Context Navigation

blog.comment.php @ 6517

Revision 6517, 36.6 KB (checked in by inureyes, 2 years ago)

fixed #1069

버그 수정

Line
1	<?php
2	/// Copyright (c) 2004-2008, Needlworks / Tatter Network Foundation
3	/// All rights reserved. Licensed under the GPL.
4	/// See the GNU General Public License for more details. (/doc/LICENSE, /doc/COPYRIGHT)
5
6	requireComponent( "Textcube.Control.Openid" );
7
8	function doesHaveOpenIDPriv( & $comment )
9	{
10	global $database;
11	$blogid = getBlogId();
12	$openid = Acl::getIdentity('openid');
13
14	if( !$comment['secret'] \|\| !$openid ) {
15	return false;
16	}
17	if( $comment['openid'] == $openid ) {
18	return true;
19	}
20	if( empty($comment['parent']) ) {
21	return false;
22	}
23	$openid = POD::escapeString($openid);
24	$row = POD::queryRow("SELECT * from {$database['prefix']}Comments ".
25	"WHERE blogid = $blogid and id = {$comment['parent']} and openid='{$openid}'" );
26	return !empty($row);
27	}
28
29	function decorateComment( & $comment )
30	{
31	$authorized = doesHaveOwnership();
32	$comment['hidden'] = false;
33	$comment['name'] = htmlspecialchars($comment['name']);
34	$comment['comment'] = htmlspecialchars($comment['comment']);
35	if ($comment['secret'] == 1) {
36	if($authorized) {
37	$comment['comment'] = '<span class="hiddenCommentTag_content">' . _text('[비밀댓글]') . '</span> ' . $comment['comment'];
38	} else {
39	if( !doesHaveOpenIDPriv($comment) ) {
40	$comment['hidden'] = true;
41	$comment['name'] = '<span class="hiddenCommentTag_name">' . _text('비밀방문자') . '</span>';
42	$comment['homepage'] = '';
43	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
44	} else {
45	$comment['name'] = '<span class="hiddenCommentTag_name">' . _text('비밀방문자') . '</span>'. $comment['name'];
46	}
47	}
48	}
49	}
50
51	function getCommentsWithPagingForOwner($blogid, $category, $name, $ip, $search, $page, $count, $isGuestbook = false) {
52	global $database;
53
54	$postfix = '';
55	if(!$isGuestbook && !Acl::check("group.editors")) $userLimit = ' AND e.userid = '.getUserId();
56	else $userLimit = '';
57	$sql = "SELECT c.*, e.title, c2.name parentName
58	FROM {$database['prefix']}Comments c
59	LEFT JOIN {$database['prefix']}Entries e ON c.blogid = e.blogid AND c.entry = e.id AND e.draft = 0$userLimit
60	LEFT JOIN {$database['prefix']}Comments c2 ON c.parent = c2.id AND c.blogid = c2.blogid
61	WHERE c.blogid = $blogid AND c.isFiltered = 0";
62	if ($category > 0) {
63	$categories = POD::queryColumn("SELECT id FROM {$database['prefix']}Categories WHERE parent = $category");
64	array_push($categories, $category);
65	$sql .= ' AND e.category IN (' . implode(', ', $categories) . ')';
66	$postfix .= '&category=' . rawurlencode($category);
67	} else
68	$sql .= ' AND e.category >= 0';
69	if (!empty($name)) {
70	$sql .= ' AND c.name = \'' . POD::escapeString($name) . '\'';
71	$postfix .= '&name=' . rawurlencode($name);
72	}
73	if (!empty($ip)) {
74	$sql .= ' AND c.ip = \'' . POD::escapeString($ip) . '\'';
75	$postfix .= '&ip=' . rawurlencode($ip);
76	}
77	if (!empty($search)) {
78	$search = escapeSearchString($search);
79	$sql .= " AND (c.name LIKE '%$search%' OR c.homepage LIKE '%$search%' OR c.comment LIKE '%$search%')";
80	$postfix .= '&search=' . rawurlencode($search);
81	}
82
83	$sql .= ' ORDER BY c.written DESC';
84	list($comments, $paging) = fetchWithPaging($sql, $page, $count);
85	if (strlen($postfix) > 0) {
86	$postfix .= '&withSearch=on';
87	$paging['postfix'] .= $postfix;
88	}
89
90	return array($comments, $paging);
91	}
92
93	function getGuestbookWithPagingForOwner($blogid, $name, $ip, $search, $page, $count) {
94	global $database;
95
96	$postfix = '&status=guestbook';
97
98	$sql = "SELECT c.*, c2.name parentName
99	FROM {$database['prefix']}Comments c
100	LEFT JOIN {$database['prefix']}Comments c2 ON c.parent = c2.id AND c.blogid = c2.blogid
101	WHERE c.blogid = $blogid AND c.entry = 0 AND c.isFiltered = 0";
102	if (!empty($name)) {
103	$sql .= ' AND c.name = \'' . POD::escapeString($name) . '\'';
104	$postfix .= '&name=' . rawurlencode($name);
105	}
106	if (!empty($ip)) {
107	$sql .= ' AND c.ip = \'' . POD::escapeString($ip) . '\'';
108	$postfix .= '&ip=' . rawurlencode($ip);
109	}
110	if (!empty($search)) {
111	$search = escapeSearchString($search);
112	$sql .= " AND (c.name LIKE '%$search%' OR c.homepage LIKE '%$search%' OR c.comment LIKE '%$search%')";
113	$postfix .= '&search=' . rawurlencode($search);
114	}
115
116	$sql .= ' ORDER BY c.written DESC';
117	list($comments, $paging) = fetchWithPaging($sql, $page, $count);
118	if (strlen($postfix) > 0) {
119	$postfix .= '&withSearch=on';
120	$paging['postfix'] .= $postfix;
121	}
122
123	return array($comments, $paging);
124	}
125
126	function getCommentsNotifiedWithPagingForOwner($blogid, $category, $name, $ip, $search, $page, $count) {
127	global $database;
128	$postfix = '';
129
130	if (empty($name) && empty($ip) && empty($search)) {
131	$sql = "SELECT
132	c.*,
133	csiteinfo.title AS siteTitle,
134	csiteinfo.name AS nickname,
135	csiteinfo.url AS siteUrl,
136	csiteinfo.modified AS siteModified
137	FROM
138	{$database['prefix']}CommentsNotified c
139	LEFT JOIN
140	{$database['prefix']}CommentsNotifiedSiteInfo csiteinfo ON c.siteId = csiteinfo.id
141	WHERE c.blogid = $blogid AND (c.parent is null)";
142	$sql .= ' ORDER BY c.modified DESC';
143	} else {
144	if (!empty($search)) {
145	$search = escapeSearchString($search);
146	}
147
148	$preQuery = "SELECT parent FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND parent is NOT NULL";
149	if (!empty($name))
150	$preQuery .= ' AND name = \''. POD::escapeString($name) . '\' ';
151	if (!empty($ip))
152	$preQuery .= ' AND ip = \''. POD::escapeString($ip) . '\' ';
153	if (!empty($search)) {
154	$preQuery .= " AND ((name LIKE '%$search%') OR (homepage LIKE '%$search%') OR (comment LIKE '%$search%'))";
155	}
156
157	$childList = array_unique(POD::queryColumn($preQuery));
158	$childListStr = (count($childList) == 0) ? '' : ('OR c.id IN ( ' . implode(', ',$childList) . ' ) ') ;
159
160	$sql = "SELECT
161	c.*,
162	csiteinfo.title AS siteTitle,
163	csiteinfo.name AS nickname,
164	csiteinfo.url AS siteUrl,
165	csiteinfo.modified AS siteModified
166	FROM
167	{$database['prefix']}CommentsNotified c
168	LEFT JOIN
169	{$database['prefix']}CommentsNotifiedSiteInfo csiteinfo ON c.siteId = csiteinfo.id
170	WHERE c.blogid = $blogid AND (c.parent is null) ";
171	if (!empty($name)) {
172	$sql .= ' AND ( c.name = \'' . POD::escapeString($name) . '\') ' ;
173	$postfix .= '&name=' . rawurlencode($name);
174	}
175	if (!empty($ip)) {
176	$sql .= ' AND ( c.ip = \'' . POD::escapeString($ip) . '\') ';
177	$postfix .= '&ip=' . rawurlencode($ip);
178	}
179	if (!empty($search)) {
180	$sql .= " AND ((c.name LIKE '%$search%') OR (c.homepage LIKE '%$search%') OR (c.comment LIKE '%$search%')) ";
181	$postfix .= '&search=' . rawurlencode($search);
182	}
183	$sql .= $childListStr . ' ORDER BY c.modified DESC';
184	}
185
186	list($comments, $paging) = fetchWithPaging($sql, $page, $count);
187	if (strlen($postfix) > 0) {
188	$postfix .= '&withSearch=on';
189	$paging['postfix'] .= $postfix;
190	}
191
192	return array($comments, $paging);
193	}
194
195	function getCommentCommentsNotified($parent) {
196	global $database;
197	$comments = array();
198	$authorized = doesHaveOwnership();
199	$sql = "SELECT
200	c.*,
201	csiteinfo.title AS siteTitle,
202	csiteinfo.name AS nickname,
203	csiteinfo.url AS siteUrl,
204	csiteinfo.modified AS siteModified
205	FROM
206	{$database['prefix']}CommentsNotified c
207	LEFT JOIN
208	{$database['prefix']}CommentsNotifiedSiteInfo csiteinfo ON c.siteId = csiteinfo.id
209	WHERE c.blogid = ".getBlogId()." AND c.parent = $parent";
210	$sql .= ' ORDER BY c.written ASC';
211	if ($result = POD::queryAll($sql)) {
212	foreach($result as $comment) {
213	if (($comment['secret'] == 1) && !$authorized) {
214	if( !doesHaveOpenIDPriv($comment) ) {
215	$comment['name'] = '';
216	$comment['homepage'] = '';
217	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
218	}
219	}
220	array_push($comments, $comment);
221	}
222	}
223	return $comments;
224	}
225
226	function getCommentsWithPagingForGuestbook($blogid, $page, $count) {
227	global $database;
228	$sql = "SELECT * FROM {$database['prefix']}Comments
229	WHERE blogid = $blogid
230	AND entry = 0
231	AND parent IS NULL
232	AND isFiltered = 0
233	ORDER BY written DESC";
234	$result = fetchWithPaging($sql, $page, $count);
235	return $result;
236	}
237
238	function getCommentAttributes($blogid, $id, $attributeNames) {
239	global $database;
240	return POD::queryRow("SELECT $attributeNames FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
241	}
242
243	function getComments($entry) {
244	global $database;
245	$comments = array();
246	$authorized = doesHaveOwnership();
247	$aux = ($entry == 0 ? 'ORDER BY written DESC' : 'ORDER BY id ASC');
248	$sql = "SELECT *
249	FROM {$database['prefix']}Comments
250	WHERE blogid = ".getBlogId()."
251	AND entry = $entry
252	AND parent IS NULL
253	AND isFiltered = 0 $aux";
254	if ($result = POD::queryAll($sql)) {
255	foreach ($result as $comment) {
256	if (($comment['secret'] == 1) && !$authorized) {
257	if( !doesHaveOpenIDPriv($comment) ) {
258	$comment['name'] = '';
259	$comment['homepage'] = '';
260	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
261	}
262	}
263	if(!empty($comment['replier'])) {
264	$comment['homepage'] = User::getHomepage($comment['replier']);
265	}
266	array_push($comments, $comment);
267	}
268	}
269	return $comments;
270	}
271
272	function getCommentComments($parent,$parentComment=null) {
273	global $database;
274	$comments = array();
275	$authorized = doesHaveOwnership();
276	if ($result = POD::queryAll("SELECT *
277	FROM {$database['prefix']}Comments
278	WHERE blogid = ".getBlogId()."
279	AND parent = $parent
280	AND isFiltered = 0
281	ORDER BY written")) {
282	if( $parentComment == null ) {
283	$parentComment = POD::queryRow(
284	"SELECT * FROM {$database['prefix']}Comments ".
285	" WHERE blogid = ".getBlogId()." AND id = $parent" );
286	}
287	$parentByOpenid = !empty( $parentComment['openid'] );
288	foreach ($result as $comment) {
289	if (($comment['secret'] == 1) && !$authorized) {
290	if( !doesHaveOpenIDPriv($comment) ) {
291	$comment['name'] = '';
292	$comment['homepage'] = '';
293	$comment['comment'] =
294	$parentByOpenid ?
295	_text('비밀글의 작성자만 읽을 수 있는 댓글입니다.') :
296	_text('관리자만 볼 수 있는 댓글입니다.');
297	}
298	}
299	if(!empty($comment['replier'])) {
300	$comment['homepage'] = User::getHomepage($comment['replier']);
301	}
302	array_push($comments, $comment);
303	}
304	}
305	return $comments;
306	}
307
308	function isCommentWriter($blogid, $commentId) {
309	global $database;
310	if (!doesHaveMembership())
311	return false;
312	return POD::queryExistence("SELECT replier
313	FROM {$database['prefix']}Comments
314	WHERE blogid = $blogid
315	AND id = $commentId
316	AND replier = " . getUserId());
317	}
318
319	function getComment($blogid, $id, $password, $restriction = true) {
320	global $database;
321	$sql = "SELECT *
322	FROM {$database['prefix']}Comments
323	WHERE blogid = $blogid
324	AND id = $id";
325	if($restriction == true) {
326	if (!doesHaveOwnership()) {
327	if (doesHaveMembership())
328	$sql .= ' AND replier = ' . getUserId();
329	else
330	$sql .= ' AND password = \'' . md5($password) . '\'';
331	}
332	}
333	if ($result = POD::queryRow($sql)) {
334	if($restriction != true) $result['password'] = null; // scope.
335	return $result;
336	}
337	return false;
338	}
339
340	function getCommentList($blogid, $search) {
341	global $database;
342	$list = array('title' => "$search", 'items' => array());
343	$search = escapeSearchString($search);
344	$authorized = doesHaveOwnership() ? '' : 'AND c.secret = 0 '.getPrivateCategoryExclusionQuery($blogid);
345	if ($result = POD::queryAll("SELECT c.id, c.entry, c.parent, c.name, c.comment, c.written, e.slogan
346	FROM {$database['prefix']}Comments c
347	INNER JOIN {$database['prefix']}Entries e ON c.entry = e.id AND c.blogid = e.blogid AND e.draft = 0
348	WHERE c.entry > 0
349	AND c.blogid = $blogid $authorized
350	and c.isFiltered = 0
351	and (c.comment like '%$search%' OR c.name like '%$search%')")) {
352	foreach ($result as $comment)
353	array_push($list['items'], $comment);
354	}
355	return $list;
356	}
357
358	function updateCommentsOfEntry($blogid, $entryId) {
359	global $database;
360	requireComponent('Needlworks.Cache.PageCache');
361	$commentCount = POD::queryCell("SELECT COUNT(*)
362	FROM {$database['prefix']}Comments
363	WHERE blogid = $blogid
364	AND entry = $entryId
365	AND isFiltered = 0");
366	POD::query("UPDATE {$database['prefix']}Entries
367	SET comments = $commentCount
368	WHERE blogid = $blogid
369	AND id = $entryId");
370	if($entryId >=0) CacheControl::flushEntry($entryId);
371	return $commentCount;
372	}
373
374	function sendCommentPing($entryId, $permalink, $name, $homepage) {
375	global $database, $blog;
376	$blogid = getBlogId();
377	if($slogan = POD::queryCell("SELECT slogan
378	FROM {$database['prefix']}Entries
379	WHERE blogid = $blogid
380	AND id = $entryId
381	AND draft = 0
382	AND visibility = 3
383	AND acceptComment = 1")) {
384	requireComponent('Eolin.PHP.Core');
385	requireComponent('Eolin.PHP.XMLRPC');
386	$rpc = new XMLRPC();
387	$rpc->url = TEXTCUBE_SYNC_URL;
388	$summary = array(
389	'permalink' => $permalink,
390	'name' => $name,
391	'homepage' => $homepage
392	);
393	$rpc->async = true;
394	$rpc->call('sync.comment', $summary);
395	}
396	}
397
398	function addComment($blogid, & $comment) {
399	global $database, $user, $blog, $defaultURL;
400
401	$openid = Acl::getIdentity('openid');
402	$filtered = 0;
403
404	if (!doesHaveOwnership()) {
405	requireComponent('Textcube.Data.Filter');
406	if (!Filter::isAllowed($comment['homepage'])) {
407	if (Filter::isFiltered('ip', $comment['ip'])) {
408	$blockType = "ip";
409	$filtered = 1;
410	} else if (Filter::isFiltered('name', $comment['name'])) {
411	$blockType = "name";
412	$filtered = 1;
413	} else if (Filter::isFiltered('url', $comment['homepage'])) {
414	$blockType = "homepage";
415	$filtered = 1;
416	} elseif (Filter::isFiltered('content', $comment['comment'])) {
417	$blockType = "comment";
418	$filtered = 1;
419	} elseif ( !Acl::check( "group.writers" ) && !$openid &&
420	getBlogSetting('AddCommentMode', '') == 'openid' ) {
421	$blockType = "openidonly";
422	$filtered = 1;
423	} else if (!fireEvent('AddingComment', true, $comment)) {
424	$blockType = "etc";
425	$filtered = 1;
426	}
427	}
428	}
429
430	$comment['homepage'] = stripHTML($comment['homepage']);
431	$comment['name'] = UTF8::lessenAsEncoding($comment['name'], 80);
432	$comment['homepage'] = UTF8::lessenAsEncoding($comment['homepage'], 80);
433	$comment['comment'] = UTF8::lessenAsEncoding($comment['comment'], 65535);
434
435	if (!doesHaveOwnership() && $comment['entry'] != 0) {
436	$result = POD::queryCount("SELECT *
437	FROM {$database['prefix']}Entries
438	WHERE blogid = $blogid
439	AND id = {$comment['entry']}
440	AND draft = 0
441	AND visibility > 0
442	AND acceptComment = 1");
443	if (!$result \|\| $result == 0)
444	return false;
445	}
446	$parent = $comment['parent'] == null ? 'null' : $comment['parent'];
447	if ($user !== null) {
448	$comment['replier'] = getUserId();
449	$name = POD::escapeString($user['name']);
450	$password = '';
451	$homepage = POD::escapeString($user['homepage']);
452	if( empty($homepage) && $openid ) { $homepage = POD::escapeString($openid); }
453	} else {
454	$comment['replier'] = 'null';
455	$name = POD::escapeString($comment['name']);
456	$password = empty($comment['password']) ? '' : md5($comment['password']);
457	$homepage = POD::escapeString($comment['homepage']);
458	}
459	$comment0 = POD::escapeString($comment['comment']);
460	$filteredAux = ($filtered == 1 ? "UNIX_TIMESTAMP()" : 0);
461	$insertId = getCommentsMaxId() + 1;
462	$result = POD::query("INSERT INTO {$database['prefix']}Comments
463	(blogid,replier,id,openid,entry,parent,name,password,homepage,secret,comment,ip,written,isFiltered)
464	VALUES (
465	$blogid,
466	{$comment['replier']},
467	$insertId,
468	'$openid',
469	{$comment['entry']},
470	$parent,
471	'$name',
472	'$password',
473	'$homepage',
474	{$comment['secret']},
475	'$comment0',
476	'{$comment['ip']}',
477	UNIX_TIMESTAMP(),
478	$filteredAux
479	)");
480	if ($result) {
481	$id = $insertId;
482	CacheControl::flushCommentRSS($comment['entry']);
483	CacheControl::flushDBCache('comment');
484	if ($parent != 'null' && $comment['secret'] < 1) {
485	$insertId = getCommentsNotifiedQueueMaxId() + 1;
486	POD::execute("INSERT INTO `{$database['prefix']}CommentsNotifiedQueue`
487	( `blogid` , `id`, `commentId` , `sendStatus` , `checkDate` , `written` )
488	VALUES
489	('".$blogid."' , '".$insertId."', '" . $id . "', '0', '0', UNIX_TIMESTAMP())");
490	}
491	updateCommentsOfEntry($blogid, $comment['entry']);
492	fireEvent($comment['entry'] ? 'AddComment' : 'AddGuestComment', $id, $comment);
493	if ($filtered == 1)
494	return $blockType;
495	else
496	return $id;
497	}
498	return false;
499	}
500
501	function updateComment($blogid, $comment, $password) {
502	global $database, $user;
503
504	$openid = Acl::getIdentity('openid');
505	if (!doesHaveOwnership()) {
506	// if filtered, only block and not send to trash
507	requireComponent('Textcube.Data.Filter');
508	if (!Filter::isAllowed($comment['homepage'])) {
509	if (Filter::isFiltered('ip', $comment['ip']))
510	return 'blocked';
511	if (Filter::isFiltered('name', $comment['name']))
512	return 'blocked';
513	if (Filter::isFiltered('url', $comment['homepage']))
514	return 'blocked';
515	if (Filter::isFiltered('content', $comment['comment']))
516	return 'blocked';
517	if (!fireEvent('ModifyingComment', true, $comment))
518	return 'blocked';
519	}
520	}
521
522	$comment['homepage'] = stripHTML($comment['homepage']);
523	$comment['name'] = UTF8::lessenAsEncoding($comment['name'], 80);
524	$comment['homepage'] = UTF8::lessenAsEncoding($comment['homepage'], 80);
525	$comment['comment'] = UTF8::lessenAsEncoding($comment['comment'], 65535);
526
527	$setPassword = '';
528	if ($user !== null) {
529	$comment['replier'] = getUserId();
530	$name = POD::escapeString($user['name']);
531	$setPassword = 'password = \'\',';
532	$homepage = POD::escapeString($user['homepage']);
533	if( empty($homepage) && $openid ) { $homepage = POD::escapeString($openid); }
534	} else {
535	$name = POD::escapeString($comment['name']);
536	if ($comment['password'] !== true)
537	$setPassword = 'password = \'' . (empty($comment['password']) ? '' : md5($comment['password'])) . '\', ';
538	$homepage = POD::escapeString($comment['homepage']);
539	}
540	$comment0 = POD::escapeString($comment['comment']);
541
542	$guestcomment = false;
543	if (POD::queryExistence("SELECT *
544	FROM {$database['prefix']}Comments
545	WHERE blogid = $blogid
546	AND id = {$comment['id']}
547	AND replier IS NULL")) {
548	$guestcomment = true;
549	}
550
551	$wherePassword = '';
552	if (!doesHaveOwnership()) {
553	if ($guestcomment == false) {
554	if (!doesHaveMembership())
555	return false;
556	$wherePassword = ' AND replier = ' . getUserId();
557	}
558	else
559	{
560	if( empty($password) && $openid ) {
561	$wherePassword = ' AND openid = \'' . $openid . '\'';
562	} else {
563	$wherePassword = ' AND password = \'' . md5($password) . '\'';
564	}
565	}
566	}
567
568	$replier = is_null($comment['replier']) ? 'NULL' : "'{$comment['replier']}'";
569
570	$result = POD::query("UPDATE {$database['prefix']}Comments
571	SET
572	name = '$name',
573	$setPassword
574	homepage = '$homepage',
575	secret = {$comment['secret']},
576	comment = '$comment0',
577	ip = '{$comment['ip']}',
578	written = UNIX_TIMESTAMP(),
579	isFiltered = {$comment['isFiltered']},
580	replier = {$replier}
581	WHERE blogid = $blogid
582	AND id = {$comment['id']} $wherePassword");
583	if($result) {
584	CacheControl::flushCommentRSS($comment['entry']); // Assume blogid = current blogid.
585	CacheControl::flushDBCache('comment');
586	return true;
587	} else return false;
588	}
589
590	function deleteComment($blogid, $id, $entry, $password) {
591	global $database;
592
593	if (!is_numeric($id)) return false;
594	if (!is_numeric($entry)) return false;
595
596	$guestcomment = false;
597	if (POD::queryExistence("SELECT * FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id AND replier IS NULL")) {
598	$guestcomment = true;
599	}
600
601	$wherePassword = '';
602
603	$sql = "DELETE FROM {$database['prefix']}Comments
604	WHERE blogid = $blogid
605	AND id = $id
606	AND entry = $entry";
607	if (!doesHaveOwnership()) {
608	if( Acl::getIdentity('openid') && empty($password) ) {
609	$wherePassword = ' AND openid = \'' . Acl::getIdentity('openid') . '\'';
610	} else {
611	if ($guestcomment == false) {
612	if (!doesHaveMembership()) {
613	return false;
614	}
615	$wherePassword = ' AND replier = ' . getUserId();
616	}
617	else
618	{
619	$wherePassword = ' AND password = \'' . md5($password) . '\'';
620	}
621	}
622	}
623	if(POD::queryCount($sql . $wherePassword)) {
624	CacheControl::flushCommentRSS($entry);
625	CacheControl::flushDBCache('comment');
626	updateCommentsOfEntry($blogid, $entry);
627	return true;
628	}
629	return false;
630	}
631
632	function trashComment($blogid, $id, $entry, $password) {
633	global $database;
634	if (!doesHaveOwnership()) {
635	return false;
636	}
637	if (!is_numeric($id)) return false;
638	if (!is_numeric($entry)) return false;
639	$sql = "UPDATE {$database['prefix']}Comments
640	SET isFiltered = UNIX_TIMESTAMP()
641	WHERE blogid = $blogid
642	AND id = $id
643	AND entry = $entry";
644	$affected = POD::queryCount($sql);
645	$sql = "UPDATE {$database['prefix']}Comments
646	SET isFiltered = UNIX_TIMESTAMP()
647	WHERE blogid = $blogid
648	AND parent = $id
649	AND entry = $entry";
650	$affectedChildren = POD::queryCount($sql);
651	if ($affected + $affectedChildren > 0) {
652	CacheControl::flushCommentRSS($entry);
653	CacheControl::flushDBCache('comment');
654	updateCommentsOfEntry($blogid, $entry);
655	return true;
656	}
657	return false;
658	}
659
660	function revertComment($blogid, $id, $entry, $password) {
661	// not used, so
662	return false;
663	global $database;
664	if (!doesHaveOwnership()) {
665	return false;
666	}
667	if (!is_numeric($id)) return false;
668	if (!is_numeric($entry)) return false;
669	$sql = "UPDATE {$database['prefix']}Comments
670	SET isFiltered = 0
671	WHERE blogid = $blogid
672	AND id = $id
673	AND entry = $entry";
674	if(POD::query($sql)) {
675	CacheControl::flushCommentRSS($entry);
676	CacheControl::flushDBCache('comment');
677	updateCommentsOfEntry($blogid, $entry);
678	return true;
679	}
680	return false;
681	}
682
683	function getRecentComments($blogid,$count = false,$isGuestbook = false, $guestShip = false) {
684	global $skinSetting, $database;
685	$comments = array();
686	if(!$isGuestbook && !Acl::check("group.editors")) $userLimit = ' AND e.userid = '.getUserId();
687	else $userLimit = '';
688	$sql = (doesHaveOwnership() && !$guestShip) ? "SELECT r.*, e.title, e.slogan
689	FROM
690	{$database['prefix']}Comments r
691	INNER JOIN {$database['prefix']}Entries e ON r.blogid = e.blogid AND r.entry = e.id AND e.draft = 0$userLimit
692	WHERE
693	r.blogid = $blogid".($isGuestbook != false ? " AND r.entry=0" : " AND r.entry>0")." AND r.isFiltered = 0
694	ORDER BY
695	r.written
696	DESC LIMIT ".($count != false ? $count : $skinSetting['commentsOnRecent']) :
697	"SELECT r.*, e.title, e.slogan
698	FROM
699	{$database['prefix']}Comments r
700	INNER JOIN {$database['prefix']}Entries e ON r.blogid = e.blogid AND r.entry = e.id AND e.draft = 0
701	LEFT OUTER JOIN {$database['prefix']}Categories c ON e.blogid = c.blogid AND e.category = c.id
702	WHERE
703	r.blogid = $blogid AND e.draft = 0 AND e.visibility >= 2".getPrivateCategoryExclusionQuery($blogid)
704	.($isGuestbook != false ? " AND r.entry = 0" : " AND r.entry > 0")." AND r.isFiltered = 0
705	ORDER BY
706	r.written
707	DESC LIMIT
708	".($count != false ? $count : $skinSetting['commentsOnRecent']);
709	if ($result = POD::queryAllWithDBCache($sql,'comment')) {
710	foreach($result as $comment) {
711	if (($comment['secret'] == 1) && !doesHaveOwnership()) {
712	if( !doesHaveOpenIDPriv($comment) ) {
713	$comment['name'] = _text('비밀방문자');
714	$comment['homepage'] = '';
715	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
716	}
717	}
718	array_push($comments, $comment);
719	}
720	}
721	return $comments;
722	}
723
724	function getRecentGuestbook($blogid,$count = false) {
725	global $skinSetting, $database;
726	$comments = array();
727	$sql = "SELECT r.*
728	FROM
729	{$database['prefix']}Comments r
730	WHERE
731	r.blogid = $blogid AND r.entry = 0 AND r.isFiltered = 0
732	ORDER BY
733	r.written
734	DESC LIMIT ".($count != false ? $count : $skinSetting['commentsOnRecent']);
735
736	if ($result = POD::queryAll($sql)) {
737	foreach($result as $comment) {
738	if (($comment['secret'] == 1) && !doesHaveOwnership()) {
739	if( !doesHaveOpenIDPriv($comment) ) {
740	$comment['name'] = '';
741	$comment['homepage'] = '';
742	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
743	}
744	}
745	array_push($comments, $comment);
746	}
747	}
748	return $comments;
749	}
750
751	function getGuestbookPageById($blogid, $id) {
752	global $database, $skinSetting;
753	$totalGuestbookId = POD::queryColumn("SELECT id
754	FROM {$database['prefix']}Comments
755	WHERE
756	blogid = $blogid AND entry = 0 AND isFiltered = 0 AND parent is null
757	ORDER BY
758	written DESC");
759	$order = array_search($id, $totalGuestbookId);
760	if($order == false) {
761	$parentCommentId = POD::queryCell("SELECT parent
762	FROM {$database['prefix']}Comments
763	WHERE
764	blogid = $blogid AND entry = 0 AND isFiltered = 0 AND id = $id");
765	if($parentCommentId != false) {
766	$order = array_search($parentCommentId, $totalGuestbookId);
767	} else {
768	return false;
769	}
770	}
771	return intval($order / $skinSetting['commentsOnGuestbook'])+1;
772	}
773
774	function deleteCommentInOwner($blogid, $id) {
775	global $database;
776	if (!is_numeric($id)) return false;
777	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
778	if(POD::queryCount("DELETE FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id") == 1) {
779	if (POD::query("DELETE FROM {$database['prefix']}Comments WHERE blogid = $blogid AND parent = $id")) {
780	CacheControl::flushCommentRSS($entryId);
781	updateCommentsOfEntry($blogid, $entryId);
782	return true;
783	}
784	}
785	return false;
786	}
787
788	function trashCommentInOwner($blogid, $id) {
789	global $database;
790	if (!is_numeric($id)) return false;
791	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
792	// $result = POD::queryCount("UPDATE {$database['prefix']}Comments SET isFiltered = UNIX_TIMESTAMP() WHERE blogid = $blogid AND id = $id");
793	// if ($result && $result == 1) {
794	if(POD::query("UPDATE {$database['prefix']}Comments SET isFiltered = UNIX_TIMESTAMP() WHERE blogid = $blogid AND id = $id")) {
795	if (POD::query("UPDATE {$database['prefix']}Comments SET isFiltered = UNIX_TIMESTAMP() WHERE blogid = $blogid AND parent = $id")) {
796	CacheControl::flushCommentRSS($entryId);
797	CacheControl::flushDBCache('comment');
798	updateCommentsOfEntry($blogid, $entryId);
799	return true;
800	}
801	}
802	return false;
803	}
804
805	function revertCommentInOwner($blogid, $id) {
806	global $database;
807	if (!is_numeric($id)) return false;
808	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
809	$parent = POD::queryCell("SELECT parent FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
810	if(POD::queryCount("UPDATE {$database['prefix']}Comments SET isFiltered = 0 WHERE blogid = $blogid AND id = $id") == 1) {
811	if (is_null($parent) \|\| POD::query("UPDATE {$database['prefix']}Comments SET isFiltered = 0 WHERE blogid = $blogid AND id = $parent")) {
812	CacheControl::flushCommentRSS($entryId);
813	updateCommentsOfEntry($blogid, $entryId);
814	return true;
815	}
816	}
817	return false;
818	}
819
820	function deleteCommentNotifiedInOwner($blogid, $id) {
821	global $database;
822	if (!is_numeric($id)) return false;
823
824	fireEvent('DeleteCommentNotified', $id);
825
826	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND id = $id");
827	if(POD::queryCount("DELETE FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND id = $id") == 1) {
828	if (POD::query("DELETE FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND parent = $id")) {
829	updateCommentsOfEntry($blogid, $entryId);
830	CacheControl::flushCommentNotifyRSS();
831	return true;
832	}
833	}
834	return false;
835	}
836
837	function notifyComment() {
838	global $database, $service, $blog, $defaultURL;
839	$blogid = getBlogId();
840	$sql = "SELECT
841	CN.*,
842	CNQ.id AS queueId,
843	CNQ.commentId AS commentId,
844	CNQ.sendStatus AS sendStatus,
845	CNQ.checkDate AS checkDate,
846	CNQ.written AS queueWritten
847	FROM
848	{$database['prefix']}CommentsNotifiedQueue AS CNQ
849	LEFT JOIN
850	{$database['prefix']}Comments AS CN ON CNQ.commentId = CN.id
851	WHERE
852	CNQ.sendStatus = '0'
853	and CN.parent is not null
854	ORDER BY CNQ.id ASC
855	LIMIT 0, 1
856	";
857	$queue = POD::queryRow($sql);
858	if (empty($queue) && empty($queue['queueId'])) {
859	//POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
860	return false;
861	}
862	$comments = (POD::queryRow("SELECT * FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = {$queue['commentId']}"));
863	if (empty($comments['parent']) \|\| $comments['secret'] == 1) {
864	POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
865	return false;
866	}
867	$parentComments = (POD::queryRow("SELECT * FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = {$comments['parent']}"));
868	if (empty($parentComments['homepage'])) {
869	POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
870	return false;
871	}
872	$entry = (POD::queryRow("SELECT * FROM {$database['prefix']}Entries WHERE blogid = $blogid AND id={$comments['entry']}"));
873	if(is_null($entry)) {
874	$r1_comment_check_url = rawurlencode("$defaultURL/guestbook/".$parentComments['id']."#guestbook".$parentComments['id']);
875	$r2_comment_check_url = rawurlencode("$defaultURL/guestbook/".$comments['id']."#guestbook".$comments['id']);
876	$entry['title'] = _textf('%1 블로그의 방명록',$blog['title']);
877	$entryPermaLink = "$defaultURL/guestbook/";
878	$entry['id'] = 0;
879	} else {
880	$r1_comment_check_url = rawurlencode("$defaultURL/" . ($blog['useSloganOnPost'] ? "entry/{$entry['slogan']}" : $entry['id']) . "#comment" . $parentComments['id']);
881	$r2_comment_check_url = rawurlencode("$defaultURL/" . ($blog['useSloganOnPost'] ? "entry/{$entry['slogan']}" : $entry['id']) . "#comment" . $comments['id']);
882	$entryPermaLink = "$defaultURL/" . ($blog['useSloganOnPost'] ? "entry/{$entry['slogan']}" : $entry['id']);
883	}
884
885	$data = "url=" . rawurlencode($defaultURL) . "&mode=fb" . "&s_home_title=" . rawurlencode($blog['title']) . "&s_post_title=" . rawurlencode($entry['title']) . "&s_name=" . rawurlencode($comments['name']) . "&s_no=" . rawurlencode($comments['entry']) . "&s_url=" . rawurlencode($entryPermaLink) . "&r1_name=" . rawurlencode($parentComments['name']) . "&r1_no=" . rawurlencode($parentComments['id']) . "&r1_pno=" . rawurlencode($comments['entry']) . "&r1_rno=0" . "&r1_homepage=" . rawurlencode($parentComments['homepage']) . "&r1_regdate=" . rawurlencode($parentComments['written']) . "&r1_url=" . $r1_comment_check_url. "&r2_name=" . rawurlencode($comments['name']) . "&r2_no=" . rawurlencode($comments['id']) . "&r2_pno=" . rawurlencode($comments['entry']) . "&r2_rno=" . rawurlencode($comments['parent']) . "&r2_homepage=" . rawurlencode($comments['homepage']) . "&r2_regdate=" . rawurlencode($comments['written']) . "&r2_url=" . $r2_comment_check_url . "&r1_body=" . rawurlencode($parentComments['comment']) . "&r2_body=" . rawurlencode($comments['comment']);
886	requireComponent('Eolin.PHP.HTTPRequest');
887	if (strpos($parentComments['homepage'], "http://") === false) {
888	$homepage = 'http://' . $parentComments['homepage'];
889	} else {
890	$homepage = $parentComments['homepage'];
891	}
892	$request = new HTTPRequest('POST', $homepage);
893	$request->contentType = 'application/x-www-form-urlencoded; charset=utf-8';
894	$request->content = $data;
895	if ($request->send()) {
896	$xmls = new XMLStruct();
897	if ($xmls->open($request->responseText)) {
898	$result = $xmls->selectNode('/response/error/');
899	if ($result['.value'] != '1' && $result['.value'] != '0') {
900	$homepage = rtrim($homepage, '/') . '/index.php';
901	$request = new HTTPRequest('POST', $homepage);
902	$request->contentType = 'application/x-www-form-urlencoded; charset=utf-8';
903	$request->content = $data;
904	if ($request->send()) {
905	}
906	}
907	}
908	} else {
909	}
910	POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
911	}
912
913	function receiveNotifiedComment($post) {
914	if (empty($post['mode']) \|\| $post['mode'] != 'fb')
915	return 1;
916	global $database;
917
918	CacheControl::flushCommentNotifyRSS();
919	$post = fireEvent('ReceiveNotifiedComment', $post);
920	if ($post === false) return 7;
921
922	$blogid = getBlogId();
923	$title = POD::escapeString(UTF8::lessenAsEncoding($post['s_home_title'], 255));
924	$name = POD::escapeString(UTF8::lessenAsEncoding($post['s_name'], 255));
925	$entryId = POD::escapeString($post['s_no']);
926	$homepage = POD::escapeString(UTF8::lessenAsEncoding($post['url'], 255));
927	$entryUrl = POD::escapeString($post['s_url']);
928	$entryTitle = POD::escapeString($post['s_post_title']);
929	$parent_id = $post['r1_no'];
930	$parent_name = POD::escapeString(UTF8::lessenAsEncoding($post['r1_name'], 80));
931	$parent_parent = $post['r1_rno'];
932	$parent_homepage = POD::escapeString(UTF8::lessenAsEncoding($post['r1_homepage'], 80));
933	$parent_written = $post['r1_regdate'];
934	$parent_comment = POD::escapeString($post['r1_body']);
935	$parent_url = POD::escapeString(UTF8::lessenAsEncoding($post['r1_url'], 255));
936	$child_id = $post['r2_no'];
937	$child_name = POD::escapeString(UTF8::lessenAsEncoding($post['r2_name'], 80));
938	$child_parent = $post['r2_rno'];
939	$child_homepage = POD::escapeString(UTF8::lessenAsEncoding($post['r2_homepage'], 80));
940	$child_written = $post['r2_regdate'];
941	$child_comment = POD::escapeString($post['r2_body']);
942	$child_url = POD::escapeString(UTF8::lessenAsEncoding($post['r2_url'],255));
943	$siteId = POD::queryCell("SELECT id FROM {$database['prefix']}CommentsNotifiedSiteInfo WHERE url = '$homepage'");
944	if (empty($siteId)) {
945	$insertId = getCommentsNotifiedSiteInfoMaxId() + 1;
946	if (POD::execute("INSERT INTO {$database['prefix']}CommentsNotifiedSiteInfo
947	( id, title, name, url, modified)
948	VALUES ($insertId, '$title', '$name', '$homepage', UNIX_TIMESTAMP());"))
949	$siteId = $insertId;
950	else
951	return 2;
952	}
953	$parentId = POD::queryCell("SELECT id
954	FROM {$database['prefix']}CommentsNotified
955	WHERE entry = $entryId
956	AND siteId = $siteId
957	AND blogid = $blogid
958	AND remoteId = $parent_id");
959	if (empty($parentId)) {
960	$insertId = getCommentsNotifiedMaxId() + 1;
961	$sql = "INSERT INTO {$database['prefix']}CommentsNotified
962	( blogid , replier , id , entry , parent , name , password , homepage , secret , comment , ip , written, modified , siteId , isNew , url , remoteId ,entryTitle , entryUrl )
963	VALUES (
964	$blogid, NULL , $insertId, " . $entryId . ", " . (empty($parent_parent) ? 'null' : $parent_parent) . ", '" . $parent_name . "', '', '" . $parent_homepage . "', '', '" . $parent_comment . "', '', " . $parent_written . ",UNIX_TIMESTAMP(), " . $siteId . ", 1, '" . $parent_url . "'," . $parent_id . ", '" . $entryTitle . "', '" . $entryUrl . "'
965	)";
966	if (!POD::execute($sql))
967	return 3;
968	$parentId = $insertId;
969	}
970	if (POD::queryCell("SELECT count(*) FROM {$database['prefix']}CommentsNotified WHERE siteId=$siteId AND remoteId=$child_id") > 0)
971	return 4;
972	$insertId = getCommentsNotifiedMaxId() + 1;
973	$sql = "INSERT INTO {$database['prefix']}CommentsNotified
974	( blogid , replier , id , entry , parent , name , password , homepage , secret , comment , ip , written, modified , siteId , isNew , url , remoteId ,entryTitle , entryUrl )
975	VALUES (
976	$blogid, NULL , $insertId, " . $entryId . ", $parentId, '$child_name', '', '$child_homepage', '', '$child_comment', '', $child_written, UNIX_TIMESTAMP(), $siteId, 1, '$child_url', $child_id, '$entryTitle', '$entryUrl')";
977	if (!POD::execute($sql))
978	return 5;
979	$sql = "UPDATE {$database['prefix']}CommentsNotified SET modified = UNIX_TIMESTAMP() WHERE blogid = $blogid AND id = $parentId";
980	if (!POD::execute($sql))
981	return 6;
982	return 0;
983	}
984
985	function getCommentCount($blogid, $entryId = null) {
986	global $database;
987	if (is_null($entryId))
988	return POD::queryCell("SELECT SUM(comments) FROM {$database['prefix']}Entries WHERE blogid = $blogid AND draft= 0 ");
989	return POD::queryCell("SELECT comments FROM {$database['prefix']}Entries WHERE blogid = $blogid AND id = $entryId AND draft = 0");
990	}
991
992	function getGuestbookCount($blogid) {
993	global $database;
994	return POD::queryCell("SELECT count(id) FROM {$database['prefix']}Comments WHERE blogid = $blogid AND entry = 0");
995	}
996
997	function getCommentCountPart($commentCount, &$skin) {
998	$noneCommentMessage = $skin->noneCommentMessage;
999	$singleCommentMessage = $skin->singleCommentMessage;
1000
1001	if ($commentCount == 0 && !empty($noneCommentMessage)) {
1002	dress('article_rep_rp_cnt', 0, $noneCommentMessage);
1003	$commentView = $noneCommentMessage;
1004	} else if ($commentCount == 1 && !empty($singleCommentMessage)) {
1005	dress('article_rep_rp_cnt', 1, $singleCommentMessage);
1006	$commentView = $singleCommentMessage;
1007	} else {
1008	$commentPart = $skin->commentCount;
1009	dress('article_rep_rp_cnt', $commentCount, $commentPart);
1010	$commentView = $commentPart;
1011	}
1012
1013	return array("rp_count", $commentView);
1014	}
1015
1016	function getCommentsMaxId() {
1017	global $database;
1018	$maxId = POD::queryCell("SELECT max(id)
1019	FROM {$database['prefix']}Comments
1020	WHERE blogid = ".getBlogId());
1021	return empty($maxId) ? 0 : $maxId;
1022	}
1023
1024	function getCommentsNotifiedMaxId() {
1025	global $database;
1026	$maxId = POD::queryCell("SELECT max(id)
1027	FROM {$database['prefix']}CommentsNotified
1028	WHERE blogid = ".getBlogId());
1029	return empty($maxId) ? 0 : $maxId;
1030	}
1031
1032	function getCommentsNotifiedQueueMaxId() {
1033	global $database;
1034	$maxId = POD::queryCell("SELECT max(id)
1035	FROM {$database['prefix']}CommentsNotifiedQueue
1036	WHERE blogid = ".getBlogId());
1037	return empty($maxId) ? 0 : $maxId;
1038	}
1039
1040	function getCommentsNotifiedSiteInfoMaxId() {
1041	global $database;
1042	$maxId = POD::queryCell("SELECT max(id)
1043	FROM {$database['prefix']}CommentsNotifiedSiteInfo");
1044	return empty($maxId) ? 0 : $maxId;
1045	}
1046
1047	?>

Note: See TracBrowser for help on using the browser.

Development Center

메인메뉴

Context Navigation

root/branches/1.7/lib/model/blog.comment.php @ 6517

Download in other formats: