Context Navigation

source: extensions/GuestBook/include/guestbook.inc.php @ 24889

Last change on this file since 24889 was 24889, checked in by mistic100, 11 years ago
use my plugin architecture, add options to hide the page for guests, fix admin links in mails
File size: 9.3 KB

Rev	Line
[16347]	1	<?php
	2	if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
	3
[20181]	4	global $user;
	5
[16347]	6	include(GUESTBOOK_PATH . '/include/functions.inc.php');
	7
	8	$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
	9
	10	// +-----------------------------------------------------------------------+
	11	// \| actions \|
	12	// +-----------------------------------------------------------------------+
	13	if (isset($_GET['action']))
	14	{
	15	switch ($_GET['action'])
	16	{
	17	case 'edit_comment':
	18	{
	19	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
	20
	21	check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
	22	$author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
	23
	24	if (can_manage_comment('edit', $author_id))
	25	{
	26	if (!empty($_POST['content']))
	27	{
	28	check_pwg_token();
	29	$comment_action = update_user_comment_guestbook(
	30	array(
	31	'comment_id' => $_GET['comment_to_edit'],
	32	'content' => $_POST['content']
	33	),
	34	$_POST['key']
	35	);
	36
	37	$perform_redirect = false;
	38	switch ($comment_action)
	39	{
	40	case 'moderate':
	41	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
	42	case 'validate':
	43	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
	44	$perform_redirect = true;
	45	break;
	46	case 'reject':
	47	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
	48	$perform_redirect = true;
	49	break;
	50	default:
	51	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
	52	}
	53
	54	if ($perform_redirect)
	55	{
	56	redirect($url_self);
	57	}
	58	unset($_POST['content']);
	59	}
	60	else
	61	{
	62	$edit_comment = $_GET['comment_to_edit'];
	63	}
	64	}
	65	break;
	66	}
	67	case 'delete_comment' :
	68	{
	69	check_pwg_token();
	70
	71	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
	72
	73	check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
	74
	75	$author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
	76
	77	if (can_manage_comment('delete', $author_id))
	78	{
	79	delete_user_comment_guestbook($_GET['comment_to_delete']);
	80	}
	81
	82	redirect($url_self);
	83	}
	84	case 'validate_comment' :
	85	{
	86	check_pwg_token();
	87
	88	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
	89
	90	check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
	91
	92	$author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
	93
	94	if (can_manage_comment('validate', $author_id))
	95	{
	96	validate_user_comment_guestbook($_GET['comment_to_validate']);
	97	}
	98
	99	redirect($url_self);
	100	}
	101
	102	}
	103	}
	104
	105	// +-----------------------------------------------------------------------+
	106	// \| add comment \|
	107	// +-----------------------------------------------------------------------+
[24889]	108	if ( isset( $_POST['content'] ) && (!is_a_guest() \|\| $conf['guestbook']['guest_can_add']))
[16347]	109	{
	110	$comm = array(
	111	'author' => trim( @$_POST['author'] ),
	112	'email' => trim( @$_POST['email'] ),
	113	'content' => trim( $_POST['content'] ),
	114	'website' => trim( $_POST['website'] ),
	115	'rate' => @$_POST['score'],
	116	);
	117
	118	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
	119
[20181]	120	$comment_action = insert_user_comment_guestbook($comm, @$_POST['key']);
[16347]	121
	122	switch ($comment_action)
	123	{
	124	case 'moderate':
	125	array_push($page['infos'], l10n('An administrator must authorize your comment before it is visible.') );
	126	case 'validate':
	127	array_push($page['infos'], l10n('Your comment has been registered'));
	128	break;
	129	case 'reject':
	130	set_status_header(403);
	131	array_push($page['errors'], l10n('Your comment has NOT been registered because it did not pass the validation rules') );
	132	break;
	133	default:
	134	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
	135	}
	136
	137	// allow plugins to notify what's going on
	138	trigger_action( 'user_comment_insertion',
	139	array_merge($comm, array('action'=>$comment_action) )
	140	);
	141	}
	142
	143	// +-----------------------------------------------------------------------+
	144	// \| display comments \|
	145	// +-----------------------------------------------------------------------+
	146	$where_clauses = array('1=1');
	147	if ( !is_admin() )
	148	{
	149	array_push($where_clauses, 'validated = \'true\'');
	150	}
	151	if (isset($_GET['comment_id']))
	152	{
	153	array_push($where_clauses, 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']));
	154	}
	155
	156	// number of comments for this picture
	157	$query = '
	158	SELECT
	159	COUNT(*) AS nb_comments
	160	FROM '.GUESTBOOK_TABLE.' as com
	161	WHERE '.implode(' AND ', $where_clauses).'
	162	;';
	163	$row = pwg_db_fetch_assoc( pwg_query( $query ) );
	164
	165	// navigation bar creation
	166	$page['start'] = 0;
	167	if (isset($_GET['start']))
	168	{
	169	$page['start'] = $_GET['start'];
	170	}
	171
	172	$navigation_bar = create_navigation_bar(
	173	GUESTBOOK_URL,
	174	$row['nb_comments'],
	175	$page['start'],
	176	$conf['guestbook']['nb_comment_page'],
	177	false
	178	);
	179
	180	$template->assign(
	181	array(
	182	'COMMENT_COUNT' => $row['nb_comments'],
	183	'navbar' => $navigation_bar,
	184	)
	185	);
	186
	187	if ($row['nb_comments'] > 0)
	188	{
	189	$query = '
	190	SELECT
	191	com.id,
	192	author,
	193	author_id,
	194	'.$conf['user_fields']['username'].' AS username,
	195	date,
	196	content,
	197	validated,
	198	website,
	199	rate,
	200	email
	201	FROM '.GUESTBOOK_TABLE.' AS com
	202	LEFT JOIN '.USERS_TABLE.' AS u
	203	ON u.'.$conf['user_fields']['id'].' = author_id
	204	WHERE '.implode(' AND ', $where_clauses).'
	205	ORDER BY date DESC
	206	LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
	207	;';
	208	$result = pwg_query( $query );
	209
	210	while ($row = pwg_db_fetch_assoc($result))
	211	{
	212	if (!empty($row['author']))
	213	{
	214	$author = $row['author'];
	215	if ($author == 'guest')
	216	{
	217	$author = l10n('guest');
	218	}
	219	}
	220	else
	221	{
	222	$author = stripslashes($row['username']);
	223	}
	224
	225	$tpl_comment =
	226	array(
	227	'ID' => $row['id'],
	228	'AUTHOR' => trigger_event('render_comment_author', $author),
	229	'DATE' => format_date($row['date'], true),
	230	'CONTENT' => trigger_event('render_comment_content',$row['content']),
	231	'WEBSITE' => $row['website'],
	232	);
	233
	234	if ($conf['guestbook']['activate_rating'])
	235	{
[17317]	236	$tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
[16347]	237	}
	238
	239	if (is_admin() and !empty($row['email']))
	240	{
	241	$tpl_comment['EMAIL'] = $row['email'];
	242	}
	243
	244	if (can_manage_comment('delete', $row['author_id']))
	245	{
	246	$tpl_comment['U_DELETE'] = add_url_params(
	247	$url_self,
	248	array(
	249	'action'=>'delete_comment',
	250	'comment_to_delete'=>$row['id'],
	251	'pwg_token' => get_pwg_token(),
	252	)
	253	);
	254	}
	255	if (can_manage_comment('edit', $row['author_id']))
	256	{
	257	$tpl_comment['U_EDIT'] = add_url_params(
	258	$url_self,
	259	array(
	260	'action'=>'edit_comment',
	261	'comment_to_edit'=>$row['id'],
	262	)
	263	);
	264	if (isset($edit_comment) and ($row['id'] == $edit_comment))
	265	{
	266	$tpl_comment['IN_EDIT'] = true;
	267	$tpl_comment['KEY'] = get_ephemeral_key(2);
	268	$tpl_comment['CONTENT'] = $row['content'];
	269	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
	270	$tpl_comment['U_CANCEL'] = $url_self;
	271	}
	272	}
	273	if (is_admin())
	274	{
	275	if ($row['validated'] != 'true')
	276	{
	277	$tpl_comment['U_VALIDATE'] = add_url_params(
	278	$url_self,
	279	array(
	280	'action' => 'validate_comment',
	281	'comment_to_validate' => $row['id'],
	282	'pwg_token' => get_pwg_token(),
	283	)
	284	);
	285	}
	286	}
	287	$template->append('comments', $tpl_comment);
	288	}
	289	}
	290
[24889]	291	$show_add_comment_form = !is_a_guest() \|\| $conf['guestbook']['guest_can_add'];
[16347]	292	if (isset($edit_comment))
	293	{
	294	$show_add_comment_form = false;
	295	}
	296
	297	if ($show_add_comment_form)
	298	{
	299	foreach (array('content','author','website','email') as $el)
	300	{
	301	${$el} = '';
	302	if ('reject'===@$comment_action and !empty($comm[$el]))
	303	{
	304	${$el} = htmlspecialchars( stripslashes($comm[$el]) );
	305	}
	306	}
[20181]	307	if (is_classic_user())
	308	{
	309	$author = $user['username'];
	310	$email = $user['email'];
	311	}
	312	if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility
	313	{
	314	$conf['comments_email_mandatory'] = false;
	315	}
	316
[16347]	317	$template->assign('comment_add',
	318	array(
	319	'F_ACTION' => $url_self,
	320	'KEY' => get_ephemeral_key(3),
	321	'CONTENT' => $content,
[20181]	322	'IS_LOGGED' => is_classic_user(),
	323	'AUTHOR' => $author,
	324	'WEBSITE' => $website,
	325	'EMAIL' => $email,
[16347]	326	'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
[20181]	327	'EMAIL_MANDATORY' => $conf['comments_email_mandatory'],
[16347]	328	));
	329	}
	330
[24889]	331	$template->assign('ABS_GUESTBOOK_PATH', realpath(GUESTBOOK_PATH) . '/');
[16347]	332	$template->assign('GUESTBOOK_PATH', GUESTBOOK_PATH);
[17717]	333
[24889]	334	$template->set_filename('index', realpath(GUESTBOOK_PATH . 'template/guestbook.tpl'));

Note: See TracBrowser for help on using the repository browser.

Download in other formats: