source: trunk/comments.php @ 20922

Last change on this file since 20922 was 20609, checked in by rvelices, 12 years ago

replaced page_messages.php with a function to call

  • Property svn:eol-style set to LF
File size: 17.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31if (!$conf['activate_comments'])
32{
33  page_not_found(null);
34}
35
36// +-----------------------------------------------------------------------+
37// | Check Access and exit when user status is not ok                      |
38// +-----------------------------------------------------------------------+
39check_status(ACCESS_GUEST);
40
41$sort_order = array(
42  'DESC' => l10n('descending'),
43  'ASC'  => l10n('ascending')
44  );
45
46// sort_by : database fields proposed for sorting comments list
47$sort_by = array(
48  'date' => l10n('comment date'),
49  'image_id' => l10n('photo')
50  );
51
52// items_number : list of number of items to display per page
53$items_number = array(5,10,20,50,'all');
54
55// if the default value is not in the expected values, we add it in the $items_number array
56if (!in_array($conf['comments_page_nb_comments'], $items_number))
57{
58  $items_number_new = array();
59
60  $is_inserted = false;
61
62  foreach ($items_number as $number)
63  {
64    if ($number > $conf['comments_page_nb_comments'] or ($number == 'all' and !$is_inserted))
65    {
66      $items_number_new[] = $conf['comments_page_nb_comments'];
67      $is_inserted = true;
68    }
69   
70    $items_number_new[] = $number;
71  }
72
73  $items_number = $items_number_new;
74}
75
76// since when display comments ?
77//
78$since_options = array(
79  1 => array('label' => l10n('today'),
80             'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
81  2 => array('label' => sprintf(l10n('last %d days'), 7),
82             'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
83  3 => array('label' => sprintf(l10n('last %d days'), 30),
84             'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
85  4 => array('label' => l10n('the beginning'),
86             'clause' => '1=1') // stupid but generic
87  );
88 
89trigger_action('loc_begin_comments');
90
91if (!empty($_GET['since']) && is_numeric($_GET['since']))
92{
93  $page['since'] = $_GET['since'];
94}
95else
96{
97  $page['since'] = 4;
98}
99
100// on which field sorting
101//
102$page['sort_by'] = 'date';
103// if the form was submitted, it overloads default behaviour
104if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
105{
106  $page['sort_by'] = $_GET['sort_by'];
107}
108
109// order to sort
110//
111$page['sort_order'] = 'DESC';
112// if the form was submitted, it overloads default behaviour
113if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
114{
115  $page['sort_order'] = $_GET['sort_order'];
116}
117
118// number of items to display
119//
120$page['items_number'] = $conf['comments_page_nb_comments'];
121if (isset($_GET['items_number']))
122{
123  $page['items_number'] = $_GET['items_number'];
124}
125if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
126{
127  $page['items_number'] = 10;
128}
129
130$page['where_clauses'] = array();
131
132// which category to filter on ?
133if (isset($_GET['cat']) and 0 != $_GET['cat'])
134{
135  check_input_parameter('cat', $_GET, false, PATTERN_ID);
136
137  $category_ids = get_subcat_ids(array($_GET['cat']));
138  if (empty($category_ids))
139  {
140    $category_ids = array(-1);
141  }
142
143  $page['where_clauses'][] =
144    'category_id IN ('.implode(',', $category_ids).')';
145}
146
147// search a particular author
148if (!empty($_GET['author']))
149{
150  $page['where_clauses'][] =
151    'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
152     OR author = \''.$_GET['author'].'\'';
153}
154
155// search a specific comment (if you're coming directly from an admin
156// notification email)
157if (!empty($_GET['comment_id']))
158{
159  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
160
161  // currently, the $_GET['comment_id'] is only used by admins from email
162  // for management purpose (validate/delete)
163  if (!is_admin())
164  {
165    $login_url =
166      get_root_url().'identification.php?redirect='
167      .urlencode(urlencode($_SERVER['REQUEST_URI']))
168      ;
169    redirect($login_url);
170  }
171
172  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
173}
174
175// search a substring among comments content
176if (!empty($_GET['keyword']))
177{
178  $page['where_clauses'][] =
179    '('.
180    implode(' AND ',
181            array_map(
182              create_function(
183                '$s',
184                'return "content LIKE \'%$s%\'";'
185                ),
186              preg_split('/[\s,;]+/', $_GET['keyword'] )
187              )
188      ).
189    ')';
190}
191
192$page['where_clauses'][] = $since_options[$page['since']]['clause'];
193
194// which status to filter on ?
195if ( !is_admin() )
196{
197  $page['where_clauses'][] = 'validated=\'true\'';
198}
199
200$page['where_clauses'][] = get_sql_condition_FandF
201  (
202    array
203      (
204        'forbidden_categories' => 'category_id',
205        'visible_categories' => 'category_id',
206        'visible_images' => 'ic.image_id'
207      ),
208    '', true
209  );
210
211// +-----------------------------------------------------------------------+
212// |                         comments management                           |
213// +-----------------------------------------------------------------------+
214
215$comment_id = null;
216$action = null;
217
218$actions = array('delete', 'validate', 'edit');
219foreach ($actions as $loop_action)
220{
221  if (isset($_GET[$loop_action]))
222  {
223    $action = $loop_action;
224    check_input_parameter($action, $_GET, false, PATTERN_ID);
225    $comment_id = $_GET[$action];
226    break;
227  }
228}
229
230if (isset($action))
231{
232  $comment_author_id = get_comment_author_id($comment_id);
233
234  if (can_manage_comment($action, $comment_author_id))
235  {
236    $perform_redirect = false;
237
238    if ('delete' == $action)
239    {
240      check_pwg_token();
241      delete_user_comment($comment_id);
242      $perform_redirect = true;
243    }
244
245    if ('validate' == $action)
246    {
247      check_pwg_token();
248      validate_user_comment($comment_id);
249      $perform_redirect = true;
250    }
251
252    if ('edit' == $action)
253    {
254      if (!empty($_POST['content']))
255      {
256        check_pwg_token();
257        $comment_action = update_user_comment(
258          array(
259            'comment_id' => $_GET['edit'],
260            'image_id' => $_POST['image_id'],
261            'content' => $_POST['content'],
262            'website_url' => @$_POST['website_url'],
263            ),
264          $_POST['key']
265          );
266       
267        switch ($comment_action)
268        {
269          case 'moderate':
270            $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
271          case 'validate':
272            $_SESSION['page_infos'][] = l10n('Your comment has been registered');
273            $perform_redirect = true;
274            break;
275          case 'reject':
276            $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
277            break;
278          default:
279            trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
280        }
281      }
282     
283      $edit_comment = $_GET['edit'];
284    }
285
286    if ($perform_redirect)
287    {
288      $redirect_url =
289        PHPWG_ROOT_PATH
290        .'comments.php'
291        .get_query_string_diff(array('delete','edit','validate','pwg_token'));
292
293      redirect($redirect_url);
294    }
295  }
296}
297
298// +-----------------------------------------------------------------------+
299// |                       page header and options                         |
300// +-----------------------------------------------------------------------+
301
302$title= l10n('User comments');
303$page['body_id'] = 'theCommentsPage';
304
305$template->set_filenames(array('comments'=>'comments.tpl'));
306$template->assign(
307  array(
308    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
309    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
310    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
311    )
312  );
313
314// +-----------------------------------------------------------------------+
315// |                          form construction                            |
316// +-----------------------------------------------------------------------+
317
318// Search in a particular category
319$blockname = 'categories';
320
321$query = '
322SELECT id, name, uppercats, global_rank
323  FROM '.CATEGORIES_TABLE.'
324'.get_sql_condition_FandF
325  (
326    array
327      (
328        'forbidden_categories' => 'id',
329        'visible_categories' => 'id'
330      ),
331    'WHERE'
332  ).'
333;';
334display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
335
336// Filter on recent comments...
337$tpl_var=array();
338foreach ($since_options as $id => $option)
339{
340  $tpl_var[ $id ] = $option['label'];
341}
342$template->assign( 'since_options', $tpl_var);
343$template->assign( 'since_options_selected', $page['since']);
344
345// Sort by
346$template->assign( 'sort_by_options', $sort_by);
347$template->assign( 'sort_by_options_selected', $page['sort_by']);
348
349// Sorting order
350$template->assign( 'sort_order_options', $sort_order);
351$template->assign( 'sort_order_options_selected', $page['sort_order']);
352
353
354// Number of items
355$blockname = 'items_number_option';
356$tpl_var=array();
357foreach ($items_number as $option)
358{
359  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
360}
361$template->assign( 'item_number_options', $tpl_var);
362$template->assign( 'item_number_options_selected', $page['items_number']);
363
364
365// +-----------------------------------------------------------------------+
366// |                            navigation bar                             |
367// +-----------------------------------------------------------------------+
368
369if (isset($_GET['start']) and is_numeric($_GET['start']))
370{
371  $start = $_GET['start'];
372}
373else
374{
375  $start = 0;
376}
377
378$query = '
379SELECT COUNT(DISTINCT(com.id))
380  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
381    INNER JOIN '.COMMENTS_TABLE.' AS com
382    ON ic.image_id = com.image_id
383    LEFT JOIN '.USERS_TABLE.' As u
384    ON u.'.$conf['user_fields']['id'].' = com.author_id
385  WHERE '.implode('
386    AND ', $page['where_clauses']).'
387;';
388list($counter) = pwg_db_fetch_row(pwg_query($query));
389
390$url = PHPWG_ROOT_PATH
391    .'comments.php'
392  .get_query_string_diff(array('start','delete','validate','pwg_token'));
393
394$navbar = create_navigation_bar($url,
395                                $counter,
396                                $start,
397                                $page['items_number'],
398                                '');
399
400$template->assign('navbar', $navbar);
401
402$url_self = PHPWG_ROOT_PATH
403    .'comments.php'
404  .get_query_string_diff(array('edit','delete','validate','pwg_token'));
405
406// +-----------------------------------------------------------------------+
407// |                        last comments display                          |
408// +-----------------------------------------------------------------------+
409
410$comments = array();
411$element_ids = array();
412$category_ids = array();
413
414$query = '
415SELECT com.id AS comment_id,
416       com.image_id,
417       com.author,
418       com.author_id,
419       u.'.$conf['user_fields']['email'].' AS user_email,
420       com.email,
421       com.date,
422       com.website_url,
423       com.content,
424       com.validated
425  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
426    INNER JOIN '.COMMENTS_TABLE.' AS com
427    ON ic.image_id = com.image_id
428    LEFT JOIN '.USERS_TABLE.' As u
429    ON u.'.$conf['user_fields']['id'].' = com.author_id
430  WHERE '.implode('
431    AND ', $page['where_clauses']).'
432  GROUP BY comment_id,
433       com.image_id,
434       com.author,
435       com.author_id,
436       com.date,
437       com.content,
438       com.validated
439  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
440if ('all' != $page['items_number'])
441{
442  $query.= '
443  LIMIT '.$page['items_number'].' OFFSET '.$start;
444}
445$query.= '
446;';
447$result = pwg_query($query);
448while ($row = pwg_db_fetch_assoc($result))
449{
450  array_push($comments, $row);
451  array_push($element_ids, $row['image_id']);
452}
453
454if (count($comments) > 0)
455{
456  // retrieving element informations
457  $elements = array();
458  $query = '
459SELECT *
460  FROM '.IMAGES_TABLE.'
461  WHERE id IN ('.implode(',', $element_ids).')
462;';
463  $result = pwg_query($query);
464  while ($row = pwg_db_fetch_assoc($result))
465  {
466    $elements[$row['id']] = $row;
467  }
468
469  // retrieving category informations
470  $query = '
471SELECT c.id, name, permalink, uppercats, com.id as comment_id
472  FROM '.CATEGORIES_TABLE.' AS c
473  LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
474  ON c.id=ic.category_id
475  LEFT JOIN '.COMMENTS_TABLE.' AS com
476  ON ic.image_id=com.image_id
477  '.get_sql_condition_FandF
478    (
479      array
480      (
481        'forbidden_categories' => 'c.id',
482        'visible_categories' => 'c.id'
483       ),
484      'WHERE'
485     ).'
486;';
487  $categories = hash_from_query($query, 'comment_id');
488
489  foreach ($comments as $comment)
490  {
491    if (!empty($elements[$comment['image_id']]['name']))
492    {
493      $name=$elements[$comment['image_id']]['name'];
494    }
495    else
496    {
497      $name=get_name_from_file($elements[$comment['image_id']]['file']);
498    }
499
500    // source of the thumbnail picture
501    $src_image = new SrcImage($elements[$comment['image_id']]);
502
503    // link to the full size picture
504    $url = make_picture_url(
505      array(
506        'category' => $categories[ $comment['comment_id'] ],
507        'image_id' => $comment['image_id'],
508        'image_file' => $elements[$comment['image_id']]['file'],
509        )
510      );
511     
512    $email = null;
513    if (!empty($comment['user_email']))
514    {
515      $email = $comment['user_email'];
516    }
517    else if (!empty($comment['email']))
518    {
519      $email = $comment['email'];
520    }
521
522    $tpl_comment = array(
523      'ID' => $comment['comment_id'],
524      'U_PICTURE' => $url,
525      'src_image' => $src_image,
526      'ALT' => $name,
527      'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
528      'WEBSITE_URL' => $comment['website_url'],
529      'DATE'=>format_date($comment['date'], true),
530      'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
531      );
532     
533    if (is_admin())
534    {
535      $tpl_comment['EMAIL'] = $email;
536    }
537
538    if (can_manage_comment('delete', $comment['author_id']))
539    {
540      $url =
541        get_root_url()
542        .'comments.php'
543        .get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
544
545      $tpl_comment['U_DELETE'] = add_url_params(
546        $url,
547        array(
548          'delete' => $comment['comment_id'],
549          'pwg_token' => get_pwg_token(),
550          )
551        );
552    }
553
554    if (can_manage_comment('edit', $comment['author_id']))
555    {
556      $url =
557        get_root_url()
558        .'comments.php'
559        .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
560
561      $tpl_comment['U_EDIT'] = add_url_params(
562        $url,
563        array(
564          'edit' => $comment['comment_id']
565          )
566        );
567
568      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
569      {
570        $tpl_comment['IN_EDIT'] = true;
571        $key = get_ephemeral_key(2, $comment['image_id']);
572        $tpl_comment['KEY'] = $key;
573        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
574        $tpl_comment['CONTENT'] = $comment['content'];
575        $tpl_comment['PWG_TOKEN'] = get_pwg_token();
576        $tpl_comment['U_CANCEL'] = $url_self;
577      }
578    }
579
580    if (can_manage_comment('validate', $comment['author_id']))
581    {
582      if ('true' != $comment['validated'])
583      {
584        $tpl_comment['U_VALIDATE'] = add_url_params(
585          $url,
586          array(
587            'validate'=> $comment['comment_id'],
588            'pwg_token' => get_pwg_token(),
589            )
590          );
591      }
592    }
593    $template->append('comments', $tpl_comment);
594  }
595}
596
597$derivative_params = trigger_event('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
598$template->assign( 'derivative_params', $derivative_params );
599
600// include menubar
601$themeconf = $template->get_template_vars('themeconf');
602if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
603{
604  include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
605}
606
607// +-----------------------------------------------------------------------+
608// |                           html code display                           |
609// +-----------------------------------------------------------------------+
610include(PHPWG_ROOT_PATH.'include/page_header.php');
611trigger_action('loc_end_comments');
612flush_page_messages();
613$template->pparse('comments');
614include(PHPWG_ROOT_PATH.'include/page_tail.php');
615?>
Note: See TracBrowser for help on using the repository browser.