source: trunk/comments.php @ 19822

Last change on this file since 19822 was 19703, checked in by plg, 12 years ago

update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)

  • Property svn:eol-style set to LF
File size: 17.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27define('PHPWG_ROOT_PATH','./');
28include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31if (!$conf['activate_comments'])
32{
33  page_not_found(null);
34}
35
36// +-----------------------------------------------------------------------+
37// | Check Access and exit when user status is not ok                      |
38// +-----------------------------------------------------------------------+
39check_status(ACCESS_GUEST);
40
41$sort_order = array(
42  'DESC' => l10n('descending'),
43  'ASC'  => l10n('ascending')
44  );
45
46// sort_by : database fields proposed for sorting comments list
47$sort_by = array(
48  'date' => l10n('comment date'),
49  'image_id' => l10n('photo')
50  );
51
52// items_number : list of number of items to display per page
53$items_number = array(5,10,20,50,'all');
54
55// if the default value is not in the expected values, we add it in the $items_number array
56if (!in_array($conf['comments_page_nb_comments'], $items_number))
57{
58  $items_number_new = array();
59
60  $is_inserted = false;
61
62  foreach ($items_number as $number)
63  {
64    if ($number > $conf['comments_page_nb_comments'] or ($number == 'all' and !$is_inserted))
65    {
66      $items_number_new[] = $conf['comments_page_nb_comments'];
67      $is_inserted = true;
68    }
69   
70    $items_number_new[] = $number;
71  }
72
73  $items_number = $items_number_new;
74}
75
76// since when display comments ?
77//
78$since_options = array(
79  1 => array('label' => l10n('today'),
80             'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
81  2 => array('label' => sprintf(l10n('last %d days'), 7),
82             'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
83  3 => array('label' => sprintf(l10n('last %d days'), 30),
84             'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
85  4 => array('label' => l10n('the beginning'),
86             'clause' => '1=1') // stupid but generic
87  );
88 
89trigger_action('loc_begin_comments');
90
91if (!empty($_GET['since']) && is_numeric($_GET['since']))
92{
93  $page['since'] = $_GET['since'];
94}
95else
96{
97  $page['since'] = 4;
98}
99
100// on which field sorting
101//
102$page['sort_by'] = 'date';
103// if the form was submitted, it overloads default behaviour
104if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
105{
106  $page['sort_by'] = $_GET['sort_by'];
107}
108
109// order to sort
110//
111$page['sort_order'] = 'DESC';
112// if the form was submitted, it overloads default behaviour
113if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
114{
115  $page['sort_order'] = $_GET['sort_order'];
116}
117
118// number of items to display
119//
120$page['items_number'] = $conf['comments_page_nb_comments'];
121if (isset($_GET['items_number']))
122{
123  $page['items_number'] = $_GET['items_number'];
124}
125if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
126{
127  $page['items_number'] = 10;
128}
129
130$page['where_clauses'] = array();
131
132// which category to filter on ?
133if (isset($_GET['cat']) and 0 != $_GET['cat'])
134{
135  check_input_parameter('cat', $_GET, false, PATTERN_ID);
136
137  $category_ids = get_subcat_ids(array($_GET['cat']));
138  if (empty($category_ids))
139  {
140    $category_ids = array(-1);
141  }
142
143  $page['where_clauses'][] =
144    'category_id IN ('.implode(',', $category_ids).')';
145}
146
147// search a particular author
148if (!empty($_GET['author']))
149{
150  $page['where_clauses'][] =
151    'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
152     OR author = \''.$_GET['author'].'\'';
153}
154
155// search a specific comment (if you're coming directly from an admin
156// notification email)
157if (!empty($_GET['comment_id']))
158{
159  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
160
161  // currently, the $_GET['comment_id'] is only used by admins from email
162  // for management purpose (validate/delete)
163  if (!is_admin())
164  {
165    $login_url =
166      get_root_url().'identification.php?redirect='
167      .urlencode(urlencode($_SERVER['REQUEST_URI']))
168      ;
169    redirect($login_url);
170  }
171
172  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
173}
174
175// search a substring among comments content
176if (!empty($_GET['keyword']))
177{
178  $page['where_clauses'][] =
179    '('.
180    implode(' AND ',
181            array_map(
182              create_function(
183                '$s',
184                'return "content LIKE \'%$s%\'";'
185                ),
186              preg_split('/[\s,;]+/', $_GET['keyword'] )
187              )
188      ).
189    ')';
190}
191
192$page['where_clauses'][] = $since_options[$page['since']]['clause'];
193
194// which status to filter on ?
195if ( !is_admin() )
196{
197  $page['where_clauses'][] = 'validated=\'true\'';
198}
199
200$page['where_clauses'][] = get_sql_condition_FandF
201  (
202    array
203      (
204        'forbidden_categories' => 'category_id',
205        'visible_categories' => 'category_id',
206        'visible_images' => 'ic.image_id'
207      ),
208    '', true
209  );
210
211// +-----------------------------------------------------------------------+
212// |                         comments management                           |
213// +-----------------------------------------------------------------------+
214
215$comment_id = null;
216$action = null;
217
218$actions = array('delete', 'validate', 'edit');
219foreach ($actions as $loop_action)
220{
221  if (isset($_GET[$loop_action]))
222  {
223    $action = $loop_action;
224    check_input_parameter($action, $_GET, false, PATTERN_ID);
225    $comment_id = $_GET[$action];
226    break;
227  }
228}
229
230if (isset($action))
231{
232  $comment_author_id = get_comment_author_id($comment_id);
233
234  if (can_manage_comment($action, $comment_author_id))
235  {
236    $perform_redirect = false;
237
238    if ('delete' == $action)
239    {
240      check_pwg_token();
241      delete_user_comment($comment_id);
242      $perform_redirect = true;
243    }
244
245    if ('validate' == $action)
246    {
247      check_pwg_token();
248      validate_user_comment($comment_id);
249      $perform_redirect = true;
250    }
251
252    if ('edit' == $action)
253    {
254      if (!empty($_POST['content']))
255      {
256        check_pwg_token();
257        $comment_action = update_user_comment(
258          array(
259            'comment_id' => $_GET['edit'],
260            'image_id' => $_POST['image_id'],
261            'content' => $_POST['content'],
262            'website_url' => @$_POST['website_url'],
263            ),
264          $_POST['key']
265          );
266       
267        switch ($comment_action)
268        {
269          case 'moderate':
270            $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
271          case 'validate':
272            $_SESSION['page_infos'][] = l10n('Your comment has been registered');
273            $perform_redirect = true;
274            break;
275          case 'reject':
276            $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
277            break;
278          default:
279            trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
280        }
281      }
282     
283      $edit_comment = $_GET['edit'];
284    }
285
286    if ($perform_redirect)
287    {
288      $redirect_url =
289        PHPWG_ROOT_PATH
290        .'comments.php'
291        .get_query_string_diff(array('delete','edit','validate','pwg_token'));
292
293      redirect($redirect_url);
294    }
295  }
296}
297
298// +-----------------------------------------------------------------------+
299// |                       page header and options                         |
300// +-----------------------------------------------------------------------+
301
302$title= l10n('User comments');
303$page['body_id'] = 'theCommentsPage';
304
305$template->set_filenames(array('comments'=>'comments.tpl'));
306$template->assign(
307  array(
308    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
309    'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
310    'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
311    )
312  );
313
314// +-----------------------------------------------------------------------+
315// |                          form construction                            |
316// +-----------------------------------------------------------------------+
317
318// Search in a particular category
319$blockname = 'categories';
320
321$query = '
322SELECT id, name, uppercats, global_rank
323  FROM '.CATEGORIES_TABLE.'
324'.get_sql_condition_FandF
325  (
326    array
327      (
328        'forbidden_categories' => 'id',
329        'visible_categories' => 'id'
330      ),
331    'WHERE'
332  ).'
333;';
334display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
335
336// Filter on recent comments...
337$tpl_var=array();
338foreach ($since_options as $id => $option)
339{
340  $tpl_var[ $id ] = $option['label'];
341}
342$template->assign( 'since_options', $tpl_var);
343$template->assign( 'since_options_selected', $page['since']);
344
345// Sort by
346$template->assign( 'sort_by_options', $sort_by);
347$template->assign( 'sort_by_options_selected', $page['sort_by']);
348
349// Sorting order
350$template->assign( 'sort_order_options', $sort_order);
351$template->assign( 'sort_order_options_selected', $page['sort_order']);
352
353
354// Number of items
355$blockname = 'items_number_option';
356$tpl_var=array();
357foreach ($items_number as $option)
358{
359  $tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
360}
361$template->assign( 'item_number_options', $tpl_var);
362$template->assign( 'item_number_options_selected', $page['items_number']);
363
364
365// +-----------------------------------------------------------------------+
366// |                            navigation bar                             |
367// +-----------------------------------------------------------------------+
368
369if (isset($_GET['start']) and is_numeric($_GET['start']))
370{
371  $start = $_GET['start'];
372}
373else
374{
375  $start = 0;
376}
377
378$query = '
379SELECT COUNT(DISTINCT(com.id))
380  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
381    INNER JOIN '.COMMENTS_TABLE.' AS com
382    ON ic.image_id = com.image_id
383    LEFT JOIN '.USERS_TABLE.' As u
384    ON u.'.$conf['user_fields']['id'].' = com.author_id
385  WHERE '.implode('
386    AND ', $page['where_clauses']).'
387;';
388list($counter) = pwg_db_fetch_row(pwg_query($query));
389
390$url = PHPWG_ROOT_PATH
391    .'comments.php'
392  .get_query_string_diff(array('start','delete','validate','pwg_token'));
393
394$navbar = create_navigation_bar($url,
395                                $counter,
396                                $start,
397                                $page['items_number'],
398                                '');
399
400$template->assign('navbar', $navbar);
401
402$url_self = PHPWG_ROOT_PATH
403    .'comments.php'
404  .get_query_string_diff(array('edit','delete','validate','pwg_token'));
405
406// +-----------------------------------------------------------------------+
407// |                        last comments display                          |
408// +-----------------------------------------------------------------------+
409
410$comments = array();
411$element_ids = array();
412$category_ids = array();
413
414$query = '
415SELECT com.id AS comment_id,
416       com.image_id,
417       com.author,
418       com.author_id,
419       u.'.$conf['user_fields']['email'].' AS user_email,
420       com.email,
421       com.date,
422       com.website_url,
423       com.content,
424       com.validated
425  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
426    INNER JOIN '.COMMENTS_TABLE.' AS com
427    ON ic.image_id = com.image_id
428    LEFT JOIN '.USERS_TABLE.' As u
429    ON u.'.$conf['user_fields']['id'].' = com.author_id
430  WHERE '.implode('
431    AND ', $page['where_clauses']).'
432  GROUP BY comment_id,
433       com.image_id,
434       com.author,
435       com.author_id,
436       com.date,
437       com.content,
438       com.validated
439  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
440if ('all' != $page['items_number'])
441{
442  $query.= '
443  LIMIT '.$page['items_number'].' OFFSET '.$start;
444}
445$query.= '
446;';
447$result = pwg_query($query);
448while ($row = pwg_db_fetch_assoc($result))
449{
450  array_push($comments, $row);
451  array_push($element_ids, $row['image_id']);
452}
453
454if (count($comments) > 0)
455{
456  // retrieving element informations
457  $elements = array();
458  $query = '
459SELECT *
460  FROM '.IMAGES_TABLE.'
461  WHERE id IN ('.implode(',', $element_ids).')
462;';
463  $result = pwg_query($query);
464  while ($row = pwg_db_fetch_assoc($result))
465  {
466    $elements[$row['id']] = $row;
467  }
468
469  // retrieving category informations
470  $query = '
471SELECT c.id, name, permalink, uppercats, com.id as comment_id
472  FROM '.CATEGORIES_TABLE.' AS c
473  LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
474  ON c.id=ic.category_id
475  LEFT JOIN '.COMMENTS_TABLE.' AS com
476  ON ic.image_id=com.image_id
477  '.get_sql_condition_FandF
478    (
479      array
480      (
481        'forbidden_categories' => 'c.id',
482        'visible_categories' => 'c.id'
483       ),
484      'WHERE'
485     ).'
486;';
487  $categories = hash_from_query($query, 'comment_id');
488
489  foreach ($comments as $comment)
490  {
491    if (!empty($elements[$comment['image_id']]['name']))
492    {
493      $name=$elements[$comment['image_id']]['name'];
494    }
495    else
496    {
497      $name=get_name_from_file($elements[$comment['image_id']]['file']);
498    }
499
500    // source of the thumbnail picture
501    $src_image = new SrcImage($elements[$comment['image_id']]);
502
503    // link to the full size picture
504    $url = make_picture_url(
505      array(
506        'category' => $categories[ $comment['comment_id'] ],
507        'image_id' => $comment['image_id'],
508        'image_file' => $elements[$comment['image_id']]['file'],
509        )
510      );
511     
512    $email = null;
513    if (!empty($comment['user_email']))
514    {
515      $email = $comment['user_email'];
516    }
517    else if (!empty($comment['email']))
518    {
519      $email = $comment['email'];
520    }
521
522    $tpl_comment = array(
523      'ID' => $comment['comment_id'],
524      'U_PICTURE' => $url,
525      'src_image' => $src_image,
526      'ALT' => $name,
527      'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
528      'WEBSITE_URL' => $comment['website_url'],
529      'DATE'=>format_date($comment['date'], true),
530      'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
531      );
532     
533    if (is_admin())
534    {
535      $tpl_comment['EMAIL'] = $email;
536    }
537
538    if (can_manage_comment('delete', $comment['author_id']))
539    {
540      $url =
541        get_root_url()
542        .'comments.php'
543        .get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
544
545      $tpl_comment['U_DELETE'] = add_url_params(
546        $url,
547        array(
548          'delete' => $comment['comment_id'],
549          'pwg_token' => get_pwg_token(),
550          )
551        );
552    }
553
554    if (can_manage_comment('edit', $comment['author_id']))
555    {
556      $url =
557        get_root_url()
558        .'comments.php'
559        .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
560
561      $tpl_comment['U_EDIT'] = add_url_params(
562        $url,
563        array(
564          'edit' => $comment['comment_id']
565          )
566        );
567
568      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
569      {
570        $tpl_comment['IN_EDIT'] = true;
571        $key = get_ephemeral_key(2, $comment['image_id']);
572        $tpl_comment['KEY'] = $key;
573        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
574        $tpl_comment['CONTENT'] = $comment['content'];
575        $tpl_comment['PWG_TOKEN'] = get_pwg_token();
576        $tpl_comment['U_CANCEL'] = $url_self;
577      }
578    }
579
580    if (can_manage_comment('validate', $comment['author_id']))
581    {
582      if ('true' != $comment['validated'])
583      {
584        $tpl_comment['U_VALIDATE'] = add_url_params(
585          $url,
586          array(
587            'validate'=> $comment['comment_id'],
588            'pwg_token' => get_pwg_token(),
589            )
590          );
591      }
592    }
593    $template->append('comments', $tpl_comment);
594  }
595}
596
597$derivative_params = trigger_event('get_comments_derivative_params', ImageStdParams::get_by_type(IMG_THUMB) );
598$template->assign( 'derivative_params', $derivative_params );
599
600// include menubar
601$themeconf = $template->get_template_vars('themeconf');
602if (!isset($themeconf['hide_menu_on']) OR !in_array('theCommentsPage', $themeconf['hide_menu_on']))
603{
604  include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
605}
606
607// +-----------------------------------------------------------------------+
608// |                           html code display                           |
609// +-----------------------------------------------------------------------+
610include(PHPWG_ROOT_PATH.'include/page_header.php');
611trigger_action('loc_end_comments');
612include(PHPWG_ROOT_PATH.'include/page_messages.php');
613$template->pparse('comments');
614include(PHPWG_ROOT_PATH.'include/page_tail.php');
615?>
Note: See TracBrowser for help on using the repository browser.