4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2007 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * A class representing the comments (all of them) for a certain post on a ceratin blog
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2007 The Nucleus Group
18 * @version $Id: COMMENTS.php,v 1.9 2007-03-20 19:31:29 kmorimatsu Exp $
19 * $NucleusJP: COMMENTS.php,v 1.8 2007/03/13 05:12:19 shizuki Exp $
22 if ( !function_exists('requestVar') ) exit;
23 require_once dirname(__FILE__) . '/COMMENTACTIONS.php';
27 // item for which comment are being displayed
30 // reference to the itemActions object that is calling the showComments function
33 // total amount of comments displayed
37 * Creates a new COMMENTS object for the given blog and item
42 function COMMENTS($itemid) {
43 $this->itemid = intval($itemid);
46 * Used when parsing comments
49 * itemActions object, that will take care of the parsing
51 function setItemActions(&$itemActions) {
52 $this->itemActions =& $itemActions;
56 * Shows maximum $max comments to the given item using the given template
57 * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
62 * max. comments to show
64 * indicates if the 'no comments' thingie should be outputted when there are no comments
65 * (useful for closed items)
67 * Highlight to use (if any)
69 function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') {
70 global $CONF, $manager;
72 // create parser object & action handler
73 $actions =& new COMMENTACTIONS($this);
74 $parser =& new PARSER($actions->getDefinedActions(),$actions);
75 $actions->setTemplate($template);
76 $actions->setParser($parser);
78 if ($maxToShow == 0) {
79 $this->commentcount = $this->amountComments();
81 $query = 'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid'
82 . ' FROM '.sql_table('comment').' as c'
83 . ' WHERE c.citem=' . $this->itemid
84 . ' ORDER BY c.ctime';
86 $comments = sql_query($query);
87 $this->commentcount = mysql_num_rows($comments);
90 // if no result was found
91 if ($this->commentcount == 0) {
92 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
93 if ($showNone) $parser->parse($template['COMMENTS_NONE']);
97 // if too many comments to show
98 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) {
99 $parser->parse($template['COMMENTS_TOOMUCH']);
103 $parser->parse($template['COMMENTS_HEADER']);
105 while ( $comment = mysql_fetch_assoc($comments) ) {
106 $comment['timestamp'] = strtotime($comment['ctime']);
107 $actions->setCurrentComment($comment);
108 $actions->setHighlight($highlight);
109 $manager->notify('PreComment', array('comment' => &$comment));
110 $parser->parse($template['COMMENTS_BODY']);
111 $manager->notify('PostComment', array('comment' => &$comment));
114 $parser->parse($template['COMMENTS_FOOTER']);
116 mysql_free_result($comments);
118 return $this->commentcount;
122 * Returns the amount of comments for this itemid
124 function amountComments() {
125 $query = 'SELECT COUNT(*)'
126 . ' FROM '.sql_table('comment').' as c'
127 . ' WHERE c.citem='. $this->itemid;
128 $res = sql_query($query);
129 $arr = mysql_fetch_row($res);
135 function addComment($timestamp, $comment) {
136 global $CONF, $member, $manager;
138 $blogid = getBlogIDFromItemID($this->itemid);
140 $settings =& $manager->getBlog($blogid);
141 $settings->readSettings();
143 if (!$settings->commentsEnabled())
144 return _ERROR_COMMENTS_DISABLED;
146 if (!$settings->isPublic() && !$member->isLoggedIn())
147 return _ERROR_COMMENTS_NONPUBLIC;
149 // member name protection
150 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user']))
151 return _ERROR_COMMENTS_MEMBERNICK;
153 // email required protection
154 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
155 return _ERROR_EMAIL_REQUIRED;
158 $comment['timestamp'] = $timestamp;
159 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
160 $comment['ip'] = serverVar('REMOTE_ADDR');
162 // if member is logged in, use that data
163 if ($member->isLoggedIn()) {
164 $comment['memberid'] = $member->getID();
165 $comment['user'] = '';
166 $comment['userid'] = '';
167 $comment['email'] = '';
169 $comment['memberid'] = 0;
176 if (isset($manager->subscriptions['ValidateForm']))
177 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
179 if (isset($manager->subscriptions['PreAddComment']))
180 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
182 if (isset($manager->subscriptions['PostAddComment']))
183 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
185 $plugins = array_unique($plugins);
187 while (list(,$plugin) = each($plugins)) {
188 $p = $manager->getPlugin($plugin);
189 $continue = $continue || $p->supportsFeature('handleSpam');
194 'body' => $comment['body'],
195 'id' => $comment['itemid'],
197 'return' => $continue
200 if ($member->isLoggedIn()) {
201 $spamcheck['author'] = $member->displayname;
202 $spamcheck['email'] = $member->email;
204 $spamcheck['author'] = $comment['user'];
205 $spamcheck['email'] = $comment['email'];
206 $spamcheck['url'] = $comment['userid'];
209 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck));
211 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true)
212 return _ERROR_COMMENTS_SPAM;
215 // isValidComment returns either "1" or an error message
216 $isvalid = $this->isValidComment($comment, $spamcheck);
220 // send email to notification address, if any
221 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
223 $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
224 // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
225 $temp = parse_url($CONF['Self']);
226 if ($temp['scheme']) {
227 $mailto_msg .= createItemLink($this->itemid) . "\n\n";
229 $tempurl = $settings->getURL();
230 if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
231 $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
233 $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
236 if ($comment['memberid'] == 0) {
237 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
238 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
240 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
242 $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
243 $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
244 $mailto_msg .= getMailFooter();
246 $item =& $manager->getItem($this->itemid, 0, 0);
247 $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
249 $frommail = $member->getNotifyFromMailAddress($comment['userid']);
251 $notify =& new NOTIFICATION($settings->getNotifyAddress());
252 $notify->notify($mailto_title, $mailto_msg , $frommail);
255 $comment = COMMENT::prepare($comment);
257 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck));
259 $name = addslashes($comment['user']);
260 $url = addslashes($comment['userid']);
261 $email = addslashes($comment['email']);
262 $body = addslashes($comment['body']);
263 $host = addslashes($comment['host']);
264 $ip = addslashes($comment['ip']);
265 $memberid = intval($comment['memberid']);
266 $timestamp = date('Y-m-d H:i:s', $comment['timestamp']);
267 $itemid = $this->itemid;
269 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '
270 . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')";
275 $commentid = mysql_insert_id();
276 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
283 function isValidComment($comment, & $spamcheck) {
284 global $member, $manager;
286 // check if there exists a item for this date
287 $item =& $manager->getItem($this->itemid,0,0);
290 return _ERROR_NOSUCHITEM;
293 return _ERROR_ITEMCLOSED;
295 // don't allow words that are too long
296 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false)
297 return _ERROR_COMMENT_LONGWORD;
299 // check lengths of comment
300 if (strlen($comment['body'])<3)
301 return _ERROR_COMMENT_NOCOMMENT;
303 if (strlen($comment['body'])>5000)
304 return _ERROR_COMMENT_TOOLONG;
306 // only check username if no member logged in
307 if (!$member->isLoggedIn())
308 if (strlen($comment['user'])<2)
309 return _ERROR_COMMENT_NOUSERNAME;
311 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) {
312 return _ERROR_BADMAILADDRESS;
315 // let plugins do verification (any plugin which thinks the comment is invalid
316 // can change 'error' to something other than '1')
318 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck));