diff options
author | z0rglub <z0rglub@piwigo.org> | 2003-09-07 21:33:36 +0000 |
---|---|---|
committer | z0rglub <z0rglub@piwigo.org> | 2003-09-07 21:33:36 +0000 |
commit | 79e9414c0f32309b63638bdb4e05a9cfbaa2d3d1 (patch) | |
tree | 82592d479d9c91a50ae5d9f932148093282cb967 | |
parent | cdfb50b4260c0ef3b1b307b4d45cbf6b75be4b60 (diff) |
- A guest can't take the username of an already existing user
- If a guest post a comment without giving a username, the $lang['guest'] is
displayed
git-svn-id: http://piwigo.org/svn/trunk@78 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | admin/comments.php | 4 | ||||
-rw-r--r-- | picture.php | 98 |
2 files changed, 66 insertions, 36 deletions
diff --git a/admin/comments.php b/admin/comments.php index dc9e584ac..11104be2b 100644 --- a/admin/comments.php +++ b/admin/comments.php @@ -84,7 +84,9 @@ function display_pictures( $mysql_result, $maxtime, $validation_box = false ) while ( $subrow = mysql_fetch_array( $subresult ) ) { $vtp->addSession( $sub, 'comment' ); - $vtp->setVar( $sub, 'comment.author', $subrow['author'] ); + $author = $subrow['author']; + if ( $subrow['author'] == '' ) $author = $lang['guest']; + $vtp->setVar( $sub, 'comment.author', $author ); $displayed_date = format_date( $subrow['date'], 'unix', true ); $vtp->setVar( $sub, 'comment.date', $displayed_date ); $vtp->setVar( $sub, 'comment.content', nl2br( $subrow['content'] ) ); diff --git a/picture.php b/picture.php index 23fbcb23b..56bd461b2 100644 --- a/picture.php +++ b/picture.php @@ -540,46 +540,72 @@ if ( $conf['show_comments'] ) // comment registeration if ( isset( $_POST['content'] ) and $_POST['content'] != '' ) { - $author = $user['username']; - if ( $_POST['author'] != '' ) $author = $_POST['author']; + $register_comment = true; - // anti-flood system - $reference_date = time() - $conf['anti-flood_time']; - $query = 'SELECT id'; - $query.= ' FROM '.PREFIX_TABLE.'comments'; - $query.= ' WHERE date > '.$reference_date; - $query.= " AND author = '".$author."'"; - $query.= ';'; - if ( mysql_num_rows( mysql_query( $query ) ) == 0 - or $conf['anti-flood_time'] == 0 ) + if ( !$user['is_the_guest'] ) $author = $user['username']; + if ( $_POST['author'] != '' ) $author = $_POST['author']; + // if a guest try to use the name of an already existing user, he must + // be rejected + if ( isset( $author ) and $author != $user['username'] ) { - $query = 'INSERT INTO '.PREFIX_TABLE.'comments'; - $query.= ' (author,date,image_id,content,validated) VALUES'; - $query.= " ('".$author."',".time().",".$page['id']; - $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'"; - if ( !$conf['comments_validation'] or $user['status'] == 'admin' ) - $query.= ",'true'"; - else - $query.= ",'false'"; - $query.= ');'; - mysql_query( $query ); - // information message - $vtp->addSession( $handle, 'information' ); - $message = $lang['comment_added']; - if ( $conf['comments_validation'] and $user['status'] != 'admin' ) + $query = 'SELECT COUNT(*) AS user_exists'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= " WHERE username = '".$author."'"; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + if ( $row['user_exists'] == 1 ) { - $message.= '<br />'.$lang['comment_to_validate']; + $vtp->addSession( $handle, 'information' ); + $message = $lang['comment_user_exists']; + $vtp->setVar( $handle, 'information.content', $message ); + $vtp->closeSession( $handle, 'information' ); + $register_comment = false; } - $vtp->setVar( $handle, 'information.content', $message ); - $vtp->closeSession( $handle, 'information' ); } - else + + if ( $register_comment ) { - // information message - $vtp->addSession( $handle, 'information' ); - $message = $lang['comment_anti-flood']; - $vtp->setVar( $handle, 'information.content', $message ); - $vtp->closeSession( $handle, 'information' ); + // anti-flood system + $reference_date = time() - $conf['anti-flood_time']; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'comments'; + $query.= ' WHERE date > '.$reference_date; + $query.= " AND author = '".$author."'"; + $query.= ';'; + if ( mysql_num_rows( mysql_query( $query ) ) == 0 + or $conf['anti-flood_time'] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'comments'; + $query.= ' (author,date,image_id,content,validated) VALUES'; + $query.= ' ('; + if ( !isset( $author ) ) $query.= 'NULL'; + else $query.= "'".$author."'"; + $query.= ','.time().','.$page['id']; + $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'"; + if ( !$conf['comments_validation'] or $user['status'] == 'admin' ) + $query.= ",'true'"; + else + $query.= ",'false'"; + $query.= ');'; + mysql_query( $query ); + // information message + $vtp->addSession( $handle, 'information' ); + $message = $lang['comment_added']; + if ( $conf['comments_validation'] and $user['status'] != 'admin' ) + { + $message.= '<br />'.$lang['comment_to_validate']; + } + $vtp->setVar( $handle, 'information.content', $message ); + $vtp->closeSession( $handle, 'information' ); + } + else + { + // information message + $vtp->addSession( $handle, 'information' ); + $message = $lang['comment_anti-flood']; + $vtp->setVar( $handle, 'information.content', $message ); + $vtp->closeSession( $handle, 'information' ); + } } } // comment deletion @@ -635,7 +661,9 @@ if ( $conf['show_comments'] ) while ( $row = mysql_fetch_array( $result ) ) { $vtp->addSession( $handle, 'comment' ); - $vtp->setVar( $handle, 'comment.author', $row['author'] ); + $author = $row['author']; + if ( $row['author'] == '' ) $author = $lang['guest']; + $vtp->setVar( $handle, 'comment.author', $author ); $vtp->setVar( $handle, 'comment.date', format_date( $row['date'], 'unix', true ) ); $vtp->setVar( $handle, 'comment.content', nl2br( $row['content'] ) ); |