source: extensions/GuestBook/include/guestbook.inc.php @ 26065

Last change on this file since 26065 was 26065, checked in by mistic100, 7 years ago

update for Piwigo 2.6 + code clean

File size: 9.3 KB
Line 
1<?php
2if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4global $user;
5
6include(GUESTBOOK_PATH . 'include/functions.inc.php');
7
8$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
9
10// +-----------------------------------------------------------------------+
11// |                                actions                                |
12// +-----------------------------------------------------------------------+
13if (isset($_GET['action']))
14{
15  switch ($_GET['action'])
16  {
17    case 'edit_comment':
18    {
19      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
20     
21      check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
22      $author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
23
24      if (can_manage_comment('edit', $author_id))
25      {
26        if (!empty($_POST['content']))
27        {
28          check_pwg_token();
29          $comment_action = update_user_comment_guestbook(
30            array(
31              'comment_id' => $_GET['comment_to_edit'],
32              'content' => $_POST['content']
33              ),
34            $_POST['key']
35            );
36
37          $perform_redirect = false;
38          switch ($comment_action)
39          {
40            case 'moderate':
41              $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
42            case 'validate':
43              $_SESSION['page_infos'][] = l10n('Your comment has been registered');
44              $perform_redirect = true;
45              break;
46            case 'reject':
47              $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
48              $perform_redirect = true;
49              break;
50            default:
51              trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
52          }
53
54          if ($perform_redirect)
55          {
56            redirect($url_self);
57          }
58          unset($_POST['content']);
59        }
60        else
61        {
62          $edit_comment = $_GET['comment_to_edit'];
63        }
64      }
65      break;
66    }
67    case 'delete_comment' :
68    {
69      check_pwg_token();
70
71      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
72
73      check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
74
75      $author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
76
77      if (can_manage_comment('delete', $author_id))
78      {
79        delete_user_comment_guestbook($_GET['comment_to_delete']);
80      }
81
82      redirect($url_self);
83    }
84    case 'validate_comment' :
85    {
86      check_pwg_token();
87
88      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
89
90      check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
91
92      $author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
93
94      if (can_manage_comment('validate', $author_id))
95      {
96        validate_user_comment_guestbook($_GET['comment_to_validate']);
97      }
98
99      redirect($url_self);
100    }
101
102  }
103}
104
105// +-----------------------------------------------------------------------+
106// |                                add comment                            |
107// +-----------------------------------------------------------------------+
108if (isset($_POST['content']) && (!is_a_guest() || $conf['guestbook']['guest_can_add']))
109{
110  $comm = array(
111    'author' => trim(@$_POST['author']),
112    'email' => trim(@$_POST['email']),
113    'content' => trim($_POST['content']),
114    'website' => trim($_POST['website']),
115    'rate' => @$_POST['score'],
116   );
117
118  include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
119
120  $comment_action = insert_user_comment_guestbook($comm, @$_POST['key']);
121
122  switch ($comment_action)
123  {
124    case 'moderate':
125      $page['infos'][] = l10n('An administrator must authorize your comment before it is visible.');
126    case 'validate':
127      $page['infos'][] = l10n('Your comment has been registered');
128      break;
129    case 'reject':
130      set_status_header(403);
131      $template->assign('GB_OPEN', true);
132      $page['errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
133      break;
134    default:
135      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
136  }
137
138  // allow plugins to notify what's going on
139  trigger_action('user_comment_insertion',
140      array_merge($comm, array('action'=>$comment_action))
141    );
142}
143
144// +-----------------------------------------------------------------------+
145// |                                display comments                       |
146// +-----------------------------------------------------------------------+
147$where_clauses = array('1=1');
148if (!is_admin())
149{
150  $where_clauses[] = 'validated = \'true\'';
151}
152if (isset($_GET['comment_id']))
153{
