/system/modules/comment/mod.comment.php
PHP | 2948 lines | 1876 code | 562 blank | 510 comment | 484 complexity | 080b9d2eaf766c3e1cf59c21f039ada7 MD5 | raw file
Large files files are truncated, but you can click here to view the full file
- <?php
- /*
- =====================================================
- ExpressionEngine - by EllisLab
- -----------------------------------------------------
- http://expressionengine.com/
- -----------------------------------------------------
- Copyright (c) 2003 - 2010 EllisLab, Inc.
- =====================================================
- THIS IS COPYRIGHTED SOFTWARE
- PLEASE READ THE LICENSE AGREEMENT
- http://expressionengine.com/docs/license.html
- =====================================================
- File: mod.comment.php
- -----------------------------------------------------
- Purpose: Commenting class
- =====================================================
- */
- if ( ! defined('EXT'))
- {
- exit('Invalid file request');
- }
- class Comment {
- // Maximum number of comments. This is a safety valve
- // in case the user doesn't specify a maximum
- var $limit = 100;
-
-
- // Show anchor?
- // TRUE/FALSE
- // Determines whether to show the <a name> anchor above each comment
-
- var $show_anchor = FALSE;
-
-
- // Comment Expiration Mode
- // 0 - Comments only expire if the comment expiration field in the PUBLISH page contains a value.
- // 1 - If the comment expiration field is blank, comments will still expire if the global preference
- // is set in the Weblog Preferences page. Use this option only if you used EE prior to
- // version 1.1 and you want your old comments to expire.
-
- var $comment_expiration_mode = 0;
- function Comment()
- {
- global $REGX;
-
- $fields = array('name', 'email', 'url', 'location', 'comment');
-
- foreach ($fields as $val)
- {
- if (isset($_POST[$val] ))
- {
- $_POST[$val] = $REGX->encode_ee_tags($_POST[$val], TRUE);
-
- if ($val == 'comment')
- {
- $_POST[$val] = $REGX->xss_clean($_POST[$val]);
- }
- }
- }
- }
- /* END */
- /** ----------------------------------------
- /** Comment Entries
- /** ----------------------------------------*/
- function entries()
- {
- global $IN, $DB, $TMPL, $LOC, $PREFS, $REGX, $FNS, $SESS, $EXT;
-
- // Base variables
-
- $return = '';
- $current_page = '';
- $qstring = $IN->QSTR;
- $uristr = $IN->URI;
- $switch = array();
- $search_link = '';
- // Pagination variables
-
- $paginate = FALSE;
- $paginate_data = '';
- $pagination_links = '';
- $page_next = '';
- $page_previous = '';
- $current_page = 0;
- $t_current_page = '';
- $total_pages = 1;
-
- if ($TMPL->fetch_param('dynamic') == 'off')
- {
- $dynamic = FALSE;
- }
- else
- {
- $dynamic = TRUE;
- }
-
- $force_entry = FALSE;
-
- if ($TMPL->fetch_param('entry_id') !== FALSE OR $TMPL->fetch_param('url_title') !== FALSE)
- {
- $force_entry = TRUE;
- }
-
- /** ----------------------------------------------
- /** Do we allow dynamic POST variables to set parameters?
- /** ----------------------------------------------*/
- if ($TMPL->fetch_param('dynamic_parameters') !== FALSE AND isset($_POST) AND count($_POST) > 0)
- {
- foreach (explode('|', $TMPL->fetch_param('dynamic_parameters')) as $var)
- {
- if (isset($_POST[$var]) AND in_array($var, array('weblog', 'limit', 'sort', 'orderby')))
- {
- $TMPL->tagparams[$var] = $_POST[$var];
- }
- }
- }
-
- /** --------------------------------------
- /** Parse page number
- /** --------------------------------------*/
-
- // We need to strip the page number from the URL for two reasons:
- // 1. So we can create pagination links
- // 2. So it won't confuse the query with an improper proper ID
-
- if ( ! $dynamic)
- {
- if (preg_match("#N(\d+)#", $qstring, $match) OR preg_match("#/N(\d+)#", $qstring, $match))
- {
- $current_page = $match['1'];
- $uristr = $FNS->remove_double_slashes(str_replace($match['0'], '', $uristr));
- }
-
- }
- else
- {
- if (preg_match("#/P(\d+)#", $qstring, $match))
- {
- $current_page = $match['1'];
-
- $uristr = $FNS->remove_double_slashes(str_replace($match['0'], '', $uristr));
- $qstring = $FNS->remove_double_slashes(str_replace($match['0'], '', $qstring));
- }
- }
-
- if ($dynamic == TRUE OR $force_entry == TRUE)
- {
- // see if entry_id or url_title parameter is set
- if ($entry_id = $TMPL->fetch_param('entry_id'))
- {
- $entry_sql = " entry_id = '".$DB->escape_str($entry_id)."' ";
- }
- elseif ($url_title = $TMPL->fetch_param('url_title'))
- {
- $entry_sql = " url_title = '".$DB->escape_str($url_title)."' ";
- }
- else
- {
- // If there is a slash in the entry ID we'll kill everything after it.
- $entry_id = trim($qstring);
- $entry_id = preg_replace("#/.+#", "", $entry_id);
- $entry_sql = ( ! is_numeric($entry_id)) ? " url_title = '".$DB->escape_str($entry_id)."' " : " entry_id = '".$DB->escape_str($entry_id)."' ";
- }
-
- /** ----------------------------------------
- /** Do we have a vaild entry ID number?
- /** ----------------------------------------*/
-
- $timestamp = ($TMPL->cache_timestamp != '') ? $LOC->set_gmt($TMPL->cache_timestamp) : $LOC->now;
-
- $sql = "SELECT entry_id, exp_weblog_titles.weblog_id
- FROM exp_weblog_titles, exp_weblogs
- WHERE exp_weblog_titles.weblog_id = exp_weblogs.weblog_id
- AND exp_weblog_titles.site_id IN ('".implode("','", $TMPL->site_ids)."') ";
-
- if ($TMPL->fetch_param('show_expired') !== 'yes')
- {
- $sql .= "AND (expiration_date = 0 || expiration_date > ".$timestamp.") ";
- }
-
- $sql .= "AND status != 'closed' AND ";
-
- $sql .= $entry_sql;
-
- /** ----------------------------------------------
- /** Limit to/exclude specific weblogs
- /** ----------------------------------------------*/
-
- if (USER_BLOG !== FALSE)
- {
- // If it's a "user blog" we limit to only their assigned blog
- $sql .= " AND exp_weblogs.weblog_id = '".$DB->escape_str(UB_BLOG_ID)."' ";
- }
- else
- {
- $sql .= "AND exp_weblogs.is_user_blog = 'n' ";
-
- if ($weblog = $TMPL->fetch_param('weblog') OR $TMPL->fetch_param('site'))
- {
- $xql = "SELECT weblog_id FROM exp_weblogs WHERE site_id IN ('".implode("','", $TMPL->site_ids)."') ";
-
- if ($weblog !== FALSE)
- {
- $xql .= $FNS->sql_andor_string($weblog, 'blog_name');
- }
-
- $query = $DB->query($xql);
-
- if ($query->num_rows == 1)
- {
- $sql .= "AND exp_weblog_titles.weblog_id = '".$query->row['weblog_id']."' ";
- }
- elseif ($query->num_rows > 1)
- {
- $sql .= "AND (";
-
- foreach ($query->result as $row)
- {
- $sql .= "exp_weblog_titles.weblog_id = '".$row['weblog_id']."' OR ";
- }
-
- $sql = substr($sql, 0, - 3);
-
- $sql .= ") ";
- }
- }
- }
- $query = $DB->query($sql);
-
- // Bad ID? See ya!
-
- if ($query->num_rows == 0)
- {
- return false;
- }
- unset($sql);
-
- // We'll reassign the entry ID so it's the true numeric ID
-
- $entry_id = $query->row['entry_id'];
- }
-
-
- // If the comment tag is being used in freeform mode
- // we need to fetch the weblog ID numbers
-
- $w_sql = '';
-
- if ( ! $dynamic)
- {
- if (USER_BLOG !== FALSE)
- {
- // If it's a "user blog" we limit to only their assigned blog
-
- $w_sql .= "AND weblog_id = '".UB_BLOG_ID."' ";
- }
- else
- {
- if ($weblog = $TMPL->fetch_param('weblog') OR $TMPL->fetch_param('site'))
- {
- $xql = "SELECT weblog_id FROM exp_weblogs WHERE site_id IN ('".implode("','", $TMPL->site_ids)."') ";
-
- if ($weblog !== FALSE)
- {
- $xql .= $FNS->sql_andor_string($weblog, 'blog_name');
- }
- $query = $DB->query($xql);
-
- if ($query->num_rows == 0)
- {
- return $TMPL->no_results();
- }
- else
- {
- if ($query->num_rows == 1)
- {
- $w_sql .= "AND weblog_id = '".$query->row['weblog_id']."' ";
- }
- else
- {
- $w_sql .= "AND (";
-
- foreach ($query->result as $row)
- {
- $w_sql .= "weblog_id = '".$row['weblog_id']."' OR ";
- }
-
- $w_sql = substr($w_sql, 0, - 3);
-
- $w_sql .= ") ";
- }
- }
- }
- }
- }
-
- /** ----------------------------------------
- /** Set trackback flag
- /** ----------------------------------------*/
-
- // Depending on whether the {if trackbacks} conditional
- // is present will determine whether we need to show trackbacks
-
- $show_trackbacks = (preg_match("/".LD."if\s+trackbacks".RD.".+?".LD.SLASH."if".RD."/s", $TMPL->tagdata)) ? TRUE : FALSE;
- /** ----------------------------------------
- /** Set sorting and limiting
- /** ----------------------------------------*/
-
- if ( ! $dynamic)
- {
- $limit = ( ! $TMPL->fetch_param('limit')) ? 100 : $TMPL->fetch_param('limit');
- $sort = ( ! $TMPL->fetch_param('sort')) ? 'desc' : $TMPL->fetch_param('sort');
- }
- else
- {
- $limit = ( ! $TMPL->fetch_param('limit')) ? $this->limit : $TMPL->fetch_param('limit');
- $sort = ( ! $TMPL->fetch_param('sort')) ? 'asc' : $TMPL->fetch_param('sort');
- }
-
- $allowed_sorts = array('date', 'email', 'location', 'name', 'url');
-
- /** ----------------------------------------
- /** Fetch comment ID numbers
- /** ----------------------------------------*/
-
- $temp = array();
- $i = 0;
-
- $comments_exist = FALSE;
-
- // Left this here for backward compatibility
- // We need to deprecate the "order_by" parameter
-
- if ($TMPL->fetch_param('orderby') != '')
- {
- $order_by = $TMPL->fetch_param('orderby');
- }
- else
- {
- $order_by = $TMPL->fetch_param('order_by');
- }
-
- $order_by = ($order_by == 'date' OR ! in_array($order_by, $allowed_sorts)) ? 'comment_date' : $order_by;
-
- if ( ! $dynamic)
- {
- // When we are only showing comments and it is not based on an entry id or url title
- // in the URL, we can make the query much more efficient and save some work.
-
- $e_sql = (isset($entry_id) && $entry_id != '') ? "AND entry_id = '".$DB->escape_str($entry_id)."' ": '';
-
- if ($show_trackbacks === FALSE)
- {
- $this_page = ($current_page == '' || ($limit > 1 AND $current_page == 1)) ? 0 : $current_page;
- $this_sort = (strtolower($sort) == 'desc') ? 'DESC' : 'ASC';
-
- $sql = "SELECT comment_date, comment_id FROM exp_comments
- WHERE status = 'o' ".$e_sql.$w_sql."
- ORDER BY ".$order_by." ".$this_sort."
- LIMIT {$this_page}, ".$limit;
-
- $query = $DB->query($sql);
-
- $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE status = 'o' ".$e_sql.$w_sql);
-
- $total_rows = $count_query->row['count'];
- }
- else
- {
- $sql = "SELECT comment_date, comment_id FROM exp_comments WHERE status = 'o' ".$e_sql.$w_sql." ORDER BY ".$order_by;
- }
-
- $query = $DB->query($sql);
- }
- else
- {
- $query = $DB->query("SELECT comment_date, comment_id FROM exp_comments WHERE entry_id = '".$DB->escape_str($entry_id)."' AND status = 'o' ORDER BY ".$order_by);
- }
- if ($query->num_rows > 0)
- {
- $comments_exist = TRUE;
- foreach ($query->result as $row)
- {
- $key = $row['comment_date'];
-
- while(isset($temp[$key]))
- {
- $key++;
- }
-
- $temp[$key] = 'c'.$row['comment_id'];
- }
- }
-
- /** ----------------------------------------
- /** Fetch trackback ID numbers
- /** ----------------------------------------*/
-
- $trackbacks_exist = FALSE;
-
- if ($show_trackbacks)
- {
- if ( ! $dynamic)
- {
- $t_sql = '';
-
- if ($w_sql != '')
- {
- $t_sql = trim($w_sql);
-
- $t_sql = "WHERE ".substr($t_sql, 3);
- }
-
- $sql = "SELECT trackback_date, trackback_id FROM exp_trackbacks ".$t_sql." ORDER BY trackback_date";
-
- $query = $DB->query($sql);
- }
- else
- {
- $query = $DB->query("SELECT trackback_date, trackback_id FROM exp_trackbacks WHERE entry_id = '".$DB->escape_str($entry_id)."' ORDER BY trackback_date");
- }
-
- if ($query->num_rows > 0)
- {
- $trackbacks_exist = TRUE;
- foreach ($query->result as $row)
- {
- $key = $row['trackback_date'];
-
- while(isset($temp[$key]))
- {
- $key++;
- }
-
- $temp[$key] = 't'.$row['trackback_id'];
- }
- }
- }
-
- /** ------------------------------------
- /** No results? No reason to continue...
- /** ------------------------------------*/
-
- if (count($temp) == 0)
- {
- return $TMPL->no_results();
- }
-
- // Sort the array based on the keys (which contain the Unix timesamps
- // of the comments and trackbacks)
-
- if ($order_by == 'comment_date')
- {
- ksort($temp);
- }
-
- // Create a new, sequentially indexed array
-
- $result_ids = array();
-
- foreach ($temp as $val)
- {
- $result_ids[$val] = $val;
- }
-
- // Reverse the array if order is descending
-
- if ($sort == 'desc')
- {
- $result_ids = array_reverse($result_ids);
- }
-
- /** ---------------------------------
- /** Do we need pagination?
- /** ---------------------------------*/
-
- // When showing only comments and no using the URL, then we already have this value
-
- if ($dynamic OR $show_trackbacks === TRUE)
- {
- $total_rows = count($result_ids);
- }
-
- if (preg_match("/".LD."paginate(.*?)".RD."(.+?)".LD.SLASH."paginate".RD."/s", $TMPL->tagdata, $match))
- {
- $paginate = TRUE;
- $paginate_data = $match['2'];
- $anchor = '';
-
- if ($match['1'] != '')
- {
- if (preg_match("/anchor.*?=[\"|\'](.+?)[\"|\']/", $match['1'], $amatch))
- {
- $anchor = '#'.$amatch['1'];
- }
- }
-
- $TMPL->tagdata = preg_replace("/".LD."paginate.*?".RD.".+?".LD.SLASH."paginate".RD."/s", "", $TMPL->tagdata);
-
- $current_page = ($current_page == '' || ($limit > 1 AND $current_page == 1)) ? 0 : $current_page;
-
- if ($current_page > $total_rows)
- {
- $current_page = 0;
- }
-
- $t_current_page = floor(($current_page / $limit) + 1);
- $total_pages = intval(floor($total_rows / $limit));
-
- if ($total_rows % $limit)
- $total_pages++;
-
- if ($total_rows > $limit)
- {
- if ( ! class_exists('Paginate'))
- {
- require PATH_CORE.'core.paginate'.EXT;
- }
-
- $PGR = new Paginate();
- $deft_tmpl = '';
-
- if ($uristr == '')
- {
- if (USER_BLOG !== FALSE)
- {
- $query = $DB->query("SELECT group_name FROM exp_template_groups WHERE group_id = '".$DB->escape_str(UB_TMP_GRP)."'");
- $deft_tmpl = $query->row['group_name'].'/index/';
- }
- else
- {
-
- if ($PREFS->ini('template_group') == '')
- {
- $query = $DB->query("SELECT group_name FROM exp_template_groups WHERE is_site_default = 'y' AND is_user_blog = 'n'");
- $deft_tmpl = $query->row['group_name'].'/index/';
- }
- else
- {
- $deft_tmpl = $PREFS->ini('template_group').'/';
- $deft_tmpl .= ($PREFS->ini('template') == '') ? 'index' : $PREFS->ini('template');
- $deft_tmpl .= '/';
- }
- }
- }
-
- $basepath = $FNS->remove_double_slashes($FNS->create_url($uristr, 1, 0).'/'.$deft_tmpl);
-
- $first_url = (substr($basepath, -5) == '.php/') ? substr($basepath, 0, -1) : $basepath;
-
- if ($TMPL->fetch_param('paginate_base'))
- {
- $pbase = $REGX->trim_slashes($TMPL->fetch_param('paginate_base'));
-
- $pbase = str_replace("/index", "/", $pbase);
-
- if ( ! strstr($basepath, $pbase))
- {
- $basepath = $FNS->remove_double_slashes($basepath.'/'.$pbase.'/');
- }
- }
-
- $PGR->first_url = $first_url;
- $PGR->path = $basepath;
- $PGR->prefix = ( ! $dynamic) ? 'N' : 'P';
- $PGR->total_count = $total_rows;
- $PGR->per_page = $limit;
- $PGR->cur_page = $current_page;
- $PGR->suffix = $anchor;
-
- $pagination_links = $PGR->show_links();
-
- if ((($total_pages * $limit) - $limit) > $current_page)
- {
- $page_next = $basepath.'P'.($current_page + $limit).'/';
- }
-
- if (($current_page - $limit ) >= 0)
- {
- $page_previous = $basepath.'P'.($current_page - $limit).'/';
- }
- }
- else
- {
- $current_page = '';
- }
- }
-
- // When only non-dynamic comments are show, all results are valid as the
- // query is restricted with a LIMIT clause
-
- if ($dynamic OR $show_trackbacks === TRUE)
- {
- if ($current_page == '')
- {
- $result_ids = array_slice($result_ids, 0, $limit);
- }
- else
- {
- $result_ids = array_slice($result_ids, $current_page, $limit);
- }
- }
-
- /** -----------------------------------
- /** Fetch Comments if necessary
- /** -----------------------------------*/
-
- $results = $result_ids;
- $mfields = array();
-
- if ($comments_exist == TRUE)
- {
- $com = '';
- foreach ($result_ids as $val)
- {
- if (substr($val, 0, 1) == 'c')
- {
- $com .= substr($val, 1).",";
- }
- }
-
- if ($com != '')
- {
- /** ----------------------------------------
- /** "Search by Member" link
- /** ----------------------------------------*/
- // We use this with the {member_search_path} variable
-
- $result_path = (preg_match("/".LD."member_search_path\s*=(.*?)".RD."/s", $TMPL->tagdata, $match)) ? $match['1'] : 'search/results';
- $result_path = str_replace("\"", "", $result_path);
- $result_path = str_replace("'", "", $result_path);
-
- $qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';
- $search_link = $FNS->fetch_site_index(0, 0).$qs.'ACT='.$FNS->fetch_action_id('Search', 'do_search').'&result_path='.$result_path.'&mbr=';
- $sql = "SELECT
- exp_comments.comment_id, exp_comments.entry_id, exp_comments.weblog_id, exp_comments.author_id, exp_comments.name, exp_comments.email, exp_comments.url, exp_comments.location as c_location, exp_comments.ip_address, exp_comments.comment_date, exp_comments.edit_date, exp_comments.comment, exp_comments.notify, exp_comments.site_id AS comment_site_id,
- exp_members.location, exp_members.occupation, exp_members.interests, exp_members.aol_im, exp_members.yahoo_im, exp_members.msn_im, exp_members.icq, exp_members.group_id, exp_members.member_id, exp_members.signature, exp_members.sig_img_filename, exp_members.sig_img_width, exp_members.sig_img_height, exp_members.avatar_filename, exp_members.avatar_width, exp_members.avatar_height, exp_members.photo_filename, exp_members.photo_width, exp_members.photo_height,
- exp_member_data.*,
- exp_weblog_titles.title, exp_weblog_titles.url_title, exp_weblog_titles.author_id AS entry_author_id,
- exp_weblogs.comment_text_formatting, exp_weblogs.comment_html_formatting, exp_weblogs.comment_allow_img_urls, exp_weblogs.comment_auto_link_urls, exp_weblogs.blog_url, exp_weblogs.comment_url, exp_weblogs.blog_title
- FROM exp_comments
- LEFT JOIN exp_weblogs ON exp_comments.weblog_id = exp_weblogs.weblog_id
- LEFT JOIN exp_weblog_titles ON exp_comments.entry_id = exp_weblog_titles.entry_id
- LEFT JOIN exp_members ON exp_members.member_id = exp_comments.author_id
- LEFT JOIN exp_member_data ON exp_member_data.member_id = exp_members.member_id
- WHERE exp_comments.comment_id IN (".substr($com, 0, -1).")";
-
- $query = $DB->query($sql);
-
- if ($query->num_rows > 0)
- {
- $i = 0;
- foreach ($query->result as $row)
- {
- if (isset($results['c'.$row['comment_id']]))
- {
- $results['c'.$row['comment_id']] = $query->result[$i];
- $i++;
- }
- }
- }
-
- /** ----------------------------------------
- /** Fetch custom member field IDs
- /** ----------------------------------------*/
-
- $query = $DB->query("SELECT m_field_id, m_field_name FROM exp_member_fields");
-
- if ($query->num_rows > 0)
- {
- foreach ($query->result as $row)
- {
- $mfields[$row['m_field_name']] = $row['m_field_id'];
- }
- }
-
- }
- }
-
-
- /** -----------------------------------
- /** Fetch Trackbacks if necessary
- /** -----------------------------------*/
-
- if ($trackbacks_exist == TRUE)
- {
- $trb = '';
- foreach ($result_ids as $val)
- {
- if (substr($val, 0, 1) == 't')
- {
- $trb .= substr($val, 1).",";
- }
- }
-
- if ($trb != '')
- {
- $sql = "SELECT
- exp_trackbacks.trackback_id, exp_trackbacks.title, exp_trackbacks.content, exp_trackbacks.weblog_name, exp_trackbacks.trackback_url, exp_trackbacks.trackback_date, exp_trackbacks.trackback_ip,
- exp_weblog_titles.weblog_id, exp_weblog_titles.allow_trackbacks, exp_weblog_titles.url_title
- FROM exp_trackbacks
- LEFT JOIN exp_weblog_titles ON (exp_weblog_titles.entry_id = exp_trackbacks.entry_id)
- WHERE exp_trackbacks.trackback_id IN (".substr($trb, 0, -1).")";
-
- $query = $DB->query($sql);
-
- if ($query->num_rows > 0)
- {
- $i = 0;
- foreach ($query->result as $row)
- {
- if (isset($results['t'.$row['trackback_id']]))
- {
- $results['t'.$row['trackback_id']] = $query->result[$i];
- $i++;
- }
- }
- }
- }
- }
-
- /** ----------------------------------------
- /** Instantiate Typography class
- /** ----------------------------------------*/
-
- if ( ! class_exists('Typography'))
- {
- require PATH_CORE.'core.typography'.EXT;
- }
-
- $TYPE = new Typography(FALSE, FALSE);
-
-
- /** ----------------------------------------
- /** Fetch all the date-related variables
- /** ----------------------------------------*/
-
- $gmt_comment_date = array();
- $comment_date = array();
- $trackback_date = array();
- $edit_date = array();
-
- // We do this here to avoid processing cycles in the foreach loop
-
- $date_vars = array('gmt_comment_date', 'comment_date', 'trackback_date', 'edit_date');
-
- foreach ($date_vars as $val)
- {
- if (preg_match_all("/".LD.$val."\s+format=[\"'](.*?)[\"']".RD."/s", $TMPL->tagdata, $matches))
- {
- for ($j = 0; $j < count($matches['0']); $j++)
- {
- $matches['0'][$j] = str_replace(LD, '', $matches['0'][$j]);
- $matches['0'][$j] = str_replace(RD, '', $matches['0'][$j]);
-
- switch ($val)
- {
- case 'comment_date' : $comment_date[$matches['0'][$j]] = $LOC->fetch_date_params($matches['1'][$j]);
- break;
- case 'gmt_comment_date' : $gmt_comment_date[$matches['0'][$j]] = $LOC->fetch_date_params($matches['1'][$j]);
- break;
- case 'trackback_date' : $trackback_date[$matches['0'][$j]] = $LOC->fetch_date_params($matches['1'][$j]);
- break;
- case 'edit_date' : $edit_date[$matches['0'][$j]] = $LOC->fetch_date_params($matches['1'][$j]);
- break;
- }
- }
- }
- }
-
- /** ----------------------------------------
- /** Protected Variables for Cleanup Routine
- /** ----------------------------------------*/
-
- // Since comments do not necessarily require registration, and since
- // you are allowed to put member variables in comments, we need to kill
- // left-over unparsed junk. The $member_vars array is all of those
- // member related variables that should be removed.
-
- $member_vars = array('location', 'occupation', 'interests', 'aol_im', 'yahoo_im', 'msn_im', 'icq',
- 'signature', 'sig_img_filename', 'sig_img_width', 'sig_img_height',
- 'avatar_filename', 'avatar_width', 'avatar_height',
- 'photo_filename', 'photo_width', 'photo_height');
-
- $member_cond_vars = array();
-
- foreach($member_vars as $var)
- {
- $member_cond_vars[$var] = '';
- }
-
-
- /** ----------------------------------------
- /** Start the processing loop
- /** ----------------------------------------*/
-
- $item_count = 0;
-
- $relative_count = 0;
- $absolute_count = ($current_page == '') ? 0 : $current_page;
- $total_results = sizeof($results);
-
- foreach ($results as $id => $row)
- {
- if ( ! is_array($row))
- continue;
-
- $relative_count++;
- $absolute_count++;
-
- $row['count'] = $relative_count;
- $row['absolute_count'] = $absolute_count;
- $row['total_comments'] = $total_rows;
- $row['total_results'] = $total_results;
-
- // This lets the {if location} variable work
-
- if ($comments_exist == TRUE AND isset($row['author_id']))
- {
- if ($row['author_id'] == 0)
- $row['location'] = $row['c_location'];
- }
-
- $tagdata = $TMPL->tagdata;
-
- // -------------------------------------------
- // 'comment_entries_tagdata' hook.
- // - Modify and play with the tagdata before everyone else
- //
- if ($EXT->active_hook('comment_entries_tagdata') === TRUE)
- {
- $tagdata = $EXT->call_extension('comment_entries_tagdata', $tagdata, $row);
- if ($EXT->end_script === TRUE) return $tagdata;
- }
- //
- // -------------------------------------------
-
- /** ----------------------------------------
- /** Conditionals
- /** ----------------------------------------*/
- $cond = array_merge($member_cond_vars, $row);
- $cond['comments'] = (substr($id, 0, 1) == 't') ? 'FALSE' : 'TRUE';
- $cond['trackbacks'] = (substr($id, 0, 1) == 'c') ? 'FALSE' : 'TRUE';
- $cond['logged_in'] = ($SESS->userdata('member_id') == 0) ? 'FALSE' : 'TRUE';
- $cond['logged_out'] = ($SESS->userdata('member_id') != 0) ? 'FALSE' : 'TRUE';
- $cond['allow_comments'] = (isset($row['allow_comments']) AND $row['allow_comments'] == 'n') ? 'FALSE' : 'TRUE';
- $cond['allow_trackbacks'] = (isset($row['allow_trackbacks']) AND $row['allow_trackbacks'] == 'n') ? 'FALSE' : 'TRUE';
- $cond['signature_image'] = ( ! isset($row['sig_img_filename']) OR $row['sig_img_filename'] == '' OR $PREFS->ini('enable_signatures') == 'n' OR $SESS->userdata('display_signatures') == 'n') ? 'FALSE' : 'TRUE';
- $cond['avatar'] = ( ! isset($row['avatar_filename']) OR $row['avatar_filename'] == '' OR $PREFS->ini('enable_avatars') == 'n' OR $SESS->userdata('display_avatars') == 'n') ? 'FALSE' : 'TRUE';
- $cond['photo'] = ( ! isset($row['photo_filename']) OR $row['photo_filename'] == '' OR $PREFS->ini('enable_photos') == 'n' OR $SESS->userdata('display_photos') == 'n') ? 'FALSE' : 'TRUE';
- $cond['is_ignored'] = ( ! isset($row['member_id']) OR ! in_array($row['member_id'], $SESS->userdata['ignore_list'])) ? 'FALSE' : 'TRUE';
-
- if ( isset($mfields) && is_array($mfields) && sizeof($mfields) > 0)
- {
- foreach($mfields as $key => $value)
- {
- if (isset($row['m_field_id_'.$value]))
- $cond[$key] = $row['m_field_id_'.$value];
- }
- }
-
- $tagdata = $FNS->prep_conditionals($tagdata, $cond);
-
- /** ----------------------------------------
- /** Parse "single" variables
- /** ----------------------------------------*/
- foreach ($TMPL->var_single as $key => $val)
- {
-
- /** ----------------------------------------
- /** parse {switch} variable
- /** ----------------------------------------*/
-
- if (strncmp($key, 'switch', 6) == 0)
- {
- $sparam = $FNS->assign_parameters($key);
-
- $sw = '';
- if (isset($sparam['switch']))
- {
- $sopt = @explode("|", $sparam['switch']);
-
- $sw = $sopt[($relative_count + count($sopt) - 1) % count($sopt)];
-
- /* Old style switch parsing
- /*
- if (count($sopt) == 2)
- {
- if (isset($switch[$sparam['switch']]) AND $switch[$sparam['switch']] == $sopt['0'])
- {
- $switch[$sparam['switch']] = $sopt['1'];
-
- $sw = $sopt['1'];
- }
- else
- {
- $switch[$sparam['switch']] = $sopt['0'];
-
- $sw = $sopt['0'];
- }
- }
- */
- }
-
- $tagdata = $TMPL->swap_var_single($key, $sw, $tagdata);
- }
-
-
-
- /** ----------------------------------------
- /** parse permalink
- /** ----------------------------------------*/
-
- if (strncmp('permalink', $key, 9) == 0 && isset($row['comment_id']))
- {
- $tagdata = $TMPL->swap_var_single(
- $key,
- $FNS->create_url($uristr.'#'.$row['comment_id'], 0, 0),
- $tagdata
- );
- }
- /** ----------------------------------------
- /** parse comment_path or trackback_path
- /** ----------------------------------------*/
-
- if (preg_match("#^(comment_path|trackback_path|entry_id_path)#", $key))
- {
- $tagdata = $TMPL->swap_var_single(
- $key,
- $FNS->create_url($FNS->extract_path($key).'/'.$row['entry_id']),
- $tagdata
- );
- }
- /** ----------------------------------------
- /** parse title permalink
- /** ----------------------------------------*/
-
- if (preg_match("#^(title_permalink|url_title_path)#", $key))
- {
- $path = ($FNS->extract_path($key) != '' AND $FNS->extract_path($key) != 'SITE_INDEX') ? $FNS->extract_path($key).'/'.$row['url_title'] : $row['url_title'];
- $tagdata = $TMPL->swap_var_single(
- $key,
- $FNS->create_url($path, 1, 0),
- $tagdata
- );
- }
-
- /** ----------------------------------------
- /** parse comment date
- /** ----------------------------------------*/
-
- if (isset($comment_date[$key]) AND $comments_exist == TRUE AND isset($row['comment_date']))
- {
- foreach ($comment_date[$key] as $dvar)
- {
- $val = str_replace($dvar, $LOC->convert_timestamp($dvar, $row['comment_date'], TRUE), $val);
- }
- $tagdata = $TMPL->swap_var_single($key, $val, $tagdata);
- }
-
- /** ----------------------------------------
- /** parse GMT comment date
- /** ----------------------------------------*/
-
- if (isset($gmt_comment_date[$key]) AND $comments_exist == TRUE AND isset($row['comment_date']))
- {
- foreach ($gmt_comment_date[$key] as $dvar)
- {
- $val = str_replace($dvar, $LOC->convert_timestamp($dvar, $row['comment_date'], FALSE), $val);
- }
- $tagdata = $TMPL->swap_var_single($key, $val, $tagdata);
- }
-
- /** ----------------------------------------
- /** parse trackback date
- /** ----------------------------------------*/
-
- if (isset($trackback_date[$key]) AND $trackbacks_exist == TRUE AND isset($row['trackback_date']))
- {
- foreach ($trackback_date[$key] as $dvar)
- $val = str_replace($dvar, $LOC->convert_timestamp($dvar, $row['trackback_date'], TRUE), $val);
- $tagdata = $TMPL->swap_var_single($key, $val, $tagdata);
- }
-
- /** ----------------------------------------
- /** parse "last edit" date
- /** ----------------------------------------*/
-
- if (isset($edit_date[$key]))
- {
- if (isset($row['edit_date']))
- {
- foreach ($edit_date[$key] as $dvar)
- $val = str_replace($dvar, $LOC->convert_timestamp($dvar, $LOC->timestamp_to_gmt($row['edit_date']), TRUE), $val);
-
- $tagdata = $TMPL->swap_var_single($key, $val, $tagdata);
- }
- }
-
- /** ----------------------------------------
- /** {member_search_path}
- /** ----------------------------------------*/
-
- if (strncmp('member_search_path', $key, 18) == 0)
- {
- $tagdata = $TMPL->swap_var_single($key, $search_link.$row['author_id'], $tagdata);
- }
-
-
- // Prep the URL
-
- if (isset($row['url']))
- {
- $row['url'] = $REGX->prep_url($row['url']);
- }
-
- /** ----------------------------------------
- /** {author}
- /** ----------------------------------------*/
- if ($key == "author")
- {
- $tagdata = $TMPL->swap_var_single($val, (isset($row['name'])) ? $row['name'] : '', $tagdata);
- }
- /** ----------------------------------------
- /** {url_or_email} - Uses Raw Email Address, Like Weblog Module
- /** ----------------------------------------*/
-
- if ($key == "url_or_email" AND isset($row['url']))
- {
- $tagdata = $TMPL->swap_var_single($val, ($row['url'] != '') ? $row['url'] : $row['email'], $tagdata);
- }
- /** ----------------------------------------
- /** {url_as_author}
- /** ----------------------------------------*/
- if ($key == "url_as_author" AND isset($row['url']))
- {
- if ($row['url'] != '')
- {
- $tagdata = $TMPL->swap_var_single($val, "<a href=\"".$row['url']."\">".$row['name']."</a>", $tagdata);
- }
- else
- {
- $tagdata = $TMPL->swap_var_single($val, $row['name'], $tagdata);
- }
- }
- /** ----------------------------------------
- /** {url_or_email_as_author}
- /** ----------------------------------------*/
-
- if ($key == "url_or_email_as_author" AND isset($row['url']))
- {
- if ($row['url'] != '')
- {
- $tagdata = $TMPL->swap_var_single($val, "<a href=\"".$row['url']."\">".$row['name']."</a>", $tagdata);
- }
- else
- {
- if ($row['email'] != '')
- {
- $tagdata = $TMPL->swap_var_single($val, $TYPE->encode_email($row['email'], $row['name']), $tagdata);
- }
- else
- {
- $tagdata = $TMPL->swap_var_single($val, $row['name'], $tagdata);
- }
- }
- }
-
- /** ----------------------------------------
- /** {url_or_email_as_link}
- /** ----------------------------------------*/
-
- if ($key == "url_or_email_as_link" AND isset($row['url']))
- {
- if ($row['url'] != '')
- {
- $tagdata = $TMPL->swap_var_single($val, "<a href=\"".$row['url']."\">".$row['url']."</a>", $tagdata);
- }
- else
- {
- if ($row['email'] != '')
- {
- $tagdata = $TMPL->swap_var_single($val, $TYPE->encode_email($row['email']), $tagdata);
- }
- else
- {
- $tagdata = $TMPL->swap_var_single($val, $row['name'], $tagdata);
- }
- }
- }
-
- if (substr($id, 0, 1) == 'c')
- {
- /** ----------------------------------------
- /** {comment_auto_path}
- /** ----------------------------------------*/
-
- if ($key == "comment_auto_path")
- {
- $path = ($row['comment_url'] == '') ? $row['blog_url'] : $row['comment_url'];
-
- $tagdata = $TMPL->swap_var_single($key, $path, $tagdata);
- }
-
- /** ----------------------------------------
- /** {comment_url_title_auto_path}
- /** ----------------------------------------*/
-
- if ($key == "comment_url_title_auto_path" AND $comments_exist == TRUE)
- {
- $path = ($row['comment_url'] == '') ? $row['blog_url'] : $row['comment_url'];
-
- $tagdata = $TMPL->swap_var_single(
- $key,
- $path.$row['url_title'].'/',
- $tagdata
- );
- }
-
- /** ----------------------------------------
- /** {comment_entry_id_auto_path}
- /** ----------------------------------------*/
-
- if ($key == "comment_entry_id_auto_path" AND $comments_exist == TRUE)
- {
- $path = ($row['comment_url'] == '') ? $row['blog_url'] : $row['comment_url'];
-
- $tagdata = $TMPL->swap_var_single(
- $key,
- $path.$row['entry_id'].'/',
- $tagdata
- );
- }
-
-
- /** ----------------------------------------
- /** parse comment field
- /** ----------------------------------------*/
-
- if ($key == 'comment' AND isset($row['comment']))
- {
- // -------------------------------------------
- // 'comment_entries_comment_format' hook.
- // - Play with the tagdata contents of the comment entries
- //
- if ($EXT->active_hook('comment_entries_comment_format') === TRUE)
- {
- $comment = $EXT->call_extension('comment_entries_comment_format', $row);
- if ($EXT->end_script === TRUE) return;
- }
- else
- {
- $comment = $TYPE->parse_type( $row['comment'],
- array(
- 'text_format' => $row['comment_text_formatting'],
- 'html_format' => $row['comment_html_formatting'],
- 'auto_links' => $row['comment_auto_link_urls'],
- 'allow_img_url' => $row['comment_allow_img_urls']
- )
- );
- }
- //
- // -------------------------------------------
-
- $tagdata = $TMPL->swap_var_single($key, $comment, $tagdata);
- }
- }
-
-
- /** ----------------------------------------
- /** {location}
- /** ----------------------------------------*/
-
- if ($key == 'location' AND (isset($row['location']) || isset($row['c_location'])))
- {
- $tagdata = $TMPL->swap_var_single($key, (empty($row['location'])) ? $row['c_location'] : $row['location'], $tagdata);
- }
-
-
- /** ----------------------------------------
- /** {signature}
- /** ----------------------------------------*/
-
- if ($key == "signature")
- {
- if ($SESS->userdata('display_signatures') == 'n' OR ! isset($row['signature']) OR $row['signature'] == '' OR $SESS->userdata('display_signatures') == 'n')
- {
- $tagdata = $TMPL->swap_var_single($key, '', $tagdata);
- }
- else
- {
- $tagdata = $TMPL->swap_var_single($key,
- $TYPE->parse_type($row['signature'], array(
- 'text_format' => 'xhtml',
- 'html_format' => 'safe',
- 'auto_links' => 'y',
- 'allow_img_url' => $PREFS->ini('sig_allow_img_hotlink')
- )
- ), $tagdata);
- }
- }
-
-
- if ($key == "signature_image_url")
- {
- if ($SESS->userdata('display_signatures') == 'n' OR $row['sig_img_filename'] == '' OR $SESS->userdata('display_signatures') == 'n')
- {
- $tagdata = $TMPL->swap_var_single($key, '', $tagdata);
- $tagdata = $TMPL->swap_var_single('signature_image_width', '', $tagdata);
- $tagdata = $TMPL->swap_var_single('signature_image_height', '', $tagdata);
- }
- else
- {
- $tagdata = $TMPL->swap_var_single($key, $PREFS->ini('sig_img_url', TRUE).$row['sig_img_filename'], $tagdata);
- $tagdata = $TMPL->swap_var_single('signature_image_width', $row['sig_img_width'], $tagdata);
- $tagdata = $TMPL->swap_var_single('signature_image_height', $row['sig_img_height'], $tagdata);
- }
- }
- if ($key == "avatar_url")
- {
- if ( ! isset($row['avatar_filename']))
- $row['avatar_filename'] = '';
-
- if ($SESS->userdata('display_avatars') == 'n' OR $row['avatar_filename'] == '' OR $SESS->userdata('display_avatars') == 'n')
- {
- $tagdata = $TMPL->swap_var_single($key, '', $tagdata);
- $tagdata = $TMPL->swap_var_single('avatar_image_width', '', $tagdata);
- $tagdata = $TMPL->swap_var_single('avatar_image_height', '', $tagdata);
- }
- else
- {
- $tagdata = $TMPL->swap_var_single($key, $PREFS->ini('avatar_url', 1).$row['avatar_filename'], $tagdata);
- $tagdata = $TMPL->swap_var_single('avatar_image_width', $row['avatar_width'], $tagdata);
- $tagdata = $TMPL->swap_var_single('avatar_image_height', $row['avatar_height'], $tagdata);
- }
- }
-
- if ($key == "photo_url")
- {
- if ( ! isset($row['photo_filename']))
- $row['photo_filename'] = '';
-
- if ($SESS->userdata('display_photos') == 'n' OR $row['photo_filename'] == '' OR $SESS->userdata('display_photos') == 'n')
- {
- $tagdata = $TMPL->swap_var_single($key, '', $tagdata);
- $tagdata = $TMPL->swap_var_single('photo_image_width', '', $tagdata);
- $tagdata = $TMPL->swap_var_single('photo_image_height', '', $tagdata);
- }
- else
- {
- $tagdata = $TMPL->swap_var_single($key, $PREFS->ini('photo_url', 1).$row['photo_filename'], $tagdata);
- $tagdata = $TMPL->swap_var_single('photo_image_width', $row['photo_width'], $tagdata);
- $tagdata = $TMPL->swap_var_single('photo_image_height', $row['photo_height'], $tagdata);
- }
- }
-
-
- /** ----------------------------------------
- /** parse basic fields
- /** ----------------------------------------*/
-
- if (isset($row[$val]) && $val != 'member_id')
- {
- $tagdata = $TMPL->swap_var_single($val, $row[$val], $tagdata);
- }
-
- /** ----------------------------------------
- /** parse custom member fields
- /** ----------------------------------------*/
-
- if ( isset($mfields[$val]))
- {
- // Since comments do not necessarily require registration, and since
- // you are allowed to put custom member variables in comments,
- // we delete them if no such row exists
-
- $return_val = (isset($row['m_field_id_'.$mfields[$val]])) ? $row['m_field_id_'.$mfields[$val]] : '';
-
- $tagdata = $TMPL->swap_var_single(
- $val,
- $return_val,
- $tagdata
- );
- }
-
- /** ----------------------------------------
- /** Clean up left over member variables
- /** ----------------------------------------*/
-
- if (in_array($val, $member_vars))
- {
- $tagdata = str_replace(LD.$val.RD, '', $tagdata);
- }
- }
-
- if ($this->show_anchor == TRUE)
- {
- $return .= "<a name=\"".$item_count."\"></a>\n";
- }
-
- $return .= $tagdata;
-
- $item_count++;
- }
-
- /** ----------------------------------------
- /** Parse path variable
- /** ----------------------------------------*/
-
- $return = preg_replace_callback("/".LD."\s*path=(.+?)".RD."/", array(&$FNS, 'create_url'), $return);
- /** ----------------------------------------
- /** Add pagination to result
- /** ----------------------------------------*/
- if ($paginate == TRUE)
- {
- $paginate_data = str_replace(LD.'current_page'.RD, $t_current_page, $paginate_data);
- $paginate_data = str_replace(LD.'total_pages'.RD, $total_pages, $paginate_data);
- $paginate_data = str_replace(LD.'pagination_links'.RD, $pagination_links, $paginate_data);
-
- if (preg_match("/".LD."if previous_page".RD."(.+?)".LD.SLASH."if".RD."/s", $paginate_data, $match))
- {
- if ($page_previous == '')
- {
- $paginate_data = preg_replace("/".LD."if previous_page".RD.".+?".LD.SLASH."if".RD."/s", '', $paginate_data);
- }
- else
- {
- $match['1'] = str_replace(array(LD.'path'.RD, LD.'auto_path'.RD), $page_previous, $match['1']);
-
- $paginate_data = str_replace($match['0'], $match['1'], $paginate_data);
- }
- }
-
- if (preg_match("/".LD."if next_page".RD."(.+?)".LD.SLASH."if".RD."/s", $paginate_data, $match))
- {
- if ($page_next == '')
- {
- $paginate_data = preg_replace("/".LD."if next_page".RD.".+?".LD.SLASH."if".RD."/s", '', $paginate_data);
- }
- else
- {
- $match['1'] = str_replace(array(LD.'path'.RD, LD.'auto_path'.RD), $page_next, $match['1']);
-
- $paginate_data = str_replace($match['0'], $match['1'], $paginate_data);
- }
- }
-
- $position = ( ! $TMPL->fetch_param('paginate')) ? '' : $TMPL->fetch_param('paginate');
-
- switch ($position)
- {
- case "top" : $return = $paginate_data.$return;
- break;
- case "both" : $return = $paginate_data.$return.$paginate_data;
- break;
- default : $return .= $paginate_data;
- break;
- }
- }
-
- return $return;
- }
- /* END */
- /** ----------------------------------------
- /** Comment Submission Form
- /** ----------------------------------------*/
- function form($return_form = FALSE, $captcha = '')
- {
- global $IN, $FNS, $PREFS, $SESS, $TMPL, $LOC, $DB, $REGX, $LANG, $EXT;
-
- $qstring = $IN->QSTR;
-
- /** --------------------------------------
- /** Remove page number
- /** --------------------------------------*/
-
- if (preg_match("#/P\d+#", $qstring, $match))
- {
- $qstring = $FNS->remove_double_slashes(str_replace($match['0'], '', $qstring));
- }
-
- // Figure out the right entry ID
- // Order of precedence: POST, entry_id=, url_title=, $qstring
- if (isset($_POST['entry_id']))
- {
- $entry_sql = " entry_id = '".$DB->escape_str($_POST['entry_id'])."' ";
- }
- elseif ($entry_id = $TMPL->fetch_param('entry_id'))
- {
- $entry_sql = " entry_id = '".$DB->escape_str($entry_id)."' ";
- }
- elseif ($url_title = $TMPL->fetch_param('url_title'))
- {
- $entry_sql = " url_title = '".$DB->escape_str($url_title)."' ";
- }
- else
- {
- // If there is a slash in the entry ID we'll kill everything after it.
- $entry_id = trim($qstring);
- $entry_id = preg_replace("#/.+#", "", $entry_id);
- $entry_sql = ( ! is_numeric($entry_id)) ? " url_title = '".$DB->escape_str($entry_id)."' " : " entry_id = '".$DB->escape_str($entry_id)."' ";
- }
-
- /** ----------------------------------------
- /** Are comments allowed?
- /** ----------------------------------------*/
-
- $sql = "SELECT exp_weblog_titles.entry_id, exp_weblog_titles.entry_date, exp_weblog_titles.comment_expiration_date, exp_weblog_titles.allow_comments, exp_weblogs.comment_system_enabled, exp_weblogs.comment_use_captcha, exp_weblogs.comment_expiration FROM exp_weblog_titles, exp_weblogs ";
-
- $sql .= " WHERE {$entry_sql}";
-
- $sql .= " AND exp_weblog_titles.weblog_id = exp_weblogs.weblog_id
- AND exp_weblog_titles.site_id IN ('".implode("','", $TMPL->site_ids)."')
- AND status != 'closed' ";
-
- if ($weblog = $TMPL->fetch_param('weblog'))
- {
- $xql = "SELECT weblog_id FROM exp_weblogs WHERE site_id IN ('".implode("','", $TMPL->site_ids)."') ";
-
- $xql .= $FNS->sql_andor_string($weblog, 'blog_name');
-
- $query = $DB->query($xql);
-
- if ($query->num_rows == 0)
- {
- return false;
- }
- elseif ($query->num_rows == 1)
- {
- $sql .= "AND exp_weblog_titles.weblog_id = '".$query->row['weblog_id']."' ";
- }
- else
- {
- $sql .= "AND (";
-
- foreach ($query->result as $row)
- {
- $sql .= "exp_weblog_titles.weblog_id = '".$row['weblog_id']."' OR ";
- }
-
- $sql = substr($sql, 0, - 3);
-
- $sql .= ") ";
- }
- }
-
- $query = $DB->query($sql);
- if ($query->num_rows == 0)
- {
- return false;
- }
-
- if ($query->row['allow_comments'] == 'n…
Large files files are truncated, but you can click here to view the full file