aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2009-06-23 21:18:16 +0000
committernikrou <nikrou@piwigo.org>2009-06-23 21:18:16 +0000
commit64c872a83e726ec4d298be479b57dae13fb2c0c6 (patch)
tree6478da0a8067f078905038c312767690b440487c /include
parent1ce50505e4b9a6b533146e70902a7e426fd872a7 (diff)
Feature 1026 step 2 :
add author_id column so that guest cannot modify old users comments git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r--include/functions_comment.inc.php42
-rw-r--r--include/functions_user.inc.php5
-rw-r--r--include/picture_comment.inc.php28
3 files changed, 48 insertions, 27 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index fb421d39b..9b1d323a1 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -91,6 +91,7 @@ function insert_user_comment( &$comm, $key, &$infos )
{
$comm['author'] = 'guest';
}
+ $comm['author_id'] = $conf['guest_id'];
// if a guest try to use the name of an already existing user, he must be
// rejected
if ( $comm['author'] != 'guest' )
@@ -109,8 +110,10 @@ SELECT COUNT(*) AS user_exists
}
else
{
- $comm['author'] = $user['username'];
+ $comm['author'] = '';
+ $comm['author_id'] = $user['id'];
}
+
if ( empty($comm['content']) )
{ // empty comment content
$comment_action='reject';
@@ -134,7 +137,7 @@ SELECT COUNT(*) AS user_exists
$query = '
SELECT id FROM '.COMMENTS_TABLE.'
WHERE date > FROM_UNIXTIME('.$reference_date.')
- AND author = "'.addslashes($comm['author']).'"';
+ AND author_id = '.$comm['author_id'];
if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
{
array_push( $infos, l10n('comment_anti-flood') );
@@ -151,9 +154,10 @@ SELECT id FROM '.COMMENTS_TABLE.'
{
$query = '
INSERT INTO '.COMMENTS_TABLE.'
- (author, content, date, validated, validation_date, image_id)
+ (author, author_id, content, date, validated, validation_date, image_id)
VALUES (
"'.addslashes($comm['author']).'",
+ '.$comm['author_id'].',
"'.addslashes($comm['content']).'",
NOW(),
"'.($comment_action=='validate' ? 'true':'false').'",
@@ -166,21 +170,25 @@ INSERT INTO '.COMMENTS_TABLE.'
$comm['id'] = mysql_insert_id();
- if
- (
- ($comment_action=='validate' and $conf['email_admin_on_comment'])
- or
- ($comment_action!='validate' and $conf['email_admin_on_comment_validation'])
- )
+ if (($comment_action=='validate' and $conf['email_admin_on_comment']) or
+ ($comment_action!='validate'
+ and $conf['email_admin_on_comment_validation']))
{
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
- $del_url =
- get_absolute_root_url().'comments.php?delete='.$comm['id'];
+ $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
+ if (empty($comm['author']))
+ {
+ $author_name = $user['username'];
+ }
+ else
+ {
+ $author_name = $comm['author'];
+ }
$keyargs_content = array
(
- get_l10n_args('Author: %s', $comm['author']),
+ get_l10n_args('Author: %s', $author_name),
get_l10n_args('Comment: %s', $comm['content']),
get_l10n_args('', ''),
get_l10n_args('Delete: %s', $del_url)
@@ -197,7 +205,7 @@ INSERT INTO '.COMMENTS_TABLE.'
pwg_mail_notification_admins
(
- get_l10n_args('Comment by %s', $comm['author']),
+ get_l10n_args('Comment by %s', $author_name),
$keyargs_content
);
}
@@ -218,7 +226,7 @@ function delete_user_comment($comment_id) {
$user_where_clause = '';
if (!is_admin())
{
- $user_where_clause = ' AND author = \''.$GLOBALS['user']['username'].'\'';
+ $user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
}
$query = '
DELETE FROM '.COMMENTS_TABLE.'
@@ -264,7 +272,7 @@ function update_user_comment($comment, $post_key) {
$query = '
SELECT id FROM '.COMMENTS_TABLE.'
WHERE date > FROM_UNIXTIME('.$reference_date.')
- AND author = "'.$GLOBALS['user']['username'].'"';
+ AND author_id = '.$comm['author_id'];
if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
{
array_push( $infos, l10n('comment_anti-flood') );
@@ -286,8 +294,8 @@ SELECT id FROM '.COMMENTS_TABLE.'
$user_where_clause = '';
if (!is_admin())
{
- $user_where_clause = ' AND author = \''.
- $GLOBALS['user']['username'].'\'';
+ $user_where_clause = ' AND author_id = \''.
+ $GLOBALS['user']['id'].'\'';
}
$query = '
UPDATE '.COMMENTS_TABLE.'
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index d7aa81f24..02c1e7e13 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1202,13 +1202,14 @@ function is_adviser()
* @param action edit/delete
* @return bool
*/
-function can_manage_comment($action, $comment_author)
+function can_manage_comment($action, $comment_author_id)
{
if (!in_array($action, array('delete','edit'))) {
return false;
}
return (is_admin() ||
- (($GLOBALS['user']['username'] == $comment_author)
+ (($GLOBALS['user']['id'] == $comment_author_id)
+ && !is_a_guest()
&& $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
}
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 1e30fa2d9..8845ee47a 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -128,8 +128,10 @@ SELECT COUNT(*) AS nb_comments
}
$query = '
-SELECT id,author,date,image_id,content,validated
- FROM '.COMMENTS_TABLE.'
+SELECT com.id,author,author_id,username,date,image_id,content,validated
+ FROM '.COMMENTS_TABLE.' AS com
+ LEFT JOIN '.USERS_TABLE.' AS u
+ ON u.id = author_id
WHERE image_id = '.$page['image_id'].
$validated_clause.'
ORDER BY date ASC
@@ -139,19 +141,29 @@ $validated_clause.'
while ($row = mysql_fetch_array($result))
{
+ if (!empty($row['author']))
+ {
+ $author = $row['author'];
+ if ($author == 'guest')
+ {
+ $author = l10n('guest');
+ }
+ }
+ else
+ {
+ $author = $row['username'];
+ }
+
$tpl_comment =
array(
- 'AUTHOR' => trigger_event('render_comment_author',
- empty($row['author'])
- ? l10n('guest')
- : $row['author']),
+ 'AUTHOR' => trigger_event('render_comment_author', $author),
'DATE' => format_date( $row['date'], true),
'CONTENT' => trigger_event('render_comment_content',$row['content']),
);
- if (can_manage_comment('delete', $row['author']))
+ if (can_manage_comment('delete', $row['author_id']))
{
$tpl_comment['U_DELETE'] =
add_url_params($url_self,
@@ -161,7 +173,7 @@ $validated_clause.'
)
);
}
- if (can_manage_comment('edit', $row['author']))
+ if (can_manage_comment('edit', $row['author_id']))
{
$tpl_comment['U_EDIT'] =
add_url_params($url_self,