Context Navigation

blog.comment.php

Revision 8620, 36.7 KB (checked in by inureyes, 3 months ago)

refs #1472

1.7 트리에도 반영

Line
1	<?php
2	/// Copyright (c) 2004-2009, Needlworks / Tatter Network Foundation
3	/// All rights reserved. Licensed under the GPL.
4	/// See the GNU General Public License for more details. (/doc/LICENSE, /doc/COPYRIGHT)
5
6	requireComponent( "Textcube.Control.Openid" );
7
8	function doesHaveOpenIDPriv( & $comment )
9	{
10	global $database;
11	$blogid = getBlogId();
12	$openid = Acl::getIdentity('openid');
13
14	if( !$comment['secret'] \|\| !$openid ) {
15	return false;
16	}
17	if( $comment['openid'] == $openid ) {
18	return true;
19	}
20	if( empty($comment['parent']) ) {
21	return false;
22	}
23	$openid = POD::escapeString($openid);
24	$row = POD::queryRow("SELECT * from {$database['prefix']}Comments ".
25	"WHERE blogid = $blogid and id = {$comment['parent']} and openid='{$openid}'" );
26	return !empty($row);
27	}
28
29	function decorateComment( & $comment )
30	{
31	$authorized = doesHaveOwnership();
32	$comment['hidden'] = false;
33	$comment['name'] = htmlspecialchars($comment['name']);
34	$comment['comment'] = htmlspecialchars($comment['comment']);
35	if ($comment['secret'] == 1) {
36	if($authorized) {
37	$comment['comment'] = '<span class="hiddenCommentTag_content">' . _text('[비밀댓글]') . '</span> ' . $comment['comment'];
38	} else {
39	if( !doesHaveOpenIDPriv($comment) ) {
40	$comment['hidden'] = true;
41	$comment['name'] = '<span class="hiddenCommentTag_name">' . _text('비밀방문자') . '</span>';
42	$comment['homepage'] = '';
43	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
44	} else {
45	$comment['name'] = '<span class="hiddenCommentTag_name">' . _text('비밀방문자') . '</span>'. $comment['name'];
46	}
47	}
48	}
49	}
50
51	function getCommentsWithPagingForOwner($blogid, $category, $name, $ip, $search, $page, $count, $isGuestbook = false) {
52	global $database;
53
54	$postfix = '';
55	if(!$isGuestbook && !Acl::check("group.editors")) $userLimit = ' AND e.userid = '.getUserId();
56	else $userLimit = '';
57	$sql = "SELECT c.*, e.title, c2.name parentName
58	FROM {$database['prefix']}Comments c
59	LEFT JOIN {$database['prefix']}Entries e ON c.blogid = e.blogid AND c.entry = e.id AND e.draft = 0$userLimit
60	LEFT JOIN {$database['prefix']}Comments c2 ON c.parent = c2.id AND c.blogid = c2.blogid
61	WHERE c.blogid = $blogid AND c.isFiltered = 0";
62	if ($category > 0) {
63	$categories = POD::queryColumn("SELECT id FROM {$database['prefix']}Categories WHERE parent = $category");
64	array_push($categories, $category);
65	$sql .= ' AND e.category IN (' . implode(', ', $categories) . ')';
66	$postfix .= '&category=' . rawurlencode($category);
67	} else
68	$sql .= ' AND e.category >= 0';
69	if (!empty($name)) {
70	$sql .= ' AND c.name = \'' . POD::escapeString($name) . '\'';
71	$postfix .= '&name=' . rawurlencode($name);
72	}
73	if (!empty($ip)) {
74	$sql .= ' AND c.ip = \'' . POD::escapeString($ip) . '\'';
75	$postfix .= '&ip=' . rawurlencode($ip);
76	}
77	if (!empty($search)) {
78	$search = escapeSearchString($search);
79	$sql .= " AND (c.name LIKE '%$search%' OR c.homepage LIKE '%$search%' OR c.comment LIKE '%$search%')";
80	$postfix .= '&search=' . rawurlencode($search);
81	}
82
83	$sql .= ' ORDER BY c.written DESC';
84	list($comments, $paging) = fetchWithPaging($sql, $page, $count);
85	if (strlen($postfix) > 0) {
86	$postfix .= '&withSearch=on';
87	$paging['postfix'] .= $postfix;
88	}
89
90	return array($comments, $paging);
91	}
92
93	function getGuestbookWithPagingForOwner($blogid, $name, $ip, $search, $page, $count) {
94	global $database;
95
96	$postfix = '&status=guestbook';
97
98	$sql = "SELECT c.*, c2.name parentName
99	FROM {$database['prefix']}Comments c
100	LEFT JOIN {$database['prefix']}Comments c2 ON c.parent = c2.id AND c.blogid = c2.blogid
101	WHERE c.blogid = $blogid AND c.entry = 0 AND c.isFiltered = 0";
102	if (!empty($name)) {
103	$sql .= ' AND c.name = \'' . POD::escapeString($name) . '\'';
104	$postfix .= '&name=' . rawurlencode($name);
105	}
106	if (!empty($ip)) {
107	$sql .= ' AND c.ip = \'' . POD::escapeString($ip) . '\'';
108	$postfix .= '&ip=' . rawurlencode($ip);
109	}
110	if (!empty($search)) {
111	$search = escapeSearchString($search);
112	$sql .= " AND (c.name LIKE '%$search%' OR c.homepage LIKE '%$search%' OR c.comment LIKE '%$search%')";
113	$postfix .= '&search=' . rawurlencode($search);
114	}
115
116	$sql .= ' ORDER BY c.written DESC';
117	list($comments, $paging) = fetchWithPaging($sql, $page, $count);
118	if (strlen($postfix) > 0) {
119	$postfix .= '&withSearch=on';
120	$paging['postfix'] .= $postfix;
121	}
122
123	return array($comments, $paging);
124	}
125
126	function getCommentsNotifiedWithPagingForOwner($blogid, $category, $name, $ip, $search, $page, $count) {
127	global $database;
128	$postfix = '';
129
130	if (empty($name) && empty($ip) && empty($search)) {
131	$sql = "SELECT
132	c.*,
133	csiteinfo.title AS siteTitle,
134	csiteinfo.name AS nickname,
135	csiteinfo.url AS siteUrl,
136	csiteinfo.modified AS siteModified
137	FROM
138	{$database['prefix']}CommentsNotified c
139	LEFT JOIN
140	{$database['prefix']}CommentsNotifiedSiteInfo csiteinfo ON c.siteId = csiteinfo.id
141	WHERE c.blogid = $blogid AND (c.parent is null)";
142	$sql .= ' ORDER BY c.modified DESC';
143	} else {
144	if (!empty($search)) {
145	$search = escapeSearchString($search);
146	}
147
148	$preQuery = "SELECT parent FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND parent is NOT NULL";
149	if (!empty($name))
150	$preQuery .= ' AND name = \''. POD::escapeString($name) . '\' ';
151	if (!empty($ip))
152	$preQuery .= ' AND ip = \''. POD::escapeString($ip) . '\' ';
153	if (!empty($search)) {
154	$preQuery .= " AND ((name LIKE '%$search%') OR (homepage LIKE '%$search%') OR (comment LIKE '%$search%'))";
155	}
156
157	$childList = array_unique(POD::queryColumn($preQuery));
158	$childListStr = (count($childList) == 0) ? '' : ('OR c.id IN ( ' . implode(', ',$childList) . ' ) ') ;
159
160	$sql = "SELECT
161	c.*,
162	csiteinfo.title AS siteTitle,
163	csiteinfo.name AS nickname,
164	csiteinfo.url AS siteUrl,
165	csiteinfo.modified AS siteModified
166	FROM
167	{$database['prefix']}CommentsNotified c
168	LEFT JOIN
169	{$database['prefix']}CommentsNotifiedSiteInfo csiteinfo ON c.siteId = csiteinfo.id
170	WHERE c.blogid = $blogid AND (c.parent is null) ";
171	if (!empty($name)) {
172	$sql .= ' AND ( c.name = \'' . POD::escapeString($name) . '\') ' ;
173	$postfix .= '&name=' . rawurlencode($name);
174	}
175	if (!empty($ip)) {
176	$sql .= ' AND ( c.ip = \'' . POD::escapeString($ip) . '\') ';
177	$postfix .= '&ip=' . rawurlencode($ip);
178	}
179	if (!empty($search)) {
180	$sql .= " AND ((c.name LIKE '%$search%') OR (c.homepage LIKE '%$search%') OR (c.comment LIKE '%$search%')) ";
181	$postfix .= '&search=' . rawurlencode($search);
182	}
183	$sql .= $childListStr . ' ORDER BY c.modified DESC';
184	}
185
186	list($comments, $paging) = fetchWithPaging($sql, $page, $count);
187	if (strlen($postfix) > 0) {
188	$postfix .= '&withSearch=on';
189	$paging['postfix'] .= $postfix;
190	}
191
192	return array($comments, $paging);
193	}
194
195	function getCommentCommentsNotified($parent) {
196	global $database;
197	$comments = array();
198	$authorized = doesHaveOwnership();
199	$sql = "SELECT
200	c.*,
201	csiteinfo.title AS siteTitle,
202	csiteinfo.name AS nickname,
203	csiteinfo.url AS siteUrl,
204	csiteinfo.modified AS siteModified
205	FROM
206	{$database['prefix']}CommentsNotified c
207	LEFT JOIN
208	{$database['prefix']}CommentsNotifiedSiteInfo csiteinfo ON c.siteId = csiteinfo.id
209	WHERE c.blogid = ".getBlogId()." AND c.parent = $parent";
210	$sql .= ' ORDER BY c.written ASC';
211	if ($result = POD::queryAll($sql)) {
212	foreach($result as $comment) {
213	if (($comment['secret'] == 1) && !$authorized) {
214	if( !doesHaveOpenIDPriv($comment) ) {
215	$comment['name'] = '';
216	$comment['homepage'] = '';
217	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
218	}
219	}
220	array_push($comments, $comment);
221	}
222	}
223	return $comments;
224	}
225
226	function getCommentsWithPagingForGuestbook($blogid, $page, $count) {
227	global $database;
228	$sql = "SELECT * FROM {$database['prefix']}Comments
229	WHERE blogid = $blogid
230	AND entry = 0
231	AND parent IS NULL
232	AND isFiltered = 0
233	ORDER BY written DESC";
234	$result = fetchWithPaging($sql, $page, $count);
235	return $result;
236	}
237
238	function getCommentAttributes($blogid, $id, $attributeNames) {
239	global $database;
240	return POD::queryRow("SELECT $attributeNames FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
241	}
242
243	function getComments($entry) {
244	global $database;
245	$comments = array();
246	$authorized = doesHaveOwnership();
247	$aux = ($entry == 0 ? 'ORDER BY written DESC' : 'ORDER BY id ASC');
248	$sql = "SELECT *
249	FROM {$database['prefix']}Comments
250	WHERE blogid = ".getBlogId()."
251	AND entry = $entry
252	AND parent IS NULL
253	AND isFiltered = 0 $aux";
254	if ($result = POD::queryAll($sql)) {
255	foreach ($result as $comment) {
256	if (($comment['secret'] == 1) && !$authorized) {
257	if( !doesHaveOpenIDPriv($comment) ) {
258	$comment['name'] = '';
259	$comment['homepage'] = '';
260	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
261	}
262	}
263	if(!empty($comment['replier'])) {
264	$comment['homepage'] = User::getHomepage($comment['replier']);
265	}
266	array_push($comments, $comment);
267	}
268	}
269	return $comments;
270	}
271
272	function getCommentComments($parent,$parentComment=null) {
273	global $database;
274	$comments = array();
275	$authorized = doesHaveOwnership();
276	if ($result = POD::queryAll("SELECT *
277	FROM {$database['prefix']}Comments
278	WHERE blogid = ".getBlogId()."
279	AND parent = $parent
280	AND isFiltered = 0
281	ORDER BY written")) {
282	if( $parentComment == null ) {
283	$parentComment = POD::queryRow(
284	"SELECT * FROM {$database['prefix']}Comments ".
285	" WHERE blogid = ".getBlogId()." AND id = $parent" );
286	}
287	$parentByOpenid = !empty( $parentComment['openid'] );
288	foreach ($result as $comment) {
289	if (($comment['secret'] == 1) && !$authorized) {
290	if( !doesHaveOpenIDPriv($comment) ) {
291	$comment['name'] = '';
292	$comment['homepage'] = '';
293	$comment['comment'] =
294	$parentByOpenid ?
295	_text('비밀글의 작성자만 읽을 수 있는 댓글입니다.') :
296	_text('관리자만 볼 수 있는 댓글입니다.');
297	}
298	}
299	if(!empty($comment['replier'])) {
300	$comment['homepage'] = User::getHomepage($comment['replier']);
301	}
302	array_push($comments, $comment);
303	}
304	}
305	return $comments;
306	}
307
308	function isCommentWriter($blogid, $commentId) {
309	global $database;
310	if (!doesHaveMembership())
311	return false;
312	return POD::queryExistence("SELECT replier
313	FROM {$database['prefix']}Comments
314	WHERE blogid = $blogid
315	AND id = $commentId
316	AND replier = " . getUserId());
317	}
318
319	function getComment($blogid, $id, $password, $restriction = true) {
320	global $database;
321	$sql = "SELECT *
322	FROM {$database['prefix']}Comments
323	WHERE blogid = $blogid
324	AND id = $id";
325	if($restriction == true) {
326	if (!doesHaveOwnership()) {
327	if (doesHaveMembership())
328	$sql .= ' AND replier = ' . getUserId();
329	else
330	$sql .= ' AND password = \'' . md5($password) . '\'';
331	}
332	}
333	if ($result = POD::queryRow($sql)) {
334	if($restriction != true) $result['password'] = null; // scope.
335	return $result;
336	}
337	return false;
338	}
339
340	function getCommentList($blogid, $search) {
341	global $database;
342	$list = array('title' => "$search", 'items' => array());
343	$search = escapeSearchString($search);
344	$authorized = doesHaveOwnership() ? '' : 'AND c.secret = 0 '.getPrivateCategoryExclusionQuery($blogid);
345	if ($result = POD::queryAll("SELECT c.id, c.entry, c.parent, c.name, c.comment, c.written, e.slogan
346	FROM {$database['prefix']}Comments c
347	INNER JOIN {$database['prefix']}Entries e ON c.entry = e.id AND c.blogid = e.blogid AND e.draft = 0
348	WHERE c.entry > 0
349	AND c.blogid = $blogid $authorized
350	AND c.isFiltered = 0
351	AND (c.comment like '%$search%' OR c.name like '%$search%')
352	ORDER BY c.written")) {
353	foreach ($result as $comment)
354	array_push($list['items'], $comment);
355	}
356	return $list;
357	}
358
359	function updateCommentsOfEntry($blogid, $entryId) {
360	global $database;
361	requireComponent('Needlworks.Cache.PageCache');
362	$commentCount = POD::queryCell("SELECT COUNT(*)
363	FROM {$database['prefix']}Comments
364	WHERE blogid = $blogid
365	AND entry = $entryId
366	AND isFiltered = 0");
367	POD::query("UPDATE {$database['prefix']}Entries
368	SET comments = $commentCount
369	WHERE blogid = $blogid
370	AND id = $entryId");
371	if($entryId >=0) CacheControl::flushEntry($entryId);
372	return $commentCount;
373	}
374
375	function sendCommentPing($entryId, $permalink, $name, $homepage) {
376	global $database, $blog;
377	$blogid = getBlogId();
378	if($slogan = POD::queryCell("SELECT slogan
379	FROM {$database['prefix']}Entries
380	WHERE blogid = $blogid
381	AND id = $entryId
382	AND draft = 0
383	AND visibility = 3
384	AND acceptComment = 1")) {
385	requireComponent('Eolin.PHP.Core');
386	requireComponent('Eolin.PHP.XMLRPC');
387	$rpc = new XMLRPC();
388	$rpc->url = TEXTCUBE_SYNC_URL;
389	$summary = array(
390	'permalink' => $permalink,
391	'name' => $name,
392	'homepage' => $homepage
393	);
394	$rpc->async = true;
395	$rpc->call('sync.comment', $summary);
396	}
397	}
398
399	function addComment($blogid, & $comment) {
400	global $database, $user, $blog, $defaultURL;
401
402	$openid = Acl::getIdentity('openid');
403	$filtered = 0;
404
405	if (!doesHaveOwnership()) {
406	requireComponent('Textcube.Data.Filter');
407	if (!Filter::isAllowed($comment['homepage'])) {
408	if (Filter::isFiltered('ip', $comment['ip'])) {
409	$blockType = "ip";
410	$filtered = 1;
411	} else if (Filter::isFiltered('name', $comment['name'])) {
412	$blockType = "name";
413	$filtered = 1;
414	} else if (Filter::isFiltered('url', $comment['homepage'])) {
415	$blockType = "homepage";
416	$filtered = 1;
417	} elseif (Filter::isFiltered('content', $comment['comment'])) {
418	$blockType = "comment";
419	$filtered = 1;
420	} elseif ( !Acl::check( "group.writers" ) && !$openid &&
421	getBlogSetting('AddCommentMode', '') == 'openid' ) {
422	$blockType = "openidonly";
423	$filtered = 1;
424	} else if (!fireEvent('AddingComment', true, $comment)) {
425	$blockType = "etc";
426	$filtered = 1;
427	}
428	}
429	}
430
431	$comment['homepage'] = stripHTML($comment['homepage']);
432	$comment['name'] = UTF8::lessenAsEncoding($comment['name'], 80);
433	$comment['homepage'] = UTF8::lessenAsEncoding($comment['homepage'], 80);
