comment.module

<?php
// $Id$

$GLOBALS["cmodes"] = array(1 => "Flat list - collapsed", 2 => "Flat list - expanded", 3 => "Threaded list - collapsed", 4 => "Threaded list - expanded");
$GLOBALS["corder"] = array(1 => "Date - newest first", 2 => "Date - oldest first");

function comment_help() {
  $output .= "<p>The comment module enables users to submit posts that are directly associated with a piece of content.  These associated posts are called <i>comments</i>.  Comments may be <i>threaded</i>, which means that Drupal keeps track of multiple subconversations around a piece of content.  Threading helps to keep the comment conversation more organized.  Users are presented with several ways to view the comment conversation, and if desired, users may easily choose a <i>flat</i> presentation of comments instead of threaded.  Further, users may choose to order their comments view by <i>newest first</i> or by <i>oldest first</i>.  Finally, users may view a folded list or an expanded list of comments.  Folded limits the comment display to <i>subject</i> only.  Drupal remembers the comment view preference of each user whenever he changes a view setting.</p>";
  $output .= "<p>Since a busy site generates lots of comments, Drupal takes care to present a personalized view of comments for each user.  The home page lists displays the number of read and unread comments for a given post for the current user.  Also, the tracker module (when installed) displays all recent comments on the site.  Finally, comments which the user has not yet read are highlighted with a red star (this graphic may depend on the current theme).</p>";
  $output .= "<p>Comments behave like other user submissions in Drupal.  Specifically, <a href=\"admin.php?mod=system&type=filter\">filters</a> like smileys and HTML work fine if the administrator has enabled them.  Also, throttles are usually enabled to prevent a single user from spamming the web site with too many comments in a short period of time.</p>";
  $output .= "<p>Administrators may control which persons are allowed to submit and administer comments.  These controls appear in the <a href=\"admin.php?mod=user&op=permission\"></a>user permissions</a> administration page.  Additionally, administrators may edit or search through comments on the <a href=\"admin.php?mod=comment\">comments admininistration page<a>, as well as set the default display view for new users.</p>";

  return $output;
}

function comment_settings($mode, $order, $threshold) {
  global $user;

  if ($user->uid) {
    $user = user_save($user, array("mode" => $mode, "sort" => $order, "threshold" => $threshold));
  }
}

function comment_num_all($nid) {
  $comment = db_fetch_object(db_query("SELECT COUNT(c.nid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.nid WHERE n.nid = '$nid' GROUP BY n.nid"));
  return $comment->number ? $comment->number : 0;
}

function comment_num_new($nid) {
  global $user;

  if ($user->uid) {

    /*
    ** Retrieve the timestamp at which the current user last viewed
    ** the specified node and use this timestamp to find the number
    ** of new comments.
    */

    $history = db_fetch_object(db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$nid'"));
    $comment = db_fetch_object(db_query("SELECT COUNT(c.nid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.nid WHERE n.nid = '$nid' AND timestamp > '". ($history->timestamp ? $history->timestamp : 0) ."' GROUP BY n.nid"));

    return $comment->number ? $comment->number : 0;
  }
  else {
    return 0;
  }

}

function comment_tag_new($nid) {
  global $user;

  if ($user->uid) {
    $nid = check_query($nid);

    $result = db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$nid'");
    if (db_fetch_object($result)) {
      db_query("UPDATE history SET timestamp = '". time() ."' WHERE uid = '$user->uid' AND nid = '$nid'");
    }
    else {
      db_query("INSERT INTO history (uid, nid, timestamp) VALUES ('$user->uid', '$nid', '". time() ."')");
    }
  }
}

function comment_is_new($comment) {
  global $user;
  static $date;

  if (!$date) {
    if ($user->uid) {
      $history = db_fetch_object(db_query("SELECT timestamp FROM history WHERE uid = '$user->uid' AND nid = '$comment->nid'"));
      $date = $history->timestamp ? $history->timestamp : 0;
    }
    else {
      $date = time();
    }
  }

  if ($comment->timestamp > $date) {
    return 1;
  }
  else {
    return 0;
  }
}

function comment_access($op, $comment) {
  global $user;

  if ($op == "edit") {

    /*
    ** Authenticated users can edit their comments as long they have
    ** not been replied to.  This, in order to avoid people changing
    ** or revising their statements based on the replies their posts
    ** got. Furthermore, users can't reply to their own comments and
    ** are encouraged to extend their original comment.
    */

    return $user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0;
  }

}

function comment_form($edit) {
  global $user;

  $form .= "<a name=\"comment\"></a>\n";

  // name field:
  $form .= form_item(t("Your name"), format_name($user));

  // subject field:
  $form .= form_textfield(t("Subject"), "subject", $edit["subject"], 50, 64);

  // comment field:
  $form .= form_textarea(t("Comment"), "comment", $edit["comment"] ? $edit["comment"] : $user->signature, 70, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));

  // preview button:
  $form .= form_hidden("cid", $edit["cid"]);
  $form .= form_hidden("pid", $edit["pid"]);
  $form .= form_hidden("nid", $edit["nid"]);

  if (!$edit["comment"]) {
    $form .= form_submit(t("Preview comment"));
  }
  else {
    $form .= form_submit(t("Preview comment"));
    $form .= form_submit(t("Post comment"));
  }

  return form($form);
}

function comment_edit($cid) {
  global $user;

  $comment = db_fetch_object(db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$cid'"));

  if (comment_access("edit", $comment)) {
    comment_preview(object2array($comment));
  }
}

function comment_reply($pid, $nid) {
  global $theme;

  if ($pid) {
    $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$pid'"));
    comment_view($comment, t("reply to this comment"));
  }
  else {
    node_view(node_load(array("nid" => $nid)));
    $pid = 0;
  }

  if (user_access("post comments")) {
    $theme->box(t("Reply"), comment_form(array("pid" => $pid, "nid" => $nid)));
  }
  else {
    $theme->box(t("Reply"), t("You are not authorized to post comments."));
  }
}

function comment_preview($edit) {
  global $theme, $user;

  foreach ($edit as $key => $value) {
    $comment->$key = filter($value);
  }

  /*
  ** Attach the user information:
  */

  $comment->uid = $user->uid;
  $comment->name = $user->name;

  /*
  ** Attach the time:
  */

  $comment->timestamp = time();

  /*
  ** Preview the comment:
  */

  comment_view($comment, t("reply to this comment"));

  $theme->box(t("Reply"), comment_form($edit));
}

function comment_post($edit) {
  global $theme, $user;

  if (user_access("post comments")) {

    /*
    ** Validate the comment's subject.  If not specified, extract
    ** one from the comment's body.
    */

    $edit["subject"] = strip_tags(($edit["subject"] ? $edit["subject"] : substr($edit["comment"], 0, 29)));

    /*
    ** Validate the comment's body.
    */

    $edit["comment"] = filter($edit["comment"]);

    /*
    ** Check for duplicate comments.  Note that we have to use the
    ** validated/filtered data to perform such check.
    */

    $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_query($edit["pid"]) ."' AND nid = '". check_query($edit["nid"]) ."' AND subject = '". check_query($edit["subject"]) ."' AND comment = '". check_query($edit["comment"]) ."'"), 0);

    if ($duplicate != 0) {
      watchdog("warning", "comment: duplicate '". $edit["subject"] ."'");
    }
    else {

      if ($edit["cid"]) {

        /*
        ** Update the comment in the database.  Note that the update
        ** query will fail if the comment isn't owned by the current
        ** user.
        */

        db_query("UPDATE comments SET subject = '". check_query($edit["subject"]) ."', comment = '". check_query($edit["comment"]) ."' WHERE cid = '". check_query($edit["cid"]) ."' AND uid = '$user->uid'");

        /*
        ** Add entry to the watchdog log:
        */

        watchdog("special", "comment: updated '". $edit["subject"] ."'");
      }
      else {
        /*
        ** Check the user's comment submission rate.  If exceeded,
        ** throttle() will bail out.
        */

        throttle("post comment", variable_get("max_comment_rate", 60));

        /*
        ** Add the comment to database:
        */

        db_query("INSERT INTO comments (nid, pid, uid, subject, comment, hostname, timestamp) VALUES ('". check_query($edit["nid"]) ."', '". check_query($edit["pid"]) ."', '$user->uid', '". check_query($edit["subject"]) ."', '". check_query($edit["comment"]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");

        /*
        ** Add entry to the watchdog log:
        */

        watchdog("special", "comment: added '". $edit["subject"] ."'");
      }

      /*
      ** Clear the cache:
      */

      cache_clear();

    }
  }

  /*
  ** Redirect the user the node he commented on:
  */

  $url = "node.php?id=". $edit["nid"];
  drupal_goto($url);

}

function comment_num_replies($id) {

  $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$id'");
  return ($result) ? db_result($result, 0) : 0;

}

function comment_moderation($comment) {
  global $user;

  // XXX: disabled for now
  return "";

  $values = array("--", "1", "2", "3", "4", "5");

  $moderate = db_fetch_object(db_query("SELECT * FROM moderate WHERE cid = '$comment->cid' AND uid = '$user->uid'"));

  foreach ($values as $key => $value) {
    $options .= " <option value=\"$key\"". ($moderate->score == $key ? " selected=\"selected\"" : "") .">$value</option>\n";
  }

  $output .= "<select name=\"moderate[comment][$comment->cid]\">$options</select><br />". ($comment->score ? $comment->score : "--") ." / $comment->votes";

  return $output;
}

function comment_threshold($threshold) {
  // XXX: disabled for now
  return "";

  for ($i = 0; $i < 6; $i++) $options .= " <option value=\"$i\"". ($threshold == $i ? " selected=\"selected\"" : "") .">". t("Visibility") ." - $i</option>";
  return "<select name=\"threshold\">$options</select>\n";
}

function comment_mode($mode) {
  global $cmodes;

  foreach ($cmodes as $key => $value) $options .= " <option value=\"$key\"". ($mode == $key ? " selected=\"selected\"" : "") .">$value</option>\n";
  return "<select name=\"mode\">$options</select>\n";
}

function comment_order($order) {
  global $corder;

  foreach ($corder as $key=>$value) $options .= " <option value=\"$key\"". ($order == $key ? " selected=\"selected\"" : "") .">$value</option>\n";
  return "<select name=\"order\">$options</select>\n";
}

function comment_query($nid, $order, $pid = -1) {

  $query .= "SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.nid = '$nid'";

  if ($pid >= 0) {
    $query .= " AND pid = '$pid'";
  }

  $query .= " GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name";

  if ($order == 1) {
    $query .= " ORDER BY c.timestamp DESC";
  }
  else if ($order == 2) {
    $query .= " ORDER BY c.timestamp";
  }

  return db_query($query);

}

function comment_visible($comment, $threshold = 0) {
  if ($comment->votes == 0 || $comment->score >= $threshold) {
    return 1;
  }
  else {
    return 0;
  }
}

function comment_links($comment, $return = 1) {
  global $user, $theme;

  $links = array();

  if ($return) {
    $links[] = "<a href=\"node.php?id=$comment->nid#$comment->cid\"><span style=\"color: $theme->type;\">". t("return") ."</span></a>";
  }

  if (user_access("administer comments")) {
    $links[] = "<a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\" title=\"". t("Administer this comment.") ."\"><span style=\"color: $theme->type;\">". t("administer") ."</span></a>";
  }

  if (user_access("post comments")) {
    if (comment_access("edit", $comment)) {
      $links[] = "<a href=\"module.php?mod=comment&op=edit&id=$comment->cid\" title=\"". t("Make changes to your comment.") ."\"><span style=\"color: $theme->type\">". t("edit your comment") ."</span></a>";
    }
    else {
      $links[] = "<a href=\"module.php?mod=comment&op=reply&id=$comment->nid&pid=$comment->cid\" title=\"". t("Reply to this comment.") ."\"><span style=\"color: $theme->type;\">". t("reply to this comment") ."</span></a>";
    }
  }


  return $theme->links($links);
}

function comment_view($comment, $folded = 0) {
  global $theme, $id;

  if (comment_is_new($comment)) {
    $comment->subject = "$comment->subject <span style=\"color: red;\">*</span>";
  }

  if ($folded) {
    $theme->comment($comment, $folded);
  }
  else {
    print "<a href=\"node.php?id=$comment->nid&cid=$comment->cid#$comment->cid\">". check_output($comment->subject) ."</a> by ". format_name($comment) ."</small><p />";
  }
}

function comment_thread_min($comments, $threshold, $pid = 0) {
  global $user;

  foreach ($comments as $comment) {
    if ($comment->pid == $pid) {
      print "<ul>";
      print comment_view($comment);
      comment_thread_min($comments, $threshold, $comment->cid);
      print "</ul>";
    }
  }
}

function comment_thread_max($comments, $threshold, $pid = 0, $level = 0) {
  global $user;

  /*
  ** We had quite a few browser specific issues: expanded comments below
  ** the top level got truncated on the right hand side.  A range of
  ** solutions have been proposed and tried but either the right margins of
  ** the comments didn't line up well, or the heavily nested tables made
  ** for slow rendering and cluttered HTML.  This is the best work-around
  ** in terms of speed and size.
  */

  foreach ($comments as $comment) {
    if ($comment->pid == $pid) {
      print "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\"><tr><td width=\"". ($level * 25) ."\">&nbsp;</td><td>\n";
      comment_view($comment, comment_links($comment, 0));
      print "</td></tr></table>\n";

      comment_thread_max($comments, $threshold, $comment->cid, $level + 1);
    }
  }

}

function comment_render($nid, $cid) {
  global $user, $theme, $mode, $order, $threshold, $REQUEST_URI;

  if (user_access("access comments")) {

    /*
    ** Pre-process variables:
    */

    if (empty($nid)) {
      $nid = 0;
    }

    if (empty($cid)) {
      $cid = 0;
    }

    if (empty($mode)) {
      $mode = $user->uid ? $user->mode : variable_get("default_comment_mode", 4);
    }

    if (empty($order)) {
      $order = $user->uid ? $user->sort : variable_get("default_comment_order", 1);
    }

    if (empty($threshold)) {
      // $threshold = $user->uid ? $user->threshold : variable_get("default_comment_threshold", 3);
      $threshold = 0;
    }

    print "<a name=\"comment\"></a>\n";
    print "<form method=\"post\" action=\"$REQUEST_URI\">\n";

    /*
    ** Render control panel:
    */

    $theme->box(t("Control panel"), $theme->comment_controls($threshold, $mode, $order));

    if ($cid > 0) {
      $result = db_query("SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$cid' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name");
      if ($comment = db_fetch_object($result)) {
        comment_view($comment, comment_links($comment));
      }
    }
    else {
      if ($mode == 1) {
        $result = comment_query($nid, $order);
        print "<table border=\"0\" cellpadding=\"2\" cellspacing=\"2\">\n";
        print " <tr><th>Subject</th><th>Author</th><th>Date</th><th>Score</th></tr>\n";
        while ($comment = db_fetch_object($result)) {
          if (comment_visible($comment, $threshold)) {
            print " <tr><td><a href=\"node.php?id=$comment->nid&cid=$comment->cid#$comment->cid\">". check_output($comment->subject) ."</a></td><td>". format_name($comment) ."</td><td>". format_date($comment->timestamp, "small") ."</td><td>$comment->score</td></tr>\n";
          }
        }
        print "</table>\n";
      }
      else if ($mode == 2) {
        $result = comment_query($nid, $order);
        while ($comment = db_fetch_object($result)) {
          comment_view($comment, (comment_visible($comment, $threshold) ? comment_links($comment, 0) : 0));
        }
      }
      else if ($mode == 3) {
        $result = comment_query($nid, $order);
        while ($comment = db_fetch_object($result)) {
          $comments[] = $comment;
        }

        if ($comments) {
          comment_thread_min($comments, $threshold);
        }
      }
      else {
        $result = comment_query($nid, $order);
        while ($comment = db_fetch_object($result)) {
          $comments[] = $comment;
        }

        if ($comments) {
          comment_thread_max($comments, $threshold);
        }
      }
    }

    print "</form>";

    /*
    ** Tag the node's comments as being read:
    */

    comment_tag_new($nid);
  }
}

function comment_search($keys) {
  global $PHP_SELF;
  $result = db_query("SELECT c.*, u.name FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20");
  while ($comment = db_fetch_object($result)) {
    $find[$i++] = array("title" => check_output($comment->subject), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->nid&cid=$comment->cid"), "user" => $comment->name, "date" => $comment->timestamp);
  }
  return $find;
}

function comment_perm() {
  return array("access comments", "post comments", "administer comments");
}

function comment_link($type, $node = 0, $main = 0) {

  if ($type == "admin" && user_access("administer comments")) {
    $links[] = "<a href=\"admin.php?mod=comment\">comments</a>";
  }

  if ($type == "node" && $node->comment) {

    if ($main) {

      /*
      ** Main page: display the number of comments that have been posted.
      */

      if (user_access("access comments")) {
        $all = comment_num_all($node->nid);
        $new = comment_num_new($node->nid);

        $links[] = "<a href=\"node.php?id=$node->nid#comment\" title=\"". t("View this posting and all of its comments.") ."\">". format_plural($all, "comment", "comments") . ($new ? ", $new ". t("new") : "") ."</a>";
      }
    }
    else {
      /*
      ** Node page: add a "post comment" link if the user is allowed to
      ** post comments.
      */

      if (user_access("post comments")) {
        $links[] = "<a href=\"module.php?mod=comment&op=reply&id=$node->nid#comment\" title=\"". t("Share your thoughts and opinions related to this posting.") ."\">". t("add new comment") ."</a>";
      }
    }
  }

  return $links ? $links : array();
}

function comment_node_link($node) {

  if (user_access("administer comments") && comment_num_all($node->nid)) {

    /*
    ** Edit comments:
    */

    $result = db_query("SELECT c.cid, c.subject, u.uid, u.name FROM comments c LEFT JOIN users u ON u.uid = c.uid WHERE nid = '$node->nid' ORDER BY c.timestamp");

    $output .= "<h3>". t("Edit comments") ."</h3>";
    $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
    $output .= " <tr><th>title</th><th>author</th><th colspan=\"3\">operations</th></tr>";

    while ($comment = db_fetch_object($result)) {
      $output .= "<tr><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">$comment->subject</a></td><td>". format_name($comment) ."</td><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">". t("view comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\">". t("edit comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=delete&id=$comment->cid\">". t("delete comment") ."</a></td></tr>";
    }

    $output .= "</table>";

    return $output;
  }
}


function comment_save($id, $edit) {
  db_query("UPDATE comments SET subject = '". check_query(filter($edit["subject"])) ."', comment = '". check_query(filter($edit["comment"])) ."' WHERE cid = '$id'");
  watchdog("special", "comment: modified '". $edit["subject"] ."'");
}

function comment_page() {
  global $theme, $op, $edit, $id, $pid, $cid;

  switch ($op) {
    case "edit":
      $theme->header();
      comment_edit(check_query($id));
      $theme->footer();
      break;
    case "reply":
      $theme->header();
      comment_reply(check_query($pid), check_query($id));
      $theme->footer();
      break;
    case t("Preview comment"):
      $theme->header();
      comment_preview($edit);
      $theme->footer();
      break;
    case t("Post comment"):
      comment_post($edit);
      break;
    case t("Update settings"):
      comment_settings(check_query($mode), check_query($order), check_query($threshold));
      break;
    default:
  }
}

function comment_admin_edit($id) {

  $result = db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON c.uid = u.uid WHERE c.cid = '$id'");
  $comment = db_fetch_object($result);

  $form .= form_item(t("Author"), format_name($comment));
  $form .= form_textfield(t("Subject"), "subject", $comment->subject, 70, 128);
  $form .= form_textarea(t("Comment"), "comment", $comment->comment, 70, 15);
  $form .= form_hidden("cid", $id);
  $form .= form_submit(t("Submit"));
  $form .= form_submit(t("Delete"));

  return form($form);
}

function comment_admin_overview() {
  $result = db_query("SELECT c.*, u.name, u.uid FROM comments c LEFT JOIN users u ON u.uid = c.uid ORDER BY timestamp DESC LIMIT 50");

  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">\n";
  $output .= " <tr><th>subject</th><th>author</th><th>date</th><th colspan=\"2\">operations</th></tr>\n";
  while ($comment = db_fetch_object($result)) {
    $output .= " <tr><td><a href=\"node.php?id=$comment->nid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</a></td><td>". format_name($comment) ."</td><td>". format_date($comment->timestamp, "small") ."</td><td><a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\">edit comment</a></td><td><a href=\"admin.php?mod=comment&op=delete&id=$comment->cid\">delete comment</a></td></tr>\n";
  }
  $output .= "</table>\n";

  return $output;
}

function comment_delete($edit) {

  if ($edit["confirm"]) {
    db_query("DELETE FROM comments WHERE cid = '". check_query($edit["cid"]) ."'");
    watchdog("special", "comment: deleted comment #". $edit["cid"]);
  }
  else {
    $output .= form_item(t("Confirm deletion"), "");
    $output .= form_hidden("cid", $edit["cid"]);
    $output .= form_hidden("confirm", 1);
    $output .= form_submit(t("Delete"));
    $output = form($output);
  }

  return $output;
}

function comment_admin() {
  global $op, $id, $edit, $mod, $keys, $order;

  if (user_access("administer comments")) {

    print "<small><a href=\"admin.php?mod=comment\">overview</a> | <a href=\"admin.php?mod=comment&op=search\">search comment</a></small><hr />\n";

    switch ($op) {
      case "edit":
        print comment_admin_edit($id);
        break;
      case "search":
        print search_type("comment", "admin.php?mod=comment&op=search");
        break;
      case "delete":
        print comment_delete(array("cid" => $id));
        break;
      case t("Delete"):
        print comment_delete($edit);
        break;
      case t("Submit"):
        print status(comment_save(check_query($id), $edit));
        print comment_admin_overview();
        break;
      default:
        print comment_admin_overview();
    }
  }
  else {
    print message_access();
  }
}

?>