source: trunk/comments.php @ 24540

Last change on this file since 24540 was 22142, checked in by plg, 12 years ago

merge r22141 from branch 2.5 to trunk

bug 2887 fixed: avoid private photos to be returned as results on user comment
search with the appropriate author.

  • Property svn:eol-style set to LF
File size: 17.7 KB
RevLine 
[166]1<?php
[354]2// +-----------------------------------------------------------------------+
[8728]3// | Piwigo - a PHP based photo gallery                                    |
[2297]4// +-----------------------------------------------------------------------+
[19703]5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
[2297]6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
[166]23
[579]24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
[1598]27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[3445]29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
[345]30
[12887]31if (!$conf['activate_comments'])
32{
33  page_not_found(null);
34}
35
[1072]36// +-----------------------------------------------------------------------+
37// | Check Access and exit when user status is not ok                      |
38// +-----------------------------------------------------------------------+
39check_status(ACCESS_GUEST);
40
[796]41$sort_order = array(
[2223]42  'DESC' => l10n('descending'),
43  'ASC'  => l10n('ascending')
[796]44  );
45
46// sort_by : database fields proposed for sorting comments list
47$sort_by = array(
[2223]48  'date' => l10n('comment date'),
[8711]49  'image_id' => l10n('photo')
[796]50  );
51
52// items_number : list of number of items to display per page
53$items_number = array(5,10,20,50,'all');
54
[19303]55// if the default value is not in the expected values, we add it in the $items_number array
56if (!in_array($conf['comments_page_nb_comments'], $items_number))
57{
58  $items_number_new = array();
59
60  $is_inserted = false;
61
62  foreach ($items_number as $number)
63  {
64    if ($number > $conf['comments_page_nb_comments'] or ($number == 'all' and !$is_inserted))
65    {
66      $items_number_new[] = $conf['comments_page_nb_comments'];
67      $is_inserted = true;
68    }
69   
70    $items_number_new[] = $number;
71  }
72
73  $items_number = $items_number_new;
74}
75
[796]76// since when display comments ?
77//
78$since_options = array(
79  1 => array('label' => l10n('today'),
[4367]80             'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
[796]81  2 => array('label' => sprintf(l10n('last %d days'), 7),
[4367]82             'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
[796]83  3 => array('label' => sprintf(l10n('last %d days'), 30),
[4367]84             'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
[796]85  4 => array('label' => l10n('the beginning'),
86             'clause' => '1=1') // stupid but generic
87  );
[18063]88 
89trigger_action('loc_begin_comments');
[796]90
[4139]91if (!empty($_GET['since']) && is_numeric($_GET['since']))
92{
93  $page['since'] = $_GET['since'];
94}
95else
96{
97  $page['since'] = 4;
98}
[796]99
100// on which field sorting
101//
102$page['sort_by'] = 'date';
103// if the form was submitted, it overloads default behaviour
[2757]104if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]105{
[796]106  $page['sort_by'] = $_GET['sort_by'];
[393]107}
[796]108
109// order to sort
110//
[2223]111$page['sort_order'] = 'DESC';
[796]112// if the form was submitted, it overloads default behaviour
[2757]113if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]114{
[2223]115  $page['sort_order'] = $_GET['sort_order'];
[393]116}
[796]117
118// number of items to display
119//
[19303]120$page['items_number'] = $conf['comments_page_nb_comments'];
[796]121if (isset($_GET['items_number']))
122{
123  $page['items_number'] = $_GET['items_number'];
124}
[3600]125if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
[3520]126{
127  $page['items_number'] = 10;
128}
[796]129
[1716]130$page['where_clauses'] = array();
131
[796]132// which category to filter on ?
133if (isset($_GET['cat']) and 0 != $_GET['cat'])
134{
[6910]135  check_input_parameter('cat', $_GET, false, PATTERN_ID);
[7488]136
137  $category_ids = get_subcat_ids(array($_GET['cat']));
[9679]138  if (empty($category_ids))
[7488]139  {
140    $category_ids = array(-1);
141  }
[12930]142
[1716]143  $page['where_clauses'][] =
[7488]144    'category_id IN ('.implode(',', $category_ids).')';
[796]145}
146
147// search a particular author
[4139]148if (!empty($_GET['author']))
[796]149{
[3487]150  $page['where_clauses'][] =
[22142]151    '(u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\' OR author = \''.$_GET['author'].'\')';
[796]152}
153
[5195]154// search a specific comment (if you're coming directly from an admin
155// notification email)
156if (!empty($_GET['comment_id']))
157{
158  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
159
160  // currently, the $_GET['comment_id'] is only used by admins from email
161  // for management purpose (validate/delete)
162  if (!is_admin())
163  {
164    $login_url =
165      get_root_url().'identification.php?redirect='
166      .urlencode(urlencode($_SERVER['REQUEST_URI']))
167      ;
168    redirect($login_url);
169  }
170
171  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
172}
173
[796]174// search a substring among comments content
[4139]175if (!empty($_GET['keyword']))
[796]176{
[1716]177  $page['where_clauses'][] =
[796]178    '('.
179    implode(' AND ',
180            array_map(
181              create_function(
182                '$s',
183                'return "content LIKE \'%$s%\'";'
184                ),
[2012]185              preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]186              )
187      ).
188    ')';
189}
190
[1716]191$page['where_clauses'][] = $since_options[$page['since']]['clause'];
192
[1598]193// which status to filter on ?
[1716]194if ( !is_admin() )
[1598]195{
[4367]196  $page['where_clauses'][] = 'validated=\'true\'';
[1598]197}
198
[1716]199$page['where_clauses'][] = get_sql_condition_FandF
200  (
201    array
202      (
203        'forbidden_categories' => 'category_id',
204        'visible_categories' => 'category_id',
205        'visible_images' => 'ic.image_id'
206      ),
207    '', true
208  );
[1598]209
[579]210// +-----------------------------------------------------------------------+
211// |                         comments management                           |
212// +-----------------------------------------------------------------------+
[1598]213
[5195]214$comment_id = null;
215$action = null;
216
217$actions = array('delete', 'validate', 'edit');
218foreach ($actions as $loop_action)
219{
220  if (isset($_GET[$loop_action]))
221  {
[5199]222    $action = $loop_action;
[5195]223    check_input_parameter($action, $_GET, false, PATTERN_ID);
224    $comment_id = $_GET[$action];
225    break;
226  }
[579]227}
[1617]228
[5195]229if (isset($action))
[3445]230{
[5195]231  $comment_author_id = get_comment_author_id($comment_id);
[5199]232
[5195]233  if (can_manage_comment($action, $comment_author_id))
[3445]234  {
[5195]235    $perform_redirect = false;
[5199]236
[5195]237    if ('delete' == $action)
238    {
[13865]239      check_pwg_token();
[5195]240      delete_user_comment($comment_id);
241      $perform_redirect = true;
242    }
[3445]243
[5195]244    if ('validate' == $action)
245    {
[13865]246      check_pwg_token();
[5195]247      validate_user_comment($comment_id);
248      $perform_redirect = true;
249    }
[5199]250
[5195]251    if ('edit' == $action)
252    {
253      if (!empty($_POST['content']))
254      {
[13865]255        check_pwg_token();
[18995]256        $comment_action = update_user_comment(
[5195]257          array(
258            'comment_id' => $_GET['edit'],
259            'image_id' => $_POST['image_id'],
[18995]260            'content' => $_POST['content'],
261            'website_url' => @$_POST['website_url'],
[5195]262            ),
263          $_POST['key']
264          );
[18995]265       
266        switch ($comment_action)
267        {
268          case 'moderate':
269            $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
270          case 'validate':
271            $_SESSION['page_infos'][] = l10n('Your comment has been registered');
272            $perform_redirect = true;
273            break;
274          case 'reject':
275            $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
276            break;
277          default:
278            trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
279        }
[5195]280      }
[18995]281     
282      $edit_comment = $_GET['edit'];
[5195]283    }
[5199]284
[5195]285    if ($perform_redirect)
286    {
287      $redirect_url =
288        PHPWG_ROOT_PATH
289        .'comments.php'
[12765]290        .get_query_string_diff(array('delete','edit','validate','pwg_token'));
[5199]291
[5195]292      redirect($redirect_url);
293    }
[3445]294  }
295}
296
[579]297// +-----------------------------------------------------------------------+
298// |                       page header and options                         |
299// +-----------------------------------------------------------------------+
[355]300
[2268]301$title= l10n('User comments');
[850]302$page['body_id'] = 'theCommentsPage';
303
[579]304$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]305$template->assign(
[579]306  array(
[796]307    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[4182]308    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
309    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
[579]310    )
311  );
[355]312
[796]313// +-----------------------------------------------------------------------+
314// |                          form construction                            |
315// +-----------------------------------------------------------------------+
316
317// Search in a particular category
[2223]318$blockname = 'categories';
[796]319
320$query = '
[1861]321SELECT id, name, uppercats, global_rank
[1677]322  FROM '.CATEGORIES_TABLE.'
323'.get_sql_condition_FandF
324  (
325    array
326      (
327        'forbidden_categories' => 'id',
328        'visible_categories' => 'id'
329      ),
330    'WHERE'
331  ).'
[796]332;';
333display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
334
335// Filter on recent comments...
[2223]336$tpl_var=array();
[796]337foreach ($since_options as $id => $option)
338{
[2223]339  $tpl_var[ $id ] = $option['label'];
[355]340}
[2223]341$template->assign( 'since_options', $tpl_var);
342$template->assign( 'since_options_selected', $page['since']);
[796]343
344// Sort by
[2223]345$template->assign( 'sort_by_options', $sort_by);
346$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]347
348// Sorting order
[2223]349$template->assign( 'sort_order_options', $sort_order);
350$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]351
352
353// Number of items
354$blockname = 'items_number_option';
[2223]355$tpl_var=array();
[796]356foreach ($items_number as $option)
357{
[2223]358  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]359}
[2223]360$template->assign( 'item_number_options', $tpl_var);
361$template->assign( 'item_number_options_selected', $page['items_number']);
[796]362
[2223]363
[579]364// +-----------------------------------------------------------------------+
[796]365// |                            navigation bar                             |
366// +-----------------------------------------------------------------------+
367
368if (isset($_GET['start']) and is_numeric($_GET['start']))
369{
370  $start = $_GET['start'];
371}
372else
373{
374  $start = 0;
375}
376
377$query = '
[3450]378SELECT COUNT(DISTINCT(com.id))
[796]379  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[5199]380    INNER JOIN '.COMMENTS_TABLE.' AS com
[796]381    ON ic.image_id = com.image_id
[4139]382    LEFT JOIN '.USERS_TABLE.' As u
383    ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]384  WHERE '.implode('
385    AND ', $page['where_clauses']).'
[796]386;';
[4325]387list($counter) = pwg_db_fetch_row(pwg_query($query));
[796]388
[1598]389$url = PHPWG_ROOT_PATH
390    .'comments.php'
[5195]391  .get_query_string_diff(array('start','delete','validate','pwg_token'));
[796]392
393$navbar = create_navigation_bar($url,
394                                $counter,
395                                $start,
396                                $page['items_number'],
397                                '');
398
[3172]399$template->assign('navbar', $navbar);
[796]400
[15924]401$url_self = PHPWG_ROOT_PATH
402    .'comments.php'
403  .get_query_string_diff(array('edit','delete','validate','pwg_token'));
404
[796]405// +-----------------------------------------------------------------------+
[579]406// |                        last comments display                          |
407// +-----------------------------------------------------------------------+
[355]408
[796]409$comments = array();
410$element_ids = array();
411$category_ids = array();
412
[579]413$query = '
[6596]414SELECT com.id AS comment_id,
415       com.image_id,
416       com.author,
417       com.author_id,
[18164]418       u.'.$conf['user_fields']['email'].' AS user_email,
419       com.email,
[6596]420       com.date,
[17351]421       com.website_url,
[6596]422       com.content,
423       com.validated
[796]424  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[6601]425    INNER JOIN '.COMMENTS_TABLE.' AS com
[796]426    ON ic.image_id = com.image_id
[4139]427    LEFT JOIN '.USERS_TABLE.' As u
428    ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]429  WHERE '.implode('
430    AND ', $page['where_clauses']).'
[6596]431  GROUP BY comment_id,
432       com.image_id,
433       com.author,
434       com.author_id,
435       com.date,
436       com.content,
437       com.validated
[796]438  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
439if ('all' != $page['items_number'])
440{
441  $query.= '
[4334]442  LIMIT '.$page['items_number'].' OFFSET '.$start;
[796]443}
444$query.= '
[579]445;';
[587]446$result = pwg_query($query);
[4325]447while ($row = pwg_db_fetch_assoc($result))
[393]448{
[796]449  array_push($comments, $row);
450  array_push($element_ids, $row['image_id']);
[393]451}
[796]452
453if (count($comments) > 0)
[579]454{
[796]455  // retrieving element informations
456  $elements = array();
[579]457  $query = '
[12930]458SELECT *
[579]459  FROM '.IMAGES_TABLE.'
[796]460  WHERE id IN ('.implode(',', $element_ids).')
[579]461;';
[796]462  $result = pwg_query($query);
[4325]463  while ($row = pwg_db_fetch_assoc($result))
[579]464  {
[796]465    $elements[$row['id']] = $row;
[579]466  }
[721]467
[796]468  // retrieving category informations
[579]469  $query = '
[6596]470SELECT c.id, name, permalink, uppercats, com.id as comment_id
471  FROM '.CATEGORIES_TABLE.' AS c
472  LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
473  ON c.id=ic.category_id
474  LEFT JOIN '.COMMENTS_TABLE.' AS com
475  ON ic.image_id=com.image_id
[6601]476  '.get_sql_condition_FandF
477    (
478      array
479      (
480        'forbidden_categories' => 'c.id',
481        'visible_categories' => 'c.id'
482       ),
483      'WHERE'
484     ).'
[796]485;';
[6596]486  $categories = hash_from_query($query, 'comment_id');
[796]487
488  foreach ($comments as $comment)
[579]489  {
[796]490    if (!empty($elements[$comment['image_id']]['name']))
[166]491    {
[1598]492      $name=$elements[$comment['image_id']]['name'];
[166]493    }
[796]494    else
495    {
[1598]496      $name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]497    }
[1090]498
[796]499    // source of the thumbnail picture
[12930]500    $src_image = new SrcImage($elements[$comment['image_id']]);
[1090]501
[796]502    // link to the full size picture
[1090]503    $url = make_picture_url(
[796]504      array(
[6596]505        'category' => $categories[ $comment['comment_id'] ],
[5195]506        'image_id' => $comment['image_id'],
507        'image_file' => $elements[$comment['image_id']]['file'],
508        )
509      );
[18164]510     
511    $email = null;
512    if (!empty($comment['user_email']))
513    {
514      $email = $comment['user_email'];
515    }
516    else if (!empty($comment['email']))
517    {
518      $email = $comment['email'];
519    }
[5199]520
[5195]521    $tpl_comment = array(
[11261]522      'ID' => $comment['comment_id'],
[5195]523      'U_PICTURE' => $url,
[12930]524      'src_image' => $src_image,
[5195]525      'ALT' => $name,
526      'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
[17351]527      'WEBSITE_URL' => $comment['website_url'],
[5195]528      'DATE'=>format_date($comment['date'], true),
529      'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
530      );
[18164]531     
532    if (is_admin())
533    {
534      $tpl_comment['EMAIL'] = $email;
535    }
[1598]536
[3487]537    if (can_manage_comment('delete', $comment['author_id']))
[1598]538    {
[5195]539      $url =
540        get_root_url()
541        .'comments.php'
542        .get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
[5199]543
[5195]544      $tpl_comment['U_DELETE'] = add_url_params(
545        $url,
546        array(
547          'delete' => $comment['comment_id'],
548          'pwg_token' => get_pwg_token(),
549          )
550        );
[3445]551    }
[5199]552
[3450]553    if (can_manage_comment('edit', $comment['author_id']))
[3445]554    {
[5195]555      $url =
556        get_root_url()
557        .'comments.php'
558        .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
[5199]559
[5195]560      $tpl_comment['U_EDIT'] = add_url_params(
561        $url,
562        array(
[13865]563          'edit' => $comment['comment_id']
[5195]564          )
565        );
[5199]566
[3487]567      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
[1598]568      {
[12930]569        $tpl_comment['IN_EDIT'] = true;
570        $key = get_ephemeral_key(2, $comment['image_id']);
571        $tpl_comment['KEY'] = $key;
572        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
573        $tpl_comment['CONTENT'] = $comment['content'];
[13865]574        $tpl_comment['PWG_TOKEN'] = get_pwg_token();
[15924]575        $tpl_comment['U_CANCEL'] = $url_self;
[1598]576      }
577    }
[3445]578
[5195]579    if (can_manage_comment('validate', $comment['author_id']))
[3445]580    {
[5195]581      if ('true' != $comment['validated'])
582      {
583        $tpl_comment['U_VALIDATE'] = add_url_params(
584          $url,
585          array(
586            'validate'=> $comment['comment_id'],
587            'pwg_token' => get_pwg_token(),
588            )
589          );
590      }
[3445]591    }
[2223]592    $template->append('comments', $tpl_comment);
[166]593  }
[579]594}
[10812]595
[12930]596$derivative_params = trigger_event('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
597$template->assign( 'derivative_params', $derivative_params );
598
[10812]599// include menubar
600$themeconf = $template->get_template_vars('themeconf');
[10824]601if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
[10812]602{
603  include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
604}
605
[579]606// +-----------------------------------------------------------------------+
607// |                           html code display                           |
608// +-----------------------------------------------------------------------+
[2107]609include(PHPWG_ROOT_PATH.'include/page_header.php');
[18063]610trigger_action('loc_end_comments');
[20609]611flush_page_messages();
[2223]612$template->pparse('comments');
[1598]613include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]614?>
Note: See TracBrowser for help on using the repository browser.