Context Navigation

source: trunk/comments.php @ 27558

Last change on this file since 27558 was 27388, checked in by rvelices, 10 years ago
more query2array and remove unnecessary tests in often called url functions
Property svn:eol-style set to `LF`
File size: 16.5 KB

Rev	Line
[166]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[26461]	5	// \| Copyright(C) 2008-2014 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[166]	23
[579]	24	// +-----------------------------------------------------------------------+
	25	// \| initialization \|
	26	// +-----------------------------------------------------------------------+
[1598]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[3445]	29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
[345]	30
[12887]	31	if (!$conf['activate_comments'])
	32	{
	33	page_not_found(null);
	34	}
	35
[1072]	36	// +-----------------------------------------------------------------------+
	37	// \| Check Access and exit when user status is not ok \|
	38	// +-----------------------------------------------------------------------+
	39	check_status(ACCESS_GUEST);
	40
[26088]	41	$url_self = PHPWG_ROOT_PATH.'comments.php'
	42	.get_query_string_diff(array('delete','edit','validate','pwg_token'));
	43
[796]	44	$sort_order = array(
[2223]	45	'DESC' => l10n('descending'),
	46	'ASC' => l10n('ascending')
[796]	47	);
	48
	49	// sort_by : database fields proposed for sorting comments list
	50	$sort_by = array(
[2223]	51	'date' => l10n('comment date'),
[8711]	52	'image_id' => l10n('photo')
[796]	53	);
	54
	55	// items_number : list of number of items to display per page
	56	$items_number = array(5,10,20,50,'all');
	57
[19303]	58	// if the default value is not in the expected values, we add it in the $items_number array
	59	if (!in_array($conf['comments_page_nb_comments'], $items_number))
	60	{
	61	$items_number_new = array();
	62
	63	$is_inserted = false;
	64
	65	foreach ($items_number as $number)
	66	{
	67	if ($number > $conf['comments_page_nb_comments'] or ($number == 'all' and !$is_inserted))
	68	{
	69	$items_number_new[] = $conf['comments_page_nb_comments'];
	70	$is_inserted = true;
	71	}
[27388]	72
[19303]	73	$items_number_new[] = $number;
	74	}
	75
	76	$items_number = $items_number_new;
	77	}
	78
[796]	79	// since when display comments ?
	80	//
	81	$since_options = array(
	82	1 => array('label' => l10n('today'),
[4367]	83	'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
[25005]	84	2 => array('label' => l10n('last %d days', 7),
[4367]	85	'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
[25005]	86	3 => array('label' => l10n('last %d days', 30),
[4367]	87	'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
[796]	88	4 => array('label' => l10n('the beginning'),
	89	'clause' => '1=1') // stupid but generic
	90	);
[27388]	91
[18063]	92	trigger_action('loc_begin_comments');
[796]	93
[4139]	94	if (!empty($_GET['since']) && is_numeric($_GET['since']))
	95	{
	96	$page['since'] = $_GET['since'];
	97	}
	98	else
	99	{
	100	$page['since'] = 4;
	101	}
[796]	102
	103	// on which field sorting
	104	//
	105	$page['sort_by'] = 'date';
	106	// if the form was submitted, it overloads default behaviour
[2757]	107	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]	108	{
[796]	109	$page['sort_by'] = $_GET['sort_by'];
[393]	110	}
[796]	111
	112	// order to sort
	113	//
[2223]	114	$page['sort_order'] = 'DESC';
[796]	115	// if the form was submitted, it overloads default behaviour
[2757]	116	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]	117	{
[2223]	118	$page['sort_order'] = $_GET['sort_order'];
[393]	119	}
[796]	120
	121	// number of items to display
	122	//
[19303]	123	$page['items_number'] = $conf['comments_page_nb_comments'];
[796]	124	if (isset($_GET['items_number']))
	125	{
	126	$page['items_number'] = $_GET['items_number'];
	127	}
[3600]	128	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
[3520]	129	{
	130	$page['items_number'] = 10;
	131	}
[796]	132
[1716]	133	$page['where_clauses'] = array();
	134
[796]	135	// which category to filter on ?
	136	if (isset($_GET['cat']) and 0 != $_GET['cat'])
	137	{
[6910]	138	check_input_parameter('cat', $_GET, false, PATTERN_ID);
[7488]	139
	140	$category_ids = get_subcat_ids(array($_GET['cat']));
[9679]	141	if (empty($category_ids))
[7488]	142	{
	143	$category_ids = array(-1);
	144	}
[12930]	145
[1716]	146	$page['where_clauses'][] =
[7488]	147	'category_id IN ('.implode(',', $category_ids).')';
[796]	148	}
	149
	150	// search a particular author
[4139]	151	if (!empty($_GET['author']))
[796]	152	{
[3487]	153	$page['where_clauses'][] =
[22142]	154	'(u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\' OR author = \''.$_GET['author'].'\')';
[796]	155	}
	156
[5195]	157	// search a specific comment (if you're coming directly from an admin
	158	// notification email)
	159	if (!empty($_GET['comment_id']))
	160	{
	161	check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
	162
	163	// currently, the $_GET['comment_id'] is only used by admins from email
	164	// for management purpose (validate/delete)
	165	if (!is_admin())
	166	{
	167	$login_url =
	168	get_root_url().'identification.php?redirect='
	169	.urlencode(urlencode($_SERVER['REQUEST_URI']))
	170	;
	171	redirect($login_url);
	172	}
	173
	174	$page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
	175	}
	176
[796]	177	// search a substring among comments content
[4139]	178	if (!empty($_GET['keyword']))
[796]	179	{
[1716]	180	$page['where_clauses'][] =
[796]	181	'('.
	182	implode(' AND ',
	183	array_map(
	184	create_function(
	185	'$s',
	186	'return "content LIKE \'%$s%\'";'
	187	),
[2012]	188	preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]	189	)
	190	).
	191	')';
	192	}
	193
[1716]	194	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
	195
[1598]	196	// which status to filter on ?
[1716]	197	if ( !is_admin() )
[1598]	198	{
[4367]	199	$page['where_clauses'][] = 'validated=\'true\'';
[1598]	200	}
	201
[1716]	202	$page['where_clauses'][] = get_sql_condition_FandF
	203	(
	204	array
	205	(
	206	'forbidden_categories' => 'category_id',
	207	'visible_categories' => 'category_id',
	208	'visible_images' => 'ic.image_id'
	209	),
	210	'', true
	211	);
[1598]	212
[579]	213	// +-----------------------------------------------------------------------+
	214	// \| comments management \|
	215	// +-----------------------------------------------------------------------+
[1598]	216
[5195]	217	$comment_id = null;
	218	$action = null;
	219
	220	$actions = array('delete', 'validate', 'edit');
	221	foreach ($actions as $loop_action)
	222	{
	223	if (isset($_GET[$loop_action]))
	224	{
[5199]	225	$action = $loop_action;
[5195]	226	check_input_parameter($action, $_GET, false, PATTERN_ID);
	227	$comment_id = $_GET[$action];
	228	break;
	229	}
[579]	230	}
[1617]	231
[5195]	232	if (isset($action))
[3445]	233	{
[5195]	234	$comment_author_id = get_comment_author_id($comment_id);
[5199]	235
[5195]	236	if (can_manage_comment($action, $comment_author_id))
[3445]	237	{
[5195]	238	$perform_redirect = false;
[5199]	239
[5195]	240	if ('delete' == $action)
	241	{
[13865]	242	check_pwg_token();
[5195]	243	delete_user_comment($comment_id);
	244	$perform_redirect = true;
	245	}
[3445]	246
[5195]	247	if ('validate' == $action)
	248	{
[13865]	249	check_pwg_token();
[5195]	250	validate_user_comment($comment_id);
	251	$perform_redirect = true;
	252	}
[5199]	253
[5195]	254	if ('edit' == $action)
	255	{
	256	if (!empty($_POST['content']))
	257	{
[13865]	258	check_pwg_token();
[18995]	259	$comment_action = update_user_comment(
[5195]	260	array(
	261	'comment_id' => $_GET['edit'],
	262	'image_id' => $_POST['image_id'],
[18995]	263	'content' => $_POST['content'],
	264	'website_url' => @$_POST['website_url'],
[5195]	265	),
	266	$_POST['key']
	267	);
[27388]	268
[18995]	269	switch ($comment_action)
	270	{
	271	case 'moderate':
	272	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
	273	case 'validate':
	274	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
	275	$perform_redirect = true;
	276	break;
	277	case 'reject':
	278	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
	279	break;
	280	default:
	281	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
	282	}
[5195]	283	}
[27388]	284
[18995]	285	$edit_comment = $_GET['edit'];
[5195]	286	}
[5199]	287
[5195]	288	if ($perform_redirect)
	289	{
[26088]	290	redirect($url_self);
[5195]	291	}
[3445]	292	}
	293	}
	294
[579]	295	// +-----------------------------------------------------------------------+
	296	// \| page header and options \|
	297	// +-----------------------------------------------------------------------+
[355]	298
[2268]	299	$title= l10n('User comments');
[850]	300	$page['body_id'] = 'theCommentsPage';
	301
[579]	302	$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]	303	$template->assign(
[579]	304	array(
[796]	305	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[4182]	306	'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
	307	'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
[579]	308	)
	309	);
[355]	310
[796]	311	// +-----------------------------------------------------------------------+
	312	// \| form construction \|
	313	// +-----------------------------------------------------------------------+
	314
	315	// Search in a particular category
[2223]	316	$blockname = 'categories';
[796]	317
	318	$query = '
[1861]	319	SELECT id, name, uppercats, global_rank
[1677]	320	FROM '.CATEGORIES_TABLE.'
	321	'.get_sql_condition_FandF
	322	(
	323	array
	324	(
	325	'forbidden_categories' => 'id',
	326	'visible_categories' => 'id'
	327	),
	328	'WHERE'
	329	).'
[796]	330	;';
	331	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
	332
	333	// Filter on recent comments...
[2223]	334	$tpl_var=array();
[796]	335	foreach ($since_options as $id => $option)
	336	{
[2223]	337	$tpl_var[ $id ] = $option['label'];
[355]	338	}
[2223]	339	$template->assign( 'since_options', $tpl_var);
	340	$template->assign( 'since_options_selected', $page['since']);
[796]	341
	342	// Sort by
[2223]	343	$template->assign( 'sort_by_options', $sort_by);
	344	$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]	345
	346	// Sorting order
[2223]	347	$template->assign( 'sort_order_options', $sort_order);
	348	$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]	349
	350
	351	// Number of items
	352	$blockname = 'items_number_option';
[2223]	353	$tpl_var=array();
[796]	354	foreach ($items_number as $option)
	355	{
[2223]	356	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]	357	}
[2223]	358	$template->assign( 'item_number_options', $tpl_var);
	359	$template->assign( 'item_number_options_selected', $page['items_number']);
[796]	360
[2223]	361
[579]	362	// +-----------------------------------------------------------------------+
[796]	363	// \| navigation bar \|
	364	// +-----------------------------------------------------------------------+
	365
	366	if (isset($_GET['start']) and is_numeric($_GET['start']))
	367	{
	368	$start = $_GET['start'];
	369	}
	370	else
	371	{
	372	$start = 0;
	373	}
	374
	375	// +-----------------------------------------------------------------------+
[579]	376	// \| last comments display \|
	377	// +-----------------------------------------------------------------------+
[355]	378
[796]	379	$comments = array();
	380	$element_ids = array();
	381	$category_ids = array();
	382
[579]	383	$query = '
[26759]	384	SELECT SQL_CALC_FOUND_ROWS com.id AS comment_id,
[6596]	385	com.image_id,
[26761]	386	ic.category_id,
[6596]	387	com.author,
	388	com.author_id,
[18164]	389	u.'.$conf['user_fields']['email'].' AS user_email,
	390	com.email,
[6596]	391	com.date,
[17351]	392	com.website_url,
[6596]	393	com.content,
	394	com.validated
[796]	395	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[6601]	396	INNER JOIN '.COMMENTS_TABLE.' AS com
[796]	397	ON ic.image_id = com.image_id
[4139]	398	LEFT JOIN '.USERS_TABLE.' As u
	399	ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]	400	WHERE '.implode('
	401	AND ', $page['where_clauses']).'
[26759]	402	GROUP BY comment_id
[796]	403	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
	404	if ('all' != $page['items_number'])
	405	{
	406	$query.= '
[4334]	407	LIMIT '.$page['items_number'].' OFFSET '.$start;
[796]	408	}
	409	$query.= '
[579]	410	;';
[587]	411	$result = pwg_query($query);
[4325]	412	while ($row = pwg_db_fetch_assoc($result))
[393]	413	{
[25018]	414	$comments[] = $row;
	415	$element_ids[] = $row['image_id'];
[26761]	416	$category_ids[] = $row['category_id'];
[393]	417	}
[26759]	418	list($counter) = pwg_db_fetch_row(pwg_query('SELECT FOUND_ROWS()'));
[796]	419
[26759]	420	$url = PHPWG_ROOT_PATH.'comments.php'
	421	.get_query_string_diff(array('start','edit','delete','validate','pwg_token'));
	422
	423	$navbar = create_navigation_bar($url,
	424	$counter,
	425	$start,
	426	$page['items_number'],
	427	'');
	428
	429	$template->assign('navbar', $navbar);
	430
	431
[796]	432	if (count($comments) > 0)
[579]	433	{
[796]	434	// retrieving element informations
[579]	435	$query = '
[12930]	436	SELECT *
[579]	437	FROM '.IMAGES_TABLE.'
[796]	438	WHERE id IN ('.implode(',', $element_ids).')
[579]	439	;';
[27388]	440	$elements = query2array($query, 'id');
[721]	441
[796]	442	// retrieving category informations
[27388]	443	$query = 'SELECT id, name, permalink, uppercats
[26761]	444	FROM '.CATEGORIES_TABLE.'
	445	WHERE id IN ('.implode(',', $category_ids).')';
[27388]	446	$categories = query2array($query, 'id');
[796]	447
	448	foreach ($comments as $comment)
[579]	449	{
[796]	450	if (!empty($elements[$comment['image_id']]['name']))
[166]	451	{
[1598]	452	$name=$elements[$comment['image_id']]['name'];
[166]	453	}
[796]	454	else
	455	{
[1598]	456	$name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]	457	}
[1090]	458
[796]	459	// source of the thumbnail picture
[12930]	460	$src_image = new SrcImage($elements[$comment['image_id']]);
[1090]	461
[796]	462	// link to the full size picture
[1090]	463	$url = make_picture_url(
[796]	464	array(
[26761]	465	'category' => $categories[ $comment['category_id'] ],
[5195]	466	'image_id' => $comment['image_id'],
	467	'image_file' => $elements[$comment['image_id']]['file'],
	468	)
	469	);
[27388]	470
[18164]	471	$email = null;
	472	if (!empty($comment['user_email']))
	473	{
	474	$email = $comment['user_email'];
	475	}
	476	else if (!empty($comment['email']))
	477	{
	478	$email = $comment['email'];
	479	}
[5199]	480
[5195]	481	$tpl_comment = array(
[11261]	482	'ID' => $comment['comment_id'],
[5195]	483	'U_PICTURE' => $url,
[12930]	484	'src_image' => $src_image,
[5195]	485	'ALT' => $name,
	486	'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
[17351]	487	'WEBSITE_URL' => $comment['website_url'],
[5195]	488	'DATE'=>format_date($comment['date'], true),
	489	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
	490	);
[27388]	491
[18164]	492	if (is_admin())
	493	{
	494	$tpl_comment['EMAIL'] = $email;
	495	}
[1598]	496
[3487]	497	if (can_manage_comment('delete', $comment['author_id']))
[1598]	498	{
[5195]	499	$tpl_comment['U_DELETE'] = add_url_params(
[26088]	500	$url_self,
[5195]	501	array(
	502	'delete' => $comment['comment_id'],
	503	'pwg_token' => get_pwg_token(),
	504	)
	505	);
[3445]	506	}
[5199]	507
[3450]	508	if (can_manage_comment('edit', $comment['author_id']))
[3445]	509	{
[5195]	510	$tpl_comment['U_EDIT'] = add_url_params(
[26088]	511	$url_self,
[5195]	512	array(
[13865]	513	'edit' => $comment['comment_id']
[5195]	514	)
	515	);
[5199]	516
[3487]	517	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
[1598]	518	{
[12930]	519	$tpl_comment['IN_EDIT'] = true;
	520	$key = get_ephemeral_key(2, $comment['image_id']);
	521	$tpl_comment['KEY'] = $key;
	522	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
	523	$tpl_comment['CONTENT'] = $comment['content'];
[13865]	524	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
[15924]	525	$tpl_comment['U_CANCEL'] = $url_self;
[1598]	526	}
	527	}
[3445]	528
[5195]	529	if (can_manage_comment('validate', $comment['author_id']))
[3445]	530	{
[5195]	531	if ('true' != $comment['validated'])
	532	{
	533	$tpl_comment['U_VALIDATE'] = add_url_params(
[26088]	534	$url_self,
[5195]	535	array(
	536	'validate'=> $comment['comment_id'],
	537	'pwg_token' => get_pwg_token(),
	538	)
	539	);
	540	}
[3445]	541	}
[2223]	542	$template->append('comments', $tpl_comment);
[166]	543	}
[579]	544	}
[10812]	545
[12930]	546	$derivative_params = trigger_event('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
	547	$template->assign( 'derivative_params', $derivative_params );
	548
[10812]	549	// include menubar
	550	$themeconf = $template->get_template_vars('themeconf');
[10824]	551	if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
[10812]	552	{
	553	include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
	554	}
	555
[579]	556	// +-----------------------------------------------------------------------+
	557	// \| html code display \|
	558	// +-----------------------------------------------------------------------+
[2107]	559	include(PHPWG_ROOT_PATH.'include/page_header.php');
[18063]	560	trigger_action('loc_end_comments');
[20609]	561	flush_page_messages();
[2223]	562	$template->pparse('comments');
[1598]	563	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]	564	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: