Context Navigation

source: trunk/comments.php @ 19286

Last change on this file since 19286 was 18995, checked in by mistic100, 11 years ago
feature:2786 Allow to edit website url in user comments + improve "user experience" on comment edition
Property svn:eol-style set to `LF`
File size: 17.1 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2012 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	// +-----------------------------------------------------------------------+
25	// \| initialization \|
26	// +-----------------------------------------------------------------------+
27	define('PHPWG_ROOT_PATH','./');
28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31	if (!$conf['activate_comments'])
32	{
33	page_not_found(null);
34	}
35
36	// +-----------------------------------------------------------------------+
37	// \| Check Access and exit when user status is not ok \|
38	// +-----------------------------------------------------------------------+
39	check_status(ACCESS_GUEST);
40
41	$sort_order = array(
42	'DESC' => l10n('descending'),
43	'ASC' => l10n('ascending')
44	);
45
46	// sort_by : database fields proposed for sorting comments list
47	$sort_by = array(
48	'date' => l10n('comment date'),
49	'image_id' => l10n('photo')
50	);
51
52	// items_number : list of number of items to display per page
53	$items_number = array(5,10,20,50,'all');
54
55	// since when display comments ?
56	//
57	$since_options = array(
58	1 => array('label' => l10n('today'),
59	'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
60	2 => array('label' => sprintf(l10n('last %d days'), 7),
61	'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
62	3 => array('label' => sprintf(l10n('last %d days'), 30),
63	'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
64	4 => array('label' => l10n('the beginning'),
65	'clause' => '1=1') // stupid but generic
66	);
67
68	trigger_action('loc_begin_comments');
69
70	if (!empty($_GET['since']) && is_numeric($_GET['since']))
71	{
72	$page['since'] = $_GET['since'];
73	}
74	else
75	{
76	$page['since'] = 4;
77	}
78
79	// on which field sorting
80	//
81	$page['sort_by'] = 'date';
82	// if the form was submitted, it overloads default behaviour
83	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
84	{
85	$page['sort_by'] = $_GET['sort_by'];
86	}
87
88	// order to sort
89	//
90	$page['sort_order'] = 'DESC';
91	// if the form was submitted, it overloads default behaviour
92	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
93	{
94	$page['sort_order'] = $_GET['sort_order'];
95	}
96
97	// number of items to display
98	//
99	$page['items_number'] = 10;
100	if (isset($_GET['items_number']))
101	{
102	$page['items_number'] = $_GET['items_number'];
103	}
104	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
105	{
106	$page['items_number'] = 10;
107	}
108
109	$page['where_clauses'] = array();
110
111	// which category to filter on ?
112	if (isset($_GET['cat']) and 0 != $_GET['cat'])
113	{
114	check_input_parameter('cat', $_GET, false, PATTERN_ID);
115
116	$category_ids = get_subcat_ids(array($_GET['cat']));
117	if (empty($category_ids))
118	{
119	$category_ids = array(-1);
120	}
121
122	$page['where_clauses'][] =
123	'category_id IN ('.implode(',', $category_ids).')';
124	}
125
126	// search a particular author
127	if (!empty($_GET['author']))
128	{
129	$page['where_clauses'][] =
130	'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
131	OR author = \''.$_GET['author'].'\'';
132	}
133
134	// search a specific comment (if you're coming directly from an admin
135	// notification email)
136	if (!empty($_GET['comment_id']))
137	{
138	check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
139
140	// currently, the $_GET['comment_id'] is only used by admins from email
141	// for management purpose (validate/delete)
142	if (!is_admin())
143	{
144	$login_url =
145	get_root_url().'identification.php?redirect='
146	.urlencode(urlencode($_SERVER['REQUEST_URI']))
147	;
148	redirect($login_url);
149	}
150
151	$page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
152	}
153
154	// search a substring among comments content
155	if (!empty($_GET['keyword']))
156	{
157	$page['where_clauses'][] =
158	'('.
159	implode(' AND ',
160	array_map(
161	create_function(
162	'$s',
163	'return "content LIKE \'%$s%\'";'
164	),
165	preg_split('/[\s,;]+/', $_GET['keyword'] )
166	)
167	).
168	')';
169	}
170
171	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
172
173	// which status to filter on ?
174	if ( !is_admin() )
175	{
176	$page['where_clauses'][] = 'validated=\'true\'';
177	}
178
179	$page['where_clauses'][] = get_sql_condition_FandF
180	(
181	array
182	(
183	'forbidden_categories' => 'category_id',
184	'visible_categories' => 'category_id',
185	'visible_images' => 'ic.image_id'
186	),
187	'', true
188	);
189
190	// +-----------------------------------------------------------------------+
191	// \| comments management \|
192	// +-----------------------------------------------------------------------+
193
194	$comment_id = null;
195	$action = null;
196
197	$actions = array('delete', 'validate', 'edit');
198	foreach ($actions as $loop_action)
199	{
200	if (isset($_GET[$loop_action]))
201	{
202	$action = $loop_action;
203	check_input_parameter($action, $_GET, false, PATTERN_ID);
204	$comment_id = $_GET[$action];
205	break;
206	}
207	}
208
209	if (isset($action))
210	{
211	$comment_author_id = get_comment_author_id($comment_id);
212
213	if (can_manage_comment($action, $comment_author_id))
214	{
215	$perform_redirect = false;
216
217	if ('delete' == $action)
218	{
219	check_pwg_token();
220	delete_user_comment($comment_id);
221	$perform_redirect = true;
222	}
223
224	if ('validate' == $action)
225	{
226	check_pwg_token();
227	validate_user_comment($comment_id);
228	$perform_redirect = true;
229	}
230
231	if ('edit' == $action)
232	{
233	if (!empty($_POST['content']))
234	{
235	check_pwg_token();
236	$comment_action = update_user_comment(
237	array(
238	'comment_id' => $_GET['edit'],
239	'image_id' => $_POST['image_id'],
240	'content' => $_POST['content'],
241	'website_url' => @$_POST['website_url'],
242	),
243	$_POST['key']
244	);
245
246	switch ($comment_action)
247	{
248	case 'moderate':
249	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
250	case 'validate':
251	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
252	$perform_redirect = true;
253	break;
254	case 'reject':
255	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
256	break;
257	default:
258	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
259	}
260	}
261
262	$edit_comment = $_GET['edit'];
263	}
264
265	if ($perform_redirect)
266	{
267	$redirect_url =
268	PHPWG_ROOT_PATH
269	.'comments.php'
270	.get_query_string_diff(array('delete','edit','validate','pwg_token'));
271
272	redirect($redirect_url);
273	}
274	}
275	}
276
277	// +-----------------------------------------------------------------------+
278	// \| page header and options \|
279	// +-----------------------------------------------------------------------+
280
281	$title= l10n('User comments');
282	$page['body_id'] = 'theCommentsPage';
283
284	$template->set_filenames(array('comments'=>'comments.tpl'));
285	$template->assign(
286	array(
287	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
288	'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
289	'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
290	)
291	);
292
293	// +-----------------------------------------------------------------------+
294	// \| form construction \|
295	// +-----------------------------------------------------------------------+
296
297	// Search in a particular category
298	$blockname = 'categories';
299
300	$query = '
301	SELECT id, name, uppercats, global_rank
302	FROM '.CATEGORIES_TABLE.'
303	'.get_sql_condition_FandF
304	(
305	array
306	(
307	'forbidden_categories' => 'id',
308	'visible_categories' => 'id'
309	),
310	'WHERE'
311	).'
312	;';
313	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
314
315	// Filter on recent comments...
