comment.module 75.3 KB
Newer Older
1
<?php
2
// $Id$
3

Dries's avatar
Dries committed
4 5
/**
 * @file
6
 * Enables users to comment on published content.
Dries's avatar
Dries committed
7 8 9 10 11 12
 *
 * When enabled, the Drupal comment module creates a discussion
 * board for each Drupal node. Users can post comments to discuss
 * a forum topic, weblog post, story, collaborative book page, etc.
 */

13 14 15
/**
 * Implementation of hook_help().
 */
Dries's avatar
Dries committed
16
function comment_help($section = "admin/help#comment") {
17
  switch ($section) {
18
    case 'admin/help#comment':
19
      return t("
Dries's avatar
Dries committed
20 21
      <p>When enabled, the Drupal comment module creates a discussion board for each Drupal node. Users can post comments to discuss a forum topic, weblog post, story, collaborative book page, etc. An administrator can give comment permissions to user groups, and users can (optionally) edit their last comment, assuming no others have been posted since.</p>

22 23
      <h3>User control of comment display</h3>
      <p>Attached to each comment board is a control panel for customizing the way that comments are displayed. Users can control the chronological ordering of posts (newest or oldest first) and the number of posts to display on each page. Additional settings include:</p>
Dries's avatar
Dries committed
24 25 26 27 28
      <ul><li><strong>Threaded</strong> &mdash; Displays the posts grouped according to conversations and subconversations.</li>
      <li><strong>Flat</strong> &mdash;  Displays the posts in chronological order, with no threading whatsoever.</li>
      <li><strong>Expanded</strong> &mdash; Displays the title and text for each post.</li>
      <li><strong>Collapsed</strong> &mdash; Displays only the title for each post.</li></ul>
      <p>When a user chooses <em>save settings</em>, the comments are then redisplayed using the user's new choices. Administrators can set the default settings for the comment control panel, along with other comment defaults, in <a href=\"%comment-config\">administer &raquo; comments &raquo; configure</a>. NOTE: When comment moderation is enabled, users will have another control panel option to control thresholds (see below).</p>
29

30
      <h3>Additional comment configurations</h3>
Dries's avatar
Dries committed
31 32 33 34 35 36
      <p>Comments behave like other user submissions in Drupal. Filters, smileys and HTML that work in nodes will also work with comments. Administrators can control access to various comment module functions through <a href=\"%user-permissions\">administer &raquo; users &raquo; configure &raquo; permissions</a>. Know that in a new Drupal installation, all comment permissions are disabled by default. The choice of which permissions to grant to which roles (groups of users) is left up to the site administrator. The following permissions:</p>
      <ul><li><strong>Access comments</strong> &mdash; Allows users to view comments.</li>
      <li><strong>Administrate comments</strong> &mdash; Allows users complete control over configuring, editing and deleting all comments.</li>
      <li><strong>Moderate comments</strong> &mdash; Allows users to rate comment postings (see more on moderation below).</li>
      <li><strong>Post comments</strong> &mdash; Allows users to post comments into an administrator moderation queue.</li>
      <li><strong>Post comments without approval</strong> &mdash; Allows users to directly post comments, bypassing the moderation queue.</li></ul>
37

38
      <h3>Notification of new comments</h3>
Dries's avatar
Dries committed
39 40 41
      <p>Drupal provides specific features to inform site members when new comments have been posted.</p>
      <p>Drupal displays the total number of comments attached to each node, and tracks comments read by individual site members. Members which have logged in will see a notice accompanying nodes which contain comments they have not read. Some administrators may want to <a href=\"%download-notify\">download, install and configure the notify module</a>. Users can then request that Drupal send them an e-mail when new comments are posted (the notify module requires that cron.php be configured properly).</p>
      <p>The <em>tracker</em> module, disabled by default, displays all the site's recent posts.  There is a link to the <a href=\"%tracker\">recent posts</a> page in the navigation block.  This page is a useful way to browse new or updated nodes and comments. Content which the user has not yet read is tagged with a red star (this graphic depends on the current theme). Visit the comment board for any node, and Drupal will display a red <em>\"new\"</em> label beside the text of unread comments.</p>
42

43 44
      <h3>Comment moderation</h3>
      <p>On sites with active commenting from users, the administrator can turn over comment moderation to the community. </p>
Dries's avatar
Dries committed
45
      <p>With comment moderation, each comment is automatically assigned an initial rating. As users read comments, they can apply a vote which affects the comment rating. At the same time, users have an additional option in the control panel which allows them to set a threshold for the comments they wish to view. Those comments with ratings lower than the set threshold will not be shown. To enable moderation, the administrator must grant <a href=\"%user-permissions\">moderate comments</a> permissions. Then, a number of options in <a href=\"%comment-config\">administer &raquo; comments &raquo; configure</a> must be configured.</p>
46

47
      <h4>Moderation votes</h4>
48
      <p>The first step is to create moderation labels which allow users to rate a comment.  Go to <a href=\"%comment-votes\">administer &raquo; comments &raquo; configure &raquo; moderation votes</a>. In the <em>vote</em> field, enter the textual labels which users will see when casting their votes. Some examples are</p>
Dries's avatar
Dries committed
49 50
      <ul><li>Excellent +3</li><li>Insightful +2</li><li>Useful +1</li><li>Redundant -1</li><li>Flame -3</li></ul>
      <p>So that users know how their votes affect the comment, these examples include the vote value as part of the label, although that is optional. Using the weight option, you can control the order in which the votes appear to users. Setting the weight heavier (positive numbers) will make the vote label appear at the bottom of the list. Lighter (a negative number) will push it to the top. To encourage positive voting, a useful order might be higher values, positive votes, at the top, with negative votes at the bottom.</p>
51

52
      <h4>Moderator vote/values matrix</h4>
Dries's avatar
Dries committed
53
      <p>Next go to <a href=\"%comment-matrix\">administer &raquo; comments &raquo; configure &raquo; moderation matrix</a>. Enter the values for the vote labels for each permission role in the vote matrix. The values entered here will be used to create the rating for each comment. NOTE: Comment ratings are calculated by averaging user votes with the initial rating.</p>
54

55
      <h4>Creating comment thresholds</h4>
56
      <p>In <a href=\"%comment-thresholds\">administer &raquo; comments &raquo; configure &raquo; moderation thresholds</a>, you'll have to create some comment thresholds to make the comment rating system useful. When comment moderation is enabled and the thresholds are created, users will find another comment control panel option for selecting their thresholds. They'll use the thresholds you enter here to filter out comments with low ratings. Consequently, you'll probably want to create more than one threshold to give users some flexibility in filtering comments.</p>
Dries's avatar
Dries committed
57
      <p>When creating the thresholds, note that the <em>Minimum score</em> is asking you for the lowest rating that a comment can have in order to be displayed. To see a common example of how thresholds work, you might visit <a href=\"%slashdot\">Slashdot</a> and view one of their comment boards associated with a story. You can reset the thresholds in their comment control panel.</p>
58

59
      <h4>Initial comment scores</h4>
Dries's avatar
Dries committed
60
      <p>Finally, you may want to enter some <em>initial comment scores</em>. In <a href=\"%comment-initial\">administer &raquo; comments &raquo; configure &raquo; moderation roles</a> you can assign a beginning rating for all comments posted by a particular permission role. If you do not assign any initial scores, Drupal will assign a rating of <strong>0</strong> as the default.</p>", array('%comment-config' => url('admin/comment/configure'), '%user-permissions' => url('admin/user/configure/permission'), '%tracker' => url('tracker'), '%download-notify' => 'http://drupal.org/project/releases', '%comment-votes' => url('admin/comment/configure/votes'), '%comment-matrix' => url('admin/comment/configure/matrix'), '%comment-thresholds' => url('admin/comment/configure/thresholds'), '%slashdot' => ' http://slashdot.org', '%comment-initial' => url('admin/comment/configure/roles')));
61
    case 'admin/comment':
62
    case 'admin/comment/new':
63
      return t("Below is a list of the latest comments posted your site. Click on a subject to see the comment, the author's name to edit the author's user information , \"edit\" to modify the text, and \"delete\" to remove their submission.");
Dries's avatar
Dries committed
64
    case 'admin/comment/approval':
65
      return t("Below is a list of the comments posted to your site that need approval. To approve a comment, click on \"edit\" and then change its \"moderation status\" to Approved. Click on a subject to see the comment, the author's name to edit the author's user information, \"edit\" to modify the text, and \"delete\" to remove their submission.");
Dries's avatar
Dries committed
66 67 68
    case 'admin/comment/configure':
    case 'admin/comment/configure/settings':
      return t("Comments can be attached to any node, and their settings are below. The display comes in two types: a \"flat list\" where everything is flush to the left side, and comments come in chronological order, and a \"threaded list\" where replies to other comments are placed immediately below and slightly indented, forming an outline. They also come in two styles: \"expanded\", where you see both the title and the contents, and \"collapsed\" where you only see the title. Preview comment forces a user to look at their comment by clicking on a \"Preview\" button before they can actually add the comment.");
69
    case 'admin/comment/configure/matrix':
Dries's avatar
Dries committed
70 71 72
      return t("Here you assign a value to each item in the comment moderation dropdown menu. This value is added to the vote total, which is then divided by the number of users who have voted and rounded off to the nearest integer. <ul><li>In order to use comment moderation, every text box on this page should be populated.</li><li>You must assign the \"moderate comments\" permission to at least one role in order to use this page.</li><li>Every box not filled in will have a value of zero, which will have the effect of lowering a comments overall score.</li></ul>");
    case 'admin/comment/configure/roles':
      return t("You can setup the initial vote value of a comment posted by each user role using these forms. This value is used before any other users vote on the comment. Blank entries are valued at zero.");
73
    case 'admin/comment/configure/thresholds':
Dries's avatar
Dries committed
74
      return t("Use these forms to setup the name and minimum \"cut off\" score to help your users hide comments they don't want to see. These thresholds appear in the user's comment control panel. Click \"edit threshold\" to modify the values of an already existing configuration. To delete a setting, \"edit\" it first, and then choose \"delete threshold\".");
75
    case 'admin/comment/configure/votes':
Dries's avatar
Dries committed
76
      return t("Create and control the possible comment moderation votes here. \"Weight\" lets you set the order of the drop down menu. Click \"edit\" to edit a current vote weight. To delete a name/weight combination go to the \"edit\" area. To delete a setting, \"edit\" it first, and then choose \"delete vote\".");
77
    case 'admin/comment/search':
Dries's avatar
Dries committed
78 79 80
      return t("Enter a simple pattern ('*' may be used as a wildcard match) to search for a comment.  For example, one may search for 'br' and Drupal might return 'bread brakers', 'our daily bread' and 'brenda'.");
    case 'admin/modules#description':
      return t('Enables user to comment on published content.');
81
   }
82 83
}

84 85 86
/**
 * Implementation of hook_menu().
 */
87
function comment_menu($may_cache) {
88 89
  $items = array();

90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137
  if ($may_cache) {
    $access = user_access('administer comments');
    $items[] = array('path' => 'admin/comment', 'title' => t('comments'),
      'callback' => 'comment_admin_overview', 'access' => $access);
    $items[] = array('path' => 'admin/comment/edit', 'title' => t('edit comment'),
      'callback' => 'comment_admin_edit', 'access' => $access, 'type' => MENU_CALLBACK);
    $items[] = array('path' => 'admin/comment/delete', 'title' => t('delete comment'),
      'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK);

    // Tabs:
    $items[] = array('path' => 'admin/comment/list', 'title' => t('list'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
    $items[] = array('path' => 'admin/comment/configure', 'title' => t('configure'),
      'callback' => 'comment_configure', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    if (module_exist('search')) {
      $items[] = array('path' => 'admin/comment/search', 'title' => t('search'),
        'callback' => 'comment_search', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    }

    // Subtabs:
    $items[] = array('path' => 'admin/comment/list/new', 'title' => t('new comments'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
    $items[] = array('path' => 'admin/comment/list/approval', 'title' => t('approval queue'),
      'callback' => 'comment_admin_overview', 'access' => $access,
      'callback arguments' => 'approval',
      'type' => MENU_LOCAL_TASK);

    $items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);

    $access = user_access('administer comments') && user_access('administer moderation');
    $items[] = array('path' => 'admin/comment/configure/matrix', 'title' => t('moderation matrix'),
      'callback' => 'comment_matrix_settings', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    $items[] = array('path' => 'admin/comment/configure/thresholds', 'title' => t('moderation thresholds'),
      'callback' => 'comment_threshold_settings', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    $items[] = array('path' => 'admin/comment/configure/roles', 'title' => t('moderation roles'),
      'callback' => 'comment_role_settings', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    $items[] = array('path' => 'admin/comment/configure/votes', 'title' => t('moderation votes'),
      'callback' => 'comment_vote_settings', 'access' => $access,'type' => MENU_LOCAL_TASK);

    $access = user_access('post comments');
    $items[] = array('path' => 'comment/reply', 'title' => t('reply to comment'),
      'callback' => 'comment_reply', 'access' => $access, 'type' => MENU_CALLBACK);
    $items[] = array('path' => 'comment/edit', 'title' => t('edit your comment'),
      'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK);

    $items[] = array('path' => 'comment', 'title' => t('reply to comment'),
      'callback' => 'comment_save_settings', 'access' => 1, 'type' => MENU_CALLBACK);
138
  }
139 140 141 142 143
  else if ((arg(0) == 'node') && is_numeric(arg(1)) && is_numeric(arg(2))) {
    $items[] = array('path' => ('node/'. arg(1) .'/'. arg(2)), 'title' => t('view'),
      'callback' => 'node_page',
      'type' => MENU_CALLBACK);
  }
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168

  return $items;
}

/**
 * Implementation of hook_perm().
 */
function comment_perm() {
  return array('access comments', 'post comments', 'administer comments', 'moderate comments', 'post comments without approval', 'administer moderation');
}

/**
 * Implementation of hook_block().
 *
 * Generates a block with the most recent comments.
 */
function comment_block($op = 'list', $delta = 0) {
  if ($op == 'list') {
    $blocks[0]['info'] = t('Recent comments');
    return $blocks;
  }
  else if (user_access('access comments')) {
    $result = db_query_range('SELECT * FROM {comments} WHERE status = 0 ORDER BY timestamp DESC', 0, 10);
    $items = array();
    while ($comment = db_fetch_object($result)) {
169
      $items[] = l($comment->subject, 'node/'. $comment->nid, NULL, NULL, 'comment-'. $comment->cid) .'<br />'. t('%time ago', array('%time' => format_interval(time() - $comment->timestamp)));
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235
    }

    $block['subject'] = t('Recent comments');
    $block['content'] = theme('item_list', $items);
    return $block;
  }
}

/**
 * Implementation of hook_link().
 */
function comment_link($type, $node = 0, $main = 0) {
  $links = array();

  if ($type == 'node' && $node->comment) {

    if ($main) {
      // Main page: display the number of comments that have been posted.

      if (user_access('access comments')) {
        $all = comment_num_all($node->nid);
        $new = comment_num_new($node->nid);

        if ($all) {
          $links[] = l(format_plural($all, '1 comment', '%count comments'), "node/$node->nid", array('title' => t('Jump to the first comment of this posting.')), NULL, 'comment');

          if ($new) {
            $links[] = l(format_plural($new, '1 new comment', '%count new comments'), "node/$node->nid", array('title' => t('Jump to the first new comment of this posting.')), NULL, 'new');
          }
        }
        else {
          if ($node->comment == 2) {
            if (user_access('post comments')) {
              $links[] = l(t('add new comment'), "comment/reply/$node->nid", array('title' => t('Add a new comment to this page.')));
            }
            else {
              $links[] = theme('comment_post_forbidden');
            }
          }
        }
      }
    }
    else {
      // Node page: add a "post comment" link if the user is allowed to
      // post comments, if this node is not read-only, and if the comment form isn't already shown

      if ($node->comment == 2 && variable_get('comment_form_location', 0) == 0) {
        if (user_access('post comments')) {
          $links[] = l(t('add new comment'), "comment/reply/$node->nid", array('title' => t('Share your thoughts and opinions related to this posting.')), NULL, 'comment');
        }
        else {
          $links[] = theme('comment_post_forbidden');
        }
      }
    }
  }

  if ($type == 'comment') {
    $links = comment_links($node, $main);
  }

  return $links;
}

/**
 * Implementation of hook_nodeapi().
236
 *
237 238 239 240 241 242 243 244 245 246 247 248 249 250 251
 */
function comment_nodeapi(&$node, $op, $arg = 0) {
  switch ($op) {
    case 'settings':
      $output[t('comment')] = form_select('', "comment_$node->type", variable_get("comment_$node->type", 2), array(t('Disabled'), t('Read only'), t('Read/Write')));
      return $output;
    case 'fields':
      return array('comment');
    case 'form admin':
      if (user_access('administer comments')) {
        $selected = isset($node->comment) ? $node->comment : variable_get("comment_$node->type", 2);
        $output = form_radios('', 'comment', $selected, array(t('Disabled'), t('Read only'), t('Read/write')));
        return form_group(t('User comments'), $output);
      }
      break;
252
    case 'load':
253
      return db_fetch_array(db_query("SELECT last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid = %d", $node->nid));
254 255 256 257 258 259
    case 'validate':
      if (!user_access('administer nodes')) {
        // Force default for normal users:
        $node->comment = variable_get("comment_$node->type", 2);
      }
      break;
260
    case 'insert':
261
      db_query('INSERT INTO {node_comment_statistics} (nid, last_comment_timestamp, last_comment_name, last_comment_uid, comment_count) VALUES (%d, %d, NULL, %d, 0)', $node->nid, $node->created, $node->uid);
262
      break;
263
    case 'delete':
264 265
      db_query('DELETE FROM {comments} WHERE nid = %d', $node->nid);
      db_query('DELETE FROM {node_comment_statistics} WHERE nid = %d', $node->nid);
266 267 268 269 270 271 272 273 274 275
      break;
  }
}

/**
 * Implementation of hook_search().
 *
 * This search function uses search.module's built-in content index by
 * calling do_search(). The "nid" identifier in the select is used to
 * present search results in the context of their associated node.
276 277
 *
 * This function doubles as a menu callback for the administrative comment search.
278
 */
Dries's avatar
Dries committed
279 280 281 282 283 284 285
function comment_search($keys = NULL) {
  if (!$keys) {
    // if there are no keys, we've been called from our menu callback,
    // so we hook into the search.module to pass the $keys back to us.
    print theme('page', search_type('comment', url('admin/comment/search'), $_POST['keys']));
  }
  else if ($keys) {
286
    $find = do_search(array('keys' => $keys, 'type' => 'comment', 'select' => 'SELECT s.lno AS lno, c.nid AS nid, c.subject AS title, c.timestamp AS created, u.uid AS uid, u.name AS name, s.count AS count FROM {search_index} s, {comments} c INNER JOIN {users} u ON c.uid = u.uid '. node_access_join_sql('c') .' WHERE '. node_access_where_sql() ." AND s.lno = c.cid AND s.type = 'comment' AND c.status = 0 AND s.word like '%'"));
Dries's avatar
Dries committed
287 288
    return array(t('Matching comments ranked in order of relevance'), $find);
  }
289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308
}

/**
 * Implementation of hook_update_index().
 *
 * The SQL statement returned checks for the last time the index was updated
 * so as not to cause redundant work for the indexer.
 */
function comment_update_index() {
  return array('last_update' => 'comment_cron_last', 'node_type' => 'comment', 'select' => 'SELECT c.cid as lno, c.subject as text1, c.comment as text2 FROM {comments} c WHERE c.status = 0 AND timestamp > '. variable_get('comment_cron_last', 1));
}

/**
 * Implementation of hook_user().
 *
 * Provides signature customization for the user's comments.
 */
function comment_user($type, $edit, &$user, $category = NULL) {
  if ($type == 'form' && $category == 'account') {
    // when user tries to edit his own data
309
    return array(array('title' => t('Comment settings'), 'data' => form_textarea(t('Signature'), 'signature', $edit['signature'], 64, 3, t('Your signature will be publicly displayed at the end of your comments.')), 'weight' => 2));
310 311 312 313 314 315 316
  }
  if ($type == 'validate') {
    // validate user data editing
    return array('signature' => $edit['signature']);
  }
}

317
/**
Dries's avatar
Dries committed
318
 * Menu callback; presents the comment settings page.
319
 */
Dries's avatar
Dries committed
320 321 322 323 324
function comment_configure() {
  if ($_POST) {
    system_settings_save();
  }

325 326 327 328
  $group  = form_radios(t('Default display mode'), 'comment_default_mode', variable_get('comment_default_mode', 4), _comment_get_modes(), t('The default view for comments. Expanded views display the body of the comment. Threaded views keep replies together.'));
  $group .= form_radios(t('Default display order'), 'comment_default_order', variable_get('comment_default_order', 1), _comment_get_orders(), t('The default sorting for new users and anonymous users while viewing comments. These users may change their view using the comment control panel. For registered users, this change is remembered as a persistent user preference.'));
  $group .= form_select(t('Default comments per page'), 'comment_default_per_page', variable_get('comment_default_per_page', '50'), _comment_per_page(), t('Default number of comments for each page: more comments are distributed in several pages.'));
  $group .= form_radios(t('Comment controls'), 'comment_controls', variable_get('comment_controls', 0), array(t('Display above the comments'), t('Display below the comments'), t('Display above and below the comments'), t('Do not display')), t('Position of the comment controls box.  The comment controls let the user change the default display mode and display order of comments.'));
Dries's avatar
Dries committed
329
  $output = form_group(t('Comment viewing options'), $group);
330

331
  $group  = form_radios(t('Anonymous poster settings'), 'comment_anonymous', variable_get('comment_anonymous', 0), array(t('Anonymous posters may not enter their contact information'), t('Anonymous posters may leave their contact information'), t('Anonymous posters must leave their contact information')), t('This feature is only useful if you allow anonymous users to post comments.  See the <a href="%url">permissions page</a>.', array('%url' => url('admin/user/configure/permission'))));
332
  $group .= form_radios(t('Comment subject field'), 'comment_subject_field', variable_get('comment_subject_field', 1), array(t('Disabled'), t('Enabled')), t('Can users provide a unique subject for their comments?'));
333 334
  $group .= form_radios(t('Preview comment'), 'comment_preview', variable_get('comment_preview', 1), array(t('Optional'), t('Required')));
  $group .= form_radios(t('Location of comment submission form'), 'comment_form_location', variable_get('comment_form_location', 0), array(t('Display on separate page'), t('Display below post or comments')));
335
  $output .= form_group(t('Comment posting settings'), $group);
336

337
  $result = db_query('SELECT fid, filter FROM {moderation_filters} ');
338 339
  while ($filter = db_fetch_object($result)) {
    $thresholds[$filter->fid] = ($filter->filter);
340
  }
341
  if ($thresholds) {
342
    $group = form_select(t('Default threshold'), 'comment_default_threshold', variable_get('comment_default_threshold', 0), $thresholds, t('Thresholds are values below which comments are hidden. These thresholds are useful for busy sites which want to hide poor comments from most users.'));
343 344
    $output .= form_group(t('Comment moderation settings'), $group);
  }
345

Dries's avatar
Dries committed
346
  print theme('page', system_settings_form($output));
347 348
}

349 350 351 352 353 354 355 356 357 358
/**
 * This is *not* a hook_access() implementation. This function is called
 * to determine whether the current user has access to a particular comment.
 *
 * Authenticated users can edit their comments as long they have not been
 * replied to. This prevents people from changing or revising their
 * statements based on the replies their posts got. Furthermore, users
 * can't reply to their own comments and are encouraged instead to extend
 * their original comment.
 */
Dries's avatar
Dries committed
359
function comment_access($op, $comment) {
Dries's avatar
Dries committed
360 361
  global $user;

362
  if ($op == 'edit') {
Dries's avatar
Dries committed
363
    return $user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0;
Dries's avatar
Dries committed
364 365
  }
}
366

367
function comment_node_url() {
Dries's avatar
Dries committed
368
  return arg(0) .'/'. arg(1);
369
}
Dries's avatar
Dries committed
370

Dries's avatar
Dries committed
371 372 373
function comment_edit($cid) {
  global $user;

374
  $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d', $cid));
375
  $comment = drupal_unpack($comment);
376
  $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
377
  if (comment_access('edit', $comment)) {
Dries's avatar
Dries committed
378
    print theme('page', comment_preview(object2array($comment)), t('Edit comment'));
Dries's avatar
Dries committed
379 380 381
  }
}

Dries's avatar
Dries committed
382
function comment_reply($nid, $pid = NULL) {
383 384 385
  // set the breadcrumb trail
  $node = node_load(array('nid' => $nid));
  menu_set_location(array(array('path' => "node/$nid", 'title' => $node->title), array('path' => "comment/reply/$nid")));
386

387
  $output = '';
388

Dries's avatar
Dries committed
389 390 391 392 393 394 395 396 397 398 399
  // are we posting or previewing a reply?
  if ($_POST['op'] == t('Post comment')) {
    $edit = $_POST['edit'];
    comment_validate_form($edit);
    print theme('page', comment_post($edit), t('Post comment'));
    return;
  }
  else if ($_POST['op'] == t('Preview comment')) {
    $edit = $_POST['edit'];
    comment_validate_form($edit);
    print theme('page', comment_preview($edit), t('Preview comment'));
Steven Wittens's avatar
Steven Wittens committed
400
    return;
Dries's avatar
Dries committed
401
  }
402

Dries's avatar
Dries committed
403 404 405 406 407
  // or are we merely showing the form?
  if (user_access('access comments')) {

    // if this is a reply to another comment, show that comment first
    // else, we'll just show the user the node they're commenting on.
408
    if ($pid) {
409
      $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = 0', $pid));
410
      $comment = drupal_unpack($comment);
411
      $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
412
      $output .= theme('comment_view', $comment);
413
    }
414
    else if (user_access('access content')) {
415
      $output .= node_view($node);
416 417
      $pid = 0;
    }
Dries's avatar
Dries committed
418

Dries's avatar
Dries committed
419
    // should we show the reply box?
420
    if (node_comment_mode($nid) != 2) {
421
      $output .= theme('box', t('Reply'), t("This discussion is closed: you can't post new comments."));
Kjartan's avatar
Kjartan committed
422
    }
423 424
    else if (user_access('post comments')) {
      $output .= theme('comment_form', array('pid' => $pid, 'nid' => $nid), t('Reply'));
425 426
    }
    else {
427
      $output .= theme('box', t('Reply'), t('You are not authorized to post comments.'));
428
    }
Kjartan's avatar
Kjartan committed
429 430
  }
  else {
431
    $output .= theme('box', t('Reply'), t('You are not authorized to view comments.'));
Dries's avatar
Dries committed
432
  }
433

Dries's avatar
Dries committed
434
  print theme('page', $output, t('Add new comment'));
Dries's avatar
Dries committed
435 436
}

437 438
function comment_validate_form($edit) {
  global $user;
439

440 441 442 443 444 445 446 447
  /*
  ** Validate the comment's body.
  */

  if ($edit['comment'] == '') {
    form_set_error('comment', t('The body of your comment is empty.'));
  }

448 449 450
  /*
  ** Validate filter format
  */
451
  if (array_key_exists('format', $edit) && !filter_access($edit['format'])) {
452 453 454
    form_set_error('format', t('The supplied input format is invalid.'));
  }

455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474
  /*
  ** Check validity of name, mail and homepage (if given)
  */

  if (!$user->uid) {
    if (variable_get('comment_anonymous', 0) > 0) {
      if ($edit['name']) {
        $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", strip_tags($edit['name'])), 0);

        if ($taken != 0) {
          form_set_error('name', t('The name you used belongs to a registered user.'));
        }

      }
      else if (variable_get('comment_anonymous', 0) == 2) {
        form_set_error('name', t('You have to leave your name.'));
      }

      if ($edit['mail']) {
        if (!valid_email_address($edit['mail'])) {
475
          form_set_error('mail', t('The e-mail address you specified is not valid.'));
476 477 478 479 480 481 482 483 484 485 486 487 488 489 490
        }
      }
      else if (variable_get('comment_anonymous', 0) == 2) {
        form_set_error('mail', t('You have to leave an e-mail address.'));
      }

      if ($edit['homepage']) {
        if (!valid_url($edit['homepage'], TRUE)) {
          form_set_error('homepage', t('The URL of your homepage is not valid.  Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.'));
        }
      }
    }
  }
}

Dries's avatar
Dries committed
491
function comment_preview($edit) {
492
  global $user;
Dries's avatar
Dries committed
493

494
  $output = '';
495

496
  $comment = new StdClass();
497 498 499 500
  foreach ($edit as $key => $value) {
    $comment->$key = $value;
  }

501
  // Attach the user and time information.
502 503
  $comment->uid = $user->uid;
  $comment->timestamp = time();
504
  $comment->name = $user->name ? $user->name : $comment->name;
505

506 507 508 509 510
  // Preview the comment if there were no errors, including the 'The supplied input format is invalid.'
  // error message, ie. this is a security check here.
  if (!form_get_errors()) {
    $output .= theme('comment_view', $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1)));
  }
511
  $output .= theme('comment_form', $edit, t('Reply'));
Kjartan's avatar
Kjartan committed
512

513 514
  if ($edit['pid']) {
    $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = 0', $edit['pid']));
515
    $comment = drupal_unpack($comment);
516
    $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
517
    $output .= theme('comment_view', $comment);
Kjartan's avatar
Kjartan committed
518 519
  }
  else {
520 521
    $output .= node_view(node_load(array('nid' => $edit['nid'])));
    $edit['pid'] = 0;
Kjartan's avatar
Kjartan committed
522
  }
523 524

  return $output;
Dries's avatar
Dries committed
525 526 527
}

function comment_post($edit) {
528
  global $user;
Dries's avatar
Dries committed
529

530
  if (user_access('post comments') && node_comment_mode($edit['nid']) == 2) {
531

532 533
    // Validate the comment's subject.  If not specified, extract
    // one from the comment's body.
534
    $edit['subject'] = strip_tags($edit['subject']);
535

536
    if ($edit['subject'] == '') {
537
      $edit['subject'] = truncate_utf8(strip_tags($edit['comment']), 29);
538 539
    }

540
    if (!form_get_errors()) {
541 542
      // Check for duplicate comments.  Note that we have to use the
      // validated/filtered data to perform such check.
543

544 545
      $duplicate = db_result(db_query("SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND nid = %d AND subject = '%s' AND comment = '%s'", $edit["pid"], $edit["nid"], $edit['subject'], $edit['comment']), 0);
      if ($duplicate != 0) {
546
        watchdog('warning', t('Comment: duplicate %subject.', array('%subject' => '<em>'. $edit["subject"] .'</em>')));
547
      }
Dries's avatar
Dries committed
548

Dries's avatar
Dries committed
549
      if ($edit["cid"]) {
550 551 552
        // Update the comment in the database.  Note that the update
        // query will fail if the comment isn't owned by the current
        // user.
553
        db_query("UPDATE {comments} SET subject = '%s', comment = '%s', format = '%s' WHERE cid = %d AND uid = '$user->uid'", $edit['subject'], $edit['comment'], $edit['format'], $edit["cid"]);
554

555 556
        _comment_update_node_statistics($edit['nid']);

557 558
        // Allow modules to respond to the updating of a comment.
        module_invoke_all('comment', 'update', $edit);
Dries's avatar
Dries committed
559

560
        // Add entry to the watchdog log.
561
        watchdog('special', t('Comment: updated %subject.', array('%subject' => '<em>'. $edit['subject'] .'</em>')), l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
Dries's avatar
Dries committed
562 563
      }
      else {
564 565 566
        // Add the comment to database.
        $status = user_access('post comments without approval') ? 0 : 1;
        $roles = variable_get('comment_roles', array());
567 568 569 570 571 572
        $score = 0;

        foreach (array_intersect(array_keys($roles), array_keys($user->roles)) as $rid) {
          $score = max($roles[$rid], $score);
        }

573 574
        $users = serialize(array(0 => $score));

575 576 577 578 579
        /*
        ** Here we are building the thread field.  See the comment
        ** in comment_render().
        */

580
        if ($edit['pid'] == 0) {
581 582 583 584 585
          /*
          ** This is a comment with no parent comment (depth 0): we start
          ** by retrieving the maximum thread level.
          */

586
          $max = db_result(db_query('SELECT MAX(thread) FROM {comments} WHERE nid = %d', $edit['nid']));
587

588 589
          // Strip the "/" from the end of the thread.
          $max = rtrim($max, '/');
590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607

          /*
          ** Next, we increase this value by one.  Note that we can't
          ** use 1, 2, 3, ... 9, 10, 11 because we order by string and
          ** 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
          ** 92, 93, ... instead.  Ugly but fast.
          */

          $decimals = (string)substr($max, 0, strlen($max) - 1);
          $units = substr($max, -1, 1);
          if ($units) {
            $units++;
          }
          else {
            $units = 1;
          }

          if ($units == 10) {
608
            $units = '90';
609 610
          }

611
          // Finally, build the thread field for this new comment.
612 613 614 615 616 617 618 619 620
          $thread = "$decimals$units/";
        }
        else {
          /*
          ** This is comment with a parent comment: we increase
          ** the part of the thread value at the proper depth.
          */

          // Get the parent comment:
621
          $parent = db_fetch_object(db_query('SELECT * FROM {comments} WHERE cid = %d', $edit['pid']));
622

623 624
          // Strip the "/" from the end of the parent thread.
          $parent->thread = (string)rtrim((string)$parent->thread, '/');
625

626
          // Get the max value in _this_ thread.
627
          $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE '%s.%%' AND nid = %d", $parent->thread, $edit['nid']));
628

629 630
          if ($max == '') {
            // First child of this parent.
631 632 633
            $thread = "$parent->thread.1/";
          }
          else {
634 635
            // Strip the "/" at the end of the thread.
            $max = rtrim($max, '/');
636

637 638 639
            // We need to get the value at the correct depth.
            $parts = explode('.', $max);
            $parent_depth = count(explode('.', $parent->thread));
640 641 642 643 644 645 646 647 648 649 650 651 652
            $last = $parts[$parent_depth];

            /*
            ** Next, we increase this value by one.  Note that we can't
            ** use 1, 2, 3, ... 9, 10, 11 because we order by string and
            ** 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
            ** 92, 93, ... instead.  Ugly but fast.
            */

            $decimals = (string)substr($last, 0, strlen($last) - 1);
            $units = substr($last, -1, 1);
            $units++;
            if ($units == 10) {
653
              $units = '90';
654 655
            }

656 657
            // Finally, build the thread field for this new comment.
            $thread = "$parent->thread.". $decimals.$units .'/';
658 659 660 661
          }
        }


662
        $edit["cid"] = db_next_id("{comments}_cid");
663 664 665 666 667 668
        $edit['timestamp'] = time();

        if ($edit['uid'] = $user->uid) {
          $edit['name'] = $user->name;
        }

669

670
        db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit["cid"], $edit["nid"], $edit["pid"], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $status, $score, $users, $thread, $edit["name"], $edit['mail'], $edit["homepage"]);
671 672

        _comment_update_node_statistics($edit['nid']);
673

674 675
        // Tell the other modules a new comment has been submitted.
        module_invoke_all('comment', 'insert', $edit);
676

677
        // Add an entry to the watchdog log.
678
        watchdog('special', t('Comment: added %subject.', array('%subject' => '<em>'. $edit['subject'] .'</em>')), l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
Dries's avatar
Dries committed
679
      }
680

681
      // Clear the cache so an anonymous user can see his comment being added.
Dries's avatar
Dries committed
682
      cache_clear_all();
683

684 685
      // Explain the moderation queue if necessary, and then
      // redirect the user to the node he's commenting on.
686
      if ($status == 1) {
687 688
        drupal_set_message(t('Your comment has been queued for moderation by site administrators and will be published after approval.'));
        drupal_goto('node/'. $edit['nid']);
689 690
      }
      else {
Dries's avatar
Dries committed
691
        drupal_goto('node/'. $edit['nid'] .'#comment-'. $edit['cid']);
692 693 694
      }
    }
    else {
695
      return comment_preview($edit);
Dries's avatar
Dries committed
696 697
    }
  }
698
  else {
699
    watchdog('error', t('Comment: unauthorized comment submitted or comment submitted to a closed node %subject.', array('%subject' => '<em>'. $edit['subject'] .'</em>')));
Dries's avatar
Dries committed
700 701 702 703
  }
}

function comment_links($comment, $return = 1) {
704
  global $user;
Dries's avatar
Dries committed
705

706
  $links = array();
707

708
  // If we are viewing just this comment, we link back to the node.
Dries's avatar
Dries committed
709
  if ($return) {
710
    $links[] = l(t('parent'), comment_node_url(), NULL, NULL, "comment-$comment->cid");
Dries's avatar
Dries committed
711
  }
712

713
  if (node_comment_mode($comment->nid) == 2) {
714
    if (user_access('administer comments') && user_access('access administration pages')) {
715 716 717
      $links[] = l(t('delete'), "admin/comment/delete/$comment->cid");
      $links[] = l(t('edit'), "admin/comment/edit/$comment->cid");
      $links[] = l(t('reply'), "comment/reply/$comment->nid/$comment->cid");
718
    }
719 720
    else if (user_access('post comments')) {
      if (comment_access('edit', $comment)) {
721
        $links[] = l(t('edit'), "comment/edit/$comment->cid");
722
      }
723
      $links[] = l(t('reply'), "comment/reply/$comment->nid/$comment->cid");
Dries's avatar
Dries committed
724 725
    }
    else {
726
      $links[] = theme('comment_post_forbidden');
Dries's avatar
Dries committed
727
    }
Dries's avatar
Dries committed
728
  }
729

730
  if ($moderation = theme('comment_moderation_form', $comment)) {
731 732
    $links[] = $moderation;
  }
733

734
  return $links;
Dries's avatar
Dries committed
735 736
}

737
function comment_render($node, $cid = 0) {
738 739
  global $user;

740 741 742 743 744
  $mode = $_GET['mode'];
  $order = $_GET['order'];
  $threshold = $_GET['threshold'];
  $comments_per_page = $_GET['comments_per_page'];
  $comment_page = $_GET['comment_page'];
Dries's avatar
Dries committed
745

746
  $output = '';
Dries's avatar
Dries committed
747

748 749
  if (user_access('access comments')) {
    // Pre-process variables.
750
    $nid = $node->nid;
Dries's avatar
Dries committed
751 752
    if (empty($nid)) {
      $nid = 0;
Dries's avatar
Dries committed
753 754 755
    }

    if (empty($mode)) {
756
      $mode = $user->mode ? $user->mode : ($_SESSION['comment_mode'] ? $_SESSION['comment_mode'] : variable_get('comment_default_mode', 4));
Dries's avatar
Dries committed
757 758 759
    }

    if (empty($order)) {
760
      $order = $user->sort ? $user->sort : ($_SESSION['comment_sort'] ? $_SESSION['comment_sort'] : variable_get('comment_default_order', 1));
Dries's avatar
Dries committed
761 762
    }
    if (empty($threshold)) {
763
      $threshold = $user->threshold ? $user->threshold : ($_SESSION['comment_threshold'] ? $_SESSION['comment_threshold'] : variable_get('comment_default_threshold', 0));
Dries's avatar
Dries committed
764
    }
765
    $threshold_min = db_result(db_query('SELECT minimum FROM {moderation_filters} WHERE fid = %d', $threshold));
Dries's avatar
Dries committed
766

767
    if (empty($comments_per_page)) {
768
      $comments_per_page = $user->comments_per_page ? $user->comments_per_page : ($_SESSION['comment_comments_per_page'] ? $_SESSION['comment_comments_per_page'] : variable_get('comment_default_per_page', '50'));
769
    }
770

771
    $output .= "<a id=\"comment\"></a>\n";
Dries's avatar
Dries committed
772

Kjartan's avatar
Kjartan committed
773
    if ($cid) {
774
      // Single comment view.
775

776 777
      $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
      $output .= form_hidden('nid', $nid);
778

779
      $result = db_query('SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = 0 GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users', $cid);
780

Dries's avatar
Dries committed
781
      if ($comment = db_fetch_object($result)) {
782
        $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
Dries's avatar
Dries committed
783
        $output .= theme('comment_view', $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1)));
Dries's avatar
Dries committed
784
      }
785

786
      if ((comment_user_can_moderate($node)) && $user->uid != $comment->uid && !(comment_already_moderated($user->uid, $comment->users))) {
787
        $output .= '<div style="text-align: center;">'. form_submit(t('Moderate comment')) .'</div><br />';
788
      }
789
      $output .= '</div></form>';
790
    }
Dries's avatar
Dries committed
791
    else {
792
      // Multiple comment view
793

794
      $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0";
795

796
      $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
797

798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859
      /*
      ** We want to use the standard pager, but threads would need every
      ** comment to build the thread structure, so we need to store some
      ** extra info.
      **
      ** We use a "thread" field to store this extra info. The basic idea
      ** is to store a value and to order by that value. The "thread" field
      ** keeps this data in a way which is easy to update and convenient
      ** to use.
      **
      ** A "thread" value starts at "1". If we add a child (A) to this
      ** comment, we assign it a "thread" = "1.1". A child of (A) will have
      ** "1.1.1". Next brother of (A) will get "1.2". Next brother of the
      ** parent of (A) will get "2" and so on.
      **
      ** First of all note that the thread field stores the depth of the
      ** comment: depth 0 will be "X", depth 1 "X.X", depth 2 "X.X.X", etc.
      **
      ** Now to get the ordering right, consider this example:
      **
      ** 1
      ** 1.1
      ** 1.1.1
      ** 1.2
      ** 2
      **
      ** If we "ORDER BY thread ASC" we get the above result, and this is
      ** the natural order sorted by time.  However, if we "ORDER BY thread
      ** DESC" we get:
      **
      ** 2
      ** 1.2
      ** 1.1.1
      ** 1.1
      ** 1
      **
      ** Clearly, this is not a natural way to see a thread, and users
      ** will get confused. The natural order to show a thread by time
      ** desc would be:
      **
      ** 2
      ** 1
      ** 1.2
      ** 1.1
      ** 1.1.1
      **
      ** which is what we already did before the standard pager patch. To
      ** achieve this we simply add a "/" at the end of each "thread" value.
      ** This way out thread fields will look like depicted below:
      **
      ** 1/
      ** 1.1/
      ** 1.1.1/
      ** 1.2/
      ** 2/
      **
      ** we add "/" since this char is, in ASCII, higher than every number,
      ** so if now we "ORDER BY thread DESC" we get the correct order.  Try
      ** it, it works ;).  However this would spoil the "ORDER BY thread ASC"
      ** Here, we do not need to consider the trailing "/" so we use a
      ** substring only.
      */
860 861

      if ($order == 1) {
862
        if ($mode == 1 || $mode == 2) {
863
          $query .= ' ORDER BY c.timestamp DESC';
864 865
        }
        else {
866
          $query .= ' ORDER BY c.thread DESC';
867
        }
868
      }
869
      else if ($order == 2) {
870
        if ($mode == 1 || $mode == 2) {
871
          $query .= ' ORDER BY c.timestamp';
872 873 874 875 876 877 878 879 880
        }
        else {

          /*
          ** See comment above.  Analysis learns that this doesn't cost
          ** too much.  It scales much much better than having the whole
          ** comment structure.
          */

881
          $query .= ' ORDER BY SUBSTRING(c.thread, 1, (LENGTH(c.thread) - 1))';
882
        }
883 884
      }

885
      // Start a form, for use with comment control and moderation.
886
      $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = '". check_query($nid) ."'");
887 888 889 890 891
      if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) {
        $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
        $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
        $output .= form_hidden('nid', $nid);
        $output .= '</div></form>';
Dries's avatar
Dries committed
892
      }
893

894 895
      $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
      $output .= form_hidden('nid', $nid);
896

897
      while ($comment = db_fetch_object($result)) {
898
        $comment = drupal_unpack($comment);
899
        $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
900
        $comment->depth = count(explode('.', $comment->thread)) - 1;
901

902
        if ($mode == 1) {
903
          $output .= theme('comment_flat_collapsed', $comment, $threshold_min);
904
        }
905
        else if ($mode == 2) {
906
          $output .= theme('comment_flat_expanded', $comment, $threshold_min);
Dries's avatar
Dries committed
907
        }
908
        else if ($mode == 3) {
909
          $output .= theme('comment_thread_min', $comment, $threshold_min);
910
        }
911
        else if ($mode == 4) {
912
          $output .= theme('comment_thread_max', $comment, $threshold_min);
913
        }
914
      }
Dries's avatar
Dries committed
915

916 917 918 919 920 921 922
      /*
      ** Use the standard pager; $pager_total is the number of returned rows,
      ** is global and defined in pager.inc.
      */
      if ($pager = theme('pager', NULL, $comments_per_page, 0, array('comments_per_page' => $comments_per_page))) {
        $output .= $pager;
      }
Dries's avatar
Dries committed
923

924 925 926
      if (db_num_rows($result) && comment_user_can_moderate($node)) {
        $output .= '<div align="center">'. form_submit(t('Moderate comments')) .'</div><br />';
      }
Dries's avatar
Dries committed
927

928
      $output .= '</div></form>';
Dries's avatar
Dries committed
929

930 931 932 933 934 935 936 937 938 939 940 941 942 943
      if (db_num_rows($result) && (variable_get('comment_controls', 0) == 1 || variable_get('comment_controls', 0) == 2)) {
        $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
        $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
        $output .= form_hidden('nid', $nid);
        $output .= '</div></form>';
      }
    }

    // If enabled, show new comment form.
    if (user_access('post comments') && node_comment_mode($nid) == 2 && variable_get('comment_form_location', 0)) {
      $output .= theme('comment_form', array('nid' => $nid), t('Post new comment'));
    }
  }
  return $output;
Dries's avatar
Dries committed
944 945
}

946 947 948
/**
 * Menu callback; edit a comment from the administrative interface.
 */
Dries's avatar
Dries committed
949
function comment_admin_edit($cid) {
Dries's avatar
Dries committed
950

951
  // Comment edits need to be saved.
Dries's avatar
Dries committed
952 953
  if ($_POST['op'] == t('Submit')) {
    $edit = $_POST['edit'];
954
    comment_save($edit['cid'], $edit);
Dries's avatar
Dries committed
955
    drupal_goto('admin/comment');
Dries's avatar
Dries committed
956 957
  }

958
  // If we're not saving our changes above, we're editing it.
959
  $result = db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d', $cid);
960
  $comment = db_fetch_object($result);
961
  $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
962
  $comment = drupal_unpack($comment);
963 964

  if ($comment) {
965 966 967 968 969 970 971 972 973 974
    if (!$comment->uid) {
      // If comment from non-registered user, allow admin to modify anonymous fields.
      $form .= form_textfield(t('Name'), 'name', $comment->name ? $comment->name : variable_get('anonymous', 'Anonymous') , 20, 40);
      $form .= form_textfield(t('E-mail'), 'mail', $comment->mail, 20, 40);
      $form .= form_textfield(t('Homepage'), 'homepage', $comment->homepage, 20, 40);
    }
    else {
      // Otherwise, just display the author's name.
      $form .= form_item(t('Author'), format_name($comment));
    }
975
    $form .= form_textfield(t('Subject'), 'subject', $comment->subject, 70, 128);
976
    $form .= form_textarea(t('Comment'), 'comment', $comment->comment, 70, 15, '');
977
    $form .= filter_form('format', $comment->format);
978
    $form .= form_radios(t('Status'), 'status', $comment->status, array(t('Published'), t('Not published')));
Dries's avatar
Dries committed
979
    $form .= form_hidden('cid', $cid);
980
    $form .= form_submit(t('Submit'));
Dries's avatar
Dries committed
981
    print theme('page', form($form));
982
  }
983 984
}

985 986 987
/**
 * Menu callback; delete a comment.
 */
Dries's avatar
Dries committed
988
function comment_delete($cid) {
989
  $comment = db_fetch_object(db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.cid = %d', $cid));
990
  $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
991

Dries's avatar
Dries committed
992
  $output = '';
993

994
  // We'll only delete if the user has confirmed the
Dries's avatar
Dries committed
995
  // deletion using the form in our else clause below.
996
  if ($comment->cid && $_POST['op'] == t('Delete')) {
997
    drupal_set_message(t('The comment and all its replies have been deleted.'));
998

Dries's avatar
Dries committed
999 1000
    // Delete comment and its replies.
    _comment_delete_thread($comment);
Dries's avatar
Dries committed
1001

1002 1003
    _comment_update_node_statistics($comment->nid);

Dries's avatar
Dries committed
1004 1005 1006
    // Clear the cache so an anonymous user
    // can see his comment being added.
    cache_clear_all();
1007

Dries's avatar
Dries committed
1008
  }
1009

Dries's avatar
Dries committed
1010 1011
  // Print a confirmation.
  else if ($comment->cid) {
1012
    drupal_set_message(t('Do you want to delete this comment and all its replies?'));
1013
    $comment->comment = check_output($comment->comment, $comment->format);
Dries's avatar
Dries committed
1014
    $output  = theme('comment', $comment);
1015
    $output .= form_submit(t('Delete'));
Dries's avatar
Dries committed
1016 1017
  }
  else {
1018
    drupal_set_message(t('The comment no longer exists.'));
Dries's avatar
Dries committed
1019
  }
Dries's avatar
Dries committed
1020 1021

  print theme('page', form($output));
Dries's avatar
Dries committed
1022 1023
}

1024
function comment_save($id, $edit) {
1025
  db_query("UPDATE {comments} SET subject = '%s', comment = '%s', status = %d, format = '%s', name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['subject'], $edit['comment'], $edit['status'], $edit['format'], $edit['name'], $edit['mail'], $edit['homepage'], $id);
1026
  watchdog('special', t('Comment: modified %subject.', array('%subject' => '<em>'. $edit['subject'] .'</em>')));
1027
  drupal_set_message(t('The comment has been saved.'));
1028 1029 1030 1031 1032

  _comment_update_node_statistics($edit['nid']);

  // Allow modules to respond to the updating of a comment.
  module_invoke_all('comment', 'update', $edit);
1033 1034
}

1035 1036 1037 1038
/**
 * Menu callback; present an administrative comment listing.
 */
function comment_admin_overview($type = 'new') {
1039

1040
  $header = array(
1041 1042 1043 1044 1045
    array('data' => t('Subject'), 'field' => 'subject'),
    array('data' => t('Author'), 'field' => 'u.name'),
    array('data' => t('Status'), 'field' => 'status'),
    array('data' => t('Time'), 'field' => 'c.timestamp', 'sort' => 'desc'),
    array('data' => t('Operations'), 'colspan' => 2)
1046 1047
  );

1048
  $status = ($type == 'approval') ? 1 : 0;
1049
  $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status);
1050 1051
  $sql .= tablesort_sql($header);
  $result = pager_query($sql,  50);
1052 1053

  while ($comment = db_fetch_object($result)) {
1054
    $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
1055
    $rows[] = array(
Dries's avatar
Dries committed
1056
        l($comment->subject, "node/$comment->nid", array('title' => htmlspecialchars(truncate_utf8($comment->comment, 128))), NULL, "comment-$comment->cid") ." ". (node_is_new($comment->nid, $comment->timestamp) ? theme('mark') : ''),
1057
        format_name($comment),
1058
        ($comment->status == 0 ? t('Published') : t('Not published')),
1059
        format_date($comment->timestamp, 'small'),
1060 1061
        l(t('edit'), "admin/comment/edit/$comment->cid"),
        l(t('delete'), "admin/comment/delete/$comment->cid")
1062
      );
1063 1064
  }

1065 1066
  if ($pager = theme('pager', NULL, 50, 0, tablesort_pager())) {
    $rows[] = array(array('data' => $pager, 'colspan' => 6));
1067 1068
  }

Dries's avatar
Dries committed
1069
  print theme('page', theme('table', $header, $rows));
1070 1071
}

Dries's avatar
Dries committed
1072 1073 1074 1075
/**
 * Menu callback; presents the moderation vote matrix.
 */
function comment_matrix_settings() {
1076

Dries's avatar
Dries committed
1077
  if ($edit = $_POST['edit']) {
1078
    db_query('DELETE FROM {moderation_roles} ');
Dries's avatar
Dries committed
1079
    foreach ($edit as $role_id => $votes) {
1080
      foreach ($votes as $mid => $value) {
1081
        $sql = "('$mid', '$role_id', '". ($value ? $value : 0) ."')";
Dries's avatar
Dries committed
1082
        db_query('INSERT INTO {moderation_roles} (mid, rid, value) VALUES '. $sql);
1083 1084
      }
    }
1085
    drupal_set_message(t('The vote values have been saved.'));
1086 1087
  }