page_open(array('sess' => 'SourceAgency_Session'));
if (isset($auth) && !empty($auth->auth['perm'])) {
page_close();
page_open(array('sess' => 'SourceAgency_Session', 'auth' => 'SourceAgency_Auth', 'perm' => 'SourceAgency_Perm'));
}
require 'include/header.inc';
require 'include/commentslib.inc';
$bx = new box('80%', $th_box_frame_color, $th_box_frame_width, $th_box_title_bgcolor, $th_box_title_font_color, $th_box_title_align, $th_box_body_bgcolor, $th_box_body_font_color, $th_box_body_align);
start_content();
$page = 'comments_edit';
if (check_permission($proid, $page)) {
top_bar($proid, $page);
if (is_not_set_or_empty($type)) {
$type = 'General';
}
if (is_not_set_or_empty($number)) {
$number = 0;
}
print $t->translate('General comments can be posted') . ' ' . $t->translate('by registered users of the system') . ".\n<br><p>\n";
if (is_not_set_or_empty($submit)) {
if (is_set_and_not_empty($preview)) {
comments_preview($proid);
}
comments_form($proid);
} else {
comments_insert($proid, $auth->auth['uname'], $type, $number, $ref, $subject, $text);
}
}
end_content();
require 'include/footer.inc';
@page_close();
function run()
{
global $user;
global $layout;
global $DB;
global $website;
$out = '';
$item = new comment();
switch ($_REQUEST['act']) {
case 'json':
case 1:
// json data retrieval & operations
switch ($_REQUEST['oper']) {
case 'del':
// remove rows
$ids = $_REQUEST['ids'];
foreach ($ids as $id) {
$item->load($id);
$item->delete();
}
echo json_encode(true);
break;
default:
// list or search
$page = intval($_REQUEST['page']);
$max = intval($_REQUEST['rows']);
$offset = ($page - 1) * $max;
$orderby = $_REQUEST['sidx'] . ' ' . $_REQUEST['sord'];
$where = ' website = ' . $website->id;
if ($_REQUEST['_search'] == 'true' || isset($_REQUEST['quicksearch'])) {
if (isset($_REQUEST['quicksearch'])) {
$where .= $item->quicksearch($_REQUEST['quicksearch']);
} else {
if (isset($_REQUEST['filters'])) {
$where .= navitable::jqgridsearch($_REQUEST['filters']);
} else {
// single search
$where .= ' AND ' . navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']);
}
}
}
$DB->queryLimit('id,item,user,email,date_created,status,message', 'nv_comments', $where, $orderby, $offset, $max);
$dataset = $DB->result();
$total = $DB->foundRows();
//echo $DB->get_last_error();
$out = array();
$permissions = array(-1 => '<img src="img/icons/silk/new.png" align="absmiddle" /> ' . t(257, 'To review'), 0 => '<img src="img/icons/silk/world.png" align="absmiddle" /> ' . t(64, 'Published'), 1 => '<img src="img/icons/silk/world_dawn.png" align="absmiddle" /> ' . t(251, 'Private'), 2 => '<img src="img/icons/silk/world_night.png" align="absmiddle" /> ' . t(181, 'Hidden'), 3 => '<img src="img/icons/silk/error.png" align="absmiddle" /> ' . t(466, 'Spam'));
for ($i = 0; $i < count($dataset); $i++) {
if (empty($dataset[$i])) {
continue;
}
// retrieve webuser name
$webuser = $DB->query_single('username', 'nv_webusers', ' id = ' . $dataset[$i]['user']);
// retrieve item title
$item = new item();
$item->load($dataset[$i]['item']);
$title = $item->dictionary[$website->languages_list[0]]['title'];
$message = core_string_clean($dataset[$i]['message']);
$message = core_string_cut($message, 60, '…');
$out[$i] = array(0 => $dataset[$i]['id'], 1 => $title, 2 => core_ts2date($dataset[$i]['date_created'], true), 3 => empty($dataset[$i]['user']) ? $dataset[$i]['email'] : $webuser, 4 => strip_tags($message), 5 => $permissions[$dataset[$i]['status']]);
}
navitable::jqgridJson($out, $page, $offset, $max, $total);
break;
}
session_write_close();
exit;
break;
case 2:
// edit/new form
// edit/new form
case 'edit':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
}
if (isset($_REQUEST['form-sent'])) {
$item->load_from_post();
try {
$item->save();
property::save_properties_from_post('comment', $item->id);
$layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check');
} catch (Exception $e) {
$layout->navigate_notification($e->getMessage(), true, true);
}
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'save', $item->name, json_encode($_REQUEST));
}
} else {
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'load', $item->name);
}
}
$out = comments_form($item);
break;
case 4:
// remove
// remove
case 'remove':
if (!empty($_REQUEST['id'])) {
$item->load(intval($_REQUEST['id']));
if ($item->delete() > 0) {
$layout->navigate_notification(t(55, 'Item removed successfully.'), false);
$out = comments_list();
if (!empty($item->id)) {
users_log::action($_REQUEST['fid'], $item->id, 'remove', $item->name, json_encode($_REQUEST));
}
} else {
$layout->navigate_notification(t(56, 'Unexpected error.'), false);
$out = comments_form($item);
}
}
break;
case 'remove_spam':
$count = comment::remove_spam();
$layout->navigate_notification(t(524, 'Items removed successfully') . ': <strong>' . $count . '</strong>', false);
$out = comments_list();
users_log::action($_REQUEST['fid'], $website->id, 'remove_spam', "", json_encode($_REQUEST));
break;
case 'json_find_webuser':
// json find webuser by name (for "user" autocomplete)
$DB->query('SELECT id, username as text
FROM nv_webusers
WHERE username LIKE ' . protect('%' . $_REQUEST['username'] . '%') . '
ORDER BY username ASC
LIMIT 30', 'array');
$rows = $DB->result();
$total = $DB->foundRows();
echo json_encode(array('items' => $rows, 'totalCount' => $total));
core_terminate();
break;
case 'json_find_comment':
// json find comment by text search (for "in reply to" autocomplete)
$DB->query('SELECT c.id, c.date_created, c.name, u.username, c.message
FROM nv_comments c
LEFT JOIN nv_webusers u ON c.user = u.id
WHERE
c.website = ' . $website->id . ' AND
c.item = ' . $_REQUEST['node_id'] . ' AND
c.date_created <= ' . $_REQUEST['maxdate'] . ' AND
c.id <> ' . $_REQUEST['exclude'] . ' AND
( c.name LIKE ' . protect('%' . $_REQUEST['search'] . '%') . ' OR
c.message LIKE ' . protect('%' . $_REQUEST['search'] . '%') . ' OR
u.username LIKE ' . protect('%' . $_REQUEST['search'] . '%') . '
)
ORDER BY c.date_created DESC
LIMIT 30', 'array');
$rows = $DB->result();
$total = $DB->foundRows();
for ($r = 0; $r < count($rows); $r++) {
$rows[$r]['text'] = '<span title="' . core_string_cut($rows[$r]['message'], 100) . '"><i class="fa fa-user"></i> ' . $rows[$r]['name'] . $rows[$r]['username'] . ' <i class="fa fa-clock-o"></i> ' . core_ts2date($rows[$r]['date_created'], true) . '</span>';
}
echo json_encode(array('items' => $rows, 'totalCount' => $total));
core_terminate();
break;
case 91:
// json search title request (for "item" autocomplete)
$DB->query('SELECT DISTINCT node_id as id, text as label, text as value
FROM nv_webdictionary
WHERE node_type = "item"
AND subtype = "title"
AND website = ' . $website->id . '
AND text LIKE ' . protect('%' . $_REQUEST['title'] . '%') . '
ORDER BY text ASC
LIMIT 30', 'array');
// AND lang = '.protect($_REQUEST['lang']).'
echo json_encode($DB->result());
session_write_close();
exit;
break;
case 0:
// list / search result
// list / search result
default:
$out = comments_list();
break;
}
return $out;
}