Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
drupal/modules/comment.module

710 lines
21 KiB
Plaintext
Raw Blame History

<?
// $Id$
$GLOBALS["cmodes"] = array(1 => "Flat list - collapsed", 2 => "Flat list - expanded", 3 => "Threaded list - collapsed", 4 => "Threaded list - expanded");
$GLOBALS["corder"] = array(1 => "Date - newest first", 2 => "Date - oldest first");
function comment_settings($mode, $order, $threshold) {
global $user;
if ($user->uid) {
$user = user_save($user, array("mode" => $mode, "sort" => $order, "threshold" => $threshold));
}
}
function comment_num_all($nid) {
$comment = db_fetch_object(db_query("SELECT COUNT(c.nid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.nid WHERE n.nid = '$nid' GROUP BY n.nid"));
return $comment->number ? $comment->number : 0;
}
function comment_num_new($nid) {
global $user;
if ($user->uid) {
/*
** Retrieve the timestamp at which the current user last viewed
** the specified node and use this timestamp to find the number
** of new comments.
*/
$history = db_fetch_object(db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$nid'"));
$comment = db_fetch_object(db_query("SELECT COUNT(c.nid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.nid WHERE n.nid = '$nid' AND timestamp > '". ($history->timestamp ? $history->timestamp : 0) ."' GROUP BY n.nid"));
return $comment->number ? $comment->number : 0;
}
else {
return 0;
}
}
function comment_tag_new($nid) {
global $user;
if ($user->uid) {
$nid = check_query($nid);
$result = db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$nid'");
if (db_fetch_object($result)) {
db_query("UPDATE history SET timestamp = '". time() ."' WHERE uid = '$user->uid' AND nid = '$nid'");
}
else {
db_query("INSERT INTO history (uid, nid, timestamp) VALUES ('$user->uid', '$nid', '". time() ."')");
}
}
}
function comment_is_new($comment) {
global $user;
static $date;
if (!$date) {
if ($user->uid) {
$history = db_fetch_object(db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$comment->nid'"));
$date = $history->timestamp ? $history->timestamp : 0;
}
else {
$date = time();
}
}
if ($comment->timestamp > $date) {
return 1;
}
else {
return 0;
}
}
function comment_access($op, $comment) {
global $user;
if ($op == "edit") {
/*
** Authenticated users can edit their comments as long they have
** not been replied to. This, in order to avoid people changing
** or revising their statements based on the replies their posts
** got. Furthermore, users can't reply to their own comments and
** are encouraged to extend their original comment.
*/
return $user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0;
}
}
function comment_form($edit) {
global $user;
$form .= "<a name=\"comment\"></a>\n";
// name field:
$form .= form_item(t("Your name"), format_name($user));
// subject field:
$form .= form_textfield(t("Subject"), "subject", $edit["subject"], 50, 64);
// comment field:
$form .= form_textarea(t("Comment"), "comment", $edit["comment"] ? $edit["comment"] : $user->signature, 70, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
// preview button:
$form .= form_hidden("cid", $edit["cid"]);
$form .= form_hidden("pid", $edit["pid"]);
$form .= form_hidden("nid", $edit["nid"]);
if (!$edit["comment"]) {
$form .= form_submit(t("Preview comment"));
}
else {
$form .= form_submit(t("Preview comment"));
$form .= form_submit(t("Post comment"));
}
return form($form);
}
function comment_edit($cid) {
global $user;
$comment = db_fetch_object(db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$cid'"));
if (comment_access("edit", $comment)) {
comment_preview(object2array($comment));
}
}
function comment_reply($pid, $nid) {
global $theme;
if ($pid) {
$comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$pid'"));
comment_view($comment, t("reply to this comment"));
}
else {
node_view(node_load(array("nid" => $nid)));
$pid = 0;
}
if (user_access("post comments")) {
$theme->box(t("Reply"), comment_form(array("pid" => $pid, "nid" => $nid)));
}
else {
$theme->box(t("Reply"), t("You are not authorized to post comments."));
}
}
function comment_preview($edit) {
global $theme, $user;
foreach ($edit as $key => $value) {
$comment->$key = filter($value);
}
/*
** Attach the user information:
*/
$comment->uid = $user->uid;
$comment->name = $user->name;
/*
** Attach the time:
*/
$comment->timestamp = time();
/*
** Preview the comment:
*/
comment_view($comment, t("reply to this comment"));
$theme->box(t("Reply"), comment_form($edit));
}
function comment_post($edit) {
global $theme, $user;
if (user_access("post comments")) {
/*
** Validate the comment's subject. If not specified, extract
** one from the comment's body.
*/
$edit["subject"] = strip_tags(($edit["subject"] ? $edit["subject"] : substr($edit["comment"], 0, 29)));
/*
** Validate the comment's body.
*/
$edit["comment"] = filter($edit["comment"]);
/*
** Check for duplicate comments. Note that we have to use the
** validated/filtered data to perform such check.
*/
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_query($edit["pid"]) ."' AND nid = '". check_query($edit["nid"]) ."' AND subject = '". check_query($edit["subject"]) ."' AND comment = '". check_query($edit["comment"]) ."'"), 0);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '". $edit["subject"] ."'");
}
else {
if ($edit["cid"]) {
/*
** Update the comment in the database. Note that the update
** query will fail if the comment isn't owned by the current
** user.
*/
db_query("UPDATE comments SET subject = '". check_query($edit["subject"]) ."', comment = '". check_query($edit["comment"]) ."' WHERE cid = '". check_query($edit["cid"]) ."' AND uid = '$user->uid'");
/*
** Add entry to the watchdog log:
*/
watchdog("special", "comment: updated '". $edit["subject"] ."'");
}
else {
/*
** Check the user's comment submission rate. If exceeded,
** throttle() will bail out.
*/
throttle("post comment", variable_get("max_comment_rate", 60));
/*
** Add the comment to database:
*/
db_query("INSERT INTO comments (nid, pid, uid, subject, comment, hostname, timestamp) VALUES ('". check_query($edit["nid"]) ."', '". check_query($edit["pid"]) ."', '$user->uid', '". check_query($edit["subject"]) ."', '". check_query($edit["comment"]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
/*
** Add entry to the watchdog log:
*/
watchdog("special", "comment: added '". $edit["subject"] ."'");
}
/*
** Clear the cache:
*/
cache_clear();
}
}
/*
** Redirect the user the node he commented on:
*/
$url = "node.php?id=". $edit["nid"];
drupal_goto($url);
}
function comment_num_replies($id) {
$result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$id'");
return ($result) ? db_result($result, 0) : 0;
}
function comment_moderation($comment) {
global $user;
// XXX: disabled for now
return "";
$values = array("--", "1", "2", "3", "4", "5");
$moderate = db_fetch_object(db_query("SELECT * FROM moderate WHERE cid = '$comment->cid' AND uid = '$user->uid'"));
foreach ($values as $key => $value) {
$options .= " <option value=\"$key\"". ($moderate->score == $key ? " selected=\"selected\"" : "") .">$value</option>\n";
}
$output .= "<select name=\"moderate[comment][$comment->cid]\">$options</select><br />". ($comment->score ? $comment->score : "--") ." / $comment->votes";
return $output;
}
function comment_threshold($threshold) {
// XXX: disabled for now
return "";
for ($i = 0; $i < 6; $i++) $options .= " <option value=\"$i\"". ($threshold == $i ? " SELECTED" : "") .">". t("Visibility") ." - $i</option>";
return "<select name=\"threshold\">$options</select>\n";
}
function comment_mode($mode) {
global $cmodes;
foreach ($cmodes as $key => $value) $options .= " <option value=\"$key\"". ($mode == $key ? " SELECTED" : "") .">$value</option>\n";
return "<select name=\"mode\">$options</select>\n";
}
function comment_order($order) {
global $corder;
foreach ($corder as $key=>$value) $options .= " <option value=\"$key\"". ($order == $key ? " SELECTED" : "") .">$value</option>\n";
return "<select name=\"order\">$options</select>\n";
}
function comment_query($nid, $order, $pid = -1) {
$query .= "SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.nid = '$nid'";
if ($pid >= 0) {
$query .= " AND pid = '$pid'";
}
$query .= " GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name";
if ($order == 1) {
$query .= " ORDER BY c.timestamp DESC";
}
else if ($order == 2) {
$query .= " ORDER BY c.timestamp";
}
return db_query($query);
}
function comment_visible($comment, $threshold = 0) {
if ($comment->votes == 0 || $comment->score >= $threshold) {
return 1;
}
else {
return 0;
}
}
function comment_links($comment, $return = 1) {
global $user, $theme;
$links = array();
if ($return) {
$links[] = "<a href=\"node.php?id=$comment->nid#$comment->cid\"><font color=\"$theme->type\">". t("return") ."</font></a>";
}
if (user_access("administer comments")) {
$links[] = "<a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\" title=\"". t("Administer this comment.") ."\"><font color=\"$theme->type\">". t("administer") ."</font></a>";
}
if (user_access("post comments")) {
if (comment_access("edit", $comment)) {
$links[] = "<a href=\"module.php?mod=comment&op=edit&id=$comment->cid\"><font color=\"$theme->type\" title=\"". t("Make changes to your comment.") ."\">". t("edit your comment") ."</font></a>";
}
else {
$links[] = "<a href=\"module.php?mod=comment&op=reply&id=$comment->nid&pid=$comment->cid\" title=\"". t("Reply to this comment.") ."\"><font color=\"$theme->type\">". t("reply to this comment") ."</font></a>";
}
}
return $theme->links($links);
}
function comment_view($comment, $folded = 0) {
global $theme, $id;
if (comment_is_new($comment)) {
$comment->subject = "$comment->subject <font color=\"red\">*</font>";
}
if ($folded) {
$theme->comment($comment, $folded);
}
else {
print "<a href=\"node.php?id=$comment->nid&cid=$comment->cid#$comment->cid\">". check_output($comment->subject) ."</a> by ". format_name($comment) ."</small><p />";
}
}
function comment_thread_min($comments, $threshold, $pid = 0) {
global $user;
foreach ($comments as $comment) {
if ($comment->pid == $pid) {
print "<ul>";
print comment_view($comment);
comment_thread_min($comments, $threshold, $comment->cid);
print "</ul>";
}
}
}
function comment_thread_max($comments, $threshold, $pid = 0, $level = 0) {
global $user;
/*
** We had quite a few browser specific issues: expanded comments below
** the top level got truncated on the right hand side. A range of
** solutions have been proposed and tried but either the right margins of
** the comments didn't line up well, or the heavily nested tables made
** for slow rendering and cluttered HTML. This is the best work-around
** in terms of speed and size.
*/
foreach ($comments as $comment) {
if ($comment->pid == $pid) {
print "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\"><tr><td width=\"". ($level * 25) ."\">&nbsp;</td><td>\n";
comment_view($comment, comment_links($comment, 0));
print "</td></tr></table>\n";
comment_thread_max($comments, $threshold, $comment->cid, $level + 1);
}
}
}
function comment_render($nid, $cid) {
global $user, $theme, $mode, $order, $threshold, $REQUEST_URI;
if (user_access("access comments")) {
/*
** Pre-process variables:
*/
if (empty($nid)) {
$nid = 0;
}
if (empty($cid)) {
$cid = 0;
}
if (empty($mode)) {
$mode = $user->uid ? $user->mode : variable_get("default_comment_mode", 4);
}
if (empty($order)) {
$order = $user->uid ? $user->sort : variable_get("default_comment_order", 1);
}
if (empty($threshold)) {
// $threshold = $user->uid ? $user->threshold : variable_get("default_comment_threshold", 3);
$threshold = 0;
}
print "<a name=\"comment\"></a>\n";
print "<form method=\"post\" action=\"$REQUEST_URI\">\n";
/*
** Render control panel:
*/
$theme->box(t("Control panel"), $theme->comment_controls($threshold, $mode, $order));
if ($cid > 0) {
$result = db_query("SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$cid' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_links($comment));
}
}
else {
if ($mode == 1) {
$result = comment_query($nid, $order);
print "<table border=\"0\" cellpadding=\"2\" cellspacing=\"2\">\n";
print " <tr><th>Subject</th><th>Author</th><th>Date</th><th>Score</th></tr>\n";
while ($comment = db_fetch_object($result)) {
if (comment_visible($comment, $threshold)) {
print " <tr><td><a href=\"node.php?id=$comment->nid&cid=$comment->cid#$comment->cid\">". check_output($comment->subject) ."</a></td><td>". format_name($comment) ."</td><td>". format_date($comment->timestamp, "small") ."</td><td>$comment->score</td></tr>\n";
}
}
print "</table>\n";
}
else if ($mode == 2) {
$result = comment_query($nid, $order);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_links($comment, 0) : 0));
}
}
else if ($mode == 3) {
$result = comment_query($nid, $order);
while ($comment = db_fetch_object($result)) {
$comments[] = $comment;
}
if ($comments) {
comment_thread_min($comments, $threshold);
}
}
else {
$result = comment_query($nid, $order);
while ($comment = db_fetch_object($result)) {
$comments[] = $comment;
}
if ($comments) {
comment_thread_max($comments, $threshold);
}
}
}
print "</form>";
/*
** Tag the node's comments as being read:
*/
comment_tag_new($nid);
}
}
function comment_search($keys) {
global $PHP_SELF;
$result = db_query("SELECT c.*, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20");
while ($comment = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($comment->subject), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->nid&cid=$comment->cid"), "user" => $comment->name, "date" => $comment->timestamp);
}
return $find;
}
function comment_perm() {
return array("access comments", "post comments", "administer comments");
}
function comment_link($type, $node = 0, $main = 0) {
if ($type == "admin" && user_access("administer comments")) {
$links[] = "<a href=\"admin.php?mod=comment\">comments</a>";
}
if ($type == "node" && $node->comment) {
if ($main) {
/*
** Main page: display the number of comments that have been posted.
*/
if (user_access("access comments")) {
$all = comment_num_all($node->nid);
$new = comment_num_new($node->nid);
$links[] = "<a href=\"node.php?id=$node->nid#comment\" title=\"". t("View this posting and all of its comments.") ."\">". format_plural($all, "comment", "comments") . ($new ? ", $new ". t("new") : "") ."</a>";
}
}
else {
/*
** Node page: add a "post comment" link if the user is allowed to
** post comments.
*/
if (user_access("post comments")) {
$links[] = "<a href=\"module.php?mod=comment&op=reply&id=$node->nid#comment\" title=\"". t("Share your thoughts and opinions related to this posting.") ."\">". t("add new comment") ."</a>";
}
}
}
return $links ? $links : array();
}
function comment_node_link($node) {
if (user_access("administer comments") && comment_num_all($node->nid)) {
/*
** Edit comments:
*/
$result = db_query("SELECT c.cid, c.subject, u.uid, u.name FROM comments c LEFT JOIN users u ON u.uid = c.uid WHERE nid = '$node->nid' ORDER BY c.timestamp");
$output .= "<h3>". t("Edit comments") ."</h3>";
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
$output .= " <tr><th>title</th><th>author</th><th colspan=\"3\">operations</th></tr>";
while ($comment = db_fetch_object($result)) {
$output .= "<tr><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">$comment->subject</a></td><td>". format_name($comment) ."</td><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">". t("view comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\">". t("edit comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=delete&id=$comment->cid\">". t("delete comment") ."</a></td></tr>";
}
$output .= "</table>";
return $output;
}
}
function comment_save($id, $edit) {
db_query("UPDATE comments SET subject = '". check_query(filter($edit["subject"])) ."', comment = '". check_query(filter($edit["comment"])) ."' WHERE cid = '$id'");
watchdog("special", "comment: modified '". $edit["subject"] ."'");
}
function comment_page() {
global $theme, $op, $edit, $id, $pid, $cid;
switch ($op) {
case "edit":
$theme->header();
comment_edit(check_query($id));
$theme->footer();
break;
case "reply":
$theme->header();
comment_reply(check_query($pid), check_query($id));
$theme->footer();
break;
case t("Preview comment"):
$theme->header();
comment_preview($edit);
$theme->footer();
break;
case t("Post comment"):
comment_post($edit);
break;
case t("Update settings"):
comment_settings(check_query($mode), check_query($order), check_query($threshold));
break;
default:
}
}
function comment_admin_edit($id) {
$result = db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$id'");
$comment = db_fetch_object($result);
$form .= form_item(t("Author"), format_name($comment));
$form .= form_textfield(t("Subject"), "subject", $comment->subject, 70, 128);
$form .= form_textarea(t("Comment"), "comment", $comment->comment, 70, 15);
$form .= form_hidden("cid", $id);
$form .= form_submit(t("Submit"));
$form .= form_submit(t("Delete"));
return form($form);
}
function comment_admin_overview() {
$result = db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON u.uid = c.uid ORDER BY timestamp DESC LIMIT 50");
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">\n";
$output .= " <tr><th>subject</th><th>author</th><th>date</th><th colspan=\"2\">operations</th></tr>\n";
while ($comment = db_fetch_object($result)) {
$output .= " <tr><td><a href=\"node.php?id=$comment->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</a></td><td>". format_name($comment) ."</td><td>". format_date($comment->timestamp, "small") ."</td><td><a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\">edit comment</a></td><td><a href=\"admin.php?mod=comment&op=delete&id=$comment->cid\">delete comment</a></td></tr>\n";
}
$output .= "</table>\n";
return $output;
}
function comment_delete($edit) {
if ($edit["confirm"]) {
db_query("DELETE FROM comments WHERE cid = '". check_query($edit["cid"]) ."'");
watchdog("special", "comment: deleted comment #". $edit["cid"]);
}
else {
$output .= form_item(t("Confirm deletion"), "");
$output .= form_hidden("cid", $edit["cid"]);
$output .= form_hidden("confirm", 1);
$output .= form_submit(t("Delete"));
$output = form($output);
}
return $output;
}
function comment_admin() {
global $op, $id, $edit, $mod, $keys, $order;
if (user_access("administer comments")) {
print "<small><a href=\"admin.php?mod=comment\">overview</a> | <a href=\"admin.php?mod=comment&op=search\">search comment</a></small><hr />\n";
switch ($op) {
case "edit":
print comment_admin_edit($id);
break;
case "search":
print search_type("comment", "admin.php?mod=comment&op=search");
break;
case "delete":
print comment_delete(array("cid" => $id));
break;
case t("Delete"):
print comment_delete($edit);
break;
case t("Submit"):
print status(comment_save(check_query($id), $edit));
print comment_admin_overview();
break;
default:
print comment_admin_overview();
}
}
else {
print message_access();
}
}
?>
Reference in New Issue View Git Blame Copy Permalink