source: trunk/comments.php @ 1665

Last change on this file since 1665 was 1647, checked in by vdigital, 18 years ago

Undo 597: Unvalidated comments

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 13.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $Id: comments.php 1647 2006-12-10 11:33:54Z vdigital $
9// | last update   : $Date: 2006-12-10 11:33:54 +0000 (Sun, 10 Dec 2006) $
10// | last modifier : $Author: vdigital $
11// | revision      : $Revision: 1647 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// +-----------------------------------------------------------------------+
29// |                           initialization                              |
30// +-----------------------------------------------------------------------+
31define('PHPWG_ROOT_PATH','./');
32include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
33
34// +-----------------------------------------------------------------------+
35// | Check Access and exit when user status is not ok                      |
36// +-----------------------------------------------------------------------+
37check_status(ACCESS_GUEST);
38
39$sort_order = array(
40  'descending' => 'DESC',
41  'ascending' => 'ASC'
42  );
43
44// sort_by : database fields proposed for sorting comments list
45$sort_by = array(
46  'date' => 'comment date',
47  'image_id' => 'picture'
48  );
49
50// items_number : list of number of items to display per page
51$items_number = array(5,10,20,50,'all');
52
53// since when display comments ?
54//
55$since_options = array(
56  1 => array('label' => l10n('today'),
57             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
58  2 => array('label' => sprintf(l10n('last %d days'), 7),
59             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
60  3 => array('label' => sprintf(l10n('last %d days'), 30),
61             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
62  4 => array('label' => l10n('the beginning'),
63             'clause' => '1=1') // stupid but generic
64  );
65
66$page['since'] = isset($_GET['since']) ? $_GET['since'] : 3;
67
68// on which field sorting
69//
70$page['sort_by'] = 'date';
71// if the form was submitted, it overloads default behaviour
72if (isset($_GET['sort_by']))
73{
74  $page['sort_by'] = $_GET['sort_by'];
75}
76
77// order to sort
78//
79$page['sort_order'] = $sort_order['descending'];
80// if the form was submitted, it overloads default behaviour
81if (isset($_GET['sort_order']))
82{
83  $page['sort_order'] = $sort_order[$_GET['sort_order']];
84}
85
86// number of items to display
87//
88$page['items_number'] = 5;
89if (isset($_GET['items_number']))
90{
91  $page['items_number'] = $_GET['items_number'];
92}
93
94// which category to filter on ?
95$page['cat_clause'] = '1=1';
96if (isset($_GET['cat']) and 0 != $_GET['cat'])
97{
98  $page['cat_clause'] =
99    'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
100}
101
102// search a particular author
103$page['author_clause'] = '1=1';
104if (isset($_GET['author']) and !empty($_GET['author']))
105{
106  if (function_exists('mysql_real_escape_string'))
107  {
108    $author = mysql_real_escape_string($_GET['author']);
109  }
110  else
111  {
112    $author = mysql_escape_string($_GET['author']);
113  }
114
115  $page['author_clause'] = 'author = \''.$author.'\'';
116}
117
118// search a substring among comments content
119$page['keyword_clause'] = '1=1';
120if (isset($_GET['keyword']) and !empty($_GET['keyword']))
121{
122  if (function_exists('mysql_real_escape_string'))
123  {
124    $keyword = mysql_real_escape_string($_GET['keyword']);
125  }
126  else
127  {
128    $keyword = mysql_escape_string($_GET['keyword']);
129  }
130  $page['keyword_clause'] =
131    '('.
132    implode(' AND ',
133            array_map(
134              create_function(
135                '$s',
136                'return "content LIKE \'%$s%\'";'
137                ),
138              preg_split('/[\s,;]+/', $keyword)
139              )
140      ).
141    ')';
142}
143
144// which status to filter on ?
145if ( is_admin() )
146{
147  $page['status_clause'] = '1=1';
148}
149else
150{
151  $page['status_clause'] = 'validated="true"';
152}
153
154
155// +-----------------------------------------------------------------------+
156// |                         comments management                           |
157// +-----------------------------------------------------------------------+
158if (isset($_GET['delete']) and is_numeric($_GET['delete'])
159      and !is_adviser() )
160{// comments deletion
161  check_status(ACCESS_ADMINISTRATOR);
162  $query = '
163DELETE FROM '.COMMENTS_TABLE.'
164  WHERE id='.$_GET['delete'].'
165;';
166  pwg_query($query);
167}
168
169if (isset($_GET['validate']) and is_numeric($_GET['validate'])
170      and !is_adviser() )
171{  // comments validation
172  check_status(ACCESS_ADMINISTRATOR);
173  $query = '
174UPDATE '.COMMENTS_TABLE.'
175  SET validated = \'true\'
176  , validation_date = NOW()
177  WHERE id='.$_GET['validate'].'
178;';
179  pwg_query($query);
180}
181
182// +-----------------------------------------------------------------------+
183// |                       page header and options                         |
184// +-----------------------------------------------------------------------+
185
186$title= l10n('title_comments');
187$page['body_id'] = 'theCommentsPage';
188include(PHPWG_ROOT_PATH.'include/page_header.php');
189
190$template->set_filenames(array('comments'=>'comments.tpl'));
191$template->assign_vars(
192  array(
193    'L_COMMENT_TITLE' => $title,
194
195    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
196    'F_KEYWORD'=>@$_GET['keyword'],
197    'F_AUTHOR'=>@$_GET['author'],
198
199    'U_HOME' => make_index_url(),
200    )
201  );
202
203// +-----------------------------------------------------------------------+
204// |                          form construction                            |
205// +-----------------------------------------------------------------------+
206
207// Search in a particular category
208$blockname = 'category';
209
210$template->assign_block_vars(
211  $blockname,
212  array('SELECTED' => '',
213        'VALUE'=> 0,
214        'OPTION' => '------------'
215    ));
216
217$query = '
218SELECT id,name,uppercats,global_rank
219  FROM '.CATEGORIES_TABLE;
220if ($user['forbidden_categories'] != '')
221{
222  $query.= '
223    WHERE id NOT IN ('.$user['forbidden_categories'].')';
224}
225$query.= '
226;';
227display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
228
229// Filter on recent comments...
230$blockname = 'since_option';
231
232foreach ($since_options as $id => $option)
233{
234  $selected = ($id == $page['since']) ? 'selected="selected"' : '';
235
236  $template->assign_block_vars(
237    $blockname,
238    array('SELECTED' => $selected,
239          'VALUE'=> $id,
240          'CONTENT' => $option['label']
241      ));
242}
243
244// Sort by
245$blockname = 'sort_by_option';
246
247foreach ($sort_by as $key => $value)
248{
249  $selected = ($key == $page['sort_by']) ? 'selected="selected"' : '';
250
251  $template->assign_block_vars(
252    $blockname,
253    array('SELECTED' => $selected,
254          'VALUE'=> $key,
255          'CONTENT' => l10n($value)
256      ));
257}
258
259// Sorting order
260$blockname = 'sort_order_option';
261
262foreach (array_keys($sort_order) as $option)
263{
264  $selected = ($option == $page['sort_order']) ? 'selected="selected"' : '';
265
266  $template->assign_block_vars(
267    $blockname,
268    array('SELECTED' => $selected,
269          'VALUE'=> $option,
270          'CONTENT' => l10n($option)
271      ));
272}
273
274// Number of items
275$blockname = 'items_number_option';
276
277foreach ($items_number as $option)
278{
279  $selected = ($option == $page['items_number']) ? 'selected="selected"' : '';
280
281  $template->assign_block_vars(
282    $blockname,
283    array('SELECTED' => $selected,
284          'VALUE'=> $option,
285          'CONTENT' => is_numeric($option) ? $option : l10n($option)
286      ));
287}
288
289// +-----------------------------------------------------------------------+
290// |                            navigation bar                             |
291// +-----------------------------------------------------------------------+
292
293if (isset($_GET['start']) and is_numeric($_GET['start']))
294{
295  $start = $_GET['start'];
296}
297else
298{
299  $start = 0;
300}
301
302$query = '
303SELECT COUNT(DISTINCT(id))
304  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
305    INNER JOIN '.COMMENTS_TABLE.' AS com
306    ON ic.image_id = com.image_id
307  WHERE '.$since_options[$page['since']]['clause'].'
308    AND '.$page['cat_clause'].'
309    AND '.$page['author_clause'].'
310    AND '.$page['keyword_clause'].'
311    AND '.$page['status_clause'];
312if ($user['forbidden_categories'] != '')
313{
314  $query.= '
315    AND category_id NOT IN ('.$user['forbidden_categories'].')';
316}
317$query.= '
318;';
319list($counter) = mysql_fetch_row(pwg_query($query));
320
321$url = PHPWG_ROOT_PATH
322    .'comments.php'
323    .get_query_string_diff(array('start','delete','validate'));
324
325$navbar = create_navigation_bar($url,
326                                $counter,
327                                $start,
328                                $page['items_number'],
329                                '');
330
331$template->assign_vars(array('NAVBAR' => $navbar));
332
333// +-----------------------------------------------------------------------+
334// |                        last comments display                          |
335// +-----------------------------------------------------------------------+
336
337$comments = array();
338$element_ids = array();
339$category_ids = array();
340
341$query = '
342SELECT com.id AS comment_id
343     , com.image_id
344     , ic.category_id
345     , com.author
346     , com.date
347     , com.content
348     , com.id AS comment_id
349     , com.validated
350  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
351    INNER JOIN '.COMMENTS_TABLE.' AS com
352    ON ic.image_id = com.image_id
353  WHERE '.$since_options[$page['since']]['clause'].'
354    AND '.$page['cat_clause'].'
355    AND '.$page['author_clause'].'
356    AND '.$page['keyword_clause'].'
357    AND '.$page['status_clause'];
358if ($user['forbidden_categories'] != '')
359{
360  $query.= '
361    AND category_id NOT IN ('.$user['forbidden_categories'].')';
362}
363$query.= '
364  GROUP BY comment_id
365  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
366if ('all' != $page['items_number'])
367{
368  $query.= '
369  LIMIT '.$start.','.$page['items_number'];
370}
371$query.= '
372;';
373$result = pwg_query($query);
374while ($row = mysql_fetch_assoc($result))
375{
376  array_push($comments, $row);
377  array_push($element_ids, $row['image_id']);
378  array_push($category_ids, $row['category_id']);
379}
380
381if (count($comments) > 0)
382{
383  // retrieving element informations
384  $elements = array();
385  $query = '
386SELECT id, name, file, path, tn_ext
387  FROM '.IMAGES_TABLE.'
388  WHERE id IN ('.implode(',', $element_ids).')
389;';
390  $result = pwg_query($query);
391  while ($row = mysql_fetch_assoc($result))
392  {
393    $elements[$row['id']] = $row;
394  }
395
396  // retrieving category informations
397  $categories = array();
398  $query = '
399SELECT id, name, uppercats
400  FROM '.CATEGORIES_TABLE.'
401  WHERE id IN ('.implode(',', $category_ids).')
402;';
403  $result = pwg_query($query);
404  while ($row = mysql_fetch_assoc($result))
405  {
406    $categories[$row['id']] = $row;
407  }
408
409  foreach ($comments as $comment)
410  {
411    if (!empty($elements[$comment['image_id']]['name']))
412    {
413      $name=$elements[$comment['image_id']]['name'];
414    }
415    else
416    {
417      $name=get_name_from_file($elements[$comment['image_id']]['file']);
418    }
419
420    // source of the thumbnail picture
421    $thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
422
423    // link to the full size picture
424    $url = make_picture_url(
425            array(
426              'category' => $comment['category_id'],
427              'cat_name' => $categories[ $comment['category_id']] ['name'],
428              'image_id' => $comment['image_id'],
429              'image_file' => $elements[$comment['image_id']]['file'],
430            )
431          );
432
433    $author = $comment['author'];
434    if (empty($comment['author']))
435    {
436      $author = l10n('guest');
437    }
438
439    $template->assign_block_vars(
440      'comment',
441      array(
442        'U_PICTURE' => $url,
443        'TN_SRC' => $thumbnail_src,
444        'ALT' => $name,
445        'AUTHOR' => $author,
446        'DATE'=>format_date($comment['date'],'mysql_datetime',true),
447        'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
448        ));
449
450    if ( is_admin() )
451    {
452      $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate'));
453      $template->assign_block_vars(
454        'comment.action_delete',
455        array(
456          'U_DELETE' => add_url_params($url,
457                          array('delete'=>$comment['comment_id'])
458                         ),
459          ));
460      if ($comment['validated'] != 'true')
461      {
462        $template->assign_block_vars(
463          'comment.action_validate',
464          array(
465            'U_VALIDATE' => add_url_params($url,
466                            array('validate'=>$comment['comment_id'])
467                           ),
468            ));
469      }
470    }
471  }
472}
473// +-----------------------------------------------------------------------+
474// |                           html code display                           |
475// +-----------------------------------------------------------------------+
476$template->assign_block_vars('title',array());
477$template->parse('comments');
478include(PHPWG_ROOT_PATH.'include/page_tail.php');
479?>
Note: See TracBrowser for help on using the repository browser.