Enano CMS (1.1.x): includes/comment.php@eb8b23f11744 (annotated)

1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1	<?php
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	3	/*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801 eb8b23f11744 Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6. Dan parents: 800 diff changeset	5	* Version 1.1.6 (Caoineag beta 1)
536 218a627eb53e Rebrand as 1.1.4 (Caoineag alpha 4) Dan parents: 507 diff changeset	6	* Copyright (C) 2006-2008 Dan Fuhry
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	7	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	8	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	9	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	10	*
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	11	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	12	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	13	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	14
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	15	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	16	* Class that handles comments. Has HTML/Javascript frontend support.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	17	* @package Enano CMS
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	18	* @subpackage Comment manager
800 9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY]. Dan parents: 748 diff changeset	19	* @license GNU General Public License <http://www.gnu.org/licenses/gpl-2.0.html>
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	20	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	21
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	22	class Comments
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	23	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	24	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	25	# VARIABLES
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	26	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	27
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	28	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	29	* Current list of comments.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	30	* @var array
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	31	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	32
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	33	var $comments = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	34
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	35	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	36	* Object to track permissions.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	37	* @var object
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	38	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	39
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	40	var $perms;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	41
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	42	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	43	# METHODS
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	44	#
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	45
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	46	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	47	* Constructor.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	48	* @param string Page ID of the page to load comments for
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	49	* @param string Namespace of the page to load comments for
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	50	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	51
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	52	function __construct($page_id, $namespace)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	53	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	54	global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	55
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	56	// Initialize permissions
322 5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time. Dan parents: 320 diff changeset	57	if ( $page_id == $paths->page_id && $namespace == $paths->namespace )
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	58	$this->perms =& $GLOBALS['session'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	59	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	60	$this->perms = $session->fetch_page_acl($page_id, $namespace);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	61
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	62	$this->page_id = $db->escape($page_id);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	63	$this->namespace = $db->escape($namespace);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	64	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	65
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	66	/**
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	67	* Processes a command in JSON format.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	68	* @param string The JSON-encoded input, probably something sent from the Javascript/AJAX frontend
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	69	*/
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	70
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	71	function process_json($json)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	72	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	73	global $db, $session, $paths, $template, $plugins; // Common objects
541 acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	74	global $lang;
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	75
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 328 diff changeset	76	$data = enano_json_decode($json);
78 4df25dfdde63 Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now Dan parents: 74 diff changeset	77	$data = decode_unicode_array($data);
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	78	if ( !isset($data['mode']) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	79	{
86 c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme Dan parents: 78 diff changeset	80	$ret = Array('mode'=>'error','error'=>'No mode defined!');
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 328 diff changeset	81	echo enano_json_encode($ret);
86 c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme Dan parents: 78 diff changeset	82	return $ret;
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme Dan parents: 78 diff changeset	83	}
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme Dan parents: 78 diff changeset	84	if ( getConfig('enable_comments') == '0' )
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme Dan parents: 78 diff changeset	85	{
c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme Dan parents: 78 diff changeset	86	$ret = Array('mode'=>'error','error'=>'Comments are not enabled on this site.');
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 328 diff changeset	87	echo enano_json_encode($ret);
86 c162ca39db8f Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme Dan parents: 78 diff changeset	88	return $ret;
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	89	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	90	$ret = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	91	$ret['mode'] = $data['mode'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	92	switch ( $data['mode'] )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	93	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	94	case 'fetch':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	95	if ( !$template->theme_loaded )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	96	$template->load_theme();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	97	if ( !isset($data['have_template']) )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	98	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	99	$ret['template'] = file_get_contents(ENANO_ROOT . '/themes/' . $template->theme . '/comment.tpl');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	100	}
621 68f8a9cc0a18 Added Gravatar support! And it's really configurable too. Dan parents: 541 diff changeset	101	$q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,( c.ip_address IS NOT NULL ) AS have_ip,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type, b.buddy_id IS NOT NULL AS is_buddy, ( b.is_friend IS NOT NULL AND b.is_friend=1 ) AS is_friend FROM '.table_prefix.'comments AS c
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	102	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	103	ON (u.user_id=c.user_id)
108 1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	104	LEFT JOIN '.table_prefix.'buddies AS b
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	105	ON ( ( b.user_id=' . $session->user_id.' AND b.buddy_user_id=c.user_id ) OR b.user_id IS NULL)
541 acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	106	LEFT JOIN '.table_prefix.'ranks AS r
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	107	ON ( ( u.user_rank = r.rank_id ) )
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	108	WHERE page_id=\'' . $this->page_id . '\'
108 1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	109	AND namespace=\'' . $this->namespace . '\'
621 68f8a9cc0a18 Added Gravatar support! And it's really configurable too. Dan parents: 541 diff changeset	110	GROUP BY c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,c.ip_address,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type,b.buddy_id,b.is_friend
108 1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	111	ORDER BY c.time ASC;');
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	112	$count_appr = 0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	113	$count_total = 0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	114	$count_unappr = 0;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	115	$ret['comments'] = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	116	if (!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	117	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	118	if ( $row = $db->fetchrow() )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	119	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	120	do {
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	121
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	122	// Increment counters
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	123	$count_total++;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	124	( $row['approved'] == 1 ) ? $count_appr++ : $count_unappr++;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	125
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	126	if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] == 0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	127	continue;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	128
541 acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	129	// Localize the rank
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	130	$row = array_merge($row, $session->get_user_rank(intval($row['user_id'])));
acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	131
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	132	// Send the source
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	133	$row['comment_source'] = $row['comment_data'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	134
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	135	// Format text
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	136	$row['comment_data'] = RenderMan::render($row['comment_data']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	137
108 1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	138	if ( $row['is_buddy'] == 1 && $row['is_friend'] == 0 )
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	139	{
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	140	$seed = md5(sha1(mt_rand() . microtime()));
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	141	$wrapper = '
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	142	<div id="posthide_'.$seed.'" style="display: none;">
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	143	' . $row['comment_data'] . '
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	144	</div>
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	145	<p><span style="opacity: 0.4; filter: alpha(opacity=40);">Post from foe hidden.</span> <span style="text-align: right;"><a href="#showpost" onclick="document.getElementById(\'posthide_'.$seed.'\').style.display=\'block\'; this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">Display post</a></span></p>
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	146	';
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	147	$row['comment_data'] = $wrapper;
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	148	}
1c7f59df9474 Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63 Dan parents: 86 diff changeset	149
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	150	// Format date
345 4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite Dan parents: 334 diff changeset	151	$row['time'] = enano_date('F d, Y h:i a', $row['time']);
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	152
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	153	// Format signature
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	154	$row['signature'] = ( !empty($row['signature']) ) ? RenderMan::render($row['signature']) : '';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	155
359 e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	156	// Do we have the IP?
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	157	$row['have_ip'] = ( $row['have_ip'] == 1 );
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	158
541 acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	159	// Avatar URL
621 68f8a9cc0a18 Added Gravatar support! And it's really configurable too. Dan parents: 541 diff changeset	160	$row['avatar_path'] = make_avatar_url($row['user_id'], $row['avatar_type'], $row['email']);
541 acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	161
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	162	// Add the comment to the list
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	163	$ret['comments'][] = $row;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	164
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	165	} while ( $row = $db->fetchrow() );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	166	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	167	$db->free_result();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	168	$ret['count_appr'] = $count_appr;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	169	$ret['count_total'] = $count_total;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	170	$ret['count_unappr'] = $count_unappr;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	171	$ret['auth_mod_comments'] = $this->perms->get_permissions('mod_comments');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	172	$ret['auth_post_comments'] = $this->perms->get_permissions('post_comments');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	173	$ret['auth_edit_comments'] = $this->perms->get_permissions('edit_comments');
748 e39454295bbb Added makeSwitchable Dynano method for textareas; enabled support for makeSwitchable in comment runtime Dan parents: 685 diff changeset	174	$ret['auth_edit_wysiwyg'] = $this->perms->get_permissions('edit_wysiwyg');
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	175	$ret['user_id'] = $session->user_id;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	176	$ret['username'] = $session->username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	177	$ret['logged_in'] = $session->user_logged_in;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	178
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	179	$ret['user_level'] = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	180	$ret['user_level']['guest'] = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	181	$ret['user_level']['member'] = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	182	$ret['user_level']['mod'] = USER_LEVEL_MOD;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	183	$ret['user_level']['admin'] = USER_LEVEL_ADMIN;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	184
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	185	$ret['approval_needed'] = ( getConfig('approve_comments') == '1' );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	186	$ret['guest_posting'] = getConfig('comments_need_login');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	187
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	188	if ( $ret['guest_posting'] == '1' && !$session->user_logged_in )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	189	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	190	$session->kill_captcha();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	191	$ret['captcha'] = $session->make_captcha();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	192	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	193	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	194	case 'edit':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	195	$cid = (string)$data['id'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	196	if ( !preg_match('#^([0-9]+)$#i', $cid) \|\| intval($cid) < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	197	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	198	echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	199	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	200	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	201	$cid = intval($cid);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	202	$q = $db->sql_query('SELECT c.user_id,c.approved FROM '.table_prefix.'comments c LEFT JOIN '.table_prefix.'users u ON (u.user_id=c.user_id) WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	203	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	204	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	205	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	206	$uid = intval($row['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	207	$can_edit = ( ( $uid == $session->user_id && $uid != 1 && $this->perms->get_permissions('edit_comments') ) \|\| ( $this->perms->get_permissions('mod_comments') ) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	208	if(!$can_edit)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	209	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	210	echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	211	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	212	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	213	$data['data'] = str_replace("\r", '', $data['data']); // Windows compatibility
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	214	$text = RenderMan::preprocess_text($data['data'], true, false);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	215	$text2 = $db->escape($text);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	216	$subj = $db->escape(htmlspecialchars($data['subj']));
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	217	$q = $db->sql_query('UPDATE '.table_prefix.'comments SET subject=\'' . $subj . '\',comment_data=\'' . $text2 . '\' WHERE comment_id=' . $cid . ';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	218	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	219	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	220	$ret = Array(
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	221	'mode' => 'redraw',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	222	'id' => $data['local_id'],
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	223	'subj' => htmlspecialchars($data['subj']),
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	224	'text' => RenderMan::render($text),
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	225	'src' => $text,
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	226	'approved' => $row['approved']
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	227	);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	228	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	229	case 'delete':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	230	$cid = (string)$data['id'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	231	if ( !preg_match('#^([0-9]+)$#i', $cid) \|\| intval($cid) < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	232	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	233	echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	234	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	235	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	236	$cid = intval($cid);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	237	$q = $db->sql_query('SELECT c.user_id FROM '.table_prefix.'comments c LEFT JOIN '.table_prefix.'users u ON (u.user_id=c.user_id) WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	238	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	239	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	240	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	241	$uid = intval($row['user_id']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	242	$can_edit = ( ( $uid == $session->user_id && $uid != 1 && $this->perms->get_permissions('edit_comments') ) \|\| ( $this->perms->get_permissions('mod_comments') ) );
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	243	if(!$can_edit)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	244	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	245	echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	246	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	247	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	248	$q = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	249	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	250	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	251	$ret = Array(
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	252	'mode' => 'annihilate',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	253	'id' => $data['local_id']
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	254	);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	255	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	256	case 'submit':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	257
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	258	// Now for a huge round of security checks...
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	259
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	260	$errors = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	261
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	262	// Authorization
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	263	// Like the rest of the ACL system, this call is a one-stop check for ALL ACL entries.
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	264	if ( !$this->perms->get_permissions('post_comments') )
74 68469a95658d Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-) Dan parents: 73 diff changeset	265	$errors[] = 'The site security policy prevents your user account from posting comments;';
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	266
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	267	// Guest authorization
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	268	if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	269	$errors[] = 'You need to log in before posting comments.';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	270
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	271	// CAPTCHA code
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	272	if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	273	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	274	$real_code = $session->get_captcha($data['captcha_id']);
456 e133d321fce4 Made all captcha fields case-insensitive (thanks pkeating) Dan parents: 322 diff changeset	275	if ( strtolower($real_code) != strtolower($data['captcha_code']) )
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	276	$errors[] = 'The confirmation code you entered was incorrect.';
263 d57af0b0302e Major improvements in the security of the CAPTCHA system (no SQL injection or anything like that); fixed denied form submission due to _af_acting on form object wrongly switched to true Dan parents: 166 diff changeset	277	$session->kill_captcha();
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	278	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	279
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	280	if ( count($errors) > 0 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	281	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	282	$ret = Array(
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	283	'mode' => 'error',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	284	'error' => implode("\n", $errors)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	285	);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	286	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	287	else
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	288	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	289	// We're authorized!
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	290
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	291	// Preprocess
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	292	$name = ( $session->user_logged_in ) ? htmlspecialchars($session->username) : htmlspecialchars($data['name']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	293	$subj = htmlspecialchars($data['subj']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	294	$text = RenderMan::preprocess_text($data['text'], true, false);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	295	$src = $text;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	296	$sql_text = $db->escape($text);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	297	$text = RenderMan::render($text);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	298	$appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	299	$time = time();
345 4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite Dan parents: 334 diff changeset	300	$date = enano_date('F d, Y h:i a', $time);
359 e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	301	$ip = $_SERVER['REMOTE_ADDR'];
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	302	if ( !is_valid_ip($ip) )
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	303	die('Hacking attempt');
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	304
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	305	// Send it to the database
359 e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	306	$q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id, ip_address) VALUES' . "\n " .
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	307	"('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, {$session->user_id}, '$ip');");
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	308	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	309	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	310
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	311	// Re-fetch
621 68f8a9cc0a18 Added Gravatar support! And it's really configurable too. Dan parents: 541 diff changeset	312	$q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type FROM '.table_prefix.'comments AS c
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	313	LEFT JOIN '.table_prefix.'users AS u
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	314	ON (u.user_id=c.user_id)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	315	WHERE page_id=\'' . $this->page_id . '\'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	316	AND namespace=\'' . $this->namespace . '\'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	317	AND time='.$time.' ORDER BY comment_id DESC LIMIT 1;');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	318	if(!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	319	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	320
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	321	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	322	$db->free_result();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	323	$row['time'] = $date;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	324	$row['comment_data'] = $text;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	325	$row['comment_source'] = $src;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	326	$ret = Array(
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	327	'mode' => 'materialize'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	328	);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	329	$ret = enano_safe_array_merge($ret, $row);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	330
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	331	$ret['auth_mod_comments'] = $this->perms->get_permissions('mod_comments');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	332	$ret['auth_post_comments'] = $this->perms->get_permissions('post_comments');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	333	$ret['auth_edit_comments'] = $this->perms->get_permissions('edit_comments');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	334	$ret['user_id'] = $session->user_id;
541 acb7e23b6ffa Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons. Dan parents: 536 diff changeset	335	$ret['rank_data'] = $session->get_user_rank($session->user_id);
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	336	$ret['username'] = $session->username;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	337	$ret['logged_in'] = $session->user_logged_in;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	338	$ret['signature'] = RenderMan::render($row['signature']);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	339
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	340	$ret['user_level_list'] = Array();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	341	$ret['user_level_list']['guest'] = USER_LEVEL_GUEST;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	342	$ret['user_level_list']['member'] = USER_LEVEL_MEMBER;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	343	$ret['user_level_list']['mod'] = USER_LEVEL_MOD;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	344	$ret['user_level_list']['admin'] = USER_LEVEL_ADMIN;
621 68f8a9cc0a18 Added Gravatar support! And it's really configurable too. Dan parents: 541 diff changeset	345	$ret['avatar_path'] = make_avatar_url($row['user_id'], $row['avatar_type'], $row['email']);
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	346	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	347
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	348	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	349	case 'approve':
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	350	if ( !$this->perms->get_permissions('mod_comments') )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	351	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	352	$ret = Array(
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	353	'mode' => 'error',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	354	'error' => 'You are not authorized to moderate comments.'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	355	);
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 328 diff changeset	356	echo enano_json_encode($ret);
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	357	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	358	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	359
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	360	$cid = (string)$data['id'];
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	361	if ( !preg_match('#^([0-9]+)$#i', $cid) \|\| intval($cid) < 1 )
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	362	{
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	363	echo '{"mode":"error","error":"HACKING ATTEMPT"}';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	364	return false;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	365	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	366	$cid = intval($cid);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	367	$q = $db->sql_query('SELECT subject,approved FROM '.table_prefix.'comments WHERE comment_id='.$cid.';');
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	368	if(!$q \|\| $db->numrows() < 1)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	369	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	370	$row = $db->fetchrow();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	371	$db->free_result();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	372	$appr = ( $row['approved'] == '1' ) ? '0' : '1';
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	373	$q = $db->sql_query('UPDATE '.table_prefix."comments SET approved=$appr WHERE comment_id=$cid;");
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	374	if (!$q)
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	375	$db->die_json();
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	376
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	377	$ret = Array(
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	378	'mode' => 'redraw',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	379	'approved' => $appr,
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	380	'subj' => $row['subject'],
29 e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image Dan parents: 21 diff changeset	381	'id' => $data['local_id'],
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image Dan parents: 21 diff changeset	382	'approve_updated' => 'yes'
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	383	);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	384
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	385	break;
359 e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	386	case 'view_ip':
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	387	if ( !$session->get_permissions('mod_comments') )
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	388	{
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	389	return array(
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	390	'mode' => 'error',
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	391	'error' => 'Unauthorized'
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	392	);
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	393	}
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	394	// fetch comment info
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	395	if ( !is_int($data['id']) )
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	396	{
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	397	return array(
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	398	'mode' => 'error',
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	399	'error' => 'Unauthorized'
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	400	);
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	401	}
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	402	$id =& $data['id'];
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	403	$q = $db->sql_query('SELECT ip_address, name FROM ' . table_prefix . 'comments WHERE comment_id = ' . $id . ';');
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	404	if ( !$q \|\| $db->numrows() < 1 )
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	405	{
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	406	$db->die_json();
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	407	}
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	408	list($ip_addr, $name) = $db->fetchrow_num($q);
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	409	$db->free_result();
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	410	$name = $db->escape($name);
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	411	$username = $db->escape($session->username);
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	412	// log this action
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	413	$q = $db->sql_query('INSERT INTO ' . table_prefix . "logs(time_id, log_type, action, page_text, author, edit_summary) VALUES\n "
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	414	. "( " . time() . ", 'security', 'view_comment_ip', '$name', '$username', '{$_SERVER['REMOTE_ADDR']}' );");
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	415	if ( !$q )
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	416	$db->die_json();
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	417
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	418	// send packet
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	419	$ret = array(
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	420	'mode' => 'redraw',
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	421	'ip_addr' => $ip_addr,
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	422	'local_id' => $data['local_id']
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	423	);
e0787bb6285b Implemented IP logging for comments and registration Dan parents: 345 diff changeset	424	break;
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	425	default:
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	426	$ret = Array(
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	427	'mode' => 'error',
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	428	'error' => $data['mode'] . ' is not a valid request mode'
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	429	);
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	430	break;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	431	}
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 328 diff changeset	432	echo enano_json_encode($ret);
1 fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	433	return $ret;
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	434	}
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	435
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	436	} // class Comments
fe660c52c48f Adding /includes dan@scribus.fuhry.local.fuhry.local parents: diff changeset	437

author	Dan
	Sun, 04 Jan 2009 00:55:40 -0500
changeset 801	eb8b23f11744
parent 800	9cdfe82c56cd
child 825	9d5c04c1414f
permissions	-rw-r--r--