Context Navigation

source: trunk/comments.php @ 21631

Last change on this file since 21631 was 20609, checked in by rvelices, 12 years ago
replaced page_messages.php with a function to call
Property svn:eol-style set to `LF`
File size: 17.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	// +-----------------------------------------------------------------------+
25	// \| initialization \|
26	// +-----------------------------------------------------------------------+
27	define('PHPWG_ROOT_PATH','./');
28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31	if (!$conf['activate_comments'])
32	{
33	page_not_found(null);
34	}
35
36	// +-----------------------------------------------------------------------+
37	// \| Check Access and exit when user status is not ok \|
38	// +-----------------------------------------------------------------------+
39	check_status(ACCESS_GUEST);
40
41	$sort_order = array(
42	'DESC' => l10n('descending'),
43	'ASC' => l10n('ascending')
44	);
45
46	// sort_by : database fields proposed for sorting comments list
47	$sort_by = array(
48	'date' => l10n('comment date'),
49	'image_id' => l10n('photo')
50	);
51
52	// items_number : list of number of items to display per page
53	$items_number = array(5,10,20,50,'all');
54
55	// if the default value is not in the expected values, we add it in the $items_number array
56	if (!in_array($conf['comments_page_nb_comments'], $items_number))
57	{
58	$items_number_new = array();
59
60	$is_inserted = false;
61
62	foreach ($items_number as $number)
63	{
64	if ($number > $conf['comments_page_nb_comments'] or ($number == 'all' and !$is_inserted))
65	{
66	$items_number_new[] = $conf['comments_page_nb_comments'];
67	$is_inserted = true;
68	}
69
70	$items_number_new[] = $number;
71	}
72
73	$items_number = $items_number_new;
74	}
75
76	// since when display comments ?
77	//
78	$since_options = array(
79	1 => array('label' => l10n('today'),
80	'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
81	2 => array('label' => sprintf(l10n('last %d days'), 7),
82	'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
83	3 => array('label' => sprintf(l10n('last %d days'), 30),
84	'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
85	4 => array('label' => l10n('the beginning'),
86	'clause' => '1=1') // stupid but generic
87	);
88
89	trigger_action('loc_begin_comments');
90
91	if (!empty($_GET['since']) && is_numeric($_GET['since']))
92	{
93	$page['since'] = $_GET['since'];
94	}
95	else
96	{
97	$page['since'] = 4;
98	}
99
100	// on which field sorting
101	//
102	$page['sort_by'] = 'date';
103	// if the form was submitted, it overloads default behaviour
104	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
105	{
106	$page['sort_by'] = $_GET['sort_by'];
107	}
108
109	// order to sort
110	//
111	$page['sort_order'] = 'DESC';
112	// if the form was submitted, it overloads default behaviour
113	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
114	{
115	$page['sort_order'] = $_GET['sort_order'];
116	}
117
118	// number of items to display
119	//
120	$page['items_number'] = $conf['comments_page_nb_comments'];
121	if (isset($_GET['items_number']))
122	{
123	$page['items_number'] = $_GET['items_number'];
124	}
125	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
126	{
127	$page['items_number'] = 10;
128	}
129
130	$page['where_clauses'] = array();
131
132	// which category to filter on ?
133	if (isset($_GET['cat']) and 0 != $_GET['cat'])
134	{
135	check_input_parameter('cat', $_GET, false, PATTERN_ID);
136
137	$category_ids = get_subcat_ids(array($_GET['cat']));
138	if (empty($category_ids))
139	{
140	$category_ids = array(-1);
141	}
142
143	$page['where_clauses'][] =
144	'category_id IN ('.implode(',', $category_ids).')';
145	}
146
147	// search a particular author
148	if (!empty($_GET['author']))
149	{
150	$page['where_clauses'][] =
151	'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
152	OR author = \''.$_GET['author'].'\'';
153	}
154
155	// search a specific comment (if you're coming directly from an admin
156	// notification email)
157	if (!empty($_GET['comment_id']))
158	{
159	check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
160
161	// currently, the $_GET['comment_id'] is only used by admins from email
162	// for management purpose (validate/delete)
163	if (!is_admin())
164	{
165	$login_url =
166	get_root_url().'identification.php?redirect='
167	.urlencode(urlencode($_SERVER['REQUEST_URI']))
168	;
169	redirect($login_url);
170	}
171
172	$page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
173	}
174
175	// search a substring among comments content
176	if (!empty($_GET['keyword']))
177	{
178	$page['where_clauses'][] =
179	'('.
180	implode(' AND ',
181	array_map(
182	create_function(
183	'$s',
184	'return "content LIKE \'%$s%\'";'
185	),
186	preg_split('/[\s,;]+/', $_GET['keyword'] )
187	)
188	).
189	')';
190	}
191
192	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
193
194	// which status to filter on ?
195	if ( !is_admin() )
196	{
197	$page['where_clauses'][] = 'validated=\'true\'';
198	}
199
200	$page['where_clauses'][] = get_sql_condition_FandF
201	(
202	array
203	(
204	'forbidden_categories' => 'category_id',
205	'visible_categories' => 'category_id',
206	'visible_images' => 'ic.image_id'
207	),
208	'', true
209	);
210
211	// +-----------------------------------------------------------------------+
212	// \| comments management \|
213	// +-----------------------------------------------------------------------+
214
215	$comment_id = null;
216	$action = null;
217
218	$actions = array('delete', 'validate', 'edit');
219	foreach ($actions as $loop_action)
220	{
221	if (isset($_GET[$loop_action]))
222	{
223	$action = $loop_action;
224	check_input_parameter($action, $_GET, false, PATTERN_ID);
225	$comment_id = $_GET[$action];
226	break;
227	}
228	}
229
230	if (isset($action))
231	{
232	$comment_author_id = get_comment_author_id($comment_id);
233
234	if (can_manage_comment($action, $comment_author_id))
235	{
236	$perform_redirect = false;
237
238	if ('delete' == $action)
239	{
240	check_pwg_token();
241	delete_user_comment($comment_id);
242	$perform_redirect = true;
243	}
244
245	if ('validate' == $action)
246	{
247	check_pwg_token();
248	validate_user_comment($comment_id);
249	$perform_redirect = true;
250	}
251
252	if ('edit' == $action)
253	{
254	if (!empty($_POST['content']))
255	{
256	check_pwg_token();
257	$comment_action = update_user_comment(
258	array(
259	'comment_id' => $_GET['edit'],
260	'image_id' => $_POST['image_id'],
261	'content' => $_POST['content'],
262	'website_url' => @$_POST['website_url'],
263	),
264	$_POST['key']
265	);
266
267	switch ($comment_action)
268	{
269	case 'moderate':
270	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
271	case 'validate':
272	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
273	$perform_redirect = true;
274	break;
275	case 'reject':
276	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
277	break;
278	default:
279	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
280	}
281	}
282
283	$edit_comment = $_GET['edit'];
284	}
285
286	if ($perform_redirect)
287	{
288	$redirect_url =
289	PHPWG_ROOT_PATH
290	.'comments.php'
291	.get_query_string_diff(array('delete','edit','validate','pwg_token'));
292
293	redirect($redirect_url);
294	}
295	}
296	}
297
298	// +-----------------------------------------------------------------------+
299	// \| page header and options \|
300	// +-----------------------------------------------------------------------+
301
302	$title= l10n('User comments');
303	$page['body_id'] = 'theCommentsPage';
304
305	$template->set_filenames(array('comments'=>'comments.tpl'));
306	$template->assign(
307	array(
308	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
309	'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
310	'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
311	)
312	);
313
314	// +-----------------------------------------------------------------------+
315	// \| form construction \|
316	// +-----------------------------------------------------------------------+
317
318	// Search in a particular category
319	$blockname = 'categories';
320
321	$query = '
322	SELECT id, name, uppercats, global_rank
323	FROM '.CATEGORIES_TABLE.'
324	'.get_sql_condition_FandF
325	(
326	array
327	(
328	'forbidden_categories' => 'id',
329	'visible_categories' => 'id'
330	),
331	'WHERE'
332	).'
333	;';
334	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
335
336	// Filter on recent comments...
337	$tpl_var=array();
338	foreach ($since_options as $id => $option)
339	{
340	$tpl_var[ $id ] = $option['label'];
341	}
342	$template->assign( 'since_options', $tpl_var);
343	$template->assign( 'since_options_selected', $page['since']);
344
345	// Sort by
346	$template->assign( 'sort_by_options', $sort_by);
347	$template->assign( 'sort_by_options_selected', $page['sort_by']);
348
349	// Sorting order
350	$template->assign( 'sort_order_options', $sort_order);
351	$template->assign( 'sort_order_options_selected', $page['sort_order']);
352
353
354	// Number of items
355	$blockname = 'items_number_option';
356	$tpl_var=array();
357	foreach ($items_number as $option)
358	{
359	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
360	}
361	$template->assign( 'item_number_options', $tpl_var);
362	$template->assign( 'item_number_options_selected', $page['items_number']);
363
364
365	// +-----------------------------------------------------------------------+
366	// \| navigation bar \|
367	// +-----------------------------------------------------------------------+
368
369	if (isset($_GET['start']) and is_numeric($_GET['start']))
370	{
371	$start = $_GET['start'];
372	}
373	else
374	{
375	$start = 0;
376	}
377
378	$query = '
379	SELECT COUNT(DISTINCT(com.id))
380	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
381	INNER JOIN '.COMMENTS_TABLE.' AS com
382	ON ic.image_id = com.image_id
383	LEFT JOIN '.USERS_TABLE.' As u
384	ON u.'.$conf['user_fields']['id'].' = com.author_id
385	WHERE '.implode('
386	AND ', $page['where_clauses']).'
387	;';
388	list($counter) = pwg_db_fetch_row(pwg_query($query));
389
390	$url = PHPWG_ROOT_PATH
391	.'comments.php'
392	.get_query_string_diff(array('start','delete','validate','pwg_token'));
393
394	$navbar = create_navigation_bar($url,
395	$counter,
396	$start,
397	$page['items_number'],
398	'');
399
400	$template->assign('navbar', $navbar);
401
402	$url_self = PHPWG_ROOT_PATH
403	.'comments.php'
404	.get_query_string_diff(array('edit','delete','validate','pwg_token'));
405
406	// +-----------------------------------------------------------------------+
407	// \| last comments display \|
408	// +-----------------------------------------------------------------------+
409
410	$comments = array();
411	$element_ids = array();
412	$category_ids = array();
413
414	$query = '
415	SELECT com.id AS comment_id,
416	com.image_id,
417	com.author,
418	com.author_id,
419	u.'.$conf['user_fields']['email'].' AS user_email,
420	com.email,
421	com.date,
422	com.website_url,
423	com.content,
424	com.validated
425	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
426	INNER JOIN '.COMMENTS_TABLE.' AS com
427	ON ic.image_id = com.image_id
428	LEFT JOIN '.USERS_TABLE.' As u
429	ON u.'.$conf['user_fields']['id'].' = com.author_id
430	WHERE '.implode('
431	AND ', $page['where_clauses']).'
432	GROUP BY comment_id,
433	com.image_id,
434	com.author,
435	com.author_id,
436	com.date,
437	com.content,
438	com.validated
439	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
440	if ('all' != $page['items_number'])
441	{
442	$query.= '
443	LIMIT '.$page['items_number'].' OFFSET '.$start;
444	}
445	$query.= '
446	;';
447	$result = pwg_query($query);
448	while ($row = pwg_db_fetch_assoc($result))
449	{
450	array_push($comments, $row);
451	array_push($element_ids, $row['image_id']);
452	}
453
454	if (count($comments) > 0)
455	{
456	// retrieving element informations
457	$elements = array();
458	$query = '
459	SELECT *
460	FROM '.IMAGES_TABLE.'
461	WHERE id IN ('.implode(',', $element_ids).')
462	;';
463	$result = pwg_query($query);
464	while ($row = pwg_db_fetch_assoc($result))
465	{
466	$elements[$row['id']] = $row;
467	}
468
469	// retrieving category informations
470	$query = '
471	SELECT c.id, name, permalink, uppercats, com.id as comment_id
472	FROM '.CATEGORIES_TABLE.' AS c
473	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
474	ON c.id=ic.category_id
475	LEFT JOIN '.COMMENTS_TABLE.' AS com
476	ON ic.image_id=com.image_id
477	'.get_sql_condition_FandF
478	(
479	array
480	(
481	'forbidden_categories' => 'c.id',
482	'visible_categories' => 'c.id'
483	),
484	'WHERE'
485	).'
486	;';
487	$categories = hash_from_query($query, 'comment_id');
488
489	foreach ($comments as $comment)
490	{
491	if (!empty($elements[$comment['image_id']]['name']))
492	{
493	$name=$elements[$comment['image_id']]['name'];
494	}
495	else
496	{
497	$name=get_name_from_file($elements[$comment['image_id']]['file']);
498	}
499
500	// source of the thumbnail picture
501	$src_image = new SrcImage($elements[$comment['image_id']]);
502
503	// link to the full size picture
504	$url = make_picture_url(
505	array(
506	'category' => $categories[ $comment['comment_id'] ],
507	'image_id' => $comment['image_id'],
508	'image_file' => $elements[$comment['image_id']]['file'],
509	)
510	);
511
512	$email = null;
513	if (!empty($comment['user_email']))
514	{
515	$email = $comment['user_email'];
516	}
517	else if (!empty($comment['email']))
518	{
519	$email = $comment['email'];
520	}
521
522	$tpl_comment = array(
523	'ID' => $comment['comment_id'],
524	'U_PICTURE' => $url,
525	'src_image' => $src_image,
526	'ALT' => $name,
527	'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
528	'WEBSITE_URL' => $comment['website_url'],
529	'DATE'=>format_date($comment['date'], true),
530	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
531	);
532
533	if (is_admin())
534	{
535	$tpl_comment['EMAIL'] = $email;
536	}
537
538	if (can_manage_comment('delete', $comment['author_id']))
539	{
540	$url =
541	get_root_url()
542	.'comments.php'
543	.get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
544
545	$tpl_comment['U_DELETE'] = add_url_params(
546	$url,
547	array(
548	'delete' => $comment['comment_id'],
549	'pwg_token' => get_pwg_token(),
550	)
551	);
552	}
553
554	if (can_manage_comment('edit', $comment['author_id']))
555	{
556	$url =
557	get_root_url()
558	.'comments.php'
559	.get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
560
561	$tpl_comment['U_EDIT'] = add_url_params(
562	$url,
563	array(
564	'edit' => $comment['comment_id']
565	)
566	);
567
568	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
569	{
570	$tpl_comment['IN_EDIT'] = true;
571	$key = get_ephemeral_key(2, $comment['image_id']);
572	$tpl_comment['KEY'] = $key;
573	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
574	$tpl_comment['CONTENT'] = $comment['content'];
575	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
576	$tpl_comment['U_CANCEL'] = $url_self;
577	}
578	}
579
580	if (can_manage_comment('validate', $comment['author_id']))
581	{
582	if ('true' != $comment['validated'])
583	{
584	$tpl_comment['U_VALIDATE'] = add_url_params(
585	$url,
586	array(
587	'validate'=> $comment['comment_id'],
588	'pwg_token' => get_pwg_token(),
589	)
590	);
591	}
592	}
593	$template->append('comments', $tpl_comment);
594	}
595	}
596
597	$derivative_params = trigger_event('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
598	$template->assign( 'derivative_params', $derivative_params );
599
600	// include menubar
601	$themeconf = $template->get_template_vars('themeconf');
602	if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
603	{
604	include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
605	}
606
607	// +-----------------------------------------------------------------------+
608	// \| html code display \|
609	// +-----------------------------------------------------------------------+
610	include(PHPWG_ROOT_PATH.'include/page_header.php');
611	trigger_action('loc_end_comments');
612	flush_page_messages();
613	$template->pparse('comments');
614	include(PHPWG_ROOT_PATH.'include/page_tail.php');
615	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: