comment.module

<?
// $Id$

$GLOBALS["cmodes"] = array(1 => "Flat list - collapsed", 2 => "Flat list - expanded", 3 => "Threaded list - collapsed", 4 => "Threaded list - expanded");
$GLOBALS["corder"] = array(1 => "Date - oldest first", 2 => "Date - newest first");

function comment_settings($mode, $order, $threshold) {
  global $user;

  if ($user->uid) {
    $user = user_save($user, array("mode" => $mode, "sort" => $order, "threshold" => $threshold));
  }
}

function comment_num_all($nid) {
  $comment = db_fetch_object(db_query("SELECT COUNT(c.nid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.nid WHERE n.nid = '$nid' GROUP BY n.nid"));
  return $comment->number ? $comment->number : 0;
}

function comment_num_new($nid) {
  global $user;

  if ($user->uid) {

    /*
    ** Retrieve the timestamp at which the current user last viewed
    ** the specified node and use this timestamp to find the number
    ** of new comments.
    */

    $history = db_fetch_object(db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$nid'"));
    $comment = db_fetch_object(db_query("SELECT COUNT(c.nid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.nid WHERE n.nid = '$nid' AND timestamp > '". ($history->timestamp ? $history->timestamp : 0) ."' GROUP BY n.nid"));

    return $comment->number ? $comment->number : 0;
  }
  else {
    return 0;
  }

}

function comment_tag_new($nid) {
  global $user;

  if ($user->uid) {
    $result = db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$nid'");
    if (db_fetch_object($result)) {
      db_query("UPDATE history SET timestamp = '". time() ."' WHERE uid = '$user->uid' AND nid = '$nid'");
    }
    else {
      db_query("INSERT INTO history (uid, nid, timestamp) VALUES ('$user->uid', '$nid', '". time() ."')");
    }
  }
}

function comment_access($op, $comment) {
  global $user;

  if ($op == "edit") {

    /*
    ** Authenticated users can edit their comments as long they have
    ** not been replied to.  This, in order to avoid people changing
    ** or revising their statements based on the replies their posts
    ** got. Furthermore, users can't reply to their own comments and
    ** are encouraged to extend their original comment.
    */

    return $user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0;
  }

}

function comment_form($edit) {
  global $user;

  $form .= "<a name=\"comment\"></a>\n";

  // name field:
  $form .= form_item(t("Your name"), format_name($user));

  // subject field:
  $form .= form_textfield(t("Subject"), "subject", $edit["subject"], 50, 64);

  // comment field:
  $form .= form_textarea(t("Comment"), "comment", $edit["comment"] ? $edit["comment"] : $user->signature, 70, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));

  // preview button:
  $form .= form_hidden("cid", $edit["cid"]);
  $form .= form_hidden("pid", $edit["pid"]);
  $form .= form_hidden("nid", $edit["nid"]);

  if (!$edit["comment"]) {
    $form .= form_submit(t("Preview comment"));
  }
  else {
    $form .= form_submit(t("Preview comment"));
    $form .= form_submit(t("Post comment"));
  }

  return form($form);
}

function comment_edit($cid) {
  global $user;

  $comment = db_fetch_object(db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$cid'"));

  if (comment_access("edit", $comment)) {
    comment_preview(object2array($comment));
  }
}

function comment_reply($pid, $nid) {
  global $theme;

  if ($pid) {
    $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$pid'"));
    comment_view($comment, t("reply to this comment"));
  }
  else {
    node_view(node_load(array("nid" => $nid)));
    $pid = 0;
  }

  if (user_access("post comments")) {
    $theme->box(t("Reply"), comment_form(array("pid" => $pid, "nid" => $nid)));
  }
  else {
    $theme->box(t("Reply"), t("You are not authorized to post comments."));
  }
}

function comment_preview($edit) {
  global $theme, $user;

  foreach ($edit as $key => $value) {
    $comment->$key = filter($value);
  }

  /*
  ** Attach the user information:
  */

  $comment->uid = $user->uid;
  $comment->name = $user->name;

  /*
  ** Attach the time:
  */

  $comment->timestamp = time();

  /*
  ** Preview the comment:
  */

  comment_view($comment, t("reply to this comment"));

  $theme->box(t("Reply"), comment_form($edit));
}

function comment_post($edit) {
  global $theme, $user;

  if (user_access("post comments")) {

    /*
    ** Validate the comment's subject.  If not specified, extract
    ** one from the comment's body.
    */

    $edit["subject"] = strip_tags(($edit["subject"] ? $edit["subject"] : substr($edit["comment"], 0, 29)));

    /*
    ** Validate the comment's body.
    */

    $edit["comment"] = filter($edit["comment"]);

    /*
    ** Check for duplicate comments.  Note that we have to use the
    ** validated/filtered data to perform such check.
    */

    $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_query($edit["pid"]) ."' AND nid = '". check_query($edit["nid"]) ."' AND subject = '". check_query($edit["subject"]) ."' AND comment = '". check_query($edit["comment"]) ."'"), 0);

    if ($duplicate != 0) {
      watchdog("warning", "comment: duplicate '". $edit["subject"] ."'");
    }
    else {

      if ($edit["cid"]) {

        /*
        ** Update the comment in the database.  Note that the update
        ** query will fail if the comment isn't owned by the current
        ** user.
        */

        db_query("UPDATE comments SET subject = '". check_query($edit["subject"]) ."', comment = '". check_query($edit["comment"]) ."' WHERE cid = '". check_query($edit["cid"]) ."' AND uid = '$user->uid'");

        /*
        ** Add entry to the watchdog log:
        */

        watchdog("special", "comment: updated '". $edit["subject"] ."'");
      }
      else {
        /*
        ** Check the user's comment submission rate.  If exceeded,
        ** throttle() will bail out.
        */

        throttle("post comment", variable_get("max_comment_rate", 60));

        /*
        ** Add the comment to database:
        */

        db_query("INSERT INTO comments (nid, pid, uid, subject, comment, hostname, timestamp) VALUES ('". check_query($edit["nid"]) ."', '". check_query($edit["pid"]) ."', '$user->uid', '". check_query($edit["subject"]) ."', '". check_query($edit["comment"]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");

        /*
        ** Add entry to the watchdog log:
        */

        watchdog("special", "comment: added '". $edit["subject"] ."'");
      }

      /*
      ** Clear the cache:
      */

      cache_clear();

    }
  }

  /*
  ** Redirect the user the node he commented on:
  */

  $url = "node.php?id=". $edit["nid"];
  drupal_goto($url);

}

function comment_num_replies($id) {

  $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$id'");
  return ($result) ? db_result($result, 0) : 0;

}

function comment_moderation($comment) {
  global $user;

  // XXX: disabled for now
  return "";

  $values = array("--", "1", "2", "3", "4", "5");

  $moderate = db_fetch_object(db_query("SELECT * FROM moderate WHERE cid = '$comment->cid' AND uid = '$user->uid'"));

  foreach ($values as $key => $value) {
    $options .= " <option value=\"$key\"". ($moderate->score == $key ? " selected=\"selected\"" : "") .">$value</option>\n";
  }

 $output .= "<select name=\"moderate[comment][$comment->cid]\">$options</select><br />". ($comment->score ? $comment->score : "--") ." / $comment->votes";

  return $output;
}

function comment_threshold($threshold) {
  // XXX: disabled for now
  return "";

  for ($i = 0; $i < 6; $i++) $options .= " <option value=\"$i\"". ($threshold == $i ? " SELECTED" : "") .">". t("Visibility") ." - $i</option>";
  return "<select name=\"threshold\">$options</select>\n";
}

function comment_mode($mode) {
  global $cmodes;

  foreach ($cmodes as $key => $value) $options .= " <option value=\"$key\"". ($mode == $key ? " SELECTED" : "") .">$value</option>\n";
  return "<select name=\"mode\">$options</select>\n";
}

function comment_order($order) {
  global $corder;

  foreach ($corder as $key=>$value) $options .= " <option value=\"$key\"". ($order == $key ? " SELECTED" : "") .">$value</option>\n";
  return "<select name=\"order\">$options</select>\n";
}

function comment_query($nid, $order, $pid = -1) {

  $query .= "SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.nid = '$nid'";

  if ($pid >= 0) {
    $query .= " AND pid = '$pid'";
  }

  $query .= " GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name";

  if ($order == 1) {
    $query .= " ORDER BY c.timestamp DESC";
  }
  else if ($order == 2) {
    $query .= " ORDER BY c.timestamp";
  }

  return db_query($query);

}

function comment_visible($comment, $threshold = 0) {
  if ($comment->votes == 0 || $comment->score >= $threshold) {
    return 1;
  }
  else {
    return 0;
  }
}

function comment_links($comment, $return = 1) {
  global $user, $theme;

  $links = array();

  if ($return) {
    $links[] = "<a href=\"node.php?id=$comment->nid#$comment->cid\"><font color=\"$theme->type\">". t("return") ."</font></a>";
  }

  if (user_access("administer comments")) {
    $links[] = "<a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\"><font color=\"$theme->type\">". t("administer") ."</font></a>";
  }

  if (user_access("post comments")) {
    if (comment_access("edit", $comment)) {
      $links[] = "<a href=\"module.php?mod=comment&op=edit&id=$comment->cid\"><font color=\"$theme->type\">". t("edit your comment") ."</font></a>";
    }
    else {
      $links[] = "<a href=\"module.php?mod=comment&op=reply&id=$comment->nid&pid=$comment->cid\"><font color=\"$theme->type\">". t("reply to this comment") ."</font></a>";
    }
  }


  return $theme->links($links);
}

function comment_view($comment, $folded = 0) {
  global $theme;

  if ($folded) {
    $theme->comment($comment, $folded);
  }
  else {
    print "<a href=\"node.php?id=$comment->nid&cid=$comment->cid#$comment->cid\">". check_output($comment->subject) ."</a> by ". format_name($comment) ."</small><p />";
  }
}

function comment_thread_min($comments, $threshold, $pid = 0) {
  global $user;

  foreach ($comments as $comment) {
    if ($comment->pid == $pid) {
      print "<ul>";
      print comment_view($comment);
      comment_thread_min($comments, $threshold, $comment->cid);
      print "</ul>";
    }
  }
}

function comment_thread_max($comments, $threshold, $pid = 0, $level = 0) {
  global $user;

  /*
  ** We had quite a few browser specific issues: expanded comments below
  ** the top level got truncated on the right hand side.  A range of
  ** solutions have been proposed and tried but either the right margins of
  ** the comments didn't line up well, or the heavily nested tables made
  ** for slow rendering and cluttered HTML.  This is the best work-around
  ** in terms of speed and size.
  */

  foreach ($comments as $comment) {
    if ($comment->pid == $pid) {
      print "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\"><tr><td width=\"". ($level * 25) ."\">&nbsp;</td><td>\n";
      comment_view($comment, comment_links($comment, 0));
      print "</td></tr></table>\n";

      comment_thread_max($comments, $threshold, $comment->cid, $level + 1);
    }
  }

}

function comment_render($nid, $cid) {
  global $user, $theme, $mode, $order, $threshold, $REQUEST_URI;

  if (user_access("access comments")) {

    /*
    ** Pre-process variables:
    */

    if (empty($nid)) {
      $nid = 0;
    }

    if (empty($cid)) {
      $cid = 0;
    }

    if (empty($mode)) {
      $mode = $user->uid ? $user->mode : variable_get("default_comment_mode", 4);
    }

    if (empty($order)) {
      $order = $user->uid ? $user->sort : variable_get("default_comment_order", 1);
    }

    if (empty($threshold)) {
      // $threshold = $user->uid ? $user->threshold : variable_get("default_comment_threshold", 3);
      $threshold = 0;
    }

    print "<a name=\"comment\"></a>\n";
    print "<form method=\"post\" action=\"$REQUEST_URI\">\n";

