XCL Web Application Platform 2.5.0
The XoopsCube Legacy Project
Loading...
Searching...
No Matches
comment_post.php
1<?php
13
14if (!defined('XOOPS_ROOT_PATH') || !is_object($xoopsModule)) {
15 exit();
16}
17
18$t_root =& XCube_Root::getSingleton();
19$t_root->mLanguageManager->loadPageTypeMessageCatalog('comment');
20
21include_once XOOPS_ROOT_PATH.'/include/comment_constants.php';
22
23$com_id = isset($_POST['com_id']) ? (int)$_POST['com_id'] : 0;
24
25$extra_params = '';
26if ('system' == $xoopsModule->getVar('dirname')) {
27 if (empty($com_id)) {
28 exit();
29 }
30 $comment_handler =& xoops_gethandler('comment');
31 $comment =& $comment_handler->get($com_id);
32 $module_handler =& xoops_gethandler('module');
33 $module =& $module_handler->get($comment->getVar('com_modid'));
34 $comment_config = $module->getInfo('comments');
35 $com_modid = $module->getVar('mid');
36 $redirect_page = XOOPS_URL.'/modules/system/admin.php?fct=comments&amp;com_modid='.$com_modid.'&amp;com_itemid';
37 $moddir = $module->getVar('dirname');
38 unset($comment);
39} else {
40 if (XOOPS_COMMENT_APPROVENONE == $xoopsModuleConfig['com_rule']) {
41 exit();
42 }
43 $comment_config = $xoopsModule->getInfo('comments');
44 $com_modid = $xoopsModule->getVar('mid');
45 $redirect_page = $comment_config['pageName'].'?';
46 if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
47 $myts =& MyTextSanitizer::sGetInstance();
48 foreach ($comment_config['extraParams'] as $extra_param) {
49 $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.$myts->stripSlashesGPC($_POST[$extra_param]).'&amp;' : $extra_param.'=&amp;';
50 }
51 $redirect_page .= $extra_params;
52 }
53 $redirect_page .= $comment_config['itemName'];
54 $comment_url = $redirect_page;
55 $moddir = $xoopsModule->getVar('dirname');
56}
57
58$op = '';
59if (!empty($_POST)) {
60 if (isset($_POST['com_dopost'])) {
61 $op = 'post';
62 } elseif (isset($_POST['com_dopreview'])) {
63 $op = 'preview';
64 }
65 if (isset($_POST['com_dodelete'])) {
66 $op = 'delete';
67 }
68
69 $com_mode = isset($_POST['com_mode']) ? htmlspecialchars(trim($_POST['com_mode']), ENT_QUOTES) : 'flat';
70 $com_order = isset($_POST['com_order']) ? (int)$_POST['com_order'] : XOOPS_COMMENT_OLD1ST;
71 $com_itemid = isset($_POST['com_itemid']) ? (int)$_POST['com_itemid'] : 0;
72 $com_pid = isset($_POST['com_pid']) ? (int)$_POST['com_pid'] : 0;
73 $com_rootid = isset($_POST['com_rootid']) ? (int)$_POST['com_rootid'] : 0;
74 $com_status = isset($_POST['com_status']) ? (int)$_POST['com_status'] : 0;
75 $dosmiley = (isset($_POST['dosmiley']) && (int)$_POST['dosmiley'] > 0) ? 1 : 0;
76 $doxcode = (isset($_POST['doxcode']) && (int)$_POST['doxcode'] > 0) ? 1 : 0;
77 $dobr = (isset($_POST['dobr']) && (int)$_POST['dobr'] > 0) ? 1 : 0;
78 $dohtml = (isset($_POST['dohtml']) && (int)$_POST['dohtml'] > 0) ? 1 : 0;
79 $doimage = (isset($_POST['doimage']) && (int)$_POST['doimage'] > 0) ? 1 : 0;
80 $com_icon = isset($_POST['com_icon']) ? trim($_POST['com_icon']) : '';
81 $noname = isset($_POST['noname']) ? (int)$_POST['noname'] : 0;
82 } else {
83 exit();
84 }
85
86switch ($op) {
87
88case 'delete':
89 include XOOPS_ROOT_PATH.'/include/comment_delete.php';
90 break;
91case 'preview':
92 $myts =& MyTextSanitizer::sGetInstance();
93 $doimage = 1;
94 $com_title = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_title']));
95 if (0 != $dohtml) {
96 if (is_object($xoopsUser)) {
97 if (!$xoopsUser->isAdmin($com_modid)) {
98 $sysperm_handler =& xoops_gethandler('groupperm');
99 if (!$sysperm_handler->checkRight('system_admin', LEGACY_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
100 $dohtml = 0;
101 }
102 }
103 } else {
104 $dohtml = 0;
105 }
106 }
107 $p_comment =& $myts->previewTarea($_POST['com_text'], $dohtml, $dosmiley, $doxcode, $doimage, $dobr);
108 $com_text = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_text']));
109 if ('system' !== $xoopsModule->getVar('dirname')) {
110 include XOOPS_ROOT_PATH.'/header.php';
111 themecenterposts($com_title, $p_comment);
112 include XOOPS_ROOT_PATH.'/include/comment_form.php';
113 include XOOPS_ROOT_PATH.'/footer.php';
114 } else {
115 xoops_cp_header();
116 themecenterposts($com_title, $p_comment);
117 include XOOPS_ROOT_PATH.'/include/comment_form.php';
118 xoops_cp_footer();
119 }
120 break;
121case 'post':
122 $doimage = 1;
123 $comment_handler =& xoops_gethandler('comment');
124 $add_userpost = false;
125 $call_approvefunc = false;
126 $call_updatefunc = false;
127 // RMV-NOTIFY - this can be set to 'comment' or 'comment_submit'
128 $notify_event = false;
129 if (!empty($com_id)) {
130 $comment =& $comment_handler->get($com_id);
131 $accesserror = false;
132
133 if (is_object($xoopsUser)) {
134 $sysperm_handler =& xoops_gethandler('groupperm');
135 if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', LEGACY_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
136 if (!empty($com_status) && XOOPS_COMMENT_PENDING != $com_status) {
137 $old_com_status = $comment->getVar('com_status');
138 $comment->setVar('com_status', $com_status);
139 // if changing status from pending state, increment user post
140 if (XOOPS_COMMENT_PENDING == $old_com_status) {
141 $add_userpost = true;
142 if (XOOPS_COMMENT_ACTIVE == $com_status) {
143 $call_updatefunc = true;
144 $call_approvefunc = true;
145 // RMV-NOTIFY
146 $notify_event = 'comment';
147 }
148 } elseif (XOOPS_COMMENT_HIDDEN == $old_com_status && XOOPS_COMMENT_ACTIVE == $com_status) {
149 $call_updatefunc = true;
150 // Comments can not be directly posted hidden,
151 // no need to send notification here
152 } elseif (XOOPS_COMMENT_ACTIVE == $old_com_status && XOOPS_COMMENT_HIDDEN == $com_status) {
153 $call_updatefunc = true;
154 }
155 }
156 } else {
157 $dohtml = 0;
158 if ($comment->getVar('com_uid') !== $xoopsUser->getVar('uid')) {
159 $accesserror = true;
160 }
161 }
162 } else {
163 $dohtml = 0;
164 $accesserror = true;
165 }
166 if (false !== $accesserror) {
167 redirect_header($redirect_page.'='.$com_itemid.'&amp;com_id='.$com_id.'&amp;com_mode='.$com_mode.'&amp;com_order='.$com_order, 1, _NOPERM);
168 exit();
169 }
170 } else {
171 $comment = $comment_handler->create();
172 $comment->setVar('com_created', time());
173 $comment->setVar('com_pid', $com_pid);
174 $comment->setVar('com_itemid', $com_itemid);
175 $comment->setVar('com_rootid', $com_rootid);
176 $comment->setVar('com_ip', xoops_getenv('REMOTE_ADDR'));
177 if (is_object($xoopsUser)) {
178 $sysperm_handler =& xoops_gethandler('groupperm');
179 if ($xoopsUser->isAdmin($com_modid) || $sysperm_handler->checkRight('system_admin', LEGACY_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
180 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
181 $add_userpost = true;
182 $call_approvefunc = true;
183 $call_updatefunc = true;
184 // RMV-NOTIFY
185 $notify_event = 'comment';
186 } else {
187 $dohtml = 0;
188 switch ($xoopsModuleConfig['com_rule']) {
189 case XOOPS_COMMENT_APPROVEALL:
190 case XOOPS_COMMENT_APPROVEUSER:
191 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
192 $add_userpost = true;
193 $call_approvefunc = true;
194 $call_updatefunc = true;
195 // RMV-NOTIFY
196 $notify_event = 'comment';
197 break;
198 case XOOPS_COMMENT_APPROVEADMIN:
199 default:
200 $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
201 $notify_event = 'comment_submit';
202 break;
203 }
204 }
205 if (!empty($xoopsModuleConfig['com_anonpost']) && !empty($noname)) {
206 $uid = 0;
207 } else {
208 $uid = $xoopsUser->getVar('uid');
209 }
210 } else {
211 $dohtml = 0;
212 $uid = 0;
213 if (1 !== $xoopsModuleConfig['com_anonpost']) {
214 redirect_header($redirect_page.'='.$com_itemid.'&amp;com_id='.$com_id.'&amp;com_mode='.$com_mode.'&amp;com_order='.$com_order, 1, _NOPERM);
215 exit();
216 }
217 }
218 if (0 == $uid) {
219 switch ($xoopsModuleConfig['com_rule']) {
220 case XOOPS_COMMENT_APPROVEALL:
221 $comment->setVar('com_status', XOOPS_COMMENT_ACTIVE);
222 $add_userpost = true;
223 $call_approvefunc = true;
224 $call_updatefunc = true;
225 // RMV-NOTIFY
226 $notify_event = 'comment';
227 break;
228 case XOOPS_COMMENT_APPROVEADMIN:
229 case XOOPS_COMMENT_APPROVEUSER:
230 default:
231 $comment->setVar('com_status', XOOPS_COMMENT_PENDING);
232 // RMV-NOTIFY
233 $notify_event = 'comment_submit';
234 break;
235 }
236 }
237 $comment->setVar('com_uid', $uid);
238 }
239 $com_title = xoops_trim($_POST['com_title']);
240 $com_title = ('' == $com_title) ? _NOTITLE : $com_title;
241 $comment->setVar('com_title', $com_title);
242 $comment->setVar('com_text', $_POST['com_text']);
243 $comment->setVar('dohtml', $dohtml);
244 $comment->setVar('dosmiley', $dosmiley);
245 $comment->setVar('doxcode', $doxcode);
246 $comment->setVar('doimage', $doimage);
247 $comment->setVar('dobr', $dobr);
248 $comment->setVar('com_icon', $com_icon);
249 $comment->setVar('com_modified', time());
250 $comment->setVar('com_modid', $com_modid);
251 if (!empty($extra_params)) {
252 $comment->setVar('com_exparams', str_replace('&amp;', '&', $extra_params));
253 }
254 if (false !== $comment_handler->insert($comment)) {
255 $newcid = $comment->getVar('com_id');
256
257 // set own id as root id if this is a top comment
258 if (0 == $com_rootid) {
259 $com_rootid = $newcid;
260 if (!$comment_handler->updateByField($comment, 'com_rootid', $com_rootid)) {
261 $comment_handler->delete($comment);
262 include XOOPS_ROOT_PATH.'/header.php';
263 xoops_error();
264 include XOOPS_ROOT_PATH.'/footer.php';
265 }
266 }
267
268 // call custom approve function if any
269 if (false !== $call_approvefunc && isset($comment_config['callback']['approve']) && '' !== trim($comment_config['callback']['approve'])) {
270 $skip = false;
271 if (!function_exists($comment_config['callback']['approve'])) {
272 if (isset($comment_config['callbackFile'])) {
273 $callbackfile = trim($comment_config['callbackFile']);
274 if ('' != $callbackfile && file_exists(XOOPS_ROOT_PATH . '/modules/' . $moddir . '/' . $callbackfile)) {
275 include_once XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile;
276 }
277 if (!function_exists($comment_config['callback']['approve'])) {
278 $skip = true;
279 }
280 } else {
281 $skip = true;
282 }
283 }
284 if (!$skip) {
285 $comment_config['callback']['approve']($comment);
286 }
287 }
288
289 // call custom update function if any
290 if (false !== $call_updatefunc && isset($comment_config['callback']['update']) && '' != trim($comment_config['callback']['update'])) {
291 $skip = false;
292 if (!function_exists($comment_config['callback']['update'])) {
293 if (isset($comment_config['callbackFile'])) {
294 $callbackfile = trim($comment_config['callbackFile']);
295 if ('' !== $callbackfile && file_exists(XOOPS_ROOT_PATH . '/modules/' . $moddir . '/' . $callbackfile)) {
296 include_once XOOPS_ROOT_PATH.'/modules/'.$moddir.'/'.$callbackfile;
297 }
298 if (!function_exists($comment_config['callback']['update'])) {
299 $skip = true;
300 }
301 } else {
302 $skip = true;
303 }
304 }
305 if (!$skip) {
306 $criteria = new CriteriaCompo(new Criteria('com_modid', $com_modid));
307 $criteria->add(new Criteria('com_itemid', $com_itemid));
308 $criteria->add(new Criteria('com_status', XOOPS_COMMENT_ACTIVE));
309 $comment_count = $comment_handler->getCount($criteria);
310 $func = $comment_config['callback']['update'];
311 call_user_func_array($func, [$com_itemid, $comment_count, $comment->getVar('com_id')]);
312 }
313 }
314
315 // increment user post if needed
316 $uid = $comment->getVar('com_uid');
317 if ($uid > 0 && false !== $add_userpost) {
318 $member_handler =& xoops_gethandler('member');
319 $poster =& $member_handler->getUser($uid);
320 if (is_object($poster)) {
321 $member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1);
322 }
323 }
324
325 // RMV-NOTIFY
326 // trigger notification event if necessary
327 if ($notify_event) {
328 $not_modid = $com_modid;
329 include_once XOOPS_ROOT_PATH . '/include/notification_functions.php';
330 $not_catinfo =& notificationCommentCategoryInfo($not_modid);
331 $not_category = $not_catinfo['name'];
332 $not_itemid = $com_itemid;
333 $not_event = $notify_event;
334 // Build an ABSOLUTE URL to view the comment. Make sure we
335 // point to a viewable page (i.e. not the system administration
336 // module).
337 $comment_tags = [];
338 if ('system' == $xoopsModule->getVar('dirname')) {
339 $module_handler =& xoops_gethandler('module');
340 $not_module =& $module_handler->get($not_modid);
341 } else {
342 $not_module =& $xoopsModule;
343 }
344 if (!isset($comment_url)) {
345 $com_config =& $not_module->getInfo('comments');
346 $comment_url = $com_config['pageName'] . '?';
347 if (isset($com_config['extraParams']) && is_array($com_config['extraParams'])) {
348 $extra_params = '';
349 foreach ($com_config['extraParams'] as $extra_param) {
350 $extra_params .= isset($_POST[$extra_param]) ? $extra_param.'='.$_POST[$extra_param].'&amp;' : $extra_param.'=&amp;';
351 //$extra_params .= isset($_GET[$extra_param]) ? $extra_param.'='.$_GET[$extra_param].'&amp;' : $extra_param.'=&amp;';
352 }
353 $comment_url .= $extra_params;
354 }
355 $comment_url .= $com_config['itemName'];
356 }
357 $comment_tags['X_COMMENT_URL'] = XOOPS_URL . '/modules/' . $not_module->getVar('dirname') . '/' .$comment_url . '=' . $com_itemid.'&amp;com_id='.$newcid.'&amp;com_rootid='.$com_rootid.'&amp;com_mode='.$com_mode.'&amp;com_order='.$com_order.'#comment'.$newcid;
358 $notification_handler =& xoops_gethandler('notification');
359 $notification_handler->triggerEvent($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid);
360 }
361
362 if (!isset($comment_post_results)) {
363
364 // if the comment is active, redirect to posted comment
365 if (XOOPS_COMMENT_ACTIVE == $comment->getVar('com_status')) {
366 redirect_header($redirect_page.'='.$com_itemid.'&amp;com_id='.$newcid.'&amp;com_rootid='.$com_rootid.'&amp;com_mode='.$com_mode.'&amp;com_order='.$com_order.'#comment'.$newcid, 2, _CM_THANKSPOST);
367 } else {
368 // not active, so redirect to top comment page
369 redirect_header($redirect_page.'='.$com_itemid.'&amp;com_mode='.$com_mode.'&amp;com_order='.$com_order.'#comment'.$newcid, 2, _CM_THANKSPOST);
370 }
371 }
372 } else {
373 if (!isset($purge_comment_post_results)) {
374 include XOOPS_ROOT_PATH.'/header.php';
375 xoops_error($comment->getErrors());
376 include XOOPS_ROOT_PATH.'/footer.php';
377 } else {
378 $comment_post_results = $comment->getErrors();
379 }
380 }
381 break;
382default:
383 redirect_header(XOOPS_URL.'/', 2);
384 break;
385}
MyTextSanitizer\sGetInstance
static & sGetInstance()
Definition module.textsanitizer.php:70