source: trunk/admin/comments.php @ 3450

Last change on this file since 3450 was 3450, checked in by nikrou, 15 years ago

Feature 1026 step 2 :
add author_id column so that guest cannot modify old users comments

  • Property svn:eol-style set to LF
File size: 5.9 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30include_once(PHPWG_ROOT_PATH.'admin/include/functions_waiting.inc.php');
31
32// +-----------------------------------------------------------------------+
33// | Check Access and exit when user status is not ok                      |
34// +-----------------------------------------------------------------------+
35check_status(ACCESS_ADMINISTRATOR);
36
37// +-----------------------------------------------------------------------+
38// |                                actions                                |
39// +-----------------------------------------------------------------------+
40
41if (isset($_POST))
42{
43  $to_validate = array();
44  $to_reject = array();
45
46  if (isset($_POST['submit']) and !is_adviser())
47  {
48    foreach (explode(',', $_POST['list']) as $comment_id)
49    {
50      if (isset($_POST['action-'.$comment_id]))
51      {
52        switch ($_POST['action-'.$comment_id])
53        {
54          case 'reject' :
55          {
56            array_push($to_reject, $comment_id);
57            break;
58          }
59          case 'validate' :
60          {
61            array_push($to_validate, $comment_id);
62            break;
63          }
64        }
65      }
66    }
67  }
68  else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
69  {
70    $to_validate = explode(',', $_POST['list']);
71  }
72  else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
73  {
74    $to_reject = explode(',', $_POST['list']);
75  }
76
77  if (count($to_validate) > 0)
78  {
79    $query = '
80UPDATE '.COMMENTS_TABLE.'
81  SET validated = \'true\'
82    , validation_date = NOW()
83  WHERE id IN ('.implode(',', $to_validate).')
84;';
85    pwg_query($query);
86
87    array_push(
88      $page['infos'],
89      l10n_dec(
90        '%d user comment validated', '%d user comments validated',
91        count($to_validate)
92        )
93      );
94  }
95
96  if (count($to_reject) > 0)
97  {
98    $query = '
99DELETE
100  FROM '.COMMENTS_TABLE.'
101  WHERE id IN ('.implode(',', $to_reject).')
102;';
103    pwg_query($query);
104
105    array_push(
106      $page['infos'],
107      l10n_dec(
108        '%d user comment rejected', '%d user comments rejected',
109        count($to_reject)
110        )
111      );
112  }
113}
114
115// +-----------------------------------------------------------------------+
116// |                             template init                             |
117// +-----------------------------------------------------------------------+
118
119$template->set_filenames(array('comments'=>'comments.tpl'));
120
121// TabSheet initialization
122waiting_tabsheet();
123
124$template->assign(
125  array(
126    'F_ACTION' => get_root_url().'admin.php?page=comments'
127    )
128  );
129
130// +-----------------------------------------------------------------------+
131// |                           comments display                            |
132// +-----------------------------------------------------------------------+
133
134$list = array();
135
136$query = '
137SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext
138  FROM '.COMMENTS_TABLE.' AS c
139    INNER JOIN '.IMAGES_TABLE.' AS i
140      ON i.id = c.image_id
141    LEFT JOIN '.USERS_TABLE.' AS u
142      ON u.id = c.author_id
143  WHERE validated = \'false\'
144  ORDER BY c.date DESC
145;';
146$result = pwg_query($query);
147while ($row = mysql_fetch_assoc($result))
148{
149  $thumb = get_thumbnail_url(
150      array(
151        'id'=>$row['image_id'],
152        'path'=>$row['path'],
153        'tn_ext'=>@$row['tn_ext']
154        )
155     );
156  if (empty($row['author_id'])) 
157  {
158    $author_name = $row['author'];
159  }
160  else
161  {
162    $author_name = $row['username'];
163  }
164  $template->append(
165    'comments',
166    array(
167      'U_PICTURE' =>
168          PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
169          '&amp;image_id='.$row['image_id'],
170      'ID' => $row['id'],
171      'TN_SRC' => $thumb,
172      'AUTHOR' => trigger_event('render_comment_author', $author_name),
173      'DATE' => format_date($row['date'], true),
174      'CONTENT' => trigger_event('render_comment_content',$row['content'])
175      )
176    );
177
178  array_push($list, $row['id']);
179}
180
181$template->assign('LIST', implode(',', $list) );
182
183// +-----------------------------------------------------------------------+
184// |                           sending html code                           |
185// +-----------------------------------------------------------------------+
186
187$template->assign_var_from_handle('ADMIN_CONTENT', 'comments');
188
189?>
Note: See TracBrowser for help on using the repository browser.