[16347] | 1 | <?php |
---|
| 2 | if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!'); |
---|
| 3 | |
---|
[20181] | 4 | global $user; |
---|
| 5 | |
---|
[16347] | 6 | include(GUESTBOOK_PATH . '/include/functions.inc.php'); |
---|
| 7 | |
---|
| 8 | $url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start'])); |
---|
| 9 | |
---|
| 10 | // +-----------------------------------------------------------------------+ |
---|
| 11 | // | actions | |
---|
| 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | if (isset($_GET['action'])) |
---|
| 14 | { |
---|
| 15 | switch ($_GET['action']) |
---|
| 16 | { |
---|
| 17 | case 'edit_comment': |
---|
| 18 | { |
---|
| 19 | include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php'); |
---|
| 20 | |
---|
| 21 | check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID); |
---|
| 22 | $author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']); |
---|
| 23 | |
---|
| 24 | if (can_manage_comment('edit', $author_id)) |
---|
| 25 | { |
---|
| 26 | if (!empty($_POST['content'])) |
---|
| 27 | { |
---|
| 28 | check_pwg_token(); |
---|
| 29 | $comment_action = update_user_comment_guestbook( |
---|
| 30 | array( |
---|
| 31 | 'comment_id' => $_GET['comment_to_edit'], |
---|
| 32 | 'content' => $_POST['content'] |
---|
| 33 | ), |
---|
| 34 | $_POST['key'] |
---|
| 35 | ); |
---|
| 36 | |
---|
| 37 | $perform_redirect = false; |
---|
| 38 | switch ($comment_action) |
---|
| 39 | { |
---|
| 40 | case 'moderate': |
---|
| 41 | $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.'); |
---|
| 42 | case 'validate': |
---|
| 43 | $_SESSION['page_infos'][] = l10n('Your comment has been registered'); |
---|
| 44 | $perform_redirect = true; |
---|
| 45 | break; |
---|
| 46 | case 'reject': |
---|
| 47 | $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules'); |
---|
| 48 | $perform_redirect = true; |
---|
| 49 | break; |
---|
| 50 | default: |
---|
| 51 | trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING); |
---|
| 52 | } |
---|
| 53 | |
---|
| 54 | if ($perform_redirect) |
---|
| 55 | { |
---|
| 56 | redirect($url_self); |
---|
| 57 | } |
---|
| 58 | unset($_POST['content']); |
---|
| 59 | } |
---|
| 60 | else |
---|
| 61 | { |
---|
| 62 | $edit_comment = $_GET['comment_to_edit']; |
---|
| 63 | } |
---|
| 64 | } |
---|
| 65 | break; |
---|
| 66 | } |
---|
| 67 | case 'delete_comment' : |
---|
| 68 | { |
---|
| 69 | check_pwg_token(); |
---|
| 70 | |
---|
| 71 | include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php'); |
---|
| 72 | |
---|
| 73 | check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID); |
---|
| 74 | |
---|
| 75 | $author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']); |
---|
| 76 | |
---|
| 77 | if (can_manage_comment('delete', $author_id)) |
---|
| 78 | { |
---|
| 79 | delete_user_comment_guestbook($_GET['comment_to_delete']); |
---|
| 80 | } |
---|
| 81 | |
---|
| 82 | redirect($url_self); |
---|
| 83 | } |
---|
| 84 | case 'validate_comment' : |
---|
| 85 | { |
---|
| 86 | check_pwg_token(); |
---|
| 87 | |
---|
| 88 | include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php'); |
---|
| 89 | |
---|
| 90 | check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID); |
---|
| 91 | |
---|
| 92 | $author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']); |
---|
| 93 | |
---|
| 94 | if (can_manage_comment('validate', $author_id)) |
---|
| 95 | { |
---|
| 96 | validate_user_comment_guestbook($_GET['comment_to_validate']); |
---|
| 97 | } |
---|
| 98 | |
---|
| 99 | redirect($url_self); |
---|
| 100 | } |
---|
| 101 | |
---|
| 102 | } |
---|
| 103 | } |
---|
| 104 | |
---|
| 105 | // +-----------------------------------------------------------------------+ |
---|
| 106 | // | add comment | |
---|
| 107 | // +-----------------------------------------------------------------------+ |
---|
| 108 | if ( isset( $_POST['content'] ) ) |
---|
| 109 | { |
---|
| 110 | $comm = array( |
---|
| 111 | 'author' => trim( @$_POST['author'] ), |
---|
| 112 | 'email' => trim( @$_POST['email'] ), |
---|
| 113 | 'content' => trim( $_POST['content'] ), |
---|
| 114 | 'website' => trim( $_POST['website'] ), |
---|
| 115 | 'rate' => @$_POST['score'], |
---|
| 116 | ); |
---|
| 117 | |
---|
| 118 | include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php'); |
---|
| 119 | |
---|
[20181] | 120 | $comment_action = insert_user_comment_guestbook($comm, @$_POST['key']); |
---|
[16347] | 121 | |
---|
| 122 | switch ($comment_action) |
---|
| 123 | { |
---|
| 124 | case 'moderate': |
---|
| 125 | array_push($page['infos'], l10n('An administrator must authorize your comment before it is visible.') ); |
---|
| 126 | case 'validate': |
---|
| 127 | array_push($page['infos'], l10n('Your comment has been registered')); |
---|
| 128 | break; |
---|
| 129 | case 'reject': |
---|
| 130 | set_status_header(403); |
---|
| 131 | array_push($page['errors'], l10n('Your comment has NOT been registered because it did not pass the validation rules') ); |
---|
| 132 | break; |
---|
| 133 | default: |
---|
| 134 | trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING); |
---|
| 135 | } |
---|
| 136 | |
---|
| 137 | // allow plugins to notify what's going on |
---|
| 138 | trigger_action( 'user_comment_insertion', |
---|
| 139 | array_merge($comm, array('action'=>$comment_action) ) |
---|
| 140 | ); |
---|
| 141 | } |
---|
| 142 | |
---|
| 143 | // +-----------------------------------------------------------------------+ |
---|
| 144 | // | display comments | |
---|
| 145 | // +-----------------------------------------------------------------------+ |
---|
| 146 | $where_clauses = array('1=1'); |
---|
| 147 | if ( !is_admin() ) |
---|
| 148 | { |
---|
| 149 | array_push($where_clauses, 'validated = \'true\''); |
---|
| 150 | } |
---|
| 151 | if (isset($_GET['comment_id'])) |
---|
| 152 | { |
---|
| 153 | array_push($where_clauses, 'com.id = '.pwg_db_real_escape_string($_GET['comment_id'])); |
---|
| 154 | } |
---|
| 155 | |
---|
| 156 | // number of comments for this picture |
---|
| 157 | $query = ' |
---|
| 158 | SELECT |
---|
| 159 | COUNT(*) AS nb_comments |
---|
| 160 | FROM '.GUESTBOOK_TABLE.' as com |
---|
| 161 | WHERE '.implode(' AND ', $where_clauses).' |
---|
| 162 | ;'; |
---|
| 163 | $row = pwg_db_fetch_assoc( pwg_query( $query ) ); |
---|
| 164 | |
---|
| 165 | // navigation bar creation |
---|
| 166 | $page['start'] = 0; |
---|
| 167 | if (isset($_GET['start'])) |
---|
| 168 | { |
---|
| 169 | $page['start'] = $_GET['start']; |
---|
| 170 | } |
---|
| 171 | |
---|
| 172 | $navigation_bar = create_navigation_bar( |
---|
| 173 | GUESTBOOK_URL, |
---|
| 174 | $row['nb_comments'], |
---|
| 175 | $page['start'], |
---|
| 176 | $conf['guestbook']['nb_comment_page'], |
---|
| 177 | false |
---|
| 178 | ); |
---|
| 179 | |
---|
| 180 | $template->assign( |
---|
| 181 | array( |
---|
| 182 | 'COMMENT_COUNT' => $row['nb_comments'], |
---|
| 183 | 'navbar' => $navigation_bar, |
---|
| 184 | ) |
---|
| 185 | ); |
---|
| 186 | |
---|
| 187 | if ($row['nb_comments'] > 0) |
---|
| 188 | { |
---|
| 189 | $query = ' |
---|
| 190 | SELECT |
---|
| 191 | com.id, |
---|
| 192 | author, |
---|
| 193 | author_id, |
---|
| 194 | '.$conf['user_fields']['username'].' AS username, |
---|
| 195 | date, |
---|
| 196 | content, |
---|
| 197 | validated, |
---|
| 198 | website, |
---|
| 199 | rate, |
---|
| 200 | email |
---|
| 201 | FROM '.GUESTBOOK_TABLE.' AS com |
---|
| 202 | LEFT JOIN '.USERS_TABLE.' AS u |
---|
| 203 | ON u.'.$conf['user_fields']['id'].' = author_id |
---|
| 204 | WHERE '.implode(' AND ', $where_clauses).' |
---|
| 205 | ORDER BY date DESC |
---|
| 206 | LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].' |
---|
| 207 | ;'; |
---|
| 208 | $result = pwg_query( $query ); |
---|
| 209 | |
---|
| 210 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 211 | { |
---|
| 212 | if (!empty($row['author'])) |
---|
| 213 | { |
---|
| 214 | $author = $row['author']; |
---|
| 215 | if ($author == 'guest') |
---|
| 216 | { |
---|
| 217 | $author = l10n('guest'); |
---|
| 218 | } |
---|
| 219 | } |
---|
| 220 | else |
---|
| 221 | { |
---|
| 222 | $author = stripslashes($row['username']); |
---|
| 223 | } |
---|
| 224 | |
---|
| 225 | $tpl_comment = |
---|
| 226 | array( |
---|
| 227 | 'ID' => $row['id'], |
---|
| 228 | 'AUTHOR' => trigger_event('render_comment_author', $author), |
---|
| 229 | 'DATE' => format_date($row['date'], true), |
---|
| 230 | 'CONTENT' => trigger_event('render_comment_content',$row['content']), |
---|
| 231 | 'WEBSITE' => $row['website'], |
---|
| 232 | ); |
---|
| 233 | |
---|
| 234 | if ($conf['guestbook']['activate_rating']) |
---|
| 235 | { |
---|
[17317] | 236 | $tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/'); |
---|
[16347] | 237 | } |
---|
| 238 | |
---|
| 239 | if (is_admin() and !empty($row['email'])) |
---|
| 240 | { |
---|
| 241 | $tpl_comment['EMAIL'] = $row['email']; |
---|
| 242 | } |
---|
| 243 | |
---|
| 244 | if (can_manage_comment('delete', $row['author_id'])) |
---|
| 245 | { |
---|
| 246 | $tpl_comment['U_DELETE'] = add_url_params( |
---|
| 247 | $url_self, |
---|
| 248 | array( |
---|
| 249 | 'action'=>'delete_comment', |
---|
| 250 | 'comment_to_delete'=>$row['id'], |
---|
| 251 | 'pwg_token' => get_pwg_token(), |
---|
| 252 | ) |
---|
| 253 | ); |
---|
| 254 | } |
---|
| 255 | if (can_manage_comment('edit', $row['author_id'])) |
---|
| 256 | { |
---|
| 257 | $tpl_comment['U_EDIT'] = add_url_params( |
---|
| 258 | $url_self, |
---|
| 259 | array( |
---|
| 260 | 'action'=>'edit_comment', |
---|
| 261 | 'comment_to_edit'=>$row['id'], |
---|
| 262 | ) |
---|
| 263 | ); |
---|
| 264 | if (isset($edit_comment) and ($row['id'] == $edit_comment)) |
---|
| 265 | { |
---|
| 266 | $tpl_comment['IN_EDIT'] = true; |
---|
| 267 | $tpl_comment['KEY'] = get_ephemeral_key(2); |
---|
| 268 | $tpl_comment['CONTENT'] = $row['content']; |
---|
| 269 | $tpl_comment['PWG_TOKEN'] = get_pwg_token(); |
---|
| 270 | $tpl_comment['U_CANCEL'] = $url_self; |
---|
| 271 | } |
---|
| 272 | } |
---|
| 273 | if (is_admin()) |
---|
| 274 | { |
---|
| 275 | if ($row['validated'] != 'true') |
---|
| 276 | { |
---|
| 277 | $tpl_comment['U_VALIDATE'] = add_url_params( |
---|
| 278 | $url_self, |
---|
| 279 | array( |
---|
| 280 | 'action' => 'validate_comment', |
---|
| 281 | 'comment_to_validate' => $row['id'], |
---|
| 282 | 'pwg_token' => get_pwg_token(), |
---|
| 283 | ) |
---|
| 284 | ); |
---|
| 285 | } |
---|
| 286 | } |
---|
| 287 | $template->append('comments', $tpl_comment); |
---|
| 288 | } |
---|
| 289 | } |
---|
| 290 | |
---|
| 291 | $show_add_comment_form = true; |
---|
| 292 | if (isset($edit_comment)) |
---|
| 293 | { |
---|
| 294 | $show_add_comment_form = false; |
---|
| 295 | } |
---|
| 296 | |
---|
| 297 | if ($show_add_comment_form) |
---|
| 298 | { |
---|
| 299 | foreach (array('content','author','website','email') as $el) |
---|
| 300 | { |
---|
| 301 | ${$el} = ''; |
---|
| 302 | if ('reject'===@$comment_action and !empty($comm[$el])) |
---|
| 303 | { |
---|
| 304 | ${$el} = htmlspecialchars( stripslashes($comm[$el]) ); |
---|
| 305 | } |
---|
| 306 | } |
---|
[20181] | 307 | if (is_classic_user()) |
---|
| 308 | { |
---|
| 309 | $author = $user['username']; |
---|
| 310 | $email = $user['email']; |
---|
| 311 | } |
---|
| 312 | if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility |
---|
| 313 | { |
---|
| 314 | $conf['comments_email_mandatory'] = false; |
---|
| 315 | } |
---|
| 316 | |
---|
[16347] | 317 | $template->assign('comment_add', |
---|
| 318 | array( |
---|
| 319 | 'F_ACTION' => $url_self, |
---|
| 320 | 'KEY' => get_ephemeral_key(3), |
---|
| 321 | 'CONTENT' => $content, |
---|
[20181] | 322 | 'IS_LOGGED' => is_classic_user(), |
---|
| 323 | 'AUTHOR' => $author, |
---|
| 324 | 'WEBSITE' => $website, |
---|
| 325 | 'EMAIL' => $email, |
---|
[16347] | 326 | 'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'], |
---|
[20181] | 327 | 'EMAIL_MANDATORY' => $conf['comments_email_mandatory'], |
---|
[16347] | 328 | )); |
---|
| 329 | } |
---|
| 330 | |
---|
| 331 | $template->assign('ABS_GUESTBOOK_PATH', dirname(__FILE__).'/../'); |
---|
| 332 | $template->assign('GUESTBOOK_PATH', GUESTBOOK_PATH); |
---|
[17717] | 333 | |
---|
[16347] | 334 | $template->set_filename('index', dirname(__FILE__).'/../template/guestbook.tpl'); |
---|
| 335 | |
---|
[15940] | 336 | ?> |
---|