Файл: album_comment.php
Строк: 509
<?php
/***************************************************************************
* album_comment.php
* -------------------
* Разработка: (C) 2003 Smartor
* Модификация: чел
***************************************************************************/
/***************************************************************************
*
* Эта версия phpBB-WAP является бесплатным
* программным обеспечением и распространяется
* в рамках лицензии GNU General Public License.
* Автор модификации настоятельно не
* рекомендует распрострянять её так, как
* распространялась 5 версия мода.
*
***************************************************************************/
define('IN_PHPBB', true);
$phpbb_root_path = './';
$album_root_path = $phpbb_root_path . 'album_mod/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
$userdata = session_pagestart($user_ip, PAGE_ALBUM);
init_userprefs($userdata);
include($album_root_path . 'album_common.'.$phpEx);
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? htmlspecialchars($HTTP_POST_VARS['mode']) : htmlspecialchars($HTTP_GET_VARS['mode']);
}
else
{
$mode = '';
}
if( $album_config['comment'] == 0 )
{
message_die(GENERAL_MESSAGE, $lang['Not_Authorised']);
}
if( isset($HTTP_GET_VARS['pic_id']) )
{
$pic_id = intval($HTTP_GET_VARS['pic_id']);
}
else if( isset($HTTP_POST_VARS['pic_id']) )
{
$pic_id = intval($HTTP_POST_VARS['pic_id']);
}
else
{
if( isset($HTTP_GET_VARS['comment_id']) )
{
$comment_id = intval($HTTP_GET_VARS['comment_id']);
}
else if( isset($HTTP_POST_VARS['comment_id']) )
{
$comment_id = intval($HTTP_POST_VARS['comment_id']);
}
else
{
message_die(GENERAL_ERROR, 'Bad request');
}
}
if( isset($comment_id) )
{
$sql = "SELECT comment_id, comment_pic_id, comment_text, comment_user_id
FROM ". ALBUM_COMMENT_TABLE ."
WHERE comment_id = '$comment_id'";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query comment and pic information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if( empty($row) )
{
message_die(GENERAL_ERROR, 'This comment does not exist');
}
$pic_id = $row['comment_pic_id'];
$thiscomment = $row;
$album_user_access = album_user_access($thispic['pic_cat_id'], $thiscat, 0, 0, 0, 1, 1, 0);
if( ($album_user_access['comment'] == 0) or ($album_user_access['edit'] == 0) )
{
if (!$userdata['session_logged_in'])
{
redirect(append_sid("login.$phpEx?redirect=album_comment_edit.$phpEx?comment_id=$comment_id"));
}
else
{
message_die(GENERAL_ERROR, $lang['Not_Authorised']);
}
}
else
{
if( (!$album_user_access['moderator']) or ($userdata['user_level'] != ADMIN) )
{
if ($thiscomment['comment_user_id'] != $userdata['user_id'])
{
message_die(GENERAL_ERROR, $lang['Not_Authorised']);
}
}
}
}
$sql = "SELECT p.*, u.user_id, u.username, COUNT(c.comment_id) as comments_count
FROM ". ALBUM_TABLE ." AS p
LEFT JOIN ". USERS_TABLE ." AS u ON p.pic_user_id = u.user_id
LEFT JOIN ". ALBUM_COMMENT_TABLE ." AS c ON p.pic_id = c.comment_pic_id
WHERE pic_id = '$pic_id'
GROUP BY p.pic_id
LIMIT 1";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query pic information', '', __LINE__, __FILE__, $sql);
}
$thispic = $db->sql_fetchrow($result);
$cat_id = $thispic['pic_cat_id'];
$user_id = $thispic['pic_user_id'];
$total_comments = $thispic['comments_count'];
$comments_per_page = $board_config['posts_per_page'];
if( empty($thispic) )
{
message_die(GENERAL_ERROR, $lang['Pic_not_exist'] . ' -> ' . $pic_id);
}
if ($cat_id != PERSONAL_GALLERY)
{
$sql = "SELECT *
FROM ". ALBUM_CAT_TABLE ."
WHERE cat_id = '$cat_id'";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query category information', '', __LINE__, __FILE__, $sql);
}
$thiscat = $db->sql_fetchrow($result);
}
else
{
$thiscat = init_personal_gallery_cat($user_id);
}
if (empty($thiscat))
{
message_die(GENERAL_ERROR, $lang['Category_not_exist']);
}
$auth_data = album_user_access($cat_id, $thiscat, 1, 0, 0, 1, 1, 1);
if ($auth_data['view'] == 0)
{
if (!$userdata['session_logged_in'])
{
redirect(append_sid("login.$phpEx?redirect=album_comment.$phpEx&pic_id=$pic_id"));
exit;
}
else
{
message_die(GENERAL_ERROR, $lang['Not_Authorised']);
}
}
if ($mode == 'delete')
{
if( isset($HTTP_GET_VARS['comment_id']) )
{
$comment_id = intval($HTTP_GET_VARS['comment_id']);
}
else if( isset($HTTP_POST_VARS['comment_id']) )
{
$comment_id = intval($HTTP_POST_VARS['comment_id']);
}
else
{
message_die(GENERAL_ERROR, 'No comment_id specified');
}
$album_user_access = album_user_access($thispic['pic_cat_id'], $thiscat, 0, 0, 0, 1, 0, 1);
if( ($album_user_access['comment'] == 0) or ($album_user_access['delete'] == 0) )
{
if (!$userdata['session_logged_in'])
{
redirect(append_sid("login.$phpEx?redirect=album_comment.$phpEx?mode=delete&comment_id=$comment_id"));
}
else
{
message_die(GENERAL_ERROR, $lang['Not_Authorised']);
}
}
else
{
if( (!$album_user_access['moderator']) or ($userdata['user_level'] != ADMIN) )
{
if ($thiscomment['comment_user_id'] != $userdata['user_id'])
{
message_die(GENERAL_ERROR, $lang['Not_Authorised']);
}
}
}
if( !isset($HTTP_POST_VARS['confirm']) )
{
if( isset($HTTP_POST_VARS['cancel']) )
{
redirect(append_sid("album_comment.$phpEx?comment_id=$comment_id"));
exit;
}
$page_title = $lang['Album'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'confirm_body.tpl')
);
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Comment_delete_confirm'],
'L_NO' => $lang['No'],
'L_YES' => $lang['Yes'],
'S_CONFIRM_ACTION' => append_sid("album_comment.$phpEx?mode=delete&comment_id=$comment_id"))
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
$sql = "DELETE FROM ". ALBUM_COMMENT_TABLE ."
WHERE comment_id = '$comment_id'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete this comment', '', __LINE__, __FILE__, $sql);
}
$message = $lang['Deleted'];
if ($cat_id != PERSONAL_GALLERY)
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("album_cat.$phpEx?cat_id=$cat_id") . '">')
);
$message .= "<br /><br />" . sprintf($lang['Click_return_category'], "<a href="" . append_sid("album_cat.$phpEx?cat_id=$cat_id") . "">", "</a>");
}
else
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("album_personal.$phpEx?user_id=$user_id") . '">')
);
$message .= "<br /><br />" . sprintf($lang['Click_return_personal_gallery'], "<a href="" . append_sid("album_personal.$phpEx?user_id=$user_id") . "">", "</a>");
}
$message .= "<br /><br />" . sprintf($lang['Click_return_album_index'], "<a href="" . append_sid("album.$phpEx") . "">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
}
if( !isset($HTTP_POST_VARS['comment']) )
{
if( !isset($comment_id) )
{
if( isset($HTTP_GET_VARS['start']) )
{
$start = intval($HTTP_GET_VARS['start']);
}
else if( isset($HTTP_POST_VARS['start']) )
{
$start = intval($HTTP_POST_VARS['start']);
}
else
{
$start = 0;
}
}
else
{
$sql = "SELECT COUNT(comment_id) AS count
FROM ". ALBUM_COMMENT_TABLE ."
WHERE comment_pic_id = $pic_id
AND comment_id < $comment_id";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtain comments information from the database', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if( !empty($row) )
{
$start = floor( $row['count'] / $comments_per_page ) * $comments_per_page;
}
else
{
$start = 0;
}
}
if( isset($HTTP_GET_VARS['sort_order']) )
{
switch ($HTTP_GET_VARS['sort_order'])
{
case 'ASC':
$sort_order = 'ASC';
break;
default:
$sort_order = 'DESC';
}
}
else if( isset($HTTP_POST_VARS['sort_order']) )
{
switch ($HTTP_POST_VARS['sort_order'])
{
case 'ASC':
$sort_order = 'ASC';
break;
default:
$sort_order = 'DESC';
}
}
else
{
$sort_order = 'ASC';
}
if ($total_comments > 0)
{
$limit_sql = ($start == 0) ? $comments_per_page : $start .','. $comments_per_page;
$sql = "SELECT c.*, u.user_id, u.username
FROM ". ALBUM_COMMENT_TABLE ." AS c
LEFT JOIN ". USERS_TABLE ." AS u ON c.comment_user_id = u.user_id
WHERE c.comment_pic_id = '$pic_id'
ORDER BY c.comment_id $sort_order
LIMIT $limit_sql";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtain comments information from the database', '', __LINE__, __FILE__, $sql);
}
$commentrow = array();
while( $row = $db->sql_fetchrow($result) )
{
$commentrow[] = $row;
}
for ($i = 0; $i < count($commentrow); $i++)
{
if( ($commentrow[$i]['user_id'] == ALBUM_GUEST) or ($commentrow[$i]['username'] == '') )
{
$poster = ($commentrow[$i]['comment_username'] == '') ? $lang['Guest'] : $commentrow[$i]['comment_username'];
}
else
{
$poster = '<a href="'. append_sid("profile.$phpEx?mode=viewprofile&". POST_USERS_URL .'='. $commentrow[$i]['user_id']) .'">'. $commentrow[$i]['username'] .'</a>';
}
if ($commentrow[$i]['comment_edit_count'] > 0)
{
$sql = "SELECT c.comment_id, c.comment_edit_user_id, u.user_id, u.username
FROM ". ALBUM_COMMENT_TABLE ." AS c
LEFT JOIN ". USERS_TABLE ." AS u ON c.comment_edit_user_id = u.user_id
WHERE c.comment_id = '".$commentrow[$i]['comment_id']."'
LIMIT 1";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtain last edit information from the database', '', __LINE__, __FILE__, $sql);
}
$lastedit_row = $db->sql_fetchrow($result);
$edit_info = ($commentrow[$i]['comment_edit_count'] == 1) ? $lang['Edited_time_total'] : $lang['Edited_times_total'];
$edit_info = '<br /><br />» '. sprintf($edit_info, $lastedit_row['username'], create_date($board_config['default_dateformat'], $commentrow[$i]['comment_edit_time'], $board_config['board_timezone']), $commentrow[$i]['comment_edit_count']) .'<br />';
}
else
{
$edit_info = '';
}
if ($commentrow[$i]['comment_id'] == $comment_id)
{
$comment_text = '<textarea name="comment" rows="2" cols="15" style="width: 235px;">' . $thiscomment['comment_text'] . '</textarea>';
$comment_text .= '<input type="submit" name="submit" value="save" class="subbutton" />';
}
else
{
$comment_text = smilies_pass($commentrow[$i]['comment_text']);
$comment_text = nl2br($comment_text);
}
$row_class = ( !($i % 2) ) ? 'row_easy' : 'row_hard';
$template->assign_block_vars('commentrow', array(
'ID' => $commentrow[$i]['comment_id'],
'ROW_CLASS' => $row_class,
'POSTER' => $poster,
'TIME' => create_date($board_config['default_dateformat'], $commentrow[$i]['comment_time'], $board_config['board_timezone']),
'IP' => ($userdata['user_level'] == ADMIN) ? '<br/>' . $lang['IP_Address'] . ': ' . decode_ip($commentrow[$i]['comment_user_ip']) : '',
'TEXT' => $comment_text,
'EDIT_INFO' => $edit_info,
'EDIT' => ( ( $auth_data['edit'] and ($commentrow[$i]['comment_user_id'] == $userdata['user_id']) ) or ($auth_data['moderator'] and ($thiscat['cat_edit_level'] != ALBUM_ADMIN) ) or ($userdata['user_level'] == ADMIN) ) ? '<a href="'. append_sid("album_comment.$phpEx?comment_id=". $commentrow[$i]['comment_id']) .'">'. $lang['Edit_pic'] .'</a>|' : '',
'DELETE' => ( ( $auth_data['delete'] and ($commentrow[$i]['comment_user_id'] == $userdata['user_id']) ) or ($auth_data['moderator'] and ($thiscat['cat_delete_level'] != ALBUM_ADMIN) ) or ($userdata['user_level'] == ADMIN) ) ? '<a href="'. append_sid("album_comment.$phpEx?mode=delete&comment_id=". $commentrow[$i]['comment_id']) .'">'. $lang['Delete_pic'] .'</a>' : ''
)
);
}
$template->assign_block_vars('switch_comment', array());
$template->assign_vars(array(
'PAGINATION' => generate_pagination(append_sid("album_comment.$phpEx?pic_id=$pic_id&sort_order=$sort_order"), $total_comments, $comments_per_page, $start),
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $comments_per_page ) + 1 ), ceil( $total_comments / $comments_per_page ))
)
);
}
$page_title = $lang['Album'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'album_comment_body.tpl')
);
if( ($thispic['pic_user_id'] == ALBUM_GUEST) or ($thispic['username'] == '') )
{
$poster = ($thispic['pic_username'] == '') ? $lang['Guest'] : $thispic['pic_username'];
}
else
{
$poster = '<a href="'. append_sid("profile.$phpEx?mode=viewprofile&". POST_USERS_URL .'='. $thispic['user_id']) .'">'. $thispic['username'] .'</a>';
}
if ($auth_data['comment'] == 1)
{
$template->assign_block_vars('switch_comment_post', array());
if( !$userdata['session_logged_in'] )
{
$template->assign_block_vars('switch_comment_post.logout', array());
}
}
$save = ($comment_id) ? 'comment_id=' . $comment_id : 'pic_id=' . $pic_id;
$template->assign_vars(array(
'CAT_TITLE' => $thiscat['cat_title'],
'U_VIEW_CAT' => ($cat_id != PERSONAL_GALLERY) ? append_sid("album_cat.$phpEx?cat_id=$cat_id") : append_sid("album_personal.$phpEx?user_id=$user_id"),
'U_THUMBNAIL' => append_sid("album_thumbnail.$phpEx?pic_id=$pic_id"),
'U_PIC' => ($album_config['fullpic_popup']) ? append_sid("album_pic.$phpEx?pic_id=$pic_id") : append_sid("album_page.$phpEx?pic_id=$pic_id"),
'PIC_TITLE' => $thispic['pic_title'],
'PIC_DESC' => nl2br($thispic['pic_desc']),
'POSTER' => $poster,
'PIC_TIME' => create_date($board_config['default_dateformat'], $thispic['pic_time'], $board_config['board_timezone']),
'PIC_VIEW' => $thispic['pic_view_count'],
'PIC_COMMENTS' => $total_comments,
'S_MESSAGE' => $thiscomment['comment_text'],
'TARGET_BLANK' => ($album_config['fullpic_popup']) ? 'target="_blank"' : '',
'L_PIC_TITLE' => $lang['Pic_Title'],
'L_PIC_DESC' => $lang['Pic_Desc'],
'L_POSTER' => $lang['Poster'],
'L_POSTED' => $lang['Posted'],
'L_VIEW' => $lang['View'],
'L_COMMENTS' => $lang['Comments'],
'L_POST_YOUR_COMMENT' => $lang['Post_your_comment'],
'L_MESSAGE' => $lang['Message'],
'L_USERNAME' => $lang['Username'],
'L_COMMENT_NO_TEXT' => $lang['Comment_no_text'],
'L_COMMENT_TOO_LONG' => $lang['Comment_too_long'],
'L_MAX_LENGTH' => $lang['Max_length'],
'S_MAX_LENGTH' => $album_config['desc_length'],
'L_ORDER' => $lang['Order'],
'L_SORT' => $lang['Sort'],
'L_ASC' => $lang['Sort_Ascending'],
'L_DESC' => $lang['Sort_Descending'],
'SORT_ASC' => ($sort_order == 'ASC') ? 'selected="selected"' : '',
'SORT_DESC' => ($sort_order == 'DESC') ? 'selected="selected"' : '',
'L_SUBMIT' => $lang['Submit'],
'S_ALBUM_ACTION' => append_sid("album_comment.$phpEx?$save")
)
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else if ($comment_id)
{
$comment_text = str_replace("'", "''", htmlspecialchars(substr(trim($HTTP_POST_VARS['comment']), 0, $album_config['desc_length'])));
if( empty($comment_text) )
{
message_die(GENERAL_ERROR, $lang['Comment_no_text']);
}
$comment_edit_time = time();
$comment_edit_user_id = $userdata['user_id'];
$sql = "UPDATE ". ALBUM_COMMENT_TABLE ."
SET comment_text = '$comment_text', comment_edit_time = '$comment_edit_time', comment_edit_count = comment_edit_count + 1, comment_edit_user_id = '$comment_edit_user_id'
WHERE comment_id = '$comment_id'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update comment data', '', __LINE__, __FILE__, $sql);
}
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("album_comment.$phpEx?pic_id=$pic_id") . '">')
);
$message = $lang['Stored'] . "<br /><br />" . sprintf($lang['Click_view_message'], "<a href="" . append_sid("album_comment.$phpEx?pic_id=$pic_id") . "">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_album_index'], "<a href="" . append_sid("album.$phpEx") . "">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
else
{
if ($auth_data['comment'] == 0)
{
if (!$userdata['session_logged_in'])
{
redirect(append_sid("login.$phpEx?redirect=album_comment.$phpEx&pic_id=$pic_id"));
}
else
{
message_die(GENERAL_ERROR, $lang['Not_Authorised']);
}
}
$comment_text = str_replace("'", "''", htmlspecialchars(substr(trim($HTTP_POST_VARS['comment']), 0, $album_config['desc_length'])));
$comment_username = (!$userdata['session_logged_in']) ? str_replace("'", "''", substr(htmlspecialchars(trim($HTTP_POST_VARS['comment_username'])), 0, 32)) : str_replace("'", "''", htmlspecialchars(trim($userdata['username'])));
if( empty($comment_text) )
{
message_die(GENERAL_ERROR, $lang['Comment_no_text']);
}
if( ($thispic['pic_lock'] == 1) and (!$auth_data['moderator']) )
{
message_die(GENERAL_ERROR, $lang['Pic_Locked']);
}
if (!$userdata['session_logged_in'])
{
if ($comment_username != '')
{
$result = validate_username($comment_username);
if ( $result['error'] )
{
message_die(GENERAL_MESSAGE, $result['error_msg']);
}
}
}
$comment_time = time();
$comment_user_id = $userdata['user_id'];
$comment_user_ip = $userdata['session_ip'];
$sql = "SELECT MAX(comment_id) AS max
FROM ". ALBUM_COMMENT_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not found comment_id', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$comment_id = $row['max'] + 1;
$sql = "INSERT INTO ". ALBUM_COMMENT_TABLE ." (comment_id, comment_pic_id, comment_user_id, comment_username, comment_user_ip, comment_time, comment_text)
VALUES ('$comment_id', '$pic_id', '$comment_user_id', '$comment_username', '$comment_user_ip', '$comment_time', '$comment_text')";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new entry', '', __LINE__, __FILE__, $sql);
}
// Sobytie
add_sobytie($pic_id, 'album_comment', '', '', '', $comment_user_id, $comment_username, '', $comment_text, $comment_time);
// Sobytie
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("album_comment.$phpEx?pic_id=$pic_id") . '#'.$comment_id.'">')
);
$message = $lang['Stored'] . "<br /><br />" . sprintf($lang['Click_view_message'], "<a href="" . append_sid("album_comment.$phpEx?pic_id=$pic_id") . "">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_album_index'], "<a href="" . append_sid("album.$phpEx") . "">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
?>