source: trunk/include/picture_comment.inc.php @ 29636

Last change on this file since 29636 was 29008, checked in by mistic100, 10 years ago

feature:2807 better fix for svn:28995

  • Property svn:eol-style set to LF
File size: 8.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2014 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24/**
25 * This file is included by the picture page to manage user comments
26 *
27 */
28
29// the picture is commentable if it belongs at least to one category which
30// is commentable
31$page['show_comments'] = false;
32foreach ($related_categories as $category)
33{
34  if ($category['commentable']=='true')
35  {
36    $page['show_comments'] = true;
37    break;
38  }
39}
40
41if ( $page['show_comments'] and isset( $_POST['content'] ) )
42{
43  if ( is_a_guest() and !$conf['comments_forall'] )
44  {
45    die ('Session expired');
46  }
47
48  $comm = array(
49    'author' => trim( @$_POST['author'] ),
50    'content' => trim( $_POST['content'] ),
51    'website_url' => trim( @$_POST['website_url'] ),
52    'email' => trim( @$_POST['email'] ),
53    'image_id' => $page['image_id'],
54   );
55
56  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
57
58  $comment_action = insert_user_comment($comm, @$_POST['key'], $page['errors']);
59
60  switch ($comment_action)
61  {
62    case 'moderate':
63      $page['infos'][] = l10n('An administrator must authorize your comment before it is visible.');
64    case 'validate':
65      $page['infos'][] = l10n('Your comment has been registered');
66      break;
67    case 'reject':
68      set_status_header(403);
69      $page['errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
70      break;
71    default:
72      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
73  }
74
75  // allow plugins to notify what's going on
76  trigger_notify( 'user_comment_insertion',
77      array_merge($comm, array('action'=>$comment_action) )
78    );
79}
80elseif ( isset($_POST['content']) )
81{
82  set_status_header(403);
83  die('ugly spammer');
84}
85
86if ($page['show_comments'])
87{
88  if ( !is_admin() )
89  {
90    $validated_clause = '  AND validated = \'true\'';
91  }
92  else
93  {
94    $validated_clause = '';
95  }
96
97  // number of comments for this picture
98  $query = '
99SELECT
100    COUNT(*) AS nb_comments
101  FROM '.COMMENTS_TABLE.'
102  WHERE image_id = '.$page['image_id']
103  .$validated_clause.'
104;';
105  $row = pwg_db_fetch_assoc( pwg_query( $query ) );
106
107  // navigation bar creation
108  if (!isset($page['start']))
109  {
110    $page['start'] = 0;
111  }
112
113  $navigation_bar = create_navigation_bar(
114    duplicate_picture_url(array(), array('start')),
115    $row['nb_comments'],
116    $page['start'],
117    $conf['nb_comment_page'],
118    true // We want a clean URL
119    );
120
121  $template->assign(
122    array(
123      'COMMENT_COUNT' => $row['nb_comments'],
124      'navbar' => $navigation_bar,
125      )
126    );
127
128  if ($row['nb_comments'] > 0)
129  {
130    // comments order (get, session, conf)
131    if (!empty($_GET['comments_order']) && in_array(strtoupper($_GET['comments_order']), array('ASC', 'DESC')))
132    {
133      pwg_set_session_var('comments_order', $_GET['comments_order']);
134    }
135    $comments_order = pwg_get_session_var('comments_order', $conf['comments_order']);
136
137    $template->assign(array(
138      'COMMENTS_ORDER_URL' => add_url_params( duplicate_picture_url(), array('comments_order'=> ($comments_order == 'ASC' ? 'DESC' : 'ASC') ) ),
139      'COMMENTS_ORDER_TITLE' => $comments_order == 'ASC' ? l10n('Show latest comments first') : l10n('Show oldest comments first'),
140      ));
141
142    $query = '
143SELECT
144    com.id,
145    author,
146    author_id,
147    u.'.$conf['user_fields']['email'].' AS user_email,
148    date,
149    image_id,
150    website_url,
151    com.email,
152    content,
153    validated
154  FROM '.COMMENTS_TABLE.' AS com
155  LEFT JOIN '.USERS_TABLE.' AS u
156    ON u.'.$conf['user_fields']['id'].' = author_id
157  WHERE image_id = '.$page['image_id'].'
158    '.$validated_clause.'
159  ORDER BY date '.$comments_order.'
160  LIMIT '.$conf['nb_comment_page'].' OFFSET '.$page['start'].'
161;';
162    $result = pwg_query( $query );
163
164    while ($row = pwg_db_fetch_assoc($result))
165    {
166      if ($row['author'] == 'guest')
167      {
168        $row['author'] = l10n('guest');
169      }
170
171      $email = null;
172      if (!empty($row['user_email']))
173      {
174        $email = $row['user_email'];
175      }
176      elseif (!empty($row['email']))
177      {
178        $email = $row['email'];
179      }
180
181      $tpl_comment =
182        array(
183          'ID' => $row['id'],
184          'AUTHOR' => trigger_change('render_comment_author', $row['author']),
185          'DATE' => format_date($row['date'], array('day_name','day','month','year','time')),
186          'CONTENT' => trigger_change('render_comment_content',$row['content']),
187          'WEBSITE_URL' => $row['website_url'],
188        );
189
190      if (can_manage_comment('delete', $row['author_id']))
191      {
192        $tpl_comment['U_DELETE'] = add_url_params(
193          $url_self,
194          array(
195            'action'=>'delete_comment',
196            'comment_to_delete'=>$row['id'],
197            'pwg_token' => get_pwg_token(),
198            )
199          );
200      }
201      if (can_manage_comment('edit', $row['author_id']))
202      {
203        $tpl_comment['U_EDIT'] = add_url_params(
204          $url_self,
205          array(
206            'action'=>'edit_comment',
207            'comment_to_edit'=>$row['id'],
208            )
209          );
210          if (isset($edit_comment) and ($row['id'] == $edit_comment))
211          {
212            $tpl_comment['IN_EDIT'] = true;
213            $key = get_ephemeral_key(2, $page['image_id']);
214            $tpl_comment['KEY'] = $key;
215            $tpl_comment['CONTENT'] = $row['content'];
216            $tpl_comment['PWG_TOKEN'] = get_pwg_token();
217            $tpl_comment['U_CANCEL'] = $url_self;
218          }
219      }
220      if (is_admin())
221      {
222        $tpl_comment['EMAIL'] = $email;
223
224        if ($row['validated'] != 'true')
225        {
226          $tpl_comment['U_VALIDATE'] = add_url_params(
227                  $url_self,
228                  array(
229                    'action' => 'validate_comment',
230                    'comment_to_validate' => $row['id'],
231                    'pwg_token' => get_pwg_token(),
232                    )
233                  );
234        }
235      }
236      $template->append('comments', $tpl_comment);
237    }
238  }
239
240  $show_add_comment_form = true;
241  if (isset($edit_comment))
242  {
243    $show_add_comment_form = false;
244  }
245  if (is_a_guest() and !$conf['comments_forall'])
246  {
247    $show_add_comment_form = false;
248  }
249
250  if ($show_add_comment_form)
251  {
252    $key = get_ephemeral_key(3, $page['image_id']);
253
254    $tpl_var =  array(
255        'F_ACTION' =>         $url_self,
256        'KEY' =>              $key,
257        'CONTENT' =>          '',
258        'SHOW_AUTHOR' =>      !is_classic_user(),
259        'AUTHOR_MANDATORY' => $conf['comments_author_mandatory'],
260        'AUTHOR' =>           '',
261        'WEBSITE_URL' =>      '',
262        'SHOW_EMAIL' =>       !is_classic_user() or empty($user['email']),
263        'EMAIL_MANDATORY' =>  $conf['comments_email_mandatory'],
264        'EMAIL' =>            '',
265        'SHOW_WEBSITE' =>     $conf['comments_enable_website'],
266      );
267
268    if ('reject'==@$comment_action)
269    {
270      foreach( array('content', 'author', 'website_url', 'email') as $k)
271      {
272        $tpl_var[strtoupper($k)] = htmlspecialchars( stripslashes(@$_POST[$k]) );
273      }
274    }
275    $template->assign('comment_add', $tpl_var);
276  }
277}
278
279?>
Note: See TracBrowser for help on using the repository browser.