Changeset 3445
- Timestamp:
- Jun 23, 2009, 3:44:58 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/configuration.php
r3282 r3445 70 70 'email_admin_on_comment', 71 71 'email_admin_on_comment_validation', 72 'user_can_delete_comment', 73 'user_can_edit_comment', 74 'email_admin_on_comment_edition', 75 'email_admin_on_comment_deletion' 72 76 ); 73 77 -
trunk/admin/template/goto/configuration.tpl
r3283 r3445 144 144 </label> 145 145 </li> 146 147 <li> 148 <label> 149 <span class="property">{'Allow users to edit theirs owns comments'|@translate}</span> 150 <input type="checkbox" name="user_can_edit_comment" {if ($comments.user_can_edit_comment)}checked="checked"{/if}> 151 </label> 152 </li> 153 <li> 154 <label> 155 <span class="property">{'Allow users to delete theirs owns comments'|@translate}</span> 156 <input type="checkbox" name="user_can_delete_comment" {if ($comments.user_can_delete_comment)}checked="checked"{/if}> 157 </label> 158 </li> 159 <li> 160 <label> 161 <span class="property">{'Email administrators when a comment is modified'|@translate}</span> 162 <input type="checkbox" name="email_admin_on_comment_edition" {if ($comments.email_admin_on_comment_edition)}checked="checked"{/if}> 163 </label> 164 </li> 165 <li> 166 <label> 167 <span class="property">{'Email administrators when a comment is deleted'|@translate}</span> 168 <input type="checkbox" name="email_admin_on_comment_deletion" {if ($comments.email_admin_on_comment_deletion)}checked="checked"{/if}> 169 </label> 170 </li> 171 146 172 </ul> 147 173 </fieldset> -
trunk/comments.php
r3405 r3445 27 27 define('PHPWG_ROOT_PATH','./'); 28 28 include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); 29 include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 29 30 30 31 // +-----------------------------------------------------------------------+ … … 143 144 // +-----------------------------------------------------------------------+ 144 145 if (isset($_GET['delete']) and is_numeric($_GET['delete']) 145 and !is_adviser())146 and (is_admin() || $conf['user_can_delete_comment'])) 146 147 {// comments deletion 147 check_status(ACCESS_ADMINISTRATOR); 148 $query = ' 149 DELETE FROM '.COMMENTS_TABLE.' 150 WHERE id='.$_GET['delete'].' 151 ;'; 152 pwg_query($query); 148 delete_user_comment($_GET['delete']); 153 149 } 154 150 … … 164 160 ;'; 165 161 pwg_query($query); 162 } 163 164 if (isset($_GET['edit']) and is_numeric($_GET['edit']) 165 and (is_admin() || $conf['user_can_edit_comment'])) 166 { 167 if (!empty($_POST['content'])) 168 { 169 update_user_comment(array('comment_id' => $_GET['edit'], 170 'image_id' => $_POST['image_id'], 171 'content' => $_POST['content']), 172 $_POST['key'] 173 ); 174 175 $edit_comment = null; 176 } 177 else 178 { 179 $edit_comment = $_GET['edit']; 180 } 166 181 } 167 182 … … 368 383 ); 369 384 370 if ( is_admin() ) 371 { 372 $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate')); 373 $tpl_comment['U_DELETE'] = add_url_params($url, 374 array('delete'=>$comment['comment_id']) 375 ); 376 377 if ($comment['validated'] != 'true') 385 if (can_manage_comment('delete', $comment['author'])) 386 { 387 $url = get_root_url().'comments.php' 388 .get_query_string_diff(array('delete','validate','edit')); 389 $tpl_comment['U_DELETE'] = 390 add_url_params($url, 391 array('delete'=>$comment['comment_id']) 392 ); 393 } 394 if (can_manage_comment('edit', $comment['author'])) 395 { 396 $url = get_root_url().'comments.php' 397 .get_query_string_diff(array('edit', 'delete','validate')); 398 $tpl_comment['U_EDIT'] = 399 add_url_params($url, 400 array('edit'=>$comment['comment_id']) 401 ); 402 if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment)) 378 403 { 379 $tpl_comment['U_VALIDATE'] = add_url_params($url, 380 array('validate'=>$comment['comment_id']) 381 ); 404 $tpl_comment['IN_EDIT'] = true; 405 $key = get_comment_post_key($comment['image_id']); 406 $tpl_comment['KEY'] = $key; 407 $tpl_comment['IMAGE_ID'] = $comment['image_id']; 408 $tpl_comment['CONTENT'] = $comment['content']; 382 409 } 410 } 411 412 if ( is_admin() && $comment['validated'] != 'true') 413 { 414 $tpl_comment['U_VALIDATE'] = 415 add_url_params($url, 416 array('validate'=>$comment['comment_id']) 417 ); 383 418 } 384 419 $template->append('comments', $tpl_comment); -
