| [ Index ] |
PHP Cross Reference of Nucleus CMS v3.51 code documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 5 * Copyright (C) 2002-2009 The Nucleus Group 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 2 10 * of the License, or (at your option) any later version. 11 * (see nucleus/documentation/index.html#license for more info) 12 */ 13 /** 14 * A class representing the comments (all of them) for a certain post on a ceratin blog 15 * 16 * @license http://nucleuscms.org/license.txt GNU General Public License 17 * @copyright Copyright (C) 2002-2009 The Nucleus Group 18 * @version $Id: COMMENTS.php 1388 2009-07-18 06:31:28Z shizuki $ 19 */ 20 21 if ( !function_exists('requestVar') ) exit; 22 require_once dirname(__FILE__) . '/COMMENTACTIONS.php'; 23 24 class COMMENTS { 25 26 // item for which comment are being displayed 27 var $itemid; 28 29 // reference to the itemActions object that is calling the showComments function 30 var $itemActions; 31 32 // total amount of comments displayed 33 var $commentcount; 34 35 /** 36 * Creates a new COMMENTS object for the given blog and item 37 * 38 * @param $itemid 39 * id of the item 40 */ 41 function COMMENTS($itemid) { 42 $this->itemid = intval($itemid); 43 } 44 45 /** 46 * Used when parsing comments 47 * 48 * @param $itemActions 49 * itemActions object, that will take care of the parsing 50 */ 51 function setItemActions(&$itemActions) { 52 $this->itemActions =& $itemActions; 53 } 54 55 /** 56 * Shows maximum $max comments to the given item using the given template 57 * returns the amount of shown comments (if maxToShow = -1, then there is no limit) 58 * 59 * @param template 60 * template to use 61 * @param maxToShow 62 * max. comments to show 63 * @param showNone 64 * indicates if the 'no comments' thingie should be outputted when there are no comments 65 * (useful for closed items) 66 * @param highlight 67 * Highlight to use (if any) 68 */ 69 function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') { 70 global $CONF, $manager; 71 72 // create parser object & action handler 73 $actions =& new COMMENTACTIONS($this); 74 $parser =& new PARSER($actions->getDefinedActions(),$actions); 75 $actions->setTemplate($template); 76 $actions->setParser($parser); 77 78 if ($maxToShow == 0) { 79 $this->commentcount = $this->amountComments(); 80 } else { 81 $query = 'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid' 82 . ' FROM '.sql_table('comment').' as c' 83 . ' WHERE c.citem=' . $this->itemid 84 . ' ORDER BY c.ctime'; 85 86 $comments = sql_query($query); 87 $this->commentcount = sql_num_rows($comments); 88 } 89 90 // if no result was found 91 if ($this->commentcount == 0) { 92 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used 93 if ($showNone) $parser->parse($template['COMMENTS_NONE']); 94 return 0; 95 } 96 97 // if too many comments to show 98 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) { 99 $parser->parse($template['COMMENTS_TOOMUCH']); 100 return 0; 101 } 102 103 $parser->parse($template['COMMENTS_HEADER']); 104 105 while ( $comment = sql_fetch_assoc($comments) ) { 106 $comment['timestamp'] = strtotime($comment['ctime']); 107 $actions->setCurrentComment($comment); 108 $actions->setHighlight($highlight); 109 $manager->notify('PreComment', array('comment' => &$comment)); 110 $parser->parse($template['COMMENTS_BODY']); 111 $manager->notify('PostComment', array('comment' => &$comment)); 112 } 113 114 $parser->parse($template['COMMENTS_FOOTER']); 115 116 sql_free_result($comments); 117 118 return $this->commentcount; 119 } 120 121 /** 122 * Returns the amount of comments for this itemid 123 */ 124 function amountComments() { 125 $query = 'SELECT COUNT(*)' 126 . ' FROM '.sql_table('comment').' as c' 127 . ' WHERE c.citem='. $this->itemid; 128 $res = sql_query($query); 129 $arr = sql_fetch_row($res); 130 131 return $arr[0]; 132 } 133 134 /** 135 * Adds a new comment to the database 136 */ 137 function addComment($timestamp, $comment) { 138 global $CONF, $member, $manager; 139 140 $blogid = getBlogIDFromItemID($this->itemid); 141 142 $settings =& $manager->getBlog($blogid); 143 $settings->readSettings(); 144 145 if (!$settings->commentsEnabled()) 146 return _ERROR_COMMENTS_DISABLED; 147 148 if (!$settings->isPublic() && !$member->isLoggedIn()) 149 return _ERROR_COMMENTS_NONPUBLIC; 150 151 // member name protection 152 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) 153 return _ERROR_COMMENTS_MEMBERNICK; 154 155 // email required protection 156 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) { 157 return _ERROR_EMAIL_REQUIRED; 158 } 159 160 $comment['timestamp'] = $timestamp; 161 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR')); 162 $comment['ip'] = serverVar('REMOTE_ADDR'); 163 164 // if member is logged in, use that data 165 if ($member->isLoggedIn()) { 166 $comment['memberid'] = $member->getID(); 167 $comment['user'] = ''; 168 $comment['userid'] = ''; 169 $comment['email'] = ''; 170 } else { 171 $comment['memberid'] = 0; 172 } 173 174 // spam check 175 $continue = false; 176 $plugins = array(); 177 178 if (isset($manager->subscriptions['ValidateForm'])) 179 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']); 180 181 if (isset($manager->subscriptions['PreAddComment'])) 182 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']); 183 184 if (isset($manager->subscriptions['PostAddComment'])) 185 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']); 186 187 $plugins = array_unique($plugins); 188 189 while (list(,$plugin) = each($plugins)) { 190 $p = $manager->getPlugin($plugin); 191 $continue = $continue || $p->supportsFeature('handleSpam'); 192 } 193 194 $spamcheck = array ( 195 'type' => 'comment', 196 'body' => $comment['body'], 197 'id' => $comment['itemid'], 198 'live' => true, 199 'return' => $continue 200 ); 201 202 if ($member->isLoggedIn()) { 203 $spamcheck['author'] = $member->displayname; 204 $spamcheck['email'] = $member->email; 205 } else { 206 $spamcheck['author'] = $comment['user']; 207 $spamcheck['email'] = $comment['email']; 208 $spamcheck['url'] = $comment['userid']; 209 } 210 211 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck)); 212 213 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true) 214 return _ERROR_COMMENTS_SPAM; 215 216 217 // isValidComment returns either "1" or an error message 218 $isvalid = $this->isValidComment($comment, $spamcheck); 219 if ($isvalid != 1) 220 return $isvalid; 221 222 // send email to notification address, if any 223 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) { 224 225 $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n"; 226 // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n"; 227 $temp = parse_url($CONF['Self']); 228 if ($temp['scheme']) { 229 $mailto_msg .= createItemLink($this->itemid) . "\n\n"; 230 } else { 231 $tempurl = $settings->getURL(); 232 if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') { 233 $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n"; 234 } else { 235 $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n"; 236 } 237 } 238 if ($comment['memberid'] == 0) { 239 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n"; 240 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n"; 241 } else { 242 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; 243 } 244 $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n"; 245 $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n"; 246 $mailto_msg .= getMailFooter(); 247 248 $item =& $manager->getItem($this->itemid, 0, 0); 249 $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')'; 250 251 $frommail = $member->getNotifyFromMailAddress($comment['email']); 252 253 $notify =& new NOTIFICATION($settings->getNotifyAddress()); 254 $notify->notify($mailto_title, $mailto_msg , $frommail); 255 } 256 257 $comment = COMMENT::prepare($comment); 258 259 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck)); 260 261 $name = addslashes($comment['user']); 262 $url = addslashes($comment['userid']); 263 $email = addslashes($comment['email']); 264 $body = addslashes($comment['body']); 265 $host = addslashes($comment['host']); 266 $ip = addslashes($comment['ip']); 267 $memberid = intval($comment['memberid']); 268 $timestamp = date('Y-m-d H:i:s', $comment['timestamp']); 269 $itemid = $this->itemid; 270 271 $qSql = 'SELECT COUNT(*) AS result ' 272 . 'FROM ' . sql_table('comment') 273 . ' WHERE ' 274 . 'cmail = "' . $url . '"' 275 . ' AND cmember = "' . $memberid . '"' 276 . ' AND cbody = "' . $body . '"' 277 . ' AND citem = "' . $itemid . '"' 278 . ' AND cblog = "' . $blogid . '"'; 279 $result = (integer) quickQuery($qSql); 280 if ($result > 0) { 281 return _ERROR_BADACTION; 282 } 283 284 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' 285 . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')"; 286 287 sql_query($query); 288 289 // post add comment 290 $commentid = sql_insert_id(); 291 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck)); 292 293 // succeeded ! 294 return true; 295 } 296 297 /** 298 * Checks if a comment is valid and call plugins 299 * that can check if the comment is a spam comment 300 */ 301 function isValidComment(&$comment, &$spamcheck) { 302 global $member, $manager; 303 304 // check if there exists a item for this date 305 $item =& $manager->getItem($this->itemid,0,0); 306 307 if (!$item) 308 return _ERROR_NOSUCHITEM; 309 310 if ($item['closed']) 311 return _ERROR_ITEMCLOSED; 312 313 // don't allow words that are too long 314 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false) 315 return _ERROR_COMMENT_LONGWORD; 316 317 // check lengths of comment 318 if (strlen($comment['body'])<3) 319 return _ERROR_COMMENT_NOCOMMENT; 320 321 if (strlen($comment['body'])>5000) 322 return _ERROR_COMMENT_TOOLONG; 323 324 // only check username if no member logged in 325 if (!$member->isLoggedIn()) 326 if (strlen($comment['user'])<2) 327 return _ERROR_COMMENT_NOUSERNAME; 328 329 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) { 330 return _ERROR_BADMAILADDRESS; 331 } 332 333 // let plugins do verification (any plugin which thinks the comment is invalid 334 // can change 'error' to something other than '1') 335 $result = 1; 336 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck)); 337 338 return $result; 339 } 340 341 } 342 343 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Aug 1 03:56:06 2010 |