home *** CD-ROM | disk | FTP | other *** search
/ Cricao de Sites - 650 Layouts Prontos / WebMasters.iso / CMS / xoops-2.0.18.1.exe / xoops-2.0.18.1 / htdocs / include / comment_post.php < prev    next >
Encoding:
PHP Script  |  2005-11-03  |  19.2 KB  |  404 lines
  1. <?php
  2. // $Id: comment_post.php 2 2005-11-02 18:23:29Z skalpa $
  3. //  ------------------------------------------------------------------------ //
  4. //                XOOPS - PHP Content Management System                      //
  5. //                    Copyright (c) 2000 XOOPS.org                           //
  6. //                       <http://www.xoops.org/>                             //
  7. //  ------------------------------------------------------------------------ //
  8. //  This program is free software; you can redistribute it and/or modify     //
  9. //  it under the terms of the GNU General Public License as published by     //
  10. //  the Free Software Foundation; either version 2 of the License, or        //
  11. //  (at your option) any later version.                                      //
  12. //                                                                           //
  13. //  You may not change or alter any portion of this comment or credits       //
  14. //  of supporting developers from this source code or any supporting         //
  15. //  source code which is considered copyrighted (c) material of the          //
  16. //  original comment or credit authors.                                      //
  17. //                                                                           //
  18. //  This program is distributed in the hope that it will be useful,          //
  19. //  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
  20. //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
  21. //  GNU General Public License for more details.                             //
  22. //                                                                           //
  23. //  You should have received a copy of the GNU General Public License        //
  24. //  along with this program; if not, write to the Free Software              //
  25. //  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
  26. //  ------------------------------------------------------------------------ //
  27. // Author: Kazumi Ono (AKA onokazu)                                          //
  28. // URL: http://www.xoops.org/ http://jp.xoops.org/  http://www.myweb.ne.jp/  //
  29. // Project: The XOOPS Project (http://www.xoops.org/)                        //
  30. // ------------------------------------------------------------------------- //
  31.  
  32. if (!defined('XOOPS_ROOT_PATH') || !is_object($xoopsModule)) {
  33.     exit();
  34. }
  35. include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/comment.php';
  36. include_once XOOPS_ROOT_PATH.'/include/comment_constants.php';
  37. if ('system' == $xoopsModule->getVar('dirname')) {
  38.     $com_id = isset($_POST['com_id']) ? intval($_POST['com_id']) : 0;
  39.     if (empty($com_id)) {
  40.         exit();
  41.     }
  42.     $comment_handler =& xoops_gethandler('comment');
  43.     $comment =& $comment_handler->get($com_id);
  44.     $module_handler =& xoops_gethandler('module');
  45.     $module =& $module_handler->get($comment->getVar('com_modid'));
  46.     $comment_config = $module->getInfo('comments');
  47.     $com_modid = $module->getVar('mid');
  48.     $redirect_page = XOOPS_URL.'/modules/system/admin.php?fct=comments&com_modid='.$com_modid.'&com_itemid';
  49.     $moddir = $module->getVar('dirname');
  50.     unset($comment);
  51. } else {
  52.     $com_id = isset($_POST['com_id']) ? intval($_POST['com_id']) : 0;
  53.     if (XOOPS_COMMENT_APPROVENONE == $xoopsModuleConfig['com_rule']) {
  54.         exit();
  55.     }
  56.     $comment_config = $xoopsModule->getInfo('comments');
  57.     $com_modid = $xoopsModule->getVar('mid');
  58.     $redirect_page = $comment_config['pageName'].'?';
  59.     if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
  60.         $extra_params = '';
  61.         foreach ($comment_config['extraParams'] as $extra_param) {
  62.             $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.htmlspecialchars($_POST[$extra_param]).'&' : $extra_param.'=&';
  63.         }
  64.         $redirect_page .= $extra_params;
  65.     }
  66.     $redirect_page .= $comment_config['itemName'];
  67.     $comment_url = $redirect_page;
  68.     $moddir = $xoopsModule->getVar('dirname');
  69. }
  70. $op = '';
  71. if (!empty($_POST)) {
  72.     if (isset($_POST['com_dopost'])) {
  73.         $op = 'post';
  74.     } elseif (isset($_POST['com_dopreview'])) {
  75.         $op = 'preview';
  76.     }
  77.     if (isset($_POST['com_dodelete'])) {
  78.         $op = 'delete';
  79.     }
  80.  
  81.     if ($op == 'preview' || $op == 'post') {
  82.         if (!$GLOBALS['xoopsSecurity']->check()) {
  83.             $op = '';
  84.         }
  85.     }
  86.  
  87.     $com_mode = isset($_POST['com_mode']) ? htmlspecialchars(trim($_POST['com_mode']), ENT_QUOTES) : 'flat';
  88.     $com_order = isset($_POST['com_order']) ? intval($_POST['com_order']) : XOOPS_COMMENT_OLD1ST;
  89.     $com_itemid = isset($_POST['com_itemid']) ? intval($_POST['com_itemid']) : 0;
  90.     $com_pid = isset($_POST['com_pid']) ? intval($_POST['com_pid']) : 0;
  91.     $com_rootid = isset($_POST['com_rootid']) ? intval($_POST['com_rootid']) : 0;
  92.     $com_status = isset($_POST['com_status']) ? intval($_POST['com_status']) : 0;
  93.     $dosmiley = (isset($_POST['dosmiley']) && intval($_POST['dosmiley']) > 0) ? 1 : 0;
  94.     $doxcode = (isset($_POST['doxcode']) && intval($_POST['doxcode']) > 0) ? 1 : 0;
  95.     $dobr = (isset($_POST['dobr']) && intval($_POST['dobr']) > 0) ? 1 : 0;
  96.     $dohtml = (isset($_POST['dohtml']) && intval($_POST['dohtml']) > 0) ? 1 : 0;
  97.     $doimage = (isset($_POST['doimage']) && intval($_POST['doimage']) > 0) ? 1 : 0;
  98.     $com_icon = isset($_POST['com_icon']) ? trim($_POST['com_icon']) : '';
  99. } else {
  100.     exit();
  101. }
  102.  
  103. switch ( $op ) {
  104.  
  105. case "delete":
  106.     include XOOPS_ROOT_PATH.'/include/comment_delete.php';
  107.     break;
  108. case "preview":
  109.     $myts =& MyTextSanitizer::getInstance();
  110.     $doimage = 1;
  111.     $com_title = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_title']));
  112.     if ($dohtml != 0) {
  113.         if (is_object($xoopsUser)) {
  114.             if (!$xoopsUser->isAdmin($com_modid)) {
  115.                 $sysperm_handler =& xoops_gethandler('groupperm');
  116.                 if (!$sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
  117.                     $dohtml = 0;
  118.                 }
  119.             }
  120.         } else {
  121.             $dohtml = 0;
  122.         }
  123.     }
  124.     $p_comment =& $myts->previewTarea($_POST['com_text'], $dohtml, $dosmiley, $doxcode, $doimage, $dobr);
  125.     $noname = isset($noname) ? intval($noname) : 0;
  126.     $com_text = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_text']));
  127.     if ($xoopsModule->getVar('dirname') != 'system') {
  128.         include XOOPS_ROOT_PATH.'/header.php';
  129.         themecenterposts($com_title, $p_comment);
  130.         include XOOPS_ROOT_PATH.'/include/comment_form.php';
  131.         include XOOPS_ROOT_PATH.'/footer.php';
  132.     } else {
  133.         xoops_cp_header();
  134.         themecenterposts($com_title, $p_comment);
  135.         include XOOPS_ROOT_PATH.'/include/comment_form.php';
  136.         xoops_cp_footer();
  137.     }
  138.     break;
  139. case "post":
  140.     $doimage = 1;
  141.     $comment_handler =& xoops_gethandler('comment');
  142.     $add_userpost = false;
  143.     $call_approvefunc = false;
  144.     $call_updatefunc = false;
  145.     // RMV-NOTIFY - this can be set to 'comment' or 'comment_submit'
  146.     $notify_event = false;
  147.     if (!empty($com_id)) {
  148.         $comment =& $comment_handler->get($com_id);
  149.         $accesserror = false;
  150.  
  151.         if (is_object($xoopsUser)) {
  152.             $sysperm_handler =& xoops_gethandler('groupperm');
  153.             if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
  154.                 if (!empty($com_status) && $com_status != XOOPS_COMMENT_PENDING) {
  155.                     $old_com_status = $comment->getVar('com_status');
  156.                     $comment->setVar('com_status', $com_status);
  157.                     // if changing status from pending state, increment user post
  158.                     if (XOOPS_COMMENT_PENDING == $old_com_status) {
  159.                         $add_userpost = true;
  160.                         if (XOOPS_COMMENT_ACTIVE == $com_status) {
  161.                             $call_updatefunc = true;
  162.                             $call_approvefunc = true;
  163.                             // RMV-NOTIFY
  164.                             $notify_event = 'comment';
  165.                         }
  166.                     } elseif (XOOPS_COMMENT_HIDDEN == $old_com_status && XOOPS_COMMENT_ACTIVE == $com_status) {
  167.                         $call_updatefunc = true;
  168.                         // Comments can not be directly posted hidden,
  169.                         // no need to send notification here
  170.                     } elseif (XOOPS_COMMENT_ACTIVE == $old_com_status && XOOPS_COMMENT_HIDDEN == $com_status) {
  171.                         $call_updatefunc = true;
  172.                     }
  173.                 }
  174.             } else {
  175.                 $dohtml = 0;
  176.                 if ($comment->getVar('com_uid') != $xoopsUser->getVar('uid')) {
  177.                     $accesserror = true;
  178.                 }
  179.             }
  180.         } else {
  181.             $dohtml = 0;
  182.             $accesserror = true;
  183.         }
  184.         if (false != $accesserror) {
  185.             redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$com_id.'&com_mode='.$com_mode.'&com_order='.$com_order, 1, _NOPERM);
  186.             exit();
  187.         }
  188.     } else {
  189.         $comment = $comment_handler->create();
  190.         $comment->setVar('com_created', time());
  191.         $comment->setVar('com_pid', $com_pid);
  192.         $comment->setVar('com_itemid', $com_itemid);
  193.         $comment->setVar('com_rootid', $com_rootid);
  194.         $comment->setVar('com_ip', xoops_getenv('REMOTE_ADDR'));
  195.         if (is_object($xoopsUser)) {
  196.             $sysperm_handler =& xoops_gethandler('groupperm');
  197.             if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
  198.                 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
  199.                 $add_userpost = true;
  200.                 $call_approvefunc = true;
  201.                 $call_updatefunc = true;
  202.                 // RMV-NOTIFY
  203.                 $notify_event = 'comment';
  204.             } else {
  205.                 $dohtml = 0;
  206.                 switch ($xoopsModuleConfig['com_rule']) {
  207.                 case XOOPS_COMMENT_APPROVEALL:
  208.                 case XOOPS_COMMENT_APPROVEUSER:
  209.                     $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
  210.                     $add_userpost = true;
  211.                     $call_approvefunc = true;
  212.                     $call_updatefunc = true;
  213.                     // RMV-NOTIFY
  214.                     $notify_event = 'comment';
  215.                     break;
  216.                 case XOOPS_COMMENT_APPROVEADMIN:
  217.                 default:
  218.                     $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
  219.                     $notify_event = 'comment_submit';
  220.                     break;
  221.                 }
  222.             }
  223.             if (!empty($xoopsModuleConfig['com_anonpost']) && !empty($noname)) {
  224.                 $uid = 0;
  225.             } else {
  226.                 $uid = $xoopsUser->getVar('uid');
  227.             }
  228.         } else {
  229.             $dohtml = 0;
  230.             $uid = 0;
  231.             if ($xoopsModuleConfig['com_anonpost'] != 1) {
  232.                 redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$com_id.'&com_mode='.$com_mode.'&com_order='.$com_order, 1, _NOPERM);
  233.                 exit();
  234.             }
  235.         }
  236.         if ($uid == 0) {
  237.             switch ($xoopsModuleConfig['com_rule']) {
  238.             case XOOPS_COMMENT_APPROVEALL:
  239.                 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
  240.                 $add_userpost = true;
  241.                 $call_approvefunc = true;
  242.                 $call_updatefunc = true;
  243.                 // RMV-NOTIFY
  244.                 $notify_event = 'comment';
  245.                 break;
  246.             case XOOPS_COMMENT_APPROVEADMIN:
  247.             case XOOPS_COMMENT_APPROVEUSER:
  248.             default:
  249.                 $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
  250.                 // RMV-NOTIFY
  251.                 $notify_event = 'comment_submit';
  252.                 break;
  253.             }
  254.         }
  255.         $comment->setVar('com_uid', $uid);
  256.     }
  257.     $com_title = xoops_trim($_POST['com_title']);
  258.     $com_title = ($com_title == '') ? _NOTITLE : $com_title;
  259.     $comment->setVar('com_title', $com_title);
  260.     $comment->setVar('com_text', $_POST['com_text']);
  261.     $comment->setVar('dohtml', $dohtml);
  262.     $comment->setVar('dosmiley', $dosmiley);
  263.     $comment->setVar('doxcode', $doxcode);
  264.     $comment->setVar('doimage', $doimage);
  265.     $comment->setVar('dobr', $dobr);
  266.     $comment->setVar('com_icon', $com_icon);
  267.     $comment->setVar('com_modified', time());
  268.     $comment->setVar('com_modid', $com_modid);
  269.     if (isset($extra_params)) {
  270.         $comment->setVar('com_exparams', $extra_params);
  271.     }
  272.     if (false != $comment_handler->insert($comment)) {
  273.         $newcid = $comment->getVar('com_id');
  274.  
  275.         // set own id as root id if this is a top comment
  276.         if ($com_rootid == 0) {
  277.             $com_rootid = $newcid;
  278.             if (!$comment_handler->updateByField($comment, 'com_rootid', $com_rootid)) {
  279.                 $comment_handler->delete($comment);
  280.                 include XOOPS_ROOT_PATH.'/header.php';
  281.                 xoops_error();
  282.                 include XOOPS_ROOT_PATH.'/footer.php';
  283.             }
  284.         }
  285.  
  286.         // call custom approve function if any
  287.         if (false != $call_approvefunc && isset($comment_config['callback']['approve']) && trim($comment_config['callback']['approve']) != '') {
  288.             $skip = false;
  289.             if (!function_exists($comment_config['callback']['approve'])) {
  290.                 if (isset($comment_config['callbackFile'])) {
  291.                     $callbackfile = trim($comment_config['callbackFile']);
  292.                     if ($callbackfile != '' && file_exists(XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile)) {
  293.                         include_once XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile;
  294.                     }
  295.                     if (!function_exists($comment_config['callback']['approve'])) {
  296.                         $skip = true;
  297.                     }
  298.                 } else {
  299.                     $skip = true;
  300.                 }
  301.             }
  302.             if (!$skip) {
  303.                 $comment_config['callback']['approve']($comment);
  304.             }
  305.         }
  306.  
  307.         // call custom update function if any
  308.         if (false != $call_updatefunc && isset($comment_config['callback']['update']) && trim($comment_config['callback']['update']) != '') {
  309.             $skip = false;
  310.             if (!function_exists($comment_config['callback']['update'])) {
  311.                 if (isset($comment_config['callbackFile'])) {
  312.                     $callbackfile = trim($comment_config['callbackFile']);
  313.                     if ($callbackfile != '' && file_exists(XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile)) {
  314.                         include_once XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile;
  315.                     }
  316.                     if (!function_exists($comment_config['callback']['update'])) {
  317.                         $skip = true;
  318.                     }
  319.                 } else {
  320.                     $skip = true;
  321.                 }
  322.             }
  323.             if (!$skip) {
  324.                 $criteria = new CriteriaCompo(new Criteria('com_modid', $com_modid));
  325.                 $criteria->add(new Criteria('com_itemid', $com_itemid));
  326.                 $criteria->add(new Criteria('com_status', XOOPS_COMMENT_ACTIVE));
  327.                 $comment_count = $comment_handler->getCount($criteria);
  328.                 $func = $comment_config['callback']['update'];
  329.                 call_user_func_array($func, array($com_itemid, $comment_count, $comment->getVar('com_id')));
  330.             }
  331.         }
  332.  
  333.         // increment user post if needed
  334.         $uid = $comment->getVar('com_uid');
  335.         if ($uid > 0 && false != $add_userpost) {
  336.             $member_handler =& xoops_gethandler('member');
  337.             $poster =& $member_handler->getUser($uid);
  338.             if (is_object($poster)) {
  339.                 $member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1);
  340.             }
  341.         }
  342.  
  343.         // RMV-NOTIFY
  344.         // trigger notification event if necessary
  345.         if ($notify_event) {
  346.             $not_modid = $com_modid;
  347.             include_once XOOPS_ROOT_PATH . '/include/notification_functions.php';
  348.             $not_catinfo =& notificationCommentCategoryInfo($not_modid);
  349.             $not_category = $not_catinfo['name'];
  350.             $not_itemid = $com_itemid;
  351.             $not_event = $notify_event;
  352.             // Build an ABSOLUTE URL to view the comment.  Make sure we
  353.             // point to a viewable page (i.e. not the system administration
  354.             // module).
  355.             $comment_tags = array();
  356.             if ('system' == $xoopsModule->getVar('dirname')) {
  357.                 $module_handler =& xoops_gethandler('module');
  358.                 $not_module =& $module_handler->get($not_modid);
  359.             } else {
  360.                 $not_module =& $xoopsModule;
  361.             }
  362.             if (!isset($comment_url)) {
  363.                 $com_config =& $not_module->getInfo('comments');
  364.                 $comment_url = $com_config['pageName'] . '?';
  365.                 if (isset($com_config['extraParams']) && is_array($com_config['extraParams'])) {
  366.                     $extra_params = '';
  367.                     foreach ($com_config['extraParams'] as $extra_param) {
  368.                         $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.htmlspecialchars($_POST[$extra_param]).'&' : $extra_param.'=&';
  369.                         //$extra_params .= isset($_GET[$extra_param]) ? $extra_param.'='.$_GET[$extra_param].'&' : $extra_param.'=&';
  370.                     }
  371.                     $comment_url .= $extra_params;
  372.                 }
  373.                 $comment_url .= $com_config['itemName'];
  374.             }
  375.             $comment_tags['X_COMMENT_URL'] = XOOPS_URL . '/modules/' . $not_module->getVar('dirname') . '/' .$comment_url . '=' . $com_itemid.'&com_id='.$newcid.'&com_rootid='.$com_rootid.'&com_mode='.$com_mode.'&com_order='.$com_order.'#comment'.$newcid;
  376.             $notification_handler =& xoops_gethandler('notification');
  377.             $notification_handler->triggerEvent ($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid);
  378.         }
  379.  
  380.         if (!isset($comment_post_results)) {
  381.  
  382.             // if the comment is active, redirect to posted comment
  383.             if ($comment->getVar('com_status') == XOOPS_COMMENT_ACTIVE) {
  384.                 redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$newcid.'&com_rootid='.$com_rootid.'&com_mode='.$com_mode.'&com_order='.$com_order.'#comment'.$newcid, 2, _CM_THANKSPOST);
  385.             } else {
  386.                 // not active, so redirect to top comment page
  387.                 redirect_header($redirect_page.'='.$com_itemid.'&com_mode='.$com_mode.'&com_order='.$com_order.'#comment'.$newcid, 2, _CM_THANKSPOST);
  388.             }
  389.         }
  390.     } else {
  391.         if (!isset($purge_comment_post_results)) {
  392.             include XOOPS_ROOT_PATH.'/header.php';
  393.             xoops_error($comment->getHtmlErrors());
  394.             include XOOPS_ROOT_PATH.'/footer.php';
  395.         } else {
  396.             $comment_post_results = $comment->getErrors();
  397.         }
  398.     }
  399.     break;
  400. default:
  401.     redirect_header(XOOPS_URL.'/',3, implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
  402.     break;
  403. }
  404. ?>