434	$comment['comment'] = UTF8::lessenAsEncoding($comment['comment'], 65535);
435
436	if (!doesHaveOwnership() && $comment['entry'] != 0) {
437	$result = POD::queryCount("SELECT *
438	FROM {$database['prefix']}Entries
439	WHERE blogid = $blogid
440	AND id = {$comment['entry']}
441	AND draft = 0
442	AND visibility > 0
443	AND acceptComment = 1");
444	if (!$result \|\| $result == 0)
445	return false;
446	}
447	$parent = $comment['parent'] == null ? 'null' : $comment['parent'];
448	if ($user !== null) {
449	$comment['replier'] = getUserId();
450	$name = POD::escapeString($user['name']);
451	$password = '';
452	$homepage = POD::escapeString($user['homepage']);
453	if( empty($homepage) && $openid ) { $homepage = POD::escapeString($openid); }
454	} else {
455	$comment['replier'] = 'null';
456	$name = POD::escapeString($comment['name']);
457	$password = empty($comment['password']) ? '' : md5($comment['password']);
458	$homepage = POD::escapeString($comment['homepage']);
459	}
460	$comment0 = POD::escapeString($comment['comment']);
461	$filteredAux = ($filtered == 1 ? "UNIX_TIMESTAMP()" : 0);
462	$insertId = getCommentsMaxId() + 1;
463	$result = POD::query("INSERT INTO {$database['prefix']}Comments
464	(blogid,replier,id,openid,entry,parent,name,password,homepage,secret,comment,ip,written,isFiltered)
465	VALUES (
466	$blogid,
467	{$comment['replier']},
468	$insertId,
469	'$openid',
470	{$comment['entry']},
471	$parent,
472	'$name',
473	'$password',
474	'$homepage',
475	{$comment['secret']},
476	'$comment0',
477	'{$comment['ip']}',
478	UNIX_TIMESTAMP(),
479	$filteredAux
480	)");
481	if ($result) {
482	if($filtered != 1) {
483	$id = $insertId;
484	CacheControl::flushCommentRSS($comment['entry']);
485	CacheControl::flushDBCache('comment');
486	if ($parent != 'null' && $comment['secret'] < 1) {
487	$insertId = getCommentsNotifiedQueueMaxId() + 1;
488	POD::execute("INSERT INTO `{$database['prefix']}CommentsNotifiedQueue`
489	( `blogid` , `id`, `commentId` , `sendStatus` , `checkDate` , `written` )
490	VALUES
491	('".$blogid."' , '".$insertId."', '" . $id . "', '0', '0', UNIX_TIMESTAMP())");
492	}
493	updateCommentsOfEntry($blogid, $comment['entry']);
494	fireEvent($comment['entry'] ? 'AddComment' : 'AddGuestComment', $id, $comment);
495	return $id;
496	} else {
497	return $blockType;
498	}
499	}
500	return false;
501	}
502
503	function updateComment($blogid, $comment, $password) {
504	global $database, $user;
505
506	$openid = Acl::getIdentity('openid');
507	if (!doesHaveOwnership()) {
508	// if filtered, only block and not send to trash
509	requireComponent('Textcube.Data.Filter');
510	if (!Filter::isAllowed($comment['homepage'])) {
511	if (Filter::isFiltered('ip', $comment['ip']))
512	return 'blocked';
513	if (Filter::isFiltered('name', $comment['name']))
514	return 'blocked';
515	if (Filter::isFiltered('url', $comment['homepage']))
516	return 'blocked';
517	if (Filter::isFiltered('content', $comment['comment']))
518	return 'blocked';
519	if (!fireEvent('ModifyingComment', true, $comment))
520	return 'blocked';
521	}
522	}
523
524	$comment['homepage'] = stripHTML($comment['homepage']);
525	$comment['name'] = UTF8::lessenAsEncoding($comment['name'], 80);
526	$comment['homepage'] = UTF8::lessenAsEncoding($comment['homepage'], 80);
527	$comment['comment'] = UTF8::lessenAsEncoding($comment['comment'], 65535);
528
529	$setPassword = '';
530	if ($user !== null) {
531	$comment['replier'] = getUserId();
532	$name = POD::escapeString($user['name']);
533	$setPassword = 'password = \'\',';
534	$homepage = POD::escapeString($user['homepage']);
535	if( empty($homepage) && $openid ) { $homepage = POD::escapeString($openid); }
536	} else {
537	$name = POD::escapeString($comment['name']);
538	if ($comment['password'] !== true)
539	$setPassword = 'password = \'' . (empty($comment['password']) ? '' : md5($comment['password'])) . '\', ';
540	$homepage = POD::escapeString($comment['homepage']);
541	}
542	$comment0 = POD::escapeString($comment['comment']);
543
544	$guestcomment = false;
545	if (POD::queryExistence("SELECT *
546	FROM {$database['prefix']}Comments
547	WHERE blogid = $blogid
548	AND id = {$comment['id']}
549	AND replier IS NULL")) {
550	$guestcomment = true;
551	}
552
553	$wherePassword = '';
554	if (!doesHaveOwnership()) {
555	if ($guestcomment == false) {
556	if (!doesHaveMembership())
557	return false;
558	$wherePassword = ' AND replier = ' . getUserId();
559	}
560	else
561	{
562	if( empty($password) && $openid ) {
563	$wherePassword = ' AND openid = \'' . $openid . '\'';
564	} else {
565	$wherePassword = ' AND password = \'' . md5($password) . '\'';
566	}
567	}
568	}
569
570	$replier = is_null($comment['replier']) ? 'NULL' : "'{$comment['replier']}'";
