| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.32 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 5 * Copyright (C) 2002-2007 The Nucleus Group 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 2 10 * of the License, or (at your option) any later version. 11 * (see nucleus/documentation/index.html#license for more info) 12 */ 13 /** 14 * A class representing the comments (all of them) for a certain post on a ceratin blog 15 * 16 * @license http://nucleuscms.org/license.txt GNU General Public License 17 * @copyright Copyright (C) 2002-2007 The Nucleus Group 18 * @version $Id: COMMENTS.php 1155 2007-05-20 23:40:48Z kaigreve $ 19 */ 20 21 if ( !function_exists('requestVar') ) exit; 22 require_once dirname(__FILE__) . '/COMMENTACTIONS.php'; 23 24 class COMMENTS { 25 26 // item for which comment are being displayed 27 var $itemid; 28 29 // reference to the itemActions object that is calling the showComments function 30 var $itemActions; 31 32 // total amount of comments displayed 33 var $commentcount; 34 35 /** 36 * Creates a new COMMENTS object for the given blog and item 37 * 38 * @param $itemid 39 * id of the item 40 */ 41 function COMMENTS($itemid) { 42 $this->itemid = intval($itemid); 43 } 44 /** 45 * Used when parsing comments 46 * 47 * @param $itemActions 48 * itemActions object, that will take care of the parsing 49 */ 50 function setItemActions(&$itemActions) { 51 $this->itemActions =& $itemActions; 52 } 53 54 /** 55 * Shows maximum $max comments to the given item using the given template 56 * returns the amount of shown comments (if maxToShow = -1, then there is no limit) 57 * 58 * @param template 59 * template to use 60 * @param maxToShow 61 * max. comments to show 62 * @param showNone 63 * indicates if the 'no comments' thingie should be outputted when there are no comments 64 * (useful for closed items) 65 * @param highlight 66 * Highlight to use (if any) 67 */ 68 function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') { 69 global $CONF, $manager; 70 71 // create parser object & action handler 72 $actions =& new COMMENTACTIONS($this); 73 $parser =& new PARSER($actions->getDefinedActions(),$actions); 74 $actions->setTemplate($template); 75 $actions->setParser($parser); 76 77 if ($maxToShow == 0) { 78 $this->commentcount = $this->amountComments(); 79 } else { 80 $query = 'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid' 81 . ' FROM '.sql_table('comment').' as c' 82 . ' WHERE c.citem=' . $this->itemid 83 . ' ORDER BY c.ctime'; 84 85 $comments = sql_query($query); 86 $this->commentcount = mysql_num_rows($comments); 87 } 88 89 // if no result was found 90 if ($this->commentcount == 0) { 91 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used 92 if ($showNone) $parser->parse($template['COMMENTS_NONE']); 93 return 0; 94 } 95 96 // if too many comments to show 97 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) { 98 $parser->parse($template['COMMENTS_TOOMUCH']); 99 return 0; 100 } 101 102 $parser->parse($template['COMMENTS_HEADER']); 103 104 while ( $comment = mysql_fetch_assoc($comments) ) { 105 $comment['timestamp'] = strtotime($comment['ctime']); 106 $actions->setCurrentComment($comment); 107 $actions->setHighlight($highlight); 108 $manager->notify('PreComment', array('comment' => &$comment)); 109 $parser->parse($template['COMMENTS_BODY']); 110 $manager->notify('PostComment', array('comment' => &$comment)); 111 } 112 113 $parser->parse($template['COMMENTS_FOOTER']); 114 115 mysql_free_result($comments); 116 117 return $this->commentcount; 118 } 119 120 /** 121 * Returns the amount of comments for this itemid 122 */ 123 function amountComments() { 124 $query = 'SELECT COUNT(*)' 125 . ' FROM '.sql_table('comment').' as c' 126 . ' WHERE c.citem='. $this->itemid; 127 $res = sql_query($query); 128 $arr = mysql_fetch_row($res); 129 130 return $arr[0]; 131 } 132 133 134 function addComment($timestamp, $comment) { 135 global $CONF, $member, $manager; 136 137 $blogid = getBlogIDFromItemID($this->itemid); 138 139 $settings =& $manager->getBlog($blogid); 140 $settings->readSettings(); 141 142 if (!$settings->commentsEnabled()) 143 return _ERROR_COMMENTS_DISABLED; 144 145 if (!$settings->isPublic() && !$member->isLoggedIn()) 146 return _ERROR_COMMENTS_NONPUBLIC; 147 148 // member name protection 149 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) 150 return _ERROR_COMMENTS_MEMBERNICK; 151 152 // email required protection 153 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) { 154 return _ERROR_EMAIL_REQUIRED; 155 } 156 157 $comment['timestamp'] = $timestamp; 158 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR')); 159 $comment['ip'] = serverVar('REMOTE_ADDR'); 160 161 // if member is logged in, use that data 162 if ($member->isLoggedIn()) { 163 $comment['memberid'] = $member->getID(); 164 $comment['user'] = ''; 165 $comment['userid'] = ''; 166 $comment['email'] = ''; 167 } else { 168 $comment['memberid'] = 0; 169 } 170 171 // spam check 172 $continue = false; 173 $plugins = array(); 174 175 if (isset($manager->subscriptions['ValidateForm'])) 176 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']); 177 178 if (isset($manager->subscriptions['PreAddComment'])) 179 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']); 180 181 if (isset($manager->subscriptions['PostAddComment'])) 182 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']); 183 184 $plugins = array_unique($plugins); 185 186 while (list(,$plugin) = each($plugins)) { 187 $p = $manager->getPlugin($plugin); 188 $continue = $continue || $p->supportsFeature('handleSpam'); 189 } 190 191 $spamcheck = array ( 192 'type' => 'comment', 193 'body' => $comment['body'], 194 'id' => $comment['itemid'], 195 'live' => true, 196 'return' => $continue 197 ); 198 199 if ($member->isLoggedIn()) { 200 $spamcheck['author'] = $member->displayname; 201 $spamcheck['email'] = $member->email; 202 } else { 203 $spamcheck['author'] = $comment['user']; 204 $spamcheck['email'] = $comment['email']; 205 $spamcheck['url'] = $comment['userid']; 206 } 207 208 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck)); 209 210 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true) 211 return _ERROR_COMMENTS_SPAM; 212 213 214 // isValidComment returns either "1" or an error message 215 $isvalid = $this->isValidComment($comment, $spamcheck); 216 if ($isvalid != 1) 217 return $isvalid; 218 219 // send email to notification address, if any 220 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) { 221 222 $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n"; 223 // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n"; 224 $temp = parse_url($CONF['Self']); 225 if ($temp['scheme']) { 226 $mailto_msg .= createItemLink($this->itemid) . "\n\n"; 227 } else { 228 $tempurl = $settings->getURL(); 229 if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') { 230 $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n"; 231 } else { 232 $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n"; 233 } 234 } 235 if ($comment['memberid'] == 0) { 236 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n"; 237 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n"; 238 } else { 239 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; 240 } 241 $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n"; 242 $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n"; 243 $mailto_msg .= getMailFooter(); 244 245 $item =& $manager->getItem($this->itemid, 0, 0); 246 $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')'; 247 248 $frommail = $member->getNotifyFromMailAddress($comment['userid']); 249 250 $notify =& new NOTIFICATION($settings->getNotifyAddress()); 251 $notify->notify($mailto_title, $mailto_msg , $frommail); 252 } 253 254 $comment = COMMENT::prepare($comment); 255 256 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck)); 257 258 $name = addslashes($comment['user']); 259 $url = addslashes($comment['userid']); 260 $email = addslashes($comment['email']); 261 $body = addslashes($comment['body']); 262 $host = addslashes($comment['host']); 263 $ip = addslashes($comment['ip']); 264 $memberid = intval($comment['memberid']); 265 $timestamp = date('Y-m-d H:i:s', $comment['timestamp']); 266 $itemid = $this->itemid; 267 268 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' 269 . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')"; 270 271 sql_query($query); 272 273 // post add comment 274 $commentid = mysql_insert_id(); 275 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck)); 276 277 // succeeded ! 278 return true; 279 } 280 281 282 function isValidComment($comment, & $spamcheck) { 283 global $member, $manager; 284 285 // check if there exists a item for this date 286 $item =& $manager->getItem($this->itemid,0,0); 287 288 if (!$item) 289 return _ERROR_NOSUCHITEM; 290 291 if ($item['closed']) 292 return _ERROR_ITEMCLOSED; 293 294 // don't allow words that are too long 295 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false) 296 return _ERROR_COMMENT_LONGWORD; 297 298 // check lengths of comment 299 if (strlen($comment['body'])<3) 300 return _ERROR_COMMENT_NOCOMMENT; 301 302 if (strlen($comment['body'])>5000) 303 return _ERROR_COMMENT_TOOLONG; 304 305 // only check username if no member logged in 306 if (!$member->isLoggedIn()) 307 if (strlen($comment['user'])<2) 308 return _ERROR_COMMENT_NOUSERNAME; 309 310 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) { 311 return _ERROR_BADMAILADDRESS; 312 } 313 314 // let plugins do verification (any plugin which thinks the comment is invalid 315 // can change 'error' to something other than '1') 316 $result = 1; 317 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck)); 318 319 return $result; 320 } 321 322 } 323 324 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Feb 12 15:34:36 2008 | Cross-referenced by PHPXref 0.7 |