Context Navigation

source: extensions/Comments_on_Albums/include/functions_comment.inc.php @ 15999

Last change on this file since 15999 was 15999, checked in by mistic100, 12 years ago
move some code to BBCode Bar and Smilies Support
File size: 9.3 KB

Line
1	<?php
2	/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3
4	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5	add_event_handler('user_comment_check_albums', 'user_comment_check',
6	EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
7
8	/**
9	* Tries to insert a user comment in the database and returns one of :
10	* validate, moderate, reject
11	* @param array comm contains author, content, category_id
12	* @param string key secret key sent back to the browser
13	* @param array infos out array of messages
14	*/
15	function insert_user_comment_albums( &$comm, $key, &$infos )
16	{
17	global $conf, $user;
18
19	$comm = array_merge( $comm,
20	array(
21	'ip' => $_SERVER['REMOTE_ADDR'],
22	'agent' => $_SERVER['HTTP_USER_AGENT']
23	)
24	);
25
26	$infos = array();
27	if (!$conf['comments_validation'] or is_admin())
28	{
29	$comment_action='validate'; //one of validate, moderate, reject
30	}
31	else
32	{
33	$comment_action='moderate'; //one of validate, moderate, reject
34	}
35
36	// display author field if the user status is guest or generic
37	if (!is_classic_user())
38	{
39	if ( empty($comm['author']) )
40	{
41	$comm['author'] = 'guest';
42	}
43	$comm['author_id'] = $conf['guest_id'];
44	// if a guest try to use the name of an already existing user, he must be
45	// rejected
46	if ( $comm['author'] != 'guest' )
47	{
48	$query = '
49	SELECT COUNT(*) AS user_exists
50	FROM '.USERS_TABLE.'
51	WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
52	$row = pwg_db_fetch_assoc( pwg_query( $query ) );
53	if ( $row['user_exists'] == 1 )
54	{
55	array_push($infos, l10n('This login is already used by another user') );
56	$comment_action='reject';
57	}
58	}
59	}
60	else
61	{
62	$comm['author'] = addslashes($user['username']);
63	$comm['author_id'] = $user['id'];
64	}
65
66	if ( empty($comm['content']) )
67	{ // empty comment content
68	$comment_action='reject';
69	}
70
71	if ( !verify_ephemeral_key(@$key, $comm['category_id']) )
72	{
73	$comment_action='reject';
74	$_POST['cr'][] = 'key';
75	}
76
77	// anonymous id = ip address
78	$ip_components = explode('.', $comm['ip']);
79	if (count($ip_components) > 3)
80	{
81	array_pop($ip_components);
82	}
83	$comm['anonymous_id'] = implode('.', $ip_components);
84
85	if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
86	{ // anti-flood system
87	$reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
88
89	$query = '
90	SELECT count(1) FROM '.COA_TABLE.'
91	WHERE date > '.$reference_date.'
92	AND author_id = '.$comm['author_id'];
93	if (!is_classic_user())
94	{
95	$query.= '
96	AND anonymous_id = "'.$comm['anonymous_id'].'"';
97	}
98	$query.= '
99	;';
100
101	list($counter) = pwg_db_fetch_row(pwg_query($query));
102	if ( $counter > 0 )
103	{
104	array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
105	$comment_action='reject';
106	}
107	}
108
109	// perform more spam check
110	$comment_action = trigger_event('user_comment_check_albums',
111	$comment_action, $comm
112	);
113
114	if ( $comment_action!='reject' )
115	{
116	$query = '
117	INSERT INTO '.COA_TABLE.'
118	(author, author_id, content, date, validated, validation_date, category_id)
119	VALUES (
120	\''.$comm['author'].'\',
121	'.$comm['author_id'].',
122	\''.$comm['content'].'\',
123	NOW(),
124	\''.($comment_action=='validate' ? 'true':'false').'\',
125	'.($comment_action=='validate' ? 'NOW()':'NULL').',
126	'.$comm['category_id'].'
127	)
128	';
129
130	pwg_query($query);
131
132	$comm['id'] = pwg_db_insert_id(COA_TABLE);
133
134	if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
135	or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
136	{
137	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
138
139	$comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comm['id'];
140
141	$keyargs_content = array
142	(
143	get_l10n_args('Author: %s', stripslashes($comm['author']) ),
144	get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
145	get_l10n_args('', ''),
146	get_l10n_args('Manage this user comment: %s', $comment_url)
147	);
148
149	if ('moderate' == $comment_action)
150	{
151	$keyargs_content[] = get_l10n_args('', '');
152	$keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
153	}
154
155	pwg_mail_notification_admins
156	(
157	get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
158	$keyargs_content
159	);
160	}
161	}
162	return $comment_action;
163	}
164
165	/**
166	* Tries to delete a user comment in the database
167	* only admin can delete all comments
168	* other users can delete their own comments
169	* so to avoid a new sql request we add author in where clause
170	*
171	* @param comment_id
172	*/
173	function delete_user_comment_albums($comment_id)
174	{
175	$user_where_clause = '';
176	if (!is_admin())
177	{
178	$user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
179	}
180
181	if (is_array($comment_id))
182	$where_clause = 'id IN('.implode(',', $comment_id).')';
183	else
184	$where_clause = 'id = '.$comment_id;
185
186	$query = '
187	DELETE FROM '.COA_TABLE.'
188	WHERE '.$where_clause.
189	$user_where_clause.'
190	;';
191	$result = pwg_query($query);
192
193	if ($result)
194	{
195	email_admin('delete',
196	array('author' => $GLOBALS['user']['username'],
197	'comment_id' => $comment_id
198	));
199	}
200
201	trigger_action('user_comment_deletion', $comment_id, 'category');
202	}
203
204	/**
205	* Tries to update a user comment in the database
206	* only admin can update all comments
207	* users can edit their own comments if admin allow them
208	* so to avoid a new sql request we add author in where clause
209	*
210	* @param comment_id
211	* @param post_key
212	* @param content
213	*/
214	function update_user_comment_albums($comment, $post_key)
215	{
216	global $conf;
217
218	$comment_action = 'validate';
219
220	if ( !verify_ephemeral_key($post_key, $comment['category_id']) )
221	{
222	$comment_action='reject';
223	}
224	elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
225	{
226	$comment_action='validate'; //one of validate, moderate, reject
227	}
228	else
229	{
230	$comment_action='moderate'; //one of validate, moderate, reject
231	}
232
233	// perform more spam check
234	$comment_action =
235	trigger_event('user_comment_check_albums',
236	$comment_action,
237	array_merge($comment,
238	array('author' => $GLOBALS['user']['username'])
239	)
240	);
241
242	if ( $comment_action!='reject' )
243	{
244	$user_where_clause = '';
245	if (!is_admin())
246	{
247	$user_where_clause = ' AND author_id = \''.
248	$GLOBALS['user']['id'].'\'';
249	}
250
251	$query = '
252	UPDATE '.COA_TABLE.'
253	SET content = \''.$comment['content'].'\',
254	validated = \''.($comment_action=='validate' ? 'true':'false').'\',
255	validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
256	WHERE id = '.$comment['comment_id'].
257	$user_where_clause.'
258	;';
259	$result = pwg_query($query);
260
261	// mail admin and ask to validate the comment
262	if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action)
263	{
264	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
265
266	$comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comment['comment_id'];
267
268	$keyargs_content = array
269	(
270	get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
271	get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
272	get_l10n_args('', ''),
273	get_l10n_args('Manage this user comment: %s', $comment_url),
274	get_l10n_args('', ''),
275	get_l10n_args('(!) This comment requires validation', ''),
276	);
277
278	pwg_mail_notification_admins
279	(
280	get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
281	$keyargs_content
282	);
283	}
284	// just mail admin
285	else if ($result)
286	{
287	email_admin('edit', array('author' => $GLOBALS['user']['username'],
288	'content' => stripslashes($comment['content'])) );
289	}
290	}
291
292	return $comment_action;
293	}
294
295	function get_comment_author_id_albums($comment_id, $die_on_error=true)
296	{
297	$query = '
298	SELECT
299	author_id
300	FROM '.COA_TABLE.'
301	WHERE id = '.$comment_id.'
302	;';
303	$result = pwg_query($query);
304	if (pwg_db_num_rows($result) == 0)
305	{
306	if ($die_on_error)
307	{
308	fatal_error('Unknown comment identifier');
309	}
310	else
311	{
312	return false;
313	}
314	}
315
316	list($author_id) = pwg_db_fetch_row($result);
317
318	return $author_id;
319	}
320
321	/**
322	* Tries to validate a user comment in the database
323	* @param int or array of int comment_id
324	*/
325	function validate_user_comment_albums($comment_id)
326	{
327	if (is_array($comment_id))
328	$where_clause = 'id IN('.implode(',', $comment_id).')';
329	else
330	$where_clause = 'id = '.$comment_id;
331
332	$query = '
333	UPDATE '.COA_TABLE.'
334	SET validated = \'true\'
335	, validation_date = NOW()
336	WHERE '.$where_clause.'
337	;';
338	pwg_query($query);
339
340	trigger_action('user_comment_validation', $comment_id, 'category');
341	}
342	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: