diff --git a/admin/configuration.php b/admin/configuration.php
index bd7858ca8..a0df63190 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -69,6 +69,10 @@ $comments_checkboxes = array(
'comments_validation',
'email_admin_on_comment',
'email_admin_on_comment_validation',
+ 'user_can_delete_comment',
+ 'user_can_edit_comment',
+ 'email_admin_on_comment_edition',
+ 'email_admin_on_comment_deletion'
);
//------------------------------ verification and registration of modifications
diff --git a/admin/template/goto/configuration.tpl b/admin/template/goto/configuration.tpl
index 95d2518d4..9f335d36c 100644
--- a/admin/template/goto/configuration.tpl
+++ b/admin/template/goto/configuration.tpl
@@ -143,6 +143,32 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
{/if}
diff --git a/comments.php b/comments.php
index 0c813face..048e8d692 100644
--- a/comments.php
+++ b/comments.php
@@ -26,6 +26,7 @@
// +-----------------------------------------------------------------------+
define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
+include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok |
@@ -142,14 +143,9 @@ $page['where_clauses'][] = get_sql_condition_FandF
// | comments management |
// +-----------------------------------------------------------------------+
if (isset($_GET['delete']) and is_numeric($_GET['delete'])
- and !is_adviser() )
+ and (is_admin() || $conf['user_can_delete_comment']))
{// comments deletion
- check_status(ACCESS_ADMINISTRATOR);
- $query = '
-DELETE FROM '.COMMENTS_TABLE.'
- WHERE id='.$_GET['delete'].'
-;';
- pwg_query($query);
+ delete_user_comment($_GET['delete']);
}
if (isset($_GET['validate']) and is_numeric($_GET['validate'])
@@ -165,6 +161,25 @@ UPDATE '.COMMENTS_TABLE.'
pwg_query($query);
}
+if (isset($_GET['edit']) and is_numeric($_GET['edit'])
+ and (is_admin() || $conf['user_can_edit_comment']))
+{
+ if (!empty($_POST['content']))
+ {
+ update_user_comment(array('comment_id' => $_GET['edit'],
+ 'image_id' => $_POST['image_id'],
+ 'content' => $_POST['content']),
+ $_POST['key']
+ );
+
+ $edit_comment = null;
+ }
+ else
+ {
+ $edit_comment = $_GET['edit'];
+ }
+}
+
// +-----------------------------------------------------------------------+
// | page header and options |
// +-----------------------------------------------------------------------+
@@ -367,20 +382,40 @@ SELECT id, name, permalink, uppercats
'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
);
- if ( is_admin() )
+ if (can_manage_comment('delete', $comment['author']))
{
- $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate'));
- $tpl_comment['U_DELETE'] = add_url_params($url,
- array('delete'=>$comment['comment_id'])
- );
-
- if ($comment['validated'] != 'true')
+ $url = get_root_url().'comments.php'
+ .get_query_string_diff(array('delete','validate','edit'));
+ $tpl_comment['U_DELETE'] =
+ add_url_params($url,
+ array('delete'=>$comment['comment_id'])
+ );
+ }
+ if (can_manage_comment('edit', $comment['author']))
+ {
+ $url = get_root_url().'comments.php'
+ .get_query_string_diff(array('edit', 'delete','validate'));
+ $tpl_comment['U_EDIT'] =
+ add_url_params($url,
+ array('edit'=>$comment['comment_id'])
+ );
+ if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
{
- $tpl_comment['U_VALIDATE'] = add_url_params($url,
- array('validate'=>$comment['comment_id'])
- );
+ $tpl_comment['IN_EDIT'] = true;
+ $key = get_comment_post_key($comment['image_id']);
+ $tpl_comment['KEY'] = $key;
+ $tpl_comment['IMAGE_ID'] = $comment['image_id'];
+ $tpl_comment['CONTENT'] = $comment['content'];
}
}
+
+ if ( is_admin() && $comment['validated'] != 'true')
+ {
+ $tpl_comment['U_VALIDATE'] =
+ add_url_params($url,
+ array('validate'=>$comment['comment_id'])
+ );
+ }
$template->append('comments', $tpl_comment);
}
}
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index c8dd6f3e0..fb421d39b 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -205,4 +205,134 @@ INSERT INTO '.COMMENTS_TABLE.'
return $comment_action;
}
+/**
+ * Tries to delete a user comment in the database
+ * only admin can delete all comments
+ * other users can delete their own comments
+ * so to avoid a new sql request we add author in where clause
+ *
+ * @param comment_id
+ */
+
+function delete_user_comment($comment_id) {
+ $user_where_clause = '';
+ if (!is_admin())
+ {
+ $user_where_clause = ' AND author = \''.$GLOBALS['user']['username'].'\'';
+ }
+ $query = '
+DELETE FROM '.COMMENTS_TABLE.'
+ WHERE id = '.$comment_id.
+$user_where_clause.'
+;';
+ $result = pwg_query($query);
+ if ($result) {
+ email_admin('delete', array('author' => $GLOBALS['user']['username']));
+ }
+}
+
+/**
+ * Tries to update a user comment in the database
+ * only admin can update all comments
+ * users can edit their own comments if admin allow them
+ * so to avoid a new sql request we add author in where clause
+ *
+ * @param comment_id
+ * @param post_key
+ * @param content
+ */
+
+function update_user_comment($comment, $post_key) {
+ global $conf;
+
+ $comment_action = 'validate';
+
+ $key = explode( ':', $post_key );
+ if ( count($key)!=2
+ or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
+ or $key[0]0 )
+ { // anti-flood system
+ $reference_date = time() - $conf['anti-flood_time'];
+ $query = '
+SELECT id FROM '.COMMENTS_TABLE.'
+ WHERE date > FROM_UNIXTIME('.$reference_date.')
+ AND author = "'.$GLOBALS['user']['username'].'"';
+ if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
+ {
+ array_push( $infos, l10n('comment_anti-flood') );
+ $comment_action='reject';
+ }
+ }
+
+ // perform more spam check
+ $comment_action =
+ trigger_event('user_comment_check',
+ $comment_action,
+ array_merge($comment,
+ array('author' => $GLOBALS['user']['username'])
+ )
+ );
+
+ if ( $comment_action!='reject' )
+ {
+ $user_where_clause = '';
+ if (!is_admin())
+ {
+ $user_where_clause = ' AND author = \''.
+ $GLOBALS['user']['username'].'\'';
+ }
+ $query = '
+UPDATE '.COMMENTS_TABLE.'
+ SET content = \''.$comment['content'].'\',
+ validation_date = now()
+ WHERE id = '.$comment['comment_id'].
+$user_where_clause.'
+;';
+ $result = pwg_query($query);
+ if ($result) {
+ email_admin('edit', array('author' => $GLOBALS['user']['username'],
+ 'content' => $comment['content']));
+ }
+ }
+}
+
+function email_admin($action, $comment) {
+ global $conf;
+
+ if (!in_array($action, array('edit', 'delete'))
+ or (($action=='edit') and !$conf['email_admin_on_comment_edition'])
+ or (($action=='delete') and !$conf['email_admin_on_comment_deletion']))
+ {
+ return;
+ }
+
+ include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
+
+ $keyargs_content = array();
+ $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
+ if ($action=='delete')
+ {
+ $keyargs_content[] = get_l10n_args('This author remove comment with id %d',
+ $comment['comment_id']
+ );
+ }
+ else
+ {
+ $keyargs_content[] = get_l10n_args('This author modified following comment:', '');
+ $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
+ }
+
+ pwg_mail_notification_admins(get_l10n_args('Comment by %s',
+ $comment['author']),
+ $keyargs_content
+ );
+}
?>
\ No newline at end of file
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index d7ef88992..d7aa81f24 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1197,6 +1197,21 @@ function is_adviser()
return ($user['adviser'] == 'true');
}
+/*
+ * Return if current user can edit/delete a comment
+ * @param action edit/delete
+ * @return bool
+ */
+function can_manage_comment($action, $comment_author)
+{
+ if (!in_array($action, array('delete','edit'))) {
+ return false;
+ }
+ return (is_admin() ||
+ (($GLOBALS['user']['username'] == $comment_author)
+ && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
+}
+
/*
* Return mail address as display text
* @return string
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 9a120e355..5dd4c6033 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -151,16 +151,35 @@ $validated_clause.'
'CONTENT' => trigger_event('render_comment_content',$row['content']),
);
- if (is_admin())
+ if (can_manage_comment('delete', $row['author']))
{
$tpl_comment['U_DELETE'] =
- add_url_params(
- $url_self,
- array(
- 'action'=>'delete_comment',
- 'comment_to_delete'=>$row['id']
- )
- );
+ add_url_params($url_self,
+ array(
+ 'action'=>'delete_comment',
+ 'comment_to_delete'=>$row['id']
+ )
+ );
+ }
+ if (can_manage_comment('edit', $row['author']))
+ {
+ $tpl_comment['U_EDIT'] =
+ add_url_params($url_self,
+ array(
+ 'action'=>'edit_comment',
+ 'comment_to_edit'=>$row['id']
+ )
+ );
+ if (isset($edit_comment) and ($row['id'] == $edit_comment))
+ {
+ $tpl_comment['IN_EDIT'] = true;
+ $key = get_comment_post_key($page['image_id']);
+ $tpl_comment['KEY'] = $key;
+ $tpl_comment['CONTENT'] = $row['content'];
+ }
+ }
+ if (is_admin())
+ {
if ($row['validated'] != 'true')
{
$tpl_comment['U_VALIDATE'] =
@@ -176,7 +195,8 @@ $validated_clause.'
}
if (!is_a_guest()
- or (is_a_guest() and $conf['comments_forall']))
+ or (is_a_guest() and $conf['comments_forall'])
+ and (isset($edit_comment) and ($edit_comment != null)))
{
$key = get_comment_post_key($page['image_id']);
$content = '';
diff --git a/install/config.sql b/install/config.sql
index 6e086d59c..76c7bd6ae 100644
--- a/install/config.sql
+++ b/install/config.sql
@@ -4,6 +4,10 @@ INSERT INTO piwigo_config (param,value,comment) VALUES ('nb_comment_page','10','
INSERT INTO piwigo_config (param,value,comment) VALUES ('log','false','keep an history of visits on your website');
INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_validation','false','administrators validate users comments before becoming visible');
INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_forall','false','even guest not registered can post comments');
+INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_delete_comment','false','administrators can allow user delete their own comments');
+INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_edit_comment','false','administrators can allow user edit their own comments');
+INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_edition','false','Send an email to the administrators when a comment is modified');
+INSERT INTO piwigo_config (param,value,comment) VALUES ('email_admin_on_comment_deletion','false','Send an email to the administrators when a comment is deleted');
INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_locked','false','Lock your gallery temporary for non admin users');
INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_title','Piwigo demonstration site','Title at top of each page and for RSS feed');
INSERT INTO piwigo_config (param,value,comment) VALUES ('gallery_url','http://piwigo.org/demo','URL given in RSS feed');
diff --git a/install/db/81-database.php b/install/db/81-database.php
new file mode 100644
index 000000000..d6a1b1f4e
--- /dev/null
+++ b/install/db/81-database.php
@@ -0,0 +1,50 @@
+
diff --git a/language/fr_FR/admin.lang.php b/language/fr_FR/admin.lang.php
index 6d65ea3b1..62946d784 100644
--- a/language/fr_FR/admin.lang.php
+++ b/language/fr_FR/admin.lang.php
@@ -71,6 +71,10 @@ $lang['Category elements associated to the following categories: %s'] = 'Les él
$lang['Check for upgrade failed for unknown reasons.'] = 'La vérification de la dernière version sur le serveur a échouée pour une raison inconnue.';
$lang['Check for upgrade'] = 'Dernière version ?';
$lang['Comments for all'] = 'Commentaires pour tous';
+$lang['Allow users to edit theirs owns comments'] = 'Autoriser les utilisateurs à modifier leurs propres commentaires';
+$lang['Allow users to delete theirs owns comments'] = 'Autoriser les utilisateurs à supprimer leurs propres commentaires';
+$lang['Email administrators when a comment is modified'] = 'Notifier les administrateurs quand un commentaire est modifié';
+$lang['Email administrators when a comment is deleted'] = 'Notifier les administrateurs quand un commentaire est supprimé';
$lang['Controversy'] = 'Controverse';
$lang['Current name'] = 'Nom courant';
$lang['Database'] = 'Base de données';
diff --git a/language/fr_FR/common.lang.php b/language/fr_FR/common.lang.php
index c22efc447..8273c733a 100644
--- a/language/fr_FR/common.lang.php
+++ b/language/fr_FR/common.lang.php
@@ -160,6 +160,7 @@ $lang['comment_to_validate'] = 'Un administrateur doit valider votre commentaire
$lang['comment_user_exists'] = 'Ce nom d\'utilisateur est déjà pris';
$lang['comments'] = 'Commentaires';
$lang['comments_add'] = 'Ajouter un commentaire';
+$lang['Edit a comment'] = 'Editer un commentaire';
$lang['created after %s (%s)'] = 'créée après le %s (%s)';
$lang['created before %s (%s)'] = 'créée avant le %s (%s)';
$lang['created between %s (%s) and %s (%s)'] = 'créée entre le %s (%s) et le %s (%s)';
diff --git a/picture.php b/picture.php
index fd42536b2..78f3f719f 100644
--- a/picture.php
+++ b/picture.php
@@ -25,6 +25,7 @@ define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
+include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
// Check Access and exit when user status is not ok
check_status(ACCESS_GUEST);
@@ -307,19 +308,34 @@ UPDATE '.CATEGORIES_TABLE.'
);
redirect($url_self);
}
+ case 'edit_comment' :
+ {
+ if (isset($_GET['comment_to_edit'])
+ and is_numeric($_GET['comment_to_edit'])
+ and (is_admin() || $conf['user_can_edit_comment']))
+ {
+ if (!empty($_POST['content']))
+ {
+ update_user_comment(array('comment_id' => $_GET['comment_to_edit'],
+ 'image_id' => $page['image_id'],
+ 'content' => $_POST['content']),
+ $_POST['key']
+ );
+ redirect($url_self);
+ } else {
+ $edit_comment = $_GET['comment_to_edit'];
+ break;
+ }
+ }
+ }
case 'delete_comment' :
{
if (isset($_GET['comment_to_delete'])
and is_numeric($_GET['comment_to_delete'])
- and is_admin() and !is_adviser() )
+ and (is_admin() || $conf['user_can_delete_comment']))
{
- $query = '
-DELETE FROM '.COMMENTS_TABLE.'
- WHERE id = '.$_GET['comment_to_delete'].'
-;';
- pwg_query( $query );
+ delete_user_comment($_GET['comment_to_delete']);
}
-
redirect($url_self);
}
case 'validate_comment' :
@@ -592,7 +608,6 @@ if ( $metadata_showable and pwg_get_session_var('show_metadata') )
}
-
$page['body_id'] = 'thePicturePage';
// allow plugins to change what we computed before passing data to template
@@ -947,7 +962,6 @@ $element_content = trigger_event(
);
$template->assign( 'ELEMENT_CONTENT', $element_content );
-
// +-----------------------------------------------------------------------+
// | sub pages |
// +-----------------------------------------------------------------------+
diff --git a/template/yoga/comment_list.tpl b/template/yoga/comment_list.tpl
index d1ebc2f26..2f453ecde 100644
--- a/template/yoga/comment_list.tpl
+++ b/template/yoga/comment_list.tpl
@@ -2,7 +2,7 @@
{foreach from=$comments item=comment name=comment_loop}
-
-
{if isset($comment.U_DELETE)}-
-
+
![[delete]]({$ROOT_URL}{$themeconf.icon_dir}/delete.png)
{/if}
+ {if isset($comment.U_EDIT) and ($comment.IN_EDIT!=1)}
+ -
+
+
![[edit]]({$ROOT_URL}{$themeconf.icon_dir}/edit.png)
+
+
+ {/if}
{if isset($comment.U_VALIDATE)}
-
@@ -30,12 +37,22 @@
{/if} {$comment.AUTHOR} - {$comment.DATE} + {if ($comment.IN_EDIT==1)} + + + {else} + {/if}-{/if} +