| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | lib-comment.php | 8 // | | 9 // | Geeklog comment library. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // | Vincent Furia - vinny01 AT users DOT sourceforge DOT net | 18 // +---------------------------------------------------------------------------+ 19 // | | 20 // | This program is free software; you can redistribute it and/or | 21 // | modify it under the terms of the GNU General Public License | 22 // | as published by the Free Software Foundation; either version 2 | 23 // | of the License, or (at your option) any later version. | 24 // | | 25 // | This program is distributed in the hope that it will be useful, | 26 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 27 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 28 // | GNU General Public License for more details. | 29 // | | 30 // | You should have received a copy of the GNU General Public License | 31 // | along with this program; if not, write to the Free Software Foundation, | 32 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 33 // | | 34 // +---------------------------------------------------------------------------+ 35 // 36 // $Id: lib-comment.php,v 1.48 2006/12/09 22:16:49 dhaun Exp $ 37 38 if (strpos ($_SERVER['PHP_SELF'], 'lib-comment.php') !== false) { 39 die ('This file can not be used on its own!'); 40 } 41 42 if( $_CONF['allow_user_photo'] ) 43 { 44 // only needed for the USER_getPhoto function 45 require_once ($_CONF['path_system'] . 'lib-user.php'); 46 } 47 48 /** 49 * This function displays the comment control bar 50 * 51 * Prints the control that allows the user to interact with Geeklog Comments 52 * 53 * @param string $sid ID of item in question 54 * @param string $title Title of item 55 * @param string $type Type of item (i.e. story, photo, etc) 56 * @param string $order Order that comments are displayed in 57 * @param string $mode Mode (nested, flat, etc.) 58 * @see CMT_userComments 59 * @see CMT_commentChildren 60 * @return string HTML Formated comment bar 61 * 62 */ 63 function CMT_commentBar( $sid, $title, $type, $order, $mode ) 64 { 65 global $_CONF, $_TABLES, $_USER, $LANG01; 66 67 $parts = explode( '/', $_SERVER['PHP_SELF'] ); 68 $page = array_pop( $parts ); 69 $nrows = DB_count( $_TABLES['comments'], array( 'sid', 'type' ), 70 array( $sid, $type )); 71 72 $commentbar = new Template( $_CONF['path_layout'] . 'comment' ); 73 $commentbar->set_file( array( 'commentbar' => 'commentbar.thtml' )); 74 $commentbar->set_var( 'site_url', $_CONF['site_url'] ); 75 $commentbar->set_var( 'layout_url', $_CONF['layout_url'] ); 76 77 $commentbar->set_var( 'lang_comments', $LANG01[3] ); 78 $commentbar->set_var( 'lang_refresh', $LANG01[39] ); 79 $commentbar->set_var( 'lang_reply', $LANG01[60] ); 80 $commentbar->set_var( 'lang_disclaimer', $LANG01[26] ); 81 82 $commentbar->set_var( 'story_title', stripslashes( $title )); 83 $commentbar->set_var( 'num_comments', COM_numberFormat( $nrows )); 84 $commentbar->set_var( 'comment_type', $type ); 85 $commentbar->set_Var( 'sid', $sid ); 86 87 if( $type == 'article' ) { 88 $articleUrl = COM_buildUrl( $_CONF['site_url'] 89 . "/article.php?story=$sid" ); 90 $commentbar->set_var( 'story_link', $articleUrl ); 91 $commentbar->set_var( 'article_url', $articleUrl ); 92 93 if( $page == 'comment.php' ) { 94 $commentbar->set_var( 'start_storylink_anchortag', '<a href="' 95 . $articleUrl . '" class="non-ul">' ); 96 $commentbar->set_var( 'end_storylink_anchortag', '</a>' ); 97 } 98 } else { // for a plugin 99 // Link to plugin defined link or lacking that a generic link that the plugin should support (hopefully) 100 list($plgurl, $plgid) = PLG_getCommentUrlId($type); 101 $commentbar->set_var( 'story_link', "$plgurl?$plgid=$sid" ); 102 } 103 104 if( !empty( $_USER['uid'] ) && ( $_USER['uid'] > 1 )) { 105 $username = $_USER['username']; 106 $fullname = $_USER['fullname']; 107 } else { 108 $result = DB_query( "SELECT username,fullname FROM {$_TABLES['users']} WHERE uid = 1" ); 109 $N = DB_fetchArray( $result ); 110 $username = $N['username']; 111 $fullname = $N['fullname']; 112 } 113 if( empty( $fullname )) { 114 $fullname = $username; 115 } 116 $commentbar->set_var( 'user_name', $username ); 117 $commentbar->set_var( 'user_fullname', $fullname ); 118 119 if( !empty( $_USER['username'] )) { 120 $author = COM_getDisplayName( $_USER['uid'], $username, $fullname ); 121 $commentbar->set_var( 'user_nullname', $author ); 122 $commentbar->set_var( 'author', $author ); 123 $commentbar->set_var( 'login_logout_url', 124 $_CONF['site_url'] . '/users.php?mode=logout' ); 125 $commentbar->set_var( 'lang_login_logout', $LANG01[35] ); 126 } else { 127 $commentbar->set_var( 'user_nullname', '' ); 128 $commentbar->set_var( 'login_logout_url', 129 $_CONF['site_url'] . '/users.php?mode=new' ); 130 $commentbar->set_var( 'lang_login_logout', $LANG01[61] ); 131 } 132 133 if( $page == 'comment.php' ) { 134 $commentbar->set_var( 'parent_url', 135 $_CONF['site_url'] . '/comment.php' ); 136 $hidden = ''; 137 if( $_REQUEST['mode'] == 'view' ) { 138 $hidden .= '<input type="hidden" name="cid" value="' . $_REQUEST['cid'] . '">'; 139 $hidden .= '<input type="hidden" name="pid" value="' . $_REQUEST['cid'] . '">'; 140 } 141 else if( $_REQUEST['mode'] == 'display' ) { 142 $hidden .= '<input type="hidden" name="pid" value="' . $_REQUEST['pid'] . '">'; 143 } 144 $commentbar->set_var( 'hidden_field', $hidden . 145 '<input type="hidden" name="mode" value="' . $_REQUEST['mode'] . '">' ); 146 } else if( $type == 'poll' ) { 147 $commentbar->set_var( 'parent_url', 148 $_CONF['site_url'] . '/pollbooth.php' ); 149 $commentbar->set_var( 'hidden_field', 150 '<input type="hidden" name="scale" value="400">' . 151 '<input type="hidden" name="qid" value="' . $sid . '">' . 152 '<input type="hidden" name="aid" value="-1">' ); 153 } else if( $type == 'article' ) { 154 $commentbar->set_var( 'parent_url', 155 $_CONF['site_url'] . '/article.php' ); 156 $commentbar->set_var( 'hidden_field', 157 '<input type="hidden" name="story" value="' . $sid . '">' ); 158 } else { // plugin 159 // Link to plugin defined link or lacking that a generic link that the plugin should support (hopefully) 160 list($plgurl, $plgid) = PLG_getCommentUrlId($type); 161 $commentbar->set_var( 'parent_url', $plgurl ); 162 $commentbar->set_var( 'hidden_field', 163 '<input type="hidden" name="' . $plgid . '" value="' . $sid . '">' ); 164 } 165 166 // Order 167 $selector = '<select name="order">' . LB 168 . COM_optionList( $_TABLES['sortcodes'], 'code,name', $order ) 169 . LB . '</select>'; 170 $commentbar->set_var( 'order_selector', $selector); 171 172 // Mode 173 if( $page == 'comment.php' ) { 174 $selector = '<select name="format">'; 175 } else { 176 $selector = '<select name="mode">'; 177 } 178 $selector .= LB 179 . COM_optionList( $_TABLES['commentmodes'], 'mode,name', $mode ) 180 . LB . '</select>'; 181 $commentbar->set_var( 'mode_selector', $selector); 182 183 return $commentbar->finish( $commentbar->parse( 'output', 'commentbar' )); 184 } 185 186 187 /** 188 * This function prints &$comments (db results set of comments) in comment format 189 * -For previews, &$comments is assumed to be an associative array containing 190 * data for a single comment. 191 * 192 * @param array &$comments Database result set of comments to be printed 193 * @param string $mode 'flat', 'threaded', etc 194 * @param string $type Type of item (article, poll, etc.) 195 * @param string $order How to order the comments 'ASC' or 'DESC' 196 * @param boolean $delete_option if current user can delete comments 197 * @param boolean $preview Preview display (for edit) or not 198 * @return string HTML Formated Comment 199 * 200 */ 201 function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = false, $preview = false ) 202 { 203 global $_CONF, $_TABLES, $_USER, $LANG01, $MESSAGE, $_IMAGE_TYPE; 204 205 $indent = 0; // begin with 0 indent 206 $retval = ''; // initialize return value 207 208 $template = new Template( $_CONF['path_layout'] . 'comment' ); 209 $template->set_file( array( 'comment' => 'comment.thtml', 210 'thread' => 'thread.thtml' )); 211 212 // generic template variables 213 $template->set_var( 'site_url', $_CONF['site_url'] ); 214 $template->set_var( 'layout_url', $_CONF['layout_url'] ); 215 $template->set_var( 'lang_replytothis', $LANG01[43] ); 216 $template->set_var( 'lang_reply', $LANG01[25] ); 217 $template->set_var( 'lang_authoredby', $LANG01[42] ); 218 $template->set_var( 'lang_on', $LANG01[36] ); 219 $template->set_var( 'lang_permlink', $LANG01[120] ); 220 $template->set_var( 'order', $order ); 221 222 // Make sure we have a default value for comment indentation 223 if( !isset( $_CONF['comment_indent'] )) { 224 $_CONF['comment_indent'] = 25; 225 } 226 227 if( $preview ) { 228 $A = $comments; 229 if( empty( $A['nice_date'] )) { 230 $A['nice_date'] = time(); 231 } 232 if( !isset( $A['cid'] )) { 233 $A['cid'] = 0; 234 } 235 if( !isset( $A['photo'] )) { 236 if( isset( $_USER['photo'] )) { 237 $A['photo'] = $_USER['photo']; 238 } else { 239 $A['photo'] = ''; 240 } 241 } 242 $mode = 'flat'; 243 } else { 244 $A = DB_fetchArray( $comments ); 245 } 246 247 if( empty( $A ) ) { 248 return ''; 249 } 250 251 $row = 1; 252 do { 253 // determines indentation for current comment 254 if( $mode == 'threaded' || $mode == 'nested' ) { 255 $indent = ($A['indent'] - $A['pindent']) * $_CONF['comment_indent']; 256 } 257 258 // comment variables 259 $template->set_var( 'indent', $indent ); 260 $template->set_var( 'author_name', $A['username'] ); 261 $template->set_var( 'author_id', $A['uid'] ); 262 $template->set_var( 'cid', $A['cid'] ); 263 $template->set_var( 'cssid', $row % 2 ); 264 265 if( $A['uid'] > 1 ) { 266 $fullname = COM_getDisplayName( $A['uid'], $A['username'], 267 $A['fullname'] ); 268 $template->set_var( 'author_fullname', $fullname ); 269 $template->set_var( 'author', $fullname ); 270 $alttext = $fullname; 271 272 $photo = ''; 273 if( $_CONF['allow_user_photo'] ) { 274 if (isset ($A['photo']) && empty ($A['photo'])) { 275 $A['photo'] = '(none)'; 276 } 277 $photo = USER_getPhoto( $A['uid'], $A['photo'], $A['email'] ); 278 } 279 if( !empty( $photo )) { 280 $template->set_var( 'author_photo', $photo ); 281 $template->set_var( 'camera_icon', '<a href="' 282 . $_CONF['site_url'] 283 . '/users.php?mode=profile&uid=' . $A['uid'] 284 . '"><img src="' . $_CONF['layout_url'] 285 . '/images/smallcamera.' . $_IMAGE_TYPE 286 . '" border="0" alt=""></a>' ); 287 } else { 288 $template->set_var( 'author_photo', '' ); 289 $template->set_var( 'camera_icon', '' ); 290 } 291 292 $template->set_var( 'start_author_anchortag', '<a href="' 293 . $_CONF['site_url'] . '/users.php?mode=profile&uid=' 294 . $A['uid'] . '">' ); 295 $template->set_var( 'end_author_anchortag', '</a>' ); 296 } else { 297 $template->set_var( 'author', $A['username'] ); 298 $template->set_var( 'author_fullname', $A['username'] ); 299 $template->set_var( 'author_photo', '' ); 300 $template->set_var( 'camera_icon', '' ); 301 $template->set_var( 'start_author_anchortag', '' ); 302 $template->set_var( 'end_author_anchortag', '' ); 303 } 304 305 // hide reply link from anonymous users if they can't post replies 306 $hidefromanon = false; 307 if( empty( $_USER['username'] ) && (( $_CONF['loginrequired'] == 1 ) 308 || ( $_CONF['commentsloginrequired'] == 1 ))) { 309 $hidefromanon = true; 310 } 311 312 // this will hide HTML that should not be viewed in preview mode 313 if( $preview || $hidefromanon ) { 314 $template->set_var( 'hide_if_preview', 'style="display:none"' ); 315 } else { 316 $template->set_var( 'hide_if_preview', '' ); 317 } 318 319 // for threaded mode, add a link to comment parent 320 if( $mode == 'threaded' && $A['pid'] != 0 && $indent == 0 ) { 321 $result = DB_query( "SELECT title,pid FROM {$_TABLES['comments']} WHERE cid = '{$A['pid']}'" ); 322 $P = DB_fetchArray( $result ); 323 if ($P['pid'] != 0) { 324 $plink = $_CONF['site_url'] . '/comment.php?mode=display&sid=' 325 . $A['sid'] . '&title=' . urlencode( htmlspecialchars( $P['title'] )) 326 . '&type=' . $type . '&order=' . $order . '&pid=' 327 . $P['pid'] . '&format=threaded'; 328 } else { 329 $plink = $_CONF['site_url'] . '/comment.php?mode=view&sid=' 330 . $A['sid'] . '&title=' . urlencode( htmlspecialchars( $P['title'] )) 331 . '&type=' . $type . '&order=' . $order . '&cid=' 332 . $A['pid'] . '&format=threaded'; 333 } 334 $template->set_var( 'parent_link', "| <a href=\"$plink\">{$LANG01[44]}</a>"); 335 } else { 336 $template->set_var( 'parent_link', ''); 337 } 338 339 $template->set_var( 'date', strftime( $_CONF['date'], $A['nice_date'] )); 340 $template->set_var( 'sid', $A['sid'] ); 341 $template->set_var( 'type', $A['type'] ); 342 343 // If deletion is allowed, displays delete link 344 if( $delete_option ) { 345 $deloption = '| <a href="' . $_CONF['site_url'] 346 . '/comment.php?mode=delete&cid=' 347 . $A['cid'] . '&sid=' . $A['sid'] . '&type=' 348 . $type . '" onclick="return confirm(\'' . $MESSAGE[76] 349 . '\');">' . $LANG01[28] . '</a> '; 350 if( !empty( $A['ipaddress'] )) { 351 if( empty( $_CONF['ip_lookup'] )) { 352 $deloption .= '| ' . $A['ipaddress'] . ' '; 353 } else { 354 $iplookup = str_replace( '*', $A['ipaddress'], 355 $_CONF['ip_lookup'] ); 356 $deloption .= '| <a href="' . $iplookup . '">' 357 . $A['ipaddress'] . '</a> '; 358 } 359 } 360 $template->set_var( 'delete_option', $deloption ); 361 } else if( !empty( $_USER['username'] )) { 362 $reportthis = ' | <a href="' . $_CONF['site_url'] 363 . '/comment.php?mode=report&cid=' . $A['cid'] 364 . '&type=' . $type . '" title="' . $LANG01[110] 365 . '">' . $LANG01[109] . '</a> '; 366 $template->set_var( 'delete_option', $reportthis ); 367 } else { 368 $template->set_var( 'delete_option', '' ); 369 } 370 371 // and finally: format the actual text of the comment 372 if( preg_match( '/<.*>/', $A['comment'] ) == 0 ) { 373 $A['comment'] = nl2br( $A['comment'] ); 374 } 375 376 // highlight search terms if specified 377 if( !empty( $_REQUEST['query'] )) { 378 $A['comment'] = COM_highlightQuery( $A['comment'], 379 $_REQUEST['query'] ); 380 } 381 382 $A['comment'] = str_replace( '$', '$', $A['comment'] ); 383 $A['comment'] = str_replace( '{', '{', $A['comment'] ); 384 $A['comment'] = str_replace( '}', '}', $A['comment'] ); 385 386 // Replace any plugin autolink tags 387 $A['comment'] = PLG_replaceTags( $A['comment'] ); 388 389 // create a reply to link 390 $reply_link = "{$_CONF['site_url']}/comment.php?sid={$A['sid']}&pid={$A['cid']}" 391 . "&title=" . urlencode($A['title']) . "&type={$A['type']}"; 392 $template->set_var( 'reply_link', $reply_link); 393 394 // format title for display, must happen after reply_link is created 395 $A['title'] = htmlspecialchars( $A['title'] ); 396 $A['title'] = str_replace( '$', '$', $A['title'] ); 397 398 $template->set_var( 'title', $A['title'] ); 399 $template->set_var( 'comments', $A['comment'] ); 400 401 // parse the templates 402 if( ($mode == 'threaded') && $indent > 0 ) { 403 $template->set_var( 'pid', $A['pid'] ); 404 $retval .= $template->parse( 'output', 'thread' ); 405 } else { 406 $template->set_var( 'pid', $A['cid'] ); 407 $retval .= $template->parse( 'output', 'comment' ); 408 } 409 $row++; 410 } while( $A = DB_fetchArray( $comments )); 411 412 return $retval; 413 } 414 415 /** 416 * This function displays the comments in a high level format. 417 * 418 * Begins displaying user comments for an item 419 * 420 * @param string $sid ID for item to show comments for 421 * @param string $title Title of item 422 * @param string $type Type of item (article, poll, etc.) 423 * @param string $order How to order the comments 'ASC' or 'DESC' 424 * @param string $mode comment mode (nested, flat, etc.) 425 * @param int $pid id of parent comment 426 * @param int $page page number of comments to display 427 * @param boolean $cid true if $pid should be interpreted as a cid instead 428 * @param boolean $delete_option if current user can delete comments 429 * @see function CMT_commentBar 430 * @see function CMT_commentChildren 431 * @return string HTML Formated Comments 432 * 433 */ 434 function CMT_userComments( $sid, $title, $type='article', $order='', $mode='', $pid = 0, $page = 1, $cid = false, $delete_option = false ) 435 { 436 global $_CONF, $_TABLES, $_USER, $LANG01; 437 438 if( !empty( $_USER['uid'] ) ) { 439 $result = DB_query( "SELECT commentorder,commentmode,commentlimit FROM {$_TABLES['usercomment']} WHERE uid = '{$_USER['uid']}'" ); 440 $U = DB_fetchArray( $result ); 441 if( empty( $order ) ) { 442 $order = $U['commentorder']; 443 } 444 if( empty( $mode ) ) { 445 $mode = $U['commentmode']; 446 } 447 $limit = $U['commentlimit']; 448 } 449 450 if( $order != 'ASC' && $order != 'DESC' ) { 451 $order = 'ASC'; 452 } 453 454 if( empty( $mode )) { 455 $mode = $_CONF['comment_mode']; 456 } 457 458 if( empty( $limit )) { 459 $limit = $_CONF['comment_limit']; 460 } 461 462 if( !is_numeric($page) || $page < 1 ) { 463 $page = 1; 464 } 465 466 $start = $limit * ( $page - 1 ); 467 468 $template = new Template( $_CONF['path_layout'] . 'comment' ); 469 $template->set_file( array( 'commentarea' => 'startcomment.thtml' )); 470 $template->set_var( 'site_url', $_CONF['site_url'] ); 471 $template->set_var( 'layout_url', $_CONF['layout_url'] ); 472 $template->set_var( 'commentbar', 473 CMT_commentBar( $sid, $title, $type, $order, $mode)); 474 $template->set_var( 'sid', $sid ); 475 $template->set_var( 'comment_type', $type ); 476 477 if( $mode == 'nested' || $mode == 'threaded' || $mode == 'flat' ) { 478 // build query 479 switch( $mode ) { 480 case 'flat': 481 if( $cid ) { 482 $count = 1; 483 484 $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, " 485 . "UNIX_TIMESTAMP(c.date) AS nice_date " 486 . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " 487 . "WHERE c.uid = u.uid AND c.cid = $pid AND type='{$type}'"; 488 } else { 489 $count = DB_count( $_TABLES['comments'], 490 array( 'sid', 'type' ), array( $sid, $type )); 491 492 $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, " 493 . "UNIX_TIMESTAMP(c.date) AS nice_date " 494 . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " 495 . "WHERE c.uid = u.uid AND c.sid = '$sid' AND type='{$type}' " 496 . "ORDER BY date $order LIMIT $start, $limit"; 497 } 498 break; 499 500 case 'nested': 501 case 'threaded': 502 default: 503 if( $order == 'DESC' ) { 504 $cOrder = 'c.rht DESC'; 505 } else { 506 $cOrder = 'c.lft ASC'; 507 } 508 509 // We can simplify the query, and hence increase performance 510 // when pid = 0 (when fetching all the comments for a given sid) 511 if( $cid ) { // pid refers to commentid rather than parentid 512 // count the total number of applicable comments 513 $q2 = "SELECT COUNT(*) " 514 . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2 " 515 . "WHERE c.sid = '$sid' AND (c.lft >= c2.lft AND c.lft <= c2.rht) " 516 . "AND c2.cid = $pid AND c.type='{$type}'"; 517 $result = DB_query( $q2 ); 518 list( $count ) = DB_fetchArray( $result ); 519 520 $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, c2.indent AS pindent, " 521 . "UNIX_TIMESTAMP(c.date) AS nice_date " 522 . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " 523 . "{$_TABLES['users']} AS u " 524 . "WHERE c.sid = '$sid' AND (c.lft >= c2.lft AND c.lft <= c2.rht) " 525 . "AND c2.cid = $pid AND c.uid = u.uid AND c.type='{$type}' " 526 . "ORDER BY $cOrder LIMIT $start, $limit"; 527 } else { // pid refers to parentid rather than commentid 528 if( $pid == 0 ) { // the simple, fast case 529 // count the total number of applicable comments 530 $count = DB_count( $_TABLES['comments'], 531 array( 'sid', 'type' ), array( $sid, $type )); 532 533 $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, 0 AS pindent, " 534 . "UNIX_TIMESTAMP(c.date) AS nice_date " 535 . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " 536 . "WHERE c.sid = '$sid' AND c.uid = u.uid AND type='{$type}' " 537 . "ORDER BY $cOrder LIMIT $start, $limit"; 538 } else { 539 // count the total number of applicable comments 540 $q2 = "SELECT COUNT(*) " 541 . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2 " 542 . "WHERE c.sid = '$sid' AND (c.lft > c2.lft AND c.lft < c2.rht) " 543 . "AND c2.cid = $pid AND c.type='{$type}'"; 544 $result = DB_query($q2); 545 list($count) = DB_fetchArray($result); 546 547 $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, c2.indent + 1 AS pindent, " 548 . "UNIX_TIMESTAMP(c.date) AS nice_date " 549 . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " 550 . "{$_TABLES['users']} AS u " 551 . "WHERE c.sid = '$sid' AND (c.lft > c2.lft AND c.lft < c2.rht) " 552 . "AND c2.cid = $pid AND c.uid = u.uid AND c.type='{$type}' " 553 . "ORDER BY $cOrder LIMIT $start, $limit"; 554 } 555 } 556 break; 557 } 558 559 $thecomments = ''; 560 $result = DB_query( $q ); 561 $thecomments .= CMT_getComment( $result, $mode, $type, $order, 562 $delete_option ); 563 564 // Pagination 565 $tot_pages = ceil( $count / $limit ); 566 $pLink = $_CONF['site_url'] . "/article.php?story=$sid&type=$type&order=$order&mode=$mode"; 567 $template->set_var( 'pagenav', 568 COM_printPageNavigation($pLink, $page, $tot_pages)); 569 570 $template->set_var( 'comments', $thecomments ); 571 $retval = $template->parse( 'output', 'commentarea' ); 572 } 573 574 return $retval; 575 } 576 577 /** 578 * Displays the comment form 579 * 580 * @param string $title Title of comment 581 * @param string $comment Text of comment 582 * @param string $sid ID of object comment belongs to 583 * @param int $pid ID of parent comment 584 * @param string $type Type of object comment is posted to 585 * @param string $mode Mode, e.g. 'preview' 586 * @param string $postmode Indicates if comment is plain text or HTML 587 * @return string HTML for comment form 588 * 589 */ 590 function CMT_commentForm($title,$comment,$sid,$pid='0',$type,$mode,$postmode) 591 { 592 global $_CONF, $_TABLES, $_USER, $LANG03, $LANG12, $LANG_LOGIN; 593 594 $retval = ''; 595 596 // never trust $uid ... 597 if (empty ($_USER['uid'])) { 598 $uid = 1; 599 } else { 600 $uid = $_USER['uid']; 601 } 602 603 if (empty($_USER['username']) && 604 (($_CONF['loginrequired'] == 1) || ($_CONF['commentsloginrequired'] == 1))) { 605 $retval .= COM_startBlock ($LANG_LOGIN[1], '', 606 COM_getBlockTemplate ('_msg_block', 'header')); 607 $loginreq = new Template($_CONF['path_layout'] . 'submit'); 608 $loginreq->set_file('loginreq', 'submitloginrequired.thtml'); 609 $loginreq->set_var('login_message', $LANG_LOGIN[2]); 610 $loginreq->set_var('site_url', $_CONF['site_url']); 611 $loginreq->set_var('lang_login', $LANG_LOGIN[3]); 612 $loginreq->set_var('lang_newuser', $LANG_LOGIN[4]); 613 $loginreq->parse('errormsg', 'loginreq'); 614 $retval .= $loginreq->finish($loginreq->get_var('errormsg')); 615 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 616 return $retval; 617 } else { 618 COM_clearSpeedlimit ($_CONF['commentspeedlimit'], 'comment'); 619 620 $last = COM_checkSpeedlimit ('comment'); 621 622 if ($last > 0) { 623 $retval .= COM_startBlock ($LANG12[26], '', 624 COM_getBlockTemplate ('_msg_block', 'header')) 625 . $LANG03[7] 626 . $last 627 . $LANG03[8] 628 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 629 } else { 630 631 if (($_CONF['advanced_editor'] == 1) && file_exists ($_CONF['path_layout'] . 'comment/commentform_advanced.thtml')) { 632 $postmode = 'html'; 633 } elseif (empty ($postmode)) { 634 $postmode = $_CONF['postmode']; 635 } 636 637 $sig = ''; 638 if ($uid > 1) { 639 $sig = DB_getItem ($_TABLES['users'], 'sig', "uid = '$uid'"); 640 } 641 642 // Note: 643 // $comment / $newcomment is what goes into the preview / is 644 // actually stored in the database -> strip HTML 645 // $commenttext is what the user entered and goes back into the 646 // <textarea> -> don't strip HTML 647 648 $commenttext = htmlspecialchars (COM_stripslashes ($comment)); 649 650 $fakepostmode = $postmode; 651 if ($postmode == 'html') { 652 $comment = COM_checkWords (COM_checkHTML (COM_stripslashes ($comment))); 653 } else { 654 $comment = htmlspecialchars (COM_checkWords (COM_stripslashes ($comment))); 655 $newcomment = COM_makeClickableLinks ($comment); 656 if (strcmp ($comment, $newcomment) != 0) { 657 $comment = nl2br ($newcomment); 658 $fakepostmode = 'html'; 659 } 660 } 661 // Replace $, {, and } with special HTML equivalents 662 $commenttext = str_replace('$','$',$commenttext); 663 $commenttext = str_replace('{','{',$commenttext); 664 $commenttext = str_replace('}','}',$commenttext); 665 666 $title = COM_checkWords (strip_tags (COM_stripslashes ($title))); 667 // $title = str_replace('$','$',$title); done in CMT_getComment 668 669 $_POST['title'] = $title; 670 $newcomment = $comment; 671 if (!empty ($sig)) { 672 if (($postmode == 'html') || ($fakepostmode == 'html')) { 673 $newcomment .= '<p>---<br>' . nl2br ($sig); 674 } else { 675 $newcomment .= LB . LB . '---' . LB . $sig; 676 } 677 } 678 $_POST['comment'] = $newcomment; 679 680 // Preview mode: 681 if ($mode == $LANG03[14] && !empty($title) && !empty($comment) ) { 682 $start = new Template( $_CONF['path_layout'] . 'comment' ); 683 $start->set_file( array( 'comment' => 'startcomment.thtml' )); 684 $start->set_var( 'site_url', $_CONF['site_url'] ); 685 $start->set_var( 'layout_url', $_CONF['layout_url'] ); 686 $start->set_var( 'hide_if_preview', 'style="display:none"' ); 687 688 // Clean up all the vars 689 $A = array(); 690 foreach ($_POST as $key => $value) { 691 if (($key == 'pid') || ($key == 'cid')) { 692 $A[$key] = COM_applyFilter ($_POST[$key], true); 693 } else if (($key == 'title') || ($key == 'comment')) { 694 // these have already been filtered above 695 $A[$key] = $_POST[$key]; 696 } else { 697 $A[$key] = COM_applyFilter ($_POST[$key]); 698 } 699 } 700 701 if (empty ($A['username'])) { 702 $A['username'] = DB_getItem ($_TABLES['users'], 'username', 703 "uid = $uid"); 704 } 705 $thecomments = CMT_getComment ($A, 'flat', $type, 'ASC', false, 706 true); 707 708 $start->set_var( 'comments', $thecomments ); 709 $retval .= COM_startBlock ($LANG03[14]) 710 . $start->finish( $start->parse( 'output', 'comment' )) 711 . COM_endBlock (); 712 } else if ($mode == $LANG03[14]) { 713 $retval .= COM_startBlock ($LANG03[17], '', 714 COM_getBlockTemplate ('_msg_block', 'header')) 715 . $LANG03[12] 716 . COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer')); 717 $mode = 'error'; 718 } 719 720 $comment_template = new Template($_CONF['path_layout'] . 'comment'); 721 if (($_CONF['advanced_editor'] == 1) && file_exists ($_CONF['path_layout'] . 'comment/commentform_advanced.thtml')) { 722 $comment_template->set_file('form','commentform_advanced.thtml'); 723 } else { 724 $comment_template->set_file('form','commentform.thtml'); 725 } 726 $comment_template->set_var('site_url', $_CONF['site_url']); 727 $comment_template->set_var('start_block_postacomment', COM_startBlock($LANG03[1])); 728 $comment_template->set_var('lang_username', $LANG03[5]); 729 $comment_template->set_var('sid', $sid); 730 $comment_template->set_var('pid', $pid); 731 $comment_template->set_var('type', $type); 732 733 if (!empty($_USER['username'])) { 734 $comment_template->set_var('uid', $_USER['uid']); 735 $comment_template->set_var('username', $_USER['username']); 736 $comment_template->set_var('action_url', $_CONF['site_url'] . '/users.php?mode=logout'); 737 $comment_template->set_var('lang_logoutorcreateaccount', $LANG03[03]); 738 } else { 739 $comment_template->set_var('uid', 1); 740 $comment_template->set_var('username', $LANG03[24]); 741 $comment_template->set_var('action_url', $_CONF['site_url'] . '/users.php?mode=new'); 742 $comment_template->set_var('lang_logoutorcreateaccount', $LANG03[04]); 743 } 744 745 if ($postmode == 'html') { 746 $comment_template->set_var ('show_texteditor', 'none'); 747 $comment_template->set_var ('show_htmleditor', ''); 748 } else { 749 $comment_template->set_var ('show_texteditor', ''); 750 $comment_template->set_var ('show_htmleditor', 'none'); 751 } 752 753 $comment_template->set_var('lang_title', $LANG03[16]); 754 $comment_template->set_var('title', htmlspecialchars($title)); 755 $comment_template->set_var('lang_comment', $LANG03[9]); 756 $comment_template->set_var('comment', $commenttext); 757 $comment_template->set_var('lang_postmode', $LANG03[2]); 758 $comment_template->set_var('postmode_options', COM_optionList($_TABLES['postmodes'],'code,name',$postmode)); 759 $comment_template->set_var('allowed_html', COM_allowedHTML()); 760 $comment_template->set_var('lang_importantstuff', $LANG03[18]); 761 $comment_template->set_var('lang_instr_line1', $LANG03[19]); 762 $comment_template->set_var('lang_instr_line2', $LANG03[20]); 763 $comment_template->set_var('lang_instr_line3', $LANG03[21]); 764 $comment_template->set_var('lang_instr_line4', $LANG03[22]); 765 $comment_template->set_var('lang_instr_line5', $LANG03[23]); 766 $comment_template->set_var('lang_preview', $LANG03[14]); 767 768 if (($_CONF['skip_preview'] == 1) || ($mode == $LANG03[14])) { 769 PLG_templateSetVars ('comment', $comment_template); 770 $comment_template->set_var('save_option', '<input type="submit" name="mode" value="' . $LANG03[11] . '">'); 771 } 772 773 $comment_template->set_var('end_block', COM_endBlock()); 774 $comment_template->parse('output', 'form'); 775 $retval .= $comment_template->finish($comment_template->get_var('output')); 776 } 777 } 778 779 return $retval; 780 } 781 782 /** 783 * Save a comment 784 * 785 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> 786 * @param string $title Title of comment 787 * @param string $comment Text of comment 788 * @param string $sid ID of object receiving comment 789 * @param int $pid ID of parent comment 790 * @param string $type Type of comment this is (article, polls, etc) 791 * @param string $postmode Indicates if text is HTML or plain text 792 * @return int 0 for success, > 0 indicates error 793 * 794 */ 795 function CMT_saveComment ($title, $comment, $sid, $pid, $type, $postmode) 796 { 797 global $_CONF, $_TABLES, $_USER, $LANG03; 798 799 $ret = 0; 800 801 // Get a valid uid 802 if (empty ($_USER['uid'])) { 803 $uid = 1; 804 } else { 805 $uid = $_USER['uid']; 806 } 807 808 // Sanity check 809 if (empty ($sid) || empty ($title) || empty ($comment) || empty ($type) ) { 810 COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " 811 . 'to submit a comment with one or more missing values.'); 812 return $ret = 1; 813 } 814 815 // Check that anonymous comments are allowed 816 if (($uid == 1) && (($_CONF['loginrequired'] == 1) 817 || ($_CONF['commentsloginrequired'] == 1))) { 818 COM_errorLog("CMT_saveComment: IP address {$_SERVER['REMOTE_ADDR']} " 819 . 'attempted to save a comment with anonymous comments disabled for site.'); 820 return $ret = 2; 821 } 822 823 // Check for people breaking the speed limit 824 COM_clearSpeedlimit ($_CONF['commentspeedlimit'], 'comment'); 825 $last = COM_checkSpeedlimit ('comment'); 826 if ($last > 0) { 827 COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " 828 . 'to submit a comment before the speed limit expired'); 829 return $ret = 3; 830 } 831 832 // Let plugins have a chance to check for spam 833 $spamcheck = '<h1>' . $title . '</h1><p>' . $comment . '</p>'; 834 $result = PLG_checkforSpam ($spamcheck, $_CONF['spamx']); 835 // Now check the result and display message if spam action was taken 836 if ($result > 0) { 837 // update speed limit nonetheless 838 COM_updateSpeedlimit ('comment'); 839 840 // then tell them to get lost ... 841 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); 842 } 843 844 // Let plugins have a chance to decide what to do before saving the comment, return errors. 845 if ($someError = PLG_commentPreSave($uid, $title, $comment, $sid, $pid, $type, $postmode)) { 846 return $someError; 847 } 848 849 // Clean 'em up a bit! 850 if ($postmode == 'html') { 851 $comment = COM_checkWords (COM_checkHTML (COM_stripslashes ($comment))); 852 } else { 853 $comment = htmlspecialchars (COM_checkWords (COM_stripslashes ($comment))); 854 $newcomment = COM_makeClickableLinks ($comment); 855 if (strcmp ($comment, $newcomment) != 0) { 856 $comment = nl2br ($newcomment); 857 $postmode = 'html'; 858 } 859 } 860 $title = COM_checkWords (strip_tags (COM_stripslashes ($title))); 861 862 // Get signature 863 $sig = ''; 864 if ($uid > 1) { 865 $sig = DB_getItem($_TABLES['users'],'sig', "uid = '$uid'"); 866 } 867 if (!empty ($sig)) { 868 if ($postmode == 'html') { 869 $comment .= '<p>---<br>' . nl2br($sig); 870 } else { 871 $comment .= LB . LB . '---' . LB . $sig; 872 } 873 } 874 875 // check for non-int pid's 876 // this should just create a top level comment that is a reply to the original item 877 if (!is_numeric($pid) || ($pid < 0)) { 878 $pid = 0; 879 } 880 881 if (!empty ($title) && !empty ($comment)) { 882 COM_updateSpeedlimit ('comment'); 883 $title = addslashes ($title); 884 $comment = addslashes ($comment); 885 886 // Insert the comment into the comment table 887 DB_lockTable ($_TABLES['comments']); 888 if ($pid > 0) { 889 $result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = $pid " 890 . "AND sid = '$sid'"); 891 list($rht, $indent) = DB_fetchArray($result); 892 if ( !DB_error() ) { 893 DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " 894 . "WHERE sid = '$sid' AND type = '$type' AND lft >= $rht"); 895 DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " 896 . "WHERE sid = '$sid' AND type = '$type' AND rht >= $rht"); 897 DB_save ($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', 898 "'$sid',$uid,'$comment',now(),'$title',$pid,$rht,$rht+1,$indent+1,'$type','{$_SERVER['REMOTE_ADDR']}'"); 899 } else { //replying to non-existent comment or comment in wrong article 900 COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " 901 . 'to reply to a non-existent comment or the pid/sid did not match'); 902 $ret = 4; // Cannot return here, tables locked! 903 } 904 } else { 905 $rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '$sid'"); 906 if ( DB_error() ) { 907 $rht = 0; 908 } 909 DB_save ($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', 910 "'$sid',$uid,'$comment',now(),'$title',$pid,$rht+1,$rht+2,0,'$type','{$_SERVER['REMOTE_ADDR']}'"); 911 } 912 $cid = DB_insertId(); 913 DB_unlockTable ($_TABLES['comments']); 914 915 // Send notification of comment if no errors and notications enabled for comments 916 if (($ret == 0) && isset ($_CONF['notification']) && 917 in_array ('comment', $_CONF['notification'])) { 918 CMT_sendNotification ($title, $comment, $uid, $_SERVER['REMOTE_ADDR'], 919 $type, $cid); 920 } 921 } else { 922 COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " 923 . 'to submit a comment with invalid $title and/or $comment.'); 924 return $ret = 5; 925 } 926 927 return $ret; 928 } 929 930 /** 931 * Send an email notification for a new comment submission. 932 * 933 * @param $title string comment title 934 * @param $comment string text of the comment 935 * @param $uid integer user id 936 * @param $ipaddress string poster's IP address 937 * @param $type string type of comment ('article', 'poll', ...) 938 * @param $cid integer comment id 939 * 940 */ 941 function CMT_sendNotification ($title, $comment, $uid, $ipaddress, $type, $cid) 942 { 943 global $_CONF, $_TABLES, $LANG03, $LANG08, $LANG09; 944 945 // we have to undo the addslashes() call from savecomment() 946 $title = stripslashes ($title); 947 $comment = stripslashes ($comment); 948 949 // strip HTML if posted in HTML mode 950 if (preg_match ('/<.*>/', $comment) != 0) { 951 $comment = strip_tags ($comment); 952 } 953 954 $author = COM_getDisplayName ($uid); 955 if (($uid <= 1) && !empty ($ipaddress)) { 956 // add IP address for anonymous posters 957 $author .= ' (' . $ipaddress . ')'; 958 } 959 960 $mailbody = "$LANG03[16]: $title\n" 961 . "$LANG03[5]: $author\n"; 962 963 if (($type != 'article') && ($type != 'poll')) { 964 $mailbody .= "$LANG09[5]: $type\n"; 965 } 966 967 if ($_CONF['emailstorieslength'] > 0) { 968 if ($_CONF['emailstorieslength'] > 1) { 969 $comment = MBYTE_substr ($comment, 0, $_CONF['emailstorieslength']) 970 . '...'; 971 } 972 $mailbody .= $comment . "\n\n"; 973 } 974 975 $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] 976 . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; 977 978 $mailbody .= "\n------------------------------\n"; 979 $mailbody .= "\n$LANG08[34]\n"; 980 $mailbody .= "\n------------------------------\n"; 981 982 $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[9]; 983 984 COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody); 985 } 986 987 /** 988 * Deletes a given comment 989 * 990 * The function expects the calling function to check to make sure the 991 * requesting user has the correct permissions and that the comment exits 992 * for the specified $type and $sid. 993 * 994 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> 995 * @param string $type article, poll, or plugin identifier 996 * @param string $sid id of object comment belongs to 997 * @param int $cid Comment ID 998 * @return string 0 indicates success, >0 identifies problem 999 */ 1000 function CMT_deleteComment ($cid, $sid, $type) 1001 { 1002 global $_CONF, $_TABLES, $_USER; 1003 1004 $ret = 0; // Assume good status unless reported otherwise 1005 1006 // Sanity check, note we return immediately here and no DB operations 1007 // are performed 1008 if (!is_numeric ($cid) || ($cid < 0) || empty ($sid) || empty ($type)) { 1009 COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " 1010 . 'to delete a comment with one or more missing/bad values.'); 1011 return $ret = 1; 1012 } 1013 1014 // Delete the comment from the DB and update the other comments to 1015 // maintain the tree structure 1016 // A lock is needed here to prevent other additions and/or deletions 1017 // from happening at the same time. A transaction would work better, 1018 // but aren't supported with MyISAM tables. 1019 DB_lockTable ($_TABLES['comments']); 1020 $result = DB_query("SELECT pid, lft, rht FROM {$_TABLES['comments']} " 1021 . "WHERE cid = $cid AND sid = '$sid' AND type = '$type'"); 1022 if ( DB_numRows($result) == 1 ) { 1023 list($pid,$lft,$rht) = DB_fetchArray($result); 1024 DB_change ($_TABLES['comments'], 'pid', $pid, 'pid', $cid); 1025 DB_delete ($_TABLES['comments'], 'cid', $cid); 1026 DB_query("UPDATE {$_TABLES['comments']} SET indent = indent - 1 " 1027 . "WHERE sid = '$sid' AND type = '$type' AND lft BETWEEN $lft AND $rht"); 1028 DB_query("UPDATE {$_TABLES['comments']} SET lft = lft - 2 " 1029 . "WHERE sid = '$sid' AND type = '$type' AND lft >= $rht"); 1030 DB_query("UPDATE {$_TABLES['comments']} SET rht = rht - 2 " 1031 . "WHERE sid = '$sid' AND type = '$type' AND rht >= $rht"); 1032 } else { 1033 COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " 1034 . 'to delete a comment that doesn\'t exist as described.'); 1035 return $ret = 2; 1036 } 1037 1038 DB_unlockTable ($_TABLES['comments']); 1039 1040 return $ret; 1041 } 1042 1043 /** 1044 * Display form to report abusive comment. 1045 * 1046 * @param string $cid comment id 1047 * @param string $type type of comment ('article', 'poll', ...) 1048 * @return string HTML for the form (or error message) 1049 * 1050 */ 1051 function CMT_reportAbusiveComment ($cid, $type) 1052 { 1053 global $_CONF, $_TABLES, $_USER, $LANG03, $LANG12, $LANG_LOGIN; 1054 1055 $retval = ''; 1056 1057 if (empty ($_USER['username'])) { 1058 $retval .= COM_startBlock ($LANG_LOGIN[1], '', 1059 COM_getBlockTemplate ('_msg_block', 'header')); 1060 $loginreq = new Template ($_CONF['path_layout'] . 'submit'); 1061 $loginreq->set_file ('loginreq', 'submitloginrequired.thtml'); 1062 $loginreq->set_var ('login_message', $LANG_LOGIN[2]); 1063 $loginreq->set_var ('site_url', $_CONF['site_url']); 1064 $loginreq->set_var ('lang_login', $LANG_LOGIN[3]); 1065 $loginreq->set_var ('lang_newuser', $LANG_LOGIN[4]); 1066 $loginreq->parse ('errormsg', 'loginreq'); 1067 $retval .= $loginreq->finish ($loginreq->get_var ('errormsg')); 1068 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 1069 1070 return $retval; 1071 } 1072 1073 COM_clearSpeedlimit ($_CONF['speedlimit'], 'mail'); 1074 $last = COM_checkSpeedlimit ('mail'); 1075 if ($last > 0) { 1076 $retval .= COM_startBlock ($LANG12[26], '', 1077 COM_getBlockTemplate ('_msg_block', 'header')) 1078 . $LANG12[30] . $last . $LANG12[31] 1079 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 1080 1081 return $retval; 1082 } 1083 1084 $start = new Template ($_CONF['path_layout'] . 'comment'); 1085 $start->set_file (array ('report' => 'reportcomment.thtml')); 1086 $start->set_var ('site_url', $_CONF['site_url']); 1087 $start->set_var ('layout_url', $_CONF['layout_url']); 1088 $start->set_var ('lang_report_this', $LANG03[25]); 1089 $start->set_var ('lang_send_report', $LANG03[10]); 1090 $start->set_var ('cid', $cid); 1091 $start->set_var ('type', $type); 1092 1093 $result = DB_query ("SELECT uid,sid,pid,title,comment,UNIX_TIMESTAMP(date) AS nice_date FROM {$_TABLES['comments']} WHERE cid = $cid AND type = '$type'"); 1094 $A = DB_fetchArray ($result); 1095 1096 $result = DB_query ("SELECT username,fullname,photo FROM {$_TABLES['users']} WHERE uid = {$A['uid']}"); 1097 $B = DB_fetchArray ($result); 1098 1099 // prepare data for comment preview 1100 $A['cid'] = $cid; 1101 $A['type'] = $type; 1102 $A['username'] = $B['username']; 1103 $A['fullname'] = $B['fullname']; 1104 $A['photo'] = $B['photo']; 1105 $A['indent'] = 0; 1106 $A['pindent'] = 0; 1107 1108 $thecomment = CMT_getComment ($A, 'flat', $type, 'ASC', false, true); 1109 $start->set_var ('comment', $thecomment); 1110 $retval .= COM_startBlock ($LANG03[15]) 1111 . $start->finish ($start->parse ('output', 'report')) 1112 . COM_endBlock (); 1113 1114 return $retval; 1115 } 1116 1117 /** 1118 * Send report about abusive comment 1119 * 1120 * @param string $cid comment id 1121 * @param string $type type of comment ('article', 'poll', ...) 1122 * @return string Meta refresh or HTML for error message 1123 * 1124 */ 1125 function CMT_sendReport ($cid, $type) 1126 { 1127 global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG_LOGIN; 1128 1129 if (empty ($_USER['username'])) { 1130 $retval = COM_siteHeader ('menu', $LANG_LOGIN[1]); 1131 $retval .= COM_startBlock ($LANG_LOGIN[1], '', 1132 COM_getBlockTemplate ('_msg_block', 'header')); 1133 $loginreq = new Template ($_CONF['path_layout'] . 'submit'); 1134 $loginreq->set_file ('loginreq', 'submitloginrequired.thtml'); 1135 $loginreq->set_var ('login_message', $LANG_LOGIN[2]); 1136 $loginreq->set_var ('site_url', $_CONF['site_url']); 1137 $loginreq->set_var ('lang_login', $LANG_LOGIN[3]); 1138 $loginreq->set_var ('lang_newuser', $LANG_LOGIN[4]); 1139 $loginreq->parse ('errormsg', 'loginreq'); 1140 $retval .= $loginreq->finish ($loginreq->get_var ('errormsg')); 1141 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 1142 $retval .= COM_siteFooter (); 1143 1144 return $retval; 1145 } 1146 1147 COM_clearSpeedlimit ($_CONF['speedlimit'], 'mail'); 1148 if (COM_checkSpeedlimit ('mail') > 0) { 1149 return COM_refresh ($_CONF['site_url'] . '/index.php'); 1150 } 1151 1152 $username = DB_getItem ($_TABLES['users'], 'username', 1153 "uid = {$_USER['uid']}"); 1154 $result = DB_query ("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = $cid AND type = '$type'"); 1155 $A = DB_fetchArray ($result); 1156 1157 $title = stripslashes ($A['title']); 1158 $comment = stripslashes ($A['comment']); 1159 1160 // strip HTML if posted in HTML mode 1161 if (preg_match ('/<.*>/', $comment) != 0) { 1162 $comment = strip_tags ($comment); 1163 } 1164 1165 $author = COM_getDisplayName ($A['uid']); 1166 if (($A['uid'] <= 1) && !empty ($A['ipaddress'])) { 1167 // add IP address for anonymous posters 1168 $author .= ' (' . $A['ipaddress'] . ')'; 1169 } 1170 1171 $mailbody = sprintf ($LANG03[26], $username); 1172 $mailbody .= "\n\n" 1173 . "$LANG03[16]: $title\n" 1174 . "$LANG03[5]: $author\n"; 1175 1176 if (($type != 'article') && ($type != 'poll')) { 1177 $mailbody .= "$LANG09[5]: $type\n"; 1178 } 1179 1180 if ($_CONF['emailstorieslength'] > 0) { 1181 if ($_CONF['emailstorieslength'] > 1) { 1182 $comment = MBYTE_substr ($comment, 0, $_CONF['emailstorieslength']) 1183 . '...'; 1184 } 1185 $mailbody .= $comment . "\n\n"; 1186 } 1187 1188 $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] 1189 . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; 1190 1191 $mailbody .= "\n------------------------------\n"; 1192 $mailbody .= "\n$LANG08[34]\n"; 1193 $mailbody .= "\n------------------------------\n"; 1194 1195 $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27]; 1196 1197 COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody); 1198 COM_updateSpeedlimit ('mail'); 1199 1200 return COM_refresh ($_CONF['site_url'] . '/index.php?msg=27'); 1201 } 1202 1203 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|