$host = $aSet['websitehost'];
ini_set('SMTP', $smtp);
ini_set('smtp_port', $port);
ini_set('sendmail_from', $email_send);
// Filtering $_GET et $_POST variables
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$cat = filter_input(INPUT_GET, 'cat', FILTER_SANITIZE_NUMBER_INT);
$new = filter_input(INPUT_GET, 'new', FILTER_SANITIZE_STRING);
$rep = filter_input(INPUT_GET, 'rep', FILTER_SANITIZE_STRING);
// $_POST variables
$nom = filter_input(INPUT_POST, 'nom', FILTER_SANITIZE_STRING);
$mail = filter_input(INPUT_POST, 'mail', FILTER_SANITIZE_URL);
$siteweb = filter_input(INPUT_POST, 'siteweb', FILTER_SANITIZE_URL);
$contenu = filter_input(INPUT_POST, 'contenu', FILTER_SANITIZE_STRING);
$oMetaArt = new Articles();
$oUtil = new Utilitaires();
// Meta-data
if (isset($id)) {
$aMetaData = $oMetaArt->ReadMetaData($_GET['id']);
$oUtil->DisplayPageMetaData($aMetaData['titre_art'], $aMetaData['resum_art'], $aMetaData['keywords_art']);
unset($oMetaArt);
unset($oUtil);
} elseif (!isset($_GET['id'])) {
$oUtil->DisplayPageMetaData('Présentation des articles', 'Description de la page', 'php, html, css, Mysql');
}
?>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
/**
* Recording a comment or response (a new message or a reply to a comment)
* Insert into 'blog_comments' or 'blog_reply'
*
* @param string $nom name commentator
* @param string $mail email
* @param string $siteweb
* @param string $contents The contents
* @param int $id The id of the article (for comment) OR the id of the comment (for reply to a comment)
* @param string $type_comm 'new'=>comment case ; 'rep'=>answer case
**/
public function RecordNewComm($nom, $mail, $siteweb, $contents, $id, $type_comm, $aMsg, $host)
{
//Filtering data type $_POST
$aPost = array('nom' => $nom, 'mail' => $mail, 'web' => $siteweb, 'contenu' => $contents, 'id' => $id);
$sFiltres = array('nom' => FILTER_SANITIZE_STRING, 'mail' => FILTER_VALIDATE_EMAIL, 'web' => FILTER_SANITIZE_STRING, 'contenu' => FILTER_SANITIZE_STRING, 'id' => FILTER_VALIDATE_INT);
$aDataclean = filter_var_array($aPost, $sFiltres);
$nom = $aDataclean['nom'];
$mail = $aDataclean['mail'];
$siteweb = $aDataclean['web'];
$contents = $aDataclean['contenu'];
$id = $aDataclean['id'];
$id_art = (int) $_GET['id'];
//end filtering
//Checking if comments are controlled
$result = SPDO::getInstance()->query('select * from blog_config');
$aConfig = $result->fetch(PDO::FETCH_ASSOC);
$ctr_comm = $aConfig['control_comm'];
date_default_timezone_set('Europe/Paris');
$dDateJour = date('Y-m-d H:i:s');
$iValid = 0;
// By default, the comment is validated.
$sNomInputImg = 'imagefichier';
if ($_FILES['imagefichier']['name'] != '') {
$max_width = 50;
$max_height = 50;
$oImg = new Images();
$image = $oImg->Redim($sNomInputImg, $max_width, $max_height);
$typeimg = $image['type_image'];
$img = $image['ressource_img'];
} else {
$img = null;
$typeimg = null;
}
// Construction of the insert query based on whether it is a new message or reply.
if ($type_comm == 'new') {
$sReq = "INSERT INTO blog_comments (date_com, nom_com, email_com, siteweb_com, texte_com, valid_com, id_art, photo_com, photo_type, ctrl_aff) ";
$sReq .= "VALUES (:datej, :nom, :mail, :web, :txt, :valid, :id, :photo, :type_photo, :ctrl_aff)";
} elseif ($type_comm == 'rep') {
// Determination of "ref_rep" (itself a response to an initial comment or reply to another answer)
if (isset($_POST['ref_rep'])) {
// Answers already given a reply
$ref = $_POST['ref_rep'];
//sarch ref_rep tu use for a new answer.
