From 64c872a83e726ec4d298be479b57dae13fb2c0c6 Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Tue, 23 Jun 2009 21:18:16 +0000
Subject: Feature 1026 step 2 : add author_id column so that guest cannot
 modify old users comments

git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 comments.php | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

(limited to 'comments.php')

diff --git a/comments.php b/comments.php
index 048e8d692..f5147e1b4 100644
--- a/comments.php
+++ b/comments.php
@@ -100,7 +100,9 @@ if (isset($_GET['cat']) and 0 != $_GET['cat'])
 // search a particular author
 if (isset($_GET['author']) and !empty($_GET['author']))
 {
-  $page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\'';
+  $page['where_clauses'][] = 
+    'u.username = \''.addslashes($_GET['author']).'\'
+     OR author = \''.addslashes($_GET['author']).'\'';    
 }
 
 // search a substring among comments content
@@ -261,10 +263,12 @@ else
 }
 
 $query = '
-SELECT COUNT(DISTINCT(id))
+SELECT COUNT(DISTINCT(com.id))
   FROM '.IMAGE_CATEGORY_TABLE.' AS ic
     INNER JOIN '.COMMENTS_TABLE.' AS com
     ON ic.image_id = com.image_id
+    LEFT JOIN '.USERS_TABLE.' As u
+    ON u.id = com.author_id
   WHERE '.implode('
     AND ', $page['where_clauses']).'
 ;';
@@ -295,12 +299,16 @@ SELECT com.id AS comment_id
      , com.image_id
      , ic.category_id
      , com.author
+     , com.author_id
+     , username
      , com.date
      , com.content
      , com.validated
   FROM '.IMAGE_CATEGORY_TABLE.' AS ic
-    INNER JOIN '.COMMENTS_TABLE.' AS com
+    INNER JOIN '.COMMENTS_TABLE.' AS com    
     ON ic.image_id = com.image_id
+    LEFT JOIN '.USERS_TABLE.' AS u
+    ON u.id = com.author_id
   WHERE '.implode('
     AND ', $page['where_clauses']).'
   GROUP BY comment_id
@@ -366,10 +374,17 @@ SELECT id, name, permalink, uppercats
             )
           );
 
-    $author = $comment['author'];
-    if (empty($comment['author']))
+    if (!empty($comment['author'])) 
+    {
+      $author = $comment['author'];
+      if ($author == 'guest')
+      {
+	$author = l10n('guest');
+      }
+    }
+    else
     {
-      $author = l10n('guest');
+      $author = $comment['username'];
     }
 
     $tpl_comment =
@@ -382,7 +397,7 @@ SELECT id, name, permalink, uppercats
         'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
         );
 
-    if (can_manage_comment('delete', $comment['author'])) 
+    if (can_manage_comment('delete', $comment['author_id'])) 
     {
       $url = get_root_url().'comments.php'
 	.get_query_string_diff(array('delete','validate','edit'));
@@ -391,7 +406,7 @@ SELECT id, name, permalink, uppercats
 		       array('delete'=>$comment['comment_id'])
 		       );
     }
-    if (can_manage_comment('edit', $comment['author']))
+    if (can_manage_comment('edit', $comment['author_id']))
     {
       $url = get_root_url().'comments.php'
 	.get_query_string_diff(array('edit', 'delete','validate'));
-- 
cgit v1.2.3