316	$tpl_var=array();
317	foreach ($since_options as $id => $option)
318	{
319	$tpl_var[ $id ] = $option['label'];
320	}
321	$template->assign( 'since_options', $tpl_var);
322	$template->assign( 'since_options_selected', $page['since']);
323
324	// Sort by
325	$template->assign( 'sort_by_options', $sort_by);
326	$template->assign( 'sort_by_options_selected', $page['sort_by']);
327
328	// Sorting order
329	$template->assign( 'sort_order_options', $sort_order);
330	$template->assign( 'sort_order_options_selected', $page['sort_order']);
331
332
333	// Number of items
334	$blockname = 'items_number_option';
335	$tpl_var=array();
336	foreach ($items_number as $option)
337	{
338	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
339	}
340	$template->assign( 'item_number_options', $tpl_var);
341	$template->assign( 'item_number_options_selected', $page['items_number']);
342
343
344	// +-----------------------------------------------------------------------+
345	// \| navigation bar \|
346	// +-----------------------------------------------------------------------+
347
348	if (isset($_GET['start']) and is_numeric($_GET['start']))
349	{
350	$start = $_GET['start'];
351	}
352	else
353	{
354	$start = 0;
355	}
356
357	$query = '
358	SELECT COUNT(DISTINCT(com.id))
359	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
360	INNER JOIN '.COMMENTS_TABLE.' AS com
361	ON ic.image_id = com.image_id
362	LEFT JOIN '.USERS_TABLE.' As u
363	ON u.'.$conf['user_fields']['id'].' = com.author_id
364	WHERE '.implode('
365	AND ', $page['where_clauses']).'
366	;';
367	list($counter) = pwg_db_fetch_row(pwg_query($query));
368
369	$url = PHPWG_ROOT_PATH
370	.'comments.php'
371	.get_query_string_diff(array('start','delete','validate','pwg_token'));
372
373	$navbar = create_navigation_bar($url,
374	$counter,
375	$start,
376	$page['items_number'],
377	'');
378
379	$template->assign('navbar', $navbar);
380
381	$url_self = PHPWG_ROOT_PATH
382	.'comments.php'
383	.get_query_string_diff(array('edit','delete','validate','pwg_token'));
384
385	// +-----------------------------------------------------------------------+
386	// \| last comments display \|
387	// +-----------------------------------------------------------------------+
388
389	$comments = array();
390	$element_ids = array();
391	$category_ids = array();
392
393	$query = '
394	SELECT com.id AS comment_id,
395	com.image_id,
396	com.author,
397	com.author_id,
398	u.'.$conf['user_fields']['email'].' AS user_email,
399	com.email,
400	com.date,
401	com.website_url,
402	com.content,
403	com.validated
404	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
405	INNER JOIN '.COMMENTS_TABLE.' AS com
406	ON ic.image_id = com.image_id
407	LEFT JOIN '.USERS_TABLE.' As u
408	ON u.'.$conf['user_fields']['id'].' = com.author_id
409	WHERE '.implode('
410	AND ', $page['where_clauses']).'
411	GROUP BY comment_id,
412	com.image_id,
413	com.author,
414	com.author_id,
415	com.date,
416	com.content,
417	com.validated
418	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
419	if ('all' != $page['items_number'])
420	{
421	$query.= '
422	LIMIT '.$page['items_number'].' OFFSET '.$start;
423	}
424	$query.= '
425	;';
426	$result = pwg_query($query);
427	while ($row = pwg_db_fetch_assoc($result))
428	{
429	array_push($comments, $row);
430	array_push($element_ids, $row['image_id']);
431	}
432
433	if (count($comments) > 0)
434	{
435	// retrieving element informations
436	$elements = array();
437	$query = '
438	SELECT *
439	FROM '.IMAGES_TABLE.'
440	WHERE id IN ('.implode(',', $element_ids).')
441	;';
442	$result = pwg_query($query);
443	while ($row = pwg_db_fetch_assoc($result))
444	{
445	$elements[$row['id']] = $row;
446	}
447
448	// retrieving category informations
449	$query = '
450	SELECT c.id, name, permalink, uppercats, com.id as comment_id
451	FROM '.CATEGORIES_TABLE.' AS c
452	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
453	ON c.id=ic.category_id
454	LEFT JOIN '.COMMENTS_TABLE.' AS com
455	ON ic.image_id=com.image_id
456	'.get_sql_condition_FandF
457	(
458	array
459	(
460	'forbidden_categories' => 'c.id',
461	'visible_categories' => 'c.id'
462	),
463	'WHERE'
464	).'
465	;';
466	$categories = hash_from_query($query, 'comment_id');
467
468	foreach ($comments as $comment)
469	{
470	if (!empty($elements[$comment['image_id']]['name']))
471	{
472	$name=$elements[$comment['image_id']]['name'];
473	}
474	else
475	{
476	$name=get_name_from_file($elements[$comment['image_id']]['file']);
477	}
478
479	// source of the thumbnail picture
480	$src_image = new SrcImage($elements[$comment['image_id']]);
481
482	// link to the full size picture
483	$url = make_picture_url(
484	array(
485	'category' => $categories[ $comment['comment_id'] ],
486	'image_id' => $comment['image_id'],
487	'image_file' => $elements[$comment['image_id']]['file'],
488	)
489	);
490
491	$email = null;
492	if (!empty($comment['user_email']))
493	{
494	$email = $comment['user_email'];
495	}
496	else if (!empty($comment['email']))
497	{
498	$email = $comment['email'];
499	}
500
501	$tpl_comment = array(
502	'ID' => $comment['comment_id'],
503	'U_PICTURE' => $url,
504	'src_image' => $src_image,
505	'ALT' => $name,
506	'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
507	'WEBSITE_URL' => $comment['website_url'],
508	'DATE'=>format_date($comment['date'], true),
509	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
510	);
511
512	if (is_admin())
513	{
514	$tpl_comment['EMAIL'] = $email;
515	}
516
517	if (can_manage_comment('delete', $comment['author_id']))
518	{
519	$url =
520	get_root_url()
521	.'comments.php'
522	.get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
523
524	$tpl_comment['U_DELETE'] = add_url_params(
525	$url,
526	array(
527	'delete' => $comment['comment_id'],
528	'pwg_token' => get_pwg_token(),
529	)
530	);
531	}
532
533	if (can_manage_comment('edit', $comment['author_id']))
534	{
535	$url =
536	get_root_url()
537	.'comments.php'
538	.get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
539
540	$tpl_comment['U_EDIT'] = add_url_params(
541	$url,
542	array(
543	'edit' => $comment['comment_id']
544	)
545	);
546
547	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
548	{
549	$tpl_comment['IN_EDIT'] = true;
550	$key = get_ephemeral_key(2, $comment['image_id']);
551	$tpl_comment['KEY'] = $key;
552	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
553	$tpl_comment['CONTENT'] = $comment['content'];
554	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
555	$tpl_comment['U_CANCEL'] = $url_self;
556	}
557	}
558
559	if (can_manage_comment('validate', $comment['author_id']))
560	{
561	if ('true' != $comment['validated'])
562	{
563	$tpl_comment['U_VALIDATE'] = add_url_params(
564	$url,
565	array(
566	'validate'=> $comment['comment_id'],
567	'pwg_token' => get_pwg_token(),
568	)
569	);
570	}
571	}
572	$template->append('comments', $tpl_comment);
573	}
574	}
575
576	$derivative_params = trigger_event('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
577	$template->assign( 'derivative_params', $derivative_params );
578
579	// include menubar
580	$themeconf = $template->get_template_vars('themeconf');
581	if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
582	{
583	include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
584	}
585
586	// +-----------------------------------------------------------------------+
587	// \| html code display \|
588	// +-----------------------------------------------------------------------+
589	include(PHPWG_ROOT_PATH.'include/page_header.php');
590	trigger_action('loc_end_comments');
591	include(PHPWG_ROOT_PATH.'include/page_messages.php');
592	$template->pparse('comments');
593	include(PHPWG_ROOT_PATH.'include/page_tail.php');
594	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: