source: extensions/Comments_Access_Manager/include/functions.inc.php @ 11204

Last change on this file since 11204 was 11204, checked in by Eric, 9 years ago

Bug fixed : If "Comments for all" is disabled and guest user uses a nickname already in use, the comment was automatically accepted and validated.
New version 2.2.3 hard coded for publication.

  • Property svn:eol-style set to LF
File size: 6.9 KB
Line 
1<?php
2load_language('plugin.lang', CM_PATH);
3
4
5/**
6 * Triggered on get_admin_plugin_menu_links
7 *
8 * Plugin's administration menu
9 */
10function CM_admin_menu($menu)
11{
12// +-----------------------------------------------------------------------+
13// |                      Getting plugin name                              |
14// +-----------------------------------------------------------------------+
15  $plugin =  CM_Infos(CM_PATH);
16  $name = $plugin['name'];
17 
18  array_push($menu,
19    array(
20      'NAME' => $name,
21      'URL' => get_root_url().'admin.php?page=plugin-'.basename(CM_PATH)
22    )
23  );
24
25  return $menu;
26}
27
28
29/**
30 * Check comment rules set in plugin before accepting it
31 *
32 * @param : comment action, comment
33 *
34 * @return : comment action
35 *
36 */
37function CM_CheckComment($comment_action, $comm)
38{
39  load_language('plugin.lang', CM_PATH);
40  global $infos, $conf, $user;
41
42  $conf_CM = unserialize($conf['CommentsManager']);
43
44  if ($conf['comments_forall'])
45  {
46    // Does not allow empty author name on comments for all
47    if ((isset($conf_CM[1]) and $conf_CM[1] == 'true') and $comm['author'] == 'guest')
48    {
49      $comment_action = 'reject';
50
51      array_push($infos, l10n('CM_Empty Author'));
52    }
53    elseif ((isset($conf_CM[6]) and $conf_CM[6] == 'true') and !$comm['author'] == 'guest')
54    {
55      if (CM_CheckValidGroup($comm['author']) or is_admin())
56      {
57        $comment_action = 'validate'; // Comment is validated if author is not in the validated group
58      }
59      else
60      {
61        $comment_action = 'moderate'; // Comment needs moderation if author is not in the validated group
62      }
63    }
64  }
65
66// Rules on comments NOT for all
67  if (!$conf['comments_forall'] and !is_admin())
68  {
69    if ((isset($conf_CM[2]) and $conf_CM[2] == 'true') and (isset($conf_CM[4]) and $conf_CM[4] == 'false') and !CM_CheckAuthor($comm['author'])) // Comments authorized group set - Auto validation group unset
70    {
71      $comment_action = 'reject'; // Comment rejected if author is not in the allowed group
72      array_push($infos, l10n('CM_Not_Allowed_Author'));
73    }
74    elseif ((isset($conf_CM[2]) and $conf_CM[2] == 'false') and (isset($conf_CM[4]) and $conf_CM[4] == 'true') and $conf['comments_validation']) // Comments authorized group unset - Auto validation group set
75    {
76      if (CM_CheckValidGroup($comm['author']))
77      {
78        $comment_action = 'validate'; // Comment is validated if author is not in the validated group
79      }
80      else
81      {
82        $comment_action = 'moderate'; // Comment needs moderation if author is not in the validated group
83      }
84    }
85    elseif ((isset($conf_CM[2]) and $conf_CM[2] == 'true') and (isset($conf_CM[4]) and $conf_CM[4] == 'true') and $conf['comments_validation']) // Comments authorized group set - Auto validation group set
86    {
87      if (!CM_CheckAuthor($comm['author']))
88      {
89        $comment_action = 'reject'; // Comment rejected if author is not in the allowed group
90        array_push($infos, l10n('CM_Not_Allowed_Author'));
91      }
92      elseif (CM_CheckValidGroup($comm['author']))
93      {
94        $comment_action = 'validate'; // Comment is validated if author is not in the validated group
95      }
96      else
97        $comment_action = 'moderate'; // Comment needs moderation if author is not in the validated group
98    }
99  }
100
101  return $comment_action;
102}
103
104
105/**
106 * Checks if comment's author name is in the allowed group
107 *
108 * @author   : author's name
109 *
110 * @returns  : Boolean (true is user is allowed to post / false if not allowed)
111 *
112 */
113function CM_CheckAuthor($author)
114{
115  global $conf;
116 
117        // Get CM configuration
118  $conf_CM = unserialize($conf['CommentsManager']);
119 
120  if (isset($conf_CM[3]) and $conf_CM[3] <> -1)
121  {
122    $query = '
123SELECT u.id,
124       u.username,
125       ug.user_id,
126       ug.group_id
127FROM '.USERS_TABLE.' AS u
128  INNER JOIN '.USER_GROUP_TABLE.' AS ug
129    ON u.id = ug.user_id
130WHERE u.username LIKE "'.$author.'"
131  AND ug.group_id = '.$conf_CM[3].'
132;';
133
134    $count = pwg_db_num_rows(pwg_query($query));
135
136    if (is_null($count) or $count == 0)
137    {
138      return false;
139    }
140    else
141      return true;
142  }
143}
144
145
146/**
147 * Checks if comment's author name is in the admin's pre-validated group
148 * avoid admins to validate comments for the members of this group
149 *
150 * @author   : author's name
151 *
152 * @returns  : Boolean (true if user's comment doesn't need validation / false if user's comment is moderated)
153 *
154 */
155function CM_CheckValidGroup($author)
156{
157  global $conf;
158 
159        // Get CM configuration
160  $conf_CM = unserialize($conf['CommentsManager']);
161 
162  if ($conf['comments_forall'])
163  {
164    if (isset($conf_CM[7]) and $conf_CM[7] <> -1)
165    {
166      $group_id = $conf_CM[7];
167    }
168  }
169  else
170  {
171    if (isset($conf_CM[5]) and $conf_CM[5] <> -1)
172    {
173      $group_id = $conf_CM[5];
174    }
175  }
176
177  $query = '
178SELECT u.id,
179       u.username,
180       ug.user_id,
181       ug.group_id
182FROM '.USERS_TABLE.' AS u
183  INNER JOIN '.USER_GROUP_TABLE.' AS ug
184    ON u.id = ug.user_id
185WHERE u.username LIKE "'.$author.'"
186  AND ug.group_id = '.$group_id.'
187;';
188
189  $count = pwg_db_num_rows(pwg_query($query));
190
191  if (is_null($count) or $count == 0)
192  {
193    return false;
194  }
195  else
196    return true;
197}
198
199
200/**
201 * Get the plugin version and name
202 *
203 * @param : plugin directory
204 *
205 * @return : plugin's version and name
206 *
207 */
208function CM_Infos($dir)
209{
210  $path = $dir;
211
212  $plg_data = implode( '', file($path.'main.inc.php') );
213  if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) )
214  {
215    $plugin['name'] = trim( $val[1] );
216  }
217  if (preg_match("|Version: (.*)|", $plg_data, $val))
218  {
219    $plugin['version'] = trim($val[1]);
220  }
221  if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) )
222  {
223    $plugin['uri'] = trim($val[1]);
224  }
225  if ($desc = load_language('description.txt', $path.'/', array('return' => true)))
226  {
227    $plugin['description'] = trim($desc);
228  }
229  elseif ( preg_match("|Description: (.*)|", $plg_data, $val) )
230  {
231    $plugin['description'] = trim($val[1]);
232  }
233  if ( preg_match("|Author: (.*)|", $plg_data, $val) )
234  {
235    $plugin['author'] = trim($val[1]);
236  }
237  if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
238  {
239    $plugin['author uri'] = trim($val[1]);
240  }
241  if (!empty($plugin['uri']) and strpos($plugin['uri'] , 'extension_view.php?eid='))
242  {
243    list( , $extension) = explode('extension_view.php?eid=', $plugin['uri']);
244    if (is_numeric($extension)) $plugin['extension'] = $extension;
245  }
246// IMPORTANT SECURITY !
247  $plugin = array_map('htmlspecialchars', $plugin);
248
249  return $plugin ;
250}
251
252
253/**
254 * Delete obsolete files on plugin upgrade
255 * Obsolete files are listed in file obsolete.list
256 *
257 */
258function CM_Obsolete_Files()
259{
260  if (file_exists(CM_PATH.'obsolete.list')
261    and $old_files = file(CM_PATH.'obsolete.list', FILE_IGNORE_NEW_LINES)
262    and !empty($old_files))
263  {
264    array_push($old_files, 'obsolete.list');
265    foreach($old_files as $old_file)
266    {
267      $path = CM_PATH.$old_file;
268      if (is_file($path))
269      {
270        @unlink($path);
271      }
272    }
273  }
274}
275?>
Note: See TracBrowser for help on using the repository browser.