Context Navigation

source: trunk/comments.php @ 6601

Last change on this file since 6601 was 6601, checked in by nikrou, 14 years ago
Bug 1735 fixed : amend commit 6596 Need to add permissions filter to retrieve categories
Property svn:eol-style set to `LF`
File size: 15.0 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	// +-----------------------------------------------------------------------+
25	// \| initialization \|
26	// +-----------------------------------------------------------------------+
27	define('PHPWG_ROOT_PATH','./');
28	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
29	include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
30
31	// +-----------------------------------------------------------------------+
32	// \| Check Access and exit when user status is not ok \|
33	// +-----------------------------------------------------------------------+
34	check_status(ACCESS_GUEST);
35
36	$sort_order = array(
37	'DESC' => l10n('descending'),
38	'ASC' => l10n('ascending')
39	);
40
41	// sort_by : database fields proposed for sorting comments list
42	$sort_by = array(
43	'date' => l10n('comment date'),
44	'image_id' => l10n('picture')
45	);
46
47	// items_number : list of number of items to display per page
48	$items_number = array(5,10,20,50,'all');
49
50	// since when display comments ?
51	//
52	$since_options = array(
53	1 => array('label' => l10n('today'),
54	'clause' => 'date > '.pwg_db_get_recent_period_expression(1)),
55	2 => array('label' => sprintf(l10n('last %d days'), 7),
56	'clause' => 'date > '.pwg_db_get_recent_period_expression(7)),
57	3 => array('label' => sprintf(l10n('last %d days'), 30),
58	'clause' => 'date > '.pwg_db_get_recent_period_expression(30)),
59	4 => array('label' => l10n('the beginning'),
60	'clause' => '1=1') // stupid but generic
61	);
62
63	if (!empty($_GET['since']) && is_numeric($_GET['since']))
64	{
65	$page['since'] = $_GET['since'];
66	}
67	else
68	{
69	$page['since'] = 4;
70	}
71
72	// on which field sorting
73	//
74	$page['sort_by'] = 'date';
75	// if the form was submitted, it overloads default behaviour
76	if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
77	{
78	$page['sort_by'] = $_GET['sort_by'];
79	}
80
81	// order to sort
82	//
83	$page['sort_order'] = 'DESC';
84	// if the form was submitted, it overloads default behaviour
85	if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
86	{
87	$page['sort_order'] = $_GET['sort_order'];
88	}
89
90	// number of items to display
91	//
92	$page['items_number'] = 10;
93	if (isset($_GET['items_number']))
94	{
95	$page['items_number'] = $_GET['items_number'];
96	}
97	if ( !is_numeric($page['items_number']) and $page['items_number']!='all' )
98	{
99	$page['items_number'] = 10;
100	}
101
102	$page['where_clauses'] = array();
103
104	// which category to filter on ?
105	if (isset($_GET['cat']) and 0 != $_GET['cat'])
106	{
107	$page['where_clauses'][] =
108	'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
109	}
110
111	// search a particular author
112	if (!empty($_GET['author']))
113	{
114	$page['where_clauses'][] =
115	'u.'.$conf['user_fields']['username'].' = \''.$_GET['author'].'\'
116	OR author = \''.$_GET['author'].'\'';
117	}
118
119	// search a specific comment (if you're coming directly from an admin
120	// notification email)
121	if (!empty($_GET['comment_id']))
122	{
123	check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
124
125	// currently, the $_GET['comment_id'] is only used by admins from email
126	// for management purpose (validate/delete)
127	if (!is_admin())
128	{
129	$login_url =
130	get_root_url().'identification.php?redirect='
131	.urlencode(urlencode($_SERVER['REQUEST_URI']))
132	;
133	redirect($login_url);
134	}
135
136	$page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
137	}
138
139	// search a substring among comments content
140	if (!empty($_GET['keyword']))
141	{
142	$page['where_clauses'][] =
143	'('.
144	implode(' AND ',
145	array_map(
146	create_function(
147	'$s',
148	'return "content LIKE \'%$s%\'";'
149	),
150	preg_split('/[\s,;]+/', $_GET['keyword'] )
151	)
152	).
153	')';
154	}
155
156	$page['where_clauses'][] = $since_options[$page['since']]['clause'];
157
158	// which status to filter on ?
159	if ( !is_admin() )
160	{
161	$page['where_clauses'][] = 'validated=\'true\'';
162	}
163
164	$page['where_clauses'][] = get_sql_condition_FandF
165	(
166	array
167	(
168	'forbidden_categories' => 'category_id',
169	'visible_categories' => 'category_id',
170	'visible_images' => 'ic.image_id'
171	),
172	'', true
173	);
174
175	// +-----------------------------------------------------------------------+
176	// \| comments management \|
177	// +-----------------------------------------------------------------------+
178
179	$comment_id = null;
180	$action = null;
181
182	$actions = array('delete', 'validate', 'edit');
183	foreach ($actions as $loop_action)
184	{
185	if (isset($_GET[$loop_action]))
186	{
187	$action = $loop_action;
188	check_input_parameter($action, $_GET, false, PATTERN_ID);
189	$comment_id = $_GET[$action];
190	break;
191	}
192	}
193
194	if (isset($action))
195	{
196	check_pwg_token();
197
198	$comment_author_id = get_comment_author_id($comment_id);
199
200	if (can_manage_comment($action, $comment_author_id))
201	{
202	$perform_redirect = false;
203
204	if ('delete' == $action)
205	{
206	delete_user_comment($comment_id);
207	$perform_redirect = true;
208	}
209
210	if ('validate' == $action)
211	{
212	validate_user_comment($comment_id);
213	$perform_redirect = true;
214	}
215
216	if ('edit' == $action)
217	{
218	if (!empty($_POST['content']))
219	{
220	update_user_comment(
221	array(
222	'comment_id' => $_GET['edit'],
223	'image_id' => $_POST['image_id'],
224	'content' => $_POST['content']
225	),
226	$_POST['key']
227	);
228
229	$edit_comment = null;
230	}
231	else
232	{
233	$edit_comment = $_GET['edit'];
234	}
235	}
236
237	if ($perform_redirect)
238	{
239	$redirect_url =
240	PHPWG_ROOT_PATH
241	.'comments.php'
242	.get_query_string_diff(array('delete','validate','pwg_token'));
243
244	redirect($redirect_url);
245	}
246	}
247	}
248
249	// +-----------------------------------------------------------------------+
250	// \| page header and options \|
251	// +-----------------------------------------------------------------------+
252
253	$title= l10n('User comments');
254	$page['body_id'] = 'theCommentsPage';
255
256	$template->set_filenames(array('comments'=>'comments.tpl'));
257	$template->assign(
258	array(
259	'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
260	'F_KEYWORD'=> @htmlspecialchars(stripslashes($_GET['keyword'], ENT_QUOTES, 'utf-8')),
261	'F_AUTHOR'=> @htmlspecialchars(stripslashes($_GET['author'], ENT_QUOTES, 'utf-8')),
262	)
263	);
264
265	// +-----------------------------------------------------------------------+
266	// \| form construction \|
267	// +-----------------------------------------------------------------------+
268
269	// Search in a particular category
270	$blockname = 'categories';
271
272	$query = '
273	SELECT id, name, uppercats, global_rank
274	FROM '.CATEGORIES_TABLE.'
275	'.get_sql_condition_FandF
276	(
277	array
278	(
279	'forbidden_categories' => 'id',
280	'visible_categories' => 'id'
281	),
282	'WHERE'
283	).'
284	;';
285	display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
286
287	// Filter on recent comments...
288	$tpl_var=array();
289	foreach ($since_options as $id => $option)
290	{
291	$tpl_var[ $id ] = $option['label'];
292	}
293	$template->assign( 'since_options', $tpl_var);
294	$template->assign( 'since_options_selected', $page['since']);
295
296	// Sort by
297	$template->assign( 'sort_by_options', $sort_by);
298	$template->assign( 'sort_by_options_selected', $page['sort_by']);
299
300	// Sorting order
301	$template->assign( 'sort_order_options', $sort_order);
302	$template->assign( 'sort_order_options_selected', $page['sort_order']);
303
304
305	// Number of items
306	$blockname = 'items_number_option';
307	$tpl_var=array();
308	foreach ($items_number as $option)
309	{
310	$tpl_var[ $option ] = is_numeric($option) ? $option : l10n($option);
311	}
312	$template->assign( 'item_number_options', $tpl_var);
313	$template->assign( 'item_number_options_selected', $page['items_number']);
314
315
316	// +-----------------------------------------------------------------------+
317	// \| navigation bar \|
318	// +-----------------------------------------------------------------------+
319
320	if (isset($_GET['start']) and is_numeric($_GET['start']))
321	{
322	$start = $_GET['start'];
323	}
324	else
325	{
326	$start = 0;
327	}
328
329	$query = '
330	SELECT COUNT(DISTINCT(com.id))
331	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
332	INNER JOIN '.COMMENTS_TABLE.' AS com
333	ON ic.image_id = com.image_id
334	LEFT JOIN '.USERS_TABLE.' As u
335	ON u.'.$conf['user_fields']['id'].' = com.author_id
336	WHERE '.implode('
337	AND ', $page['where_clauses']).'
338	;';
339	list($counter) = pwg_db_fetch_row(pwg_query($query));
340
341	$url = PHPWG_ROOT_PATH
342	.'comments.php'
343	.get_query_string_diff(array('start','delete','validate','pwg_token'));
344
345	$navbar = create_navigation_bar($url,
346	$counter,
347	$start,
348	$page['items_number'],
349	'');
350
351	$template->assign('navbar', $navbar);
352
353	// +-----------------------------------------------------------------------+
354	// \| last comments display \|
355	// +-----------------------------------------------------------------------+
356
357	$comments = array();
358	$element_ids = array();
359	$category_ids = array();
360
361	$query = '
362	SELECT com.id AS comment_id,
363	com.image_id,
364	com.author,
365	com.author_id,
366	com.date,
367	com.content,
368	com.validated
369	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
370	INNER JOIN '.COMMENTS_TABLE.' AS com
371	ON ic.image_id = com.image_id
372	LEFT JOIN '.USERS_TABLE.' As u
373	ON u.'.$conf['user_fields']['id'].' = com.author_id
374	WHERE '.implode('
375	AND ', $page['where_clauses']).'
376	GROUP BY comment_id,
377	com.image_id,
378	com.author,
379	com.author_id,
380	com.date,
381	com.content,
382	com.validated
383	ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
384	if ('all' != $page['items_number'])
385	{
386	$query.= '
387	LIMIT '.$page['items_number'].' OFFSET '.$start;
388	}
389	$query.= '
390	;';
391	$result = pwg_query($query);
392	while ($row = pwg_db_fetch_assoc($result))
393	{
394	array_push($comments, $row);
395	array_push($element_ids, $row['image_id']);
396	}
397
398	if (count($comments) > 0)
399	{
400	// retrieving element informations
401	$elements = array();
402	$query = '
403	SELECT id, name, file, path, tn_ext
404	FROM '.IMAGES_TABLE.'
405	WHERE id IN ('.implode(',', $element_ids).')
406	;';
407	$result = pwg_query($query);
408	while ($row = pwg_db_fetch_assoc($result))
409	{
410	$elements[$row['id']] = $row;
411	}
412
413	// retrieving category informations
414	$query = '
415	SELECT c.id, name, permalink, uppercats, com.id as comment_id
416	FROM '.CATEGORIES_TABLE.' AS c
417	LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
418	ON c.id=ic.category_id
419	LEFT JOIN '.COMMENTS_TABLE.' AS com
420	ON ic.image_id=com.image_id
421	'.get_sql_condition_FandF
422	(
423	array
424	(
425	'forbidden_categories' => 'c.id',
426	'visible_categories' => 'c.id'
427	),
428	'WHERE'
429	).'
430	;';
431	$categories = hash_from_query($query, 'comment_id');
432
433	foreach ($comments as $comment)
434	{
435	if (!empty($elements[$comment['image_id']]['name']))
436	{
437	$name=$elements[$comment['image_id']]['name'];
438	}
439	else
440	{
441	$name=get_name_from_file($elements[$comment['image_id']]['file']);
442	}
443
444	// source of the thumbnail picture
445	$thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
446
447	// link to the full size picture
448	$url = make_picture_url(
449	array(
450	'category' => $categories[ $comment['comment_id'] ],
451	'image_id' => $comment['image_id'],
452	'image_file' => $elements[$comment['image_id']]['file'],
453	)
454	);
455
456	$tpl_comment = array(
457	'U_PICTURE' => $url,
458	'TN_SRC' => $thumbnail_src,
459	'ALT' => $name,
460	'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
461	'DATE'=>format_date($comment['date'], true),
462	'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
463	);
464
465	if (can_manage_comment('delete', $comment['author_id']))
466	{
467	$url =
468	get_root_url()
469	.'comments.php'
470	.get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
471
472	$tpl_comment['U_DELETE'] = add_url_params(
473	$url,
474	array(
475	'delete' => $comment['comment_id'],
476	'pwg_token' => get_pwg_token(),
477	)
478	);
479	}
480
481	if (can_manage_comment('edit', $comment['author_id']))
482	{
483	$url =
484	get_root_url()
485	.'comments.php'
486	.get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
487
488	$tpl_comment['U_EDIT'] = add_url_params(
489	$url,
490	array(
491	'edit' => $comment['comment_id'],
492	'pwg_token' => get_pwg_token(),
493	)
494	);
495
496	if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
497	{
498	$tpl_comment['IN_EDIT'] = true;
499	$key = get_comment_post_key($comment['image_id']);
500	$tpl_comment['KEY'] = $key;
501	$tpl_comment['IMAGE_ID'] = $comment['image_id'];
502	$tpl_comment['CONTENT'] = $comment['content'];
503	}
504	}
505
506	if (can_manage_comment('validate', $comment['author_id']))
507	{
508	if ('true' != $comment['validated'])
509	{
510	$tpl_comment['U_VALIDATE'] = add_url_params(
511	$url,
512	array(
513	'validate'=> $comment['comment_id'],
514	'pwg_token' => get_pwg_token(),
515	)
516	);
517	}
518	}
519	$template->append('comments', $tpl_comment);
520	}
521	}
522	// +-----------------------------------------------------------------------+
523	// \| html code display \|
524	// +-----------------------------------------------------------------------+
525	include(PHPWG_ROOT_PATH.'include/page_header.php');
526	$template->pparse('comments');
527	include(PHPWG_ROOT_PATH.'include/page_tail.php');
528	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: