diff options
| author | nikrou <nikrou@piwigo.org> | 2009-06-23 21:18:16 +0000 |
|---|---|---|
| committer | nikrou <nikrou@piwigo.org> | 2009-06-23 21:18:16 +0000 |
| commit | 64c872a83e726ec4d298be479b57dae13fb2c0c6 (patch) | |
| tree | 6478da0a8067f078905038c312767690b440487c /include/functions_comment.inc.php | |
| parent | 1ce50505e4b9a6b533146e70902a7e426fd872a7 (diff) | |
Feature 1026 step 2 :
add author_id column so that guest cannot modify old users comments
git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_comment.inc.php')
| -rw-r--r-- | include/functions_comment.inc.php | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index fb421d39b..9b1d323a1 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -91,6 +91,7 @@ function insert_user_comment( &$comm, $key, &$infos ) { $comm['author'] = 'guest'; } + $comm['author_id'] = $conf['guest_id']; // if a guest try to use the name of an already existing user, he must be // rejected if ( $comm['author'] != 'guest' ) @@ -109,8 +110,10 @@ SELECT COUNT(*) AS user_exists } else { - $comm['author'] = $user['username']; + $comm['author'] = ''; + $comm['author_id'] = $user['id']; } + if ( empty($comm['content']) ) { // empty comment content $comment_action='reject'; @@ -134,7 +137,7 @@ SELECT COUNT(*) AS user_exists $query = ' SELECT id FROM '.COMMENTS_TABLE.' WHERE date > FROM_UNIXTIME('.$reference_date.') - AND author = "'.addslashes($comm['author']).'"'; + AND author_id = '.$comm['author_id']; if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) { array_push( $infos, l10n('comment_anti-flood') ); @@ -151,9 +154,10 @@ SELECT id FROM '.COMMENTS_TABLE.' { $query = ' INSERT INTO '.COMMENTS_TABLE.' - (author, content, date, validated, validation_date, image_id) + (author, author_id, content, date, validated, validation_date, image_id) VALUES ( "'.addslashes($comm['author']).'", + '.$comm['author_id'].', "'.addslashes($comm['content']).'", NOW(), "'.($comment_action=='validate' ? 'true':'false').'", @@ -166,21 +170,25 @@ INSERT INTO '.COMMENTS_TABLE.' $comm['id'] = mysql_insert_id(); - if - ( - ($comment_action=='validate' and $conf['email_admin_on_comment']) - or - ($comment_action!='validate' and $conf['email_admin_on_comment_validation']) - ) + if (($comment_action=='validate' and $conf['email_admin_on_comment']) or + ($comment_action!='validate' + and $conf['email_admin_on_comment_validation'])) { include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); - $del_url = - get_absolute_root_url().'comments.php?delete='.$comm['id']; + $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id']; + if (empty($comm['author'])) + { + $author_name = $user['username']; + } + else + { + $author_name = $comm['author']; + } $keyargs_content = array ( - get_l10n_args('Author: %s', $comm['author']), + get_l10n_args('Author: %s', $author_name), get_l10n_args('Comment: %s', $comm['content']), get_l10n_args('', ''), get_l10n_args('Delete: %s', $del_url) @@ -197,7 +205,7 @@ INSERT INTO '.COMMENTS_TABLE.' pwg_mail_notification_admins ( - get_l10n_args('Comment by %s', $comm['author']), + get_l10n_args('Comment by %s', $author_name), $keyargs_content ); } @@ -218,7 +226,7 @@ function delete_user_comment($comment_id) { $user_where_clause = ''; if (!is_admin()) { - $user_where_clause = ' AND author = \''.$GLOBALS['user']['username'].'\''; + $user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\''; } $query = ' DELETE FROM '.COMMENTS_TABLE.' @@ -264,7 +272,7 @@ function update_user_comment($comment, $post_key) { $query = ' SELECT id FROM '.COMMENTS_TABLE.' WHERE date > FROM_UNIXTIME('.$reference_date.') - AND author = "'.$GLOBALS['user']['username'].'"'; + AND author_id = '.$comm['author_id']; if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) { array_push( $infos, l10n('comment_anti-flood') ); @@ -286,8 +294,8 @@ SELECT id FROM '.COMMENTS_TABLE.' $user_where_clause = ''; if (!is_admin()) { - $user_where_clause = ' AND author = \''. - $GLOBALS['user']['username'].'\''; + $user_where_clause = ' AND author_id = \''. + $GLOBALS['user']['id'].'\''; } $query = ' UPDATE '.COMMENTS_TABLE.' |