4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2009 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * A class representing the comments (all of them) for a certain post on a ceratin blog
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2009 The Nucleus Group
18 * @version $Id: COMMENTS.php 1527 2011-06-21 10:43:44Z sakamocchi $
21 if ( !function_exists('requestVar') ) exit;
22 require_once dirname(__FILE__) . '/COMMENTACTIONS.php';
26 // reference to the itemActions object that is calling the showComments function
29 // item for which comment are being displayed
32 // total amount of comments displayed
36 * Comments::__construct()
37 * Creates a new Comments object for the given blog and item
39 * @param integer $itemid id of the item
42 public function __construct($itemid)
44 $this->itemid = (integer) $itemid;
49 * Comments::setItemActions()
50 * Used when parsing comments
52 * @param object $itemActions itemActions object, that will take care of the parsing
55 public function setItemActions(&$itemActions)
57 $this->itemActions =& $itemActions;
62 * Comments::showComments()
63 * Shows maximum $max comments to the given item using the given template
64 * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
66 * @param array template template to use
67 * @param integer maxToShow max. comments to show
68 * @param integer showNone indicates if the 'no comments' thingie should be outputted
69 * when there are no comments (useful for closed items)
70 * @param string highlight Highlight to use (if any)
71 * @return integer number of comments
73 public function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '')
75 global $CONF, $manager;
77 if ( $maxToShow == 0 )
79 $this->commentcount = $this->amountComments();
83 $query = 'SELECT citem as itemid, cnumber as commentid, cbody as body, cuser as user, cmail as userid, '
84 . 'cemail as email, cmember as memberid, ctime, chost as host, cip as ip, cblog as blogid '
85 . 'FROM %s as c WHERE citem=%d ORDER BY ctime';
87 $query = sprintf($query, sql_table('comment'), (integer) $this->itemid);
88 $comments = DB::getResult($query);
89 $this->commentcount = $comments->rowCount();
92 // create parser object & action handler
93 $handler = new CommentActions($this);
94 $handler->setTemplate($template);
96 $parser = new Parser($handler);
98 // if no result was found
99 if ( $this->commentcount == 0 )
101 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
104 $parser->parse($template['COMMENTS_NONE']);
109 // if too many comments to show
110 if ( ($maxToShow != -1) && ($this->commentcount > $maxToShow) )
112 $parser->parse($template['COMMENTS_TOOMUCH']);
116 $parser->parse($template['COMMENTS_HEADER']);
118 foreach ( $comments as $comment )
120 $comment['timestamp'] = strtotime($comment['ctime']);
121 $handler->setCurrentComment($comment);
122 $handler->setHighlight($highlight);
124 $manager->notify('PreComment', array('comment' => &$comment));
125 $parser->parse($template['COMMENTS_BODY']);
126 $manager->notify('PostComment', array('comment' => &$comment));
129 $parser->parse($template['COMMENTS_FOOTER']);
131 $comments->closeCursor();
133 return $this->commentcount;
137 * Comments::amountComments()
138 * Returns the amount of comments for this itemid
141 * @return integer number of comments
143 public function amountComments()
145 $query = 'SELECT COUNT(*) FROM %s WHERE citem=%d;';
146 $query = sprintf($query, sql_table('comment'), (integer) $this->itemid);
147 $res = DB::getValue($query);
153 * Comments::addComment()
154 * Adds a new comment to the database
156 * @param string $timestamp
157 * @param array $comment
160 public function addComment($timestamp, $comment)
162 global $CONF, $member, $manager;
164 $blogid = getBlogIDFromItemID($this->itemid);
166 $settings =& $manager->getBlog($blogid);
167 $settings->readSettings();
169 // begin if: comments disabled
170 if ( !$settings->commentsEnabled() )
172 return _ERROR_COMMENTS_DISABLED;
175 // begin if: public cannot comment
176 if ( !$settings->isPublic() && !$member->isLoggedIn() )
178 return _ERROR_COMMENTS_NONPUBLIC;
181 // begin if: comment uses a protected member name
182 if ( $CONF['ProtectMemNames'] && !$member->isLoggedIn() && Member::isNameProtected($comment['user']) )
184 return _ERROR_COMMENTS_MEMBERNICK;
187 // begin if: email required, but missing (doesn't apply to members)
188 if ( $settings->emailRequired() && i18n::strlen($comment['email']) == 0 && !$member->isLoggedIn() )
190 return _ERROR_EMAIL_REQUIRED;
193 // begin if: commenter's name is too long
194 if ( i18n::strlen($comment['user']) > 40 )
196 return _ERROR_USER_TOO_LONG;
199 // begin if: commenter's email is too long
200 if ( i18n::strlen($comment['email']) > 100 )
202 return _ERROR_EMAIL_TOO_LONG;
205 // begin if: commenter's url is too long
206 if ( i18n::strlen($comment['userid']) > 100 )
208 return _ERROR_URL_TOO_LONG;
211 $comment['timestamp'] = $timestamp;
212 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR') );
213 $comment['ip'] = serverVar('REMOTE_ADDR');
215 // begin if: member is logged in, use that data
216 if ( $member->isLoggedIn() )
218 $comment['memberid'] = $member->getID();
219 $comment['user'] = '';
220 $comment['userid'] = '';
221 $comment['email'] = '';
225 $comment['memberid'] = 0;
232 if ( isset($manager->subscriptions['ValidateForm']) )
234 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
237 if ( isset($manager->subscriptions['PreAddComment']) )
239 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
242 if ( isset($manager->subscriptions['PostAddComment']) )
244 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
247 $plugins = array_unique($plugins);
249 while ( list(, $plugin) = each($plugins) )
251 $p = $manager->getPlugin($plugin);
252 $continue = $continue || $p->supportsFeature('handleSpam');
257 'body' => $comment['body'],
258 'id' => $comment['itemid'],
260 'return' => $continue
263 // begin if: member logged in
264 if ( $member->isLoggedIn() )
266 $spamcheck['author'] = $member->displayname;
267 $spamcheck['email'] = $member->email;
272 $spamcheck['author'] = $comment['user'];
273 $spamcheck['email'] = $comment['email'];
274 $spamcheck['url'] = $comment['userid'];
277 $manager->notify('SpamCheck', array('spamcheck' => &$spamcheck) );
279 if ( !$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE )
281 return _ERROR_COMMENTS_SPAM;
284 // isValidComment returns either "1" or an error message
285 $isvalid = $this->isValidComment($comment, $spamcheck);
291 // begin if: send email to notification address
292 if ( $settings->getNotifyAddress() && $settings->notifyOnComment() )
295 $message = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
296 $temp = parse_url($CONF['Self']);
298 if ( $temp['scheme'] )
300 $message .= Link::create_item_link($this->itemid) . "\n\n";
304 $tempurl = $settings->getURL();
306 if ( i18n::substr($tempurl, -1) == '/' || i18n::substr($tempurl, -4) == '.php' )
308 $message .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
312 $message .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
316 if ( $comment['memberid'] == 0 )
318 $message .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
319 $message .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
323 $message .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
326 $message .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
327 $message .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
328 $message .= NOTIFICATION::get_mail_footer();
330 $item =& $manager->getItem($this->itemid, 0, 0);
331 $subject = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
333 $from = $member->getNotifyFromMailAddress($comment['email']);
335 NOTIFICATION::mail($settings->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());
338 $comment = Comment::prepare($comment);
340 $manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) );
342 $name = DB::quoteValue($comment['user']);
343 $url = DB::quoteValue($comment['userid']);
344 $email = DB::quoteValue($comment['email']);
345 $body = DB::quoteValue($comment['body']);
346 $host = DB::quoteValue($comment['host']);
347 $ip = DB::quoteValue($comment['ip']);
348 $memberid = intval($comment['memberid']);
349 $timestamp = DB::formatDateTime($comment['timestamp']);
350 $itemid = $this->itemid;
352 $qSql = 'SELECT COUNT(*) AS result '
353 . 'FROM ' . sql_table('comment')
356 . ' AND cmember = ' . $memberid
357 . ' AND cbody = ' . $body
358 . ' AND citem = ' . $itemid
359 . ' AND cblog = ' . $blogid;
360 $result = (integer) DB::getValue($qSql);
364 return _ERROR_BADACTION;
367 $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '
368 . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'
369 , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $blogid);
374 $commentid = DB::getInsertId();
375 $manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) );
382 * Comments::isValidComment()
383 * Checks if a comment is valid and call plugins
384 * that can check if the comment is a spam comment
386 * @param array $comment array with comment elements
387 * @param array $spamcheck array with spamcheck elements
388 * @return boolean valid or not
390 private function isValidComment(&$comment, &$spamcheck)
392 global $member, $manager;
394 // check if there exists a item for this date
395 $item =& $manager->getItem($this->itemid, 0, 0);
399 return _ERROR_NOSUCHITEM;
402 if ( $item['closed'] )
404 return _ERROR_ITEMCLOSED;
407 // don't allow words that are too long
408 if ( preg_match('/[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}/', $comment['body']) != 0 )
410 return _ERROR_COMMENT_LONGWORD;
413 // check lengths of comment
414 if ( i18n::strlen($comment['body']) < 3 )
416 return _ERROR_COMMENT_NOCOMMENT;
419 if ( i18n::strlen($comment['body']) > 5000 )
421 return _ERROR_COMMENT_TOOLONG;
424 // only check username if no member logged in
425 if ( !$member->isLoggedIn() && (i18n::strlen($comment['user']) < 2) )
427 return _ERROR_COMMENT_NOUSERNAME;
430 if ( (i18n::strlen($comment['email']) != 0) && !NOTIFICATION::address_validation(trim($comment['email'])) )
432 return _ERROR_BADMAILADDRESS;
435 // let plugins do verification (any plugin which thinks the comment is invalid
436 // can change 'error' to something other than '1')
438 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck) );