    /*
    ** Render control panel:
    */

    $theme->box(t("Control panel"), $theme->comment_controls($threshold, $mode, $order));

    if ($cid > 0) {
      $result = db_query("SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$cid' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name");
      if ($comment = db_fetch_object($result)) {
        comment_view($comment, comment_links($comment));
      }
    }
    else {
      if ($mode == 1) {
        $result = comment_query($nid, $order);
        print "<table border=\"0\" cellpadding=\"2\" cellspacing=\"2\">\n";
        print " <tr><th>Subject</th><th>Author</th><th>Date</th><th>Score</th></tr>\n";
        while ($comment = db_fetch_object($result)) {
          if (comment_visible($comment, $threshold)) {
            print " <tr><td><a href=\"node.php?id=$comment->nid&cid=$comment->cid#$comment->cid\">". check_output($comment->subject) ."</a></td><td>". format_name($comment) ."</td><td>". format_date($comment->timestamp, "small") ."</td><td>$comment->score</td></tr>\n";
          }
        }
        print "</table>\n";
      }
      else if ($mode == 2) {
        $result = comment_query($nid, $order);
        while ($comment = db_fetch_object($result)) {
          comment_view($comment, (comment_visible($comment, $threshold) ? comment_links($comment, 0) : 0));
        }
      }
      else if ($mode == 3) {
        $result = comment_query($nid, $order);
        while ($comment = db_fetch_object($result)) {
          $comments[] = $comment;
        }

        if ($comments) {
          comment_thread_min(array_reverse($comments), $threshold);
        }
      }
      else {
        $result = comment_query($nid, $order);
        while ($comment = db_fetch_object($result)) {
          $comments[] = $comment;
        }

        if ($comments) {
          comment_thread_max(array_reverse($comments), $threshold);
        }
      }
    }

    print "</form>";

  }
}

function comment_search($keys) {
  global $PHP_SELF;
  $result = db_query("SELECT c.*, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20");
  while ($comment = db_fetch_object($result)) {
    $find[$i++] = array("title" => check_output($comment->subject), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->nid&cid=$comment->cid"), "user" => $comment->name, "date" => $comment->timestamp);
  }
  return $find;
}

function comment_perm() {
  return array("access comments", "post comments", "administer comments");
}

function comment_link($type, $node = 0, $main = 0) {

  if ($type == "admin" && user_access("administer comments")) {
    $links[] = "<a href=\"admin.php?mod=comment\">comments</a>";
  }

  if ($type == "node" && $node->comment) {

    if ($main) {

      /*
      ** Main page: display the number of comments that have been posted.
      */

      if (user_access("access comments")) {
        $all = comment_num_all($node->nid);
        $new = comment_num_new($node->nid);

        $links[] = "<a href=\"node.php?id=$node->nid#comment\">". format_plural($all, "comment", "comments") . ($new ? ", $new ". t("new") : "") ."</a>";
      }
    }
    else {
      /*
      ** Tag the node's comments as read:
      */

      comment_tag_new($node->nid);

      /*
      ** Node page: add a "post comment" link if the user is allowed to
      ** post comments.
      */

      if (user_access("post comments")) {
        $links[] = "<a href=\"module.php?mod=comment&op=reply&id=$node->nid#comment\">". t("add new comment") ."</a>";
      }
    }
  }

  return $links ? $links : array();
}

function comment_node_link($node) {

  if (user_access("administer comments") && comment_num_all($node->nid)) {

    /*
    ** Edit comments:
    */

    $result = db_query("SELECT c.cid, c.subject, u.uid, u.name FROM comments c LEFT JOIN users u ON u.uid = c.uid WHERE nid = '$node->nid' ORDER BY c.timestamp");

    $output .= "<h3>". t("Edit comments") ."</h3>";
    $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
    $output .= " <tr><th>title</th><th>author</th><th colspan=\"3\">operations</th></tr>";

    while ($comment = db_fetch_object($result)) {
      $output .= "<tr><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">$comment->subject</a></td><td>". format_name($comment) ."</td><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">". t("view comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\">". t("edit comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=delete&id=$comment->cid\">". t("delete comment") ."</a></td></tr>";
    }

    $output .= "</table>";

    return $output;
  }
}


function comment_save($id, $edit) {
  db_query("UPDATE comments SET subject = '". check_query(filter($edit["subject"])) ."', comment = '". check_query(filter($edit["comment"])) ."' WHERE cid = '$id'");
  watchdog("special", "comment: modified '". $edit["subject"] ."'");
}

function comment_page() {
  global $theme, $op, $edit, $id, $pid, $cid;

  switch ($op) {
    case "edit":
      $theme->header();
      comment_edit(check_query($id));
      $theme->footer();
      break;
    case "reply":
      $theme->header();
      comment_reply(check_query($pid), check_query($id));
      $theme->footer();
      break;
    case t("Preview comment"):
      $theme->header();
      comment_preview($edit);
      $theme->footer();
      break;
    case t("Post comment"):
      comment_post($edit);
      break;
    case t("Update settings"):
      comment_settings(check_query($mode), check_query($order), check_query($threshold));
      break;
    default:
  }
}

function comment_admin_edit($id) {

  $result = db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$id'");
  $comment = db_fetch_object($result);

  $form .= form_item(t("Author"), format_name($comment));
  $form .= form_textfield(t("Subject"), "subject", $comment->subject, 70, 128);
  $form .= form_textarea(t("Comment"), "comment", $comment->comment, 70, 15);
  $form .= form_hidden("cid", $id);
  $form .= form_submit(t("Submit"));
  $form .= form_submit(t("Delete"));

  return form($form);
}

function comment_admin_overview() {
  $result = db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON u.uid = c.uid ORDER BY timestamp DESC LIMIT 50");

  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">\n";
  $output .= " <tr><th>subject</th><th>author</th><th>date</th><th colspan=\"2\">operations</th></tr>\n";
  while ($comment = db_fetch_object($result)) {
    $output .= " <tr><td><a href=\"node.php?id=$comment->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</a></td><td>". format_name($comment) ."</td><td>". format_date($comment->timestamp, "small") ."</td><td><a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\">edit comment</a></td><td><a href=\"admin.php?mod=comment&op=delete&id=$comment->cid\">delete comment</a></td></tr>\n";
  }
  $output .= "</table>\n";

  return $output;
}

function comment_delete($edit) {

  if ($edit["confirm"]) {
    db_query("DELETE FROM comments WHERE cid = '". check_query($edit["cid"]) ."'");
    watchdog("special", "comment: deleted comment #". $edit["cid"]);
  }
  else {
    $output .= form_item(t("Confirm deletion"), "");
    $output .= form_hidden("cid", $edit["cid"]);
    $output .= form_hidden("confirm", 1);
    $output .= form_submit(t("Delete"));
    $output = form($output);
  }

  return $output;
}

function comment_admin() {
  global $op, $id, $edit, $mod, $keys, $order;

  if (user_access("administer comments")) {

    print "<small><a href=\"admin.php?mod=comment\">overview</a> | <a href=\"admin.php?mod=comment&op=search\">search comment</a></small><hr />\n";

    switch ($op) {
      case "edit":
        print comment_admin_edit($id);
        break;
      case "search":
        print search_type("comment", "admin.php?mod=comment&op=search");
        break;
      case "delete":
        print comment_delete(array("cid" => $id));
        break;
      case t("Delete"):
        print comment_delete($edit);
        break;
      case t("Submit"):
        print status(comment_save(check_query($id), $edit));
        print comment_admin_overview();
        break;
      default:
        print comment_admin_overview();
    }
  }
  else {
    print message_access();
  }
}

?>