trunk/include/functions_comment.inc.php
r3282 r3445 206 206 } 207 207 208 /** 209 * Tries to delete a user comment in the database 210 * only admin can delete all comments 211 * other users can delete their own comments 212 * so to avoid a new sql request we add author in where clause 213 * 214 * @param comment_id 215 */ 216 217 function delete_user_comment($comment_id) { 218 $user_where_clause = ''; 219 if (!is_admin()) 220 { 221 $user_where_clause = ' AND author = \''.$GLOBALS['user']['username'].'\''; 222 } 223 $query = ' 224 DELETE FROM '.COMMENTS_TABLE.' 225 WHERE id = '.$comment_id. 226 $user_where_clause.' 227 ;'; 228 $result = pwg_query($query); 229 if ($result) { 230 email_admin('delete', array('author' => $GLOBALS['user']['username'])); 231 } 232 } 233 234 /** 235 * Tries to update a user comment in the database 236 * only admin can update all comments 237 * users can edit their own comments if admin allow them 238 * so to avoid a new sql request we add author in where clause 239 * 240 * @param comment_id 241 * @param post_key 242 * @param content 243 */ 244 245 function update_user_comment($comment, $post_key) { 246 global $conf; 247 248 $comment_action = 'validate'; 249 250 $key = explode( ':', $post_key ); 251 if ( count($key)!=2 252 or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago 253 or $key[0]<time()-3600 // 60 minutes expiration 254 or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key'] 255 ) != $key[1] 256 ) 257 { 258 $comment_action='reject'; 259 } 260 261 if ($comment_action!='reject' and $conf['anti-flood_time']>0 ) 262 { // anti-flood system 263 $reference_date = time() - $conf['anti-flood_time']; 264 $query = ' 265 SELECT id FROM '.COMMENTS_TABLE.' 266 WHERE date > FROM_UNIXTIME('.$reference_date.') 267 AND author = "'.$GLOBALS['user']['username'].'"'; 268 if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) 269 { 270 array_push( $infos, l10n('comment_anti-flood') ); 271 $comment_action='reject'; 272 } 273 } 274 275 // perform more spam check 276 $comment_action = 277 trigger_event('user_comment_check', 278 $comment_action, 279 array_merge($comment, 280 array('author' => $GLOBALS['user']['username']) 281 ) 282 ); 283 284 if ( $comment_action!='reject' ) 285 { 286 $user_where_clause = ''; 287 if (!is_admin()) 288 { 289 $user_where_clause = ' AND author = \''. 290 $GLOBALS['user']['username'].'\''; 291 } 292 $query = ' 293 UPDATE '.COMMENTS_TABLE.' 294 SET content = \''.$comment['content'].'\', 295 validation_date = now() 296 WHERE id = '.$comment['comment_id']. 297 $user_where_clause.' 298 ;'; 299 $result = pwg_query($query); 300 if ($result) { 301 email_admin('edit', array('author' => $GLOBALS['user']['username'], 302 'content' => $comment['content'])); 303 } 304 } 305 } 306 307 function email_admin($action, $comment) { 308 global $conf; 309 310 if (!in_array($action, array('edit', 'delete')) 311 or (($action=='edit') and !$conf['email_admin_on_comment_edition']) 312 or (($action=='delete') and !$conf['email_admin_on_comment_deletion'])) 313 { 314 return; 315 } 316 317 include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 318 319 $keyargs_content = array(); 320 $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']); 321 if ($action=='delete') 322 { 323 $keyargs_content[] = get_l10n_args('This author remove comment with id %d', 324 $comment['comment_id'] 325 ); 326 } 327 else 328 { 329 $keyargs_content[] = get_l10n_args('This author modified following comment:', ''); 330 $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); 331 } 332 333 pwg_mail_notification_admins(get_l10n_args('Comment by %s', 334 $comment['author']), 335 $keyargs_content 336 ); 337 } 208 338 ?> -
trunk/include/functions_user.inc.php
r3282 r3445 1196 1196 1197 1197 return ($user['adviser'] == 'true'); 1198 } 1199 1200 /* 1201 * Return if current user can edit/delete a comment 1202 * @param action edit/delete 1203 * @return bool 1204 */ 1205 function can_manage_comment($action, $comment_author) 1206 { 1207 if (!in_array($action, array('delete','edit'))) { 1208 return false; 1209 } 1210 return (is_admin() || 1211 (($GLOBALS['user']['username'] == $comment_author) 1212 && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)])); 1198 1213 } 1199 1214 -
trunk/include/picture_comment.inc.php
r3409 r3445 152 152 ); 153 153 154 if (can_manage_comment('delete', $row['author'])) 155 { 156 $tpl_comment['U_DELETE'] = 157 add_url_params($url_self, 158 array( 159 'action'=>'delete_comment', 160 'comment_to_delete'=>$row['id'] 161 ) 162 ); 163 } 164 if (can_manage_comment('edit', $row['author'])) 165 { 166 $tpl_comment['U_EDIT'] = 167 add_url_params($url_self, 168 array( 169 'action'=>'edit_comment', 170 'comment_to_edit'=>$row['id'] 171 ) 172 ); 173 if (isset($edit_comment) and ($row['id'] == $edit_comment)) 174 { 175 $tpl_comment['IN_EDIT'] = true; 176 $key = get_comment_post_key($page['image_id']); 177 $tpl_comment['KEY'] = $key; 178 $tpl_comment['CONTENT'] = $row['content']; 179 } 180 } 154 181 if (is_admin()) 155 182 { 156 $tpl_comment['U_DELETE'] =157 add_url_params(158 $url_self,159 array(160 'action'=>'delete_comment',161 'comment_to_delete'=>$row['id']162 )163 );164 183 if ($row['validated'] != 'true') 165 184 { … … 177 196 178 197 if (!is_a_guest() 179 or (is_a_guest() and $conf['comments_forall'])) 198 or (is_a_guest() and $conf['comments_forall']) 199 and (isset($edit_comment) and ($edit_comment != null))) 180 200 { 181 201 $key = get_comment_post_key($page['image_id']); -
trunk/install/config.sql
r3282 r3445 5 5 INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_validation','false','administrators validate users comments before becoming visible'); 6 6 INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_forall','false','even guest not registered can post comments'); 7 INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_delete_comment','false','administrators can allow user delete their own comments'); 8 INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_edit_comment','false','administrators can allow user edit their own comments'); 9 INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_edition','false','Send an email to the administrators when a comment is modified'); 10 INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_deletion','false','Send an email to the administrators when a comment is deleted'); 7 11 INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_locked','false','Lock your gallery temporary for non admin users'); 8 12 INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_title','Piwigo demonstration site','Title at top of each page and for RSS feed'); -
trunk/language/fr_FR/admin.lang.php
r3382 r3445 72 72 $lang['Check for upgrade'] = 'Dernière version ?'; 73 73 $lang['Comments for all'] = 'Commentaires pour tous'; 74 $lang['Allow users to edit theirs owns comments'] = 'Autoriser les utilisateurs à modifier leurs propres commentaires'; 75 $lang['Allow users to delete theirs owns comments'] = 'Autoriser les utilisateurs à supprimer leurs propres commentaires'; 76 $lang['Email administrators when a comment is modified'] = 'Notifier les administrateurs quand un commentaire est modifié'; 77 $lang['Email administrators when a comment is deleted'] = 'Notifier les administrateurs quand un commentaire est supprimé'; 74 78 $lang['Controversy'] = 'Controverse'; 75 79 $lang['Current name'] = 'Nom courant'; -
trunk/language/fr_FR/common.lang.php
r3282 r3445 161 161 $lang['comments'] = 'Commentaires'; 162 162 $lang['comments_add'] = 'Ajouter un commentaire'; 163 $lang['Edit a comment'] = 'Editer un commentaire'; 163 164 $lang['created after %s (%s)'] = 'créée après le %s (%s)'; 164 165 $lang['created before %s (%s)'] = 'créée avant le %s (%s)'; -
trunk/picture.php
r3409 r3445 26 26 include(PHPWG_ROOT_PATH.'include/section_init.inc.php'); 27 27 include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); 28 include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 28 29 29 30 // Check Access and exit when user status is not ok … … 308 309 redirect($url_self); 309 310 } 311 case 'edit_comment' : 312 { 313 if (isset($_GET['comment_to_edit']) 314 and is_numeric($_GET['comment_to_edit']) 315 and (is_admin() || $conf['user_can_edit_comment'])) 316 { 317 if (!empty($_POST['content'])) 318 { 319 update_user_comment(array('comment_id' => $_GET['comment_to_edit'], 320 'image_id' => $page['image_id'], 321 'content' => $_POST['content']), 322 $_POST['key'] 323 ); 324 redirect($url_self); 325 } else { 326 $edit_comment = $_GET['comment_to_edit']; 327 break; 328 } 329 } 330 } 310 331 case 'delete_comment' : 311 332 { 312 333 if (isset($_GET['comment_to_delete']) 313 334 and is_numeric($_GET['comment_to_delete']) 314 and is_admin() and !is_adviser())335 and (is_admin() || $conf['user_can_delete_comment'])) 315 336 { 316 $query = ' 317 DELETE FROM '.COMMENTS_TABLE.' 318 WHERE id = '.$_GET['comment_to_delete'].' 319 ;'; 320 pwg_query( $query ); 337 delete_user_comment($_GET['comment_to_delete']); 321 338 } 322 323 339 redirect($url_self); 324 340 } … … 593 609 594 610 595 596 611 $page['body_id'] = 'thePicturePage'; 597 612 … … 948 963 $template->assign( 'ELEMENT_CONTENT', $element_content ); 949 964 950 951 965 // +-----------------------------------------------------------------------+ 952 966 // | sub pages | -
trunk/template/yoga/comment_list.tpl
r3282 r3445 3 3 {foreach from=$comments item=comment name=comment_loop} 4 4 <li> 5 5 <div class="thumbnailCategory {if $smarty.foreach.comment_loop.index is odd}odd{else}even{/if}"> 6 6 {if isset($comment.TN_SRC)} 7 7 <div class="illustration"> … … 11 11 </div> 12 12 {/if} 13 <div class="description" >14 {if isset($comment.U_DELETE) or isset($comment.U_VALIDATE) }13 <div class="description" style="height:{if ($comment.IN_EDIT==1)}200{/if}px"> 14 {if isset($comment.U_DELETE) or isset($comment.U_VALIDATE) or isset($comment.U_EDIT) } 15 15 <ul class="actions" style="float:right"> 16 16 {if isset($comment.U_DELETE)} 17 17 <li> 18 <a href="{$comment.U_DELETE}" title="{'delete this comment'|@translate}" >18 <a href="{$comment.U_DELETE}" title="{'delete this comment'|@translate}" onclick="return confirm('{'Are you sure?'|@translate|@escape:javascript}');"> 19 19 <img src="{$ROOT_URL}{$themeconf.icon_dir}/delete.png" class="button" alt="[delete]"> 20 </a> 21 </li> 22 {/if} 23 {if isset($comment.U_EDIT) and ($comment.IN_EDIT!=1)} 24 <li> 25 <a class="editComment" href="{$comment.U_EDIT}#edit_comment" title="{'edit this comment'|@translate}"> 26 <img src="{$ROOT_URL}{$themeconf.icon_dir}/edit.png" class="button" alt="[edit]"> 20 27 </a> 21 28 </li> … … 31 38 {/if} 32 39 <span class="author">{$comment.AUTHOR}</span> - <span class="date">{$comment.DATE}</span> 40 {if ($comment.IN_EDIT==1)} 41 <a name="edit_comment"></a> 42 <form method="post" action="{$comment.U_EDIT}" class="filter" id="editComment"> 43 <fieldset> 44 <legend>{'Edit a comment'|@translate}</legend> 45 <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label> 46 <input type="hidden" name="key" value="{$comment.KEY}"> 47 <input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}"> 48 <input class="submit" type="submit" value="{'Submit'|@translate}"> 49 </fieldset> 50 </form> 51 {else} 33 52 <blockquote>{$comment.CONTENT}</blockquote> 53 {/if} 34 54 </div> 35 55 </div> 36 </li> 37 {if isset($comment_separator)} 38 <hr> 39 {/if} 56 <li> 40 57 {/foreach} 41 58 </ul> -
trunk/template/yoga/picture.tpl
r3283 r3445 258 258 259 259 {if isset($comments)} 260 {include file='comment_list.tpl' comment_separator=true}260 {include file='comment_list.tpl'} 261 261 {/if} 262 262 -
trunk/template/yoga/theme/Sylvia/theme.css
r3283 r3445 1 1 .content div.thumbnailCategory div.illustration { 2 2 width:165px !important; /* Usable range 162px-360px , optimal : Thumbnail width + 40px */ 3 }4 .content div.thumbnailCategory {5 height: 180px !important; /* Usable range 172px-250px , optimal : Thumbnail height + 30px */6 }7 .content div.thumbnailCategory div.description .text {8 height: 130px !important; /* -42px than previous one */9 3 } 10 4 #comments div.thumbnailCategory div.illustration { … … 222 216 margin: 0; 223 217 padding:15px 10px 3px 0; 224 overflow : hidden !important;218 overflow-x: hidden !important; 225 219 } 226 220 .content .thumbnailCategory div.description .text {
Note: See TracChangeset
for help on using the changeset viewer.