Context Navigation

source: trunk/comments.php @ 1647

Last change on this file since 1647 was 1647, checked in by vdigital, 17 years ago
Undo 597: Unvalidated comments
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 13.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $Id: comments.php 1647 2006-12-10 11:33:54Z vdigital $
9	// \| last update : $Date: 2006-12-10 11:33:54 +0000 (Sun, 10 Dec 2006) $
10	// \| last modifier : $Author: vdigital $
11	// \| revision : $Revision: 1647 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	// +-----------------------------------------------------------------------+
29	// \| initialization \|
30	// +-----------------------------------------------------------------------+
31	define('PHPWG_ROOT_PATH','./');
32	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
33
34	// +-----------------------------------------------------------------------+
35	// \| Check Access and exit when user status is not ok \|
36	// +-----------------------------------------------------------------------+
37	check_status(ACCESS_GUEST);
38
39	$sort_order = array(
40	'descending' => 'DESC',
41	'ascending' => 'ASC'
42	);
43
44	// sort_by : database fields proposed for sorting comments list
45	$sort_by = array(
46	'date' => 'comment date',
47	'image_id' => 'picture'
48	);
49
50	// items_number : list of number of items to display per page
51	$items_number = array(5,10,20,50,'all');
52
53	// since when display comments ?
54	//
55	$since_options = array(
56	1 => array('label' => l10n('today'),
57	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
58	2 => array('label' => sprintf(l10n('last %d days'), 7),
59	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
60	3 => array('label' => sprintf(l10n('last %d days'), 30),
61	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
62	4 => array('label' => l10n('the beginning'),
63	'clause' => '1=1') // stupid but generic
64	);
65
66	$page['since'] = isset($_GET['since']) ? $_GET['since'] : 3;
67
68	// on which field sorting
69	//
70	$page['sort_by'] = 'date';
71	// if the form was submitted, it overloads default behaviour
72	if (isset($_GET['sort_by']))
73	{
74	$page['sort_by'] = $_GET['sort_by'];
75	}
76
77	// order to sort
78	//
79	$page['sort_order'] = $sort_order['descending'];
80	// if the form was submitted, it overloads default behaviour
81	if (isset($_GET['sort_order']))
82	{
83	$page['sort_order'] = $sort_order[$_GET['sort_order']];
84	}
85
86	// number of items to display
87	//
88	$page['items_number'] = 5;
89	if (isset($_GET['items_number']))
90	{
91	$page['items_number'] = $_GET['items_number'];
92	}
93
94	// which category to filter on ?
95	$page['cat_clause'] = '1=1';
96	if (isset($_GET['cat']) and 0 != $_GET['cat'])
97	{
98	$page['cat_clause'] =
99	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
100	}
101
102	// search a particular author
103	$page['author_clause'] = '1=1';
104	if (isset($_GET['author']) and !empty($_GET['author']))
105	{
106	if (function_exists('mysql_real_escape_string'))
107	{
108	$author = mysql_real_escape_string($_GET['author']);
109	}
110	else
111	{
112	$author = mysql_escape_string($_GET['author']);
113	}
114
115	$page['author_clause'] = 'author = \''.$author.'\'';
116	}
117
118	// search a substring among comments content
119	$page['keyword_clause'] = '1=1';
120	if (isset($_GET['keyword']) and !empty($_GET['keyword']))
121	{
122	if (function_exists('mysql_real_escape_string'))
123	{
124	$keyword = mysql_real_escape_string($_GET['keyword']);
125	}
126	else
127	{
128	$keyword = mysql_escape_string($_GET['keyword']);
129	}
130	$page['keyword_clause'] =
131	'('.
132	implode(' AND ',
133	array_map(
134	create_function(
135	'$s',
136	'return "content LIKE \'%$s%\'";'
137	),
138	preg_split('/[\s,;]+/', $keyword)
139	)
140	).
141	')';
142	}
143
144	// which status to filter on ?
145	if ( is_admin() )
146	{
147	$page['status_clause'] = '1=1';
148	}
149	else
150	{
151	$page['status_clause'] = 'validated="true"';
152	}
153
154
155	// +-----------------------------------------------------------------------+
156	// \| comments management \|
157	// +-----------------------------------------------------------------------+
158	if (isset($_GET['delete']) and is_numeric($_GET['delete'])
159	and !is_adviser() )
160	{// comments deletion
161	check_status(ACCESS_ADMINISTRATOR);
162	$query = '
163	DELETE FROM '.COMMENTS_TABLE.'
164	WHERE id='.$_GET['delete'].'
165	;';
166	pwg_query($query);
167	}
168
169	if (isset($_GET['validate']) and is_numeric($_GET['validate'])
170	and !is_adviser() )
171	{ // comments validation
172	check_status(ACCESS_ADMINISTRATOR);
173	$query = '
174	UPDATE '.COMMENTS_TABLE.'
175	SET validated = \'true\'
176	, validation_date = NOW()
177	WHERE id='.$_GET['validate'].'
178	;';
179	pwg_query($query);
180	}
181
182	// +-----------------------------------------------------------------------+
183	// \| page header and options \|
184	// +-----------------------------------------------------------------------+
185
186	$title= l10n('title_comments');
187	$page['body_id'] = 'theCommentsPage';
188	include(PHPWG_ROOT_PATH.'include/page_header.php');
189
190	$template->set_filenames(array('comments'=>'comments.tpl'));
191	$template->assign_vars(
192	array(
193	'L_COMMENT_TITLE' => $title,
194
195	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
196	'F_KEYWORD'=>@$_GET['keyword'],
197	'F_AUTHOR'=>@$_GET['author'],
198
199	'U_HOME' => make_index_url(),
200	)
201	);
202
203	// +-----------------------------------------------------------------------+
204	// \| form construction \|
205	// +-----------------------------------------------------------------------+
206
207	// Search in a particular category
208	$blockname = 'category';
209
210	$template->assign_block_vars(
211	$blockname,
212	array('SELECTED' => '',
213	'VALUE'=> 0,
214	'OPTION' => '------------'
215	));
216
217	$query = '
218	SELECT id,name,uppercats,global_rank
219	FROM '.CATEGORIES_TABLE;
220	if ($user['forbidden_categories'] != '')
221	{
222	$query.= '
223	WHERE id NOT IN ('.$user['forbidden_categories'].')';
224	}
225	$query.= '
226	;';
227	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
228
229	// Filter on recent comments...
230	$blockname = 'since_option';
231
232	foreach ($since_options as $id => $option)
233	{
234	$selected = ($id == $page['since']) ? 'selected="selected"' : '';
235
236	$template->assign_block_vars(
237	$blockname,
238	array('SELECTED' => $selected,
239	'VALUE'=> $id,
240	'CONTENT' => $option['label']
241	));
242	}
243
244	// Sort by
245	$blockname = 'sort_by_option';
246
247	foreach ($sort_by as $key => $value)
248	{
249	$selected = ($key == $page['sort_by']) ? 'selected="selected"' : '';
250
251	$template->assign_block_vars(
252	$blockname,
253	array('SELECTED' => $selected,
254	'VALUE'=> $key,
255	'CONTENT' => l10n($value)
256	));
257	}
258
259	// Sorting order
260	$blockname = 'sort_order_option';
261
262	foreach (array_keys($sort_order) as $option)
263	{
264	$selected = ($option == $page['sort_order']) ? 'selected="selected"' : '';
265
266	$template->assign_block_vars(
267	$blockname,
268	array('SELECTED' => $selected,
269	'VALUE'=> $option,
270	'CONTENT' => l10n($option)
271	));
272	}
273
274	// Number of items
275	$blockname = 'items_number_option';
276
277	foreach ($items_number as $option)
278	{
279	$selected = ($option == $page['items_number']) ? 'selected="selected"' : '';
280
281	$template->assign_block_vars(
282	$blockname,
283	array('SELECTED' => $selected,
284	'VALUE'=> $option,
285	'CONTENT' => is_numeric($option) ? $option : l10n($option)
286	));
287	}
288
289	// +-----------------------------------------------------------------------+
290	// \| navigation bar \|
291	// +-----------------------------------------------------------------------+
292
293	if (isset($_GET['start']) and is_numeric($_GET['start']))
294	{
295	$start = $_GET['start'];
296	}
297	else
298	{
299	$start = 0;
300	}
301
302	$query = '
303	SELECT COUNT(DISTINCT(id))
304	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
305	INNER JOIN '.COMMENTS_TABLE.' AS com
306	ON ic.image_id = com.image_id
307	WHERE '.$since_options[$page['since']]['clause'].'
308	AND '.$page['cat_clause'].'
309	AND '.$page['author_clause'].'
310	AND '.$page['keyword_clause'].'
311	AND '.$page['status_clause'];
312	if ($user['forbidden_categories'] != '')
313	{
314	$query.= '
315	AND category_id NOT IN ('.$user['forbidden_categories'].')';
316	}
317	$query.= '
318	;';
319	list($counter) = mysql_fetch_row(pwg_query($query));
320
321	$url = PHPWG_ROOT_PATH
322	.'comments.php'
323	.get_query_string_diff(array('start','delete','validate'));
324
325	$navbar = create_navigation_bar($url,
326	$counter,
327	$start,
328	$page['items_number'],
329	'');
330
331	$template->assign_vars(array('NAVBAR' => $navbar));
332
333	// +-----------------------------------------------------------------------+
334	// \| last comments display \|
335	// +-----------------------------------------------------------------------+
336
337	$comments = array();
338	$element_ids = array();
339	$category_ids = array();
340
341	$query = '
342	SELECT com.id AS comment_id
343	, com.image_id
344	, ic.category_id
345	, com.author
346	, com.date
347	, com.content
348	, com.id AS comment_id
349	, com.validated
350	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
351	INNER JOIN '.COMMENTS_TABLE.' AS com
352	ON ic.image_id = com.image_id
353	WHERE '.$since_options[$page['since']]['clause'].'
354	AND '.$page['cat_clause'].'
355	AND '.$page['author_clause'].'
356	AND '.$page['keyword_clause'].'
357	AND '.$page['status_clause'];
358	if ($user['forbidden_categories'] != '')
359	{
360	$query.= '
361	AND category_id NOT IN ('.$user['forbidden_categories'].')';
362	}
363	$query.= '
364	GROUP BY comment_id
365	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
366	if ('all' != $page['items_number'])
367	{
368	$query.= '
369	LIMIT '.$start.','.$page['items_number'];
370	}
371	$query.= '
372	;';
373	$result = pwg_query($query);
374	while ($row = mysql_fetch_assoc($result))
375	{
376	array_push($comments, $row);
377	array_push($element_ids, $row['image_id']);
378	array_push($category_ids, $row['category_id']);
379	}
380
381	if (count($comments) > 0)
382	{
383	// retrieving element informations
384	$elements = array();
385	$query = '
386	SELECT id, name, file, path, tn_ext
387	FROM '.IMAGES_TABLE.'
388	WHERE id IN ('.implode(',', $element_ids).')
389	;';
390	$result = pwg_query($query);
391	while ($row = mysql_fetch_assoc($result))
392	{
393	$elements[$row['id']] = $row;
394	}
395
396	// retrieving category informations
397	$categories = array();
398	$query = '
399	SELECT id, name, uppercats
400	FROM '.CATEGORIES_TABLE.'
401	WHERE id IN ('.implode(',', $category_ids).')
402	;';
403	$result = pwg_query($query);
404	while ($row = mysql_fetch_assoc($result))
405	{
406	$categories[$row['id']] = $row;
407	}
408
409	foreach ($comments as $comment)
410	{
411	if (!empty($elements[$comment['image_id']]['name']))
412	{
413	$name=$elements[$comment['image_id']]['name'];
414	}
415	else
416	{
417	$name=get_name_from_file($elements[$comment['image_id']]['file']);
418	}
419
420	// source of the thumbnail picture
421	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
422
423	// link to the full size picture
424	$url = make_picture_url(
425	array(
426	'category' => $comment['category_id'],
427	'cat_name' => $categories[ $comment['category_id']] ['name'],
428	'image_id' => $comment['image_id'],
429	'image_file' => $elements[$comment['image_id']]['file'],
430	)
431	);
432
433	$author = $comment['author'];
434	if (empty($comment['author']))
435	{
436	$author = l10n('guest');
437	}
438
439	$template->assign_block_vars(
440	'comment',
441	array(
442	'U_PICTURE' => $url,
443	'TN_SRC' => $thumbnail_src,
444	'ALT' => $name,
445	'AUTHOR' => $author,
446	'DATE'=>format_date($comment['date'],'mysql_datetime',true),
447	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
448	));
449
450	if ( is_admin() )
451	{
452	$url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate'));
453	$template->assign_block_vars(
454	'comment.action_delete',
455	array(
456	'U_DELETE' => add_url_params($url,
457	array('delete'=>$comment['comment_id'])
458	),
459	));
460	if ($comment['validated'] != 'true')
461	{
462	$template->assign_block_vars(
463	'comment.action_validate',
464	array(
465	'U_VALIDATE' => add_url_params($url,
466	array('validate'=>$comment['comment_id'])
467	),
468	));
469	}
470	}
471	}
472	}
473	// +-----------------------------------------------------------------------+
474	// \| html code display \|
475	// +-----------------------------------------------------------------------+
476	$template->assign_block_vars('title',array());
477	$template->parse('comments');
478	include(PHPWG_ROOT_PATH.'include/page_tail.php');
479	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: