diff options
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 19 | ||||
-rw-r--r-- | include/functions_comment.inc.php | 41 | ||||
-rw-r--r-- | include/functions_user.inc.php | 14 | ||||
-rw-r--r-- | include/picture_comment.inc.php | 52 |
4 files changed, 87 insertions, 39 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index f94aad480..0be5ec9ef 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1725,4 +1725,23 @@ function url_check_format($url) return (bool)preg_match('@^https?://(-\.)?([^\s/?\.#-]+\.?)+(/[^\s]*)?$@iS', $url); } } + +/** + * check email format + */ +function email_check_format($mail_address) +{ + if (version_compare(PHP_VERSION, '5.2.0') >= 0) + { + return filter_var($mail_address, FILTER_VALIDATE_EMAIL)!==false; + } + else + { + $atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]'; // before arobase + $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name + $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i'; + + return (bool)preg_match($regex, $mail_address); + } +} ?>
\ No newline at end of file diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index e812a1c6f..67716216c 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -91,6 +91,11 @@ function insert_user_comment( &$comm, $key, &$infos ) { if ( empty($comm['author']) ) { + if ($conf['comments_author_mandatory']) + { + array_push($infos, l10n('Username is mandatory') ); + $comment_action='reject'; + } $comm['author'] = 'guest'; } $comm['author_id'] = $conf['guest_id']; @@ -128,13 +133,35 @@ SELECT COUNT(*) AS user_exists } // website - if ( !empty($comm['website_url']) and !preg_match('/^https?/i', $comm['website_url']) ) + if (!empty($comm['website_url'])) + { + if (!preg_match('/^https?/i', $comm['website_url'])) + { + $comm['website_url'] = 'http://'.$comm['website_url']; + } + if (!url_check_format($comm['website_url'])) + { + array_push($infos, l10n('Your website URL is invalid')); + $comment_action='reject'; + } + } + + // email + if (empty($comm['email'])) { - $comm['website_url'] = 'http://'.$comm['website_url']; + if (!empty($user['email'])) + { + $comm['email'] = $user['email']; + } + else if ($conf['comments_email_mandatory']) + { + array_push($infos, l10n('Email address is missing. Please specify an email address.') ); + $comment_action='reject'; + } } - if ( !empty($comm['website_url']) and !url_check_format($comm['website_url']) ) + else if (!email_check_format($comm['email'])) { - array_push($infos, l10n('Your website URL is invalid')); + array_push($infos, l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)')); $comment_action='reject'; } @@ -179,7 +206,7 @@ SELECT count(1) FROM '.COMMENTS_TABLE.' { $query = ' INSERT INTO '.COMMENTS_TABLE.' - (author, author_id, anonymous_id, content, date, validated, validation_date, image_id, website_url) + (author, author_id, anonymous_id, content, date, validated, validation_date, image_id, website_url, email) VALUES ( \''.$comm['author'].'\', '.$comm['author_id'].', @@ -189,7 +216,8 @@ INSERT INTO '.COMMENTS_TABLE.' \''.($comment_action=='validate' ? 'true':'false').'\', '.($comment_action=='validate' ? 'NOW()':'NULL').', '.$comm['image_id'].', - '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').' + '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').', + '.(!empty($comm['email']) ? '\''.$comm['email'].'\'' : 'NULL').' ) '; @@ -207,6 +235,7 @@ INSERT INTO '.COMMENTS_TABLE.' $keyargs_content = array ( get_l10n_args('Author: %s', stripslashes($comm['author']) ), + get_l10n_args('Email: %s', stripslashes($comm['email']) ), get_l10n_args('Comment: %s', stripslashes($comm['content']) ), get_l10n_args('', ''), get_l10n_args('Manage this user comment: %s', $comment_url) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index f0006a55e..e6bbe57f8 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -41,11 +41,7 @@ function validate_mail_address($user_id, $mail_address) return ''; } - $atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]'; // before arobase - $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name - $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i'; - - if ( !preg_match( $regex, $mail_address ) ) + if ( !email_check_format($mail_address) ) { return l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'); } @@ -53,10 +49,10 @@ function validate_mail_address($user_id, $mail_address) if (defined("PHPWG_INSTALLED") and !empty($mail_address)) { $query = ' -select count(*) -from '.USERS_TABLE.' -where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\') -'.(is_numeric($user_id) ? 'and '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').' +SELECT count(*) +FROM '.USERS_TABLE.' +WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\') +'.(is_numeric($user_id) ? 'AND '.$conf['user_fields']['id'].' != \''.$user_id.'\'' : '').' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); if ($count != 0) diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index 631f85596..5d007d4ea 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -49,12 +49,13 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) 'author' => trim( @$_POST['author'] ), 'content' => trim( $_POST['content'] ), 'website_url' => trim( $_POST['website_url'] ), + 'email' => trim( @$_POST['email'] ), 'image_id' => $page['image_id'], ); include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); - $comment_action = insert_user_comment($comm, @$_POST['key'], $page['infos']); + $comment_action = insert_user_comment($comm, @$_POST['key'], $page['errors']); switch ($comment_action) { @@ -143,10 +144,11 @@ SELECT com.id, author, author_id, - '.$conf['user_fields']['username'].' AS username, + u.'.$conf['user_fields']['email'].' AS user_email, date, image_id, website_url, + com.email, content, validated FROM '.COMMENTS_TABLE.' AS com @@ -161,23 +163,25 @@ SELECT while ($row = pwg_db_fetch_assoc($result)) { - if (!empty($row['author'])) + if ($row['author'] == 'guest') { - $author = $row['author']; - if ($author == 'guest') - { - $author = l10n('guest'); - } + $row['author'] = l10n('guest'); } - else + + $email = null; + if (!empty($row['user_email'])) { - $author = stripslashes($row['username']); + $email = $row['user_email']; + } + else if (!empty($row['email'])) + { + $email = $row['email']; } $tpl_comment = array( 'ID' => $row['id'], - 'AUTHOR' => trigger_event('render_comment_author', $author), + 'AUTHOR' => trigger_event('render_comment_author', $row['author']), 'DATE' => format_date($row['date'], true), 'CONTENT' => trigger_event('render_comment_content',$row['content']), 'WEBSITE_URL' => $row['website_url'], @@ -215,6 +219,8 @@ SELECT } if (is_admin()) { + $tpl_comment['EMAIL'] = $email; + if ($row['validated'] != 'true') { $tpl_comment['U_VALIDATE'] = add_url_params( @@ -244,21 +250,19 @@ SELECT if ($show_add_comment_form) { $key = get_ephemeral_key(3, $page['image_id']); - $content = $author = $website_url = ''; - if ('reject'===@$comment_action) - { - $content = htmlspecialchars( stripslashes($comm['content']) ); - $author = htmlspecialchars( stripslashes($comm['author']) ); - $website_url = htmlspecialchars( stripslashes($comm['website_url']) ); - } + $template->assign('comment_add', array( - 'F_ACTION' => $url_self, - 'KEY' => $key, - 'CONTENT' => $content, - 'SHOW_AUTHOR' => !is_classic_user(), - 'AUTHOR' => $author , - 'WEBSITE_URL' => $website_url, + 'F_ACTION' => $url_self, + 'KEY' => $key, + 'CONTENT' => stripslashes(@$_POST['content']), + 'SHOW_AUTHOR' => !is_classic_user(), + 'AUTHOR_MANDATORY' => $conf['comments_author_mandatory'], + 'AUTHOR' => stripslashes(@$_POST['author']), + 'WEBSITE_URL' => stripslashes(@$_POST['website_url']), + 'SHOW_EMAIL' => !is_classic_user() or empty($user['email']), + 'EMAIL_MANDATORY' => $conf['comments_email_mandatory'], + 'EMAIL' => stripslashes(@$_POST['email']), )); } } |