PageRenderTime 46ms CodeModel.GetById 29ms RepoModel.GetById 0ms app.codeStats 0ms

/concrete/blocks/guestbook/controller.php

https://github.com/markdev/markandkitty
PHP | 462 lines | 267 code | 60 blank | 135 comment | 27 complexity | 603206eb3ae6536090792f4bbb78b9ec MD5 | raw file
    

  1. <?php 
    2. 

  2. /**
    3. 

  3.  * @package Blocks
    4. 

  4.  * @subpackage BlockTypes
    5. 

  5.  * @category Concrete
    6. 

  6.  * @author Andrew Embler <andrew@concrete5.org>
    7. 

  7.  * @copyright  Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org)
    8. 

  8.  * @license    http://www.concrete5.org/license/     MIT License
    9. 

  9.  *
    10. 

  10.  */
    11. 

  11. 

  12. /**
    13. 

  13.  * Controller for the guestbook block, which allows site owners to add comments onto any concrete page.
    14. 

  14.  *
    15. 

  15.  * @package Blocks
    16. 

  16.  * @subpackage BlockTypes
    17. 

  17.  * @author Ryan Tyler <ryan@concrete5.org>
    18. 

  18.  * @author Andrew Embler <andrew@concrete5.org>
    19. 

  19.  * @category Concrete
    20. 

  20.  * @copyright  Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org)
    21. 

  21.  * @license    http://www.concrete5.org/license/     MIT License
    22. 

  22.  *
    23. 

  23.  */
    24. 

  24. 	defined('C5_EXECUTE') or die("Access Denied.");
    25. 

  25. 	class GuestbookBlockController extends BlockController {		
    26. 

  26. 		protected $btTable = 'btGuestBook';
    27. 

  27. 		protected $btInterfaceWidth = "300";
    28. 

  28. 		protected $btInterfaceHeight = "260";	
    29. 

  29. 		protected $btIncludeAll = 1;
    30. 

  30. 		
    31. 

  31. 		/** 
    32. 

  32. 		 * Used for localization. If we want to localize the name/description we have to include this
    33. 

  33. 		 */
    34. 

  34. 		public function getBlockTypeDescription() {
    35. 

  35. 			return t("Adds blog-style comments (a guestbook) to your page.");
    36. 

  36. 		}
    37. 

  37. 		
    38. 

  38. 		public function getBlockTypeName() {
    39. 

  39. 			return t("Guestbook");
    40. 

  40. 		}			
    41. 

  41. 			
    42. 

  42. 		function delete() {
    43. 

  43. 			$ip = Loader::helper('validation/ip');
    44. 

  44. 			if (!$ip->check()) {
    45. 

  45. 				$this->set('invalidIP', $ip->getErrorMessage());			
    46. 

  46. 				return;
    47. 

  47. 			}
    48. 

  48. 			$c = Page::getCurrentPage();
    49. 

  49. 			$E = new GuestBookBlockEntry($this->bID, $c->getCollectionID());
    50. 

  50. 			$bo = $this->getBlockObject();
    51. 

  51. 			$E->removeAllEntries( $c->getCollectionID() );
    52. 

  52. 			parent::delete();
    53. 

  53. 		}
    54. 

  54. 		
    55. 

  55. 		/**
    56. 

  56. 		 * returns the title
    57. 

  57. 		 * @return string $title
    58. 

  58. 		*/
    59. 

  59. 		function getTitle() {
    60. 

  60. 			return $this->title;
    61. 

  61. 		}
    62. 

  62. 

  63. 

  64. 		/**
    65. 

  65. 		 * returns wether or not to require approval
    66. 

  66. 		 * @return bool
    67. 

  67. 		*/
    68. 

  68. 		function getRequireApproval() {
    69. 

  69. 			return $this->requireApproval;
    70. 

  70. 		}
    71. 

  71. 

  72. 

  73. 		/**
    74. 

  74. 		 * returns the bool to display the form
    75. 

  75. 		 * @return bool
    76. 

  76. 		*/
    77. 

  77. 		function getDisplayGuestBookForm() {
    78. 

  78. 			return $this->displayGuestBookForm;
    79. 

  79. 		}
    80. 

