utf8/nucleus/libs/COMMENTS.php

   1 <?php
   2
   3 /*
   4  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
   5  * Copyright (C) 2002-2007 The Nucleus Group
   6  *
   7  * This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * as published by the Free Software Foundation; either version 2
  10  * of the License, or (at your option) any later version.
  11  * (see nucleus/documentation/index.html#license for more info)
  12  */
  13 /**
  14  * A class representing the comments (all of them) for a certain post on a ceratin blog
  15  *
  16  * @license http://nucleuscms.org/license.txt GNU General Public License
  17  * @copyright Copyright (C) 2002-2007 The Nucleus Group
  18  * @version $Id: COMMENTS.php,v 1.7 2007-02-04 06:28:46 kimitake Exp $
  19  * $NucleusJP: COMMENTS.php,v 1.6 2006/07/17 20:03:44 kimitake Exp $
  20  */
  21
  22 // temporary: dirt way to separe class COMMENTACTIONS from COMMENTS
  23 require_once $DIR_LIBS . 'COMMENTACTIONS.php';
  24
  25 class COMMENTS {
  26
  27         // item for which comment are being displayed
  28         var $itemid;
  29
  30         // reference to the itemActions object that is calling the showComments function
  31         var $itemActions;
  32
  33         // total amount of comments displayed
  34         var $commentcount;
  35
  36         /**
  37          * Creates a new COMMENTS object for the given blog and item
  38          *
  39          * @param $itemid
  40          *              id of the item
  41          */
  42         function COMMENTS($itemid) {
  43                 $this->itemid = intval($itemid);
  44         }
  45         /**
  46          * Used when parsing comments
  47          *
  48          * @param $itemActions
  49          *              itemActions object, that will take care of the parsing
  50          */
  51         function setItemActions(&$itemActions) {
  52                 $this->itemActions =& $itemActions;
  53         }
  54
  55         /**
  56          * Shows maximum $max comments to the given item using the given template
  57          * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
  58          *
  59          * @param template
  60          *              template to use
  61          * @param maxToShow
  62          *              max. comments to show
  63          * @param showNone
  64          *              indicates if the 'no comments' thingie should be outputted when there are no comments
  65          *              (useful for closed items)
  66          * @param highlight
  67          *              Highlight to use (if any)
  68          */
  69         function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '') {
  70                 global $CONF, $manager;
  71
  72                 // create parser object & action handler
  73                 $actions =& new COMMENTACTIONS($this);
  74                 $parser =& new PARSER($actions->getDefinedActions(),$actions);
  75                 $actions->setTemplate($template);
  76                 $actions->setParser($parser);
  77
  78                 if ($maxToShow == 0) {
  79                         $this->commentcount = $this->amountComments();
  80                 } else {
  81                         $query =  'SELECT c.citem as itemid, c.cnumber as commentid, c.cbody as body, c.cuser as user, c.cmail as userid, c.cemail as email, c.cmember as memberid, c.ctime, c.chost as host, c.cip as ip, c.cblog as blogid'
  82                                    . ' FROM '.sql_table('comment').' as c'
  83                                    . ' WHERE c.citem=' . $this->itemid
  84                                    . ' ORDER BY c.ctime';
  85
  86                         $comments = sql_query($query);
  87                         $this->commentcount = mysql_num_rows($comments);
  88                 }
  89
  90                 // if no result was found
  91                 if ($this->commentcount == 0) {
  92                         // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
  93                         if ($showNone) $parser->parse($template['COMMENTS_NONE']);
  94                         return 0;
  95                 }
  96
  97                 // if too many comments to show
  98                 if (($maxToShow != -1) && ($this->commentcount > $maxToShow)) {
  99                         $parser->parse($template['COMMENTS_TOOMUCH']);
 100                         return 0;
 101                 }
 102
 103                 $parser->parse($template['COMMENTS_HEADER']);
 104
 105                 while ( $comment = mysql_fetch_assoc($comments) ) {
 106                         $comment['timestamp'] = strtotime($comment['ctime']);
 107                         $actions->setCurrentComment($comment);
 108                         $actions->setHighlight($highlight);
 109                         $manager->notify('PreComment', array('comment' => &$comment));
 110                         $parser->parse($template['COMMENTS_BODY']);
 111                         $manager->notify('PostComment', array('comment' => &$comment));
 112                 }
 113
 114                 $parser->parse($template['COMMENTS_FOOTER']);
 115
 116                 mysql_free_result($comments);
 117
 118                 return $this->commentcount;
 119         }
 120
 121         /**
 122          * Returns the amount of comments for this itemid
 123          */
 124         function amountComments() {
 125                 $query =  'SELECT COUNT(*)'
 126                            . ' FROM '.sql_table('comment').' as c'
 127                            . ' WHERE c.citem='. $this->itemid;
 128                 $res = sql_query($query);
 129                 $arr = mysql_fetch_row($res);
 130
 131                 return $arr[0];
 132         }
 133
 134
 135         function addComment($timestamp, $comment) {
 136                 global $CONF, $member, $manager;
 137
 138                 $blogid = getBlogIDFromItemID($this->itemid);
 139
 140                 $settings =& $manager->getBlog($blogid);
 141                 $settings->readSettings();
 142
 143                 if (!$settings->commentsEnabled())
 144                         return _ERROR_COMMENTS_DISABLED;
 145
 146                 if (!$settings->isPublic() && !$member->isLoggedIn())
 147                         return _ERROR_COMMENTS_NONPUBLIC;
 148
 149                 // member name protection
 150                 if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user']))
 151                         return _ERROR_COMMENTS_MEMBERNICK;
 152
 153                 // email required protection
 154                 if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
 155                         return _ERROR_EMAIL_REQUIRED;
 156                 }
 157
 158                 $comment['timestamp'] = $timestamp;
 159                 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
 160                 $comment['ip'] = serverVar('REMOTE_ADDR');
 161
 162                 // if member is logged in, use that data
 163                 if ($member->isLoggedIn()) {
 164                         $comment['memberid'] = $member->getID();
 165                         $comment['user'] = '';
 166                         $comment['userid'] = '';
 167                         $comment['email'] = '';
 168                 } else {
 169                         $comment['memberid'] = 0;
 170                 }
 171
 172                 // spam check
 173                 $continue = false;
 174                 $plugins = array();
 175
 176                 if (isset($manager->subscriptions['ValidateForm']))
 177                         $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
 178
 179                 if (isset($manager->subscriptions['PreAddComment']))
 180                         $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
 181
 182                 if (isset($manager->subscriptions['PostAddComment']))
 183                         $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
 184
 185                 $plugins = array_unique($plugins);
 186
 187                 while (list(,$plugin) = each($plugins)) {
 188                         $p = $manager->getPlugin($plugin);
 189                         $continue = $continue || $p->supportsFeature('handleSpam');
 190                 }
 191
 192                 $spamcheck = array (
 193                         'type'          => 'comment',
 194                         'body'          => $comment['body'],
 195                         'id'        => $comment['itemid'],
 196                         'live'          => true,
 197                         'return'        => $continue
 198                 );
 199
 200                 if ($member->isLoggedIn()) {
 201                         $spamcheck['author'] = $member->displayname;
 202                         $spamcheck['email'] = $member->email;
 203                 } else {
 204                         $spamcheck['author'] = $comment['user'];
 205                         $spamcheck['email'] = $comment['email'];
 206                         $spamcheck['url'] = $comment['userid'];
 207                 }
 208
 209                 $manager->notify('SpamCheck', array ('spamcheck' => &$spamcheck));
 210
 211                 if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == true)
 212                         return _ERROR_COMMENTS_SPAM;
 213
 214
 215                 // isValidComment returns either "1" or an error message
 216                 $isvalid = $this->isValidComment($comment, $spamcheck);
 217                 if ($isvalid != 1)
 218                         return $isvalid;
 219
 220                 // send email to notification address, if any
 221                 if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
 222
 223                         $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
 224                         $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
 225                         if ($comment['memberid'] == 0) {
 226                                 $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
 227                                 $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
 228                         } else {
 229                                 $mailto_msg .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
 230                         }
 231                         $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
 232                         $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
 233                         $mailto_msg .= getMailFooter();
 234
 235                         $item =& $manager->getItem($this->itemid, 0, 0);
 236                         $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
 237
 238                         $frommail = $member->getNotifyFromMailAddress($comment['userid']);
 239
 240                         $notify =& new NOTIFICATION($settings->getNotifyAddress());
 241                         $notify->notify($mailto_title, $mailto_msg , $frommail);
 242                 }
 243
 244                 $comment = COMMENT::prepare($comment);
 245
 246                 $manager->notify('PreAddComment',array('comment' => &$comment, 'spamcheck' => &$spamcheck));
 247
 248                 $name           = addslashes($comment['user']);
 249                 $url            = addslashes($comment['userid']);
 250                 $email      = addslashes($comment['email']);
 251                 $body           = addslashes($comment['body']);
 252                 $host           = addslashes($comment['host']);
 253                 $ip                     = addslashes($comment['ip']);
 254                 $memberid       = intval($comment['memberid']);
 255                 $timestamp      = date('Y-m-d H:i:s', $comment['timestamp']);
 256                 $itemid         = $this->itemid;
 257
 258                 $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '
 259                            . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')";
 260
 261                 sql_query($query);
 262
 263                 // post add comment
 264                 $commentid = mysql_insert_id();
 265                 $manager->notify('PostAddComment',array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
 266
 267                 // succeeded !
 268                 return true;
 269         }
 270
 271
 272         function isValidComment($comment, & $spamcheck) {
 273                 global $member, $manager;
 274
 275                 // check if there exists a item for this date
 276                 $item =& $manager->getItem($this->itemid,0,0);
 277
 278                 if (!$item)
 279                         return _ERROR_NOSUCHITEM;
 280
 281                 if ($item['closed'])
 282                         return _ERROR_ITEMCLOSED;
 283
 284                 // don't allow words that are too long
 285                 if (eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}',$comment['body']) != false)
 286                         return _ERROR_COMMENT_LONGWORD;
 287
 288                 // check lengths of comment
 289                 if (strlen($comment['body'])<3)
 290                         return _ERROR_COMMENT_NOCOMMENT;
 291
 292                 if (strlen($comment['body'])>5000)
 293                         return _ERROR_COMMENT_TOOLONG;
 294
 295                 // only check username if no member logged in
 296                 if (!$member->isLoggedIn())
 297                         if (strlen($comment['user'])<2)
 298                                 return _ERROR_COMMENT_NOUSERNAME;
 299
 300                 if ((strlen($comment['email']) != 0) && !(isValidMailAddress($comment['email']))) {
 301                         return _ERROR_BADMAILADDRESS;
 302                 }
 303
 304                 // let plugins do verification (any plugin which thinks the comment is invalid
 305                 // can change 'error' to something other than '1')
 306                 $result = 1;
 307                 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck));
 308
 309                 return $result;
 310         }
 311
 312 }
 313
 314 ?>