source: extensions/Comments_on_Albums/include/functions_comment.inc.php @ 10984

Last change on this file since 10984 was 10984, checked in by mistic100, 13 years ago

code cleanup

File size: 10.0 KB
Line 
1<?php
2/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3
4//returns string action to perform on a new comment: validate, moderate, reject
5if (!function_exists('user_comment_check')) {
6  function user_comment_check($action, $comment)
7  {
8    global $conf,$user;
9
10    if ($action=='reject')
11    return $action;
12
13    $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
14
15    if ($action==$my_action)
16    return $action;
17
18    // we do here only BASIC spam check (plugins can do more)
19    if ( !is_a_guest() )
20    return $action;
21
22    $link_count = preg_match_all( '/https?:\/\//',
23    $comment['content'], $matches);
24
25    if ( strpos($comment['author'], 'http://')!==false )
26    {
27    $link_count++;
28    }
29
30    if ( $link_count>$conf['comment_spam_max_links'] )
31    return $my_action;
32
33    return $action;
34  }
35}
36
37
38add_event_handler('user_comment_check', 'user_comment_check',
39  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
40
41/**
42 * Tries to insert a user comment in the database and returns one of :
43 * validate, moderate, reject
44 * @param array comm contains author, content, image_id
45 * @param string key secret key sent back to the browser
46 * @param array infos out array of messages
47 */
48function insert_user_comment_albums( &$comm, $key, &$infos )
49{
50  global $conf, $user;
51
52  $comm = array_merge( $comm,
53    array(
54      'ip' => $_SERVER['REMOTE_ADDR'],
55      'agent' => $_SERVER['HTTP_USER_AGENT']
56    )
57   );
58
59  $infos = array();
60  if (!$conf['comments_validation'] or is_admin())
61  {
62    $comment_action='validate'; //one of validate, moderate, reject
63  }
64  else
65  {
66    $comment_action='moderate'; //one of validate, moderate, reject
67  }
68
69  // display author field if the user status is guest or generic
70  if (!is_classic_user())
71  {
72    if ( empty($comm['author']) )
73    {
74      $comm['author'] = 'guest';
75    }
76    $comm['author_id'] = $conf['guest_id'];
77    // if a guest try to use the name of an already existing user, he must be
78    // rejected
79    if ( $comm['author'] != 'guest' )
80    {
81      $query = '
82SELECT COUNT(*) AS user_exists
83  FROM '.USERS_TABLE.'
84  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
85      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
86      if ( $row['user_exists'] == 1 )
87      {
88        array_push($infos, l10n('This login is already used by another user') );
89        $comment_action='reject';
90      }
91    }
92  }
93  else
94  {
95    $comm['author'] = addslashes($user['username']);
96    $comm['author_id'] = $user['id'];
97  }
98
99  if ( empty($comm['content']) )
100  { // empty comment content
101    $comment_action='reject';
102  }
103
104  if ( !verify_ephemeral_key(@$key, $comm['image_id']) )
105  {
106    $comment_action='reject';
107  }
108
109  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
110  { // anti-flood system
111    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
112
113    $query = '
114SELECT count(1) FROM '.COA_TABLE.'
115  WHERE date > '.$reference_date.'
116    AND author_id = '.$comm['author_id'];
117    list($counter) = pwg_db_fetch_row(pwg_query($query));
118    if ( $counter > 0 )
119    {
120      array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
121      $comment_action='reject';
122    }
123  }
124
125  // perform more spam check
126  $comment_action = trigger_event('user_comment_check',
127      $comment_action, $comm
128    );
129
130  if ( $comment_action!='reject' )
131  {
132    $query = '
133INSERT INTO '.COA_TABLE.'
134  (author, author_id, content, date, validated, validation_date, category_id)
135  VALUES (
136    \''.$comm['author'].'\',
137    '.$comm['author_id'].',
138    \''.$comm['content'].'\',
139    NOW(),
140    \''.($comment_action=='validate' ? 'true':'false').'\',
141    '.($comment_action=='validate' ? 'NOW()':'NULL').',
142    '.$comm['image_id'].'
143  )
144';
145
146    pwg_query($query);
147
148    $comm['id'] = pwg_db_insert_id(COA_TABLE);
149
150    if ($conf['email_admin_on_comment']
151        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
152    {
153      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
154
155      $comment_url = get_absolute_root_url().'comments.php?comment_id='.$comm['id'];
156
157      $keyargs_content = array
158      (
159        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
160        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
161        get_l10n_args('', ''),
162        get_l10n_args('Manage this user comment: %s', $comment_url)
163      );
164
165      if ('moderate' == $comment_action)
166      {
167        $keyargs_content[] = get_l10n_args('', '');
168        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
169      }
170
171      pwg_mail_notification_admins
172      (
173        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
174        $keyargs_content
175      );
176    }
177  }
178  return $comment_action;
179}
180
181/**
182 * Tries to delete a user comment in the database
183 * only admin can delete all comments
184 * other users can delete their own comments
185 * so to avoid a new sql request we add author in where clause
186 *
187 * @param comment_id
188 */
189function delete_user_comment_albums($comment_id) {
190  $user_where_clause = '';
191  if (!is_admin())
192  {
193    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
194  }
195  $query = '
196DELETE FROM '.COA_TABLE.'
197  WHERE id = '.$comment_id.
198$user_where_clause.'
199;';
200  $result = pwg_query($query);
201  if ($result) {
202    email_admin('delete', 
203                array('author' => $GLOBALS['user']['username'],
204                      'comment_id' => $comment_id
205                  ));
206  }
207}
208
209/**
210 * Tries to update a user comment in the database
211 * only admin can update all comments
212 * users can edit their own comments if admin allow them
213 * so to avoid a new sql request we add author in where clause
214 *
215 * @param comment_id
216 * @param post_key
217 * @param content
218 */
219function update_user_comment_albums($comment, $post_key)
220{
221  global $conf;
222
223  $comment_action = 'validate';
224
225  if ( !verify_ephemeral_key($post_key, $comment['image_id']) )
226  {
227    $comment_action='reject';
228  }
229
230  // perform more spam check
231  $comment_action =
232    trigger_event('user_comment_check',
233      $comment_action,
234      array_merge($comment,
235            array('author' => $GLOBALS['user']['username'])
236            )
237      );
238
239  if ( $comment_action!='reject' )
240  {
241    $user_where_clause = '';
242    if (!is_admin())
243    {
244      $user_where_clause = '   AND author_id = \''.
245  $GLOBALS['user']['id'].'\'';
246    }
247   
248    // should the updated comment must be validated
249    if (!$conf['comments_validation'] or is_admin())
250    {
251      $comment_action='validate'; //one of validate, moderate, reject
252    }
253    else
254    {
255      $comment_action='moderate'; //one of validate, moderate, reject
256    }
257
258    $query = '
259UPDATE '.COA_TABLE.'
260  SET content = \''.$comment['content'].'\',
261      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
262      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
263  WHERE id = '.$comment['comment_id'].
264$user_where_clause.'
265;';
266    $result = pwg_query($query);
267   
268    // mail admin and ask to validate the comment
269    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
270    {
271      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
272
273      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comment['comment_id'];
274
275      $keyargs_content = array
276      (
277        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
278        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
279        get_l10n_args('', ''),
280        get_l10n_args('Manage this user comment: %s', $comment_url),
281        get_l10n_args('', ''),
282        get_l10n_args('(!) This comment requires validation', ''),
283      );
284
285      pwg_mail_notification_admins
286      (
287        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
288        $keyargs_content
289      );
290    }
291    // just mail admin
292    else if ($result)
293    {
294      email_admin('edit', array('author' => $GLOBALS['user']['username'],
295        'content' => stripslashes($comment['content'])) );
296    }
297  }
298 
299  return $comment_action;
300}
301
302if (!function_exists('email_admin')) {
303  function email_admin($action, $comment)
304  {
305    global $conf;
306
307    if (!in_array($action, array('edit', 'delete'))
308      or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
309      or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
310    {
311    return;
312    }
313
314    include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
315
316    $keyargs_content = array();
317    $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
318    if ($action=='delete')
319    {
320    $keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
321               $comment['comment_id']
322               );
323    }
324    else
325    {
326    $keyargs_content[] = get_l10n_args('This author modified following comment:', '');
327    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
328    }
329
330    pwg_mail_notification_admins(get_l10n_args('Comment by %s',
331               $comment['author']),
332             $keyargs_content
333             );
334  }
335}
336
337function get_comment_author_id_albums($comment_id, $die_on_error=true)
338{
339  $query = '
340SELECT
341    author_id
342  FROM '.COA_TABLE.'
343  WHERE id = '.$comment_id.'
344;';
345  $result = pwg_query($query);
346  if (pwg_db_num_rows($result) == 0)
347  {
348    if ($die_on_error)
349    {
350      fatal_error('Unknown comment identifier');
351    }
352    else
353    {
354      return false;
355    }
356  }
357 
358  list($author_id) = pwg_db_fetch_row($result);
359
360  return $author_id;
361}
362
363function validate_user_comment_albums($comment_id)
364{
365  $query = '
366UPDATE '.COA_TABLE.'
367  SET validated = \'true\'
368    , validation_date = NOW()
369  WHERE id = '.$comment_id.'
370;';
371  pwg_query($query);
372}
373?>
Note: See TracBrowser for help on using the repository browser.