 | $this->displayError($infos); |
---|
235 | } else { |
---|
236 | $this->displayInfo($infos); |
---|
237 | } |
---|
238 | } |
---|
239 | |
---|
240 | function getCommentId($p_string_delete) { |
---|
241 | $comment_id = ""; |
---|
242 | $elements = split('\?', $p_string_delete); |
---|
243 | if (count($elements) > 1) { |
---|
244 | $elem_var = split('\&', $elements[1]); |
---|
245 | foreach ($elem_var as $var) { |
---|
246 | $key_value = split('=', $var); |
---|
247 | if (count($key_value) > 1) { |
---|
248 | switch ($key_value[0]) { |
---|
249 | case 'comment_to_delete': |
---|
250 | case 'delete': |
---|
251 | $comment_id = $key_value[1]; |
---|
252 | break; |
---|
253 | default: |
---|
254 | // No ID |
---|
255 | } |
---|
256 | } |
---|
257 | } |
---|
258 | } |
---|
259 | return $comment_id; |
---|
260 | } |
---|
261 | |
---|
262 | function displayError($p_error) { |
---|
263 | $this->displayMessage($p_error, CE_TYPE_ERROR, CE_ERRORS); |
---|
264 | } |
---|
265 | |
---|
266 | function displayInfo($p_info) { |
---|
267 | $this->displayMessage($p_info, CE_TYPE_INFO, CE_INFOS); |
---|
268 | } |
---|
269 | |
---|
270 | function displayMessage($p_message, $p_type, $p_image) { |
---|
271 | // Include language advices |
---|
272 | load_language('plugin.lang', CE_PATH); |
---|
273 | |
---|
274 | $messages = array(); |
---|
275 | foreach ($p_message as $message) { |
---|
276 | array_push($messages, l10n($message)); |
---|
277 | } |
---|
278 | $message_array = array( |
---|
279 | 'TYPE' => $p_type, |
---|
280 | 'IMG' => $p_image, |
---|
281 | 'TITLE' => l10n($p_type), |
---|
282 | 'MSG' => $messages |
---|
283 | ); |
---|
284 | |
---|
285 | global $template; |
---|
286 | $template->set_filenames(array('ce_message'=>$this->getTemplate('message.tpl'))); |
---|
287 | $template->block_html_head( '', |
---|
288 | '<link rel="stylesheet" type="text/css" href="'.CE_STYLE.'">', |
---|
289 | $smarty, $repeat); |
---|
290 | $begin = 'PLUGIN_INDEX_CONTENT_BEFORE'; |
---|
291 | $template->assign('message', $message_array); |
---|
292 | $old_begin = $template->get_template_vars($begin); |
---|
293 | $template->assign($begin, $template->parse('ce_message', true)); |
---|
294 | $template->concat($begin, $old_begin); |
---|
295 | } |
---|
296 | |
---|
297 | function displayComment($p_comment) { |
---|
298 | global $template; |
---|
299 | |
---|
300 | $template->set_filenames(array('ce_edit'=>$this->getTemplate())); |
---|
301 | $template->block_html_head( '', |
---|
302 | '<link rel="stylesheet" type="text/css" href="'.CE_STYLE.'">', |
---|
303 | $smarty, $repeat); |
---|
304 | $begin = 'PLUGIN_INDEX_CONTENT_BEFORE'; |
---|
305 | $end = 'PLUGIN_INDEX_CONTENT_AFTER'; |
---|
306 | $template->assign($begin, null); |
---|
307 | $template->assign($end, null); |
---|
308 | $tplComment = array( |
---|
309 | 'CONTENT' => $p_comment->getInfo('content'), |
---|
310 | 'KEY' => $p_comment->getInfo('comment_id'), |
---|
311 | 'AUTHOR' => $p_comment->getInfo('author'), |
---|
312 | 'IMAGE' => $p_comment->getInfo('image_id'), |
---|
313 | 'DISABLED' => !is_admin(), |
---|
314 | 'USERS' => CE_Comment::getUsers(), |
---|
315 | 'F_ACTION' => $this->getUpdateUrlPrefix(), |
---|
316 | 'FREEAUTHOR'=> ($p_comment->isKnownAuthor())?'':'checked="checked"' |
---|
317 | ); |
---|
318 | $template->assign('comment', $tplComment); |
---|
319 | $template->concat($begin, $template->parse('ce_edit', true)); |
---|
320 | } |
---|
321 | |
---|
322 | function getEditUrlPrefix() { |
---|
323 | return self::$url_prefix . CE_ACTION_EDIT . '&' . CE_ID . '='; |
---|
324 | } |
---|
325 | |
---|
326 | function getUpdateUrlPrefix() { |
---|
327 | return self::$url_prefix . CE_ACTION_UPDATE; |
---|
328 | } |
---|
329 | |
---|
330 | } |
---|
331 | ?> |
---|