- A guest can't take the username of an already existing user

- If a guest post a comment without giving a username, the $lang['guest'] is displayed git-svn-id: http://piwigo.org/svn/trunk@78 68402e56-0260-453c-a942-63ccdbb3a9ee
2003-09-07 21:33:36 +00:00 · 2003-09-07 21:33:36 +00:00 · 79e9414c0f
commit 79e9414c0f
parent cdfb50b426
2 changed files with 66 additions and 36 deletions
--- a/admin/comments.php
+++ b/admin/comments.php
@ -84,7 +84,9 @@ function display_pictures( $mysql_result, $maxtime, $validation_box = false )
    while ( $subrow = mysql_fetch_array( $subresult ) )
    {
      $vtp->addSession( $sub, 'comment' );
-      $vtp->setVar( $sub, 'comment.author', $subrow['author'] );
+      $author = $subrow['author'];
+      if ( $subrow['author'] == '' ) $author = $lang['guest'];
+      $vtp->setVar( $sub, 'comment.author', $author );
      $displayed_date = format_date( $subrow['date'], 'unix', true );
      $vtp->setVar( $sub, 'comment.date', $displayed_date );
      $vtp->setVar( $sub, 'comment.content', nl2br( $subrow['content'] ) );
--- a/picture.php
+++ b/picture.php
@ -540,46 +540,72 @@ if ( $conf['show_comments'] )
  // comment registeration
  if ( isset( $_POST['content'] ) and $_POST['content'] != '' )
  {
-    $author = $user['username'];
-    if ( $_POST['author'] != '' ) $author = $_POST['author'];
+    $register_comment = true;

-    // anti-flood system
-    $reference_date = time() - $conf['anti-flood_time'];
-    $query = 'SELECT id';
-    $query.= ' FROM '.PREFIX_TABLE.'comments';
-    $query.= ' WHERE date > '.$reference_date;
-    $query.= " AND author = '".$author."'";
-    $query.= ';';
-    if ( mysql_num_rows( mysql_query( $query ) ) == 0
-         or $conf['anti-flood_time'] == 0 )
+    if ( !$user['is_the_guest'] ) $author = $user['username'];
+    if ( $_POST['author'] != '' ) $author = $_POST['author'];
+    // if a guest try to use the name of an already existing user, he must
+    // be rejected
+    if ( isset( $author ) and $author != $user['username'] )
    {
-      $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
-      $query.= ' (author,date,image_id,content,validated) VALUES';
-      $query.= " ('".$author."',".time().",".$page['id'];
-      $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
-      if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
-        $query.= ",'true'";
-      else
-        $query.= ",'false'";
-      $query.= ');';
-      mysql_query( $query );
-      // information message
-      $vtp->addSession( $handle, 'information' );
-      $message = $lang['comment_added'];
-      if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+      $query = 'SELECT COUNT(*) AS user_exists';
+      $query.= ' FROM '.PREFIX_TABLE.'users';
+      $query.= " WHERE username = '".$author."'";
+      $query.= ';';
+      $row = mysql_fetch_array( mysql_query( $query ) );
+      if ( $row['user_exists'] == 1 )
      {
-        $message.= '<br />'.$lang['comment_to_validate'];
+        $vtp->addSession( $handle, 'information' );
+        $message = $lang['comment_user_exists'];
+        $vtp->setVar( $handle, 'information.content', $message );
+        $vtp->closeSession( $handle, 'information' );
+        $register_comment = false;
      }
-      $vtp->setVar( $handle, 'information.content', $message );
-      $vtp->closeSession( $handle, 'information' );
    }
-    else
+
+    if ( $register_comment )
    {
-      // information message
-      $vtp->addSession( $handle, 'information' );
-      $message = $lang['comment_anti-flood'];
-      $vtp->setVar( $handle, 'information.content', $message );
-      $vtp->closeSession( $handle, 'information' );
+      // anti-flood system
+      $reference_date = time() - $conf['anti-flood_time'];
+      $query = 'SELECT id';
+      $query.= ' FROM '.PREFIX_TABLE.'comments';
+      $query.= ' WHERE date > '.$reference_date;
+      $query.= " AND author = '".$author."'";
+      $query.= ';';
+      if ( mysql_num_rows( mysql_query( $query ) ) == 0
+           or $conf['anti-flood_time'] == 0 )
+      {
+        $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
+        $query.= ' (author,date,image_id,content,validated) VALUES';
+        $query.= ' (';
+        if ( !isset( $author ) ) $query.= 'NULL';
+        else                     $query.= "'".$author."'";
+        $query.= ','.time().','.$page['id'];
+        $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
+        if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
+          $query.= ",'true'";
+        else
+          $query.= ",'false'";
+        $query.= ');';
+        mysql_query( $query );
+        // information message
+        $vtp->addSession( $handle, 'information' );
+        $message = $lang['comment_added'];
+        if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+        {
+          $message.= '<br />'.$lang['comment_to_validate'];
+        }
+        $vtp->setVar( $handle, 'information.content', $message );
+        $vtp->closeSession( $handle, 'information' );
+      }
+      else
+      {
+        // information message
+        $vtp->addSession( $handle, 'information' );
+        $message = $lang['comment_anti-flood'];
+        $vtp->setVar( $handle, 'information.content', $message );
+        $vtp->closeSession( $handle, 'information' );
+      }
    }
  }
  // comment deletion
@ -635,7 +661,9 @@ if ( $conf['show_comments'] )
  while ( $row = mysql_fetch_array( $result ) )
  {
    $vtp->addSession( $handle, 'comment' );
-    $vtp->setVar( $handle, 'comment.author', $row['author'] );
+    $author = $row['author'];
+    if ( $row['author'] == '' ) $author = $lang['guest'];
+    $vtp->setVar( $handle, 'comment.author', $author );
    $vtp->setVar( $handle, 'comment.date',
                  format_date( $row['date'], 'unix', true ) );
    $vtp->setVar( $handle, 'comment.content', nl2br( $row['content'] ) );