source: extensions/Comments_on_Albums/include/functions_comment.inc.php @ 19762

Last change on this file since 19762 was 18927, checked in by mistic100, 12 years ago

update with Piwigo 2.5 features (website url, email, mandatory email and username)
File size: 10.6 KB
Line 
1<?php
2/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3
4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5add_event_handler('user_comment_check_albums', 'user_comment_check',
6  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
7
8/**
9 * Tries to insert a user comment in the database and returns one of :
10 * validate, moderate, reject
11 * @param array comm contains author, content, category_id
12 * @param string key secret key sent back to the browser
13 * @param array infos out array of messages
14 */
15function insert_user_comment_albums( &$comm, $key, &$infos )
16{
17  global $conf, $user;
18
19  $comm = array_merge( $comm,
20    array(
21      'ip' => $_SERVER['REMOTE_ADDR'],
22      'agent' => $_SERVER['HTTP_USER_AGENT']
23    )
24   );
25
26  $infos = array();
27  if (!$conf['comments_validation'] or is_admin())
28  {
29    $comment_action='validate'; //one of validate, moderate, reject
30  }
31  else
32  {
33    $comment_action='moderate'; //one of validate, moderate, reject
34  }
35
36  // display author field if the user status is guest or generic
37  if (!is_classic_user())
38  {
39    if ( empty($comm['author']) )
40    {
41      if ($conf['comments_author_mandatory'])
42      {
43        array_push($infos, l10n('Username is mandatory') );
44        $comment_action='reject';
45      }
46      $comm['author'] = 'guest';
47    }
48    $comm['author_id'] = $conf['guest_id'];
49    // if a guest try to use the name of an already existing user, he must be
50    // rejected
51    if ( $comm['author'] != 'guest' )
52    {
53      $query = '
54SELECT COUNT(*) AS user_exists
55  FROM '.USERS_TABLE.'
56  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
57      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
58      if ( $row['user_exists'] == 1 )
59      {
60        array_push($infos, l10n('This login is already used by another user') );
61        $comment_action='reject';
62      }
63    }
64  }
65  else
66  {
67    $comm['author'] = addslashes($user['username']);
68    $comm['author_id'] = $user['id'];
69  }
70
71  if ( empty($comm['content']) )
72  { // empty comment content
73    $comment_action='reject';
74  }
75
76  if ( !verify_ephemeral_key(@$key, $comm['category_id']) )
77  {
78    $comment_action='reject';
79    $_POST['cr'][] = 'key';
80  }
81 
82  // website
83  if (!empty($comm['website_url']))
84  {
85    if (!preg_match('/^https?/i', $comm['website_url']))
86    {
87      $comm['website_url'] = 'http://'.$comm['website_url'];
88    }
89    if (!url_check_format($comm['website_url']))
90    {
91      array_push($infos, l10n('Your website URL is invalid'));
92      $comment_action='reject';
93    }
94  }
95 
96  // email
97  if (empty($comm['email']))
98  {
99    if (!empty($user['email']))
100    {
101      $comm['email'] = $user['email'];
102    }
103    else if ($conf['comments_email_mandatory'])
104    {
105      array_push($infos, l10n('Email address is missing. Please specify an email address.') );
106      $comment_action='reject';
107    }
108  }
109  else if (!email_check_format($comm['email']))
110  {
111    array_push($infos, l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));
112    $comment_action='reject';
113  }
114 
115  // anonymous id = ip address
116  $ip_components = explode('.', $comm['ip']);
117  if (count($ip_components) > 3)
118  {
119    array_pop($ip_components);
120  }
121  $comm['anonymous_id'] = implode('.', $ip_components);
122
123  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
124  { // anti-flood system
125    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
126
127    $query = '
128SELECT count(1) FROM '.COA_TABLE.'
129  WHERE date > '.$reference_date.'
130    AND author_id = '.$comm['author_id'];
131    if (!is_classic_user())
132    {
133      $query.= '
134      AND anonymous_id = "'.$comm['anonymous_id'].'"';
135    }
136    $query.= '
137;';
138
139    list($counter) = pwg_db_fetch_row(pwg_query($query));
140    if ( $counter > 0 )
141    {
142      array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
143      $comment_action='reject';
144    }
145  }
146
147  // perform more spam check
148  $comment_action = trigger_event('user_comment_check_albums',
149      $comment_action, $comm
150    );
151
152  if ( $comment_action!='reject' )
153  {
154    $query = '
155INSERT INTO '.COA_TABLE.'
156  (author, author_id, anonymous_id, content, date, validated, validation_date, category_id, website_url, email)
157  VALUES (
158    \''.$comm['author'].'\',
159    '.$comm['author_id'].',
160    \''.$comm['anonymous_id'].'\',
161    \''.$comm['content'].'\',
162    NOW(),
163    \''.($comment_action=='validate' ? 'true':'false').'\',
164    '.($comment_action=='validate' ? 'NOW()':'NULL').',
165    '.$comm['category_id'].',
166    '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').',
167    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
168  )
169';
170
171    pwg_query($query);
172
173    $comm['id'] = pwg_db_insert_id(COA_TABLE);
174
175    if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
176        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
177    {
178      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
179
180      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comm['id'];
181
182      $keyargs_content = array
183      (
184        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
185        get_l10n_args('Email: %s', stripslashes($comm['email']) ),
186        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
187        get_l10n_args('', ''),
188        get_l10n_args('Manage this user comment: %s', $comment_url)
189      );
190
191      if ('moderate' == $comment_action)
192      {
193        $keyargs_content[] = get_l10n_args('', '');
194        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
195      }
196
197      pwg_mail_notification_admins
198      (
199        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
200        $keyargs_content
201      );
202    }
203  }
204  return $comment_action;
205}
206
207/**
208 * Tries to delete a user comment in the database
209 * only admin can delete all comments
210 * other users can delete their own comments
211 * so to avoid a new sql request we add author in where clause
212 *
213 * @param comment_id
214 */
215function delete_user_comment_albums($comment_id) 
216{
217  $user_where_clause = '';
218  if (!is_admin())
219  {
220    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
221  }
222 
223  if (is_array($comment_id))
224    $where_clause = 'id IN('.implode(',', $comment_id).')';
225  else
226    $where_clause = 'id = '.$comment_id;
227 
228  $query = '
229DELETE FROM '.COA_TABLE.'
230  WHERE '.$where_clause.
231$user_where_clause.'
232;';
233  $result = pwg_query($query);
234 
235  if ($result) 
236  {
237    email_admin('delete', 
238                array('author' => $GLOBALS['user']['username'],
239                      'comment_id' => $comment_id
240                  ));
241  }
242 
243  trigger_action('user_comment_deletion', $comment_id, 'category');
244}
245
246/**
247 * Tries to update a user comment in the database
248 * only admin can update all comments
249 * users can edit their own comments if admin allow them
250 * so to avoid a new sql request we add author in where clause
251 *
252 * @param comment_id
253 * @param post_key
254 * @param content
255 */
256function update_user_comment_albums($comment, $post_key)
257{
258  global $conf;
259
260  $comment_action = 'validate';
261
262  if ( !verify_ephemeral_key($post_key, $comment['category_id']) )
263  {
264    $comment_action='reject';
265  }
266  elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
267  {
268    $comment_action='validate'; //one of validate, moderate, reject
269  }
270  else
271  {
272    $comment_action='moderate'; //one of validate, moderate, reject
273  }
274
275  // perform more spam check
276  $comment_action =
277    trigger_event('user_comment_check_albums',
278      $comment_action,
279      array_merge($comment,
280            array('author' => $GLOBALS['user']['username'])
281            )
282      );
283
284  if ( $comment_action!='reject' )
285  {
286    $user_where_clause = '';
287    if (!is_admin())
288    {
289      $user_where_clause = '   AND author_id = \''.
290  $GLOBALS['user']['id'].'\'';
291    }
292
293    $query = '
294UPDATE '.COA_TABLE.'
295  SET content = \''.$comment['content'].'\',
296      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
297      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
298  WHERE id = '.$comment['comment_id'].
299$user_where_clause.'
300;';
301    $result = pwg_query($query);
302   
303    // mail admin and ask to validate the comment
304    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
305    {
306      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
307
308      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&amp;comment_id='.$comment['comment_id'];
309
310      $keyargs_content = array
311      (
312        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
313        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
314        get_l10n_args('', ''),
315        get_l10n_args('Manage this user comment: %s', $comment_url),
316        get_l10n_args('', ''),
317        get_l10n_args('(!) This comment requires validation', ''),
318      );
319
320      pwg_mail_notification_admins
321      (
322        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
323        $keyargs_content
324      );
325    }
326    // just mail admin
327    else if ($result)
328    {
329      email_admin('edit', array('author' => $GLOBALS['user']['username'],
330        'content' => stripslashes($comment['content'])) );
331    }
332  }
333 
334  return $comment_action;
335}
336
337function get_comment_author_id_albums($comment_id, $die_on_error=true)
338{
339  $query = '
340SELECT
341    author_id
342  FROM '.COA_TABLE.'
343  WHERE id = '.$comment_id.'
344;';
345  $result = pwg_query($query);
346  if (pwg_db_num_rows($result) == 0)
347  {
348    if ($die_on_error)
349    {
350      fatal_error('Unknown comment identifier');
351    }
352    else
353    {
354      return false;
355    }
356  }
357 
358  list($author_id) = pwg_db_fetch_row($result);
359
360  return $author_id;
361}
362
363/**
364 * Tries to validate a user comment in the database
365 * @param int or array of int comment_id
366 */
367function validate_user_comment_albums($comment_id)
368{
369  if (is_array($comment_id))
370    $where_clause = 'id IN('.implode(',', $comment_id).')';
371  else
372    $where_clause = 'id = '.$comment_id;
373   
374  $query = '
375UPDATE '.COA_TABLE.'
376  SET validated = \'true\'
377    , validation_date = NOW()
378  WHERE '.$where_clause.'
379;';
380  pwg_query($query);
381 
382  trigger_action('user_comment_validation', $comment_id, 'category');
383}
384?>
Note: See TracBrowser for help on using the repository browser.