OSDN Git Service

Update project date from '2002 - 2009' to '2002 - 2010'.
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / COMMENTS.php
1 <?php
2
3 /*
4  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5  * Copyright (C) 2002-2010 The Nucleus Group
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * as published by the Free Software Foundation; either version 2
10  * of the License, or (at your option) any later version.
11  * (see nucleus/documentation/index.html#license for more info)
12  */
13 /**
14  * A class representing the comments (all of them) for a certain post on a ceratin blog
15  *
16  * @license http://nucleuscms.org/license.txt GNU General Public License
17  * @copyright Copyright (C) 2002-2010 The Nucleus Group
18  * @version $Id$
19  * $NucleusJP: COMMENTS.php,v 1.9.2.1 2007/08/08 05:32:21 kimitake Exp $
20  */
21
22 if ( !function_exists('requestVar') ) exit;
23 require_once dirname(__FILE__) . '/COMMENTACTIONS.php';
24
25 class COMMENTS {
26
27         // item for which comment are being displayed
28         var $itemid;
29
30         // reference to the itemActions object that is calling the showComments function
31         var $itemActions;
32
33         // total amount of comments displayed
34         var $commentcount;
35
36         /**
37          * Creates a new COMMENTS object for the given blog and item
38          *
39          * @param $itemid
40          *              id of the item
41          */
42         function COMMENTS($itemid) {
43                 $this->itemid = intval($itemid);
44         }
45
46         /**
47          * Used when parsing comments
48          *
49          * @param $itemActions
50          *              itemActions object, that will take care of the parsing
51          */
52         function setItemActions(&$itemActions) {
53                 $this->itemActions =& $itemActions;
54         }
55
56         /**
57          * Shows maximum $max comments to the given item using the given template
58          * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
59          *
60          * @param template
61          *              template to use
62          * @param maxToShow
63          *              max. comments to show
64          * @param showNone
65          *              indicates if the 'no comments' thingie should be outputted when there are no comments
66          *              (useful for closed items)
67          * @param highlight
68          *              Highlight to use (if any)
69          */
70         function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') {
71                 global $CONF, $manager;
72
73                 // create parser object & action handler
74                 $actions =& new COMMENTACTIONS($this);
75                 $parser =& new PARSER($actions->getDefinedActions(),$actions);
76                 $actions->setTemplate($template);
77                 $actions->setParser($parser);
78
79                 if ($maxToShow == 0) {
80                         $this->commentcount = $this->amountComments();
81                 } else {
82                         $query =  'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid'
83                                    . ' FROM '.sql_table('comment').' as c'
84                                    . ' WHERE c.citem=' . $this->itemid
85                                    . ' ORDER BY c.ctime';
86
87                         $comments = sql_query($query);
88                         $this->commentcount = sql_num_rows($comments);
89                 }
90
91                 // if no result was found
92                 if ($this->commentcount == 0) {
93                         // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
94                         if ($showNone) $parser->parse($template['COMMENTS_NONE']);
95                         return 0;
96                 }
97
98                 // if too many comments to show
99                 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) {
100                         $parser->parse($template['COMMENTS_TOOMUCH']);
101                         return 0;
102                 }
103
104                 $parser->parse($template['COMMENTS_HEADER']);
105
106                 while ( $comment = sql_fetch_assoc($comments) ) {
107                         $comment['timestamp'] = strtotime($comment['ctime']);
108                         $actions->setCurrentComment($comment);
109                         $actions->setHighlight($highlight);
110                         $manager->notify('PreComment', array('comment' => &$comment));
111                         $parser->parse($template['COMMENTS_BODY']);
112                         $manager->notify('PostComment', array('comment' => &$comment));
113                 }
114
115                 $parser->parse($template['COMMENTS_FOOTER']);
116
117                 sql_free_result($comments);
118
119                 return $this->commentcount;
120         }
121
122         /**
123          * Returns the amount of comments for this itemid
124          */
125         function amountComments() {
126                 $query =  'SELECT COUNT(*)'
127                            . ' FROM '.sql_table('comment').' as c'
128                            . ' WHERE c.citem='. $this->itemid;
129                 $res = sql_query($query);
130                 $arr = sql_fetch_row($res);
131
132                 return $arr[0];
133         }
134
135         /**
136          * Adds a new comment to the database
137          */
138         function addComment($timestamp, $comment) {
139                 global $CONF, $member, $manager;
140
141                 $blogid = getBlogIDFromItemID($this->itemid);
142
143                 $settings =& $manager->getBlog($blogid);
144                 $settings->readSettings();
145
146                 if (!$settings->commentsEnabled())
147                         return _ERROR_COMMENTS_DISABLED;
148
149                 if (!$settings->isPublic() && !$member->isLoggedIn())
150                         return _ERROR_COMMENTS_NONPUBLIC;
151
152                 // member name protection
153                 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user']))
154                         return _ERROR_COMMENTS_MEMBERNICK;
155
156                 // email required protection
157                 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
158                         return _ERROR_EMAIL_REQUIRED;
159                 }
160
161                 $comment['timestamp'] = $timestamp;
162                 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
163                 $comment['ip'] = serverVar('REMOTE_ADDR');
164
165                 // if member is logged in, use that data
166                 if ($member->isLoggedIn()) {
167                         $comment['memberid'] = $member->getID();
168                         $comment['user'] = '';
169                         $comment['userid'] = '';
170                         $comment['email'] = '';
171                 } else {
172                         $comment['memberid'] = 0;
173                 }
174
175                 // spam check
176                 $continue = false;
177                 $plugins = array();
178
179                 if (isset($manager->subscriptions['ValidateForm']))
180                         $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
181
182                 if (isset($manager->subscriptions['PreAddComment']))
183                         $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
184
185                 if (isset($manager->subscriptions['PostAddComment']))
186                         $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
187
188                 $plugins = array_unique($plugins);
189
190                 while (list(,$plugin) = each($plugins)) {
191                         $p = $manager->getPlugin($plugin);
192                         $continue = $continue || $p->supportsFeature('handleSpam');
193                 }
194
195                 $spamcheck = array (
196                         'type'          => 'comment',
197                         'body'          => $comment['body'],
198                         'id'        => $comment['itemid'],
199                         'live'          => true,
200                         'return'        => $continue
201                 );
202
203                 if ($member->isLoggedIn()) {
204                         $spamcheck['author'] = $member->displayname;
205                         $spamcheck['email'] = $member->email;
206                 } else {
207                         $spamcheck['author'] = $comment['user'];
208                         $spamcheck['email'] = $comment['email'];
209                         $spamcheck['url'] = $comment['userid'];
210                 }
211
212                 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck));
213
214                 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true)
215                         return _ERROR_COMMENTS_SPAM;
216
217
218                 // isValidComment returns either "1" or an error message
219                 $isvalid = $this->isValidComment($comment, $spamcheck);
220                 if ($isvalid != 1)
221                         return $isvalid;
222
223                 // send email to notification address, if any
224                 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
225
226                         $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
227 //                      $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
228                         $temp = parse_url($CONF['Self']);
229                         if ($temp['scheme']) {
230                                 $mailto_msg .= createItemLink($this->itemid) . "\n\n";
231                         } else {
232                                 $tempurl = $settings->getURL();
233                                 if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
234                                         $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
235                                 } else {
236                                         $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
237                                 }
238                         }
239                         if ($comment['memberid'] == 0) {
240                                 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
241                                 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
242                         } else {
243                                 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
244                         }
245                         $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
246                         $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
247                         $mailto_msg .= getMailFooter();
248
249                         $item =& $manager->getItem($this->itemid, 0, 0);
250                         $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
251
252                         $frommail = $member->getNotifyFromMailAddress($comment['email']);
253
254                         $notify =& new NOTIFICATION($settings->getNotifyAddress());
255                         $notify->notify($mailto_title, $mailto_msg , $frommail);
256                 }
257
258                 $comment = COMMENT::prepare($comment);
259
260                 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck));
261
262                 $name           = addslashes($comment['user']);
263                 $url            = addslashes($comment['userid']);
264                 $email      = addslashes($comment['email']);
265                 $body           = addslashes($comment['body']);
266                 $host           = addslashes($comment['host']);
267                 $ip                     = addslashes($comment['ip']);
268                 $memberid       = intval($comment['memberid']);
269                 $timestamp      = date('Y-m-d H:i:s', $comment['timestamp']);
270                 $itemid         = $this->itemid;
271
272                 $qSql       = 'SELECT COUNT(*) AS result '
273                                         . 'FROM ' . sql_table('comment')
274                                         . ' WHERE '
275                                         .      'cmail   = "' . $url . '"'
276                                         . ' AND cmember = "' . $memberid . '"'
277                                         . ' AND cbody   = "' . $body . '"'
278                                         . ' AND citem   = "' . $itemid . '"'
279                                         . ' AND cblog   = "' . $blogid . '"';
280                 $result     = (integer) quickQuery($qSql);
281                 if ($result > 0) {
282                         return _ERROR_BADACTION;
283                 }
284
285                 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '
286                            . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')";
287
288                 sql_query($query);
289
290                 // post add comment
291                 $commentid = sql_insert_id();
292                 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
293
294                 // succeeded !
295                 return true;
296         }
297
298         /**
299          * Checks if a comment is valid and call plugins
300          * that can check if the comment is a spam comment        
301          */
302         function isValidComment(&$comment, & $spamcheck) {
303                 global $member, $manager;
304
305                 // check if there exists a item for this date
306                 $item =& $manager->getItem($this->itemid,0,0);
307
308                 if (!$item)
309                         return _ERROR_NOSUCHITEM;
310
311                 if ($item['closed'])
312                         return _ERROR_ITEMCLOSED;
313
314                 // don't allow words that are too long
315                 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false)
316                         return _ERROR_COMMENT_LONGWORD;
317
318                 // check lengths of comment
319                 if (strlen($comment['body'])<3)
320                         return _ERROR_COMMENT_NOCOMMENT;
321
322                 if (strlen($comment['body'])>5000)
323                         return _ERROR_COMMENT_TOOLONG;
324
325                 // only check username if no member logged in
326                 if (!$member->isLoggedIn())
327                         if (strlen($comment['user'])<2)
328                                 return _ERROR_COMMENT_NOUSERNAME;
329
330                 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) {
331                         return _ERROR_BADMAILADDRESS;
332                 }
333
334                 // let plugins do verification (any plugin which thinks the comment is invalid
335                 // can change 'error' to something other than '1')
336                 $result = 1;
337                 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck));
338
339                 return $result;
340         }
341
342 }
343
344 ?>