154  $where_clauses[] = 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']);
155}
156
157// number of comments for this picture
158$query = '
159SELECT
160    COUNT(*) AS nb_comments
161  FROM '.GUESTBOOK_TABLE.' as com
162  WHERE '.implode(' AND ', $where_clauses).'
163;';
164$row = pwg_db_fetch_assoc(pwg_query($query));
165
166// navigation bar creation
167$page['start'] = 0;
168if (isset($_GET['start']))
169{
170  $page['start'] = $_GET['start'];
171}
172
173$navigation_bar = create_navigation_bar(
174  GUESTBOOK_URL,
175  $row['nb_comments'],
176  $page['start'],
177  $conf['guestbook']['nb_comment_page'],
178  false
179  );
180
181$template->assign(array(
182  'COMMENT_COUNT' => $row['nb_comments'],
183  'navbar' => $navigation_bar,
184  ));
185 
186if ($row['nb_comments'] > 0)
187{
188  $query = '
189SELECT
190    com.id,
191    author,
192    author_id,
193    '.$conf['user_fields']['username'].' AS username,
194    date,
195    content,
196    validated,
197    website,
198    rate,
199    email
200  FROM '.GUESTBOOK_TABLE.' AS com
201  LEFT JOIN '.USERS_TABLE.' AS u
202    ON u.'.$conf['user_fields']['id'].' = author_id
203  WHERE '.implode(' AND ', $where_clauses).'
204  ORDER BY date DESC
205  LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
206;';
207  $result = pwg_query( $query );
208
209  while ($row = pwg_db_fetch_assoc($result))
210  {
211    if (!empty($row['author']))
212    {
213      $author = $row['author'];
214      if ($author == 'guest')
215      {
216        $author = l10n('guest');
217      }
218    }
219    else
220    {
221      $author = stripslashes($row['username']);
222    }
223
224    $tpl_comment = array(
225      'ID' => $row['id'],
226      'AUTHOR' => trigger_event('render_comment_author', $author),
227      'DATE' => format_date($row['date'], true),
228      'CONTENT' => trigger_event('render_comment_content', $row['content']),
229      'WEBSITE' => $row['website'],
230      );
231     
232    if ($conf['guestbook']['activate_rating'])
233    {
234      $tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
235    }
236     
237    if (is_admin() and !empty($row['email']))
238    {
239      $tpl_comment['EMAIL'] = $row['email'];
240    }
241
242    if (can_manage_comment('delete', $row['author_id']))
243    {
244      $tpl_comment['U_DELETE'] = add_url_params(
245        $url_self,
246        array(
247          'action'=>'delete_comment',
248          'comment_to_delete'=>$row['id'],
249          'pwg_token' => get_pwg_token(),
250          )
251        );
252    }
253    if (can_manage_comment('edit', $row['author_id']))
254    {
255      $tpl_comment['U_EDIT'] = add_url_params(
256        $url_self,
257        array(
258          'action'=>'edit_comment',
259          'comment_to_edit'=>$row['id'],
260          )
261        );
262        if (isset($edit_comment) and ($row['id'] == $edit_comment))
263        {
264          $tpl_comment['IN_EDIT'] = true;
265          $tpl_comment['KEY'] = get_ephemeral_key(2);
266          $tpl_comment['CONTENT'] = $row['content'];
267          $tpl_comment['PWG_TOKEN'] = get_pwg_token();
268          $tpl_comment['U_CANCEL'] = $url_self;
269        }
270    }
271    if (is_admin())
272    {
273      if ($row['validated'] != 'true')
274      {
275        $tpl_comment['U_VALIDATE'] = add_url_params(
276          $url_self,
277          array(
278            'action' => 'validate_comment',
279            'comment_to_validate' => $row['id'],
280            'pwg_token' => get_pwg_token(),
281            )
282          );
283      }
284    }
285    $template->append('comments', $tpl_comment);
286  }
287}
288
289$show_add_comment_form = !is_a_guest() || $conf['guestbook']['guest_can_add'];
290if (isset($edit_comment))
291{
292  $show_add_comment_form = false;
293}
294
295if ($show_add_comment_form)
296{
297  foreach (array('content','author','website','email') as $el)
298  {
299    ${$el} = '';
300    if ('reject'===@$comment_action and !empty($comm[$el]))
301    {
302      ${$el} = htmlspecialchars( stripslashes($comm[$el]) );
303    }
304  }
305  if (is_classic_user())
306  {
307    $author = $user['username'];
308    $email = $user['email'];
309  }
310  if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility
311  {
312    $conf['comments_email_mandatory'] = false;
313  }
314
315  $template->assign('comment_add',
316    array(
317      'F_ACTION' => $url_self,
318      'KEY' => get_ephemeral_key(3),
319      'CONTENT' => $content,
320      'IS_LOGGED' => is_classic_user(),
321      'AUTHOR' => $author,
322      'WEBSITE' => $website,
323      'EMAIL' => $email,
324      'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
325      'EMAIL_MANDATORY' => $conf['comments_email_mandatory'],
326    ));
327}
328
329$template->assign(array(
330  'GUESTBOOK_PATH' => GUESTBOOK_PATH,
331  'ABS_GUESTBOOK_PATH' => realpath(GUESTBOOK_PATH) . '/',
332  ));
333
334$template->set_filename('guestbook', realpath(GUESTBOOK_PATH . 'template/guestbook.tpl'));
335$template->assign_var_from_handle('CONTENT', 'guestbook');
Note: See TracBrowser for help on using the repository browser.