source: extensions/Comments_on_Albums/trunk/include/functions_comment.inc.php @ 21347

Last change on this file since 21347 was 21347, checked in by mistic100, 11 years ago

update PWG Stuffs module, use UNIX eol
File size: 10.2 KB
Line 
1<?php
2/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3
4include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
5add_event_handler('user_comment_check_albums', 'user_comment_check',
6  EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
7
8/**
9 * Tries to insert a user comment in the database and returns one of :
10 * validate, moderate, reject
11 * @param array comm contains author, content, category_id
12 * @param string key secret key sent back to the browser
13 * @param array infos out array of messages
14 */
15function insert_user_comment_albums( &$comm, $key, &$infos )
16{
17  global $conf, $user;
18
19  $comm = array_merge( $comm,
20    array(
21      'ip' => $_SERVER['REMOTE_ADDR'],
22      'agent' => $_SERVER['HTTP_USER_AGENT']
23    )
24   );
25
26  $infos = array();
27  if (!$conf['comments_validation'] or is_admin())
28  {
29    $comment_action='validate'; //one of validate, moderate, reject
30  }
31  else
32  {
33    $comment_action='moderate'; //one of validate, moderate, reject
34  }
35
36  // display author field if the user status is guest or generic
37  if (!is_classic_user())
38  {
39    if ( empty($comm['author']) )
40    {
41      if ($conf['comments_author_mandatory'])
42      {
43        array_push($infos, l10n('Username is mandatory') );
44        $comment_action='reject';
45      }
46      $comm['author'] = 'guest';
47    }
48    $comm['author_id'] = $conf['guest_id'];
49    // if a guest try to use the name of an already existing user, he must be
50    // rejected
51    if ( $comm['author'] != 'guest' )
52    {
53      $query = '
54SELECT COUNT(*) AS user_exists
55  FROM '.USERS_TABLE.'
56  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
57      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
58      if ( $row['user_exists'] == 1 )
59      {
60        array_push($infos, l10n('This login is already used by another user') );
61        $comment_action='reject';
62      }
63    }
64  }
65  else
66  {
67    $comm['author'] = addslashes($user['username']);
68    $comm['author_id'] = $user['id'];
69  }
70
71  if ( empty($comm['content']) )
72  { // empty comment content
73    $comment_action='reject';
74  }
75
76  if ( !verify_ephemeral_key(@$key, $comm['category_id']) )
77  {
78    $comment_action='reject';
79    $_POST['cr'][] = 'key';
80  }
81 
82  // website
83  if (!empty($comm['website_url']))
84  {
85    if (!preg_match('/^https?/i', $comm['website_url']))
86    {
87      $comm['website_url'] = 'http://'.$comm['website_url'];
88    }
89    if (!url_check_format($comm['website_url']))
90    {
91      array_push($infos, l10n('Your website URL is invalid'));
92      $comment_action='reject';
93    }
94  }
95 
96  // email
97  if (empty($comm['email']))
98  {
99    if (!empty($user['email']))
100    {
101      $comm['email'] = $user['email'];
102    }
103    else if ($conf['comments_email_mandatory'])
104    {
105      array_push($infos, l10n('Email address is missing. Please specify an email address.') );
106      $comment_action='reject';
107    }
108  }
109  else if (!email_check_format($comm['email']))
110  {
111    array_push($infos, l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));
112    $comment_action='reject';
113  }
114 
115  // anonymous id = ip address
116  $ip_components = explode('.', $comm['ip']);
117  if (count($ip_components) > 3)
118  {
119    array_pop($ip_components);
120  }
121  $comm['anonymous_id'] = implode('.', $ip_components);
122
123  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
124  { // anti-flood system
125    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
126
127    $query = '
128SELECT count(1) FROM '.COA_TABLE.'
129  WHERE date > '.$reference_date.'
130    AND author_id = '.$comm['author_id'];
131    if (!is_classic_user())
132    {
133      $query.= '
134      AND anonymous_id = "'.$comm['anonymous_id'].'"';
135    }
136    $query.= '
137;';
138
139    list($counter) = pwg_db_fetch_row(pwg_query($query));
140    if ( $counter > 0 )
141    {
142      array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
143      $comment_action='reject';
144    }
145  }
146
147  // perform more spam check
148  $comment_action = trigger_event('user_comment_check_albums',
149      $comment_action, $comm
150    );
151
152  if ( $comment_action!='reject' )
153  {
154    $query = '
155INSERT INTO '.COA_TABLE.'
156  (author, author_id, anonymous_id, content, date, validated, validation_date, category_id, website_url, email)
157  VALUES (
158    \''.$comm['author'].'\',
159    '.$comm['author_id'].',
160    \''.$comm['anonymous_id'].'\',
161    \''.$comm['content'].'\',
162    NOW(),
163    \''.($comment_action=='validate' ? 'true':'false').'\',
164    '.($comment_action=='validate' ? 'NOW()':'NULL').',
165    '.$comm['category_id'].',
166    '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').',
167    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
168  )
169';
170
171    pwg_query($query);
172
173    $comm['id'] = pwg_db_insert_id(COA_TABLE);
174
175    if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
176        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
177    {
178      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
179
180      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comm['id'];
181
182      $keyargs_content = array
183      (
184        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
185        get_l10n_args('Email: %s', stripslashes($comm['email']) ),
186        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
187        get_l10n_args('', ''),
188        get_l10n_args('Manage this user comment: %s', $comment_url)
189      );
190
191      if ('moderate' == $comment_action)
192      {
193        $keyargs_content[] = get_l10n_args('', '');
194        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
195      }
196
197      pwg_mail_notification_admins
198      (
199        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
200        $keyargs_content
201      );
202    }
203  }
204  return $comment_action;
205}
206
207/**
208 * Tries to delete a user comment in the database
209 * only admin can delete all comments
210 * other users can delete their own comments
211 * so to avoid a new sql request we add author in where clause
212 *
213 * @param comment_id
214 */
215function delete_user_comment_albums($comment_id) 
216{
217  $user_where_clause = '';
218  if (!is_admin())
219  {
220    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
221  }
222 
223  if (is_array($comment_id))
224    $where_clause = 'id IN('.implode(',', $comment_id).')';
225  else
226    $where_clause = 'id = '.$comment_id;
227 
228  $query = '
229DELETE FROM '.COA_TABLE.'
230  WHERE '.$where_clause.
231$user_where_clause.'
232;';
233  $result = pwg_query($query);
234 
235  if ($result) 
236  {
237    email_admin('delete', 
238                array('author' => $GLOBALS['user']['username'],
239                      'comment_id' => $comment_id
240                  ));
241  }
242 
243  trigger_action('user_comment_deletion', $comment_id, 'category');
244}
245
246/**
247 * Tries to update a user comment in the database
248 * only admin can update all comments
249 * users can edit their own comments if admin allow them
250 * so to avoid a new sql request we add author in where clause
251 *
252 * @param comment_id
253 * @param post_key
254 * @param content
255 */
256function update_user_comment_albums($comment, $post_key)
257{
258  global $conf;
259
260  $comment_action = 'validate';
261
262  if ( !verify_ephemeral_key($post_key, $comment['category_id']) )
263  {
264    $comment_action='reject';
265  }
266  elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
267  {
268    $comment_action='validate'; //one of validate, moderate, reject
269  }
270  else
271  {
272    $comment_action='moderate'; //one of validate, moderate, reject
273  }
274
275  // perform more spam check
276  $comment_action =
277    trigger_event('user_comment_check_albums',
278      $comment_action,
279      array_merge($comment,
280            array('author' => $GLOBALS['user']['username'])
281            )
282      );
283
284  if ( $comment_action!='reject' )
285  {
286    $user_where_clause = '';
287    if (!is_admin())
288    {
289      $user_where_clause = '   AND author_id = \''.
290  $GLOBALS['user']['id'].'\'';
291    }
292
293    $query = '
294UPDATE '.COA_TABLE.'
295  SET content = \''.$comment['content'].'\',
296      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
297      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
298  WHERE id = '.$comment['comment_id'].
299$user_where_clause.'
300;';
301    $result = pwg_query($query);
302   
303    // mail admin and ask to validate the comment
304    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
305    {
306      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
307
308      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&amp;comment_id='.$comment['comment_id'];
309
310      $keyargs_content = array
311      (
312        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
313        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
314        get_l10n_args('', ''),
315        get_l10n_args('Manage this user comment: %s', $comment_url),
316        get_l10n_args('', ''),
317        get_l10n_args('(!) This comment requires validation', ''),
318      );
319
320      pwg_mail_notification_admins
321      (
322        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
323        $keyargs_content
324      );
325    }
326    // just mail admin
327    else if ($result)
328    {
329      email_admin('edit', array('author' => $GLOBALS['user']['username'],
330        'content' => stripslashes($comment['content'])) );
331    }
332  }
333 
334  return $comment_action;
335}
336
337function get_comment_author_id_albums($comment_id, $die_on_error=true)
338{
339  $query = '
340SELECT
341    author_id
342  FROM '.COA_TABLE.'
343  WHERE id = '.$comment_id.'
344;';
345  $result = pwg_query($query);
346  if (pwg_db_num_rows($result) == 0)
347  {
348    if ($die_on_error)
349    {
350      fatal_error('Unknown comment identifier');
351    }
352    else
353    {
354      return false;
355    }
356  }
357 
358  list($author_id) = pwg_db_fetch_row($result);
359
360  return $author_id;
361}
362
363/**
364 * Tries to validate a user comment in the database
365 * @param int or array of int comment_id
366 */
367function validate_user_comment_albums($comment_id)
368{
369  if (is_array($comment_id))
370    $where_clause = 'id IN('.implode(',', $comment_id).')';
371  else
372    $where_clause = 'id = '.$comment_id;
373   
374  $query = '
375UPDATE '.COA_TABLE.'
376  SET validated = \'true\'
377    , validation_date = NOW()
378  WHERE '.$where_clause.'
379;';
380  pwg_query($query);
381 
382  trigger_action('user_comment_validation', $comment_id, 'category');
383}
384?>
Note: See TracBrowser for help on using the repository browser.