Context Navigation

source: trunk/comments.php @ 3450

Last change on this file since 3450 was 3450, checked in by nikrou, 15 years ago
Feature 1026 step 2 : add author_id column so that guest cannot modify old users comments
Property svn:eol-style set to `LF`
File size: 13.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	// +-----------------------------------------------------------------------+
25	// \| initialization \|
26	// +-----------------------------------------------------------------------+
27	define('PHPWG_ROOT_PATH','./');
28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31	// +-----------------------------------------------------------------------+
32	// \| Check Access and exit when user status is not ok \|
33	// +-----------------------------------------------------------------------+
34	check_status(ACCESS_GUEST);
35
36	$sort_order = array(
37	'DESC' => l10n('descending'),
38	'ASC' => l10n('ascending')
39	);
40
41	// sort_by : database fields proposed for sorting comments list
42	$sort_by = array(
43	'date' => l10n('comment date'),
44	'image_id' => l10n('picture')
45	);
46
47	// items_number : list of number of items to display per page
48	$items_number = array(5,10,20,50,'all');
49
50	// since when display comments ?
51	//
52	$since_options = array(
53	1 => array('label' => l10n('today'),
54	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
55	2 => array('label' => sprintf(l10n('last %d days'), 7),
56	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
57	3 => array('label' => sprintf(l10n('last %d days'), 30),
58	'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
59	4 => array('label' => l10n('the beginning'),
60	'clause' => '1=1') // stupid but generic
61	);
62
63	$page['since'] = isset($_GET['since']) ? $_GET['since'] : 4;
64
65	// on which field sorting
66	//
67	$page['sort_by'] = 'date';
68	// if the form was submitted, it overloads default behaviour
69	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
70	{
71	$page['sort_by'] = $_GET['sort_by'];
72	}
73
74	// order to sort
75	//
76	$page['sort_order'] = 'DESC';
77	// if the form was submitted, it overloads default behaviour
78	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
79	{
80	$page['sort_order'] = $_GET['sort_order'];
81	}
82
83	// number of items to display
84	//
85	$page['items_number'] = 10;
86	if (isset($_GET['items_number']))
87	{
88	$page['items_number'] = $_GET['items_number'];
89	}
90
91	$page['where_clauses'] = array();
92
93	// which category to filter on ?
94	if (isset($_GET['cat']) and 0 != $_GET['cat'])
95	{
96	$page['where_clauses'][] =
97	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
98	}
99
100	// search a particular author
101	if (isset($_GET['author']) and !empty($_GET['author']))
102	{
103	$page['where_clauses'][] =
104	'u.username = \''.addslashes($_GET['author']).'\'
105	OR author = \''.addslashes($_GET['author']).'\'';
106	}
107
108	// search a substring among comments content
109	if (isset($_GET['keyword']) and !empty($_GET['keyword']))
110	{
111	$page['where_clauses'][] =
112	'('.
113	implode(' AND ',
114	array_map(
115	create_function(
116	'$s',
117	'return "content LIKE \'%$s%\'";'
118	),
119	preg_split('/[\s,;]+/', $_GET['keyword'] )
120	)
121	).
122	')';
123	}
124
125	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
126
127	// which status to filter on ?
128	if ( !is_admin() )
129	{
130	$page['where_clauses'][] = 'validated="true"';
131	}
132
133	$page['where_clauses'][] = get_sql_condition_FandF
134	(
135	array
136	(
137	'forbidden_categories' => 'category_id',
138	'visible_categories' => 'category_id',
139	'visible_images' => 'ic.image_id'
140	),
141	'', true
142	);
143
144	// +-----------------------------------------------------------------------+
145	// \| comments management \|
146	// +-----------------------------------------------------------------------+
147	if (isset($_GET['delete']) and is_numeric($_GET['delete'])
148	and (is_admin() \|\| $conf['user_can_delete_comment']))
149	{// comments deletion
150	delete_user_comment($_GET['delete']);
151	}
152
153	if (isset($_GET['validate']) and is_numeric($_GET['validate'])
154	and !is_adviser() )
155	{ // comments validation
156	check_status(ACCESS_ADMINISTRATOR);
157	$query = '
158	UPDATE '.COMMENTS_TABLE.'
159	SET validated = \'true\'
160	, validation_date = NOW()
161	WHERE id='.$_GET['validate'].'
162	;';
163	pwg_query($query);
164	}
165
166	if (isset($_GET['edit']) and is_numeric($_GET['edit'])
167	and (is_admin() \|\| $conf['user_can_edit_comment']))
168	{
169	if (!empty($_POST['content']))
170	{
171	update_user_comment(array('comment_id' => $_GET['edit'],
172	'image_id' => $_POST['image_id'],
173	'content' => $_POST['content']),
174	$_POST['key']
175	);
176
177	$edit_comment = null;
178	}
179	else
180	{
181	$edit_comment = $_GET['edit'];
182	}
183	}
184
185	// +-----------------------------------------------------------------------+
186	// \| page header and options \|
187	// +-----------------------------------------------------------------------+
188
189	$title= l10n('User comments');
190	$page['body_id'] = 'theCommentsPage';
191
192	$template->set_filenames(array('comments'=>'comments.tpl'));
193	$template->assign(
194	array(
195	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
196	'F_KEYWORD'=>@htmlspecialchars(stripslashes($_GET['keyword'])),
197	'F_AUTHOR'=>@htmlspecialchars(stripslashes($_GET['author'])),
198	)
199	);
200
201	// +-----------------------------------------------------------------------+
202	// \| form construction \|
203	// +-----------------------------------------------------------------------+
204
205	// Search in a particular category
206	$blockname = 'categories';
207
208	$query = '
209	SELECT id, name, uppercats, global_rank
210	FROM '.CATEGORIES_TABLE.'
211	'.get_sql_condition_FandF
212	(
213	array
214	(
215	'forbidden_categories' => 'id',
216	'visible_categories' => 'id'
217	),
218	'WHERE'
219	).'
220	;';
221	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
222
223	// Filter on recent comments...
224	$tpl_var=array();
225	foreach ($since_options as $id => $option)
226	{
227	$tpl_var[ $id ] = $option['label'];
228	}
229	$template->assign( 'since_options', $tpl_var);
230	$template->assign( 'since_options_selected', $page['since']);
231
232	// Sort by
233	$template->assign( 'sort_by_options', $sort_by);
234	$template->assign( 'sort_by_options_selected', $page['sort_by']);
235
236	// Sorting order
237	$template->assign( 'sort_order_options', $sort_order);
238	$template->assign( 'sort_order_options_selected', $page['sort_order']);
239
240
241	// Number of items
242	$blockname = 'items_number_option';
243	$tpl_var=array();
244	foreach ($items_number as $option)
245	{
246	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
247	}
248	$template->assign( 'item_number_options', $tpl_var);
249	$template->assign( 'item_number_options_selected', $page['items_number']);
250
251
252	// +-----------------------------------------------------------------------+
253	// \| navigation bar \|
254	// +-----------------------------------------------------------------------+
255
256	if (isset($_GET['start']) and is_numeric($_GET['start']))
257	{
258	$start = $_GET['start'];
259	}
260	else
261	{
262	$start = 0;
263	}
264
265	$query = '
266	SELECT COUNT(DISTINCT(com.id))
267	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
268	INNER JOIN '.COMMENTS_TABLE.' AS com
269	ON ic.image_id = com.image_id
270	LEFT JOIN '.USERS_TABLE.' As u
271	ON u.id = com.author_id
272	WHERE '.implode('
273	AND ', $page['where_clauses']).'
274	;';
275	list($counter) = mysql_fetch_row(pwg_query($query));
276
277	$url = PHPWG_ROOT_PATH
278	.'comments.php'
279	.get_query_string_diff(array('start','delete','validate'));
280
281	$navbar = create_navigation_bar($url,
282	$counter,
283	$start,
284	$page['items_number'],
285	'');
286
287	$template->assign('navbar', $navbar);
288
289	// +-----------------------------------------------------------------------+
290	// \| last comments display \|
291	// +-----------------------------------------------------------------------+
292
293	$comments = array();
294	$element_ids = array();
295	$category_ids = array();
296
297	$query = '
