Changeset 3703:53c8bef8608a for admin/comment.php
- Timestamp:
- 02/15/18 16:39:52 (8 years ago)
- Branch:
- default
- File:
-
- 1 edited
-
admin/comment.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
admin/comment.php
r3639 r3703 11 11 # -- END LICENSE BLOCK ----------------------------------------- 12 12 13 require dirname(__FILE__) .'/../inc/admin/prepend.php';13 require dirname(__FILE__) . '/../inc/admin/prepend.php'; 14 14 15 15 dcPage::check('usage,contentadmin'); 16 16 17 $comment_id = null;18 $comment_dt = '';19 $comment_author = '';20 $comment_email = '';21 $comment_site = '';22 $comment_content = '';23 $comment_ip = '';24 $comment_status = '';25 $comment_trackback = 0;17 $comment_id = null; 18 $comment_dt = ''; 19 $comment_author = ''; 20 $comment_email = ''; 21 $comment_site = ''; 22 $comment_content = ''; 23 $comment_ip = ''; 24 $comment_status = ''; 25 $comment_trackback = 0; 26 26 $comment_spam_status = ''; 27 27 … … 32 32 33 33 # Adding comment (comming from post form, comments tab) 34 if (!empty($_POST['add']) && !empty($_POST['post_id'])) 35 { 36 try 37 { 38 $rs = $core->blog->getPosts(array('post_id' => $_POST['post_id'], 'post_type' => '')); 39 40 if ($rs->isEmpty()) { 41 throw new Exception(__('Entry does not exist.')); 42 } 43 44 $cur = $core->con->openCursor($core->prefix.'comment'); 45 46 $cur->comment_author = $_POST['comment_author']; 47 $cur->comment_email = html::clean($_POST['comment_email']); 48 $cur->comment_site = html::clean($_POST['comment_site']); 49 $cur->comment_content = $core->HTMLfilter($_POST['comment_content']); 50 $cur->post_id = (integer) $_POST['post_id']; 51 52 # --BEHAVIOR-- adminBeforeCommentCreate 53 $core->callBehavior('adminBeforeCommentCreate',$cur); 54 55 $comment_id = $core->blog->addComment($cur); 56 57 # --BEHAVIOR-- adminAfterCommentCreate 58 $core->callBehavior('adminAfterCommentCreate',$cur,$comment_id); 59 60 dcPage::addSuccessNotice(__('Comment has been successfully created.')); 61 } catch (Exception $e) { 62 $core->error->add($e->getMessage()); 63 } 64 http::redirect($core->getPostAdminURL($rs->post_type,$rs->post_id,false).'&co=1'); 65 } 66 67 if (!empty($_REQUEST['id'])) 68 { 69 $params['comment_id'] = $_REQUEST['id']; 70 71 try { 72 $rs = $core->blog->getComments($params); 73 if (!$rs->isEmpty()) { 74 $comment_id = $rs->comment_id; 75 $post_id = $rs->post_id; 76 $post_type = $rs->post_type; 77 $post_title = $rs->post_title; 78 $comment_dt = $rs->comment_dt; 79 $comment_author = $rs->comment_author; 80 $comment_email = $rs->comment_email; 81 $comment_site = $rs->comment_site; 82 $comment_content = $rs->comment_content; 83 $comment_ip = $rs->comment_ip; 84 $comment_status = $rs->comment_status; 85 $comment_trackback = (boolean) $rs->comment_trackback; 86 $comment_spam_status = $rs->comment_spam_status; 87 } 88 } catch (Exception $e) { 89 $core->error->add($e->getMessage()); 90 } 34 if (!empty($_POST['add']) && !empty($_POST['post_id'])) { 35 try 36 { 37 $rs = $core->blog->getPosts(array('post_id' => $_POST['post_id'], 'post_type' => '')); 38 39 if ($rs->isEmpty()) { 40 throw new Exception(__('Entry does not exist.')); 41 } 42 43 $cur = $core->con->openCursor($core->prefix . 'comment'); 44 45 $cur->comment_author = $_POST['comment_author']; 46 $cur->comment_email = html::clean($_POST['comment_email']); 47 $cur->comment_site = html::clean($_POST['comment_site']); 48 $cur->comment_content = $core->HTMLfilter($_POST['comment_content']); 49 $cur->post_id = (integer) $_POST['post_id']; 50 51 # --BEHAVIOR-- adminBeforeCommentCreate 52 $core->callBehavior('adminBeforeCommentCreate', $cur); 53 54 $comment_id = $core->blog->addComment($cur); 55 56 # --BEHAVIOR-- adminAfterCommentCreate 57 $core->callBehavior('adminAfterCommentCreate', $cur, $comment_id); 58 59 dcPage::addSuccessNotice(__('Comment has been successfully created.')); 60 } catch (Exception $e) { 61 $core->error->add($e->getMessage()); 62 } 63 http::redirect($core->getPostAdminURL($rs->post_type, $rs->post_id, false) . '&co=1'); 64 } 65 66 if (!empty($_REQUEST['id'])) { 67 $params['comment_id'] = $_REQUEST['id']; 68 69 try { 70 $rs = $core->blog->getComments($params); 71 if (!$rs->isEmpty()) { 72 $comment_id = $rs->comment_id; 73 $post_id = $rs->post_id; 74 $post_type = $rs->post_type; 75 $post_title = $rs->post_title; 76 $comment_dt = $rs->comment_dt; 77 $comment_author = $rs->comment_author; 78 $comment_email = $rs->comment_email; 79 $comment_site = $rs->comment_site; 80 $comment_content = $rs->comment_content; 81 $comment_ip = $rs->comment_ip; 82 $comment_status = $rs->comment_status; 83 $comment_trackback = (boolean) $rs->comment_trackback; 84 $comment_spam_status = $rs->comment_spam_status; 85 } 86 } catch (Exception $e) { 87 $core->error->add($e->getMessage()); 88 } 91 89 } 92 90 93 91 if (!$comment_id && !$core->error->flag()) { 94 $core->error->add(__('No comments')); 95 } 96 97 if (!$core->error->flag() && isset($rs)) 98 { 99 $can_edit = $can_delete = $can_publish = $core->auth->check('contentadmin',$core->blog->id); 100 101 if (!$core->auth->check('contentadmin',$core->blog->id) && $core->auth->userID() == $rs->user_id) { 102 $can_edit = true; 103 if ($core->auth->check('delete',$core->blog->id)) { 104 $can_delete = true; 105 } 106 if ($core->auth->check('publish',$core->blog->id)) { 107 $can_publish = true; 108 } 109 } 110 111 # update comment 112 if (!empty($_POST['update']) && $can_edit) 113 { 114 $cur = $core->con->openCursor($core->prefix.'comment'); 115 116 $cur->comment_author = $_POST['comment_author']; 117 $cur->comment_email = html::clean($_POST['comment_email']); 118 $cur->comment_site = html::clean($_POST['comment_site']); 119 $cur->comment_content = $core->HTMLfilter($_POST['comment_content']); 120 121 if (isset($_POST['comment_status'])) { 122 $cur->comment_status = (integer) $_POST['comment_status']; 123 } 124 125 try 126 { 127 # --BEHAVIOR-- adminBeforeCommentUpdate 128 $core->callBehavior('adminBeforeCommentUpdate',$cur,$comment_id); 129 130 $core->blog->updComment($comment_id,$cur); 131 132 # --BEHAVIOR-- adminAfterCommentUpdate 133 $core->callBehavior('adminAfterCommentUpdate',$cur,$comment_id); 134 135 dcPage::addSuccessNotice(__('Comment has been successfully updated.')); 136 $core->adminurl->redirect("admin.comment",array('id' => $comment_id)); 137 } 138 catch (Exception $e) 139 { 140 $core->error->add($e->getMessage()); 141 } 142 } 143 144 if (!empty($_POST['delete']) && $can_delete) 145 { 146 try { 147 # --BEHAVIOR-- adminBeforeCommentDelete 148 $core->callBehavior('adminBeforeCommentDelete',$comment_id); 149 150 $core->blog->delComment($comment_id); 151 152 dcPage::addSuccessNotice(__('Comment has been successfully deleted.')); 153 http::redirect($core->getPostAdminURL($rs->post_type,$rs->post_id).'&co=1',false); 154 } catch (Exception $e) { 155 $core->error->add($e->getMessage()); 156 } 157 } 158 159 if (!$can_edit) { 160 $core->error->add(__("You can't edit this comment.")); 161 } 92 $core->error->add(__('No comments')); 93 } 94 95 if (!$core->error->flag() && isset($rs)) { 96 $can_edit = $can_delete = $can_publish = $core->auth->check('contentadmin', $core->blog->id); 97 98 if (!$core->auth->check('contentadmin', $core->blog->id) && $core->auth->userID() == $rs->user_id) { 99 $can_edit = true; 100 if ($core->auth->check('delete', $core->blog->id)) { 101 $can_delete = true; 102 } 103 if ($core->auth->check('publish', $core->blog->id)) { 104 $can_publish = true; 105 } 106 } 107 108 # update comment 109 if (!empty($_POST['update']) && $can_edit) { 110 $cur = $core->con->openCursor($core->prefix . 'comment'); 111 112 $cur->comment_author = $_POST['comment_author']; 113 $cur->comment_email = html::clean($_POST['comment_email']); 114 $cur->comment_site = html::clean($_POST['comment_site']); 115 $cur->comment_content = $core->HTMLfilter($_POST['comment_content']); 116 117 if (isset($_POST['comment_status'])) { 118 $cur->comment_status = (integer) $_POST['comment_status']; 119 } 120 121 try 122 { 123 # --BEHAVIOR-- adminBeforeCommentUpdate 124 $core->callBehavior('adminBeforeCommentUpdate', $cur, $comment_id); 125 126 $core->blog->updComment($comment_id, $cur); 127 128 # --BEHAVIOR-- adminAfterCommentUpdate 129 $core->callBehavior('adminAfterCommentUpdate', $cur, $comment_id); 130 131 dcPage::addSuccessNotice(__('Comment has been successfully updated.')); 132 $core->adminurl->redirect("admin.comment", array('id' => $comment_id)); 133 } catch (Exception $e) { 134 $core->error->add($e->getMessage()); 135 } 136 } 137 138 if (!empty($_POST['delete']) && $can_delete) { 139 try { 140 # --BEHAVIOR-- adminBeforeCommentDelete 141 $core->callBehavior('adminBeforeCommentDelete', $comment_id); 142 143 $core->blog->delComment($comment_id); 144 145 dcPage::addSuccessNotice(__('Comment has been successfully deleted.')); 146 http::redirect($core->getPostAdminURL($rs->post_type, $rs->post_id) . '&co=1', false); 147 } catch (Exception $e) { 148 $core->error->add($e->getMessage()); 149 } 150 } 151 152 if (!$can_edit) { 153 $core->error->add(__("You can't edit this comment.")); 154 } 162 155 } 163 156 … … 165 158 -------------------------------------------------------- */ 166 159 if ($comment_id) { 167 168 169 170 html::escapeHTML($post_title) => $core->getPostAdminURL($post_type,$post_id).'&co=1#c'.$comment_id,171 __('Edit comment')=> ''172 160 $breadcrumb = dcPage::breadcrumb( 161 array( 162 html::escapeHTML($core->blog->name) => '', 163 html::escapeHTML($post_title) => $core->getPostAdminURL($post_type, $post_id) . '&co=1#c' . $comment_id, 164 __('Edit comment') => '' 165 )); 173 166 } else { 174 175 176 177 html::escapeHTML($post_title) => $core->getPostAdminURL($post_type,$post_id),178 __('Edit comment')=> ''179 167 $breadcrumb = dcPage::breadcrumb( 168 array( 169 html::escapeHTML($core->blog->name) => '', 170 html::escapeHTML($post_title) => $core->getPostAdminURL($post_type, $post_id), 171 __('Edit comment') => '' 172 )); 180 173 } 181 174 182 175 dcPage::open(__('Edit comment'), 183 dcPage::jsConfirmClose('comment-form').184 dcPage::jsLoad('js/_comment.js').185 $core->callBehavior('adminPostEditor',$comment_editor['xhtml'],'comment',array('#comment_content'),'xhtml').186 187 188 176 dcPage::jsConfirmClose('comment-form') . 177 dcPage::jsLoad('js/_comment.js') . 178 $core->callBehavior('adminPostEditor', $comment_editor['xhtml'], 'comment', array('#comment_content'), 'xhtml') . 179 # --BEHAVIOR-- adminCommentHeaders 180 $core->callBehavior('adminCommentHeaders'), 181 $breadcrumb 189 182 ); 190 183 191 if ($comment_id) 192 { 193 if (!empty($_GET['upd'])) { 194 dcPage::success(__('Comment has been successfully updated.')); 195 } 196 197 $comment_mailto = ''; 198 if ($comment_email) 199 { 200 $comment_mailto = '<a href="mailto:'.html::escapeHTML($comment_email) 201 .'?subject='.rawurlencode(sprintf(__('Your comment on my blog %s'),$core->blog->name)) 202 .'&body=' 203 .rawurlencode(sprintf(__("Hi!\n\nYou wrote a comment on:\n%s\n\n\n"),$rs->getPostURL())) 204 .'">'.__('Send an e-mail').'</a>'; 205 } 206 207 echo 208 '<form action="'.$core->adminurl->get("admin.comment").'" method="post" id="comment-form">'. 209 '<div class="fieldset">'. 210 '<h3>'.__('Information collected').'</h3>'. 211 '<p>'.__('IP address:').' '. 212 '<a href="'.$core->adminurl->get("admin.comments",array('ip' => $comment_ip)).'">'.$comment_ip.'</a></p>'. 213 214 '<p>'.__('Date:').' '. 215 dt::dt2str(__('%Y-%m-%d %H:%M'),$comment_dt).'</p>'. 216 '</div>'. 217 218 '<h3>'.__('Comment submitted').'</h3>'. 219 '<p><label for="comment_author" class="required"><abbr title="'.__('Required field').'">*</abbr>'.__('Author:').'</label>'. 220 form::field('comment_author',30,255,html::escapeHTML($comment_author),'','',false,'required placeholder="'.__('Author').'"'). 221 '</p>'. 222 223 '<p><label for="comment_email">'.__('Email:').'</label>'. 224 form::field('comment_email',30,255,html::escapeHTML($comment_email)). 225 '<span>'.$comment_mailto.'</span>'. 226 '</p>'. 227 228 '<p><label for="comment_site">'.__('Web site:').'</label>'. 229 form::field('comment_site',30,255,html::escapeHTML($comment_site)). 230 '</p>'. 231 232 '<p><label for="comment_status">'.__('Status:').'</label>'. 233 form::combo('comment_status',$status_combo,$comment_status,'','',!$can_publish). 234 '</p>'. 235 236 # --BEHAVIOR-- adminAfterCommentDesc 237 $core->callBehavior('adminAfterCommentDesc', $rs). 238 239 '<p class="area"><label for="comment_content">'.__('Comment:').'</label> '. 240 form::textarea('comment_content',50,10,html::escapeHTML($comment_content)). 241 '</p>'. 242 243 '<p>'.form::hidden('id',$comment_id). 244 $core->formNonce(). 245 '<input type="submit" accesskey="s" name="update" value="'.__('Save').'" /> '; 246 247 if ($can_delete) { 248 echo '<input type="submit" class="delete" name="delete" value="'.__('Delete').'" />'; 249 } 250 echo 251 '</p>'. 252 '</form>'; 184 if ($comment_id) { 185 if (!empty($_GET['upd'])) { 186 dcPage::success(__('Comment has been successfully updated.')); 187 } 188 189 $comment_mailto = ''; 190 if ($comment_email) { 191 $comment_mailto = '<a href="mailto:' . html::escapeHTML($comment_email) 192 . '?subject=' . rawurlencode(sprintf(__('Your comment on my blog %s'), $core->blog->name)) 193 . '&body=' 194 . rawurlencode(sprintf(__("Hi!\n\nYou wrote a comment on:\n%s\n\n\n"), $rs->getPostURL())) 195 . '">' . __('Send an e-mail') . '</a>'; 196 } 197 198 echo 199 '<form action="' . $core->adminurl->get("admin.comment") . '" method="post" id="comment-form">' . 200 '<div class="fieldset">' . 201 '<h3>' . __('Information collected') . '</h3>' . 202 '<p>' . __('IP address:') . ' ' . 203 '<a href="' . $core->adminurl->get("admin.comments", array('ip' => $comment_ip)) . '">' . $comment_ip . '</a></p>' . 204 205 '<p>' . __('Date:') . ' ' . 206 dt::dt2str(__('%Y-%m-%d %H:%M'), $comment_dt) . '</p>' . 207 '</div>' . 208 209 '<h3>' . __('Comment submitted') . '</h3>' . 210 '<p><label for="comment_author" class="required"><abbr title="' . __('Required field') . '">*</abbr>' . __('Author:') . '</label>' . 211 form::field('comment_author', 30, 255, html::escapeHTML($comment_author), '', '', false, 'required placeholder="' . __('Author') . '"') . 212 '</p>' . 213 214 '<p><label for="comment_email">' . __('Email:') . '</label>' . 215 form::field('comment_email', 30, 255, html::escapeHTML($comment_email)) . 216 '<span>' . $comment_mailto . '</span>' . 217 '</p>' . 218 219 '<p><label for="comment_site">' . __('Web site:') . '</label>' . 220 form::field('comment_site', 30, 255, html::escapeHTML($comment_site)) . 221 '</p>' . 222 223 '<p><label for="comment_status">' . __('Status:') . '</label>' . 224 form::combo('comment_status', $status_combo, 225 array('default' => $comment_status, 'disabled' => !$can_publish)) . 226 '</p>' . 227 228 # --BEHAVIOR-- adminAfterCommentDesc 229 $core->callBehavior('adminAfterCommentDesc', $rs) . 230 231 '<p class="area"><label for="comment_content">' . __('Comment:') . '</label> ' . 232 form::textarea('comment_content', 50, 10, html::escapeHTML($comment_content)) . 233 '</p>' . 234 235 '<p>' . form::hidden('id', $comment_id) . 236 $core->formNonce() . 237 '<input type="submit" accesskey="s" name="update" value="' . __('Save') . '" /> '; 238 239 if ($can_delete) { 240 echo '<input type="submit" class="delete" name="delete" value="' . __('Delete') . '" />'; 241 } 242 echo 243 '</p>' . 244 '</form>'; 253 245 } 254 246
Note: See TracChangeset
for help on using the changeset viewer.