source: extensions/Comments_on_Albums/trunk/include/functions_comment.inc.php @ 28629

Last change on this file since 28629 was 28629, checked in by mistic100, 10 years ago

use trigger_notify and trigger_change
File size: 10.7 KB
Line 
1<?php
2/* This is a copy of include/functions_comment.inc.php but adapted for Comments On Albums */
3defined('COA_ID') or die('Hacking attempt!');
4
5include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
6
7/**
8 * Tries to insert a user comment and returns action to perform.
9 *
10 * @param array &$comm
11 * @param string $key secret key sent back to the browser
12 * @param array &$infos output array of error messages
13 * @return string validate, moderate, reject
14 */
15function insert_user_comment_albums(&$comm, $key, &$infos)
16{
17  global $conf, $user;
18
19  $comm = array_merge( $comm,
20    array(
21      'ip' => $_SERVER['REMOTE_ADDR'],
22      'agent' => $_SERVER['HTTP_USER_AGENT']
23    )
24   );
25
26  $infos = array();
27  if (!$conf['comments_validation'] or is_admin())
28  {
29    $comment_action='validate'; //one of validate, moderate, reject
30  }
31  else
32  {
33    $comment_action='moderate'; //one of validate, moderate, reject
34  }
35
36  // display author field if the user status is guest or generic
37  if (!is_classic_user())
38  {
39    if (empty($comm['author']))
40    {
41      if ($conf['comments_author_mandatory'])
42      {
43        $infos[] = l10n('Username is mandatory');
44        $comment_action='reject';
45      }
46      $comm['author'] = 'guest';
47    }
48    $comm['author_id'] = $conf['guest_id'];
49    // if a guest try to use the name of an already existing user,
50    // he must be rejected
51    if ($comm['author'] != 'guest')
52    {
53      $query = '
54SELECT COUNT(*) AS user_exists
55  FROM '.USERS_TABLE.'
56  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'
57;";
58      $row = pwg_db_fetch_assoc( pwg_query( $query ) );
59      if ($row['user_exists'] == 1)
60      {
61        $infos[] = l10n('This login is already used by another user');
62        $comment_action='reject';
63      }
64    }
65  }
66  else
67  {
68    $comm['author'] = addslashes($user['username']);
69    $comm['author_id'] = $user['id'];
70  }
71
72  // content
73  if (empty($comm['content']))
74  {
75    $comment_action='reject';
76  }
77
78  // key
79  if (!verify_ephemeral_key(@$key, $comm['category_id']))
80  {
81    $comment_action='reject';
82    $_POST['cr'][] = 'key';
83  }
84
85  // website
86  if (!empty($comm['website_url']))
87  {
88    $comm['website_url'] = strip_tags($comm['website_url']);
89    if (!preg_match('/^https?/i', $comm['website_url']))
90    {
91      $comm['website_url'] = 'http://'.$comm['website_url'];
92    }
93    if (!url_check_format($comm['website_url']))
94    {
95      $infos[] = l10n('Your website URL is invalid');
96      $comment_action='reject';
97    }
98  }
99
100  // email
101  if (empty($comm['email']))
102  {
103    if (!empty($user['email']))
104    {
105      $comm['email'] = $user['email'];
106    }
107    else if ($conf['comments_email_mandatory'])
108    {
109      $infos[] = l10n('Email address is missing. Please specify an email address.');
110      $comment_action='reject';
111    }
112  }
113  else if (!email_check_format($comm['email']))
114  {
115    $infos[] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
116    $comment_action='reject';
117  }
118
119  // anonymous id = ip address
120  $ip_components = explode('.', $comm['ip']);
121  if (count($ip_components) > 3)
122  {
123    array_pop($ip_components);
124  }
125  $comm['anonymous_id'] = implode('.', $ip_components);
126
127  if ($comment_action!='reject' and $conf['anti-flood_time']>0 and !is_admin())
128  { // anti-flood system
129    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
130
131    $query = '
132SELECT count(1) FROM '.COA_TABLE.'
133  WHERE date > '.$reference_date.'
134    AND author_id = '.$comm['author_id'];
135    if (!is_classic_user())
136    {
137      $query.= '
138      AND anonymous_id = "'.$comm['anonymous_id'].'"';
139    }
140    $query.= '
141;';
142
143    list($counter) = pwg_db_fetch_row(pwg_query($query));
144    if ($counter > 0)
145    {
146      $infos[] = l10n('Anti-flood system : please wait for a moment before trying to post another comment');
147      $comment_action='reject';
148    }
149  }
150
151  // perform more spam check
152  $comment_action = trigger_change('user_comment_check',
153      $comment_action, $comm, 'album'
154    );
155
156  if ($comment_action!='reject')
157  {
158    $query = '
159INSERT INTO '.COA_TABLE.'
160  (author, author_id, anonymous_id, content, date, validated, validation_date, category_id, website_url, email)
161  VALUES (
162    \''.$comm['author'].'\',
163    '.$comm['author_id'].',
164    \''.$comm['anonymous_id'].'\',
165    \''.$comm['content'].'\',
166    NOW(),
167    \''.($comment_action=='validate' ? 'true':'false').'\',
168    '.($comment_action=='validate' ? 'NOW()':'NULL').',
169    '.$comm['category_id'].',
170    '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').',
171    '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').'
172  )
173';
174    pwg_query($query);
175    $comm['id'] = pwg_db_insert_id(COA_TABLE);
176
177    if ( ($conf['email_admin_on_comment'] && 'validate' == $comment_action)
178        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
179    {
180      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
181
182      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&comment_id='.$comm['id'];
183
184      $keyargs_content = array
185      (
186        get_l10n_args('Author: %s', stripslashes($comm['author']) ),
187        get_l10n_args('Email: %s', stripslashes($comm['email']) ),
188        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
189        get_l10n_args('', ''),
190        get_l10n_args('Manage this user comment: %s', $comment_url)
191      );
192
193      if ('moderate' == $comment_action)
194      {
195        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
196      }
197
198      pwg_mail_notification_admins(
199        get_l10n_args('Comment by %s', stripslashes($comm['author']) ),
200        $keyargs_content
201      );
202    }
203  }
204
205  return $comment_action;
206}
207
208/**
209 * Tries to delete a (or more) user comment.
210 *    only admin can delete all comments
211 *    other users can delete their own comments
212 *
213 * @param int|int[] $comment_id
214 * @return bool false if nothing deleted
215 */
216function delete_user_comment_albums($comment_id)
217{
218  $user_where_clause = '';
219  if (!is_admin())
220  {
221    $user_where_clause = '   AND author_id = \''.$GLOBALS['user']['id'].'\'';
222  }
223
224  if (is_array($comment_id))
225  {
226    $where_clause = 'id IN('.implode(',', $comment_id).')';
227  }
228  else
229  {
230    $where_clause = 'id = '.$comment_id;
231  }
232
233  $query = '
234DELETE FROM '.COA_TABLE.'
235  WHERE '.$where_clause.
236$user_where_clause.'
237;';
238
239  if (pwg_db_changes(pwg_query($query)))
240  {
241    email_admin('delete',
242                array('author' => $GLOBALS['user']['username'],
243                      'comment_id' => $comment_id
244                  ));
245    trigger_notify('user_comment_deletion', $comment_id, 'album');
246
247    return true;
248  }
249
250  return false;
251}
252
253/**
254 * Tries to update a user comment
255 *    only admin can update all comments
256 *    users can edit their own comments if admin allow them
257 *
258 * @param array $comment
259 * @param string $post_key secret key sent back to the browser
260 * @return string validate, moderate, reject
261 */
262function update_user_comment_albums($comment, $post_key)
263{
264  global $conf;
265
266  $comment_action = 'validate';
267
268  if (!verify_ephemeral_key($post_key, $comment['category_id']))
269  {
270    $comment_action='reject';
271  }
272  elseif (!$conf['comments_validation'] or is_admin()) // should the updated comment must be validated
273  {
274    $comment_action='validate'; //one of validate, moderate, reject
275  }
276  else
277  {
278    $comment_action='moderate'; //one of validate, moderate, reject
279  }
280
281  // perform more spam check
282  $comment_action =
283    trigger_change('user_comment_check',
284      $comment_action,
285      array_merge($comment,
286            array('author' => $GLOBALS['user']['username'])
287            ),
288      'album'
289      );
290
291  // website
292  if (!empty($comment['website_url']))
293  {
294    $comm['website_url'] = strip_tags($comm['website_url']);
295    if (!preg_match('/^https?/i', $comment['website_url']))
296    {
297      $comment['website_url'] = 'http://'.$comment['website_url'];
298    }
299    if (!url_check_format($comment['website_url']))
300    {
301      $page['errors'][] = l10n('Your website URL is invalid');
302      $comment_action='reject';
303    }
304  }
305
306  if ( $comment_action!='reject' )
307  {
308    $user_where_clause = '';
309    if (!is_admin())
310    {
311      $user_where_clause = '   AND author_id = \''.
312  $GLOBALS['user']['id'].'\'';
313    }
314
315    $query = '
316UPDATE '.COA_TABLE.'
317  SET content = \''.$comment['content'].'\',
318      website_url = '.(!empty($comment['website_url']) ? '\''.$comment['website_url'].'\'' : 'NULL').',
319      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
320      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
321  WHERE id = '.$comment['comment_id'].
322$user_where_clause.'
323;';
324    $result = pwg_query($query);
325
326    // mail admin and ask to validate the comment
327    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action)
328    {
329      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
330
331      $comment_url = get_absolute_root_url().'comments.php?display_mode=albums&amp;comment_id='.$comment['comment_id'];
332
333      $keyargs_content = array
334      (
335        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
336        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
337        get_l10n_args('', ''),
338        get_l10n_args('Manage this user comment: %s', $comment_url),
339        get_l10n_args('(!) This comment requires validation', ''),
340      );
341
342      pwg_mail_notification_admins(
343        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
344        $keyargs_content
345      );
346    }
347    // just mail admin
348    else if ($result)
349    {
350      email_admin('edit', array('author' => $GLOBALS['user']['username'],
351        'content' => stripslashes($comment['content'])) );
352    }
353  }
354
355  return $comment_action;
356}
357
358/**
359 * Returns the author id of a comment
360 *
361 * @param int $comment_id
362 * @param bool $die_on_error
363 * @return int
364 */
365function get_comment_author_id_albums($comment_id, $die_on_error=true)
366{
367  $query = '
368SELECT
369    author_id
370  FROM '.COA_TABLE.'
371  WHERE id = '.$comment_id.'
372;';
373  $result = pwg_query($query);
374  if (pwg_db_num_rows($result) == 0)
375  {
376    if ($die_on_error)
377    {
378      fatal_error('Unknown comment identifier');
379    }
380    else
381    {
382      return false;
383    }
384  }
385
386  list($author_id) = pwg_db_fetch_row($result);
387
388  return $author_id;
389}
390
391/**
392 * Tries to validate a user comment.
393 *
394 * @param int|int[] $comment_id
395 */
396function validate_user_comment_albums($comment_id)
397{
398  if (is_array($comment_id))
399  {
400    $where_clause = 'id IN('.implode(',', $comment_id).')';
401  }
402  else
403  {
404    $where_clause = 'id = '.$comment_id;
405  }
406
407  $query = '
408UPDATE '.COA_TABLE.'
409  SET validated = \'true\'
410    , validation_date = NOW()
411  WHERE '.$where_clause.'
412;';
413  pwg_query($query);
414
415  trigger_notify('user_comment_validation', $comment_id, 'album');
416}
Note: See TracBrowser for help on using the repository browser.