for ($i = 1; $i < 100; $i++) {
$reqCount = 'select count(id_rep) from blog_reply where id_commentaire=' . $id . ' and ref_rep=' . $ref . $i;
$pRes = SPDO::getInstance()->query($reqCount);
$iNum = $pRes->fetchAll();
$iNum = $iNum[0][0];
if ($iNum == 0) {
$ref_rep = (int) $ref . $i;
break;
}
}
} else {
//Answer to a initial comment. So "ref_rep" is next id
//$id is id_com
$iNbrRep = SPDO::getInstance()->query('select count(id_rep) from blog_reply where id_commentaire=' . $id);
$ref_rep = $iNbrRep->fetchAll();
$ref_rep = (int) $ref_rep[0][0];
}
$sReq = "INSERT INTO blog_reply (date_rep, nom_rep, email_rep, siteweb_rep, texte_rep, valid_rep, id_commentaire, ref_rep, photo_rep, photo_type, ctrl_aff) ";
$sReq .= "VALUES (:datej, :nom, :mail, :web, :txt, :valid, :id, :ref_rep, :photo, :type_photo, :ctrl_aff)";
}
// Insert query execution
$notype = PDO::PARAM_STR;
$aBindVar = array(array('type' => $notype, ':datej' => $dDateJour), array('type' => $notype, ':nom' => $nom), array('type' => $notype, ':mail' => $mail), array('type' => $notype, ':web' => $siteweb), array('type' => $notype, ':txt' => $contents), array('type' => $notype, ':valid' => $iValid), array('type' => $notype, ':id' => $id), array('type' => PDO::PARAM_LOB, ':photo' => $img), array('type' => $notype, ':type_photo' => $typeimg), array('type' => $notype, ':ctrl_aff' => $ctr_comm));
if ($type_comm == 'rep') {
array_push($aBindVar, array('type' => $notype, ':ref_rep' => $ref_rep));
}
$resultOK = $this->executeDbQuery($sReq, $aBindVar, '', '', false);
unset($oImg);
// Message according comments control
if ($resultOK) {
if ($ctr_comm == 1) {
//If comment control => send an email
$MsgAlert = $aMsg[Admin::$lang]['msg_comments_ctrl'];
$this->DisplayAlert('success', $aMsg[Admin::$lang]['msg_confirm'], $MsgAlert, "blog.php?id={$id_art}");
$this->ReadBlogConfig();
$obj = $this->mail_obj;
$from_name = $this->name_exp;
$from_adr = $this->mail_exp;
$replay_name = '';
$replay_adr = '';
// Insert token into mail
date_default_timezone_set('Europe/Paris');
$sJeton = md5(uniqid(rand(), true)) . date('YmdHis');
if ($type_comm == 'new') {
// Determination of id_com (newly created)
$query = SPDO::getInstance()->query('select max(id_com) as id_com from blog_comments');
$result = $query->fetchAll();
$id = $result[0]['id_com'];
$sLien = "{$host}/valid_comm.php?com={$id}&t={$sJeton}";
} elseif ($type_comm == 'rep') {
// Determination of id_rep (newly created)
$query = SPDO::getInstance()->query('select max(id_rep) as id_rep from blog_reply');
$result = $query->fetchAll();
$id = $result[0]['id_rep'];
$sLien = "{$host}/valid_comm.php?rep={$id}&t={$sJeton}";
}
// Content Construction : Replacement 'VALID' into link
$sLink = "<a href='{$sLien}'>" . $aMsg[Admin::$lang]['msg_publish_confirm'] . '</a>';
$mail_txt = $this->mail_txt;
$pos = strpos($mail_txt, 'VALID');
$mail_exp = str_replace('VALID', $sLink, $mail_txt);
// Token register
if ($type_comm == 'new') {
$this->RecordTokenComment($id, 'com', $sJeton);
} elseif ($type_comm == 'rep') {
$this->RecordTokenComment($id, 'rep', $sJeton);
}
// Send email
$oUtil = new Utilitaires();
$bSendOK = $oUtil->sendEmail($mail, $obj, nl2br($mail_exp), $from_name, $from_adr, $replay_name, $replay_adr);
//echo "mail : $mail / from_name : $from_name / from_adr : $from_adr";
if (!$bSendOK) {
$this->DisplayAlert('danger', $aMsg[Admin::$lang]['msg_conf_not_send'], '', "blog.php?id={$id_art}");
}
} elseif ($ctr_comm == 0) {
$this->DisplayAlert('success', $aMsg[Admin::$lang]['msg_thank_comment'], '', "blog.php?id={$id_art}");
}
}
}
