comment.module 73.7 KB
Newer Older
1
<?php
2
// $Id$
3

Dries's avatar
Dries committed
4 5
/**
 * @file
6
 * Enables users to comment on published content.
Dries's avatar
Dries committed
7 8 9 10 11 12
 *
 * When enabled, the Drupal comment module creates a discussion
 * board for each Drupal node. Users can post comments to discuss
 * a forum topic, weblog post, story, collaborative book page, etc.
 */

13 14 15 16 17 18
/*
 * Constants
 */
 define('COMMENT_PUBLISHED', 0);
 define('COMMENT_NOT_PUBLISHED', 1);

19 20 21
/**
 * Implementation of hook_help().
 */
Dries's avatar
Dries committed
22
function comment_help($section = "admin/help#comment") {
23
  switch ($section) {
24
    case 'admin/help#comment':
25
      return t("
Dries's avatar
Dries committed
26 27
      <p>When enabled, the Drupal comment module creates a discussion board for each Drupal node. Users can post comments to discuss a forum topic, weblog post, story, collaborative book page, etc. An administrator can give comment permissions to user groups, and users can (optionally) edit their last comment, assuming no others have been posted since.</p>

28 29
      <h3>User control of comment display</h3>
      <p>Attached to each comment board is a control panel for customizing the way that comments are displayed. Users can control the chronological ordering of posts (newest or oldest first) and the number of posts to display on each page. Additional settings include:</p>
Dries's avatar
Dries committed
30 31 32 33 34
      <ul><li><strong>Threaded</strong> &mdash; Displays the posts grouped according to conversations and subconversations.</li>
      <li><strong>Flat</strong> &mdash;  Displays the posts in chronological order, with no threading whatsoever.</li>
      <li><strong>Expanded</strong> &mdash; Displays the title and text for each post.</li>
      <li><strong>Collapsed</strong> &mdash; Displays only the title for each post.</li></ul>
      <p>When a user chooses <em>save settings</em>, the comments are then redisplayed using the user's new choices. Administrators can set the default settings for the comment control panel, along with other comment defaults, in <a href=\"%comment-config\">administer &raquo; comments &raquo; configure</a>. NOTE: When comment moderation is enabled, users will have another control panel option to control thresholds (see below).</p>
35

36
      <h3>Additional comment configurations</h3>
37
      <p>Comments behave like other user submissions in Drupal. Filters, smileys and HTML that work in nodes will also work with comments. Administrators can control access to various comment module functions through <a href=\"%permissions\">administer &raquo; access control &raquo; permissions</a>. Know that in a new Drupal installation, all comment permissions are disabled by default. The choice of which permissions to grant to which roles (groups of users) is left up to the site administrator. The following permissions:</p>
Dries's avatar
Dries committed
38 39 40 41 42
      <ul><li><strong>Access comments</strong> &mdash; Allows users to view comments.</li>
      <li><strong>Administrate comments</strong> &mdash; Allows users complete control over configuring, editing and deleting all comments.</li>
      <li><strong>Moderate comments</strong> &mdash; Allows users to rate comment postings (see more on moderation below).</li>
      <li><strong>Post comments</strong> &mdash; Allows users to post comments into an administrator moderation queue.</li>
      <li><strong>Post comments without approval</strong> &mdash; Allows users to directly post comments, bypassing the moderation queue.</li></ul>
43

44
      <h3>Notification of new comments</h3>
Dries's avatar
Dries committed
45 46 47
      <p>Drupal provides specific features to inform site members when new comments have been posted.</p>
      <p>Drupal displays the total number of comments attached to each node, and tracks comments read by individual site members. Members which have logged in will see a notice accompanying nodes which contain comments they have not read. Some administrators may want to <a href=\"%download-notify\">download, install and configure the notify module</a>. Users can then request that Drupal send them an e-mail when new comments are posted (the notify module requires that cron.php be configured properly).</p>
      <p>The <em>tracker</em> module, disabled by default, displays all the site's recent posts.  There is a link to the <a href=\"%tracker\">recent posts</a> page in the navigation block.  This page is a useful way to browse new or updated nodes and comments. Content which the user has not yet read is tagged with a red star (this graphic depends on the current theme). Visit the comment board for any node, and Drupal will display a red <em>\"new\"</em> label beside the text of unread comments.</p>
48

49 50
      <h3>Comment moderation</h3>
      <p>On sites with active commenting from users, the administrator can turn over comment moderation to the community. </p>
51
      <p>With comment moderation, each comment is automatically assigned an initial rating. As users read comments, they can apply a vote which affects the comment rating. At the same time, users have an additional option in the control panel which allows them to set a threshold for the comments they wish to view. Those comments with ratings lower than the set threshold will not be shown. To enable moderation, the administrator must grant <a href=\"%permissions\">moderate comments</a> permissions. Then, a number of options in <a href=\"%comment-config\">administer &raquo; comments &raquo; configure</a> must be configured.</p>
52

53
      <h4>Moderation votes</h4>
54
      <p>The first step is to create moderation labels which allow users to rate a comment.  Go to <a href=\"%comment-votes\">administer &raquo; comments &raquo; configure &raquo; moderation votes</a>. In the <em>vote</em> field, enter the textual labels which users will see when casting their votes. Some examples are</p>
Dries's avatar
Dries committed
55 56
      <ul><li>Excellent +3</li><li>Insightful +2</li><li>Useful +1</li><li>Redundant -1</li><li>Flame -3</li></ul>
      <p>So that users know how their votes affect the comment, these examples include the vote value as part of the label, although that is optional. Using the weight option, you can control the order in which the votes appear to users. Setting the weight heavier (positive numbers) will make the vote label appear at the bottom of the list. Lighter (a negative number) will push it to the top. To encourage positive voting, a useful order might be higher values, positive votes, at the top, with negative votes at the bottom.</p>
57

58
      <h4>Moderator vote/values matrix</h4>
Dries's avatar
Dries committed
59
      <p>Next go to <a href=\"%comment-matrix\">administer &raquo; comments &raquo; configure &raquo; moderation matrix</a>. Enter the values for the vote labels for each permission role in the vote matrix. The values entered here will be used to create the rating for each comment. NOTE: Comment ratings are calculated by averaging user votes with the initial rating.</p>
60

61
      <h4>Creating comment thresholds</h4>
62
      <p>In <a href=\"%comment-thresholds\">administer &raquo; comments &raquo; configure &raquo; moderation thresholds</a>, you'll have to create some comment thresholds to make the comment rating system useful. When comment moderation is enabled and the thresholds are created, users will find another comment control panel option for selecting their thresholds. They'll use the thresholds you enter here to filter out comments with low ratings. Consequently, you'll probably want to create more than one threshold to give users some flexibility in filtering comments.</p>
Dries's avatar
Dries committed
63
      <p>When creating the thresholds, note that the <em>Minimum score</em> is asking you for the lowest rating that a comment can have in order to be displayed. To see a common example of how thresholds work, you might visit <a href=\"%slashdot\">Slashdot</a> and view one of their comment boards associated with a story. You can reset the thresholds in their comment control panel.</p>
64

65
      <h4>Initial comment scores</h4>
66
      <p>Finally, you may want to enter some <em>initial comment scores</em>. In <a href=\"%comment-initial\">administer &raquo; comments &raquo; configure &raquo; moderation roles</a> you can assign a beginning rating for all comments posted by a particular permission role. If you do not assign any initial scores, Drupal will assign a rating of <strong>0</strong> as the default.</p>", array('%comment-config' => url('admin/comment/configure'), '%permissions' => url('admin/access/permissions'), '%tracker' => url('tracker'), '%download-notify' => 'http://drupal.org/project/releases', '%comment-votes' => url('admin/comment/configure/votes'), '%comment-matrix' => url('admin/comment/configure/matrix'), '%comment-thresholds' => url('admin/comment/configure/thresholds'), '%slashdot' => ' http://slashdot.org', '%comment-initial' => url('admin/comment/configure/roles')));
67
    case 'admin/comment':
68
    case 'admin/comment/new':
69
      return t("<p>Below is a list of the latest comments posted to your site. Click on a subject to see the comment, the author's name to edit the author's user information , \"edit\" to modify the text, and \"delete\" to remove their submission.</p>");
Dries's avatar
Dries committed
70
    case 'admin/comment/approval':
71
      return t("<p>Below is a list of the comments posted to your site that need approval. To approve a comment, click on \"edit\" and then change its \"moderation status\" to Approved. Click on a subject to see the comment, the author's name to edit the author's user information, \"edit\" to modify the text, and \"delete\" to remove their submission.</p>");
Dries's avatar
Dries committed
72 73
    case 'admin/comment/configure':
    case 'admin/comment/configure/settings':
74
      return t("<p>Comments can be attached to any node, and their settings are below. The display comes in two types: a \"flat list\" where everything is flush to the left side, and comments come in chronological order, and a \"threaded list\" where replies to other comments are placed immediately below and slightly indented, forming an outline. They also come in two styles: \"expanded\", where you see both the title and the contents, and \"collapsed\" where you only see the title. Preview comment forces a user to look at their comment by clicking on a \"Preview\" button before they can actually add the comment.</p>");
75
    case 'admin/comment/configure/matrix':
76
      return t("<p>Here you assign a value to each item in the comment moderation dropdown menu. This value is added to the vote total, which is then divided by the number of users who have voted and rounded off to the nearest integer.</p><ul><li>In order to use comment moderation, every text box on this page should be populated.</li><li>You must assign the \"moderate comments\" permission to at least one role in order to use this page.</li><li>Every box not filled in will have a value of zero, which will have the effect of lowering a comments overall score.</li></ul>");
Dries's avatar
Dries committed
77
    case 'admin/comment/configure/roles':
78
      return t("<p>You can setup the initial vote value of a comment posted by each user role using these forms. This value is used before any other users vote on the comment. Blank entries are valued at zero.</p>");
79
    case 'admin/comment/configure/thresholds':
80
      return t("<p>Use these forms to setup the name and minimum \"cut off\" score to help your users hide comments they don't want to see. These thresholds appear in the user's comment control panel. Click \"edit threshold\" to modify the values of an already existing configuration. To delete a setting, \"edit\" it first, and then choose \"delete threshold\".</p>");
81
    case 'admin/comment/configure/votes':
82
      return t('<p>Create and control the possible comment moderation votes here. "Weight" lets you set the order of the drop down menu. Click "edit" to edit a current vote weight. To delete a name/weight combination go to the "edit" area. To delete a setting, "edit" it first, and then choose "delete vote".</p>');
Dries's avatar
Dries committed
83
    case 'admin/modules#description':
84
      return t('Allows users to comment on and discuss published content.');
85
   }
86 87
}

88 89 90
/**
 * Implementation of hook_menu().
 */
91
function comment_menu($may_cache) {
92 93
  $items = array();

94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
  if ($may_cache) {
    $access = user_access('administer comments');
    $items[] = array('path' => 'admin/comment', 'title' => t('comments'),
      'callback' => 'comment_admin_overview', 'access' => $access);

    // Tabs:
    $items[] = array('path' => 'admin/comment/list', 'title' => t('list'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
    $items[] = array('path' => 'admin/comment/configure', 'title' => t('configure'),
      'callback' => 'comment_configure', 'access' => $access, 'type' => MENU_LOCAL_TASK);

    // Subtabs:
    $items[] = array('path' => 'admin/comment/list/new', 'title' => t('new comments'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
    $items[] = array('path' => 'admin/comment/list/approval', 'title' => t('approval queue'),
      'callback' => 'comment_admin_overview', 'access' => $access,
110
      'callback arguments' => array('approval'),
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
      'type' => MENU_LOCAL_TASK);

    $items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);

    $access = user_access('administer comments') && user_access('administer moderation');
    $items[] = array('path' => 'admin/comment/configure/matrix', 'title' => t('moderation matrix'),
      'callback' => 'comment_matrix_settings', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    $items[] = array('path' => 'admin/comment/configure/thresholds', 'title' => t('moderation thresholds'),
      'callback' => 'comment_threshold_settings', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    $items[] = array('path' => 'admin/comment/configure/roles', 'title' => t('moderation roles'),
      'callback' => 'comment_role_settings', 'access' => $access, 'type' => MENU_LOCAL_TASK);
    $items[] = array('path' => 'admin/comment/configure/votes', 'title' => t('moderation votes'),
      'callback' => 'comment_vote_settings', 'access' => $access,'type' => MENU_LOCAL_TASK);

    $access = user_access('post comments');
127 128
    $items[] = array('path' => 'comment/reply', 'title' => t('reply to comment'),
      'callback' => 'comment_save_settings', 'access' => 1, 'type' => MENU_CALLBACK);
129
    $items[] = array('path' => 'comment/edit', 'title' => t('edit comment'),
130
      'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK);
131 132
    $items[] = array('path' => 'comment/delete', 'title' => t('delete comment'),
      'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK);
133
  }
134 135
  else {
    if (arg(0) == 'comment' && arg(1) == 'reply' && is_numeric(arg(2))) {
136
      $node = node_load(arg(2));
137 138 139 140 141 142 143 144 145 146
      if ($node->nid) {
        $items[] = array('path' => 'comment/reply', 'title' => t('reply to comment'),
          'callback' => 'comment_reply', 'access' => node_access('view', $node), 'type' => MENU_CALLBACK);
      }
    }
    if ((arg(0) == 'node') && is_numeric(arg(1)) && is_numeric(arg(2))) {
      $items[] = array('path' => ('node/'. arg(1) .'/'. arg(2)), 'title' => t('view'),
        'callback' => 'node_page',
        'type' => MENU_CALLBACK);
    }
147
  }
148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168

  return $items;
}

/**
 * Implementation of hook_perm().
 */
function comment_perm() {
  return array('access comments', 'post comments', 'administer comments', 'moderate comments', 'post comments without approval', 'administer moderation');
}

/**
 * Implementation of hook_block().
 *
 * Generates a block with the most recent comments.
 */
function comment_block($op = 'list', $delta = 0) {
  if ($op == 'list') {
    $blocks[0]['info'] = t('Recent comments');
    return $blocks;
  }
169
  else if ($op == 'view' && user_access('access comments')) {
170
    $result = db_query_range(db_rewrite_sql('SELECT c.nid, c.* FROM {comments} c WHERE c.status = %d ORDER BY c.timestamp DESC', 'c'), COMMENT_PUBLISHED, 0, 10);
171 172
    $items = array();
    while ($comment = db_fetch_object($result)) {
173
      $items[] = l($comment->subject, 'node/'. $comment->nid, NULL, NULL, 'comment-'. $comment->cid) .'<br />'. t('%time ago', array('%time' => format_interval(time() - $comment->timestamp)));
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239
    }

    $block['subject'] = t('Recent comments');
    $block['content'] = theme('item_list', $items);
    return $block;
  }
}

/**
 * Implementation of hook_link().
 */
function comment_link($type, $node = 0, $main = 0) {
  $links = array();

  if ($type == 'node' && $node->comment) {

    if ($main) {
      // Main page: display the number of comments that have been posted.

      if (user_access('access comments')) {
        $all = comment_num_all($node->nid);
        $new = comment_num_new($node->nid);

        if ($all) {
          $links[] = l(format_plural($all, '1 comment', '%count comments'), "node/$node->nid", array('title' => t('Jump to the first comment of this posting.')), NULL, 'comment');

          if ($new) {
            $links[] = l(format_plural($new, '1 new comment', '%count new comments'), "node/$node->nid", array('title' => t('Jump to the first new comment of this posting.')), NULL, 'new');
          }
        }
        else {
          if ($node->comment == 2) {
            if (user_access('post comments')) {
              $links[] = l(t('add new comment'), "comment/reply/$node->nid", array('title' => t('Add a new comment to this page.')));
            }
            else {
              $links[] = theme('comment_post_forbidden');
            }
          }
        }
      }
    }
    else {
      // Node page: add a "post comment" link if the user is allowed to
      // post comments, if this node is not read-only, and if the comment form isn't already shown

      if ($node->comment == 2 && variable_get('comment_form_location', 0) == 0) {
        if (user_access('post comments')) {
          $links[] = l(t('add new comment'), "comment/reply/$node->nid", array('title' => t('Share your thoughts and opinions related to this posting.')), NULL, 'comment');
        }
        else {
          $links[] = theme('comment_post_forbidden');
        }
      }
    }
  }

  if ($type == 'comment') {
    $links = comment_links($node, $main);
  }

  return $links;
}

/**
 * Implementation of hook_nodeapi().
240
 *
241 242 243 244
 */
function comment_nodeapi(&$node, $op, $arg = 0) {
  switch ($op) {
    case 'settings':
245 246
      return form_radios(t('Default comment setting'), 'comment_'. $node->type, variable_get('comment_'. $node->type, 2), array(t('Disabled'), t('Read only'), t('Read/Write')), t('Users with the <em>administer comments</em> permission will be able to override this setting.'));

247 248
    case 'fields':
      return array('comment');
249

250 251 252 253
    case 'form admin':
      if (user_access('administer comments')) {
        $selected = isset($node->comment) ? $node->comment : variable_get("comment_$node->type", 2);
        $output = form_radios('', 'comment', $selected, array(t('Disabled'), t('Read only'), t('Read/write')));
254
        return form_group_collapsible(t('Comment options'), $output, TRUE);
255 256
      }
      break;
257

258
    case 'load':
259
      return db_fetch_array(db_query("SELECT last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid = %d", $node->nid));
260
    case 'validate':
261
      if (!user_access('administer comments')) {
262 263 264 265
        // Force default for normal users:
        $node->comment = variable_get("comment_$node->type", 2);
      }
      break;
266

267
    case 'insert':
268
      db_query('INSERT INTO {node_comment_statistics} (nid, last_comment_timestamp, last_comment_name, last_comment_uid, comment_count) VALUES (%d, %d, NULL, %d, 0)', $node->nid, $node->created, $node->uid);
269
      break;
270

271
    case 'delete':
272 273
      db_query('DELETE FROM {comments} WHERE nid = %d', $node->nid);
      db_query('DELETE FROM {node_comment_statistics} WHERE nid = %d', $node->nid);
274
      break;
275

276 277
    case 'update index':
      $text = '';
278
      $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = %d', $node->nid, COMMENT_PUBLISHED);
279
      while ($comment = db_fetch_object($comments)) {
280
        $text .= '<h2>'. check_plain($comment->subject) .'</h2>'. check_markup($comment->comment, $comment->format, FALSE);
281 282
      }
      return $text;
283

284 285 286
    case 'search result':
      $comments = db_result(db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = %d', $node->nid));
      return format_plural($comments, '1 comment', '%count comments');
287 288
    case 'rss item':
      return array(array('key' => 'comments', 'value' => url('node/'.$node->nid, NULL, 'comment', TRUE)));
289 290 291 292 293 294 295 296 297 298 299
  }
}

/**
 * Implementation of hook_user().
 *
 * Provides signature customization for the user's comments.
 */
function comment_user($type, $edit, &$user, $category = NULL) {
  if ($type == 'form' && $category == 'account') {
    // when user tries to edit his own data
300
    return array(array('title' => t('Comment settings'), 'data' => form_textarea(t('Signature'), 'signature', $edit['signature'], 60, 5, t('Your signature will be publicly displayed at the end of your comments.')), 'weight' => 2));
301 302 303 304 305 306 307
  }
  if ($type == 'validate') {
    // validate user data editing
    return array('signature' => $edit['signature']);
  }
}

308
/**
Dries's avatar
Dries committed
309
 * Menu callback; presents the comment settings page.
310
 */
Dries's avatar
Dries committed
311 312 313 314 315
function comment_configure() {
  if ($_POST) {
    system_settings_save();
  }

316 317 318
  $group  = form_radios(t('Default display mode'), 'comment_default_mode', variable_get('comment_default_mode', 4), _comment_get_modes(), t('The default view for comments. Expanded views display the body of the comment. Threaded views keep replies together.'));
  $group .= form_radios(t('Default display order'), 'comment_default_order', variable_get('comment_default_order', 1), _comment_get_orders(), t('The default sorting for new users and anonymous users while viewing comments. These users may change their view using the comment control panel. For registered users, this change is remembered as a persistent user preference.'));
  $group .= form_select(t('Default comments per page'), 'comment_default_per_page', variable_get('comment_default_per_page', '50'), _comment_per_page(), t('Default number of comments for each page: more comments are distributed in several pages.'));
319
  $group .= form_radios(t('Comment controls'), 'comment_controls', variable_get('comment_controls', 3), array(t('Display above the comments'), t('Display below the comments'), t('Display above and below the comments'), t('Do not display')), t('Position of the comment controls box.  The comment controls let the user change the default display mode and display order of comments.'));
Dries's avatar
Dries committed
320
  $output = form_group(t('Comment viewing options'), $group);
321

322
  $group  = form_radios(t('Anonymous poster settings'), 'comment_anonymous', variable_get('comment_anonymous', 0), array(t('Anonymous posters may not enter their contact information'), t('Anonymous posters may leave their contact information'), t('Anonymous posters must leave their contact information')), t('This feature is only useful if you allow anonymous users to post comments.  See the <a href="%url">permissions page</a>.', array('%url' => url('admin/access/permissions'))));
323
  $group .= form_radios(t('Comment subject field'), 'comment_subject_field', variable_get('comment_subject_field', 1), array(t('Disabled'), t('Enabled')), t('Can users provide a unique subject for their comments?'));
324 325
  $group .= form_radios(t('Preview comment'), 'comment_preview', variable_get('comment_preview', 1), array(t('Optional'), t('Required')));
  $group .= form_radios(t('Location of comment submission form'), 'comment_form_location', variable_get('comment_form_location', 0), array(t('Display on separate page'), t('Display below post or comments')));
326
  $output .= form_group(t('Comment posting settings'), $group);
327

328
  $result = db_query('SELECT fid, filter FROM {moderation_filters} ');
329 330
  while ($filter = db_fetch_object($result)) {
    $thresholds[$filter->fid] = ($filter->filter);
331
  }
332
  if ($thresholds) {
333
    $group = form_select(t('Default threshold'), 'comment_default_threshold', variable_get('comment_default_threshold', 0), $thresholds, t('Thresholds are values below which comments are hidden. These thresholds are useful for busy sites which want to hide poor comments from most users.'));
334 335
    $output .= form_group(t('Comment moderation settings'), $group);
  }
336

337
  return system_settings_form($output);
338 339
}

340 341 342 343 344 345 346 347 348 349
/**
 * This is *not* a hook_access() implementation. This function is called
 * to determine whether the current user has access to a particular comment.
 *
 * Authenticated users can edit their comments as long they have not been
 * replied to. This prevents people from changing or revising their
 * statements based on the replies their posts got. Furthermore, users
 * can't reply to their own comments and are encouraged instead to extend
 * their original comment.
 */
Dries's avatar
Dries committed
350
function comment_access($op, $comment) {
Dries's avatar
Dries committed
351 352
  global $user;

353
  if ($op == 'edit') {
354
    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments');
Dries's avatar
Dries committed
355 356
  }
}
357

358
function comment_node_url() {
Dries's avatar
Dries committed
359
  return arg(0) .'/'. arg(1);
360
}
Dries's avatar
Dries committed
361

Dries's avatar
Dries committed
362 363 364
function comment_edit($cid) {
  global $user;

365
  $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d', $cid));
366
  $comment = drupal_unpack($comment);
367
  $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
368
  if (comment_access('edit', $comment)) {
369
    return theme('comment_form', object2array($comment));
370 371 372
  }
  else {
    drupal_access_denied();
Dries's avatar
Dries committed
373 374 375
  }
}

Dries's avatar
Dries committed
376
function comment_reply($nid, $pid = NULL) {
377
  // set the breadcrumb trail
378
  $node = node_load($nid);
379
  menu_set_location(array(array('path' => "node/$nid", 'title' => $node->title), array('path' => "comment/reply/$nid")));
380

381
  $output = '';
382

Dries's avatar
Dries committed
383 384 385
  // are we posting or previewing a reply?
  if ($_POST['op'] == t('Post comment')) {
    $edit = $_POST['edit'];
386
    $edit = comment_validate($edit);
387
    drupal_set_title(t('Post comment'));
388 389 390 391 392 393 394
    if (!$cid = comment_save($edit)) {
      // comment could not be posted. show edit form with errors
      return comment_preview($edit);
    }
    else {
      drupal_goto("node/$nid#comment-$cid");
    }
Dries's avatar
Dries committed
395 396 397
  }
  else if ($_POST['op'] == t('Preview comment')) {
    $edit = $_POST['edit'];
398
    $edit = comment_validate($edit);
399
    drupal_set_title(t('Preview comment'));
400
    return comment_preview($edit);
Dries's avatar
Dries committed
401
  }
402

Dries's avatar
Dries committed
403 404 405 406 407
  // or are we merely showing the form?
  if (user_access('access comments')) {

    // if this is a reply to another comment, show that comment first
    // else, we'll just show the user the node they're commenting on.
408
    if ($pid) {
409
      $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED));
410
      $comment = drupal_unpack($comment);
411
      $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
412
      $output .= theme('comment_view', $comment);
413
    }
414
    else if (user_access('access content')) {
415
      $output .= node_view($node);
416 417
      $pid = 0;
    }
Dries's avatar
Dries committed
418

Dries's avatar
Dries committed
419
    // should we show the reply box?
420
    if (node_comment_mode($nid) != 2) {
421
      drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error');
Kjartan's avatar
Kjartan committed
422
    }
423 424
    else if (user_access('post comments')) {
      $output .= theme('comment_form', array('pid' => $pid, 'nid' => $nid), t('Reply'));
425 426
    }
    else {
427
      drupal_set_message(t('You are not authorized to post comments.'), 'error');
428
    }
Kjartan's avatar
Kjartan committed
429 430
  }
  else {
431
    drupal_set_message(t('You are not authorized to view comments.'), 'error');
Dries's avatar
Dries committed
432
  }
433

434
  return $output;
Dries's avatar
Dries committed
435 436
}

437
function comment_validate($edit) {
438
  global $user;
439

440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469
  // only admins can change these fields
  if (!user_access('administer comments')) {
    $edit['uid'] = $user->uid;
    $edit['timestamp'] = time();
    $edit['status'] = user_access('post comments without approval') ? 0 : 1;
  }
  else {
    if (strtotime($edit['date']) != -1) {
      $edit['timestamp'] = strtotime($edit['date']);
    }
    else {
      form_set_error('date', t('You have to specify a valid date.'));
    }

    if ($edit['uid']) {
      // if a registered user posted the comment, we assume you only want to transfer authorship
      // to another registered user. Name changes are freely allowed on anon comments.
      if ($account = user_load(array('name' => $edit['author']))) {
        $edit['uid'] = $account->uid;
      }
      else {
        form_set_error('author', t('You have to specify a valid author.'));
      }
    }
    else {
      $edit['uid'] = 0;
      $edit['name'] = $edit['author'];
    }
  }

470 471
  // Validate the comment's subject.  If not specified, extract
  // one from the comment's body.
472 473 474 475 476
  if (trim($edit['subject']) == '') {
    // The body may be in any format, so we:
    // 1) Filter it into HTML
    // 2) Strip out all HTML tags
    // 3) Convert entities back to plain-text.
477 478
  // Note: format is checked by check_markup().
    $edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_markup($edit['comment'], $edit['format']))), 29, TRUE);
479
  }
480

481
  // Validate the comment's body.
482 483 484 485
  if ($edit['comment'] == '') {
    form_set_error('comment', t('The body of your comment is empty.'));
  }

486
  // Validate filter format
487
  if (array_key_exists('format', $edit) && !filter_access($edit['format'])) {
488 489 490
    form_set_error('format', t('The supplied input format is invalid.'));
  }

491
  // Check validity of name, mail and homepage (if given)
492 493 494
  if (!$user->uid) {
    if (variable_get('comment_anonymous', 0) > 0) {
      if ($edit['name']) {
495
        $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
496 497 498 499 500 501 502 503 504 505 506 507

        if ($taken != 0) {
          form_set_error('name', t('The name you used belongs to a registered user.'));
        }

      }
      else if (variable_get('comment_anonymous', 0) == 2) {
        form_set_error('name', t('You have to leave your name.'));
      }

      if ($edit['mail']) {
        if (!valid_email_address($edit['mail'])) {
508
          form_set_error('mail', t('The e-mail address you specified is not valid.'));
509 510 511 512 513 514 515 516 517 518 519 520 521
        }
      }
      else if (variable_get('comment_anonymous', 0) == 2) {
        form_set_error('mail', t('You have to leave an e-mail address.'));
      }

      if ($edit['homepage']) {
        if (!valid_url($edit['homepage'], TRUE)) {
          form_set_error('homepage', t('The URL of your homepage is not valid.  Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.'));
        }
      }
    }
  }
522 523 524
  // verify that this submission was actually generated using a local form
  form_validate($edit, 'comment'. $edit['nid'] . $edit['pid']);

525
  return $edit;
526 527
}

Dries's avatar
Dries committed
528
function comment_preview($edit) {
529
  global $user;
Dries's avatar
Dries committed
530

531
  $output = '';
532

533
  $comment = array2object($edit);
534

535
  // Attach the user and time information.
536 537 538 539 540 541 542 543 544 545 546
  if ($edit['author']) {
    $account = user_load(array('name' => $edit['author']));
  }
  elseif ($user->uid) {
    $account = $user;
  }
  if ($account) {
    $comment->uid = $account->uid;
    $comment->name = check_plain($account->name);
  }
  $comment->timestamp = $edit['timestamp'] ? $edit['timestamp'] : time();
547

548
  // Preview the comment.
549
  $output .= theme('comment_view', $comment);
550
  $output .= theme('comment_form', $edit, t('Reply'));
Kjartan's avatar
Kjartan committed
551

552
  if ($edit['pid']) {
553
    $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED));
554
    $comment = drupal_unpack($comment);
555
    $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
556
    $output .= theme('comment_view', $comment);
Kjartan's avatar
Kjartan committed
557 558
  }
  else {
559
    $output .= node_view(node_load($edit['nid']));
560
    $edit['pid'] = 0;
Kjartan's avatar
Kjartan committed
561
  }
562 563

  return $output;
Dries's avatar
Dries committed
564 565
}

566 567 568 569 570 571 572 573 574 575 576
/**
 * Accepts a submission of new or changed comment content.
 *
 * @param $edit
 *   A comment array.
 *
 * @return
 *   If the comment is successfully saved the comment ID is returned.  If the comment
 *   is not saved, FALSE is returned.
 */
function comment_save($edit) {
577
  global $user;
578
  if (user_access('post comments') && (user_access('administer coments') || node_comment_mode($edit['nid']) == 2)) {
579
    if (!form_get_errors()) {
580 581
      // Check for duplicate comments.  Note that we have to use the
      // validated/filtered data to perform such check.
582
      $duplicate = db_result(db_query("SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND nid = %d AND subject = '%s' AND comment = '%s'", $edit['pid'], $edit['nid'], $edit['subject'], $edit['comment']), 0);
583
      if ($duplicate != 0) {
584
        watchdog('content', t('Comment: duplicate %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_WARNING);
585
      }
Dries's avatar
Dries committed
586

587
      if ($edit['cid']) {
588 589
        // Update the comment in the database.
        db_query("UPDATE {comments} SET status = '%s', timestamp = '%d', subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['cid']);
590

591 592
        _comment_update_node_statistics($edit['nid']);

593 594
        // Allow modules to respond to the updating of a comment.
        module_invoke_all('comment', 'update', $edit);
Dries's avatar
Dries committed
595

Dries's avatar
Dries committed
596
        // Add an entry to the watchdog log.
597
        watchdog('content', t('Comment: updated %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
Dries's avatar
Dries committed
598 599
      }
      else {
600
        // Add the comment to database.
601
        $status = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
602
        $roles = variable_get('comment_roles', array());
603 604 605 606 607 608
        $score = 0;

        foreach (array_intersect(array_keys($roles), array_keys($user->roles)) as $rid) {
          $score = max($roles[$rid], $score);
        }

609 610
        $users = serialize(array(0 => $score));

611 612
        // Here we are building the thread field.  See the comment
        // in comment_render().
613
        if ($edit['pid'] == 0) {
614 615
          // This is a comment with no parent comment (depth 0): we start
          // by retrieving the maximum thread level.
616
          $max = db_result(db_query('SELECT MAX(thread) FROM {comments} WHERE nid = %d', $edit['nid']));
617

618 619
          // Strip the "/" from the end of the thread.
          $max = rtrim($max, '/');
620

621 622 623 624 625
          // Next, we increase this value by one.  Note that we can't
          // use 1, 2, 3, ... 9, 10, 11 because we order by string and
          // 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
          // 92, 93, ... instead.  Ugly but fast.
          $decimals = (string) substr($max, 0, strlen($max) - 1);
626 627 628 629 630 631 632 633 634
          $units = substr($max, -1, 1);
          if ($units) {
            $units++;
          }
          else {
            $units = 1;
          }

          if ($units == 10) {
635
            $units = '90';
636 637
          }

638
          // Finally, build the thread field for this new comment.
639
          $thread = $decimals . $units .'/';
640 641
        }
        else {
642 643
          // This is comment with a parent comment: we increase
          // the part of the thread value at the proper depth.
644 645

          // Get the parent comment:
646
          $parent = db_fetch_object(db_query('SELECT * FROM {comments} WHERE cid = %d', $edit['pid']));
647

648
          // Strip the "/" from the end of the parent thread.
649
          $parent->thread = (string) rtrim((string) $parent->thread, '/');
650

651
          // Get the max value in _this_ thread.
652
          $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE '%s.%%' AND nid = %d", $parent->thread, $edit['nid']));
653

654 655
          if ($max == '') {
            // First child of this parent.
656
            $thread = $parent->thread .'.1/';
657 658
          }
          else {
659 660
            // Strip the "/" at the end of the thread.
            $max = rtrim($max, '/');
661

662 663 664
            // We need to get the value at the correct depth.
            $parts = explode('.', $max);
            $parent_depth = count(explode('.', $parent->thread));
665 666
            $last = $parts[$parent_depth];

667 668 669 670
            // Next, we increase this value by one.  Note that we can't
            // use 1, 2, 3, ... 9, 10, 11 because we order by string and
            // 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
            // 92, 93, ... instead.  Ugly but fast.
671 672 673 674
            $decimals = (string)substr($last, 0, strlen($last) - 1);
            $units = substr($last, -1, 1);
            $units++;
            if ($units == 10) {
675
              $units = '90';
676 677
            }

678
            // Finally, build the thread field for this new comment.
679
            $thread = $parent->thread .'.'. $decimals . $units .'/';
680 681 682 683
          }
        }


684
        $edit['cid'] = db_next_id('{comments}_cid');
685 686 687 688 689 690
        $edit['timestamp'] = time();

        if ($edit['uid'] = $user->uid) {
          $edit['name'] = $user->name;
        }

691

692
        db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $edit['status'], $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
693 694

        _comment_update_node_statistics($edit['nid']);
695

696 697
        // Tell the other modules a new comment has been submitted.
        module_invoke_all('comment', 'insert', $edit);
698

699
        // Add an entry to the watchdog log.
700
        watchdog('content', t('Comment: added %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
Dries's avatar
Dries committed
701
      }
702

703
      // Clear the cache so an anonymous user can see his comment being added.
Dries's avatar
Dries committed
704
      cache_clear_all();
705

706
      // Explain the approval queue if necessary, and then
707
      // redirect the user to the node he's commenting on.
708
      if ($status == COMMENT_NOT_PUBLISHED) {
709
        drupal_set_message(t('Your comment has been queued for moderation by site administrators and will be published after approval.'));
710
      }
711
      return $edit['cid'];
712 713
    }
    else {
714
      return FALSE;
Dries's avatar
Dries committed
715 716
    }
  }
717
  else {
718
    $txt = t('Comment: unauthorized comment submitted or comment submitted to a closed node %subject.', array('%subject' => theme('placeholder', $edit['subject'])));
719 720 721
    watchdog('content', $txt, WATCHDOG_WARNING);
    drupal_set_message($txt, 'error');
    return FALSE;
Dries's avatar
Dries committed
722 723 724 725
  }
}

function comment_links($comment, $return = 1) {
726
  global $user;
Dries's avatar
Dries committed
727

728
  $links = array();
729

730
  // If we are viewing just this comment, we link back to the node.
Dries's avatar
Dries committed
731
  if ($return) {
732
    $links[] = l(t('parent'), comment_node_url(), NULL, NULL, "comment-$comment->cid");
Dries's avatar
Dries committed
733
  }
734

735
  if (node_comment_mode($comment->nid) == 2) {
736
    if (user_access('administer comments') && user_access('access administration pages')) {
737 738
      $links[] = l(t('delete'), "comment/delete/$comment->cid");
      $links[] = l(t('edit'), "comment/edit/$comment->cid");
739
      $links[] = l(t('reply'), "comment/reply/$comment->nid/$comment->cid");
740
    }
741 742
    else if (user_access('post comments')) {
      if (comment_access('edit', $comment)) {
743
        $links[] = l(t('edit'), "comment/edit/$comment->cid");
744
      }
745
      $links[] = l(t('reply'), "comment/reply/$comment->nid/$comment->cid");
Dries's avatar
Dries committed
746 747
    }
    else {
748
      $links[] = theme('comment_post_forbidden');
Dries's avatar
Dries committed
749
    }
Dries's avatar
Dries committed
750
  }
751

752
  if ($moderation = comment_moderation_form($comment)) {
753 754
    $links[] = $moderation;
  }
755

756
  return $links;
Dries's avatar
Dries committed
757 758
}

759
function comment_render($node, $cid = 0) {
760 761
  global $user;

762 763 764 765 766
  $mode = $_GET['mode'];
  $order = $_GET['order'];
  $threshold = $_GET['threshold'];
  $comments_per_page = $_GET['comments_per_page'];
  $comment_page = $_GET['comment_page'];
Dries's avatar
Dries committed
767

768
  $output = '';
Dries's avatar
Dries committed
769

770 771
  if (user_access('access comments')) {
    // Pre-process variables.
772
    $nid = $node->nid;
Dries's avatar
Dries committed
773 774
    if (empty($nid)) {
      $nid = 0;
Dries's avatar
Dries committed
775 776 777
    }

    if (empty($mode)) {
778
      $mode = $user->mode ? $user->mode : ($_SESSION['comment_mode'] ? $_SESSION['comment_mode'] : variable_get('comment_default_mode', 4));
Dries's avatar
Dries committed
779 780 781
    }

    if (empty($order)) {
782
      $order = $user->sort ? $user->sort : ($_SESSION['comment_sort'] ? $_SESSION['comment_sort'] : variable_get('comment_default_order', 1));
Dries's avatar
Dries committed
783 784
    }
    if (empty($threshold)) {
785
      $threshold = $user->threshold ? $user->threshold : ($_SESSION['comment_threshold'] ? $_SESSION['comment_threshold'] : variable_get('comment_default_threshold', 0));
Dries's avatar
Dries committed
786
    }
787
    $threshold_min = db_result(db_query('SELECT minimum FROM {moderation_filters} WHERE fid = %d', $threshold));
Dries's avatar
Dries committed
788

789
    if (empty($comments_per_page)) {
790
      $comments_per_page = $user->comments_per_page ? $user->comments_per_page : ($_SESSION['comment_comments_per_page'] ? $_SESSION['comment_comments_per_page'] : variable_get('comment_default_per_page', '50'));
791
    }
792

793
    $output .= "<a id=\"comment\"></a>\n";
Dries's avatar
Dries committed
794

Kjartan's avatar
Kjartan committed
795
    if ($cid) {
796
      // Single comment view.
797

798 799
      $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
      $output .= form_hidden('nid', $nid);
800

801
      $result = db_query('SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users', $cid, COMMENT_PUBLISHED);
802

Dries's avatar
Dries committed
803
      if ($comment = db_fetch_object($result)) {
804
        $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
Dries's avatar
Dries committed
805
        $output .= theme('comment_view', $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1)));
Dries's avatar
Dries committed
806
      }
807

808
      if ((comment_user_can_moderate($node)) && $user->uid != $comment->uid && !(comment_already_moderated($user->uid, $comment->users))) {
809
        $output .= '<div style="text-align: center;">'. form_submit(t('Moderate comment')) .'</div><br />';
810
      }
811
      $output .= '</div></form>';
812
    }
Dries's avatar
Dries committed
813
    else {
814
      // Multiple comment view
815

816
      $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d AND c.status = %d";
817

818
      $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
819

820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881
      /*
      ** We want to use the standard pager, but threads would need every
      ** comment to build the thread structure, so we need to store some
      ** extra info.
      **
      ** We use a "thread" field to store this extra info. The basic idea
      ** is to store a value and to order by that value. The "thread" field
      ** keeps this data in a way which is easy to update and convenient
      ** to use.
      **
      ** A "thread" value starts at "1". If we add a child (A) to this
      ** comment, we assign it a "thread" = "1.1". A child of (A) will have
      ** "1.1.1". Next brother of (A) will get "1.2". Next brother of the
      ** parent of (A) will get "2" and so on.
      **
      ** First of all note that the thread field stores the depth of the
      ** comment: depth 0 will be "X", depth 1 "X.X", depth 2 "X.X.X", etc.
      **
      ** Now to get the ordering right, consider this example:
      **
      ** 1
      ** 1.1
      ** 1.1.1
      ** 1.2
      ** 2
      **
      ** If we "ORDER BY thread ASC" we get the above result, and this is
      ** the natural order sorted by time.  However, if we "ORDER BY thread
      ** DESC" we get:
      **
      ** 2
      ** 1.2
      ** 1.1.1
      ** 1.1
      ** 1
      **
      ** Clearly, this is not a natural way to see a thread, and users
      ** will get confused. The natural order to show a thread by time
      ** desc would be:
      **
      ** 2
      ** 1
      ** 1.2
      ** 1.1
      ** 1.1.1
      **
      ** which is what we already did before the standard pager patch. To
      ** achieve this we simply add a "/" at the end of each "thread" value.
      ** This way out thread fields will look like depicted below:
      **
      ** 1/
      ** 1.1/
      ** 1.1.1/
      ** 1.2/
      ** 2/
      **
      ** we add "/" since this char is, in ASCII, higher than every number,
      ** so if now we "ORDER BY thread DESC" we get the correct order.  Try
      ** it, it works ;).  However this would spoil the "ORDER BY thread ASC"
      ** Here, we do not need to consider the trailing "/" so we use a
      ** substring only.
      */
882 883

      if ($order == 1) {
884
        if ($mode == 1 || $mode == 2) {
885
          $query .= ' ORDER BY c.timestamp DESC';
886 887
        }
        else {
888
          $query .= ' ORDER BY c.thread DESC';
889
        }
890
      }
891
      else if ($order == 2) {
892
        if ($mode == 1 || $mode == 2) {
893
          $query .= ' ORDER BY c.timestamp';
894 895 896 897 898 899 900 901 902
        }
        else {

          /*
          ** See comment above.  Analysis learns that this doesn't cost
          ** too much.  It scales much much better than having the whole
          ** comment structure.
          */

903
          $query .= ' ORDER BY SUBSTRING(c.thread, 1, (LENGTH(c.thread) - 1))';
904
        }
905 906
      }

907
      // Start a form, for use with comment control and moderation.
908
      $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = %d AND nid = %d", $nid, COMMENT_PUBLISHED);
909
      if (db_num_rows($result) && (variable_get('comment_controls', 3) == 0 || variable_get('comment_controls', 3) == 2)) {
910 911 912 913
        $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
        $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
        $output .= form_hidden('nid', $nid);
        $output .= '</div></form>';
Dries's avatar
Dries committed
914
      }
915

916 917
      $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
      $output .= form_hidden('nid', $nid);
918

919
      while ($comment = db_fetch_object($result)) {
920
        $comment = drupal_unpack($comment);
921
        $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
922
        $comment->depth = count(explode('.', $comment->thread)) - 1;
923

924
        if ($mode == 1) {
925
          $output .= theme('comment_flat_collapsed', $comment, $threshold_min);
926
        }
927
        else if ($mode == 2) {
928
          $output .= theme('comment_flat_expanded', $comment, $threshold_min);
Dries's avatar
Dries committed
929
        }
930
        else if ($mode == 3) {
931
          $output .= theme('comment_thread_min', $comment, $threshold_min);
932
        }
933
        else if ($mode == 4) {
934
          $output .= theme('comment_thread_max', $comment, $threshold_min);
935
        }
936
      }
Dries's avatar
Dries committed
937

938 939
      // Use the standard pager; $pager_total is the number of returned rows,
      // is global and defined in pager.inc.
940 941 942
      if ($pager = theme('pager', NULL, $comments_per_page, 0, array('comments_per_page' => $comments_per_page))) {
        $output .= $pager;
      }
Dries's avatar
Dries committed
943

944
      if (db_num_rows($result) && comment_user_can_moderate($node)) {
945
        $output .= '<div id="comment-moderation-button">'. form_submit(t('Moderate comments')) .'</div>';
946
      }
Dries's avatar
Dries committed
947

948
      $output .= '</div></form>';
Dries's avatar
Dries committed
949

950
      if (db_num_rows($result) && (variable_get('comment_controls', 3) == 1 || variable_get('comment_controls', 3) == 2)) {
951 952 953 954 955 956 957 958 959 960 961 962 963
        $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
        $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
        $output .= form_hidden('nid', $nid);
        $output .= '</div></form>';
      }
    }

    // If enabled, show new comment form.
    if (user_access('post comments') && node_comment_mode($nid) == 2 && variable_get('comment_form_location', 0)) {
      $output .= theme('comment_form', array('nid' => $nid), t('Post new comment'));
    }
  }
  return $output;
Dries's avatar
Dries committed
964 965
}

966

967 968 969
/**
 * Menu callback; delete a comment.
 */
Dries's avatar
Dries committed
970
function comment_delete($cid) {
971
  $comment = db_fetch_object(db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.cid = %d', $cid));
972
  $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
973

Dries's avatar
Dries committed
974
  $output = '';
975

976
  // We'll only delete if the user has confirmed the
Dries's avatar
Dries committed
977
  // deletion using the form in our else clause below.
978
  if ($comment->cid && $_POST['edit']['confirm']) {
979
    drupal_set_message(t('The comment and all its replies have been deleted.'));
980

Dries's avatar
Dries committed
981 982
    // Delete comment and its replies.
    _comment_delete_thread($comment);
Dries's avatar
Dries committed
983

984 985
    _comment_update_node_statistics($comment->nid);

986
    // Clear the cache so an anonymous user sees that his comment was deleted.
Dries's avatar
Dries committed
987
    cache_clear_all();
988

989 990
    drupal_goto("node/$comment->nid");
  }
Dries's avatar
Dries committed
991
  else if ($comment->cid) {
992
    $output = theme('confirm',
993
                    t('Are you sure you want to delete the comment %title?', array('%title' => theme('placeholder', $comment->subject))),
994 995 996
                    'node/'. $comment->nid,
                    t('Any replies to this comment will be lost. This action cannot be undone.'),
                    t('Delete'));