Context Navigation

source: trunk/include/picture_comment.inc.php @ 1818

Last change on this file since 1818 was 1818, checked in by rub, 17 years ago

My last improvements before 1.7.0RC1.

Can include Cc & Bcc on mail.
Send mail to all administrators on new comment or new users.
Add validate link on new comment mail.
Try to detect if the NBM complementary content is HTML or plain text. With plain text, this content is convert to readable HTML.

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 10.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $Id: picture_comment.inc.php 1818 2007-02-14 22:53:04Z rub $
9	// \| last update : $Date: 2007-02-14 22:53:04 +0000 (Wed, 14 Feb 2007) $
10	// \| last modifier : $Author: rub $
11	// \| revision : $Revision: 1818 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	/**
29	* This file is included by the picture page to manage user comments
30	*
31	*/
32
33	//returns string action to perform on a new comment: validate, moderate, reject
34	function user_comment_check($action, $comment, $picture)
35	{
36	global $conf,$user;
37
38	if ($action=='reject')
39	return $action;
40
41	$my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
42	if ($action==$my_action)
43	return $action;
44
45	// we do here only BASIC spam check (plugins can do more)
46	if ( !$user['is_the_guest'] )
47	return $action;
48
49	$link_count = preg_match_all( '/https?:\/\//',
50	$comment['content'], $matches);
51
52	if ( $link_count>$conf['comment_spam_max_links'] )
53	return $my_action;
54
55	if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] )
56	{
57	$rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
58	$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
59	$res = gethostbyname( $lookup );
60	if ( $lookup != $res )
61	return $my_action;
62	}
63
64	return $action;
65	}
66
67
68
69	add_event_handler('user_comment_check', 'user_comment_check',
70	EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
71
72
73	// the picture is commentable if it belongs at least to one category which
74	// is commentable
75	$page['show_comments'] = false;
76	foreach ($related_categories as $category)
77	{
78	if ($category['commentable'] == 'true')
79	{
80	$page['show_comments'] = true;
81	break;
82	}
83	}
84
85	if ( $page['show_comments'] and isset( $_POST['content'] ) )
86	{
87	if ( $user['is_the_guest'] and !$conf['comments_forall'] )
88	{
89	die ('Session expired');
90	}
91	if (!$conf['comments_validation'] or is_admin())
92	{
93	$comment_action='validate'; //one of validate, moderate, reject
94	}
95	else
96	{
97	$comment_action='moderate'; //one of validate, moderate, reject
98	}
99
100	$_POST['content'] = trim( stripslashes($_POST['content']) );
101
102	if ( $user['is_the_guest'] )
103	{
104	$author = empty($_POST['author'])?'guest':$_POST['author'];
105	// if a guest try to use the name of an already existing user, he must be
106	// rejected
107	if ( $author != 'guest' )
108	{
109	$query = 'SELECT COUNT(*) AS user_exists';
110	$query.= ' FROM '.USERS_TABLE;
111	$query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
112	$query.= ';';
113	$row = mysql_fetch_assoc( pwg_query( $query ) );
114	if ( $row['user_exists'] == 1 )
115	{
116	$template->assign_block_vars(
117	'information',
118	array('INFORMATION'=>$lang['comment_user_exists']));
119	$comment_action='reject';
120	}
121	}
122	}
123	else
124	{
125	$author = $user['username'];
126	}
127
128	$comm = array(
129	'author' => $author,
130	'content' => $_POST['content'],
131	'image_id' => $page['image_id'],
132	'ip' => $_SERVER['REMOTE_ADDR'],
133	'agent' => $_SERVER['HTTP_USER_AGENT']
134	);
135
136	if ($comment_action!='reject' and empty($comm['content']) )
137	{ // empty comment content
138	$comment_action='reject';
139	}
140
141	$key = explode(':', @$_POST['key']);
142	if ( count($key)!=2
143	or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
144	or $key[0]<time()-3600 // 60 minutes expiration
145	or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1]
146	)
147	{
148	$comment_action='reject';
149	}
150
151	if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
152	{ // anti-flood system
153	$reference_date = time() - $conf['anti-flood_time'];
154	$query = 'SELECT id FROM '.COMMENTS_TABLE;
155	$query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
156	$query.= " AND author = '".$comm['author']."'";
157	$query.= ';';
158	if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
159	{
160	$template->assign_block_vars(
161	'information',
162	array('INFORMATION'=>$lang['comment_anti-flood']));
163	$comment_action='reject';
164	}
165	}
166
167	// perform more spam check
168	$comment_action = trigger_event('user_comment_check',
169	$comment_action, $comm, $picture['current']
170	);
171
172	if ( $comment_action!='reject' )
173	{
174	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
175
176	$data = $comm;
177	$data['date'] = $dbnow;
178	$data['content'] = addslashes(
179	// this htmlpsecialchars is not good here
180	htmlspecialchars($comm['content'],ENT_QUOTES)
181	);
182
183	if ($comment_action=='validate')
184	{
185	$data['validated'] = 'true';
186	$data['validation_date'] = $dbnow;
187	}
188	else
189	{
190	$data['validated'] = 'false';
191	}
192
193	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
194	$fields = array('author', 'date', 'image_id', 'content', 'validated',
195	'validation_date');
196	mass_inserts(COMMENTS_TABLE, $fields, array($data));
197	$comm['id'] = mysql_insert_id();
198
199	// information message
200	$message = $lang['comment_added'];
201	if ($comment_action!='validate')
202	{
203	$message.= '<br />'.$lang['comment_to_validate'];
204	}
205	$template->assign_block_vars('information',
206	array('INFORMATION'=>$message));
207	if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
208	or $conf['email_admin_on_comment_validation'] )
209	{
210	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
211
212	$val_url = get_absolute_root_url().'comments.php?validate='.$comm['id'];
213	$del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
214
215	$content =
216	'Author: '.$comm['author']."\n"
217	.'Comment: '.$comm['content']."\n"
218	.'IP: '.$comm['ip']."\n"
219	.'Browser: '.$comm['agent']."\n\n"
220	.'Validate: '.$val_url."\n"
221	.'Delete: '.$del_url."\n";
222	if ($comment_action!='validate')
223	{
224	$content .=
225	'Validate: '.get_absolute_root_url()
226	.'comments.php?validate='.$comm['id'];
227	}
228	pwg_mail
229	(
230	format_email('administrators', get_webmaster_mail_address()),
231	array
232	(
233	'subject' => 'PWG comment by '.$comm['author'],
234	'content' => $content,
235	'Bcc' => get_administrators_email()
236	)
237	);
238	}
239	}
240	else
241	{
242	set_status_header(403);
243	$template->assign_block_vars('information',
244	array('INFORMATION'=>l10n('comment_not_added') )
245	);
246	}
247
248	// allow plugins to notify what's going on
249	trigger_action( 'user_comment_insertion',
250	array_merge($comm, array('action'=>$comment_action) )
251	);
252	}
253
254
255	if ($page['show_comments'])
256	{
257	// number of comment for this picture
258	$query = 'SELECT COUNT(*) AS nb_comments';
259	$query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$page['image_id'];
260	$query.= " AND validated = 'true'";
261	$query.= ';';
262	$row = mysql_fetch_array( pwg_query( $query ) );
263
264	// navigation bar creation
265	if (!isset($page['start']))
266	{
267	$page['start'] = 0;
268	}
269
270	$page['navigation_bar'] = create_navigation_bar(
271	duplicate_picture_url(array(), array('start')),
272	$row['nb_comments'],
273	$page['start'],
274	$conf['nb_comment_page'],
275	true // We want a clean URL
276	);
277
278	$template->assign_block_vars(
279	'comments',
280	array(
281	'NB_COMMENT' => $row['nb_comments'],
282	'NAV_BAR' => $page['navigation_bar'],
283	)
284	);
285
286	if ($row['nb_comments'] > 0)
287	{
288	$query = '
289	SELECT id,author,date,image_id,content
290	FROM '.COMMENTS_TABLE.'
291	WHERE image_id = '.$page['image_id'].'
292	AND validated = \'true\'
293	ORDER BY date ASC
294	LIMIT '.$page['start'].', '.$conf['nb_comment_page'].'
295	;';
296	$result = pwg_query( $query );
297
298	while ($row = mysql_fetch_array($result))
299	{
300	$template->assign_block_vars(
301	'comments.comment',
302	array(
303	'COMMENT_AUTHOR' => empty($row['author'])
304	? $lang['guest']
305	: $row['author'],
306
307	'COMMENT_DATE' => format_date(
308	$row['date'],
309	'mysql_datetime',
310	true),
311
312	'COMMENT' => trigger_event('render_comment_content',$row['content']),
313	)
314	);
315
316	if (is_admin())
317	{
318	$template->assign_block_vars(
319	'comments.comment.delete',
320	array(
321	'U_COMMENT_DELETE' =>
322	add_url_params(
323	$url_self,
324	array(
325	'action'=>'delete_comment',
326	'comment_to_delete'=>$row['id']
327	)
328	)
329	)
330	);
331	}
332	}
333	}
334
335	if (!$user['is_the_guest']
336	or ($user['is_the_guest'] and $conf['comments_forall']))
337	{
338	$key = time();
339	$key .= ':'.hash_hmac('md5', $key, $conf['secret_key']);
340	$content = '';
341	if ('reject'===@$comment_action)
342	{
343	$content = htmlspecialchars($comm['content']);
344	}
345	$template->assign_block_vars('comments.add_comment',
346	array(
347	'KEY' => $key,
348	'CONTENT' => $content
349	));
350	// display author field if the user is not logged in
351	if ($user['is_the_guest'])
352	{
353	$template->assign_block_vars(
354	'comments.add_comment.author_field', array()
355	);
356	}
357	}
358	}
359
360	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: