Changeset 3445 for trunk/include/functions_comment.inc.php
- Timestamp:
- Jun 23, 2009, 3:44:58 PM (15 years ago)
- File:
-
- 1 edited
-
trunk/include/functions_comment.inc.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/functions_comment.inc.php
r3282 r3445 206 206 } 207 207 208 /** 209 * Tries to delete a user comment in the database 210 * only admin can delete all comments 211 * other users can delete their own comments 212 * so to avoid a new sql request we add author in where clause 213 * 214 * @param comment_id 215 */ 216 217 function delete_user_comment($comment_id) { 218 $user_where_clause = ''; 219 if (!is_admin()) 220 { 221 $user_where_clause = ' AND author = \''.$GLOBALS['user']['username'].'\''; 222 } 223 $query = ' 224 DELETE FROM '.COMMENTS_TABLE.' 225 WHERE id = '.$comment_id. 226 $user_where_clause.' 227 ;'; 228 $result = pwg_query($query); 229 if ($result) { 230 email_admin('delete', array('author' => $GLOBALS['user']['username'])); 231 } 232 } 233 234 /** 235 * Tries to update a user comment in the database 236 * only admin can update all comments 237 * users can edit their own comments if admin allow them 238 * so to avoid a new sql request we add author in where clause 239 * 240 * @param comment_id 241 * @param post_key 242 * @param content 243 */ 244 245 function update_user_comment($comment, $post_key) { 246 global $conf; 247 248 $comment_action = 'validate'; 249 250 $key = explode( ':', $post_key ); 251 if ( count($key)!=2 252 or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago 253 or $key[0]<time()-3600 // 60 minutes expiration 254 or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key'] 255 ) != $key[1] 256 ) 257 { 258 $comment_action='reject'; 259 } 260 261 if ($comment_action!='reject' and $conf['anti-flood_time']>0 ) 262 { // anti-flood system 263 $reference_date = time() - $conf['anti-flood_time']; 264 $query = ' 265 SELECT id FROM '.COMMENTS_TABLE.' 266 WHERE date > FROM_UNIXTIME('.$reference_date.') 267 AND author = "'.$GLOBALS['user']['username'].'"'; 268 if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) 269 { 270 array_push( $infos, l10n('comment_anti-flood') ); 271 $comment_action='reject'; 272 } 273 } 274 275 // perform more spam check 276 $comment_action = 277 trigger_event('user_comment_check', 278 $comment_action, 279 array_merge($comment, 280 array('author' => $GLOBALS['user']['username']) 281 ) 282 ); 283 284 if ( $comment_action!='reject' ) 285 { 286 $user_where_clause = ''; 287 if (!is_admin()) 288 { 289 $user_where_clause = ' AND author = \''. 290 $GLOBALS['user']['username'].'\''; 291 } 292 $query = ' 293 UPDATE '.COMMENTS_TABLE.' 294 SET content = \''.$comment['content'].'\', 295 validation_date = now() 296 WHERE id = '.$comment['comment_id']. 297 $user_where_clause.' 298 ;'; 299 $result = pwg_query($query); 300 if ($result) { 301 email_admin('edit', array('author' => $GLOBALS['user']['username'], 302 'content' => $comment['content'])); 303 } 304 } 305 } 306 307 function email_admin($action, $comment) { 308 global $conf; 309 310 if (!in_array($action, array('edit', 'delete')) 311 or (($action=='edit') and !$conf['email_admin_on_comment_edition']) 312 or (($action=='delete') and !$conf['email_admin_on_comment_deletion'])) 313 { 314 return; 315 } 316 317 include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 318 319 $keyargs_content = array(); 320 $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']); 321 if ($action=='delete') 322 { 323 $keyargs_content[] = get_l10n_args('This author remove comment with id %d', 324 $comment['comment_id'] 325 ); 326 } 327 else 328 { 329 $keyargs_content[] = get_l10n_args('This author modified following comment:', ''); 330 $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); 331 } 332 333 pwg_mail_notification_admins(get_l10n_args('Comment by %s', 334 $comment['author']), 335 $keyargs_content 336 ); 337 } 208 338 ?>
Note: See TracChangeset
for help on using the changeset viewer.
