utf8/nucleus/libs/COMMENTS.php

   1 <?php
   2
   3 /*
   4  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
   5  * Copyright (C) 2002-2009 The Nucleus Group
   6  *
   7  * This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * as published by the Free Software Foundation; either version 2
  10  * of the License, or (at your option) any later version.
  11  * (see nucleus/documentation/index.html#license for more info)
  12  */
  13 /**
  14  * A class representing the comments (all of them) for a certain post on a ceratin blog
  15  *
  16  * @license http://nucleuscms.org/license.txt GNU General Public License
  17  * @copyright Copyright (C) 2002-2009 The Nucleus Group
  18  * @version $Id$
  19  * $NucleusJP: COMMENTS.php,v 1.9.2.1 2007/08/08 05:32:21 kimitake Exp $
  20  */
  21
  22 if ( !function_exists('requestVar') ) exit;
  23 require_once dirname(__FILE__) . '/COMMENTACTIONS.php';
  24
  25 class COMMENTS {
  26
  27         // item for which comment are being displayed
  28         var $itemid;
  29
  30         // reference to the itemActions object that is calling the showComments function
  31         var $itemActions;
  32
  33         // total amount of comments displayed
  34         var $commentcount;
  35
  36         /**
  37          * Creates a new COMMENTS object for the given blog and item
  38          *
  39          * @param $itemid
  40          *              id of the item
  41          */
  42         function COMMENTS($itemid) {
  43                 $this->itemid = intval($itemid);
  44         }
  45
  46         /**
  47          * Used when parsing comments
  48          *
  49          * @param $itemActions
  50          *              itemActions object, that will take care of the parsing
  51          */
  52         function setItemActions(&$itemActions) {
  53                 $this->itemActions =& $itemActions;
  54         }
  55
  56         /**
  57          * Shows maximum $max comments to the given item using the given template
  58          * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
  59          *
  60          * @param template
  61          *              template to use
  62          * @param maxToShow
  63          *              max. comments to show
  64          * @param showNone
  65          *              indicates if the 'no comments' thingie should be outputted when there are no comments
  66          *              (useful for closed items)
  67          * @param highlight
  68          *              Highlight to use (if any)
  69          */
  70         function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') {
  71                 global $CONF, $manager;
  72
  73                 // create parser object & action handler
  74                 $actions =& new COMMENTACTIONS($this);
  75                 $parser =& new PARSER($actions->getDefinedActions(),$actions);
  76                 $actions->setTemplate($template);
  77                 $actions->setParser($parser);
  78
  79                 if ($maxToShow == 0) {
  80                         $this->commentcount = $this->amountComments();
  81                 } else {
  82                         $query =  'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid'
  83                                    . ' FROM '.sql_table('comment').' as c'
  84                                    . ' WHERE c.citem=' . $this->itemid
  85                                    . ' ORDER BY c.ctime';
  86
  87                         $comments = sql_query($query);
  88                         $this->commentcount = sql_num_rows($comments);
  89                 }
  90
  91                 // if no result was found
  92                 if ($this->commentcount == 0) {
  93                         // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
  94                         if ($showNone) $parser->parse($template['COMMENTS_NONE']);
  95                         return 0;
  96                 }
  97
  98                 // if too many comments to show
  99                 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) {
 100                         $parser->parse($template['COMMENTS_TOOMUCH']);
 101                         return 0;
 102                 }
 103
 104                 $parser->parse($template['COMMENTS_HEADER']);
 105
 106                 while ( $comment = sql_fetch_assoc($comments) ) {
 107                         $comment['timestamp'] = strtotime($comment['ctime']);
 108                         $actions->setCurrentComment($comment);
 109                         $actions->setHighlight($highlight);
 110                         $manager->notify('PreComment', array('comment' => &$comment));
 111                         $parser->parse($template['COMMENTS_BODY']);
 112                         $manager->notify('PostComment', array('comment' => &$comment));
 113                 }
 114
 115                 $parser->parse($template['COMMENTS_FOOTER']);
 116
 117                 sql_free_result($comments);
 118
 119                 return $this->commentcount;
 120         }
 121
 122         /**
 123          * Returns the amount of comments for this itemid
 124          */
 125         function amountComments() {
 126                 $query =  'SELECT COUNT(*)'
 127                            . ' FROM '.sql_table('comment').' as c'
 128                            . ' WHERE c.citem='. $this->itemid;
 129                 $res = sql_query($query);
 130                 $arr = sql_fetch_row($res);
 131
 132                 return $arr[0];
 133         }
 134
 135         /**
 136          * Adds a new comment to the database
 137          */
 138         function addComment($timestamp, $comment) {
 139                 global $CONF, $member, $manager;
 140
 141                 $blogid = getBlogIDFromItemID($this->itemid);
 142
 143                 $settings =& $manager->getBlog($blogid);
 144                 $settings->readSettings();
 145
 146                 if (!$settings->commentsEnabled())
 147                         return _ERROR_COMMENTS_DISABLED;
 148
 149                 if (!$settings->isPublic() && !$member->isLoggedIn())
 150                         return _ERROR_COMMENTS_NONPUBLIC;
 151
 152                 // member name protection
 153                 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user']))
 154                         return _ERROR_COMMENTS_MEMBERNICK;
 155
 156                 // email required protection
 157                 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
 158                         return _ERROR_EMAIL_REQUIRED;
 159                 }
 160
 161                 $comment['timestamp'] = $timestamp;
 162                 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
 163                 $comment['ip'] = serverVar('REMOTE_ADDR');
 164
 165                 // if member is logged in, use that data
 166                 if ($member->isLoggedIn()) {
 167                         $comment['memberid'] = $member->getID();
 168                         $comment['user'] = '';
 169                         $comment['userid'] = '';
 170                         $comment['email'] = '';
 171                 } else {
 172                         $comment['memberid'] = 0;
 173                 }
 174
 175                 // spam check
 176                 $continue = false;
 177                 $plugins = array();
 178
 179                 if (isset($manager->subscriptions['ValidateForm']))
 180                         $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
 181
 182                 if (isset($manager->subscriptions['PreAddComment']))
 183                         $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
 184
 185                 if (isset($manager->subscriptions['PostAddComment']))
 186                         $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
 187
 188                 $plugins = array_unique($plugins);
 189
 190                 while (list(,$plugin) = each($plugins)) {
 191                         $p = $manager->getPlugin($plugin);
 192                         $continue = $continue || $p->supportsFeature('handleSpam');
 193                 }
 194
 195                 $spamcheck = array (
 196                         'type'          => 'comment',
 197                         'body'          => $comment['body'],
 198                         'id'        => $comment['itemid'],
 199                         'live'          => true,
 200                         'return'        => $continue
 201                 );
 202
 203                 if ($member->isLoggedIn()) {
 204                         $spamcheck['author'] = $member->displayname;
 205                         $spamcheck['email'] = $member->email;
 206                 } else {
 207                         $spamcheck['author'] = $comment['user'];
 208                         $spamcheck['email'] = $comment['email'];
 209                         $spamcheck['url'] = $comment['userid'];
 210                 }
 211
 212                 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck));
 213
 214                 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true)
 215                         return _ERROR_COMMENTS_SPAM;
 216
 217
 218                 // isValidComment returns either "1" or an error message
 219                 $isvalid = $this->isValidComment($comment, $spamcheck);
 220                 if ($isvalid != 1)
 221                         return $isvalid;
 222
 223                 // send email to notification address, if any
 224                 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
 225
 226                         $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
 227 //                      $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
 228                         $temp = parse_url($CONF['Self']);
 229                         if ($temp['scheme']) {
 230                                 $mailto_msg .= createItemLink($this->itemid) . "\n\n";
 231                         } else {
 232                                 $tempurl = $settings->getURL();
 233                                 if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
 234                                         $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
 235                                 } else {
 236                                         $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
 237                                 }
 238                         }
 239                         if ($comment['memberid'] == 0) {
 240                                 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
 241                                 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
 242                         } else {
 243                                 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
 244                         }
 245                         $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
 246                         $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
 247                         $mailto_msg .= getMailFooter();
 248
 249                         $item =& $manager->getItem($this->itemid, 0, 0);
 250                         $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
 251
 252                         $frommail = $member->getNotifyFromMailAddress($comment['email']);
 253
 254                         $notify =& new NOTIFICATION($settings->getNotifyAddress());
 255                         $notify->notify($mailto_title, $mailto_msg , $frommail);
 256                 }
 257
 258                 $comment = COMMENT::prepare($comment);
 259
 260                 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck));
 261
 262                 $name           = addslashes($comment['user']);
 263                 $url            = addslashes($comment['userid']);
 264                 $email      = addslashes($comment['email']);
 265                 $body           = addslashes($comment['body']);
 266                 $host           = addslashes($comment['host']);
 267                 $ip                     = addslashes($comment['ip']);
 268                 $memberid       = intval($comment['memberid']);
 269                 $timestamp      = date('Y-m-d H:i:s', $comment['timestamp']);
 270                 $itemid         = $this->itemid;
 271
 272                 $qSql       = 'SELECT COUNT(*) AS result '
 273                                         . 'FROM ' . sql_table('comment')
 274                                         . ' WHERE '
 275                                         .      'cmail   = "' . $url . '"'
 276                                         . ' AND cmember = "' . $memberid . '"'
 277                                         . ' AND cbody   = "' . $body . '"'
 278                                         . ' AND citem   = "' . $itemid . '"'
 279                                         . ' AND cblog   = "' . $blogid . '"';
 280                 $result     = (integer) quickQuery($qSql);
 281                 if ($result > 0) {
 282                         return _ERROR_BADACTION;
 283                 }
 284
 285                 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '
 286                            . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')";
 287
 288                 sql_query($query);
 289
 290                 // post add comment
 291                 $commentid = sql_insert_id();
 292                 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
 293
 294                 // succeeded !
 295                 return true;
 296         }
 297
 298         /**
 299          * Checks if a comment is valid and call plugins
 300          * that can check if the comment is a spam comment
 301          */
 302         function isValidComment(&$comment, & $spamcheck) {
 303                 global $member, $manager;
 304
 305                 // check if there exists a item for this date
 306                 $item =& $manager->getItem($this->itemid,0,0);
 307
 308                 if (!$item)
 309                         return _ERROR_NOSUCHITEM;
 310
 311                 if ($item['closed'])
 312                         return _ERROR_ITEMCLOSED;
 313
 314                 // don't allow words that are too long
 315                 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false)
 316                         return _ERROR_COMMENT_LONGWORD;
 317
 318                 // check lengths of comment
 319                 if (strlen($comment['body'])<3)
 320                         return _ERROR_COMMENT_NOCOMMENT;
 321
 322                 if (strlen($comment['body'])>5000)
 323                         return _ERROR_COMMENT_TOOLONG;
 324
 325                 // only check username if no member logged in
 326                 if (!$member->isLoggedIn())
 327                         if (strlen($comment['user'])<2)
 328                                 return _ERROR_COMMENT_NOUSERNAME;
 329
 330                 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) {
 331                         return _ERROR_BADMAILADDRESS;
 332                 }
 333
 334                 // let plugins do verification (any plugin which thinks the comment is invalid
 335                 // can change 'error' to something other than '1')
 336                 $result = 1;
 337                 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck));
 338
 339                 return $result;
 340         }
 341
 342 }
 343
 344 ?>