298	SELECT com.id AS comment_id
299	, com.image_id
300	, ic.category_id
301	, com.author
302	, com.author_id
303	, username
304	, com.date
305	, com.content
306	, com.validated
307	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
308	INNER JOIN '.COMMENTS_TABLE.' AS com
309	ON ic.image_id = com.image_id
310	LEFT JOIN '.USERS_TABLE.' AS u
311	ON u.id = com.author_id
312	WHERE '.implode('
313	AND ', $page['where_clauses']).'
314	GROUP BY comment_id
315	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
316	if ('all' != $page['items_number'])
317	{
318	$query.= '
319	LIMIT '.$start.','.$page['items_number'];
320	}
321	$query.= '
322	;';
323	$result = pwg_query($query);
324	while ($row = mysql_fetch_assoc($result))
325	{
326	array_push($comments, $row);
327	array_push($element_ids, $row['image_id']);
328	array_push($category_ids, $row['category_id']);
329	}
330
331	if (count($comments) > 0)
332	{
333	// retrieving element informations
334	$elements = array();
335	$query = '
336	SELECT id, name, file, path, tn_ext
337	FROM '.IMAGES_TABLE.'
338	WHERE id IN ('.implode(',', $element_ids).')
339	;';
340	$result = pwg_query($query);
341	while ($row = mysql_fetch_assoc($result))
342	{
343	$elements[$row['id']] = $row;
344	}
345
346	// retrieving category informations
347	$query = '
348	SELECT id, name, permalink, uppercats
349	FROM '.CATEGORIES_TABLE.'
350	WHERE id IN ('.implode(',', $category_ids).')
351	;';
352	$categories = hash_from_query($query, 'id');
353
354	foreach ($comments as $comment)
355	{
356	if (!empty($elements[$comment['image_id']]['name']))
357	{
358	$name=$elements[$comment['image_id']]['name'];
359	}
360	else
361	{
362	$name=get_name_from_file($elements[$comment['image_id']]['file']);
363	}
364
365	// source of the thumbnail picture
366	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
367
368	// link to the full size picture
369	$url = make_picture_url(
370	array(
371	'category' => $categories[ $comment['category_id'] ],
372	'image_id' => $comment['image_id'],
373	'image_file' => $elements[$comment['image_id']]['file'],
374	)
375	);
376
377	if (!empty($comment['author']))
378	{
379	$author = $comment['author'];
380	if ($author == 'guest')
381	{
382	$author = l10n('guest');
383	}
384	}
385	else
386	{
387	$author = $comment['username'];
388	}
389
390	$tpl_comment =
391	array(
392	'U_PICTURE' => $url,
393	'TN_SRC' => $thumbnail_src,
394	'ALT' => $name,
395	'AUTHOR' => trigger_event('render_comment_author', $author),
396	'DATE'=>format_date($comment['date'], true),
397	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
398	);
399
400	if (can_manage_comment('delete', $comment['author_id']))
401	{
402	$url = get_root_url().'comments.php'
403	.get_query_string_diff(array('delete','validate','edit'));
404	$tpl_comment['U_DELETE'] =
405	add_url_params($url,
406	array('delete'=>$comment['comment_id'])
407	);
408	}
409	if (can_manage_comment('edit', $comment['author_id']))
410	{
411	$url = get_root_url().'comments.php'
412	.get_query_string_diff(array('edit', 'delete','validate'));
413	$tpl_comment['U_EDIT'] =
414	add_url_params($url,
415	array('edit'=>$comment['comment_id'])
416	);
417	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
418	{
419	$tpl_comment['IN_EDIT'] = true;
420	$key = get_comment_post_key($comment['image_id']);
421	$tpl_comment['KEY'] = $key;
422	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
423	$tpl_comment['CONTENT'] = $comment['content'];
424	}
425	}
426
427	if ( is_admin() && $comment['validated'] != 'true')
428	{
429	$tpl_comment['U_VALIDATE'] =
430	add_url_params($url,
431	array('validate'=>$comment['comment_id'])
432	);
433	}
434	$template->append('comments', $tpl_comment);
435	}
436	}
437	// +-----------------------------------------------------------------------+
438	// \| html code display \|
439	// +-----------------------------------------------------------------------+
440	include(PHPWG_ROOT_PATH.'include/page_header.php');
441	$template->pparse('comments');
442	include(PHPWG_ROOT_PATH.'include/page_tail.php');
443	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: