source: trunk/comments.php @ 30499

Last change on this file since 30499 was 29008, checked in by mistic100, 10 years ago

feature:2807 better fix for svn:28995

  • Property svn:eol-style set to LF
File size: 16.5 KB
RevLine 
[166]1<?php
[354]2// +-----------------------------------------------------------------------+
[8728]3// | Piwigo - a PHP based photo gallery                                    |
[2297]4// +-----------------------------------------------------------------------+
[26461]5// | Copyright(C) 2008-2014 Piwigo Team                  http://piwigo.org |
[2297]6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
[166]23
[579]24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
[1598]27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[3445]29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
[345]30
[12887]31if (!$conf['activate_comments'])
32{
33  page_not_found(null);
34}
35
[1072]36// +-----------------------------------------------------------------------+
37// | Check Access and exit when user status is not ok                      |
38// +-----------------------------------------------------------------------+
39check_status(ACCESS_GUEST);
40
[26088]41$url_self = PHPWG_ROOT_PATH.'comments.php'
42  .get_query_string_diff(array('delete','edit','validate','pwg_token'));
43
[796]44$sort_order = array(
[2223]45  'DESC' => l10n('descending'),
46  'ASC'  => l10n('ascending')
[796]47  );
48
49// sort_by : database fields proposed for sorting comments list
50$sort_by = array(
[2223]51  'date' => l10n('comment date'),
[8711]52  'image_id' => l10n('photo')
[796]53  );
54
55// items_number : list of number of items to display per page
56$items_number = array(5,10,20,50,'all');
57
[19303]58// if the default value is not in the expected values, we add it in the $items_number array
59if (!in_array($conf['comments_page_nb_comments'], $items_number))
60{
61  $items_number_new = array();
62
63  $is_inserted = false;
64
65  foreach ($items_number as $number)
66  {
67    if ($number > $conf['comments_page_nb_comments'] or ($number == 'all' and !$is_inserted))
68    {
69      $items_number_new[] = $conf['comments_page_nb_comments'];
70      $is_inserted = true;
71    }
[27388]72
[19303]73    $items_number_new[] = $number;
74  }
75
76  $items_number = $items_number_new;
77}
78
[796]79// since when display comments ?
80//
81$since_options = array(
82  1 => array('label' => l10n('today'),
[4367]83             'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
[25005]84  2 => array('label' => l10n('last %d days', 7),
[4367]85             'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
[25005]86  3 => array('label' => l10n('last %d days', 30),
[4367]87             'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
[796]88  4 => array('label' => l10n('the beginning'),
89             'clause' => '1=1') // stupid but generic
90  );
[27388]91
[28587]92trigger_notify('loc_begin_comments');
[796]93
[4139]94if (!empty($_GET['since']) && is_numeric($_GET['since']))
95{
96  $page['since'] = $_GET['since'];
97}
98else
99{
100  $page['since'] = 4;
101}
[796]102
103// on which field sorting
104//
105$page['sort_by'] = 'date';
106// if the form was submitted, it overloads default behaviour
[2757]107if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]108{
[796]109  $page['sort_by'] = $_GET['sort_by'];
[393]110}
[796]111
112// order to sort
113//
[2223]114$page['sort_order'] = 'DESC';
[796]115// if the form was submitted, it overloads default behaviour
[2757]116if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]117{
[2223]118  $page['sort_order'] = $_GET['sort_order'];
[393]119}
[796]120
121// number of items to display
122//
[19303]123$page['items_number'] = $conf['comments_page_nb_comments'];
[796]124if (isset($_GET['items_number']))
125{
126  $page['items_number'] = $_GET['items_number'];
127}
[3600]128if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
[3520]129{
130  $page['items_number'] = 10;
131}
[796]132
[1716]133$page['where_clauses'] = array();
134
[796]135// which category to filter on ?
136if (isset($_GET['cat']) and 0 != $_GET['cat'])
137{
[6910]138  check_input_parameter('cat', $_GET, false, PATTERN_ID);
[7488]139
140  $category_ids = get_subcat_ids(array($_GET['cat']));
[9679]141  if (empty($category_ids))
[7488]142  {
143    $category_ids = array(-1);
144  }
[12930]145
[1716]146  $page['where_clauses'][] =
[7488]147    'category_id IN ('.implode(',', $category_ids).')';
[796]148}
149
150// search a particular author
[4139]151if (!empty($_GET['author']))
[796]152{
[3487]153  $page['where_clauses'][] =
[22142]154    '(u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\' OR author = \''.$_GET['author'].'\')';
[796]155}
156
[5195]157// search a specific comment (if you're coming directly from an admin
158// notification email)
159if (!empty($_GET['comment_id']))
160{
161  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
162
163  // currently, the $_GET['comment_id'] is only used by admins from email
164  // for management purpose (validate/delete)
165  if (!is_admin())
166  {
167    $login_url =
168      get_root_url().'identification.php?redirect='
169      .urlencode(urlencode($_SERVER['REQUEST_URI']))
170      ;
171    redirect($login_url);
172  }
173
174  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
175}
176
[796]177// search a substring among comments content
[4139]178if (!empty($_GET['keyword']))
[796]179{
[1716]180  $page['where_clauses'][] =
[796]181    '('.
182    implode(' AND ',
183            array_map(
184              create_function(
185                '$s',
186                'return "content LIKE \'%$s%\'";'
187                ),
[2012]188              preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]189              )
190      ).
191    ')';
192}
193
[1716]194$page['where_clauses'][] = $since_options[$page['since']]['clause'];
195
[1598]196// which status to filter on ?
[1716]197if ( !is_admin() )
[1598]198{
[4367]199  $page['where_clauses'][] = 'validated=\'true\'';
[1598]200}
201
[1716]202$page['where_clauses'][] = get_sql_condition_FandF
203  (
204    array
205      (
206        'forbidden_categories' => 'category_id',
207        'visible_categories' => 'category_id',
208        'visible_images' => 'ic.image_id'
209      ),
210    '', true
211  );
[1598]212
[579]213// +-----------------------------------------------------------------------+
214// |                         comments management                           |
215// +-----------------------------------------------------------------------+
[1598]216
[5195]217$comment_id = null;
218$action = null;
219
220$actions = array('delete', 'validate', 'edit');
221foreach ($actions as $loop_action)
222{
223  if (isset($_GET[$loop_action]))
224  {
[5199]225    $action = $loop_action;
[5195]226    check_input_parameter($action, $_GET, false, PATTERN_ID);
227    $comment_id = $_GET[$action];
228    break;
229  }
[579]230}
[1617]231
[5195]232if (isset($action))
[3445]233{
[5195]234  $comment_author_id = get_comment_author_id($comment_id);
[5199]235
[5195]236  if (can_manage_comment($action, $comment_author_id))
[3445]237  {
[5195]238    $perform_redirect = false;
[5199]239
[5195]240    if ('delete' == $action)
241    {
[13865]242      check_pwg_token();
[5195]243      delete_user_comment($comment_id);
244      $perform_redirect = true;
245    }
[3445]246
[5195]247    if ('validate' == $action)
248    {
[13865]249      check_pwg_token();
[5195]250      validate_user_comment($comment_id);
251      $perform_redirect = true;
252    }
[5199]253
[5195]254    if ('edit' == $action)
255    {
256      if (!empty($_POST['content']))
257      {
[13865]258        check_pwg_token();
[18995]259        $comment_action = update_user_comment(
[5195]260          array(
261            'comment_id' => $_GET['edit'],
262            'image_id' => $_POST['image_id'],
[18995]263            'content' => $_POST['content'],
264            'website_url' => @$_POST['website_url'],
[5195]265            ),
266          $_POST['key']
267          );
[27388]268
[18995]269        switch ($comment_action)
270        {
271          case 'moderate':
272            $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
273          case 'validate':
274            $_SESSION['page_infos'][] = l10n('Your comment has been registered');
275            $perform_redirect = true;
276            break;
277          case 'reject':
278            $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
279            break;
280          default:
281            trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
282        }
[5195]283      }
[27388]284
[18995]285      $edit_comment = $_GET['edit'];
[5195]286    }
[5199]287
[5195]288    if ($perform_redirect)
289    {
[26088]290      redirect($url_self);
[5195]291    }
[3445]292  }
293}
294
[579]295// +-----------------------------------------------------------------------+
296// |                       page header and options                         |
297// +-----------------------------------------------------------------------+
[355]298
[2268]299$title= l10n('User comments');
[850]300$page['body_id'] = 'theCommentsPage';
301
[579]302$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]303$template->assign(
[579]304  array(
[796]305    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[28164]306    'F_KEYWORD'=> htmlspecialchars(stripslashes(@$_GET['keyword'])),
307    'F_AUTHOR'=> htmlspecialchars(stripslashes(@$_GET['author'])),
[579]308    )
309  );
[355]310
[796]311// +-----------------------------------------------------------------------+
312// |                          form construction                            |
313// +-----------------------------------------------------------------------+
314
315// Search in a particular category
[2223]316$blockname = 'categories';
[796]317
318$query = '
[1861]319SELECT id, name, uppercats, global_rank
[1677]320  FROM '.CATEGORIES_TABLE.'
321'.get_sql_condition_FandF
322  (
323    array
324      (
325        'forbidden_categories' => 'id',
326        'visible_categories' => 'id'
327      ),
328    'WHERE'
329  ).'
[796]330;';
331display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
332
333// Filter on recent comments...
[2223]334$tpl_var=array();
[796]335foreach ($since_options as $id => $option)
336{
[2223]337  $tpl_var[ $id ] = $option['label'];
[355]338}
[2223]339$template->assign( 'since_options', $tpl_var);
340$template->assign( 'since_options_selected', $page['since']);
[796]341
342// Sort by
[2223]343$template->assign( 'sort_by_options', $sort_by);
344$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]345
346// Sorting order
[2223]347$template->assign( 'sort_order_options', $sort_order);
348$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]349
350
351// Number of items
352$blockname = 'items_number_option';
[2223]353$tpl_var=array();
[796]354foreach ($items_number as $option)
355{
[2223]356  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]357}
[2223]358$template->assign( 'item_number_options', $tpl_var);
359$template->assign( 'item_number_options_selected', $page['items_number']);
[796]360
[2223]361
[579]362// +-----------------------------------------------------------------------+
[796]363// |                            navigation bar                             |
364// +-----------------------------------------------------------------------+
365
366if (isset($_GET['start']) and is_numeric($_GET['start']))
367{
368  $start = $_GET['start'];
369}
370else
371{
372  $start = 0;
373}
374
375// +-----------------------------------------------------------------------+
[579]376// |                        last comments display                          |
377// +-----------------------------------------------------------------------+
[355]378
[796]379$comments = array();
380$element_ids = array();
381$category_ids = array();
382
[579]383$query = '
[26759]384SELECT SQL_CALC_FOUND_ROWS com.id AS comment_id,
[6596]385       com.image_id,
[26761]386       ic.category_id,
[6596]387       com.author,
388       com.author_id,
[18164]389       u.'.$conf['user_fields']['email'].' AS user_email,
390       com.email,
[6596]391       com.date,
[17351]392       com.website_url,
[6596]393       com.content,
394       com.validated
[796]395  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[6601]396    INNER JOIN '.COMMENTS_TABLE.' AS com
[796]397    ON ic.image_id = com.image_id
[4139]398    LEFT JOIN '.USERS_TABLE.' As u
399    ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]400  WHERE '.implode('
401    AND ', $page['where_clauses']).'
[26759]402  GROUP BY comment_id
[796]403  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
404if ('all' != $page['items_number'])
405{
406  $query.= '
[4334]407  LIMIT '.$page['items_number'].' OFFSET '.$start;
[796]408}
409$query.= '
[579]410;';
[587]411$result = pwg_query($query);
[4325]412while ($row = pwg_db_fetch_assoc($result))
[393]413{
[25018]414  $comments[] = $row;
415  $element_ids[] = $row['image_id'];
[26761]416  $category_ids[] = $row['category_id'];
[393]417}
[26759]418list($counter) = pwg_db_fetch_row(pwg_query('SELECT FOUND_ROWS()'));
[796]419
[26759]420$url = PHPWG_ROOT_PATH.'comments.php'
421  .get_query_string_diff(array('start','edit','delete','validate','pwg_token'));
422
423$navbar = create_navigation_bar($url,
424                                $counter,
425                                $start,
426                                $page['items_number'],
427                                '');
428
429$template->assign('navbar', $navbar);
430
431
[796]432if (count($comments) > 0)
[579]433{
[796]434  // retrieving element informations
[579]435  $query = '
[12930]436SELECT *
[579]437  FROM '.IMAGES_TABLE.'
[796]438  WHERE id IN ('.implode(',', $element_ids).')
[579]439;';
[27388]440  $elements = query2array($query, 'id');
[721]441
[796]442  // retrieving category informations
[27388]443  $query = 'SELECT id, name, permalink, uppercats
[26761]444  FROM '.CATEGORIES_TABLE.'
445  WHERE id IN ('.implode(',', $category_ids).')';
[27388]446  $categories = query2array($query, 'id');
[796]447
448  foreach ($comments as $comment)
[579]449  {
[796]450    if (!empty($elements[$comment['image_id']]['name']))
[166]451    {
[1598]452      $name=$elements[$comment['image_id']]['name'];
[166]453    }
[796]454    else
455    {
[1598]456      $name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]457    }
[1090]458
[796]459    // source of the thumbnail picture
[12930]460    $src_image = new SrcImage($elements[$comment['image_id']]);
[1090]461
[796]462    // link to the full size picture
[1090]463    $url = make_picture_url(
[796]464      array(
[26761]465        'category' => $categories[ $comment['category_id'] ],
[5195]466        'image_id' => $comment['image_id'],
467        'image_file' => $elements[$comment['image_id']]['file'],
468        )
469      );
[27388]470
[18164]471    $email = null;
472    if (!empty($comment['user_email']))
473    {
474      $email = $comment['user_email'];
475    }
476    else if (!empty($comment['email']))
477    {
478      $email = $comment['email'];
479    }
[5199]480
[5195]481    $tpl_comment = array(
[11261]482      'ID' => $comment['comment_id'],
[5195]483      'U_PICTURE' => $url,
[12930]484      'src_image' => $src_image,
[5195]485      'ALT' => $name,
[28587]486      'AUTHOR' => trigger_change('render_comment_author', $comment['author']),
[17351]487      'WEBSITE_URL' => $comment['website_url'],
[29008]488      'DATE'=>format_date($comment['date'], array('day_name','day','month','year','time')),
[28587]489      'CONTENT'=>trigger_change('render_comment_content',$comment['content']),
[5195]490      );
[27388]491
[18164]492    if (is_admin())
493    {
494      $tpl_comment['EMAIL'] = $email;
495    }
[1598]496
[3487]497    if (can_manage_comment('delete', $comment['author_id']))
[1598]498    {
[5195]499      $tpl_comment['U_DELETE'] = add_url_params(
[26088]500        $url_self,
[5195]501        array(
502          'delete' => $comment['comment_id'],
503          'pwg_token' => get_pwg_token(),
504          )
505        );
[3445]506    }
[5199]507
[3450]508    if (can_manage_comment('edit', $comment['author_id']))
[3445]509    {
[5195]510      $tpl_comment['U_EDIT'] = add_url_params(
[26088]511        $url_self,
[5195]512        array(
[13865]513          'edit' => $comment['comment_id']
[5195]514          )
515        );
[5199]516
[3487]517      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
[1598]518      {
[12930]519        $tpl_comment['IN_EDIT'] = true;
520        $key = get_ephemeral_key(2, $comment['image_id']);
521        $tpl_comment['KEY'] = $key;
522        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
523        $tpl_comment['CONTENT'] = $comment['content'];
[13865]524        $tpl_comment['PWG_TOKEN'] = get_pwg_token();
[15924]525        $tpl_comment['U_CANCEL'] = $url_self;
[1598]526      }
527    }
[3445]528
[5195]529    if (can_manage_comment('validate', $comment['author_id']))
[3445]530    {
[5195]531      if ('true' != $comment['validated'])
532      {
533        $tpl_comment['U_VALIDATE'] = add_url_params(
[26088]534          $url_self,
[5195]535          array(
536            'validate'=> $comment['comment_id'],
537            'pwg_token' => get_pwg_token(),
538            )
539          );
540      }
[3445]541    }
[2223]542    $template->append('comments', $tpl_comment);
[166]543  }
[579]544}
[10812]545
[28587]546$derivative_params = trigger_change('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
[12930]547$template->assign( 'derivative_params', $derivative_params );
548
[10812]549// include menubar
550$themeconf = $template->get_template_vars('themeconf');
[10824]551if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
[10812]552{
553  include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
554}
555
[579]556// +-----------------------------------------------------------------------+
557// |                           html code display                           |
558// +-----------------------------------------------------------------------+
[2107]559include(PHPWG_ROOT_PATH.'include/page_header.php');
[28587]560trigger_notify('loc_end_comments');
[20609]561flush_page_messages();
[2223]562$template->pparse('comments');
[1598]563include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]564?>
Note: See TracBrowser for help on using the repository browser.