source: extensions/GuestBook/include/guestbook.inc.php @ 26111

Last change on this file since 26111 was 26111, checked in by mistic100, 7 years ago

use new trigger methods and add extra param

File size: 9.2 KB
Line 
1<?php
2if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4global $user;
5
6include(GUESTBOOK_PATH . 'include/functions.inc.php');
7
8$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
9
10// +-----------------------------------------------------------------------+
11// |                                actions                                |
12// +-----------------------------------------------------------------------+
13if (isset($_GET['action']))
14{
15  switch ($_GET['action'])
16  {
17    case 'edit_comment':
18    {
19      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
20     
21      check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
22      $author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
23
24      if (can_manage_comment('edit', $author_id))
25      {
26        if (!empty($_POST['content']))
27        {
28          check_pwg_token();
29          $comment_action = update_user_comment_guestbook(
30            array(
31              'comment_id' => $_GET['comment_to_edit'],
32              'content' => $_POST['content']
33              ),
34            $_POST['key']
35            );
36
37          $perform_redirect = false;
38          switch ($comment_action)
39          {
40            case 'moderate':
41              $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
42            case 'validate':
43              $_SESSION['page_infos'][] = l10n('Your comment has been registered');
44              $perform_redirect = true;
45              break;
46            case 'reject':
47              $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
48              $perform_redirect = true;
49              break;
50            default:
51              trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
52          }
53
54          if ($perform_redirect)
55          {
56            redirect($url_self);
57          }
58          unset($_POST['content']);
59        }
60        else
61        {
62          $edit_comment = $_GET['comment_to_edit'];
63        }
64      }
65      break;
66    }
67    case 'delete_comment' :
68    {
69      check_pwg_token();
70
71      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
72
73      check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
74
75      $author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
76
77      if (can_manage_comment('delete', $author_id))
78      {
79        delete_user_comment_guestbook($_GET['comment_to_delete']);
80      }
81
82      redirect($url_self);
83    }
84    case 'validate_comment' :
85    {
86      check_pwg_token();
87
88      include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
89
90      check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
91
92      $author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
93
94      if (can_manage_comment('validate', $author_id))
95      {
96        validate_user_comment_guestbook($_GET['comment_to_validate']);
97      }
98
99      redirect($url_self);
100    }
101
102  }
103}
104
105// +-----------------------------------------------------------------------+
106// |                                add comment                            |
107// +-----------------------------------------------------------------------+
108if (isset($_POST['content']) && (!is_a_guest() || $conf['guestbook']['guest_can_add']))
109{
110  $comm = array(
111    'author' => trim(@$_POST['author']),
112    'email' => trim(@$_POST['email']),
113    'content' => trim($_POST['content']),
114    'website' => trim($_POST['website']),
115    'rate' => @$_POST['score'],
116   );
117
118  include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
119
120  $comment_action = insert_user_comment_guestbook($comm, @$_POST['key']);
121
122  switch ($comment_action)
123  {
124    case 'moderate':
125      $page['infos'][] = l10n('An administrator must authorize your comment before it is visible.');
126    case 'validate':
127      $page['infos'][] = l10n('Your comment has been registered');
128      break;
129    case 'reject':
130      set_status_header(403);
131      $template->assign('GB_OPEN', true);
132      $page['errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
133      break;
134    default:
135      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
136  }
137}
138
139// +-----------------------------------------------------------------------+
140// |                                display comments                       |
141// +-----------------------------------------------------------------------+
142$where_clauses = array('1=1');
143if (!is_admin())
144{
145  $where_clauses[] = 'validated = \'true\'';
146}
147if (isset($_GET['comment_id']))
148{
149  $where_clauses[] = 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']);
150}
151
152// number of comments for this picture
153$query = '
154SELECT
155    COUNT(*) AS nb_comments
156  FROM '.GUESTBOOK_TABLE.' as com
157  WHERE '.implode(' AND ', $where_clauses).'
158;';
159$row = pwg_db_fetch_assoc(pwg_query($query));
160
161// navigation bar creation
162$page['start'] = 0;
163if (isset($_GET['start']))
164{
165  $page['start'] = $_GET['start'];
166}
167
168$navigation_bar = create_navigation_bar(
169  GUESTBOOK_URL,
170  $row['nb_comments'],
171  $page['start'],
172  $conf['guestbook']['nb_comment_page'],
173  false
174  );
175
176$template->assign(array(
177  'COMMENT_COUNT' => $row['nb_comments'],
178  'navbar' => $navigation_bar,
179  ));
180 
181if ($row['nb_comments'] > 0)
182{
183  $query = '
184SELECT
185    com.id,
186    author,
187    author_id,
188    '.$conf['user_fields']['username'].' AS username,
189    date,
190    content,
191    validated,
192    website,
193    rate,
194    email
195  FROM '.GUESTBOOK_TABLE.' AS com
196  LEFT JOIN '.USERS_TABLE.' AS u
197    ON u.'.$conf['user_fields']['id'].' = author_id
198  WHERE '.implode(' AND ', $where_clauses).'
199  ORDER BY date DESC
200  LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
201;';
202  $result = pwg_query( $query );
203
204  while ($row = pwg_db_fetch_assoc($result))
205  {
206    if (!empty($row['author']))
207    {
208      $author = $row['author'];
209      if ($author == 'guest')
210      {
211        $author = l10n('guest');
212      }
213    }
214    else
215    {
216      $author = stripslashes($row['username']);
217    }
218
219    $tpl_comment = array(
220      'ID' => $row['id'],
221      'AUTHOR' => trigger_change('render_comment_author', $author),
222      'DATE' => format_date($row['date'], true),
223      'CONTENT' => trigger_change('render_comment_content', $row['content'], 'guestbook'),
224      'WEBSITE' => $row['website'],
225      );
226     
227    if ($conf['guestbook']['activate_rating'])
228    {
229      $tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
230    }
231     
232    if (is_admin() and !empty($row['email']))
233    {
234      $tpl_comment['EMAIL'] = $row['email'];
235    }
236
237    if (can_manage_comment('delete', $row['author_id']))
238    {
239      $tpl_comment['U_DELETE'] = add_url_params(
240        $url_self,
241        array(
242          'action'=>'delete_comment',
243          'comment_to_delete'=>$row['id'],
244          'pwg_token' => get_pwg_token(),
245          )
246        );
247    }
248    if (can_manage_comment('edit', $row['author_id']))
249    {
250      $tpl_comment['U_EDIT'] = add_url_params(
251        $url_self,
252        array(
253          'action'=>'edit_comment',
254          'comment_to_edit'=>$row['id'],
255          )
256        );
257        if (isset($edit_comment) and ($row['id'] == $edit_comment))
258        {
259          $tpl_comment['IN_EDIT'] = true;
260          $tpl_comment['KEY'] = get_ephemeral_key(2);
261          $tpl_comment['CONTENT'] = $row['content'];
262          $tpl_comment['PWG_TOKEN'] = get_pwg_token();
263          $tpl_comment['U_CANCEL'] = $url_self;
264        }
265    }
266    if (is_admin())
267    {
268      if ($row['validated'] != 'true')
269      {
270        $tpl_comment['U_VALIDATE'] = add_url_params(
271          $url_self,
272          array(
273            'action' => 'validate_comment',
274            'comment_to_validate' => $row['id'],
275            'pwg_token' => get_pwg_token(),
276            )
277          );
278      }
279    }
280    $template->append('comments', $tpl_comment);
281  }
282}
283
284$show_add_comment_form = !is_a_guest() || $conf['guestbook']['guest_can_add'];
285if (isset($edit_comment))
286{
287  $show_add_comment_form = false;
288}
289
290if ($show_add_comment_form)
291{
292  foreach (array('content','author','website','email') as $el)
293  {
294    ${$el} = '';
295    if ('reject'===@$comment_action and !empty($comm[$el]))
296    {
297      ${$el} = htmlspecialchars( stripslashes($comm[$el]) );
298    }
299  }
300  if (is_classic_user())
301  {
302    $author = $user['username'];
303    $email = $user['email'];
304  }
305  if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility
306  {
307    $conf['comments_email_mandatory'] = false;
308  }
309
310  $template->assign('comment_add',
311    array(
312      'F_ACTION' => $url_self,
313      'KEY' => get_ephemeral_key(3),
314      'CONTENT' => $content,
315      'IS_LOGGED' => is_classic_user(),
316      'AUTHOR' => $author,
317      'WEBSITE' => $website,
318      'EMAIL' => $email,
319      'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
320      'EMAIL_MANDATORY' => $conf['comments_email_mandatory'],
321    ));
322}
323
324$template->assign(array(
325  'GUESTBOOK_PATH' => GUESTBOOK_PATH,
326  'ABS_GUESTBOOK_PATH' => realpath(GUESTBOOK_PATH) . '/',
327  ));
328
329$template->set_filename('guestbook', realpath(GUESTBOOK_PATH . 'template/guestbook.tpl'));
330$template->assign_var_from_handle('CONTENT', 'guestbook');
Note: See TracBrowser for help on using the repository browser.