571
572	$result = POD::query("UPDATE {$database['prefix']}Comments
573	SET
574	name = '$name',
575	$setPassword
576	homepage = '$homepage',
577	secret = {$comment['secret']},
578	comment = '$comment0',
579	ip = '{$comment['ip']}',
580	written = UNIX_TIMESTAMP(),
581	isFiltered = {$comment['isFiltered']},
582	replier = {$replier}
583	WHERE blogid = $blogid
584	AND id = {$comment['id']} $wherePassword");
585	if($result) {
586	CacheControl::flushCommentRSS($comment['entry']); // Assume blogid = current blogid.
587	CacheControl::flushDBCache('comment');
588	return true;
589	} else return false;
590	}
591
592	function deleteComment($blogid, $id, $entry, $password) {
593	global $database;
594
595	if (!is_numeric($id)) return false;
596	if (!is_numeric($entry)) return false;
597
598	$guestcomment = false;
599	if (POD::queryExistence("SELECT * FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id AND replier IS NULL")) {
600	$guestcomment = true;
601	}
602
603	$wherePassword = '';
604
605	$sql = "DELETE FROM {$database['prefix']}Comments
606	WHERE blogid = $blogid
607	AND id = $id
608	AND entry = $entry";
609	if (!doesHaveOwnership()) {
610	if( Acl::getIdentity('openid') && empty($password) ) {
611	$wherePassword = ' AND openid = \'' . Acl::getIdentity('openid') . '\'';
612	} else {
613	if ($guestcomment == false) {
614	if (!doesHaveMembership()) {
615	return false;
616	}
617	$wherePassword = ' AND replier = ' . getUserId();
618	}
619	else
620	{
621	$wherePassword = ' AND password = \'' . md5($password) . '\'';
622	}
623	}
624	}
625	if(POD::queryCount($sql . $wherePassword)) {
626	CacheControl::flushCommentRSS($entry);
627	CacheControl::flushDBCache('comment');
628	updateCommentsOfEntry($blogid, $entry);
629	return true;
630	}
631	return false;
632	}
633
634	function trashComment($blogid, $id, $entry, $password) {
635	global $database;
636	if (!doesHaveOwnership()) {
637	return false;
638	}
639	if (!is_numeric($id)) return false;
640	if (!is_numeric($entry)) return false;
641	$sql = "UPDATE {$database['prefix']}Comments
642	SET isFiltered = UNIX_TIMESTAMP()
643	WHERE blogid = $blogid
644	AND id = $id
645	AND entry = $entry";
646	$affected = POD::queryCount($sql);
647	$sql = "UPDATE {$database['prefix']}Comments
648	SET isFiltered = UNIX_TIMESTAMP()
649	WHERE blogid = $blogid
650	AND parent = $id
651	AND entry = $entry";
652	$affectedChildren = POD::queryCount($sql);
653	if ($affected + $affectedChildren > 0) {
654	CacheControl::flushCommentRSS($entry);
655	CacheControl::flushDBCache('comment');
656	updateCommentsOfEntry($blogid, $entry);
657	return true;
658	}
659	return false;
660	}
661
662	function revertComment($blogid, $id, $entry, $password) {
663	// not used, so
664	return false;
665	global $database;
666	if (!doesHaveOwnership()) {
667	return false;
668	}
669	if (!is_numeric($id)) return false;
670	if (!is_numeric($entry)) return false;
671	$sql = "UPDATE {$database['prefix']}Comments
672	SET isFiltered = 0
673	WHERE blogid = $blogid
674	AND id = $id
675	AND entry = $entry";
676	if(POD::query($sql)) {
677	CacheControl::flushCommentRSS($entry);
678	CacheControl::flushDBCache('comment');
679	updateCommentsOfEntry($blogid, $entry);
680	return true;
681	}
682	return false;
683	}
684
685	function getRecentComments($blogid,$count = false,$isGuestbook = false, $guestShip = false) {
686	global $skinSetting, $database;
687	$comments = array();
688	if(!$isGuestbook && !Acl::check("group.editors")) $userLimit = ' AND e.userid = '.getUserId();
689	else $userLimit = '';
690	$sql = (doesHaveOwnership() && !$guestShip) ? "SELECT r.*, e.title, e.slogan
691	FROM
692	{$database['prefix']}Comments r
693	INNER JOIN {$database['prefix']}Entries e ON r.blogid = e.blogid AND r.entry = e.id AND e.draft = 0$userLimit
694	WHERE
695	r.blogid = $blogid".($isGuestbook != false ? " AND r.entry=0" : " AND r.entry>0")." AND r.isFiltered = 0
696	ORDER BY
697	r.written
698	DESC LIMIT ".($count != false ? $count : $skinSetting['commentsOnRecent']) :
699	"SELECT r.*, e.title, e.slogan
700	FROM
701	{$database['prefix']}Comments r
702	INNER JOIN {$database['prefix']}Entries e ON r.blogid = e.blogid AND r.entry = e.id AND e.draft = 0
703	LEFT OUTER JOIN {$database['prefix']}Categories c ON e.blogid = c.blogid AND e.category = c.id
704	WHERE
705	r.blogid = $blogid AND e.draft = 0 AND e.visibility >= 2".getPrivateCategoryExclusionQuery($blogid)
706	.($isGuestbook != false ? " AND r.entry = 0" : " AND r.entry > 0")." AND r.isFiltered = 0
707	ORDER BY
708	r.written
709	DESC LIMIT
710	".($count != false ? $count : $skinSetting['commentsOnRecent']);
711	if ($result = POD::queryAllWithDBCache($sql,'comment')) {
712	foreach($result as $comment) {
713	if (($comment['secret'] == 1) && !doesHaveOwnership()) {
714	if( !doesHaveOpenIDPriv($comment) ) {
715	$comment['name'] = _text('비밀방문자');
716	$comment['homepage'] = '';
717	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
718	}
719	}
720	array_push($comments, $comment);
721	}
722	}
723	return $comments;
724	}
725
726	function getRecentGuestbook($blogid,$count = false) {
727	global $skinSetting, $database;
728	$comments = array();
729	$sql = "SELECT r.*
730	FROM
731	{$database['prefix']}Comments r
732	WHERE
733	r.blogid = $blogid AND r.entry = 0 AND r.isFiltered = 0
734	ORDER BY
735	r.written
736	DESC LIMIT ".($count != false ? $count : $skinSetting['commentsOnRecent']);
737
738	if ($result = POD::queryAll($sql)) {
739	foreach($result as $comment) {
740	if (($comment['secret'] == 1) && !doesHaveOwnership()) {
741	if( !doesHaveOpenIDPriv($comment) ) {
742	$comment['name'] = '';
743	$comment['homepage'] = '';
744	$comment['comment'] = _text('관리자만 볼 수 있는 댓글입니다.');
745	}
746	}
747	array_push($comments, $comment);
748	}
749	}
750	return $comments;
751	}
752
753	function getGuestbookPageById($blogid, $id) {
754	global $database, $skinSetting;
755	$totalGuestbookId = POD::queryColumn("SELECT id
756	FROM {$database['prefix']}Comments
757	WHERE
758	blogid = $blogid AND entry = 0 AND isFiltered = 0 AND parent is null
759	ORDER BY
760	written DESC");
761	$order = array_search($id, $totalGuestbookId);
762	if($order == false) {
763	$parentCommentId = POD::queryCell("SELECT parent
764	FROM {$database['prefix']}Comments
765	WHERE
766	blogid = $blogid AND entry = 0 AND isFiltered = 0 AND id = $id");
767	if($parentCommentId != false) {
768	$order = array_search($parentCommentId, $totalGuestbookId);
769	} else {
770	return false;
771	}
772	}
773	return intval($order / $skinSetting['commentsOnGuestbook'])+1;
774	}
775
776	function deleteCommentInOwner($blogid, $id) {
777	global $database;
778	if (!is_numeric($id)) return false;
779	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
780	if(POD::queryCount("DELETE FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id") == 1) {
781	if (POD::query("DELETE FROM {$database['prefix']}Comments WHERE blogid = $blogid AND parent = $id")) {
782	CacheControl::flushCommentRSS($entryId);
783	updateCommentsOfEntry($blogid, $entryId);
784	return true;
785	}
786	}
787	return false;
788	}
789
790	function trashCommentInOwner($blogid, $id) {
791	global $database;
792	if (!is_numeric($id)) return false;
793	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
794	// $result = POD::queryCount("UPDATE {$database['prefix']}Comments SET isFiltered = UNIX_TIMESTAMP() WHERE blogid = $blogid AND id = $id");
795	// if ($result && $result == 1) {
796	if(POD::query("UPDATE {$database['prefix']}Comments SET isFiltered = UNIX_TIMESTAMP() WHERE blogid = $blogid AND id = $id")) {
797	if (POD::query("UPDATE {$database['prefix']}Comments SET isFiltered = UNIX_TIMESTAMP() WHERE blogid = $blogid AND parent = $id")) {
798	CacheControl::flushCommentRSS($entryId);
799	CacheControl::flushDBCache('comment');
800	updateCommentsOfEntry($blogid, $entryId);
801	return true;
802	}
803	}
804	return false;
805	}
806
807	function revertCommentInOwner($blogid, $id) {
808	global $database;
809	if (!is_numeric($id)) return false;
810	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
811	$parent = POD::queryCell("SELECT parent FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = $id");
812	if(POD::queryCount("UPDATE {$database['prefix']}Comments SET isFiltered = 0 WHERE blogid = $blogid AND id = $id") == 1) {
813	if (is_null($parent) \|\| POD::query("UPDATE {$database['prefix']}Comments SET isFiltered = 0 WHERE blogid = $blogid AND id = $parent")) {
814	CacheControl::flushCommentRSS($entryId);
815	updateCommentsOfEntry($blogid, $entryId);
816	return true;
817	}
818	}
819	return false;
820	}
821
822	function deleteCommentNotifiedInOwner($blogid, $id) {
823	global $database;
824	if (!is_numeric($id)) return false;
825
826	fireEvent('DeleteCommentNotified', $id);
827
828	$entryId = POD::queryCell("SELECT entry FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND id = $id");
829	if(POD::queryCount("DELETE FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND id = $id") == 1) {
830	if (POD::query("DELETE FROM {$database['prefix']}CommentsNotified WHERE blogid = $blogid AND parent = $id")) {
831	updateCommentsOfEntry($blogid, $entryId);
832	CacheControl::flushCommentNotifyRSS();
833	return true;
834	}
835	}
836	return false;
837	}
838
839	function notifyComment() {
840	global $database, $service, $blog, $defaultURL;
841	$blogid = getBlogId();
842	$sql = "SELECT
843	CN.*,
844	CNQ.id AS queueId,
845	CNQ.commentId AS commentId,
846	CNQ.sendStatus AS sendStatus,
847	CNQ.checkDate AS checkDate,
848	CNQ.written AS queueWritten
849	FROM
850	{$database['prefix']}CommentsNotifiedQueue AS CNQ
851	LEFT JOIN
852	{$database['prefix']}Comments AS CN ON CNQ.commentId = CN.id
853	WHERE
854	CNQ.sendStatus = '0'
855	and CN.parent is not null
856	ORDER BY CNQ.id ASC
857	LIMIT 0, 1
858	";
859	$queue = POD::queryRow($sql);
860	if (empty($queue) && empty($queue['queueId'])) {
861	//POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
862	return false;
863	}
864	$comments = (POD::queryRow("SELECT * FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = {$queue['commentId']}"));
865	if (empty($comments['parent']) \|\| $comments['secret'] == 1) {
866	POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
867	return false;
868	}
869	$parentComments = (POD::queryRow("SELECT * FROM {$database['prefix']}Comments WHERE blogid = $blogid AND id = {$comments['parent']}"));
870	if (empty($parentComments['homepage'])) {
871	POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
872	return false;
873	}
874	$entry = (POD::queryRow("SELECT * FROM {$database['prefix']}Entries WHERE blogid = $blogid AND id={$comments['entry']}"));
875	if(is_null($entry)) {
876	$r1_comment_check_url = rawurlencode("$defaultURL/guestbook/".$parentComments['id']."#guestbook".$parentComments['id']);
877	$r2_comment_check_url = rawurlencode("$defaultURL/guestbook/".$comments['id']."#guestbook".$comments['id']);
878	$entry['title'] = _textf('%1 블로그의 방명록',$blog['title']);
879	$entryPermaLink = "$defaultURL/guestbook/";
880	$entry['id'] = 0;
881	} else {
882	$r1_comment_check_url = rawurlencode("$defaultURL/" . ($blog['useSloganOnPost'] ? "entry/{$entry['slogan']}" : $entry['id']) . "#comment" . $parentComments['id']);
883	$r2_comment_check_url = rawurlencode("$defaultURL/" . ($blog['useSloganOnPost'] ? "entry/{$entry['slogan']}" : $entry['id']) . "#comment" . $comments['id']);
884	$entryPermaLink = "$defaultURL/" . ($blog['useSloganOnPost'] ? "entry/{$entry['slogan']}" : $entry['id']);
885	}
886
887	$data = "url=" . rawurlencode($defaultURL) . "&mode=fb" . "&s_home_title=" . rawurlencode($blog['title']) . "&s_post_title=" . rawurlencode($entry['title']) . "&s_name=" . rawurlencode($comments['name']) . "&s_no=" . rawurlencode($comments['entry']) . "&s_url=" . rawurlencode($entryPermaLink) . "&r1_name=" . rawurlencode($parentComments['name']) . "&r1_no=" . rawurlencode($parentComments['id']) . "&r1_pno=" . rawurlencode($comments['entry']) . "&r1_rno=0" . "&r1_homepage=" . rawurlencode($parentComments['homepage']) . "&r1_regdate=" . rawurlencode($parentComments['written']) . "&r1_url=" . $r1_comment_check_url. "&r2_name=" . rawurlencode($comments['name']) . "&r2_no=" . rawurlencode($comments['id']) . "&r2_pno=" . rawurlencode($comments['entry']) . "&r2_rno=" . rawurlencode($comments['parent']) . "&r2_homepage=" . rawurlencode($comments['homepage']) . "&r2_regdate=" . rawurlencode($comments['written']) . "&r2_url=" . $r2_comment_check_url . "&r1_body=" . rawurlencode($parentComments['comment']) . "&r2_body=" . rawurlencode($comments['comment']);
888	requireComponent('Eolin.PHP.HTTPRequest');
889	if (strpos($parentComments['homepage'], "http://") === false) {
890	$homepage = 'http://' . $parentComments['homepage'];
891	} else {
892	$homepage = $parentComments['homepage'];
893	}
894	$request = new HTTPRequest('POST', $homepage);
895	$request->contentType = 'application/x-www-form-urlencoded; charset=utf-8';
896	$request->content = $data;
897	if ($request->send()) {
898	$xmls = new XMLStruct();
899	if ($xmls->open($request->responseText)) {
900	$result = $xmls->selectNode('/response/error/');
901	if ($result['.value'] != '1' && $result['.value'] != '0') {
902	$homepage = rtrim($homepage, '/') . '/index.php';
903	$request = new HTTPRequest('POST', $homepage);
904	$request->contentType = 'application/x-www-form-urlencoded; charset=utf-8';
905	$request->content = $data;
906	if ($request->send()) {
907	}
908	}
909	}
910	} else {
911	}
912	POD::execute("DELETE FROM {$database['prefix']}CommentsNotifiedQueue WHERE id={$queue['queueId']}");
913	}
914
915	function receiveNotifiedComment($post) {
916	if (empty($post['mode']) \|\| $post['mode'] != 'fb')
917	return 1;
918	global $database;
919
920	CacheControl::flushCommentNotifyRSS();
921	$post = fireEvent('ReceiveNotifiedComment', $post);
922	if ($post === false) return 7;
923
924	$blogid = getBlogId();
925	$title = POD::escapeString(UTF8::lessenAsEncoding($post['s_home_title'], 255));
926	$name = POD::escapeString(UTF8::lessenAsEncoding($post['s_name'], 255));
927	$entryId = POD::escapeString($post['s_no']);
928	$homepage = POD::escapeString(UTF8::lessenAsEncoding($post['url'], 255));
929	$entryUrl = POD::escapeString($post['s_url']);
930	$entryTitle = POD::escapeString($post['s_post_title']);
931	$parent_id = $post['r1_no'];
932	$parent_name = POD::escapeString(UTF8::lessenAsEncoding($post['r1_name'], 80));
933	$parent_parent = $post['r1_rno'];
934	$parent_homepage = POD::escapeString(UTF8::lessenAsEncoding($post['r1_homepage'], 80));
935	$parent_written = $post['r1_regdate'];
936	$parent_comment = POD::escapeString($post['r1_body']);
937	$parent_url = POD::escapeString(UTF8::lessenAsEncoding($post['r1_url'], 255));
938	$child_id = $post['r2_no'];
939	$child_name = POD::escapeString(UTF8::lessenAsEncoding($post['r2_name'], 80));
940	$child_parent = $post['r2_rno'];
941	$child_homepage = POD::escapeString(UTF8::lessenAsEncoding($post['r2_homepage'], 80));
942	$child_written = $post['r2_regdate'];
943	$child_comment = POD::escapeString($post['r2_body']);
944	$child_url = POD::escapeString(UTF8::lessenAsEncoding($post['r2_url'],255));
945	$siteId = POD::queryCell("SELECT id FROM {$database['prefix']}CommentsNotifiedSiteInfo WHERE url = '$homepage'");
946	if (empty($siteId)) {
947	$insertId = getCommentsNotifiedSiteInfoMaxId() + 1;
948	if (POD::execute("INSERT INTO {$database['prefix']}CommentsNotifiedSiteInfo
949	( id, title, name, url, modified)
950	VALUES ($insertId, '$title', '$name', '$homepage', UNIX_TIMESTAMP());"))
951	$siteId = $insertId;
952	else
953	return 2;
954	}
955	$parentId = POD::queryCell("SELECT id
956	FROM {$database['prefix']}CommentsNotified
957	WHERE entry = $entryId
958	AND siteId = $siteId
959	AND blogid = $blogid
960	AND remoteId = $parent_id");
961	if (empty($parentId)) {
962	$insertId = getCommentsNotifiedMaxId() + 1;
963	$sql = "INSERT INTO {$database['prefix']}CommentsNotified
964	( blogid , replier , id , entry , parent , name , password , homepage , secret , comment , ip , written, modified , siteId , isNew , url , remoteId ,entryTitle , entryUrl )
965	VALUES (
966	$blogid, NULL , $insertId, " . $entryId . ", " . (empty($parent_parent) ? 'null' : $parent_parent) . ", '" . $parent_name . "', '', '" . $parent_homepage . "', '', '" . $parent_comment . "', '', " . $parent_written . ",UNIX_TIMESTAMP(), " . $siteId . ", 1, '" . $parent_url . "'," . $parent_id . ", '" . $entryTitle . "', '" . $entryUrl . "'
967	)";
968	if (!POD::execute($sql))
969	return 3;
970	$parentId = $insertId;
971	}
972	if (POD::queryCell("SELECT count(*) FROM {$database['prefix']}CommentsNotified WHERE siteId=$siteId AND remoteId=$child_id") > 0)
973	return 4;
974	$insertId = getCommentsNotifiedMaxId() + 1;
975	$sql = "INSERT INTO {$database['prefix']}CommentsNotified
976	( blogid , replier , id , entry , parent , name , password , homepage , secret , comment , ip , written, modified , siteId , isNew , url , remoteId ,entryTitle , entryUrl )
977	VALUES (
978	$blogid, NULL , $insertId, " . $entryId . ", $parentId, '$child_name', '', '$child_homepage', '', '$child_comment', '', $child_written, UNIX_TIMESTAMP(), $siteId, 1, '$child_url', $child_id, '$entryTitle', '$entryUrl')";
979	if (!POD::execute($sql))
980	return 5;
981	$sql = "UPDATE {$database['prefix']}CommentsNotified SET modified = UNIX_TIMESTAMP() WHERE blogid = $blogid AND id = $parentId";
982	if (!POD::execute($sql))
983	return 6;
984	return 0;
985	}
986
987	function getCommentCount($blogid, $entryId = null) {
988	global $database;
989	if (is_null($entryId))
990	return POD::queryCell("SELECT SUM(comments) FROM {$database['prefix']}Entries WHERE blogid = $blogid AND draft= 0 ");
991	return POD::queryCell("SELECT comments FROM {$database['prefix']}Entries WHERE blogid = $blogid AND id = $entryId AND draft = 0");
992	}
993
994	function getGuestbookCount($blogid) {
995	global $database;
996	return POD::queryCell("SELECT count(id) FROM {$database['prefix']}Comments WHERE blogid = $blogid AND entry = 0");
997	}
998
999	function getCommentCountPart($commentCount, &$skin) {
1000	$noneCommentMessage = $skin->noneCommentMessage;
1001	$singleCommentMessage = $skin->singleCommentMessage;
1002
1003	if ($commentCount == 0 && !empty($noneCommentMessage)) {
1004	dress('article_rep_rp_cnt', 0, $noneCommentMessage);
1005	$commentView = $noneCommentMessage;
1006	} else if ($commentCount == 1 && !empty($singleCommentMessage)) {
1007	dress('article_rep_rp_cnt', 1, $singleCommentMessage);
1008	$commentView = $singleCommentMessage;
1009	} else {
1010	$commentPart = $skin->commentCount;
1011	dress('article_rep_rp_cnt', $commentCount, $commentPart);
1012	$commentView = $commentPart;
1013	}
1014
1015	return array("rp_count", $commentView);
1016	}
1017
1018	function getCommentsMaxId() {
1019	global $database;
1020	$maxId = POD::queryCell("SELECT max(id)
1021	FROM {$database['prefix']}Comments
1022	WHERE blogid = ".getBlogId());
1023	return empty($maxId) ? 0 : $maxId;
1024	}
1025
1026	function getCommentsNotifiedMaxId() {
1027	global $database;
1028	$maxId = POD::queryCell("SELECT max(id)
1029	FROM {$database['prefix']}CommentsNotified
1030	WHERE blogid = ".getBlogId());
1031	return empty($maxId) ? 0 : $maxId;
1032	}
1033
1034	function getCommentsNotifiedQueueMaxId() {
1035	global $database;
1036	$maxId = POD::queryCell("SELECT max(id)
1037	FROM {$database['prefix']}CommentsNotifiedQueue
1038	WHERE blogid = ".getBlogId());
1039	return empty($maxId) ? 0 : $maxId;
1040	}
1041
1042	function getCommentsNotifiedSiteInfoMaxId() {
1043	global $database;
1044	$maxId = POD::queryCell("SELECT max(id)
1045	FROM {$database['prefix']}CommentsNotifiedSiteInfo");
1046	return empty($maxId) ? 0 : $maxId;
1047	}
1048
1049	?>

Note: See TracBrowser for help on using the browser.

Development Center

메인메뉴

Context Navigation

root/branches/1.7/library/model/blog.comment.php

Download in other formats: