4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
5 * Copyright (C) 2002-2012 The Nucleus Group
\r
7 * This program is free software; you can redistribute it and/or
\r
8 * modify it under the terms of the GNU General Public License
\r
9 * as published by the Free Software Foundation; either version 2
\r
10 * of the License, or (at your option) any later version.
\r
11 * (see nucleus/documentation/index.html#license for more info)
\r
14 * A class representing the comments (all of them) for a certain post on a ceratin blog
\r
16 * @license http://nucleuscms.org/license.txt GNU General Public License
\r
17 * @copyright Copyright (C) 2002-2012 The Nucleus Group
\r
18 * @version $Id: COMMENTS.php 1527 2011-06-21 10:43:44Z sakamocchi $
\r
21 if ( !function_exists('requestVar') ) exit;
\r
22 require_once dirname(__FILE__) . '/COMMENTACTIONS.php';
\r
26 // reference to the itemActions object that is calling the showComments function
\r
27 public $itemActions;
\r
29 // item for which comment are being displayed
\r
32 // total amount of comments displayed
\r
33 public $commentcount;
\r
36 * Comments::__construct()
\r
37 * Creates a new Comments object for the given blog and item
\r
39 * @param integer $itemid id of the item
\r
42 public function __construct($itemid)
\r
44 $this->itemid = (integer) $itemid;
\r
49 * Comments::setItemActions()
\r
50 * Used when parsing comments
\r
52 * @param object $itemActions itemActions object, that will take care of the parsing
\r
55 public function setItemActions(&$itemActions)
\r
57 $this->itemActions =& $itemActions;
\r
62 * Comments::showComments()
\r
63 * Shows maximum $max comments to the given item using the given template
\r
64 * returns the amount of shown comments (if maxToShow = -1, then there is no limit)
\r
66 * @param array template template to use
\r
67 * @param integer maxToShow max. comments to show
\r
68 * @param integer showNone indicates if the 'no comments' thingie should be outputted
\r
69 * when there are no comments (useful for closed items)
\r
70 * @param string highlight Highlight to use (if any)
\r
71 * @return integer number of comments
\r
73 public function showComments($template, $maxToShow = -1, $showNone = 1, $highlight = '')
\r
75 global $CONF, $manager;
\r
77 if ( $maxToShow == 0 )
\r
79 $this->commentcount = $this->amountComments();
\r
83 $query = 'SELECT citem as itemid, cnumber as commentid, cbody as body, cuser as user, cmail as userid, '
\r
84 . 'cemail as email, cmember as memberid, ctime, chost as host, cip as ip, cblog as blogid '
\r
85 . 'FROM %s as c WHERE citem=%d ORDER BY ctime';
\r
87 $query = sprintf($query, sql_table('comment'), (integer) $this->itemid);
\r
88 $comments = DB::getResult($query);
\r
89 $this->commentcount = $comments->rowCount();
\r
92 // create parser object & action handler
\r
93 $handler = new CommentActions($this);
\r
94 $handler->setTemplate($template);
\r
96 $parser = new Parser($handler);
\r
98 // if no result was found
\r
99 if ( $this->commentcount == 0 )
\r
101 // note: when no reactions, COMMENTS_HEADER and COMMENTS_FOOTER are _NOT_ used
\r
104 $parser->parse($template['COMMENTS_NONE']);
\r
109 // if too many comments to show
\r
110 if ( ($maxToShow != -1) && ($this->commentcount > $maxToShow) )
\r
112 $parser->parse($template['COMMENTS_TOOMUCH']);
\r
116 $parser->parse($template['COMMENTS_HEADER']);
\r
118 foreach ( $comments as $comment )
\r
120 $comment['timestamp'] = strtotime($comment['ctime']);
\r
121 $handler->setCurrentComment($comment);
\r
122 $handler->setHighlight($highlight);
\r
124 $manager->notify('PreComment', array('comment' => &$comment));
\r
125 $parser->parse($template['COMMENTS_BODY']);
\r
126 $manager->notify('PostComment', array('comment' => &$comment));
\r
129 $parser->parse($template['COMMENTS_FOOTER']);
\r
131 $comments->closeCursor();
\r
133 return $this->commentcount;
\r
137 * Comments::amountComments()
\r
138 * Returns the amount of comments for this itemid
\r
141 * @return integer number of comments
\r
143 public function amountComments()
\r
145 $query = 'SELECT COUNT(*) FROM %s WHERE citem=%d;';
\r
146 $query = sprintf($query, sql_table('comment'), (integer) $this->itemid);
\r
147 $res = DB::getValue($query);
\r
153 * Comments::addComment()
\r
154 * Adds a new comment to the database
\r
156 * @param string $timestamp
\r
157 * @param array $comment
\r
160 public function addComment($timestamp, $comment)
\r
162 global $CONF, $member, $manager;
\r
164 $blogid = getBlogIDFromItemID($this->itemid);
\r
166 $settings =& $manager->getBlog($blogid);
\r
167 $settings->readSettings();
\r
169 // begin if: comments disabled
\r
170 if ( !$settings->commentsEnabled() )
\r
172 return _ERROR_COMMENTS_DISABLED;
\r
175 // begin if: public cannot comment
\r
176 if ( !$settings->isPublic() && !$member->isLoggedIn() )
\r
178 return _ERROR_COMMENTS_NONPUBLIC;
\r
181 // begin if: comment uses a protected member name
\r
182 if ( $CONF['ProtectMemNames'] && !$member->isLoggedIn() && Member::isNameProtected($comment['user']) )
\r
184 return _ERROR_COMMENTS_MEMBERNICK;
\r
187 // begin if: email required, but missing (doesn't apply to members)
\r
188 if ( $settings->emailRequired() && i18n::strlen($comment['email']) == 0 && !$member->isLoggedIn() )
\r
190 return _ERROR_EMAIL_REQUIRED;
\r
193 // begin if: commenter's name is too long
\r
194 if ( i18n::strlen($comment['user']) > 40 )
\r
196 return _ERROR_USER_TOO_LONG;
\r
199 // begin if: commenter's email is too long
\r
200 if ( i18n::strlen($comment['email']) > 100 )
\r
202 return _ERROR_EMAIL_TOO_LONG;
\r
205 // begin if: commenter's url is too long
\r
206 if ( i18n::strlen($comment['userid']) > 100 )
\r
208 return _ERROR_URL_TOO_LONG;
\r
211 $comment['timestamp'] = $timestamp;
\r
212 $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR') );
\r
213 $comment['ip'] = serverVar('REMOTE_ADDR');
\r
215 // begin if: member is logged in, use that data
\r
216 if ( $member->isLoggedIn() )
\r
218 $comment['memberid'] = $member->getID();
\r
219 $comment['user'] = '';
\r
220 $comment['userid'] = '';
\r
221 $comment['email'] = '';
\r
225 $comment['memberid'] = 0;
\r
230 $plugins = array();
\r
232 if ( isset($manager->subscriptions['ValidateForm']) )
\r
234 $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
\r
237 if ( isset($manager->subscriptions['PreAddComment']) )
\r
239 $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
\r
242 if ( isset($manager->subscriptions['PostAddComment']) )
\r
244 $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
\r
247 $plugins = array_unique($plugins);
\r
249 while ( list(, $plugin) = each($plugins) )
\r
251 $p = $manager->getPlugin($plugin);
\r
252 $continue = $continue || $p->supportsFeature('handleSpam');
\r
255 $spamcheck = array(
\r
256 'type' => 'comment',
\r
257 'body' => $comment['body'],
\r
258 'id' => $comment['itemid'],
\r
260 'return' => $continue
\r
263 // begin if: member logged in
\r
264 if ( $member->isLoggedIn() )
\r
266 $spamcheck['author'] = $member->displayname;
\r
267 $spamcheck['email'] = $member->email;
\r
272 $spamcheck['author'] = $comment['user'];
\r
273 $spamcheck['email'] = $comment['email'];
\r
274 $spamcheck['url'] = $comment['userid'];
\r
277 $manager->notify('SpamCheck', array('spamcheck' => &$spamcheck) );
\r
279 if ( !$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE )
\r
281 return _ERROR_COMMENTS_SPAM;
\r
284 // isValidComment returns either "1" or an error message
\r
285 $isvalid = $this->isValidComment($comment, $spamcheck);
\r
286 if ( $isvalid != 1 )
\r
291 // begin if: send email to notification address
\r
292 if ( $settings->getNotifyAddress() && $settings->notifyOnComment() )
\r
295 $message = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
\r
296 $temp = parse_url($CONF['Self']);
\r
298 if ( $temp['scheme'] )
\r
300 $message .= Link::create_item_link($this->itemid) . "\n\n";
\r
304 $tempurl = $settings->getURL();
\r
306 if ( i18n::substr($tempurl, -1) == '/' || i18n::substr($tempurl, -4) == '.php' )
\r
308 $message .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
\r
312 $message .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
\r
316 if ( $comment['memberid'] == 0 )
\r
318 $message .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
\r
319 $message .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
\r
323 $message .= _NOTIFY_MEMBER .' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
\r
326 $message .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
\r
327 $message .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
\r
328 $message .= NOTIFICATION::get_mail_footer();
\r
330 $item =& $manager->getItem($this->itemid, 0, 0);
\r
331 $subject = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
\r
333 $from = $member->getNotifyFromMailAddress($comment['email']);
\r
335 NOTIFICATION::mail($settings->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());
\r
338 $comment = Comment::prepare($comment);
\r
340 $manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) );
\r
342 $name = DB::quoteValue($comment['user']);
\r
343 $url = DB::quoteValue($comment['userid']);
\r
344 $email = DB::quoteValue($comment['email']);
\r
345 $body = DB::quoteValue($comment['body']);
\r
346 $host = DB::quoteValue($comment['host']);
\r
347 $ip = DB::quoteValue($comment['ip']);
\r
348 $memberid = intval($comment['memberid']);
\r
349 $timestamp = DB::formatDateTime($comment['timestamp']);
\r
350 $itemid = $this->itemid;
\r
352 $qSql = 'SELECT COUNT(*) AS result '
\r
353 . 'FROM ' . sql_table('comment')
\r
355 . 'cmail = ' . $url
\r
356 . ' AND cmember = ' . $memberid
\r
357 . ' AND cbody = ' . $body
\r
358 . ' AND citem = ' . $itemid
\r
359 . ' AND cblog = ' . $blogid;
\r
360 $result = (integer) DB::getValue($qSql);
\r
364 return _ERROR_BADACTION;
\r
367 $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '
\r
368 . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'
\r
369 , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $blogid);
\r
371 DB::execute($query);
\r
373 // post add comment
\r
374 $commentid = DB::getInsertId();
\r
375 $manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) );
\r
382 * Comments::isValidComment()
\r
383 * Checks if a comment is valid and call plugins
\r
384 * that can check if the comment is a spam comment
\r
386 * @param array $comment array with comment elements
\r
387 * @param array $spamcheck array with spamcheck elements
\r
388 * @return boolean valid or not
\r
390 private function isValidComment(&$comment, &$spamcheck)
\r
392 global $member, $manager;
\r
394 // check if there exists a item for this date
\r
395 $item =& $manager->getItem($this->itemid, 0, 0);
\r
399 return _ERROR_NOSUCHITEM;
\r
402 if ( $item['closed'] )
\r
404 return _ERROR_ITEMCLOSED;
\r
407 // don't allow words that are too long
\r
408 if ( preg_match('/[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}/', $comment['body']) != 0 )
\r
410 return _ERROR_COMMENT_LONGWORD;
\r
413 // check lengths of comment
\r
414 if ( i18n::strlen($comment['body']) < 3 )
\r
416 return _ERROR_COMMENT_NOCOMMENT;
\r
419 if ( i18n::strlen($comment['body']) > 5000 )
\r
421 return _ERROR_COMMENT_TOOLONG;
\r
424 // only check username if no member logged in
\r
425 if ( !$member->isLoggedIn() && (i18n::strlen($comment['user']) < 2) )
\r
427 return _ERROR_COMMENT_NOUSERNAME;
\r
430 if ( (i18n::strlen($comment['email']) != 0) && !NOTIFICATION::address_validation(trim($comment['email'])) )
\r
432 return _ERROR_BADMAILADDRESS;
\r
435 // let plugins do verification (any plugin which thinks the comment is invalid
\r
436 // can change 'error' to something other than '1')
\r
438 $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck) );
\r