comment.module

<?php
// $Id$

$GLOBALS["cmodes"] = array(1 => t("Flat list - collapsed"), 2 => t("Flat list - expanded"), 3 => t("Threaded list - collapsed"), 4 => t("Threaded list - expanded"));
$GLOBALS["corder"] = array(1 => t("Date - newest first"), 2 => t("Date - oldest first"));

function comment_help() {
  $output .= "<p>The comment module enables users to submit posts that are directly associated with a piece of content.  These associated posts are called <i>comments</i>.  Comments may be <i>threaded</i>, which means that Drupal keeps track of multiple subconversations around a piece of content.  Threading helps to keep the comment conversation more organized.  Users are presented with several ways to view the comment conversation, and if desired, users may easily choose a <i>flat</i> presentation of comments instead of threaded.  Further, users may choose to order their comments view by <i>newest first</i> or by <i>oldest first</i>.  Finally, users may view a folded list or an expanded list of comments.  Folded limits the comment display to <i>subject</i> only.  Drupal remembers the comment view preference of each registered user whenever he changes a view setting.</p>";
  $output .= "<p>Users may also choose to view a maximum number of comments; if there are more comments, navigation links are dispayed.</p>";
  $output .= "<p>Since a busy site generates lots of comments, Drupal takes care to present a personalized view of comments for each user.  The home page lists displays the number of read and unread comments for a given post for the current user.  Also, the tracker module (when installed) displays all recent comments on the site.  Finally, comments which the user has not yet read are highlighted with a red star (this graphic may depend on the current theme).</p>";
  $output .= "<p>Comments behave like other user submissions in Drupal.  Specifically, ". l("filters", "admin/system&amp;type=filter") ." like smileys and HTML work fine if the administrator has enabled them.  Also, throttles are usually enabled to prevent a single user from spamming the web site with too many comments in a short period of time.</p>";
  $output .= "<p>Administrators may control which persons are allowed to submit and administer comments.  These controls appear in the ". l("user permissions", "admin/user/permission") ." administration page.  Additionally, administrators may edit or search through comments on the ". l("comments admininistration page", "admin/comment") .", as well as set the default display view for new users. Administrators can also state whether a certain role will have their comments published immediately, or just put in a queue to be reviewed.</p>";
  $output .= "<p>If you really have a lot of comments, you can enable moderation. You assign moderation permissions to role(s), then setup some \"moderation votes\"; these votes will appear to moderators in a dropdown menu near the comment. You also have to assign, for every role and every vote, a value, which can be either positive or negative; use the moderation matrix to do this. This allows for some roles having greater \"weight\" in their moderation, if you wish. If you set a value to 0, that vote won't be available to that role. When a user moderates, the value of their vote is added or subtracted to the score of that comment. Finally, you may want to setup the comment thresholds: these are floor/ceiling values which users see in the comment control panel. Threshholds are useful for hiding poorly rated comments while reading your site.</p>";

  return $output;
}

function comment_system($field) {
  $system["description"] = t("Enables user to comment on content (nodes).");
  return $system[$field];
}

function comment_settings() {
  global $cmodes, $corder;

  $output .= form_select(t("Default display mode"), "comment_default_mode", variable_get("comment_default_mode", 4), $cmodes, t("The default view for comments. Expanded views display the body of the comment. Threaded views keep replies together."));
  $output .= form_select(t("Default display order"), "comment_default_order", variable_get("comment_default_order", 1), $corder, t("The default sorting for new users and anonymous users while viewing comments. These users may change their view using the comment control panel. For registered users, this change is remembered as a persistent user preference."));
  $output .= form_textfield(t("Default comments per page"), "comment_default_per_page", variable_get("comment_default_per_page", "50"), 5, 5, t("Default number of comments for each page; more comments are distributed in several pages."));

  $result = db_query("SELECT fid, filter FROM moderation_filters");
  while ($filter = db_fetch_object($result)) {
    $thresholds[$filter->fid] = ($filter->filter);
  }

  $output .= form_select(t("Default threshold"), "comment_default_threshold", variable_get("comment_default_threshold", 0), $thresholds, t("Thresholds are values below which comments are hidden. These thresholds are useful for busy sites which want to hide poor comments from most users."));

  $output .= form_select(t("Preview comment"), "comment_preview", variable_get("comment_preview", 1), array(t("Optional"), t("Required")), t("Must users preview comments before submitting?"));
  $output .= form_select(t("New comment form"), "comment_new_form", variable_get("comment_new_form", 0), array(t("Disabled"), t("Enabled")), t("New comment form in the node page?"));
  $output .= form_select(t("Comment controls"), "comment_controls", variable_get("comment_controls", 0), array(t("Above comments"), t("Below comments"), t("Above and below")), t("Position of the comment controls box."));

  return $output;
}

function comment_user($type, $edit, &$user) {
  switch ($type) {
    case "view_public":
      if ($user->signature) {
        return form_item(t("Signature"), check_output($user->signature));
      }
      break;
    case "view_private":
      if ($user->signature) {
        return form_item(t("Signature"), check_output($user->signature));
      }
      break;
    case "edit_form":
      // when user tries to edit his own data
      return form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>")));
    case "edit_validate":
      // validate user data editing
      return array("signature" => filter($edit["signature"]));
  }
}

function comment_access($op, $comment) {
  global $user;

  if ($op == "edit") {

    /*
    ** Authenticated users can edit their comments as long they have
    ** not been replied to.  This, in order to avoid people changing
    ** or revising their statements based on the replies their posts
    ** got. Furthermore, users can't reply to their own comments and
    ** are encouraged to extend their original comment.
    */

    return $user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0;
  }

}

function comment_form($edit) {
  global $user;

  $form .= "<a name=\"comment\"></a>\n";

  // name field:
  $form .= form_item(t("Your name"), format_name($user));

  // subject field:
  $form .= form_textfield(t("Subject"), "subject", $edit["subject"], 50, 64);

  // comment field:
  $form .= form_textarea(t("Comment"), "comment", $edit["comment"] ? $edit["comment"] : $user->signature, 70, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>")));

  // preview button:
  $form .= form_hidden("cid", $edit["cid"]);
  $form .= form_hidden("pid", $edit["pid"]);
  $form .= form_hidden("nid", $edit["nid"]);

  if (!$edit["comment"] && variable_get("comment_preview", 1)) {
    $form .= form_submit(t("Preview comment"));
  }
  else {
    $form .= form_submit(t("Preview comment"));
    $form .= form_submit(t("Post comment"));
  }

  return form($form, "post", url("comment/reply". $edit["nid"]));
}

function comment_edit($cid) {
  global $user;

  $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name, u.data FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '%d' AND c.status != 2", $cid));

  if (comment_access("edit", $comment)) {
    comment_preview(object2array($comment));
  }
}

function comment_reply($pid, $nid) {
  global $theme;

  if (user_access("access comments")) {

    /*
    ** Show comment
    */

    if ($pid) {
      $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name, u.data FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '%d' AND c.status = 0", $pid));
      comment_view($comment);
    }
    else {
      node_view(node_load(array("nid" => $nid)));
      $pid = 0;
    }

    /*
    ** If possible, show reply form
    */

    if (node_comment_mode($nid) == 1) {
      $theme->box(t("Reply"), t("This discussion is closed: you can't post new comments."));
    }
    else if (user_access("post comments", $context)) {
      $theme->box(t("Reply"), comment_form(array("pid" => $pid, "nid" => $nid)));
    }
    else {
      $theme->box(t("Reply"), t("You are not authorized to post comments."));
    }
  }
  else {
    $theme->box(t("Reply"), t("You are not authorized to view comments."));
  }
}

function comment_preview($edit) {
  global $theme, $user;

  foreach ($edit as $key => $value) {
    $comment->$key = filter($value);
  }

  /*
  ** Attach the user and time information:
  */

  $comment->uid = $user->uid;
  $comment->name = $user->name;
  $comment->timestamp = time();

  /*
  ** Preview the comment:
  */

  comment_view($comment);

  $theme->box(t("Reply"), comment_form($edit));

  if ($edit["pid"]) {
    $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name, u.data FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '%d' AND c.status = 0", $edit["pid"]));
    comment_view($comment);
  }
  else {
    node_view(node_load(array("nid" => $edit["nid"])));
    $edit["pid"] = 0;
  }
}

function comment_post($edit) {
  global $user;

  if (user_access("post comments") && node_comment_mode($edit["nid"]) == 2) {

    /*
    ** Validate the comment's subject.  If not specified, extract
    ** one from the comment's body.
    */

    $edit["subject"] = strip_tags($edit["subject"]);

    if ($edit["subject"] == "") {
      $edit["subject"] = substr(strip_tags($edit["comment"]), 0, 29);
    }

    /*
    ** Validate the comment's body.
    */

    $edit["comment"] = filter($edit["comment"]);

    if ($edit["comment"] == "") {
      return array(t("Empty comment"), t("The comment you submitted is empty."));
    }

    /*
    ** Check for duplicate comments.  Note that we have to use the
    ** validated/filtered data to perform such check.
    */

    $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '%d' AND nid = '%d' AND subject = '%s' AND comment = '%s'", $edit["pid"], $edit["nid"], $edit["subject"], $edit["comment"]), 0);

    if ($duplicate != 0) {
      watchdog("warning", "comment: duplicate '". $edit["subject"] ."'");
      return array(t("Duplicate comment"), t("The comment you submitted has already been inserted."));
    }
    else {

      if ($edit["cid"]) {

        /*
        ** Update the comment in the database.  Note that the update
        ** query will fail if the comment isn't owned by the current
        ** user.
        */

        db_query("UPDATE comments SET subject = '%s', comment = '%s' WHERE cid = '%d' AND uid = '$user->uid'", $edit["subject"], $edit["comment"], $edit["cid"]);

        /*
        ** Fire a hook
        */

        module_invoke_all("comment", "update", $edit);

        /*
        ** Add entry to the watchdog log:
        */

        watchdog("special", "comment: updated '". $edit["subject"] ."'", l(t("view comment"), "node/view/". $edit["nid"] ."#". $edit["cid"]));
      }
      else {
        /*
        ** Check the user's comment submission rate.  If exceeded,
        ** throttle() will bail out.
        */

        throttle("post comment", variable_get("max_comment_rate", 60));

        /*
        ** Add the comment to database:
        */

        $status = user_access("post comments without approval") ? 0 : 1;
        $roles = variable_get("comment_roles", array());
        $score = $roles[$user->rid] ? $roles[$user->rid] : 0;
        $users = serialize(array(0 => $score));

        $edit["cid"] = db_next_id("comments");

        db_query("INSERT INTO comments (cid, nid, pid, uid, subject, comment, hostname, timestamp, status, score, users) VALUES ('%d', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", $edit["cid"], $edit["nid"], $edit["pid"], $user->uid, $edit["subject"], $edit["comment"], getenv("REMOTE_ADDR"), time(), $status, $score, $users);

        /*
        ** Tell the other modules a new comment has been submitted:
        */

        module_invoke_all("comment", "insert", $edit);

        /*
        ** Add entry to the watchdog log:
        */

        watchdog("special", "comment: added '". $edit["subject"] ."'", l(t("view comment"), "node/view/". $edit["nid"] ."#". $edit["cid"]));
      }

      /*
      ** Clear the cache so an anonymous user can see his comment being
      ** added.
      */

      cache_clear_all();
    }
  }
  else {
    watchdog("error", "comment: unauthorized comment submitted or comment submitted to a closed node '". $edit["subject"] ."'");
    return array(t("Error"), t("You are not authorized to post comments, or this node doesn't accept new comments."));
  }

  /*
  ** Redirect the user the node he commented on, or explain queue
  */

  if ($status == 1) {
    return array(t("Comment queued"), t("Your comment has been queued for moderation by site administrators and will be published after approval."));
  }
}

function comment_links($comment, $return = 1) {
  global $user, $theme;

  $links = array();

  /*
  ** If we are viewing just this comment, we link back to the node
  */

  if ($return) {
    $links[] = l(t("parent"), "node/view/$comment->nid#$comment->cid");
  }

  /*
  ** Admin link
  */

  if (user_access("administer comments") && user_access("access administration pages")) {
    $links[] = l(t("administer"), "admin/comment/edit/$comment->cid");
  }

  /*
  ** Possibly show edit and reply links
  */

  if (node_comment_mode($comment->nid) == 2) {
    if (user_access("post comments")) {
      if (comment_access("edit", $comment)) {
        $links[] = l(t("edit your comment"), "comment/edit/$comment->cid", array("title" => t("Make changes to your comment.")));
      }
      $links[] = l(t("reply to this comment"), "comment/reply/$comment->nid/$comment->cid");
    }
    else {
      $links[] = theme("comment_post_forbidden");
    }
  }

  if ($moderation = comment_moderation_form($comment)) {
    $links[] = $moderation;
  }

  return $theme->links($links);
}

function comment_view($comment, $links = "", $visible = 1) {

  /*
  ** Switch to folded/unfolded view of the comment
  */

  if (comment_is_new($comment)) {
    $comment->new = 1;
    print "<a name=\"new\"></a>\n";
  }

  print "<a name=\"$comment->cid\"></a>\n";

  if ($visible) {
    theme("comment", $comment, $links);
  }
  else {
    theme("comment_folded", $comment);
  }
}

function comment_render($node, $cid = 0) {
  global $user, $theme, $mode, $order, $threshold, $comment_page;

  if (user_access("access comments")) {

    /*
    ** Pre-process variables:
    */

    $nid = $node->nid;
    if (empty($nid)) {
      $nid = 0;
    }

    if (empty($mode)) {
      $mode = $user->mode ? $user->mode : variable_get("comment_default_mode", 4);
    }

    if (empty($order)) {
      $order = $user->sort ? $user->sort : variable_get("comment_default_order", 1);
    }

    if (empty($threshold)) {
      $threshold = $user->uid ? $user->threshold : variable_get("comment_default_threshold", 0);
    }
    $threshold_min = db_result(db_query("SELECT minimum FROM moderation_filters WHERE fid = '%d'", $threshold));

    if (empty($comment_page)) {
      $comment_page = 1;
    }

    $comments_per_page = $user->comments_per_page ? $user->comments_per_page : variable_get("comment_default_per_page", "50");

    print "<a name=\"comment\"></a>\n";


    if ($cid) {

      /*
      ** Single comment view
      */

      print "<form method=\"post\" action=\"". url("comment") ."\">\n";
      print form_hidden("nid", $nid);

      $result = db_query("SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.data, c.score, c.users FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '%d' AND c.status = 0 GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.data, c.score, c.users", $cid);

      if ($comment = db_fetch_object($result)) {
        comment_view($comment, comment_links($comment));
      }

      if ((comment_user_can_moderate($node)) && $user->uid != $comment->uid && !(comment_already_moderated($user->uid, $comment->users))) {
        print "<div align=\"center\">". form_submit(t("Moderate comment")) ."</div><br />";
      }
      print "</form>";
    }
    else {

      /*
      ** Multiple comments view
      */

      $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.data, c.score, c.users FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0";

      if ($cid) {
        $query .= " AND pid = '". check_query($cid) ."'";
      }

      $query .= " GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.data, c.score, c.users";

      if ($order == 1) {
        $query .= " ORDER BY c.timestamp DESC";
      }
      else if ($order == 2) {
        $query .= " ORDER BY c.timestamp";
      }

      /*
      ** Start a form, to use with comment control and moderation
      */

      $result = db_query($query);
      $comment_num = db_num_rows($result);

      if ($comment_num && ((variable_get("comment_controls", 0) == 0) || (variable_get("comment_controls", 0) == 2))) {
        print "<form method=\"post\" action=\"". url("comment") ."\">\n";
        $theme->box(t("Control panel"), theme("comment_controls", $threshold, $mode, $order, $nid, $comment_page, $comment_num, $comments_per_page));
        print form_hidden("nid", $nid);
        print "</form>";
      }

      print "<form method=\"post\" action=\"". url("comment") ."\">\n";
      print form_hidden("nid", $nid);

      if ($comment_num) {
        if ($mode == 1) {
          /*
          ** Flat collapsed
          */

          while ($comment = db_fetch_object($result)) {
            $comments[$comment->cid] = $comment;
          }
          theme("comment_flat_collapsed", $comments, $threshold_min);
        }
        else if ($mode == 2) {
          /*
          ** Flat expanded
          **
          ** We page using PHP, not using SQL because otherwise we'd
          ** have to use two queries; one for each comment and one for
          ** the paged comments.  In method 1-3 we take all results
          ** anyway, wheras in method 4 we need every result to create
          ** proper pages.  It is here where we lose more, in fact for
          ** higher pages we transfer unneeded data from the db and
          ** the web server.
          **
          ** TODO: the comment above is a bit cryptic.  Mind to make it
          **       a bit more verbose/explanatory?
          */

          $comment_num = 0;
          $page = 1;
          while ($comment = db_fetch_object($result)) {
            if ($page == $comment_page) {
              $comments[$comment->cid] = $comment;
            }
            $comment_num++;
            if ($comment_num == $comments_per_page) {
              if ($page == $comment_page) {
                break;
              }
              else {
                $comment_num = 0;
                $page++;
              }
            }

            if ($user->uid != $comment->uid && !(comment_already_moderated($user->uid, $comment->users))) {
              $show_moderate_button = 1;
            }
          }

          theme("comment_flat_expanded", $comments, $threshold_min);

          if (comment_user_can_moderate($node) && $show_moderate_button) {
            print "<div align=\"center\">". form_submit(t("Moderate comments")) ."</div><br />";
          }
        }
        else if ($mode == 3) {
          /*
          ** Threaded collapsed
          */

          while ($comment = db_fetch_object($result)) {
            $comments[$comment->cid] = $comment;
          }
          if ($comments) {
            theme("comment_thread_min", $comments, $threshold_min);
          }
        }
        else {
          /*
          ** Threaded expanded
          */

          while ($comment = db_fetch_object($result)) {
            $comments[$comment->cid] = $comment;

            if ($user->uid != $comment->uid && !(comment_already_moderated($user->uid, $comment->users))) {
              $show_moderate_button = 1;
            }
          }

          /*
          ** Build the comment structure
          */

          $structure = comment_thread_structure($comments, 0, 0, array());

          $comment_num = 0;
          $page = 1;
          foreach ($structure as $cid => $depth) {
            if ($page == $comment_page) {
              theme("comment_thread_max", $comments[$cid], $threshold_min, $depth - 1);
            }
            $comment_num++;
            if ($comment_num == $comments_per_page) {
              if ($page == $comment_page) {
                break;
              }
              else {
                $comment_num = 0;
                $page++;
              }
            }
          }

          if (comment_user_can_moderate($node) && $show_moderate_button) {
            print "<div align=\"center\">". form_submit(t("Moderate comments")) ."</div><br />";
          }
        }
      }

      print "</form>";

      if ($comment_num && ((variable_get("comment_controls", 0) == 1) || (variable_get("comment_controls", 0) == 2))) {
        print "<form method=\"post\" action=\"". url("comment") ."\">\n";
        $theme->box(t("Control panel"), theme("comment_controls", $threshold, $mode, $order, $nid, $comment_page, $comment_num, $comments_per_page));
        print form_hidden("nid", $nid);
        print "</form>";
      }
    }

    /*
    ** If enabled, show new comment form
    */

    if (user_access("post comments") && node_comment_mode($nid) == 2 && variable_get("comment_new_form", 0)) {
      $theme->box(t("Post new comment"), comment_form(array("nid" => $nid)));
    }

    /*
    ** Tag the node's comments as being read:
    */

    comment_tag_new($nid);
  }
}

function comment_perm() {
  return array("access comments", "post comments", "administer comments", "moderate comments", "post comments without approval", "administer moderation");
}

function comment_link($type, $node = 0, $main = 0) {

  if ($type == "node" && $node->comment) {

    if ($main) {

      /*
      ** Main page: display the number of comments that have been posted.
      */

      if (user_access("access comments")) {
        $all = comment_num_all($node->nid);
        $new = comment_num_new($node->nid);

        if ($all) {
          $links[] = l(format_plural($all, "1 comment", "%count comments"), "node/view/$node->nid#comment", array("title" => t("Jump to the first comment of this posting.")));

          if ($new) {
            $links[] = l(format_plural($new, "1 new comment", "%count new comments"), "node/view/$node->nid#new", array("title" => t("Jump to the first new comment of this posting.")));
          }
        }
        else {
          if (user_access("post comments")) {
            $links[] = l(t("add new comment"), "comment/reply/$node->nid", array("title" => t("Add a new comment to this page.")));
          }
          else {
            $links[] = theme("comment_post_forbidden");
          }
        }
      }
    }
    else {
      /*
      ** Node page: add a "post comment" link if the user is allowed to
      ** post comments and if this node is not read-only
      */

      if ($node->comment == 2) {
        if (user_access("post comments")) {
          $links[] = l(t("add new comment"), "comment/reply/$node->nid", array("title" => t("Share your thoughts and opinions related to this posting.")));
        }
        else {
          $links[] = theme("comment_post_forbidden");
        }
      }
      else {
        $links[] = t("Closed discussion: you can't post new comments.");
      }
    }
  }

  if ($type == "admin" && user_access("administer comments")) {
    $settings = "If you really have a lot of comments, you can enable moderation. You assign moderation permissions to role(s), then setup some 'moderation votes'; these votes will appear to moderators in a dropdown menu near the comment. You also have to assign, for every role and every vote, a value, which can be either positive or negative; use the moderation matrix to do this. This allows for some roles having greater 'weight' in their moderation, if you wish. If you set a value to 0, that vote won't be available to that role. When a user moderates, the value of their vote is added or subtracted to the score of that comment. Finally, you may want to setup the comment thresholds: these are floor/ceiling values which users see in the comment control panel. Threshholds are useful for hiding poorly rated comments while reading your site.";

    menu_add("comment management", url("admin/comment"), "Administer comments.", $help["comment"], "content management", 1);
     menu_add("new or updated comments", url("admin/comment&amp;status=0"),  "Display new or updated comments.", NULL, "comment management");
     menu_add("comments that await approval", url("admin/comment&amp;status=1"), "Display comments that await approval.", NULL, "comment management");
     menu_add("search comment", url("admin/comment/search"), "Search a comment.", NULL, "comment management", 8);
     menu_add("help", url("admin/comment/help"), "More information about the comment system.", NULL, "comment management", 9);

    // comment settings:
    if (user_access("administer moderation")) {
      menu_add("comment moderation votes", url("admin/comment/votes"), "Configure the comment moderation votes.", $settings, "site configuration", 5);
      menu_add("comment moderation matrix", url("admin/comment/matrix"), "Configure the comment moderation matrix.", $settings, "site configuration", 5);
      menu_add("comment moderation thresholds", url("admin/comment/filters"), "Configure the comment moderation thresholds.", $settings, "site configuration", 5);
      menu_add("initial comment scores", url("admin/comment/roles"), "Configure the initial comment score.", $settings, "site configuration", 5);
    }
  }

  return $links ? $links : array();
}

function comment_page() {
  global $theme, $op, $edit;

  if (empty($op)) {
    $op = arg(1);
  }

  switch ($op) {
    case "edit":
      $theme->header();
      comment_edit(check_query(arg(2)));
      $theme->footer();
      break;
    case t("Moderate comments"):
    case t("Moderate comment"):
      comment_moderate($edit);
      drupal_goto(url("node/view/". $edit["nid"]));
      break;
    case "reply":
      $theme->header();
      comment_reply(check_query(arg(3)), check_query(arg(2)));
      $theme->footer();
      break;
    case t("Preview comment"):
      $theme->header();
      comment_preview($edit);
      $theme->footer();
      break;
    case t("Post comment"):
      list($error_title, $error_body) = comment_post($edit);
      if ($error_body) {
        $theme->header();
        $theme->box($error_title, $error_body);
        $theme->footer();
      }
      else {
        drupal_goto(url("node/view/". $edit["nid"]));
      }
      break;
    case t("Save settings"):
      global $mode, $order, $threshold, $comments_per_page;
      comment_save_settings(check_query($mode), check_query($order), check_query($threshold), check_query($comments_per_page));
      drupal_goto(url("node/view/". $edit["nid"], "mode=$mode&amp;order=$order&amp;threshold=$threshold&amp;comments_per_page=$comments_per_page"));
      break;
  }
}

/**
*** admin functions
**/

function comment_node_link($node) {

  if (user_access("administer comments")) {

    /*
    ** Edit comments:
    */

    $result = db_query("SELECT c.cid, c.subject, u.uid, u.name FROM comments c LEFT JOIN users u ON u.uid = c.uid WHERE nid = '%d' AND c.status = 0 ORDER BY c.timestamp", $node->nid);


    $header = array(t("title"), t("author"), array("data" => t("operations"), "colspan" => 3));

    while ($comment = db_fetch_object($result)) {
      $rows[] = array(l($comment->subject, "node/view/$node->nid#$comment->cid"), format_name($comment), l(t("view comment"), "node/view/$node->nid#$comment->cid"), l(t("edit comment"), "admin/comment/edit/$comment->cid"), l(t("delete comment"), "admin/comment/delete/$comment->cid"));
    }

    if ($rows) {
      $output  = "<h3>". t("Edit comments") ."</h3>";
      $output .= table($header, $rows);
    }

    return $output;
  }
}

function comment_admin_edit($id) {

  $result = db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '%d' AND c.status != 2", $id);
  $comment = db_fetch_object($result);

  // if a comment is "deleted", it's deleted
  if ($comment) {
    $form .= form_item(t("Author"), format_name($comment));
    $form .= form_textfield(t("Subject"), "subject", $comment->subject, 70, 128);
    $form .= form_textarea(t("Comment"), "comment", $comment->comment, 70, 15);
    $form .= form_select(t("Status"), "status", $comment->status, array("published", "not published"));
    $form .= form_hidden("cid", $id);
    $form .= form_submit(t("Submit"));
    $form .= form_submit(t("Delete"));

    return form($form);
  }
}

function comment_delete($edit) {

  if ($edit["confirm"]) {
    db_query("UPDATE comments SET status = 2 WHERE cid = '%d'", $edit["cid"]);
    watchdog("special", "comment: deleted comment #". $edit["cid"]);
    $output = "deleted comment.";
  }
  else {
    $output .= form_item(t("Confirm deletion"), "");
    $output .= form_hidden("cid", $edit["cid"]);
    $output .= form_hidden("confirm", 1);
    $output .= form_submit(t("Delete"));
    $output = form($output);
  }

  return $output;
}

function comment_save($id, $edit) {
  db_query("UPDATE comments SET subject = '%s', comment = '%s', status = '%s' WHERE cid = '%d'", filter($edit["subject"]), filter($edit["comment"]), $edit["status"], $id);
  watchdog("special", "comment: modified '". $edit["subject"] ."'");
  return "updated comment.";
}

function comment_admin_overview($status = 0) {

  $result = pager_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON u.uid = c.uid WHERE c.status = '". check_query($status) ."' ORDER BY c.timestamp DESC");

  $header = array(t("subject"), t("author"), t("status"), array("data" => t("operations"), "colspan" => 2));
  while ($comment = db_fetch_object($result)) {
    $rows[] = array(l($comment->subject, "node/view/$comment->nid/$comment->cid#$comment->cid", array("title" => htmlentities(substr($comment->comment, 0, 128)))) ." ". (comment_is_new($comment) ? theme_mark() : ""), format_name($comment), ($comment->status == 0 ? t("published") : t("not published")) ."</td><td>". l(t("edit comment"), "admin/comment/edit/$comment->cid"), l(t("delete comment"), "admin/comment/delete/$comment->cid"));
  }

  if ($pager = pager_display(NULL, 50, 0, "admin")) {
    $rows[] = array(array("data" => $pager, "colspan" => 5));
  }

  return table($header, $rows);
}

function comment_mod_matrix($edit) {
  global $tid, $rid;

  $output .= "<h3>Moderators/vote values matrix</h3>";
  $output .= "<p><small><b>Note:</b> you must assign the <b>moderate comments</b> permission to at least one role in order to use this page.</small></p>";
  $output .= "<p>In order to use comment moderation, every textbox on this page should be populated with an integer.  On this page, you also might wish to value the votes from some users more than others. For example, administrator votes might count twice as much as authenticated users.</p>";

  if ($rid) {
    db_query("DELETE FROM moderation_roles");
    foreach ($rid as $role_id => $votes) {
      foreach ($votes as $mid => $value) {
        $sql[] = "('$mid', '$role_id', '$value')";
      }
    }
    db_query("INSERT INTO moderation_roles (mid, rid, value) VALUES ". implode(", ", $sql));
  }

  $result = db_query("SELECT r.rid, r.name FROM role r, permission p WHERE r.rid = p.rid AND p.perm LIKE '%moderate comments%'");
  $role_names = array();
  while ($role = db_fetch_object($result)) {
    $role_names[$role->rid] = $role->name;
  }

  $result = db_query("SELECT rid, mid, value FROM moderation_roles");
  while ($role = db_fetch_object($result)) {
    $mod_roles[$role->rid][$role->mid] = $role->value;
  }

  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
  $output .= " <tr><th>" . t("votes") . "</th><th>". implode("</th><th>", array_values($role_names)) ."</th></tr>";

  $result = db_query("SELECT mid, vote FROM moderation_votes ORDER BY weight");
  while ($vote = db_fetch_object($result)) {
    $output .= "<tr><td>$vote->vote</td>";
    foreach (array_keys($role_names) as $rid) {
      $output .= "<td align=\"center\"><input maxlength=\"3\" name=\"rid[$rid][$vote->mid]\" size=\"4\" value=\"". $mod_roles[$rid][$vote->mid] ."\" /></td>";
    }
    $output .= "</tr>";
  }
  $output .= "</table>";
  $output .= "<br />". form_submit(t("Submit votes"));

  return form($output);
}

function comment_mod_roles($edit) {

  $output .= "<h3>Initial comment scores</h3>";
  $output .= "<p>Here is your opportunity to value comments from some users more than others. For example, administrator comments might count twice as much as authenticated users. Enter an integr into the <b>initial score</b> column.</p>";

  if ($edit) {
    variable_set("comment_roles", $edit);
  }

  $start_values = variable_get("comment_roles", array());

  $result = db_query("SELECT r.rid, r.name FROM role r, permission p WHERE r.rid = p.rid AND p.perm LIKE '%post comments%'");

  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
  $output .= " <tr><th>" . t("user role") . "</th><th>" . t("initial score") . "</th></tr>";

  while ($role = db_fetch_object($result)) {
    $output .= "<tr><td>$role->name</td>";
    $output .= "<td align=\"center\"><input maxlength=\"3\" name=\"edit[$role->rid]\" size=\"4\" value=\"". $start_values[$role->rid] ."\" /></td></tr>";
  }

  $output .= "</table>";
  $output .= "<br />". form_submit(t("Save scores"));

  return form($output);
}

function comment_mod_votes($edit) {
  global $op, $mid, $tid;

  if ($op == t("Save vote")) {
    db_query("UPDATE moderation_votes SET vote = '%s', weight = '%d' WHERE mid = '%d'", $edit["vote"], $edit["weight"], $mid);
    $mid = 0;
  }
  else if ($op == t("Delete vote")) {
    db_query("DELETE FROM moderation_votes WHERE mid = '%d'", $mid);
    db_query("DELETE FROM moderation_roles WHERE mid = '%d'", $mid);
    $mid = 0;
  }
  else if ($op == t("Add new vote")) {
    db_query("INSERT INTO moderation_votes (mid, vote, weight) VALUES (NULL, '%s', '%d')", $edit["vote"], $edit["weight"]);
    $mid = 0;
  }

  $output .= "<h3>" . t("Moderation votes overview") . "</h3>";
  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
  $output .= " <tr><th>" . t("votes") . "</th><th>" . t("weight") . "</th><th>" . t("operations") . "</th></tr>";

  $result = db_query("SELECT mid, vote, weight FROM moderation_votes ORDER BY weight");
  while ($vote = db_fetch_object($result)) {
    $output .= " <tr><td>$vote->vote</td><td align=\"center\">$vote->weight</td><td align=\"center\">". l(t("edit"), "admin/comment/votes/$vote->mid") ."</td></tr>";
  }
  $output .= "</table>";

  if ($mid) {
    $vote = db_fetch_object(db_query("SELECT vote, weight FROM moderation_votes WHERE mid = '%d'", $mid));
  }

  $output .= "<h3>Add new moderation option</h3>";
  $form .= form_textfield(t("Vote"), "vote", $vote->vote, 32, 64, t("The name of this vote.  Example: 'offtopic', 'excellent', 'sucky'."));
  $form .= form_textfield(t("Weight"), "weight", $vote->weight, 32, 64, t("Used to order votes in the comment control box; heavier sink."));
  if ($mid) {
    $form .= form_submit(t("Save vote"));
    $form .= form_submit(t("Delete vote"));
  }
  else {
    $form .= form_submit(t("Add new vote"));
  }

  $output .= form($form);

  return $output;
}

function comment_mod_filters($edit) {
  global $op, $fid, $tid;

  if ($op == t("Save threshold")) {
    db_query("UPDATE moderation_filters SET filter = '%s', minimum = '%d' WHERE fid = '%d'", $edit["filter"], $edit["minimum"], $fid);
    $fid = 0;
  }
  else if ($op == t("Delete threshold")) {
    db_query("DELETE FROM moderation_filters WHERE fid = '%d'", $fid);
    $fid = 0;
  }
  else if ($op == t("Add new threshold")) {
    db_query("INSERT INTO moderation_filters (fid, filter, minimum) VALUES (NULL, '%s', '%d')", $edit["filter"], $edit["minimum"]);
    $fid = 0;
  }

  $output .= "<h3>Comment threshold overview</h3>";
  $output .= "<p><i>Optional</i>. If your site gets lots of comments, you may offer your users thresholds, which are used to hide all comments whose moderation score is lower than the threshold. This cuts down on clutter while your readers view the site. These thresholds appear in the Comment Control Panel.</p>";
  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
  $output .= " <tr><th>" . t("name") . "</th><th>" . t("minimum score") . "</th><th>" . t("operations") . "</th></tr>";

  $result = db_query("SELECT fid, filter, minimum FROM moderation_filters ORDER BY minimum");
  while ($filter = db_fetch_object($result)) {
    $output .= " <tr><td>$filter->filter</td><td align=\"center\">$filter->minimum</td><td align=\"center\">". l(t("edit"), "admin/comment/filters/$filter->fid") ."</td></tr>";
  }
  $output .= "</table>";

  if ($fid) {
    $filter = db_fetch_object(db_query("SELECT filter, fid, minimum FROM moderation_filters WHERE fid = '%d'", $fid));
  }

  $output .= "<h3>Add new threshold</h3>";
  $form .= form_textfield(t("Threshhold name"), "filter", $filter->filter, 32, 64, t("The name of this threshold.  Example: 'good comments', '+1 comments', 'everything'."));
  $form .= form_textfield(t("Minimum score"), "minimum", $filter->minimum, 32, 64, t("Show all comments whose score is larger or equal to the provided minimal score. Range: -127 + 128"));
  if ($fid) {
    $form .= form_submit(t("Save threshold"));
    $form .= form_submit(t("Delete threshold"));
  }
  else {
    $form .= form_submit(t("Add new threshold"));
  }

  $output .= form($form);

  return $output;
}


function comment_admin() {
  global $op, $id, $edit, $mod, $keys, $order, $status, $comment_page, $comment_settings;

  if (empty($op)) {
    $op = arg(2);
  }

  if (user_access("administer comments")) {
    switch ($op) {
      case "help":
        print comment_help();
        break;
      case "edit":
        print comment_admin_edit(arg(3));
        break;
      case "search":
        print search_type("comment", url("admin/comment/search"));
        break;
      case "votes":
      case t("Add new vote"):
      case t("Delete vote"):
      case t("Save vote"):
        if (user_access("administer moderation")) {
          print comment_mod_votes($edit);
        }
        break;
      case "roles":
      case t("Save scores"):
        if (user_access("administer moderation")) {
          print comment_mod_roles($edit);
        }
        break;
      case "matrix":
      case t("Submit votes"):
        if (user_access("administer moderation")) {
          print comment_mod_matrix($edit);
        }
        break;
      case "filters":
      case t("Add new threshold"):
      case t("Delete threshold"):
      case t("Save threshold"):
        if (user_access("administer moderation")) {
          print comment_mod_filters($edit);
        }
        break;
      case "delete":
        print comment_delete(array("cid" => arg(3)));
        break;
      case t("Delete"):
        print status(comment_delete($edit));
        if (session_is_registered("comment_settings")) {
          $status = $comment_settings["status"];
          $comment_page = $comment_settings["comment_page"];
        }
        print comment_admin_overview($status, $comment_page);
        break;
      case t("Submit"):
        print status(comment_save(check_query(arg(3)), $edit));