source: extensions/GuestBook/include/guestbook.inc.php @ 24889

Last change on this file since 24889 was 24889, checked in by mistic100, 7 years ago

use my plugin architecture, add options to hide the page for guests, fix admin links in mails

File size: 9.3 KB
Line 
1<?php
2if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4global $user;
5
6include(GUESTBOOK_PATH . '/include/functions.inc.php');
7
8$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
9
10// +-----------------------------------------------------------------------+
11// |                                actions                                |
12// +-----------------------------------------------------------------------+
13if (isset($_GET['action']))
14{
15  switch ($_GET['action'])
16  {
17    case 'edit_comment':
18    {
19      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
20     
21      check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
22      $author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
23
24      if (can_manage_comment('edit', $author_id))
25      {
26        if (!empty($_POST['content']))
27        {
28          check_pwg_token();
29          $comment_action = update_user_comment_guestbook(
30            array(
31              'comment_id' => $_GET['comment_to_edit'],
32              'content' => $_POST['content']
33              ),
34            $_POST['key']
35            );
36
37          $perform_redirect = false;
38          switch ($comment_action)
39          {
40            case 'moderate':
41              $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
42            case 'validate':
43              $_SESSION['page_infos'][] = l10n('Your comment has been registered');
44              $perform_redirect = true;
45              break;
46            case 'reject':
47              $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
48              $perform_redirect = true;
49              break;
50            default:
51              trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
52          }
53
54          if ($perform_redirect)
55          {
56            redirect($url_self);
57          }
58          unset($_POST['content']);
59        }
60        else
61        {
62          $edit_comment = $_GET['comment_to_edit'];
63        }
64      }
65      break;
66    }
67    case 'delete_comment' :
68    {
69      check_pwg_token();
70
71      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
72
73      check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
74
75      $author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
76
77      if (can_manage_comment('delete', $author_id))
78      {
79        delete_user_comment_guestbook($_GET['comment_to_delete']);
80      }
81
82      redirect($url_self);
83    }
84    case 'validate_comment' :
85    {
86      check_pwg_token();
87
88      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
89
90      check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
91
92      $author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
93
94      if (can_manage_comment('validate', $author_id))
95      {
96        validate_user_comment_guestbook($_GET['comment_to_validate']);
97      }
98
99      redirect($url_self);
100    }
101
102  }
103}
104
105// +-----------------------------------------------------------------------+
106// |                                add comment                            |
107// +-----------------------------------------------------------------------+
108if ( isset( $_POST['content'] ) && (!is_a_guest() || $conf['guestbook']['guest_can_add']))
109{
110  $comm = array(
111    'author' => trim( @$_POST['author'] ),
112    'email' => trim( @$_POST['email'] ),
113    'content' => trim( $_POST['content'] ),
114    'website' => trim( $_POST['website'] ),
115    'rate' => @$_POST['score'],
116   );
117
118  include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
119
120  $comment_action = insert_user_comment_guestbook($comm, @$_POST['key']);
121
122  switch ($comment_action)
123  {
124    case 'moderate':
125      array_push($page['infos'], l10n('An administrator must authorize your comment before it is visible.') );
126    case 'validate':
127      array_push($page['infos'], l10n('Your comment has been registered'));
128      break;
129    case 'reject':
130      set_status_header(403);
131      array_push($page['errors'], l10n('Your comment has NOT been registered because it did not pass the validation rules') );
132      break;
133    default:
134      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
135  }
136
137  // allow plugins to notify what's going on
138  trigger_action( 'user_comment_insertion',
139      array_merge($comm, array('action'=>$comment_action) )
140    );
141}
142
143// +-----------------------------------------------------------------------+
144// |                                display comments                       |
145// +-----------------------------------------------------------------------+
146$where_clauses = array('1=1');
147if ( !is_admin() )
148{
149  array_push($where_clauses, 'validated = \'true\'');
150}
151if (isset($_GET['comment_id']))
152{
153  array_push($where_clauses, 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']));
154}
155
156// number of comments for this picture
157$query = '
158SELECT
159    COUNT(*) AS nb_comments
160  FROM '.GUESTBOOK_TABLE.' as com
161  WHERE '.implode(' AND ', $where_clauses).'
162;';
163$row = pwg_db_fetch_assoc( pwg_query( $query ) );
164
165// navigation bar creation
166$page['start'] = 0;
167if (isset($_GET['start']))
168{
169  $page['start'] = $_GET['start'];
170}
171
172$navigation_bar = create_navigation_bar(
173  GUESTBOOK_URL,
174  $row['nb_comments'],
175  $page['start'],
176  $conf['guestbook']['nb_comment_page'],
177  false
178  );
179
180$template->assign(
181  array(
182    'COMMENT_COUNT' => $row['nb_comments'],
183    'navbar' => $navigation_bar,
184    )
185  );
186 
187if ($row['nb_comments'] > 0)
188{
189  $query = '
190SELECT
191    com.id,
192    author,
193    author_id,
194    '.$conf['user_fields']['username'].' AS username,
195    date,
196    content,
197    validated,
198    website,
199    rate,
200    email
201  FROM '.GUESTBOOK_TABLE.' AS com
202  LEFT JOIN '.USERS_TABLE.' AS u
203    ON u.'.$conf['user_fields']['id'].' = author_id
204  WHERE '.implode(' AND ', $where_clauses).'
205  ORDER BY date DESC
206  LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
207;';
208  $result = pwg_query( $query );
209
210  while ($row = pwg_db_fetch_assoc($result))
211  {
212    if (!empty($row['author']))
213    {
214      $author = $row['author'];
215      if ($author == 'guest')
216      {
217        $author = l10n('guest');
218      }
219    }
220    else
221    {
222      $author = stripslashes($row['username']);
223    }
224
225    $tpl_comment =
226      array(
227        'ID' => $row['id'],
228        'AUTHOR' => trigger_event('render_comment_author', $author),
229        'DATE' => format_date($row['date'], true),
230        'CONTENT' => trigger_event('render_comment_content',$row['content']),
231        'WEBSITE' => $row['website'],
232      );
233     
234    if ($conf['guestbook']['activate_rating'])
235    {
236      $tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
237    }
238     
239    if (is_admin() and !empty($row['email']))
240    {
241      $tpl_comment['EMAIL'] = $row['email'];
242    }
243
244    if (can_manage_comment('delete', $row['author_id']))
245    {
246      $tpl_comment['U_DELETE'] = add_url_params(
247        $url_self,
248        array(
249          'action'=>'delete_comment',
250          'comment_to_delete'=>$row['id'],
251          'pwg_token' => get_pwg_token(),
252          )
253        );
254    }
255    if (can_manage_comment('edit', $row['author_id']))
256    {
257      $tpl_comment['U_EDIT'] = add_url_params(
258        $url_self,
259        array(
260          'action'=>'edit_comment',
261          'comment_to_edit'=>$row['id'],
262          )
263        );
264        if (isset($edit_comment) and ($row['id'] == $edit_comment))
265        {
266          $tpl_comment['IN_EDIT'] = true;
267          $tpl_comment['KEY'] = get_ephemeral_key(2);
268          $tpl_comment['CONTENT'] = $row['content'];
269          $tpl_comment['PWG_TOKEN'] = get_pwg_token();
270          $tpl_comment['U_CANCEL'] = $url_self;
271        }
272    }
273    if (is_admin())
274    {
275      if ($row['validated'] != 'true')
276      {
277        $tpl_comment['U_VALIDATE'] = add_url_params(
278                $url_self,
279                array(
280                  'action' => 'validate_comment',
281                  'comment_to_validate' => $row['id'],
282                  'pwg_token' => get_pwg_token(),
283                  )
284                );
285      }
286    }
287    $template->append('comments', $tpl_comment);
288  }
289}
290
291$show_add_comment_form = !is_a_guest() || $conf['guestbook']['guest_can_add'];
292if (isset($edit_comment))
293{
294  $show_add_comment_form = false;
295}
296
297if ($show_add_comment_form)
298{
299  foreach (array('content','author','website','email') as $el)
300  {
301    ${$el} = '';
302    if ('reject'===@$comment_action and !empty($comm[$el]))
303    {
304      ${$el} = htmlspecialchars( stripslashes($comm[$el]) );
305    }
306  }
307  if (is_classic_user())
308  {
309    $author = $user['username'];
310    $email = $user['email'];
311  }
312  if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility
313  {
314    $conf['comments_email_mandatory'] = false;
315  }
316
317  $template->assign('comment_add',
318      array(
319        'F_ACTION' => $url_self,
320        'KEY' => get_ephemeral_key(3),
321        'CONTENT' => $content,
322        'IS_LOGGED' => is_classic_user(),
323        'AUTHOR' => $author,
324        'WEBSITE' => $website,
325        'EMAIL' => $email,
326        'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
327        'EMAIL_MANDATORY' => $conf['comments_email_mandatory'],
328      ));
329}
330
331$template->assign('ABS_GUESTBOOK_PATH', realpath(GUESTBOOK_PATH) . '/');
332$template->assign('GUESTBOOK_PATH', GUESTBOOK_PATH);
333
334$template->set_filename('index', realpath(GUESTBOOK_PATH . 'template/guestbook.tpl'));
Note: See TracBrowser for help on using the repository browser.