4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2009 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * A class representing the comments (all of them) for a certain post on a ceratin blog
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2009 The Nucleus Group
19 * $NucleusJP: COMMENTS.php,v 1.9.2.1 2007/08/08 05:32:21 kimitake Exp $
22 if ( !function_exists('requestVar') ) exit;
\r
23 require_once dirname(__FILE__) . '/COMMENTACTIONS.php';
\r
27 // item for which comment are being displayed
\r
30 // reference to the itemActions object that is calling the showComments function
\r
33 // total amount of comments displayed
\r
37 * Creates a new COMMENTS object for the given blog and item
\r
42 function COMMENTS($itemid) {
\r
43 $this->itemid = intval($itemid);
\r
47 * Used when parsing comments
\r
49 * @param $itemActions
\r
50 * itemActions object, that will take care of the parsing
\r
52 function setItemActions(&$itemActions) {
\r
53 $this->itemActions =& $itemActions;
\r
57 * Shows maximum $max comments to the given item using the given template
\r
58 * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
\r
63 * max. comments to show
\r
65 * indicates if the 'no comments' thingie should be outputted when there are no comments
\r
66 * (useful for closed items)
\r
68 * Highlight to use (if any)
\r
70 function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') {
\r
71 global $CONF, $manager;
\r
73 // create parser object & action handler
\r
74 $actions =& new COMMENTACTIONS($this);
\r
75 $parser =& new PARSER($actions->getDefinedActions(),$actions);
\r
76 $actions->setTemplate($template);
\r
77 $actions->setParser($parser);
\r
79 if ($maxToShow == 0) {
\r
80 $this->commentcount = $this->amountComments();
\r
82 $query = 'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid'
\r
83 . ' FROM '.sql_table('comment').' as c'
\r
84 . ' WHERE c.citem=' . $this->itemid
\r
85 . ' ORDER BY c.ctime';
\r
87 $comments = sql_query($query);
\r
88 $this->commentcount = mysql_num_rows($comments);
\r
91 // if no result was found
\r
92 if ($this->commentcount == 0) {
\r
93 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
\r
94 if ($showNone) $parser->parse($template['COMMENTS_NONE']);
\r
98 // if too many comments to show
\r
99 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) {
\r
100 $parser->parse($template['COMMENTS_TOOMUCH']);
\r
104 $parser->parse($template['COMMENTS_HEADER']);
\r
106 while ( $comment = mysql_fetch_assoc($comments) ) {
\r
107 $comment['timestamp'] = strtotime($comment['ctime']);
\r
108 $actions->setCurrentComment($comment);
\r
109 $actions->setHighlight($highlight);
\r
110 $manager->notify('PreComment', array('comment' => &$comment));
\r
111 $parser->parse($template['COMMENTS_BODY']);
\r
112 $manager->notify('PostComment', array('comment' => &$comment));
\r
115 $parser->parse($template['COMMENTS_FOOTER']);
\r
117 mysql_free_result($comments);
\r
119 return $this->commentcount;
\r
123 * Returns the amount of comments for this itemid
\r
125 function amountComments() {
\r
126 $query = 'SELECT COUNT(*)'
\r
127 . ' FROM '.sql_table('comment').' as c'
\r
128 . ' WHERE c.citem='. $this->itemid;
\r
129 $res = sql_query($query);
\r
130 $arr = mysql_fetch_row($res);
\r
136 * Adds a new comment to the database
\r
138 function addComment($timestamp, $comment) {
\r
139 global $CONF, $member, $manager;
\r
141 $blogid = getBlogIDFromItemID($this->itemid);
\r
143 $settings =& $manager->getBlog($blogid);
\r
144 $settings->readSettings();
\r
146 if (!$settings->commentsEnabled())
\r
147 return _ERROR_COMMENTS_DISABLED;
\r
149 if (!$settings->isPublic() && !$member->isLoggedIn())
\r
150 return _ERROR_COMMENTS_NONPUBLIC;
\r
152 // member name protection
\r
153 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user']))
\r
154 return _ERROR_COMMENTS_MEMBERNICK;
\r
156 // email required protection
\r
157 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
\r
158 return _ERROR_EMAIL_REQUIRED;
\r
161 $comment['timestamp'] = $timestamp;
\r
162 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
\r
163 $comment['ip'] = serverVar('REMOTE_ADDR');
\r
165 // if member is logged in, use that data
\r
166 if ($member->isLoggedIn()) {
\r
167 $comment['memberid'] = $member->getID();
\r
168 $comment['user'] = '';
\r
169 $comment['userid'] = '';
\r
170 $comment['email'] = '';
\r
172 $comment['memberid'] = 0;
\r
177 $plugins = array();
\r
179 if (isset($manager->subscriptions['ValidateForm']))
\r
180 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
\r
182 if (isset($manager->subscriptions['PreAddComment']))
\r
183 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
\r
185 if (isset($manager->subscriptions['PostAddComment']))
\r
186 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
\r
188 $plugins = array_unique($plugins);
\r
190 while (list(,$plugin) = each($plugins)) {
\r
191 $p = $manager->getPlugin($plugin);
\r
192 $continue = $continue || $p->supportsFeature('handleSpam');
\r
195 $spamcheck = array (
\r
196 'type' => 'comment',
\r
197 'body' => $comment['body'],
\r
198 'id' => $comment['itemid'],
\r
200 'return' => $continue
\r
203 if ($member->isLoggedIn()) {
\r
204 $spamcheck['author'] = $member->displayname;
\r
205 $spamcheck['email'] = $member->email;
\r
207 $spamcheck['author'] = $comment['user'];
\r
208 $spamcheck['email'] = $comment['email'];
\r
209 $spamcheck['url'] = $comment['userid'];
\r
212 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck));
\r
214 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true)
\r
215 return _ERROR_COMMENTS_SPAM;
\r
218 // isValidComment returns either "1" or an error message
\r
219 $isvalid = $this->isValidComment($comment, $spamcheck);
\r
223 // send email to notification address, if any
\r
224 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
\r
226 $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
\r
227 // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
\r
228 $temp = parse_url($CONF['Self']);
\r
229 if ($temp['scheme']) {
\r
230 $mailto_msg .= createItemLink($this->itemid) . "\n\n";
\r
232 $tempurl = $settings->getURL();
\r
233 if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
\r
234 $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
\r
236 $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
\r
239 if ($comment['memberid'] == 0) {
\r
240 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
\r
241 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
\r
243 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
\r
245 $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
\r
246 $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
\r
247 $mailto_msg .= getMailFooter();
\r
249 $item =& $manager->getItem($this->itemid, 0, 0);
\r
250 $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
\r
252 $frommail = $member->getNotifyFromMailAddress($comment['email']);
\r
254 $notify =& new NOTIFICATION($settings->getNotifyAddress());
\r
255 $notify->notify($mailto_title, $mailto_msg , $frommail);
\r
258 $comment = COMMENT::prepare($comment);
\r
260 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck));
\r
262 $name = addslashes($comment['user']);
\r
263 $url = addslashes($comment['userid']);
\r
264 $email = addslashes($comment['email']);
\r
265 $body = addslashes($comment['body']);
\r
266 $host = addslashes($comment['host']);
\r
267 $ip = addslashes($comment['ip']);
\r
268 $memberid = intval($comment['memberid']);
\r
269 $timestamp = date('Y-m-d H:i:s', $comment['timestamp']);
\r
270 $itemid = $this->itemid;
\r
272 $qSql = 'SELECT COUNT(*) AS result '
\r
273 . 'FROM ' . sql_table('comment')
\r
275 . 'cmail = "' . $url . '"'
\r
276 . ' AND cmember = "' . $memberid . '"'
\r
277 . ' AND cbody = "' . $body . '"'
\r
278 . ' AND citem = "' . $itemid . '"'
\r
279 . ' AND cblog = "' . $blogid . '"';
\r
280 $result = (integer) quickQuery($qSql);
\r
282 return _ERROR_BADACTION;
\r
285 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '
\r
286 . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')";
\r
290 // post add comment
\r
291 $commentid = mysql_insert_id();
\r
292 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
\r
299 * Checks if a comment is valid and call plugins
\r
300 * that can check if the comment is a spam comment
\r
302 function isValidComment(&$comment, & $spamcheck) {
\r
303 global $member, $manager;
\r
305 // check if there exists a item for this date
\r
306 $item =& $manager->getItem($this->itemid,0,0);
\r
309 return _ERROR_NOSUCHITEM;
\r
311 if ($item['closed'])
\r
312 return _ERROR_ITEMCLOSED;
\r
314 // don't allow words that are too long
\r
315 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false)
\r
316 return _ERROR_COMMENT_LONGWORD;
\r
318 // check lengths of comment
\r
319 if (strlen($comment['body'])<3)
\r
320 return _ERROR_COMMENT_NOCOMMENT;
\r
322 if (strlen($comment['body'])>5000)
\r
323 return _ERROR_COMMENT_TOOLONG;
\r
325 // only check username if no member logged in
\r
326 if (!$member->isLoggedIn())
\r
327 if (strlen($comment['user'])<2)
\r
328 return _ERROR_COMMENT_NOUSERNAME;
\r
330 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) {
\r
331 return _ERROR_BADMAILADDRESS;
\r
334 // let plugins do verification (any plugin which thinks the comment is invalid
\r
335 // can change 'error' to something other than '1')
\r
337 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck));
\r