Context Navigation

source: extensions/GuestBook/include/guestbook.inc.php @ 26065

Last change on this file since 26065 was 26065, checked in by mistic100, 10 years ago
update for Piwigo 2.6 + code clean
File size: 9.3 KB

Line
1	<?php
2	if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4	global $user;
5
6	include(GUESTBOOK_PATH . 'include/functions.inc.php');
7
8	$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
9
10	// +-----------------------------------------------------------------------+
11	// \| actions \|
12	// +-----------------------------------------------------------------------+
13	if (isset($_GET['action']))
14	{
15	switch ($_GET['action'])
16	{
17	case 'edit_comment':
18	{
19	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
20
21	check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
22	$author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
23
24	if (can_manage_comment('edit', $author_id))
25	{
26	if (!empty($_POST['content']))
27	{
28	check_pwg_token();
29	$comment_action = update_user_comment_guestbook(
30	array(
31	'comment_id' => $_GET['comment_to_edit'],
32	'content' => $_POST['content']
33	),
34	$_POST['key']
35	);
36
37	$perform_redirect = false;
38	switch ($comment_action)
39	{
40	case 'moderate':
41	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
42	case 'validate':
43	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
44	$perform_redirect = true;
45	break;
46	case 'reject':
47	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
48	$perform_redirect = true;
49	break;
50	default:
51	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
52	}
53
54	if ($perform_redirect)
55	{
56	redirect($url_self);
57	}
58	unset($_POST['content']);
59	}
60	else
61	{
62	$edit_comment = $_GET['comment_to_edit'];
63	}
64	}
65	break;
66	}
67	case 'delete_comment' :
68	{
69	check_pwg_token();
70
71	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
72
73	check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
74
75	$author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
76
77	if (can_manage_comment('delete', $author_id))
78	{
79	delete_user_comment_guestbook($_GET['comment_to_delete']);
80	}
81
82	redirect($url_self);
83	}
84	case 'validate_comment' :
85	{
86	check_pwg_token();
87
88	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
89
90	check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
91
92	$author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
93
94	if (can_manage_comment('validate', $author_id))
95	{
96	validate_user_comment_guestbook($_GET['comment_to_validate']);
97	}
98
99	redirect($url_self);
100	}
101
102	}
103	}
104
105	// +-----------------------------------------------------------------------+
106	// \| add comment \|
107	// +-----------------------------------------------------------------------+
108	if (isset($_POST['content']) && (!is_a_guest() \|\| $conf['guestbook']['guest_can_add']))
109	{
110	$comm = array(
111	'author' => trim(@$_POST['author']),
112	'email' => trim(@$_POST['email']),
113	'content' => trim($_POST['content']),
114	'website' => trim($_POST['website']),
115	'rate' => @$_POST['score'],
116	);
117
118	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
119
120	$comment_action = insert_user_comment_guestbook($comm, @$_POST['key']);
121
122	switch ($comment_action)
123	{
124	case 'moderate':
125	$page['infos'][] = l10n('An administrator must authorize your comment before it is visible.');
126	case 'validate':
127	$page['infos'][] = l10n('Your comment has been registered');
128	break;
129	case 'reject':
130	set_status_header(403);
131	$template->assign('GB_OPEN', true);
132	$page['errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
133	break;
134	default:
135	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
136	}
137
138	// allow plugins to notify what's going on
139	trigger_action('user_comment_insertion',
140	array_merge($comm, array('action'=>$comment_action))
141	);
142	}
143
144	// +-----------------------------------------------------------------------+
145	// \| display comments \|
146	// +-----------------------------------------------------------------------+
147	$where_clauses = array('1=1');
148	if (!is_admin())
149	{
150	$where_clauses[] = 'validated = \'true\'';
151	}
152	if (isset($_GET['comment_id']))
153	{
154	$where_clauses[] = 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']);
155	}
156
157	// number of comments for this picture
158	$query = '
159	SELECT
160	COUNT(*) AS nb_comments
161	FROM '.GUESTBOOK_TABLE.' as com
162	WHERE '.implode(' AND ', $where_clauses).'
163	;';
164	$row = pwg_db_fetch_assoc(pwg_query($query));
165
166	// navigation bar creation
167	$page['start'] = 0;
168	if (isset($_GET['start']))
169	{
170	$page['start'] = $_GET['start'];
171	}
172
173	$navigation_bar = create_navigation_bar(
174	GUESTBOOK_URL,
175	$row['nb_comments'],
176	$page['start'],
177	$conf['guestbook']['nb_comment_page'],
178	false
179	);
180
181	$template->assign(array(
182	'COMMENT_COUNT' => $row['nb_comments'],
183	'navbar' => $navigation_bar,
184	));
185
186	if ($row['nb_comments'] > 0)
187	{
188	$query = '
189	SELECT
190	com.id,
191	author,
192	author_id,
193	'.$conf['user_fields']['username'].' AS username,
194	date,
195	content,
196	validated,
197	website,
198	rate,
199	email
200	FROM '.GUESTBOOK_TABLE.' AS com
201	LEFT JOIN '.USERS_TABLE.' AS u
202	ON u.'.$conf['user_fields']['id'].' = author_id
203	WHERE '.implode(' AND ', $where_clauses).'
204	ORDER BY date DESC
205	LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
206	;';
207	$result = pwg_query( $query );
208
209	while ($row = pwg_db_fetch_assoc($result))
210	{
211	if (!empty($row['author']))
212	{
213	$author = $row['author'];
214	if ($author == 'guest')
215	{
216	$author = l10n('guest');
217	}
218	}
219	else
220	{
221	$author = stripslashes($row['username']);
222	}
223
224	$tpl_comment = array(
225	'ID' => $row['id'],
226	'AUTHOR' => trigger_event('render_comment_author', $author),
227	'DATE' => format_date($row['date'], true),
228	'CONTENT' => trigger_event('render_comment_content', $row['content']),
229	'WEBSITE' => $row['website'],
230	);
231
232	if ($conf['guestbook']['activate_rating'])
233	{
234	$tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
235	}
236
237	if (is_admin() and !empty($row['email']))
238	{
239	$tpl_comment['EMAIL'] = $row['email'];
240	}
241
242	if (can_manage_comment('delete', $row['author_id']))
243	{
244	$tpl_comment['U_DELETE'] = add_url_params(
245	$url_self,
246	array(
247	'action'=>'delete_comment',
248	'comment_to_delete'=>$row['id'],
249	'pwg_token' => get_pwg_token(),
250	)
251	);
252	}
253	if (can_manage_comment('edit', $row['author_id']))
254	{
255	$tpl_comment['U_EDIT'] = add_url_params(
256	$url_self,
257	array(
258	'action'=>'edit_comment',
259	'comment_to_edit'=>$row['id'],
260	)
261	);
262	if (isset($edit_comment) and ($row['id'] == $edit_comment))
263	{
264	$tpl_comment['IN_EDIT'] = true;
265	$tpl_comment['KEY'] = get_ephemeral_key(2);
266	$tpl_comment['CONTENT'] = $row['content'];
267	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
268	$tpl_comment['U_CANCEL'] = $url_self;
269	}
270	}
271	if (is_admin())
272	{
273	if ($row['validated'] != 'true')
274	{
275	$tpl_comment['U_VALIDATE'] = add_url_params(
276	$url_self,
277	array(
278	'action' => 'validate_comment',
279	'comment_to_validate' => $row['id'],
280	'pwg_token' => get_pwg_token(),
281	)
282	);
283	}
284	}
285	$template->append('comments', $tpl_comment);
286	}
287	}
288
289	$show_add_comment_form = !is_a_guest() \|\| $conf['guestbook']['guest_can_add'];
290	if (isset($edit_comment))
291	{
292	$show_add_comment_form = false;
293	}
294
295	if ($show_add_comment_form)
296	{
297	foreach (array('content','author','website','email') as $el)
298	{
299	${$el} = '';
300	if ('reject'===@$comment_action and !empty($comm[$el]))
301	{
302	${$el} = htmlspecialchars( stripslashes($comm[$el]) );
303	}
304	}
305	if (is_classic_user())
306	{
307	$author = $user['username'];
308	$email = $user['email'];
309	}
310	if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility
311	{
312	$conf['comments_email_mandatory'] = false;
313	}
314
315	$template->assign('comment_add',
316	array(
317	'F_ACTION' => $url_self,
318	'KEY' => get_ephemeral_key(3),
319	'CONTENT' => $content,
320	'IS_LOGGED' => is_classic_user(),
321	'AUTHOR' => $author,
322	'WEBSITE' => $website,
323	'EMAIL' => $email,
324	'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
325	'EMAIL_MANDATORY' => $conf['comments_email_mandatory'],
326	));
327	}
328
329	$template->assign(array(
330	'GUESTBOOK_PATH' => GUESTBOOK_PATH,
331	'ABS_GUESTBOOK_PATH' => realpath(GUESTBOOK_PATH) . '/',
332	));
333
334	$template->set_filename('guestbook', realpath(GUESTBOOK_PATH . 'template/guestbook.tpl'));
335	$template->assign_var_from_handle('CONTENT', 'guestbook');

Note: See TracBrowser for help on using the repository browser.

Download in other formats: