Changeset 3445


Ignore:
Timestamp:
Jun 23, 2009, 3:44:58 PM (12 years ago)
Author:
nikrou
Message:

Feature 1026 : Modify / delete comments for users

+ update config table content
+ minor modification of Sylvia theme
+ need refactoring

Location:
trunk
Files:
3 added
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/configuration.php

    r3282 r3445  
    7070    'email_admin_on_comment',
    7171    'email_admin_on_comment_validation',
     72    'user_can_delete_comment',
     73    'user_can_edit_comment',
     74    'email_admin_on_comment_edition',
     75    'email_admin_on_comment_deletion'
    7276  );
    7377
  • trunk/admin/template/goto/configuration.tpl

    r3283 r3445  
    144144      </label>
    145145    </li>
     146
     147    <li>
     148      <label>
     149        <span class="property">{'Allow users to edit theirs owns comments'|@translate}</span>
     150        <input type="checkbox" name="user_can_edit_comment" {if ($comments.user_can_edit_comment)}checked="checked"{/if}>
     151      </label>
     152    </li>
     153    <li>
     154      <label>
     155        <span class="property">{'Allow users to delete theirs owns comments'|@translate}</span>
     156        <input type="checkbox" name="user_can_delete_comment" {if ($comments.user_can_delete_comment)}checked="checked"{/if}>
     157      </label>
     158    </li>
     159    <li>
     160      <label>
     161        <span class="property">{'Email administrators when a comment is modified'|@translate}</span>
     162        <input type="checkbox" name="email_admin_on_comment_edition" {if ($comments.email_admin_on_comment_edition)}checked="checked"{/if}>
     163      </label>
     164    </li>
     165    <li>
     166      <label>
     167        <span class="property">{'Email administrators when a comment is deleted'|@translate}</span>
     168        <input type="checkbox" name="email_admin_on_comment_deletion" {if ($comments.email_admin_on_comment_deletion)}checked="checked"{/if}>
     169      </label>
     170    </li>
     171
    146172  </ul>
    147173</fieldset>
  • trunk/comments.php

    r3405 r3445  
    2727define('PHPWG_ROOT_PATH','./');
    2828include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
     29include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
    2930
    3031// +-----------------------------------------------------------------------+
     
    143144// +-----------------------------------------------------------------------+
    144145if (isset($_GET['delete']) and is_numeric($_GET['delete'])
    145       and !is_adviser() )
     146    and (is_admin() || $conf['user_can_delete_comment']))
    146147{// comments deletion
    147   check_status(ACCESS_ADMINISTRATOR);
    148   $query = '
    149 DELETE FROM '.COMMENTS_TABLE.'
    150   WHERE id='.$_GET['delete'].'
    151 ;';
    152   pwg_query($query);
     148  delete_user_comment($_GET['delete']);
    153149}
    154150
     
    164160;';
    165161  pwg_query($query);
     162}
     163
     164if (isset($_GET['edit']) and is_numeric($_GET['edit'])
     165    and (is_admin() || $conf['user_can_edit_comment']))
     166{
     167  if (!empty($_POST['content']))
     168  {
     169    update_user_comment(array('comment_id' => $_GET['edit'],
     170                              'image_id' => $_POST['image_id'],
     171                              'content' => $_POST['content']),
     172                        $_POST['key']
     173                        );
     174
     175    $edit_comment = null;
     176  }
     177  else
     178  {
     179    $edit_comment = $_GET['edit'];
     180  }
    166181}
    167182
     
    368383        );
    369384
    370     if ( is_admin() )
    371     {
    372       $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate'));
    373       $tpl_comment['U_DELETE'] = add_url_params($url,
    374                           array('delete'=>$comment['comment_id'])
    375                          );
    376 
    377       if ($comment['validated'] != 'true')
     385    if (can_manage_comment('delete', $comment['author']))
     386    {
     387      $url = get_root_url().'comments.php'
     388        .get_query_string_diff(array('delete','validate','edit'));
     389      $tpl_comment['U_DELETE'] =
     390        add_url_params($url,
     391                       array('delete'=>$comment['comment_id'])
     392                       );
     393    }
     394    if (can_manage_comment('edit', $comment['author']))
     395    {
     396      $url = get_root_url().'comments.php'
     397        .get_query_string_diff(array('edit', 'delete','validate'));
     398      $tpl_comment['U_EDIT'] =
     399        add_url_params($url,
     400                       array('edit'=>$comment['comment_id'])
     401                       );
     402      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
    378403      {
    379         $tpl_comment['U_VALIDATE'] = add_url_params($url,
    380                             array('validate'=>$comment['comment_id'])
    381                            );
     404        $tpl_comment['IN_EDIT'] = true;
     405        $key = get_comment_post_key($comment['image_id']);
     406        $tpl_comment['KEY'] = $key;
     407        $tpl_comment['IMAGE_ID'] = $comment['image_id'];
     408        $tpl_comment['CONTENT'] = $comment['content'];
    382409      }
     410    }
     411
     412    if ( is_admin() && $comment['validated'] != 'true')
     413    {
     414      $tpl_comment['U_VALIDATE'] =
     415        add_url_params($url,
     416                       array('validate'=>$comment['comment_id'])
     417                       );
    383418    }
    384419    $template->append('comments', $tpl_comment);
  • trunk/include/functions_comment.inc.php

    r3282 r3445  
    206206}
    207207
     208/**
     209 * Tries to delete a user comment in the database
     210 * only admin can delete all comments
     211 * other users can delete their own comments
     212 * so to avoid a new sql request we add author in where clause
     213 *
     214 * @param comment_id
     215 */
     216
     217function delete_user_comment($comment_id) {
     218  $user_where_clause = '';
     219  if (!is_admin())
     220  {
     221    $user_where_clause = '   AND author = \''.$GLOBALS['user']['username'].'\'';
     222  }
     223  $query = '
     224DELETE FROM '.COMMENTS_TABLE.'
     225  WHERE id = '.$comment_id.
     226$user_where_clause.'
     227;';
     228  $result = pwg_query($query);
     229  if ($result) {
     230    email_admin('delete', array('author' => $GLOBALS['user']['username']));
     231  }
     232}
     233
     234/**
     235 * Tries to update a user comment in the database
     236 * only admin can update all comments
     237 * users can edit their own comments if admin allow them
     238 * so to avoid a new sql request we add author in where clause
     239 *
     240 * @param comment_id
     241 * @param post_key
     242 * @param content
     243 */
     244
     245function update_user_comment($comment, $post_key) {
     246  global $conf;
     247
     248  $comment_action = 'validate';
     249
     250  $key = explode( ':', $post_key );
     251  if ( count($key)!=2
     252       or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
     253       or $key[0]<time()-3600 // 60 minutes expiration
     254       or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key']
     255                    ) != $key[1]
     256       )
     257  {
     258    $comment_action='reject';
     259  }
     260
     261  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
     262  { // anti-flood system
     263    $reference_date = time() - $conf['anti-flood_time'];
     264    $query = '
     265SELECT id FROM '.COMMENTS_TABLE.'
     266  WHERE date > FROM_UNIXTIME('.$reference_date.')
     267    AND author = "'.$GLOBALS['user']['username'].'"';
     268    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
     269    {
     270      array_push( $infos, l10n('comment_anti-flood') );
     271      $comment_action='reject';
     272    }
     273  }
     274
     275  // perform more spam check
     276  $comment_action =
     277    trigger_event('user_comment_check',
     278                  $comment_action,
     279                  array_merge($comment,
     280                              array('author' => $GLOBALS['user']['username'])
     281                              )
     282                  );
     283
     284  if ( $comment_action!='reject' )
     285  {
     286    $user_where_clause = '';
     287    if (!is_admin())
     288    {
     289      $user_where_clause = '   AND author = \''.
     290        $GLOBALS['user']['username'].'\'';
     291    }
     292    $query = '
     293UPDATE '.COMMENTS_TABLE.'
     294  SET content = \''.$comment['content'].'\',
     295      validation_date = now()
     296  WHERE id = '.$comment['comment_id'].
     297$user_where_clause.'
     298;';
     299    $result = pwg_query($query);
     300    if ($result) {
     301      email_admin('edit', array('author' => $GLOBALS['user']['username'],
     302                                'content' => $comment['content']));
     303    }
     304  }
     305}
     306
     307function email_admin($action, $comment) {
     308  global $conf;
     309
     310  if (!in_array($action, array('edit', 'delete'))
     311      or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
     312      or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
     313  {
     314    return;
     315  }
     316
     317  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
     318 
     319  $keyargs_content = array();
     320  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
     321  if ($action=='delete')
     322  {
     323    $keyargs_content[] = get_l10n_args('This author remove comment with id %d',
     324                                       $comment['comment_id']
     325                                       );
     326  }
     327  else
     328  {
     329    $keyargs_content[] = get_l10n_args('This author modified following comment:', '');
     330    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
     331  }
     332 
     333  pwg_mail_notification_admins(get_l10n_args('Comment by %s',
     334                                             $comment['author']),
     335                               $keyargs_content
     336                               );
     337}
    208338?>
  • trunk/include/functions_user.inc.php

    r3282 r3445  
    11961196
    11971197  return ($user['adviser'] == 'true');
     1198}
     1199
     1200/*
     1201 * Return if current user can edit/delete a comment
     1202 * @param action edit/delete
     1203 * @return bool
     1204 */
     1205function can_manage_comment($action, $comment_author)
     1206{
     1207  if (!in_array($action, array('delete','edit'))) {
     1208    return false;
     1209  }
     1210  return (is_admin() ||
     1211          (($GLOBALS['user']['username'] == $comment_author)
     1212           && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
    11981213}
    11991214
  • trunk/include/picture_comment.inc.php

    r3409 r3445  
    152152        );
    153153
     154      if (can_manage_comment('delete', $row['author']))
     155      {
     156        $tpl_comment['U_DELETE'] =
     157          add_url_params($url_self,
     158                         array(
     159                           'action'=>'delete_comment',
     160                           'comment_to_delete'=>$row['id']
     161                               )
     162                         );
     163      }
     164      if (can_manage_comment('edit', $row['author']))
     165      {
     166        $tpl_comment['U_EDIT'] =
     167          add_url_params($url_self,
     168                         array(
     169                           'action'=>'edit_comment',
     170                           'comment_to_edit'=>$row['id']
     171                               )
     172                         );
     173        if (isset($edit_comment) and ($row['id'] == $edit_comment))
     174        {
     175          $tpl_comment['IN_EDIT'] = true;
     176          $key = get_comment_post_key($page['image_id']);
     177          $tpl_comment['KEY'] = $key;
     178          $tpl_comment['CONTENT'] = $row['content'];
     179        }
     180      }
    154181      if (is_admin())
    155182      {
    156         $tpl_comment['U_DELETE'] =
    157             add_url_params(
    158                   $url_self,
    159                   array(
    160                     'action'=>'delete_comment',
    161                     'comment_to_delete'=>$row['id']
    162                   )
    163               );
    164183        if ($row['validated'] != 'true')
    165184        {
     
    177196
    178197  if (!is_a_guest()
    179       or (is_a_guest() and $conf['comments_forall']))
     198      or (is_a_guest() and $conf['comments_forall'])
     199      and (isset($edit_comment) and ($edit_comment != null)))
    180200  {
    181201    $key = get_comment_post_key($page['image_id']);
  • trunk/install/config.sql

    r3282 r3445  
    55INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_validation','false','administrators validate users comments before becoming visible');
    66INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_forall','false','even guest not registered can post comments');
     7INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_delete_comment','false','administrators can allow user delete their own comments');
     8INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_edit_comment','false','administrators can allow user edit their own comments');
     9INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_edition','false','Send an email to the administrators when a comment is modified');
     10INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_deletion','false','Send an email to the administrators when a comment is deleted');
    711INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_locked','false','Lock your gallery temporary for non admin users');
    812INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_title','Piwigo demonstration site','Title at top of each page and for RSS feed');
  • trunk/language/fr_FR/admin.lang.php

    r3382 r3445  
    7272$lang['Check for upgrade'] = 'Dernière version ?';
    7373$lang['Comments for all'] = 'Commentaires pour tous';
     74$lang['Allow users to edit theirs owns comments'] = 'Autoriser les utilisateurs à modifier leurs propres commentaires';
     75$lang['Allow users to delete theirs owns comments'] = 'Autoriser les utilisateurs à supprimer leurs propres commentaires';
     76$lang['Email administrators when a comment is modified'] = 'Notifier les administrateurs quand un commentaire est modifié';
     77$lang['Email administrators when a comment is deleted'] = 'Notifier les administrateurs quand un commentaire est supprimé';
    7478$lang['Controversy'] = 'Controverse';
    7579$lang['Current name'] = 'Nom courant';
  • trunk/language/fr_FR/common.lang.php

    r3282 r3445  
    161161$lang['comments'] = 'Commentaires';
    162162$lang['comments_add'] = 'Ajouter un commentaire';
     163$lang['Edit a comment'] = 'Editer un commentaire';
    163164$lang['created after %s (%s)'] = 'créée après le %s (%s)';
    164165$lang['created before %s (%s)'] = 'créée avant le %s (%s)';
  • trunk/picture.php

    r3409 r3445  
    2626include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
    2727include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
     28include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
    2829
    2930// Check Access and exit when user status is not ok
     
    308309      redirect($url_self);
    309310    }
     311    case 'edit_comment' :
     312    {
     313      if (isset($_GET['comment_to_edit'])
     314          and is_numeric($_GET['comment_to_edit'])
     315          and (is_admin() || $conf['user_can_edit_comment']))
     316      {
     317        if (!empty($_POST['content']))
     318        {
     319          update_user_comment(array('comment_id' => $_GET['comment_to_edit'],
     320                                    'image_id' => $page['image_id'],
     321                                    'content' => $_POST['content']),
     322                              $_POST['key']
     323                              );
     324          redirect($url_self);
     325        } else {
     326          $edit_comment = $_GET['comment_to_edit'];
     327          break;
     328        }
     329      }
     330    }
    310331    case 'delete_comment' :
    311332    {
    312333      if (isset($_GET['comment_to_delete'])
    313334          and is_numeric($_GET['comment_to_delete'])
    314           and is_admin() and !is_adviser() )
     335          and (is_admin() || $conf['user_can_delete_comment']))
    315336      {
    316         $query = '
    317 DELETE FROM '.COMMENTS_TABLE.'
    318   WHERE id = '.$_GET['comment_to_delete'].'
    319 ;';
    320         pwg_query( $query );
     337        delete_user_comment($_GET['comment_to_delete']);
    321338      }
    322 
    323339      redirect($url_self);
    324340    }
     
    593609
    594610
    595 
    596611$page['body_id'] = 'thePicturePage';
    597612
     
    948963$template->assign( 'ELEMENT_CONTENT', $element_content );
    949964
    950 
    951965// +-----------------------------------------------------------------------+
    952966// |                               sub pages                               |
  • trunk/template/yoga/comment_list.tpl

    r3282 r3445  
    33{foreach from=$comments item=comment name=comment_loop}
    44<li>
    5         <div class="thumbnailCategory {if $smarty.foreach.comment_loop.index is odd}odd{else}even{/if}">
     5  <div class="thumbnailCategory {if $smarty.foreach.comment_loop.index is odd}odd{else}even{/if}">
    66    {if isset($comment.TN_SRC)}
    77    <div class="illustration">
     
    1111    </div>
    1212    {/if}
    13     <div class="description">
    14       {if isset($comment.U_DELETE) or isset($comment.U_VALIDATE) }
     13    <div class="description" style="height:{if ($comment.IN_EDIT==1)}200{/if}px">
     14      {if isset($comment.U_DELETE) or isset($comment.U_VALIDATE) or isset($comment.U_EDIT) }
    1515      <ul class="actions" style="float:right">
    1616        {if isset($comment.U_DELETE)}
    1717        <li>
    18           <a href="{$comment.U_DELETE}" title="{'delete this comment'|@translate}">
     18          <a href="{$comment.U_DELETE}" title="{'delete this comment'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:javascript}');">
    1919            <img src="{$ROOT_URL}{$themeconf.icon_dir}/delete.png" class="button" alt="[delete]">
     20          </a>
     21        </li>
     22        {/if}
     23        {if isset($comment.U_EDIT) and ($comment.IN_EDIT!=1)}
     24        <li>
     25          <a class="editComment" href="{$comment.U_EDIT}#edit_comment" title="{'edit this comment'|@translate}">
     26            <img src="{$ROOT_URL}{$themeconf.icon_dir}/edit.png" class="button" alt="[edit]">
    2027          </a>
    2128        </li>
     
    3138      {/if}
    3239      <span class="author">{$comment.AUTHOR}</span> - <span class="date">{$comment.DATE}</span>
     40      {if ($comment.IN_EDIT==1)}
     41      <a name="edit_comment"></a>
     42      <form  method="post" action="{$comment.U_EDIT}" class="filter" id="editComment">
     43        <fieldset>
     44          <legend>{'Edit a comment'|@translate}</legend>
     45          <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label>
     46          <input type="hidden" name="key" value="{$comment.KEY}">
     47          <input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}">
     48          <input class="submit" type="submit" value="{'Submit'|@translate}">
     49        </fieldset>
     50      </form>
     51      {else}     
    3352      <blockquote>{$comment.CONTENT}</blockquote>
     53      {/if}
    3454    </div>
    3555  </div>
    36 </li>
    37 {if isset($comment_separator)}
    38 <hr>
    39 {/if}
     56<li>
    4057{/foreach}
    4158</ul>
  • trunk/template/yoga/picture.tpl

    r3283 r3445  
    258258
    259259        {if isset($comments)}
    260                 {include file='comment_list.tpl' comment_separator=true}
     260                {include file='comment_list.tpl'}
    261261        {/if}
    262262
  • trunk/template/yoga/theme/Sylvia/theme.css

    r3283 r3445  
    11.content div.thumbnailCategory div.illustration {
    22        width:165px !important; /* Usable range 162px-360px , optimal : Thumbnail width + 40px */
    3 }
    4 .content div.thumbnailCategory {
    5         height: 180px !important; /* Usable range 172px-250px , optimal : Thumbnail height + 30px */
    6 }
    7 .content div.thumbnailCategory div.description .text {
    8         height: 130px !important; /* -42px than previous one */
    93}
    104#comments div.thumbnailCategory div.illustration {
     
    222216        margin: 0;
    223217        padding:15px 10px 3px 0;
    224         overflow: hidden !important;
     218        overflow-x: hidden !important;
    225219}
    226220.content .thumbnailCategory div.description .text {
Note: See TracChangeset for help on using the changeset viewer.