Location: PHPKode > projects > WB News > base/Comments.php
<?php

/*========================================================*\
||########################################################||
||#                                                      #||
||#     WB News v2.0.0                                   #||
||# ---------------------------------------------------- #||
||#     Copyright (c) 2004-2008                          #||
||#     Created: 30th Dec 2006                           #||
||#     Filename: Comments.php                           #||
||#                                                      #||
||########################################################||
/*========================================================*/

/**
 *  @author $Author: pmcilwaine $
 *	@version $Id: Comments.php,v 1.1.2.6.2.1 2008/07/14 11:02:37 pmcilwaine Exp $
 */

require_once( $config["installdir"] . "/base/News.php" );

class Comments extends News
{

	var $newsid;

	/**
	 * Comments constructor method allows unlimited parameters but only needs one which
	 * needs to be the news id
	 * 
	 * @return void
	 */
	function Comments()
	{
		$this->News();
		$this->newsid = func_num_args() == 2 ? addslashes( func_get_arg(1) ) : addslashes( func_get_arg(0) );
	}

	/**
	 *	Runs DisplayNewsArticle from News.php
	 *	@see News::DisplayNewsArticle
	 */
	function ShowNews()
	{
		return $this->DisplayNewsArticle( $this->newsid );
	}

	/**
	 *
	 */
	function DisplayComments()
	{
		if ( $this->config["systemstatus"] )
		{
			return;
		}
	
		$cond = array();
		$cond[] = "\"newsid\"='" . $this->newsid . "'";
		$cond[] = "\"is_spam\" != '1'";
		$cond = join( " AND ", $cond );

		$fields = array(
			"message",
			"name",
			"postname",
			"timeposted"
			);

		$join["leftjoin"][] = TBL_USERS . " ON " . TBL_COMMENTS . ".\"userid\" = " . TBL_USERS . ".\"userid\"";

		$this->page = isset($_GET["offset"]) ? intval( $_GET["offset"] ) : 0;

		$comments = $this->DB->ListByJoin( TBL_COMMENTS, $fields, $cond, $join, "\"timeposted\" DESC", $this->config["newslimit"], $this->page );
		$this->total_news = $this->DB->CountBy( TBL_COMMENTS, $cond, $join );
		
		if ( $this->total_news == 0 )
		{
			$this->tmpl->SetFilename( BuildPath( "no-comments.ihtml" ) );
			return $this->tmpl->GetHTML();
		}
		
		$this->tmpl->SetFilename( BuildPath( "list-comments.ihtml" ) );
		$rows =& $this->tmpl->AddParam( "rows", array() );

		foreach ( $comments as $comment )
		{
			$rows[] = array(
				"message" => nl2br( htmlspecialchars( filter($comment["message"]) ) ),
				"name" => NULL != $comment["postname"] ? $comment["postname"] : $comment["name"],
				"date" => date( $this->config["dateFormat"], $comment["timeposted"] )
				);
		}

		return $this->tmpl->GetHTML();
	}

	/**
	 *
	 */
	function DisplayCommentForm()
	{
		global $auth, $userinfo;

		if ( $this->config["systemstatus"] )
		{
			return;
		}
	
		if ( !$this->allowComments() || (isset($_SESSION["last_comment_ts"]) && $_SESSION["last_comment_ts"] > time() ))
		{
			return FALSE;
		}
		
		$myform = "comment";
		if ( $_SERVER["REQUEST_METHOD"] == "POST" && $_POST["form"] == $myform )
		{
			
			switch ( Submit() )
			{
			case "Add_Comment":
				
				$err_msg = array();

				$name = sanitize_post( "name" );
				$email = sanitize_post( "email" );
				$message = sanitize_post( "message", "multiline" );

				if ( !$auth->is_logged() )
				{
					if ( NULL == $name )
					{
						$err_msg["name"] = "You must enter a name";
					}
					
					if ( !preg_match( "/^([a-zA-Z0-9])+([.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-]+)+[a-zA-Z0-9_-]$/", $email) )
					{
						$err_msg["email"] = "Invalid email format";
					}
				}
				
				if ( NULL == $message )
				{
					$err_msg["message"] = "You must enter a message";
				}
				
				if ( count($err_msg) > 0 )
				{
					$_SESSION["formdata"] =& $_POST;
					$_SESSION["err_msg"][$myform] = $err_msg;
					break;
				}

				$userid = $auth->is_logged() ? $userinfo["userid"] : NULL;
				$is_spam = $this->IsSpam( $message ) ? 1 : -1;

				$name = $this->DB->escape( $name );
				$email = $this->DB->escape( $email );
				$message = $this->DB->escape( $message );

				$new_id = $this->DB->NewID( SEQ_PREFIX . "seq_comments" );
				$sql = "INSERT INTO " . TBL_COMMENTS . "
					(\"id\",\"newsid\",\"name\",\"email\",\"message\", \"is_spam\", \"timeposted\", \"ipaddress\", \"userid\")
					VALUES( '$new_id', '" . $this->newsid . "', '$name', '$email',
					'$message', '$is_spam', '" . time() . "', '" . $_SERVER["REMOTE_ADDR"] . "', '$userid')";
				$this->DB->query( $sql );

				$_SESSION["last_comment_ts"] = time() + $this->config["floodfilter"];

				/** show comment added **/
				$this->tmpl->SetFilename( BuildPath( "added-comment.ihtml" ) );
				$this->tmpl->AddParam( "view_link", make_url_html() );
				return $this->tmpl->GetHTML();
			}
		}

		$template = $auth->is_logged() ? BuildPath( "add-comment-user.ihtml" ) : BuildPath( "add-comment.ihtml" );
		$this->tmpl->SetFilename( $template );

		$formdata =& $this->tmpl->AddParam( "formdata", array() );
		$this->tmpl->AddParam( "action", make_url_html() );

		$formdata["hidden"] = array(
			"form" => $myform
			);
		$formdata["name"] = NULL;
		$formdata["email"] = NULL;
		$formdata["message"] = NULL;

		if ( $auth->is_logged() )
		{
			$this->tmpl->AddParam( "username", htmlspecialchars( $userinfo["username"] ) );
		}

		$this->tmpl->AddParam( "buttons", "Add Comment" );
		
		if ( isset($_SESSION["formdata"]) )
		{
			if ( isset($_SESSION["err_msg"][$myform]) )
			{
				$this->tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
			}

			$formdata["name"] = sanitize_post_html( "name", NULL, $_SESSION["formdata"] );
			$formdata["email"] = sanitize_post_html( "email", NULL, $_SESSION["formdata"] );
			$formdata["message"] = sanitize_post_html( "message", "multiline", $_SESSION["formdata"] );

			unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
		}
		
		return $this->tmpl->GetHTML();
	}

	/**
	 *	Checks if a message contains spam
	 *	
	 *	@access private
	 *	@param string $msg 
	 *	@return boolean
	 */
	function IsSpam( $msg )
	{
		$words = explode( " ", $this->config["spamfilter"] );
		if ( "" == $this->config["spamfilter"] )
		{
			return FALSE;
		}
		
		foreach ( $words as $word )
		{
			if ( preg_match( "/$word/i", $msg ) )
			{
				return TRUE;
			}
		}

		return FALSE;
	}

	/**
	 * This method checks if the news article allows comments and if the user
	 * has been banned (IP Banning)
	 * 
	 * @since 1.0
	 */
	function allowComments()
	{
		global $auth;
		
		$cond = array();
		$cond[] = "\"id\"='" . $this->newsid . "'";
		if ( !$auth->is_logged() || !$auth->has_perm( "cancomment" ) )
		{
			$cond[] = "\"allowcomments\"='1'";
		}
		else
		{
			$cond[] = "(\"allowcomments\"='1' OR \"comments_logged_user\"='1')";
		}
		$cond = join( " AND ", $cond );

		$this->DB->query( "SELECT \"id\" FROM " . TBL_NEWS . " WHERE $cond" );
		if ( !$this->DB->next_record() )
		{
			return FALSE;
		}

		if ( in_array( $_SERVER["REMOTE_ADDR"], explode( " ", $this->config["ipban"] ) ) )
		{
			return FALSE;
		}

		return TRUE;
	}
	
	/**
	 * deprecated methods below
	 */
	
	/**
	 * @since 1.0
	 * @deprecated since version 2.0
	 */
	function viewComments()
	{
		return $this->DisplayComments();
	}
	
	/**
	 * @since 1.0
	 * @deprecated since version 2.0
	 */
	function displayForm()
	{
		return $this->DisplayCommentForm();
	}

}

return;

?>
Return current item: WB News