Feature 1026 : Modify / delete comments for users

 + update config table content
 + minor modification of Sylvia theme
 + need refactoring

git-svn-id: http://piwigo.org/svn/trunk@3445 68402e56-0260-453c-a942-63ccdbb3a9ee

3 files changed, 174 insertions, 9 deletions

diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index c8dd6f3e0..fb421d39b 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -205,4 +205,134 @@ INSERT INTO '.COMMENTS_TABLE.'
   return $comment_action;
 }
 
+/**
+ * Tries to delete a user comment in the database
+ * only admin can delete all comments
+ * other users can delete their own comments 
+ * so to avoid a new sql request we add author in where clause
+ *
+ * @param comment_id 
+ */
+
+function delete_user_comment($comment_id) {
+  $user_where_clause = '';
+  if (!is_admin())
+  {
+    $user_where_clause = '   AND author = \''.$GLOBALS['user']['username'].'\'';
+  }
+  $query = '
+DELETE FROM '.COMMENTS_TABLE.'
+  WHERE id = '.$comment_id.
+$user_where_clause.'
+;';
+  $result = pwg_query($query);
+  if ($result) {
+    email_admin('delete', array('author' => $GLOBALS['user']['username']));
+  }
+}
+
+/**
+ * Tries to update a user comment in the database
+ * only admin can update all comments
+ * users can edit their own comments if admin allow them
+ * so to avoid a new sql request we add author in where clause
+ *
+ * @param comment_id 
+ * @param post_key
+ * @param content
+ */
+
+function update_user_comment($comment, $post_key) {
+  global $conf;
+
+  $comment_action = 'validate';
+
+  $key = explode( ':', $post_key );
+  if ( count($key)!=2
+       or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
+       or $key[0]<time()-3600 // 60 minutes expiration
+       or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key']
+		    ) != $key[1]
+       )
+  {
+    $comment_action='reject';
+  }
+
+  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
+  { // anti-flood system
+    $reference_date = time() - $conf['anti-flood_time'];
+    $query = '
+SELECT id FROM '.COMMENTS_TABLE.'
+  WHERE date > FROM_UNIXTIME('.$reference_date.')
+    AND author = "'.$GLOBALS['user']['username'].'"';
+    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
+    {
+      array_push( $infos, l10n('comment_anti-flood') );
+      $comment_action='reject';
+    }
+  }
+
+  // perform more spam check
+  $comment_action = 
+    trigger_event('user_comment_check',
+		  $comment_action, 
+		  array_merge($comment, 
+			      array('author' => $GLOBALS['user']['username'])
+			      )
+		  );
+
+  if ( $comment_action!='reject' )
+  {
+    $user_where_clause = '';
+    if (!is_admin())
+    {
+      $user_where_clause = '   AND author = \''.
+	$GLOBALS['user']['username'].'\'';
+    }
+    $query = '
+UPDATE '.COMMENTS_TABLE.'
+  SET content = \''.$comment['content'].'\',
+      validation_date = now()
+  WHERE id = '.$comment['comment_id'].
+$user_where_clause.'
+;';
+    $result = pwg_query($query);
+    if ($result) {
+      email_admin('edit', array('author' => $GLOBALS['user']['username'],
+				'content' => $comment['content']));
+    }
+  }
+}
+
+function email_admin($action, $comment) {
+  global $conf;
+
+  if (!in_array($action, array('edit', 'delete'))
+      or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
+      or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
+  {
+    return;
+  }
+
+  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
+  
+  $keyargs_content = array();
+  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
+  if ($action=='delete') 
+  {
+    $keyargs_content[] = get_l10n_args('This author remove comment with id %d',
+				       $comment['comment_id']
+				       );
+  }
+  else
+  {
+    $keyargs_content[] = get_l10n_args('This author modified following comment:', '');
+    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
+  }
+  
+  pwg_mail_notification_admins(get_l10n_args('Comment by %s', 
+					     $comment['author']),
+			       $keyargs_content
+			       );
+}
 ?>
\ No newline at end of file
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index d7ef88992..d7aa81f24 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1198,6 +1198,21 @@ function is_adviser()
 }
 
 /*
+ * Return if current user can edit/delete a comment
+ * @param action edit/delete
+ * @return bool
+ */
+function can_manage_comment($action, $comment_author) 
+{
+  if (!in_array($action, array('delete','edit'))) {
+    return false;
+  }
+  return (is_admin() || 
+	  (($GLOBALS['user']['username'] == $comment_author) 
+	   && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
+}
+
+/*
  * Return mail address as display text
  * @return string
 */
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 9a120e355..5dd4c6033 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -151,16 +151,35 @@ $validated_clause.'
           'CONTENT' => trigger_event('render_comment_content',$row['content']),
         );
 
-      if (is_admin())
+      if (can_manage_comment('delete', $row['author']))
       {
         $tpl_comment['U_DELETE'] =
-            add_url_params(
-                  $url_self,
-                  array(
-                    'action'=>'delete_comment',
-                    'comment_to_delete'=>$row['id']
-                  )
-              );
+	  add_url_params($url_self,
+			 array(
+			   'action'=>'delete_comment',
+			   'comment_to_delete'=>$row['id']
+			       )
+			 );
+      }
+      if (can_manage_comment('edit', $row['author']))
+      {
+	$tpl_comment['U_EDIT'] =
+	  add_url_params($url_self,
+			 array(
+			   'action'=>'edit_comment',
+			   'comment_to_edit'=>$row['id']
+			       )
+			 );
+	if (isset($edit_comment) and ($row['id'] == $edit_comment))
+	{
+	  $tpl_comment['IN_EDIT'] = true;
+	  $key = get_comment_post_key($page['image_id']);
+	  $tpl_comment['KEY'] = $key;
+	  $tpl_comment['CONTENT'] = $row['content'];
+	}
+      }
+      if (is_admin())
+      {
 	if ($row['validated'] != 'true')
 	{
 	  $tpl_comment['U_VALIDATE'] = 
@@ -176,7 +195,8 @@ $validated_clause.'
   }
 
   if (!is_a_guest()
-      or (is_a_guest() and $conf['comments_forall']))
+      or (is_a_guest() and $conf['comments_forall'])
+      and (isset($edit_comment) and ($edit_comment != null)))
   {
     $key = get_comment_post_key($page['image_id']);
     $content = '';