source: trunk/comments.php @ 4210

Last change on this file since 4210 was 4182, checked in by nikrou, 15 years ago

bug 1220 : fix regression in display when search by author or by keyword contains quote.

  • Property svn:eol-style set to LF
File size: 13.4 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_GUEST);
35
36$sort_order = array(
37  'DESC' => l10n('descending'),
38  'ASC'  => l10n('ascending')
39  );
40
41// sort_by : database fields proposed for sorting comments list
42$sort_by = array(
43  'date' => l10n('comment date'),
44  'image_id' => l10n('picture')
45  );
46
47// items_number : list of number of items to display per page
48$items_number = array(5,10,20,50,'all');
49
50// since when display comments ?
51//
52$since_options = array(
53  1 => array('label' => l10n('today'),
54             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
55  2 => array('label' => sprintf(l10n('last %d days'), 7),
56             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
57  3 => array('label' => sprintf(l10n('last %d days'), 30),
58             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
59  4 => array('label' => l10n('the beginning'),
60             'clause' => '1=1') // stupid but generic
61  );
62
63if (!empty($_GET['since']) && is_numeric($_GET['since']))
64{
65  $page['since'] = $_GET['since'];
66}
67else
68{
69  $page['since'] = 4;
70}
71
72// on which field sorting
73//
74$page['sort_by'] = 'date';
75// if the form was submitted, it overloads default behaviour
76if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
77{
78  $page['sort_by'] = $_GET['sort_by'];
79}
80
81// order to sort
82//
83$page['sort_order'] = 'DESC';
84// if the form was submitted, it overloads default behaviour
85if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
86{
87  $page['sort_order'] = $_GET['sort_order'];
88}
89
90// number of items to display
91//
92$page['items_number'] = 10;
93if (isset($_GET['items_number']))
94{
95  $page['items_number'] = $_GET['items_number'];
96}
97if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
98{
99  $page['items_number'] = 10;
100}
101
102$page['where_clauses'] = array();
103
104// which category to filter on ?
105if (isset($_GET['cat']) and 0 != $_GET['cat'])
106{
107  $page['where_clauses'][] =
108    'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
109}
110
111// search a particular author
112if (!empty($_GET['author']))
113{
114  $page['where_clauses'][] =
115    'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
116     OR author = \''.$_GET['author'].'\'';
117}
118
119// search a substring among comments content
120if (!empty($_GET['keyword']))
121{
122  $page['where_clauses'][] =
123    '('.
124    implode(' AND ',
125            array_map(
126              create_function(
127                '$s',
128                'return "content LIKE \'%$s%\'";'
129                ),
130              preg_split('/[\s,;]+/', $_GET['keyword'] )
131              )
132      ).
133    ')';
134}
135
136$page['where_clauses'][] = $since_options[$page['since']]['clause'];
137
138// which status to filter on ?
139if ( !is_admin() )
140{
141  $page['where_clauses'][] = 'validated="true"';
142}
143
144$page['where_clauses'][] = get_sql_condition_FandF
145  (
146    array
147      (
148        'forbidden_categories' => 'category_id',
149        'visible_categories' => 'category_id',
150        'visible_images' => 'ic.image_id'
151      ),
152    '', true
153  );
154
155// +-----------------------------------------------------------------------+
156// |                         comments management                           |
157// +-----------------------------------------------------------------------+
158if (isset($_GET['delete']) and is_numeric($_GET['delete'])
159    and (is_admin() || $conf['user_can_delete_comment']))
160{// comments deletion
161  delete_user_comment($_GET['delete']);
162}
163
164if (isset($_GET['validate']) and is_numeric($_GET['validate'])
165      and !is_adviser() )
166{  // comments validation
167  check_status(ACCESS_ADMINISTRATOR);
168  $query = '
169UPDATE '.COMMENTS_TABLE.'
170  SET validated = \'true\'
171  , validation_date = NOW()
172  WHERE id='.$_GET['validate'].'
173;';
174  pwg_query($query);
175}
176
177if (isset($_GET['edit']) and is_numeric($_GET['edit'])
178    and (is_admin() || $conf['user_can_edit_comment']))
179{
180  if (!empty($_POST['content']))
181  {
182    update_user_comment(array('comment_id' => $_GET['edit'],
183                              'image_id' => $_POST['image_id'],
184                              'content' => $_POST['content']),
185                        $_POST['key']
186                        );
187
188    $edit_comment = null;
189  }
190  else
191  {
192    $edit_comment = $_GET['edit'];
193  }
194}
195
196// +-----------------------------------------------------------------------+
197// |                       page header and options                         |
198// +-----------------------------------------------------------------------+
199
200$title= l10n('User comments');
201$page['body_id'] = 'theCommentsPage';
202
203$template->set_filenames(array('comments'=>'comments.tpl'));
204$template->assign(
205  array(
206    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
207    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
208    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
209    )
210  );
211
212// +-----------------------------------------------------------------------+
213// |                          form construction                            |
214// +-----------------------------------------------------------------------+
215
216// Search in a particular category
217$blockname = 'categories';
218
219$query = '
220SELECT id, name, uppercats, global_rank
221  FROM '.CATEGORIES_TABLE.'
222'.get_sql_condition_FandF
223  (
224    array
225      (
226        'forbidden_categories' => 'id',
227        'visible_categories' => 'id'
228      ),
229    'WHERE'
230  ).'
231;';
232display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
233
234// Filter on recent comments...
235$tpl_var=array();
236foreach ($since_options as $id => $option)
237{
238  $tpl_var[ $id ] = $option['label'];
239}
240$template->assign( 'since_options', $tpl_var);
241$template->assign( 'since_options_selected', $page['since']);
242
243// Sort by
244$template->assign( 'sort_by_options', $sort_by);
245$template->assign( 'sort_by_options_selected', $page['sort_by']);
246
247// Sorting order
248$template->assign( 'sort_order_options', $sort_order);
249$template->assign( 'sort_order_options_selected', $page['sort_order']);
250
251
252// Number of items
253$blockname = 'items_number_option';
254$tpl_var=array();
255foreach ($items_number as $option)
256{
257  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
258}
259$template->assign( 'item_number_options', $tpl_var);
260$template->assign( 'item_number_options_selected', $page['items_number']);
261
262
263// +-----------------------------------------------------------------------+
264// |                            navigation bar                             |
265// +-----------------------------------------------------------------------+
266
267if (isset($_GET['start']) and is_numeric($_GET['start']))
268{
269  $start = $_GET['start'];
270}
271else
272{
273  $start = 0;
274}
275
276$query = '
277SELECT COUNT(DISTINCT(com.id))
278  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
279    INNER JOIN '.COMMENTS_TABLE.' AS com   
280    ON ic.image_id = com.image_id
281    LEFT JOIN '.USERS_TABLE.' As u
282    ON u.'.$conf['user_fields']['id'].' = com.author_id
283  WHERE '.implode('
284    AND ', $page['where_clauses']).'
285;';
286list($counter) = mysql_fetch_row(pwg_query($query));
287
288$url = PHPWG_ROOT_PATH
289    .'comments.php'
290    .get_query_string_diff(array('start','delete','validate'));
291
292$navbar = create_navigation_bar($url,
293                                $counter,
294                                $start,
295                                $page['items_number'],
296                                '');
297
298$template->assign('navbar', $navbar);
299
300// +-----------------------------------------------------------------------+
301// |                        last comments display                          |
302// +-----------------------------------------------------------------------+
303
304$comments = array();
305$element_ids = array();
306$category_ids = array();
307
308$query = '
309SELECT com.id AS comment_id
310     , com.image_id
311     , ic.category_id
312     , com.author
313     , com.author_id
314     , com.date
315     , com.content
316     , com.validated
317  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
318    INNER JOIN '.COMMENTS_TABLE.' AS com
319    ON ic.image_id = com.image_id
320    LEFT JOIN '.USERS_TABLE.' As u
321    ON u.'.$conf['user_fields']['id'].' = com.author_id
322  WHERE '.implode('
323    AND ', $page['where_clauses']).'
324  GROUP BY comment_id
325  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
326if ('all' != $page['items_number'])
327{
328  $query.= '
329  LIMIT '.$start.','.$page['items_number'];
330}
331$query.= '
332;';
333$result = pwg_query($query);
334while ($row = mysql_fetch_assoc($result))
335{
336  array_push($comments, $row);
337  array_push($element_ids, $row['image_id']);
338  array_push($category_ids, $row['category_id']);
339}
340
341if (count($comments) > 0)
342{
343  // retrieving element informations
344  $elements = array();
345  $query = '
346SELECT id, name, file, path, tn_ext
347  FROM '.IMAGES_TABLE.'
348  WHERE id IN ('.implode(',', $element_ids).')
349;';
350  $result = pwg_query($query);
351  while ($row = mysql_fetch_assoc($result))
352  {
353    $elements[$row['id']] = $row;
354  }
355
356  // retrieving category informations
357  $query = '
358SELECT id, name, permalink, uppercats
359  FROM '.CATEGORIES_TABLE.'
360  WHERE id IN ('.implode(',', $category_ids).')
361;';
362  $categories = hash_from_query($query, 'id');
363
364  foreach ($comments as $comment)
365  {
366    if (!empty($elements[$comment['image_id']]['name']))
367    {
368      $name=$elements[$comment['image_id']]['name'];
369    }
370    else
371    {
372      $name=get_name_from_file($elements[$comment['image_id']]['file']);
373    }
374
375    // source of the thumbnail picture
376    $thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
377
378    // link to the full size picture
379    $url = make_picture_url(
380            array(
381              'category' => $categories[ $comment['category_id'] ],
382              'image_id' => $comment['image_id'],
383              'image_file' => $elements[$comment['image_id']]['file'],
384            )
385          );
386
387    $tpl_comment =
388      array(
389        'U_PICTURE' => $url,
390        'TN_SRC' => $thumbnail_src,
391        'ALT' => $name,
392        'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
393        'DATE'=>format_date($comment['date'], true),
394        'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
395        );
396
397    if (can_manage_comment('delete', $comment['author_id']))
398    {
399      $url = get_root_url().'comments.php'
400        .get_query_string_diff(array('delete','validate','edit'));
401      $tpl_comment['U_DELETE'] =
402        add_url_params($url,
403                       array('delete'=>$comment['comment_id'])
404                       );
405    }
406    if (can_manage_comment('edit', $comment['author_id']))
407    {
408      $url = get_root_url().'comments.php'
409        .get_query_string_diff(array('edit', 'delete','validate'));
410      $tpl_comment['U_EDIT'] =
411        add_url_params($url,
412                       array('edit'=>$comment['comment_id'])
413                       );
414      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
415      {
416        $tpl_comment['IN_EDIT'] = true;
417        $key = get_comment_post_key($comment['image_id']);
418        $tpl_comment['KEY'] = $key;
419        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
420        $tpl_comment['CONTENT'] = $comment['content'];
421      }
422    }
423
424    if ( is_admin() && $comment['validated'] != 'true')
425    {
426      $tpl_comment['U_VALIDATE'] =
427        add_url_params($url,
428                       array('validate'=>$comment['comment_id'])
429                       );
430    }
431    $template->append('comments', $tpl_comment);
432  }
433}
434// +-----------------------------------------------------------------------+
435// |                           html code display                           |
436// +-----------------------------------------------------------------------+
437include(PHPWG_ROOT_PATH.'include/page_header.php');
438$template->pparse('comments');
439include(PHPWG_ROOT_PATH.'include/page_tail.php');
440?>
Note: See TracBrowser for help on using the repository browser.