XOOPS RMCommon Utilities  2.1.8.91RC
 All Classes Namespaces Files Functions Variables
post_comment.php
Go to the documentation of this file.
1 <?php
2 // $Id: post_comment.php 902 2012-01-03 07:09:16Z i.bitcero $
3 // --------------------------------------------------------------
4 // Red México Common Utilities
5 // A framework for Red México Modules
6 // Author: Eduardo Cortés <i.bitcero@gmail.com>
7 // Email: i.bitcero@gmail.com
8 // License: GPL 2.0
9 // --------------------------------------------------------------
10 
11 include '../../mainfile.php';
12 
13 $action = rmc_server_var($_REQUEST, 'action', '');
18 $rmc_config = RMFunctions::configs();
19 
20 if (!$rmc_config['enable_comments']){
21  redirect_header(rmc_server_var($_REQUEST, 'comment_url', XOOPS_URL), 1, __('Sorry, comments has been disabled by administrator', 'rmcommon'));
22  die();
23 }
24 
25 if ($action=='save'){
26 
27  if (!$xoopsSecurity->checkReferer()){
28  redirect_header(XOOPS_URL, 2, __('You are not allowed to do this action!', 'rmcommon'));
29  die();
30  }
31 
32  // Check if user is a Registered User
33  if(!$xoopsUser){
34 
35  $name = rmc_server_var($_POST, 'comment_name', '');
36  $email = rmc_server_var($_POST, 'comment_email', '');
37  $url = rmc_server_var($_POST, 'comment_url', '');
38  $xuid = 0;
39 
40  } else {
41 
42  $name = $xoopsUser->getVar('uname');
43  $email = $xoopsUser->getVar('email');
44  $url = $xoopsUser->getVar('url');
45  $xuid = $xoopsUser->uid();
46 
47  }
48 
49  // Check uri
50  $uri = urldecode(rmc_server_var($_POST, 'uri', ''));
51  if (trim($uri)==''){
52  header('loaction: '.XOOPS_URL);
53  die();
54  }
55 
56  if ($name=='' || $email==''){
57  redirect_header($uri, 2, __('You must provide your name and email in order to can post comments','rmcommon'));
58  die();
59  }
60 
61  if (!$xoopsUser && !$rmc_config['anonymous_comments']){
62  redirect_header($uri, 2, __('Sorry, you are not allowed to post comments!', 'rmcommon'));
63  die();
64  }
65 
66  // Check params
67  $params = rmc_server_var($_POST, 'params', '');
68  if (trim($params)==''){
69  redirect_header($uri, 2, __('There are not params to save!','rmcommon'));
70  die();
71  }
72 
73  // Object type
74  $type = rmc_server_var($_POST, 'type', '');
75  if (trim($type)==''){
76  redirect_header($uri, 2, __('Object type missing!','rmcommon'));
77  die();
78  }
79 
80  // Object name
81  $object = strtolower(rmc_server_var($_POST, 'object', ''));
82  if (trim($object)==''){
83  redirect_header($uri, 2, __('Object name missing!','rmcommon'));
84  die();
85  }
86 
87  // Text
88  $text = rmc_server_var($_POST, 'comment_text', '');
89  if (trim($text)==''){
90  redirect_header($uri, 2, __('You must write a message!','rmcommon'));
91  die();
92  }
93 
94  RMEvents::get()->run_event('rmcommon.comment.postdata', $uri);
95 
96  // Save comment user
97  $db = XoopsDatabaseFactory::getDatabaseConnection();
98  if($xoopsUser){
99 
100  $sql = "SELECT id_user FROM ".$db->prefix("rmc_comusers")." WHERE xuid=".$xoopsUser->uid();
101 
102  } else {
103 
104  $sql = "SELECT id_user FROM ".$db->prefix("rmc_comusers")." WHERE email='$email'";
105 
106  }
107 
108  $result = $db->query($sql);
109  list($uid) = $db->fetchRow($result);
110 
111  if ($uid<=0){
112 
113  $db->queryF("INSERT INTO ".$db->prefix("rmc_comusers")." (`xuid`,`name`,`email`,`url`) VALUES ('$xuid','$name','$email','$url')");
114  $uid = $db->getInsertId();
115 
116  } else {
117 
118  $db->queryF("UPDATE ".$db->prefix("rmc_comusers")." SET `name`='$name',`email`='$email',`url`='$url' WHERE id_user='$uid'");
119 
120  }
121 
122  $comment = new RMComment();
123  $comment->setVar('id_obj', $object);
124  $comment->setVar('type', $type);
125  $comment->setVar('parent', isset($parent) ? $parent : 0);
126  $comment->setVar('params', $params);
127  $comment->setVar('content', $text);
128  $comment->setVar('user', $uid);
129  $comment->setVar('ip', $_SERVER['REMOTE_ADDR']);
130  $comment->setVar('posted', time());
131 
132  // Check if comment must be approved
133  if ($xoopsUser && $rmc_config['approve_reg_coms']){
134  $comment->setVar('status', 'approved');
135  } elseif(!$xoopsUser && $rmc_config['approve_anon_coms']){
136  $comment->setVar('status', 'approved');
137  } elseif($xoopsUser && $xoopsUser->isAdmin()){
138  $comment->setVar('status', 'approved');
139  }
140 
141  if (!$comment->save()){
142 
143  redirect_header($uri, 1, __('Comment could not be posted!','rmcommon').'<br />'.$comment->errors());
144 
145  }
146 
147  if ($xoopsUser) $xoopsUser->incrementPost();
148  RMEvents::get()->run_event('rmcommon.comment.saved', $comment, $uri);
149 
150  // Update comments number if object accepts this functionallity
151  if (is_file(XOOPS_ROOT_PATH.'/modules/'.$object.'/class/'.$object.'controller.php')){
152  include_once XOOPS_ROOT_PATH.'/modules/'.$object.'/class/'.$object.'controller.php';
153  $class = ucfirst($object).'Controller';
154  if(class_exists($class)){
155  $controller = new $class();
156  if (method_exists($controller, 'increment_comments_number')){
157  $controller->increment_comments_number($comment);
158  }
159  }
160 
161  }
162 
163  redirect_header($uri.'#comment-'.$comment->id(), 1, __('Comment posted successfully!','rmcommon'));
164 
165 } elseif ($action=='edit') {
166 
167  if (rmc_server_var($_GET, 'ret', '')==''){
168  redirect_header(XOOPS_URL, 2, __('Invalid operation','rmcommon'));
169  die();
170  }
171 
172  // Check if user is allowed to edit this comment
173  if (!$xoopsUser){
174  redirect_header(rmc_server_var($_REQUEST, 'comment_url', XOOPS_URL), 1, __('You are not allowed to edit this comment!', 'rmcommon'));
175  die();
176  }
177 
178  $id = rmc_server_var($_GET, 'id', 0);
179  if ($id<=0){
180  redirect_header(rmc_server_var($_REQUEST, 'ret', XOOPS_URL), 1, __('Please specify a comment', 'rmcommon'));
181  die();
182  }
183 
184  $comment = new RMComment($id);
185  if ($comment->isNew()){
186  redirect_header(rmc_server_var($_REQUEST, 'ret', XOOPS_URL), 1, __('Specified comment does not exist!', 'rmcommon'));
187  die();
188  }
189 
190  // Check if user is owner
191  $editor = new RMCommentUser($comment->getVar('user'));
192  if ($xoopsUser->uid()!=$editor->getVar('xuid') && !$xoopsUser->isAdmin($comment->getVar('id_obj'))){
193  redirect_header(rmc_server_var($_REQUEST, 'ret', XOOPS_URL), 1, __('You are not allowed to edit this comment!', 'rmcommon'));
194  die();
195  }
196 
197  include '../../header.php';
198 
199  $cpath = XOOPS_ROOT_PATH.'/modules/'.$comment->getVar('id_obj').'/class/'.$comment->getVar('id_obj').'controller.php';
200 
201  if(is_file($cpath)){
202  include $cpath;
203  $class = ucfirst($comment->getVar('id_obj')).'Controller';
204  $controller = new $class();
205  }
206 
207  $form = new RMForm(__('Edit Comment', 'rmcommon'), 'editComment', 'post_comment.php');
208  $form->addElement(new RMFormLabel(__('In reply to', 'rmcommon'), $controller ? $controller->get_item($comment->getVar('params'), $comment):''));
209  $form->addElement(new RMFormLabel(__('Posted date','rmcommon'), formatTimestamp($comment->getVar('posted'), 'mysql')));
210  $form->addElement(new RMFormLabel(__('Module','rmcommon'), $comment->getVar('id_obj')));
211 
212  if($xoopsUser->isAdmin()){
213  $user = new RMCommentUser($comment->getVar('user'));
214  $ele = new RMFormUser(__('Poster','rmcommon'), 'user', false, $user->getVar('xuid')>0 ? $user->getVar('xuid') : 0);
215  $form->addElement($ele);
216  }
217 
218  if($xoopsUser->isAdmin($comment->getVAr('id_obj'))){
219  $ele = new RMFormRadio(__('Status','rmcommon'), 'status', 1, 0, 2);
220  $ele->addOption(__('Approved', 'rmcommon'), 'approved', $comment->getVar('status')=='approved'?1:0);
221  $ele->addOption(__('Unapproved', 'rmcommon'), 'waiting', $comment->getVar('status')=='waiting'?1:0);
222  $form->addElement($ele);
223  }
224 
225  $form->addElement(new RMFormTextArea(__('Content','rmcommon'), 'content', null, null, $comment->getVar('content','e'),'100%','150px'), true);
226  $form->addElement(new RMFormHidden('action', 'saveedit'));
227  $ele = new RMFormButtonGroup();
228  $ele->addButton('sbt', __('Update Comment','rmcommon'), 'submit');
229  $ele->addButton('cancel', __('Cancel','rmcommon'), 'button', 'onclick="history.go(-1);"');
230  $form->addElement($ele);
231 
232  $form->addElement(new RMFormHidden('ret', rmc_server_var($_GET, 'ret', XOOPS_URL)));
233  $form->addElement(new RMFormHidden('id', $id));
234 
235  // Event to modify or add new elements to comments form
236  $form = RMEvents::get()->run_event('rmcommon.edit.comment.form', $form);
237 
238  $form->display();
239 
240  include '../../footer.php';
241 
242 } elseif($action=='saveedit'){
243 
244  $ret = rmc_server_var($_POST,'ret','');
245  $id = rmc_server_var($_POST,'id',0);
246  $page = rmc_server_var($_POST, 'page', 1);
247  $filter = rmc_server_var($_POST, 'filter', '');
248  $w = rmc_server_var($_POST, 'w', '1');
249 
250  if ($ret==''){
251  redirect_header(XOOPS_URL, 1, __('Invalid Operation','rmcommon'));
252  die();
253  }
254 
255  // Check if user is allowed to edit this comment
256  if (!$xoopsUser){
257  redirect_header($ret, 1, __('You are not allowed to edit this comment!', 'rmcommon'));
258  die();
259  }
260 
261  if(!$xoopsSecurity->check()){
262  redirect_header($ret, 1, __('You are not allowed to edit this comment!','rmcommon'));
263  die();
264  }
265 
266  if ($id<=0){
267  redirect_header(XOOPS_URL, 1, __('Please specify a comment','rmcommon'));
268  die();
269  }
270 
271  $comment = new RMComment($id);
272  if($comment->isNew()){
273  redirect_header(XOOPS_URL, 1, __('Specified comment does not exist!','rmcommon'));
274  die();
275  }
276 
277  $status = $xoopsUser->isAdmin($comment->getVar('id_obj')) ? rmc_server_var($_POST, 'status', $comment->getVar('status')) : $comment->getVar('status');
278  $status = $status=='approved'?$status:'unapproved';
279 
280  $user = $xoopsUser->isAdmin($comment->getVar('id_obj')) ? rmc_server_var($_POST, 'user', $xoopsUser->getVar('uid')) : $xoopsUser->getVar('uid');
281  $content = rmc_server_var($_POST, 'content', '');
282 
283  if ($content==''){
284  redirect_header('post_comment.php?id='.$id.'&ret='.urlencode($ret).'&action=edit', 2, __('You must provide a text for comment!','rmcommon'));
285  die();
286  }
287 
288  // save basic info in comment object
289  $comment->setVar('content', $content);
290  $comment->setVar('status', $status);
291  // Modify, if neccessary, the user
292  $cuser = new RMCommentUser($comment->getVar('user'));
293  if ($cuser->getVar('xuid')!=$user){
294 
295  if ($user==0){
296  $cuser->setVar('xuid', 0);
297  $cuser->save();
298  } else {
299  $xuser = new XoopsUser($user);
300  $cuser = new RMCommentUser($xuser->getVar('email'));
301  $cuser->setVar('name', $xuser->getVar('uname'));
302  $cuser->setVar('email', $xuser->getVar('email'));
303  $cuser->setVar('xuid', $user);
304  $cuser->setVar('url', $xuser->getVar('url'));
305  $cuser->save();
306  }
307 
308  $comment->setVar('user', $cuser->id());
309 
310  }
311 
312  RMEvents::get()->run_event('rmcommon.comment.saved', $comment, $ret);
313 
314  if ($comment->save()){
315  redirect_header($ret.'#comment-'.$comment->id(), 2, __('Comment updated successfully!','rmcommon'));
316  } else {
317  redirect_header($ret.'#comment-'.$comment->id(), 2, __('Errros ocurrs while trying to update comment!', 'rmcommon'));
318  }
319 
320 }