  80. 		
    81. 

  81. 		/** 
    82. 

  82. 		 * Handles the form post for adding a new guest book entry
    83. 

  83. 		 *
    84. 

  84. 		*/	
    85. 

  85. 		function action_form_save_entry() {	
    86. 

  86. 			$ip = Loader::helper('validation/ip');
    87. 

  87. 			if (!$ip->check()) {
    88. 

  88. 				$this->set('invalidIP', $ip->getErrorMessage());			
    89. 

  89. 				return;
    90. 

  90. 			}
    91. 

  91. 

  92. 			// get the cID from the block Object
    93. 

  93. 			$bo = $this->getBlockObject();
    94. 

  94. 			$c = Page::getCurrentPage();
    95. 

  95. 			$cID = $c->getCollectionID();
    96. 

  96. 		
    97. 

  97. 			$v = Loader::helper('validation/strings');
    98. 

  98. 			$errors = array();
    99. 

  99. 			
    100. 

  100. 			$u = new User();
    101. 

  101. 			$uID = intval( $u->getUserID() );
    102. 

  102. 			if($this->authenticationRequired && !$u->isLoggedIn()){
    103. 

  103. 					$errors['notLogged'] = '- '.t("Your session has expired.  Please log back in."); 
    104. 

  104. 			}elseif(!$this->authenticationRequired){		
    105. 

  105. 				if(!$v->email($_POST['email'])) {
    106. 

  106. 					$errors['email'] = '- '.t("Invalid Email Address");
    107. 

  107. 				}
    108. 

  108. 				if(!$v->notempty($_POST['name'])) {
    109. 

  109. 					$errors['name'] = '- '.t("Name is required");
    110. 

  110. 				}
    111. 

  111. 			}
    112. 

  112. 			
    113. 

  113. 			// check captcha if activated
    114. 

  114. 			if ($this->displayCaptcha) {
    115. 

  115. 			   $captcha = Loader::helper('validation/captcha');
    116. 

  116. 			   if (!$captcha->check()) {
    117. 

  117. 			      $errors['captcha'] = '- '.t("Incorrect captcha code");
    118. 

  118. 			   }
    119. 

  119. 			}
    120. 

  120. 

  121. 			if(!$v->notempty($_POST['commentText'])) {
    122. 

  122. 				$errors['commentText'] = '- '.t("a comment is required");
    123. 

  123. 			}
    124. 

  124. 			
    125. 

  125. 			if(count($errors)){
    126. 

  126. 				$txt = Loader::helper('text');
    127. 

  127. 

  128. 				$E = new GuestBookBlockEntry($this->bID, $c->getCollectionID());
    129. 

  129. 				$E->user_name = $txt->sanitize($_POST['name']).'';
    130. 

  130. 				$E->user_email = $txt->sanitize($_POST['email']).'';
    131. 

  131. 				$E->commentText = $txt->sanitize($_POST['commentText']);
    132. 

  132. 				$E->uID			= $uID;
    133. 

  133. 				
    134. 

  134. 				$E->entryID = ($_POST['entryID']?$_POST['entryID']:NULL);
    135. 

  135. 				
    136. 

  136. 				$this->set('response', t('Please correct the following errors:') );
    137. 

  137. 				$this->set('errors',$errors);
    138. 

  138. 				$this->set('Entry',$E);	
    139. 

  139. 			} else {
    140. 

  140. 				$E = new GuestBookBlockEntry($this->bID, $c->getCollectionID());
    141. 

  141. 				if($_POST['entryID']) { // update
    142. 

  142. 					$bp = $this->getPermissionsObject(); 
    143. 

  143. 					if($bp->canWrite()) {
    144. 

  144. 						$E->updateEntry($_POST['entryID'], $_POST['commentText'], $_POST['name'], $_POST['email'], $uID );
    145. 

  145. 						$this->set('response', t('The comment has been saved') );
    146. 

  146. 					} else {
    147. 

  147. 						$this->set('response', t('An Error occured while saving the comment') );
    148. 

  148. 						return true;
    149. 

  149. 					}
    150. 

  150. 				} else { // add			
    151. 

  151. 					$E->addEntry($_POST['commentText'], $_POST['name'], $_POST['email'], (!$this->requireApproval), $cID, $uID );	
    152. 

  152. 					$this->set('response', t('Thanks! Your comment has been posted.') );
    153. 

  153. 				}
    154. 

  154. 				 
    155. 

  155. 				$stringsHelper = Loader::helper('validation/strings');
    156. 

  156. 				if( $stringsHelper->email($this->notifyEmail) ){
    157. 

  157. 					$c = Page::getCurrentPage(); 
    158. 

  158. 					if(intval($uID)>0){
    159. 

  159. 						Loader::model('userinfo');
    160. 

  160. 						$ui = UserInfo::getByID($uID);
    161. 

  161. 						$fromEmail=$ui->getUserEmail();
    162. 

  162. 						$fromName=$ui->getUserName();
    163. 

  163. 					}else{
    164. 

  164. 						$fromEmail=$_POST['email'];
    165. 

  165. 						$fromName=$_POST['name'];
    166. 

  166. 					} 
    167. 

  167. 					$mh = Loader::helper('mail');
    168. 

  168. 					$mh->to( $this->notifyEmail ); 
    169. 

  169. 					$mh->addParameter('guestbookURL', Loader::helper('navigation')->getLinkToCollection($c, true)); 
    170. 

  170. 					$mh->addParameter('comment',  $_POST['commentText'] );  
    171. 

  171. 					$mh->from($fromEmail,$fromName);
    172. 

  172. 					$mh->load('block_guestbook_notification');
    173. 

  173. 					$mh->setSubject( t('Guestbook Comment Notification') ); 
    174. 

  174. 					//echo $mh->body.'<br>';
    175. 

  175. 					@$mh->sendMail(); 
    176. 

  176. 				} 
    177. 

  177. 			}
    178. 

  178. 			return true;
    179. 

  179. 		}
    180. 

  180. 		
    181. 

  181. 		
    182. 

  182. 		/** 
    183. 

  183. 		 * gets a list of all guestbook entries for the current block
    184. 

  184. 		 *
    185. 

  185. 		 * @param string $order ASC|DESC
    186. 

  186. 		 * @return array
    187. 

  187. 		*/
    188. 

  188. 		function getEntries($order = "ASC") {
    189. 

  189. 			$bo = $this->getBlockObject();
    190. 

  190. 			$c = Page::getCurrentPage();
    191. 

  191. 			return GuestBookBlockEntry::getAll($this->bID, $c->getCollectionID(), $order);
    192. 

  192. 		}
    193. 

  193. 		
    194. 

  194. 		
    195. 

  195. 		/** 
    196. 

  196. 		 * Loads a guestbook entry and sets the $Entry GuestBookBlockEntry object instance for use by the view
    197. 

  197. 		 *
    198. 

  198. 		 * @return bool
    199. 

  199. 		*/
    200. 

  200. 		function action_loadEntry() {
    201. 

  201. 			$Entry = new GuestBookBlockEntry($this->bID);
    202. 

  202. 			$Entry->loadData($_GET['entryID']);
    203. 

  203. 			$this->set('Entry',$Entry);
    204. 

  204. 			return true;
    205. 

  205. 		}	
    206. 

  206. 		
    207. 

  207. 		/** 
    208. 

  208. 		 * deltes a given Entry, sets the response message for use in the view
    209. 

  209. 		 *
    210. 

  210. 		*/
    211. 

  211. 		function action_removeEntry() {
    212. 

  212. 			$ip = Loader::helper('validation/ip');
    213. 

  213. 			if (!$ip->check()) {
    214. 

  214. 				$this->set('invalidIP', $ip->getErrorMessage());			
    215. 

  215. 				return;
    216. 

  216. 			}
    217. 

  217. 			$bp = $this->getPermissionsObject(); 
    218. 

  218. 			if($bp->canWrite()) {
    219. 

  219. 				$Entry = new GuestBookBlockEntry($this->bID);
    220. 

  220. 				$Entry->removeEntry($_GET['entryID']);
    221. 

  221. 				$this->set('response', t('The comment has been removed.') );
    222. 

  222. 			}
    223. 

  223. 		}
    224. 

  224. 	
    225. 

  225. 	
    226. 

  226. 	
    227. 

  227. 		/** 
    228. 

  228. 		 * deltes a given Entry, sets the response message for use in the view
    229. 

  229. 		 *
    230. 

  230. 		*/
    231. 

  231. 		function action_approveEntry() {
    232. 

  232. 			$ip = Loader::helper('validation/ip');
    233. 

  233. 			if (!$ip->check()) {
    234. 

  234. 				$this->set('invalidIP', $ip->getErrorMessage());			
    235. 

  235. 				return;
    236. 

  236. 			}
    237. 

  237. 

  238. 			$bp = $this->getPermissionsObject(); 
    239. 

  239. 			if($bp->canWrite()) {
    240. 

  240. 				$Entry = new GuestBookBlockEntry($this->bID);
    241. 

  241. 				$Entry->approveEntry($_GET['entryID']);
    242. 

  242. 				$this->set('response', t('The comment has been approved.') );
    243. 

  243. 			}
    244. 

  244. 		}
    245. 

  245. 		
    246. 

  246. 		/** 
    247. 

  247. 		 * deltes a given Entry, sets the response message for use in the view
    248. 

  248. 		 *
    249. 

  249. 		*/
    250. 

  250. 		function action_unApproveEntry() {
    251. 

  251. 			$ip = Loader::helper('validation/ip');
    252. 

  252. 			if (!$ip->check()) {
    253. 

  253. 				$this->set('invalidIP', $ip->getErrorMessage());			
    254. 

  254. 				return;
    255. 

  255. 			}
    256. 

  256. 

  257. 			$bp = $this->getPermissionsObject(); 
    258. 

  258. 			if($bp->canWrite()) {
    259. 

  259. 				$Entry = new GuestBookBlockEntry($this->bID);
    260. 

  260. 				$Entry->unApproveEntry($_GET['entryID']);
    261. 

  261. 				$this->set('response', t('The comment has been unapproved.') );
    262. 

  262. 			}
    263. 

  263. 		}
    264. 

  264. 		
    265. 

  265. 		
    266. 

  266. 		
    267. 

  267. 		public function getEntryCount($cID = NULL) {
    268. 

  268. 			$ca = new Cache();
    269. 

  269. 			$cID = (isset($cID)?$cID:$this->cID);
    270. 

  270. 			$count = $ca->get('GuestBookCount',$cID."-".$this->bID);
    271. 

  271. 			if(!isset($count) || $count === false) {
    272. 

  272. 				$db = Loader::db();
    273. 

  273. 				$q = 'SELECT count(bID) as count
    274. 

  274. 				FROM btGuestBookEntries
    275. 

  275. 				WHERE bID = ?
    276. 

  276. 				AND cID = ?
    277. 

  277. 				AND approved=1';				
    278. 

  278. 				$v = array($this->bID, $cID);
    279. 

  279. 				$count = $db->getOne($q,$v);
    280. 

  280. 			}
    281. 

  281. 			return $count;
    282. 

  282. 		}
    283. 

  283. 		
    284. 

  284. 		
    285. 

  285. 	} // end class def
    286. 

  286. 	
    287. 

  287. 	
    288. 

  288. 	/** 
    289. 

  289. 	 * Manages indevidual guestbook entries
    290. 

  290. 	 */ 
    291. 

  291. 	class GuestBookBlockEntry {
    292. 

  292. 		/**
    293. 

  293. 		 * blocks bID
    294. 

  294. 		 * @var integer
    295. 

  295. 		*/
    296. 

  296. 		public $bID;
    297. 

  297. 		
    298. 

  298. 		/**
    299. 

  299. 		 * page collectionID
    300. 

  300. 		 * @var integer
    301. 

  301. 		 */
    302. 

  302. 		public $cID;
    303. 

  303. 		
    304. 

  304. 		/**
    305. 

  305. 		 * blocks uID user id
    306. 

  306. 		 * @var integer
    307. 

  307. 		*/
    308. 

  308. 		public $uID;		
    309. 

  309. 		
    310. 

  310. 		/**
    311. 

  311. 		 * the entry id
    312. 

  312. 		 * @var integer
    313. 

  313. 		*/
    314. 

  314. 		public $entryID;
    315. 

  315. 		
    316. 

  316. 		/**
    317. 

  317. 		 * the user's name
    318. 

  318. 		 * @var string
    319. 

  319. 		*/
    320. 

  320. 		public $user_name;
    321. 

  321. 		
    322. 

  322. 		/**
    323. 

  323. 		 * the user's email address
    324. 

  324. 		 * @var string
    325. 

  325. 		*/
    326. 

  326. 		public $user_email;
    327. 

  327. 		
    328. 

  328. 		/**
    329. 

  329. 		 * the text for the comment
    330. 

  330. 		 * @var string
    331. 

  331. 		*/
    332. 

  332. 		public $commentText;
    333. 

  333. 		
    334. 

  334. 		function __construct($bID, $cID = NULL) {
    335. 

  335. 			$this->bID = $bID;
    336. 

  336. 			$this->cID = $cID;
    337. 

  337. 		}
    338. 

  338. 		
    339. 

  339. 		/** 
    340. 

  340. 		 * Loads the object data from the db
    341. 

  341. 		 * @param integer $entryID
    342. 

  342. 		 * @return bool
    343. 

  343. 		*/
    344. 

  344. 		function loadData($entryID) {
    345. 

  345. 			$db = Loader::db();
    346. 

  346. 			$data = $db->getRow("SELECT * FROM btGuestBookEntries WHERE entryID=? AND bID=?",array($entryID,$this->bID));
    347. 

  347. 		
    348. 

  348. 			$this->entryID 		= $data['entryID'];
    349. 

  349. 			$this->user_name 	= $data['user_name'];
    350. 

  350. 			$this->user_email 	= $data['user_email'];
    351. 

  351. 			$this->commentText 	= $data['commentText'];
    352. 

  352. 			$this->uID 			= $data['uID'];
    353. 

  353. 		}
    354. 

  354. 		
    355. 

  355. 		/** 
    356. 

  356. 		 * Adds an entry to the guestbook for the current block
    357. 

  357. 		 * @param string $comment
    358. 

  358. 		 * @param string $name
    359. 

  359. 		 * @param string $email
    360. 

  360. 		*/
    361. 

  361.  		function addEntry($comment, $name, $email, $approved, $cID, $uID=0 ) {
    362. 

  362. 			$txt = Loader::helper('text');
    363. 

  363.  		
    364. 

  364. 			$db = Loader::db();
    365. 

  365. 			$query = "INSERT INTO btGuestBookEntries (bID, cID, uID, user_name, user_email, commentText, approved) VALUES (?, ?, ?, ?, ?, ?, ?)";
    366. 

  366. 			$res = $db->query($query, array($this->bID, $cID, intval($uID), $txt->sanitize($name), $txt->sanitize($email), $txt->sanitize($comment), $approved) );
    367. 

  367. 

  368. 			$this->adjustCountCache(1);
    369. 

  369. 		}
    370. 

  370. 

  371. 		/**
    372. 

  372. 		* Adjusts cache of count bynumber specified, 
    373. 

  373. 		*
    374. 

  374. 		* Refreshes from db if cache is invalidated or
    375. 

  375. 		* false is called in
    376. 

  376. 		*/		
    377. 

  377. 		private function adjustCountCache($number=false){
    378. 

  378. 			$ca 	= new Cache();
    379. 

  379. 			$db 	= Loader::db();			
    380. 

  380. 			$count = $ca->get('GuestBookCount',$this->cID."-".$this->bID);
    381. 

  381. 			if($count && $number){
    382. 

  382. 				$count += $number;				
    383. 

  383. 			} else{
    384. 

  384. 				$q = 'SELECT count(bID) as count
    385. 

  385. 				FROM btGuestBookEntries
    386. 

  386. 				WHERE bID = ?
    387. 

  387. 				AND cID = ?
    388. 

  388. 				AND approved=1';				
    389. 

  389. 				$v = Array($this->bID, $this->cID);
    390. 

  390. 				$rs = $db->query($q,$v);
    391. 

  391. 				$row = $rs->FetchRow();
    392. 

  392. 				$count = $row['count'];
    393. 

  393. 			}
    394. 

  394. 			$ca->set('GuestBookCount',$this->cID."-".$this->bID,$count);
    395. 

  395. 		}
    396. 

  396. 		
    397. 

  397. 		/** 
    398. 

  398. 		 * Updates the given guestbook entry for the current block
    399. 

  399. 		 * @param integer $entryID
    400. 

  400. 		 * @param string $comment
    401. 

  401. 		 * @param string $name
    402. 

  402. 		 * @param string $email
    403. 

  403. 		 * @param string $uID
    404. 

  404. 		*/
    405. 

  405. 	 	function updateEntry($entryID, $comment, $name, $email, $uID=0 ) {
    406. 

  406. 			$db = Loader::db();
    407. 

  407. 			$txt = Loader::helper('text');
    408. 

  408. 			$query = "UPDATE btGuestBookEntries SET user_name=?, uID=?, user_email=?, commentText=? WHERE entryID=? AND bID=?";
    409. 

  409. 			$res = $db->query($query, array($txt->sanitize($name), intval($uID), $txt->sanitize($email),$txt->sanitize($comment),$entryID,$this->bID));
    410. 

  410. 		}
    411. 

  411.  		
    412. 

  412. 		/** 
    413. 

  413. 		 * Deletes the given guestbook entry for the current block
    414. 

  414. 		 * @param integer $entryID
    415. 

  415. 		*/
    416. 

  416. 		function removeEntry($entryID) {
    417. 

  417. 			$db = Loader::db();
    418. 

  418. 			$query = "DELETE FROM btGuestBookEntries WHERE entryID=? AND bID=?";
    419. 

  419. 			$res = $db->query($query, array($entryID,$this->bID));
    420. 

  420. 			$this->adjustCountCache(-1);
    421. 

  421. 		}
    422. 

  422. 		
    423. 

  423. 		function approveEntry($entryID) {
    424. 

  424. 			$db = Loader::db();
    425. 

  425. 			$query = "UPDATE btGuestBookEntries SET approved = 1 WHERE entryID=? AND bID=?";
    426. 

  426. 			$res = $db->query($query, array($entryID,$this->bID));
    427. 

  427. 			$this->adjustCountCache(1);
    428. 

  428. 		}
    429. 

  429. 	
    430. 

  430. 		function unApproveEntry($entryID) {
    431. 

  431. 			$db = Loader::db();
    432. 

  432. 			$query = "UPDATE btGuestBookEntries SET approved = 0 WHERE entryID=? AND bID=?";
    433. 

  433. 			$res = $db->query($query, array($entryID,$this->bID));
    434. 

  434. 			$this->adjustCountCache(-1);
    435. 

  435. 		}
    436. 

  436. 		
    437. 

  437. 		/** 
    438. 

  438. 		 * Deletes all the entries for the current block
    439. 

  439. 		*/
    440. 

  440. 		function removeAllEntries($cID) {
    441. 

  441. 			$db = Loader::db();
    442. 

  442. 			$query = "DELETE FROM btGuestBookEntries WHERE bID=? AND cID = ?";
    443. 

  443. 			$res = $db->query($query, array($this->bID, $cID));	
    444. 

  444. 			$this->adjustCountCache(false);
    445. 

  445. 		}
    446. 

  446. 		
    447. 

  447. 		/** 
    448. 

  448. 		 * gets all entries for the current block
    449. 

  449. 		 * @param integer $bID
    450. 

  450. 		 * @param string $order ASC|DESC
    451. 

  451. 		 * @return array $rows	
    452. 

  452. 		*/
    453. 

  453. 		public static function getAll($bID, $cID, $order="ASC") {
    454. 

  454. 			$db = Loader::db();
    455. 

  455. 			$query = "SELECT * FROM btGuestBookEntries WHERE bID = ? AND cID = ? ORDER BY entryDate {$order}"; 
    456. 

  456. 			
    457. 

  457. 			$rows = $db->getAll($query,array($bID,$cID));		
    458. 

  458. 			
    459. 

  459. 			return $rows;
    460. 

  460. 		}
    461. 

  461. 	
    462. 

  462. 	} // end class def
    463.