source: trunk/include/picture_comment.inc.php @ 5649

Last change on this file since 5649 was 5649, checked in by plg, 14 years ago

bug 1534: if you're a guest, if configuration tells you can't add user
comments, you won't see the form on the picture page.
File size: 6.9 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24/**
25 * This file is included by the picture page to manage user comments
26 *
27 */
28
29// the picture is commentable if it belongs at least to one category which
30// is commentable
31$page['show_comments'] = false;
32foreach ($related_categories as $category)
33{
34  if ($category['commentable'] == 'true')
35  {
36    $page['show_comments'] = true;
37    break;
38  }
39}
40
41if ( $page['show_comments'] and isset( $_POST['content'] ) )
42{
43  if ( is_a_guest() and !$conf['comments_forall'] )
44  {
45    die ('Session expired');
46  }
47
48  $comm = array(
49    'author' => trim( stripslashes(@$_POST['author']) ),
50    'content' => trim( stripslashes($_POST['content']) ),
51    'image_id' => $page['image_id'],
52   );
53
54  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
55
56  $comment_action = insert_user_comment($comm, @$_POST['key'], $infos );
57
58  switch ($comment_action)
59  {
60    case 'moderate':
61      array_push( $infos, l10n('An administrator must authorize your comment before it is visible.') );
62    case 'validate':
63      array_push( $infos, l10n('Your comment has been registered'));
64      break;
65    case 'reject':
66      set_status_header(403);
67      array_push($infos, l10n('Your comment has NOT been registered because it did not pass the validation rules') );
68      break;
69    default:
70      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
71  }
72
73  $template->assign(
74      ($comment_action=='reject') ? 'errors' : 'infos',
75      $infos
76    );
77
78  // allow plugins to notify what's going on
79  trigger_action( 'user_comment_insertion',
80      array_merge($comm, array('action'=>$comment_action) )
81    );
82}
83elseif ( isset($_POST['content']) )
84{
85  set_status_header(403);
86  die('ugly spammer');
87}
88
89if ($page['show_comments'])
90{
91  // number of comments for this picture
92  $query = '
93SELECT COUNT(*) AS nb_comments
94  FROM '.COMMENTS_TABLE.'
95  WHERE image_id='.$page['image_id']." AND validated = 'true'";
96  $row = pwg_db_fetch_assoc( pwg_query( $query ) );
97
98  // navigation bar creation
99  if (!isset($page['start']))
100  {
101    $page['start'] = 0;
102  }
103
104  $navigation_bar = create_navigation_bar(
105    duplicate_picture_url(array(), array('start')),
106    $row['nb_comments'],
107    $page['start'],
108    $conf['nb_comment_page'],
109    true // We want a clean URL
110    );
111
112  $template->assign(
113    array(
114      'COMMENT_COUNT' => $row['nb_comments'],
115      'navbar' => $navigation_bar,
116      )
117    );
118
119  if ($row['nb_comments'] > 0)
120  {
121    if ( !is_admin() )
122    {
123      $validated_clause = '  AND validated = \'true\'';
124    }
125    else
126    {
127      $validated_clause = '';
128    }
129
130    $query = '
131SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username,
132  date,image_id,content,validated
133  FROM '.COMMENTS_TABLE.' AS com
134  LEFT JOIN '.USERS_TABLE.' AS u
135    ON u.'.$conf['user_fields']['id'].' = author_id
136  WHERE image_id = '.$page['image_id'].
137$validated_clause.'
138  ORDER BY date ASC
139  LIMIT '.$conf['nb_comment_page'].' OFFSET '.$page['start'].'
140;';
141    $result = pwg_query( $query );
142
143    while ($row = pwg_db_fetch_assoc($result))
144    {
145      if (!empty($row['author']))
146      {
147        $author = $row['author'];
148        if ($author == 'guest')
149        {
150          $author = l10n('guest');
151        }
152      }
153      else
154      {
155        $author = stripslashes($row['username']);
156      }
157
158      $tpl_comment =
159        array(
160          'AUTHOR' => trigger_event('render_comment_author', $author),
161
162          'DATE' => format_date( $row['date'], true),
163
164          'CONTENT' => trigger_event('render_comment_content',$row['content']),
165        );
166
167      if (can_manage_comment('delete', $row['author_id']))
168      {
169        $tpl_comment['U_DELETE'] = add_url_params(
170          $url_self,
171          array(
172            'action'=>'delete_comment',
173            'comment_to_delete'=>$row['id'],
174            'pwg_token' => get_pwg_token(),
175            )
176          );
177      }
178      if (can_manage_comment('edit', $row['author_id']))
179      {
180        $tpl_comment['U_EDIT'] = add_url_params(
181          $url_self,
182          array(
183            'action'=>'edit_comment',
184            'comment_to_edit'=>$row['id'],
185            'pwg_token' => get_pwg_token(),
186            )
187          );
188        if (isset($edit_comment) and ($row['id'] == $edit_comment))
189        {
190          $tpl_comment['IN_EDIT'] = true;
191          $key = get_comment_post_key($page['image_id']);
192          $tpl_comment['KEY'] = $key;
193          $tpl_comment['CONTENT'] = $row['content'];
194        }
195      }
196      if (is_admin())
197      {
198        if ($row['validated'] != 'true')
199        {
200          $tpl_comment['U_VALIDATE'] = add_url_params(
201            $url_self,
202            array(
203              'action' => 'validate_comment',
204              'comment_to_validate' => $row['id'],
205              'pwg_token' => get_pwg_token(),
206              )
207            );
208        }
209      }
210      $template->append('comments', $tpl_comment);
211    }
212  }
213
214  $show_add_comment_form = true;
215  if (isset($edit_comment))
216  {
217    $show_add_comment_form = false;
218  }
219  if (is_a_guest() and !$conf['comments_forall'])
220  {
221    $show_add_comment_form = false;
222  }
223
224  if ($show_add_comment_form)
225  {
226    $key = get_comment_post_key($page['image_id']);
227    $content = '';
228    if ('reject'===@$comment_action)
229    {
230      $content = htmlspecialchars($comm['content']);
231    }
232    $template->assign('comment_add',
233        array(
234          'F_ACTION' => $url_self,
235          'KEY' => $key,
236          'CONTENT' => $content,
237          'SHOW_AUTHOR' => !is_classic_user()
238        ));
239  }
240}
241
242?>
Note: See TracBrowser for help on using the repository browser.