Context Navigation

source: trunk/comments.php @ 6883

Last change on this file since 6883 was 6601, checked in by nikrou, 14 years ago
Bug 1735 fixed : amend commit 6596 Need to add permissions filter to retrieve categories
Property svn:eol-style set to `LF`
File size: 15.0 KB

Rev	Line
[166]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[5196]	5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[166]	23
[579]	24	// +-----------------------------------------------------------------------+
	25	// \| initialization \|
	26	// +-----------------------------------------------------------------------+
[1598]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[3445]	29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
[345]	30
[1072]	31	// +-----------------------------------------------------------------------+
	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_GUEST);
	35
[796]	36	$sort_order = array(
[2223]	37	'DESC' => l10n('descending'),
	38	'ASC' => l10n('ascending')
[796]	39	);
	40
	41	// sort_by : database fields proposed for sorting comments list
	42	$sort_by = array(
[2223]	43	'date' => l10n('comment date'),
	44	'image_id' => l10n('picture')
[796]	45	);
	46
	47	// items_number : list of number of items to display per page
	48	$items_number = array(5,10,20,50,'all');
	49
	50	// since when display comments ?
	51	//
	52	$since_options = array(
	53	1 => array('label' => l10n('today'),
[4367]	54	'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
[796]	55	2 => array('label' => sprintf(l10n('last %d days'), 7),
[4367]	56	'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
[796]	57	3 => array('label' => sprintf(l10n('last %d days'), 30),
[4367]	58	'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
[796]	59	4 => array('label' => l10n('the beginning'),
	60	'clause' => '1=1') // stupid but generic
	61	);
	62
[4139]	63	if (!empty($_GET['since']) && is_numeric($_GET['since']))
	64	{
	65	$page['since'] = $_GET['since'];
	66	}
	67	else
	68	{
	69	$page['since'] = 4;
	70	}
[796]	71
	72	// on which field sorting
	73	//
	74	$page['sort_by'] = 'date';
	75	// if the form was submitted, it overloads default behaviour
[2757]	76	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
[393]	77	{
[796]	78	$page['sort_by'] = $_GET['sort_by'];
[393]	79	}
[796]	80
	81	// order to sort
	82	//
[2223]	83	$page['sort_order'] = 'DESC';
[796]	84	// if the form was submitted, it overloads default behaviour
[2757]	85	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
[393]	86	{
[2223]	87	$page['sort_order'] = $_GET['sort_order'];
[393]	88	}
[796]	89
	90	// number of items to display
	91	//
[1814]	92	$page['items_number'] = 10;
[796]	93	if (isset($_GET['items_number']))
	94	{
	95	$page['items_number'] = $_GET['items_number'];
	96	}
[3600]	97	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
[3520]	98	{
	99	$page['items_number'] = 10;
	100	}
[796]	101
[1716]	102	$page['where_clauses'] = array();
	103
[796]	104	// which category to filter on ?
	105	if (isset($_GET['cat']) and 0 != $_GET['cat'])
	106	{
[1716]	107	$page['where_clauses'][] =
[796]	108	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
	109	}
	110
	111	// search a particular author
[4139]	112	if (!empty($_GET['author']))
[796]	113	{
[3487]	114	$page['where_clauses'][] =
	115	'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
	116	OR author = \''.$_GET['author'].'\'';
[796]	117	}
	118
[5195]	119	// search a specific comment (if you're coming directly from an admin
	120	// notification email)
	121	if (!empty($_GET['comment_id']))
	122	{
	123	check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
	124
	125	// currently, the $_GET['comment_id'] is only used by admins from email
	126	// for management purpose (validate/delete)
	127	if (!is_admin())
	128	{
	129	$login_url =
	130	get_root_url().'identification.php?redirect='
	131	.urlencode(urlencode($_SERVER['REQUEST_URI']))
	132	;
	133	redirect($login_url);
	134	}
	135
	136	$page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
	137	}
	138
[796]	139	// search a substring among comments content
[4139]	140	if (!empty($_GET['keyword']))
[796]	141	{
[1716]	142	$page['where_clauses'][] =
[796]	143	'('.
	144	implode(' AND ',
	145	array_map(
	146	create_function(
	147	'$s',
	148	'return "content LIKE \'%$s%\'";'
	149	),
[2012]	150	preg_split('/[\s,;]+/', $_GET['keyword'] )
[796]	151	)
	152	).
	153	')';
	154	}
	155
[1716]	156	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
	157
[1598]	158	// which status to filter on ?
[1716]	159	if ( !is_admin() )
[1598]	160	{
[4367]	161	$page['where_clauses'][] = 'validated=\'true\'';
[1598]	162	}
	163
[1716]	164	$page['where_clauses'][] = get_sql_condition_FandF
	165	(
	166	array
	167	(
	168	'forbidden_categories' => 'category_id',
	169	'visible_categories' => 'category_id',
	170	'visible_images' => 'ic.image_id'
	171	),
	172	'', true
	173	);
[1598]	174
[579]	175	// +-----------------------------------------------------------------------+
	176	// \| comments management \|
	177	// +-----------------------------------------------------------------------+
[1598]	178
[5195]	179	$comment_id = null;
	180	$action = null;
	181
	182	$actions = array('delete', 'validate', 'edit');
	183	foreach ($actions as $loop_action)
	184	{
	185	if (isset($_GET[$loop_action]))
	186	{
[5199]	187	$action = $loop_action;
[5195]	188	check_input_parameter($action, $_GET, false, PATTERN_ID);
	189	$comment_id = $_GET[$action];
	190	break;
	191	}
[579]	192	}
[1617]	193
[5195]	194	if (isset($action))
[3445]	195	{
[5195]	196	check_pwg_token();
	197
	198	$comment_author_id = get_comment_author_id($comment_id);
[5199]	199
[5195]	200	if (can_manage_comment($action, $comment_author_id))
[3445]	201	{
[5195]	202	$perform_redirect = false;
[5199]	203
[5195]	204	if ('delete' == $action)
	205	{
	206	delete_user_comment($comment_id);
	207	$perform_redirect = true;
	208	}
[3445]	209
[5195]	210	if ('validate' == $action)
	211	{
	212	validate_user_comment($comment_id);
	213	$perform_redirect = true;
	214	}
[5199]	215
[5195]	216	if ('edit' == $action)
	217	{
	218	if (!empty($_POST['content']))
	219	{
	220	update_user_comment(
	221	array(
	222	'comment_id' => $_GET['edit'],
	223	'image_id' => $_POST['image_id'],
	224	'content' => $_POST['content']
	225	),
	226	$_POST['key']
	227	);
[5199]	228
[5195]	229	$edit_comment = null;
	230	}
	231	else
	232	{
	233	$edit_comment = $_GET['edit'];
	234	}
	235	}
[5199]	236
[5195]	237	if ($perform_redirect)
	238	{
	239	$redirect_url =
	240	PHPWG_ROOT_PATH
	241	.'comments.php'
	242	.get_query_string_diff(array('delete','validate','pwg_token'));
[5199]	243
[5195]	244	redirect($redirect_url);
	245	}
[3445]	246	}
	247	}
	248
[579]	249	// +-----------------------------------------------------------------------+
	250	// \| page header and options \|
	251	// +-----------------------------------------------------------------------+
[355]	252
[2268]	253	$title= l10n('User comments');
[850]	254	$page['body_id'] = 'theCommentsPage';
	255
[579]	256	$template->set_filenames(array('comments'=>'comments.tpl'));
[2223]	257	$template->assign(
[579]	258	array(
[796]	259	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
[4182]	260	'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
	261	'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
[579]	262	)
	263	);
[355]	264
[796]	265	// +-----------------------------------------------------------------------+
	266	// \| form construction \|
	267	// +-----------------------------------------------------------------------+
	268
	269	// Search in a particular category
[2223]	270	$blockname = 'categories';
[796]	271
	272	$query = '
[1861]	273	SELECT id, name, uppercats, global_rank
[1677]	274	FROM '.CATEGORIES_TABLE.'
	275	'.get_sql_condition_FandF
	276	(
	277	array
	278	(
	279	'forbidden_categories' => 'id',
	280	'visible_categories' => 'id'
	281	),
	282	'WHERE'
	283	).'
[796]	284	;';
	285	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
	286
	287	// Filter on recent comments...
[2223]	288	$tpl_var=array();
[796]	289	foreach ($since_options as $id => $option)
	290	{
[2223]	291	$tpl_var[ $id ] = $option['label'];
[355]	292	}
[2223]	293	$template->assign( 'since_options', $tpl_var);
	294	$template->assign( 'since_options_selected', $page['since']);
[796]	295
	296	// Sort by
[2223]	297	$template->assign( 'sort_by_options', $sort_by);
	298	$template->assign( 'sort_by_options_selected', $page['sort_by']);
[796]	299
	300	// Sorting order
[2223]	301	$template->assign( 'sort_order_options', $sort_order);
	302	$template->assign( 'sort_order_options_selected', $page['sort_order']);
[796]	303
	304
	305	// Number of items
	306	$blockname = 'items_number_option';
[2223]	307	$tpl_var=array();
[796]	308	foreach ($items_number as $option)
	309	{
[2223]	310	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
[796]	311	}
[2223]	312	$template->assign( 'item_number_options', $tpl_var);
	313	$template->assign( 'item_number_options_selected', $page['items_number']);
[796]	314
[2223]	315
[579]	316	// +-----------------------------------------------------------------------+
[796]	317	// \| navigation bar \|
	318	// +-----------------------------------------------------------------------+
	319
	320	if (isset($_GET['start']) and is_numeric($_GET['start']))
	321	{
	322	$start = $_GET['start'];
	323	}
	324	else
	325	{
	326	$start = 0;
	327	}
	328
	329	$query = '
[3450]	330	SELECT COUNT(DISTINCT(com.id))
[796]	331	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[5199]	332	INNER JOIN '.COMMENTS_TABLE.' AS com
[796]	333	ON ic.image_id = com.image_id
[4139]	334	LEFT JOIN '.USERS_TABLE.' As u
	335	ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]	336	WHERE '.implode('
	337	AND ', $page['where_clauses']).'
[796]	338	;';
[4325]	339	list($counter) = pwg_db_fetch_row(pwg_query($query));
[796]	340
[1598]	341	$url = PHPWG_ROOT_PATH
	342	.'comments.php'
[5195]	343	.get_query_string_diff(array('start','delete','validate','pwg_token'));
[796]	344
	345	$navbar = create_navigation_bar($url,
	346	$counter,
	347	$start,
	348	$page['items_number'],
	349	'');
	350
[3172]	351	$template->assign('navbar', $navbar);
[796]	352
	353	// +-----------------------------------------------------------------------+
[579]	354	// \| last comments display \|
	355	// +-----------------------------------------------------------------------+
[355]	356
[796]	357	$comments = array();
	358	$element_ids = array();
	359	$category_ids = array();
	360
[579]	361	$query = '
[6596]	362	SELECT com.id AS comment_id,
	363	com.image_id,
	364	com.author,
	365	com.author_id,
	366	com.date,
	367	com.content,
	368	com.validated
[796]	369	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
[6601]	370	INNER JOIN '.COMMENTS_TABLE.' AS com
[796]	371	ON ic.image_id = com.image_id
[4139]	372	LEFT JOIN '.USERS_TABLE.' As u
	373	ON u.'.$conf['user_fields']['id'].' = com.author_id
[1716]	374	WHERE '.implode('
	375	AND ', $page['where_clauses']).'
[6596]	376	GROUP BY comment_id,
	377	com.image_id,
	378	com.author,
	379	com.author_id,
	380	com.date,
	381	com.content,
	382	com.validated
[796]	383	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
	384	if ('all' != $page['items_number'])
	385	{
	386	$query.= '
[4334]	387	LIMIT '.$page['items_number'].' OFFSET '.$start;
[796]	388	}
	389	$query.= '
[579]	390	;';
[587]	391	$result = pwg_query($query);
[4325]	392	while ($row = pwg_db_fetch_assoc($result))
[393]	393	{
[796]	394	array_push($comments, $row);
	395	array_push($element_ids, $row['image_id']);
[393]	396	}
[796]	397
	398	if (count($comments) > 0)
[579]	399	{
[796]	400	// retrieving element informations
	401	$elements = array();
[579]	402	$query = '
[796]	403	SELECT id, name, file, path, tn_ext
[579]	404	FROM '.IMAGES_TABLE.'
[796]	405	WHERE id IN ('.implode(',', $element_ids).')
[579]	406	;';
[796]	407	$result = pwg_query($query);
[4325]	408	while ($row = pwg_db_fetch_assoc($result))
[579]	409	{
[796]	410	$elements[$row['id']] = $row;
[579]	411	}
[721]	412
[796]	413	// retrieving category informations
[579]	414	$query = '
[6596]	415	SELECT c.id, name, permalink, uppercats, com.id as comment_id
	416	FROM '.CATEGORIES_TABLE.' AS c
	417	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
	418	ON c.id=ic.category_id
	419	LEFT JOIN '.COMMENTS_TABLE.' AS com
	420	ON ic.image_id=com.image_id
[6601]	421	'.get_sql_condition_FandF
	422	(
	423	array
	424	(
	425	'forbidden_categories' => 'c.id',
	426	'visible_categories' => 'c.id'
	427	),
	428	'WHERE'
	429	).'
[796]	430	;';
[6596]	431	$categories = hash_from_query($query, 'comment_id');
[796]	432
	433	foreach ($comments as $comment)
[579]	434	{
[796]	435	if (!empty($elements[$comment['image_id']]['name']))
[166]	436	{
[1598]	437	$name=$elements[$comment['image_id']]['name'];
[166]	438	}
[796]	439	else
	440	{
[1598]	441	$name=get_name_from_file($elements[$comment['image_id']]['file']);
[796]	442	}
[1090]	443
[796]	444	// source of the thumbnail picture
[1598]	445	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
[1090]	446
[796]	447	// link to the full size picture
[1090]	448	$url = make_picture_url(
[796]	449	array(
[6596]	450	'category' => $categories[ $comment['comment_id'] ],
[5195]	451	'image_id' => $comment['image_id'],
	452	'image_file' => $elements[$comment['image_id']]['file'],
	453	)
	454	);
[5199]	455
[5195]	456	$tpl_comment = array(
	457	'U_PICTURE' => $url,
	458	'TN_SRC' => $thumbnail_src,
	459	'ALT' => $name,
	460	'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
	461	'DATE'=>format_date($comment['date'], true),
	462	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
	463	);
[1598]	464
[3487]	465	if (can_manage_comment('delete', $comment['author_id']))
[1598]	466	{
[5195]	467	$url =
	468	get_root_url()
	469	.'comments.php'
	470	.get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
[5199]	471
[5195]	472	$tpl_comment['U_DELETE'] = add_url_params(
	473	$url,
	474	array(
	475	'delete' => $comment['comment_id'],
	476	'pwg_token' => get_pwg_token(),
	477	)
	478	);
[3445]	479	}
[5199]	480
[3450]	481	if (can_manage_comment('edit', $comment['author_id']))
[3445]	482	{
[5195]	483	$url =
	484	get_root_url()
	485	.'comments.php'
	486	.get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
[5199]	487
[5195]	488	$tpl_comment['U_EDIT'] = add_url_params(
	489	$url,
	490	array(
	491	'edit' => $comment['comment_id'],
	492	'pwg_token' => get_pwg_token(),
	493	)
	494	);
[5199]	495
[3487]	496	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
[1598]	497	{
[3445]	498	$tpl_comment['IN_EDIT'] = true;
	499	$key = get_comment_post_key($comment['image_id']);
	500	$tpl_comment['KEY'] = $key;
	501	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
	502	$tpl_comment['CONTENT'] = $comment['content'];
[1598]	503	}
	504	}
[3445]	505
[5195]	506	if (can_manage_comment('validate', $comment['author_id']))
[3445]	507	{
[5195]	508	if ('true' != $comment['validated'])
	509	{
	510	$tpl_comment['U_VALIDATE'] = add_url_params(
	511	$url,
	512	array(
	513	'validate'=> $comment['comment_id'],
	514	'pwg_token' => get_pwg_token(),
	515	)
	516	);
	517	}
[3445]	518	}
[2223]	519	$template->append('comments', $tpl_comment);
[166]	520	}
[579]	521	}
	522	// +-----------------------------------------------------------------------+
	523	// \| html code display \|
	524	// +-----------------------------------------------------------------------+
[2107]	525	include(PHPWG_ROOT_PATH.'include/page_header.php');
[2223]	526	$template->pparse('comments');
[1598]	527	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[2107]	528	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: