public function insert() { global $DB; global $website; $message = htmlentities($this->message, ENT_COMPAT, 'UTF-8', true); if (empty($this->date_created)) { $this->date_created = core_time(); } if (empty($this->ip)) { $this->ip = core_ip(); } $ok = $DB->execute(' INSERT INTO nv_comments ( id, website, item, user, name, email, url, ip, date_created, date_modified, last_modified_by, reply_to, status, message ) VALUES ( 0, :website, :item, :user, :name, :email, :url, :ip, :date_created, :date_modified, :last_modified_by, :reply_to, :status, :message) ', array(":website" => value_or_default($this->website, $website->id), ":item" => value_or_default($this->item, 0), ":user" => value_or_default($this->user, 0), ":name" => empty($this->name) ? "" : $this->name, ":email" => empty($this->email) ? "" : $this->email, ":url" => empty($this->url) ? "" : $this->url, ":ip" => $this->ip, ":date_created" => $this->date_created, ":date_modified" => 0, ":last_modified_by" => 0, ":reply_to" => value_or_default($this->reply_to, 0), ":status" => value_or_default($this->status, 0), ":message" => $message)); if (!$ok) { throw new Exception($DB->get_last_error()); } $this->id = $DB->get_last_id(); return true; }
function nvweb_comments($vars = array()) { global $website; global $DB; global $current; global $webgets; global $dictionary; global $webuser; global $theme; global $events; global $session; $webget = 'comments'; if (!isset($webgets[$webget])) { $webgets[$webget] = array(); global $lang; if (empty($lang)) { $lang = new language(); $lang->load($current['lang']); } // default translations $webgets[$webget]['translations'] = array('post_a_comment' => t(379, 'Post a comment'), 'name' => t(159, 'Name'), 'email' => t(44, 'E-Mail'), 'website' => t(177, 'Website'), 'message' => t(380, 'Message'), 'email_will_not_be_published' => t(381, 'E-Mail will not be published'), 'submit' => t(382, 'Submit'), 'sign_in_or_sign_up_to_post_a_comment' => t(383, 'Sign in or Sign up to post a comment'), 'comments_on_this_entry_are_closed' => t(384, 'Comments on this entry are closed'), 'please_dont_leave_any_field_blank' => t(385, 'Please don\'t leave any field blank'), 'your_comment_has_been_received_and_will_be_published_shortly' => t(386, 'Your comment has been received and will be published shortly'), 'new_comment' => t(387, 'New comment'), 'review_comments' => t(388, 'Review comments')); // theme translations // if the web theme has custom translations for this string subtypes, use it (for the user selected language) /* just add the following translations to your json theme dictionary: "post_a_comment": "Post a comment", "name": "Name", "email": "E-Mail", "website": "Website", "message": "Message", "email_will_not_be_published": "E-Mail will not be published", "submit": "Submit", "sign_in_or_sign_up_to_post_a_comment": "Sign in or Sign up to post a comment", "comments_on_this_entry_are_closed": "Comments on this entry are closed", "please_dont_leave_any_field_blank": "Please don't leave any field blank", "your_comment_has_been_received_and_will_be_published_shortly": "Your comment has been received and will be published shortly", "new_comment": "New comment", "review_comments": "Review comments" */ if (!empty($website->theme) && method_exists($theme, 't')) { foreach ($webgets[$webget]['translations'] as $code => $text) { $theme_translation = $theme->t($code); if (!empty($theme_translation) && $theme_translation != $code) { $webgets[$webget]['translations'][$code] = $theme_translation; } } } } // set default callback if (empty($vars['callback'])) { $vars['callback'] = 'alert'; } // check callback attributes $callback = $vars['callback']; if (!empty($vars['alert_callback'])) { $callback = $vars['alert_callback']; } else { if (!empty($vars['callback_alert'])) { $callback = $vars['callback_alert']; } } $callback_error = $callback; if (!empty($vars['error_callback'])) { $callback_error = $vars['error_callback']; } else { if (!empty($vars['callback_error'])) { $callback_error = $vars['callback_error']; } } $out = ''; // if the current page belongs to a structure entry // we need to get the associated elements to retrieve and post its comments // (because structure entry pages can't have associated comments) // so, ONLY the FIRST element associated to a category can have comments in a structure entry page // (of course if the element has its own page, it can have its own comments) $element = $current['object']; if ($current['type'] == 'structure') { if (empty($current['structure_elements'])) { $current['structure_elements'] = $element->elements(); } $element = $current['structure_elements'][0]; } switch (@$vars['mode']) { case 'process': if (isset($_GET['nv_approve_comment'])) { // process 1-click comment approval $comment = new comment(); $comment->load($_GET['id']); if (!empty($comment->id) && $comment->status == -1) { $hash = $_GET['hash']; if ($hash == sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails))) { // hash check passed $comment->status = 0; $comment->save(); $response = t(555, "Item has been successfully published."); if ($vars['notify'] == 'inline' || $callback == 'inline') { $out = '<div class="comment-success">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback . '("' . $response . '");'); } } } else { $response = t(344, "Security error"); if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-error">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback_error . '("' . $response . '");'); } } } } else { $response = t(56, "Unexpected error"); if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-error">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback_error . '("' . $response . '");'); } } } } if (isset($_GET['nv_remove_comment'])) { // process 1-click comment removal $comment = new comment(); $comment->load($_GET['id']); if (!empty($comment->id) && $comment->status == -1) { $hash = $_GET['hash']; if ($hash == sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails))) { // hash check passed $comment->delete(); $response = t(55, "Item successfully deleted"); if ($vars['notify'] == 'inline' || $callback == 'inline') { $out = '<div class="comment-success">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback . '("' . $response . '");'); } } } else { $response = t(344, "Security error"); if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-error">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback_error . '("' . $response . '");'); } } } } else { $response = t(56, "Unexpected error"); if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-error">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback_error . '("' . $response . '");'); } } } } if ($_REQUEST['form-type'] == 'comment-reply' || isset($_POST[$vars['field-message']])) { // add comment if (empty($vars['field-name'])) { $vars['field-name'] = 'reply-name'; } if (empty($vars['field-email'])) { $vars['field-email'] = 'reply-email'; } if (empty($vars['field-url'])) { $vars['field-url'] = 'reply-url'; } if (empty($vars['field-message'])) { $vars['field-message'] = 'reply-message'; } if (!empty($vars['element'])) { $element = $vars['element']; } $comment_name = @$_REQUEST[$vars['field-name']]; $comment_email = @$_REQUEST[$vars['field-email']]; $comment_url = @$_REQUEST[$vars['field-url']]; $comment_message = @$_REQUEST[$vars['field-message']]; if ((empty($comment_name) || empty($comment_email)) && empty($webuser->id) || empty($comment_message)) { $response = $webgets[$webget]['translations']['please_dont_leave_any_field_blank']; if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-error">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback_error . '("' . $response . '");'); } } return $out; } $status = -1; // new comment, not approved if (empty($element->comments_moderator)) { $status = 0; } // all comments auto-approved // remove any <nv /> or {{nv}} tag $comment_name = core_remove_nvtags($comment_name); $comment_name = strip_tags($comment_name); $comment_message = core_remove_nvtags($comment_message); $comment = new comment(); $comment->id = 0; $comment->website = $website->id; $comment->item = $element->id; $comment->user = empty($webuser->id) ? 0 : $webuser->id; $comment->name = $comment_name; $comment->email = filter_var($comment_email, FILTER_SANITIZE_EMAIL); $comment->url = filter_var($comment_url, FILTER_SANITIZE_URL); $comment->ip = core_ip(); $comment->date_created = core_time(); $comment->date_modified = 0; $comment->status = $status; $comment->message = $comment_message; $properties = array(); // check if there are comment properties values if (isset($vars['field-properties-prefix'])) { // check every possible property $e_properties = property::elements($element->template, 'comment'); for ($ep = 0; $ep < count($e_properties); $ep++) { if (isset($_POST[$vars['field-properties-prefix'] . $e_properties[$ep]->id])) { $properties[$e_properties[$ep]->id] = $_POST[$vars['field-properties-prefix'] . $e_properties[$ep]->id]; } } } // trigger the "new_comment" event through the extensions system before inserting it! $extensions_messages = $events->trigger('comment', 'before_insert', array('comment' => $comment, 'properties' => $properties)); foreach ($extensions_messages as $ext_name => $ext_result) { if (isset($ext_result['error'])) { $response = $ext_result['error']; if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-error">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback_error . '("' . $response . '");'); } } return $out; } } $comment->insert(); if (!empty($properties)) { property::save_properties_from_array('comment', $comment->id, $element->template, $properties); } // reload the element to retrieve the new comments $element = new item(); $element->load($comment->item); if ($current['type'] == 'item' && !isset($vars['element'])) { $current['object'] = $element; } // trigger the "new_comment" event through the extensions system $events->trigger('comment', 'after_insert', array('comment' => &$comment, 'properties' => $properties)); if (!empty($comment->id)) { if ($status == -1) { $response = $webgets[$webget]['translations']['your_comment_has_been_received_and_will_be_published_shortly']; if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-success">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback . '("' . $response . '");'); } } } else { $response = $webgets[$webget]['translations']['your_comment_has_been_received_and_will_be_published_shortly']; if ($vars['notify'] == 'inline' || $callback_error == 'inline') { $out = '<div class="comment-success">' . $response . '</div>'; } else { if (!isset($vars['notify']) || $vars['notify'] == 'callback') { nvweb_after_body("js", $callback . '("' . $response . '");'); } } } } $notify_addresses = $website->contact_emails; if (!empty($element->comments_moderator)) { $notify_addresses[] = user::email_of($element->comments_moderator); } $hash = sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails)); $base_url = nvweb_source_url('element', $element->id); // default colors $background_color = '#E5F1FF'; $text_color = '#595959'; $title_color = '#595959'; $background_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.background_color") . ' AND website = ' . protect($website->id), 'id DESC'); $text_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.text_color") . ' AND website = ' . protect($website->id), 'id DESC'); $title_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.titles_color") . ' AND website = ' . protect($website->id), 'id DESC'); if (!empty($background_color_db)) { $background_color = str_replace('"', '', $background_color_db); } if (!empty($text_color_db)) { $text_color = str_replace('"', '', $text_color_db); } if (!empty($title_color_db)) { $title_color = str_replace('"', '', $title_color_db); } $message = navigate_compose_email(array(array('title' => t(9, 'Content'), 'content' => $element->dictionary[$current['lang']]['title']), array('title' => $webgets[$webget]['translations']['name'], 'content' => $comment_name . @$webuser->username), array('title' => $webgets[$webget]['translations']['email'], 'content' => $comment_email . @$webuser->email), array('title' => $webgets[$webget]['translations']['website'], 'content' => $comment_url . @$webuser->social_website), array('title' => $webgets[$webget]['translations']['message'], 'content' => nl2br($comment_message)), array('footer' => '<a href="' . NAVIGATE_URL . '/' . NAVIGATE_MAIN . '?wid=' . $website->id . '&fid=10&act=2&tab=5&id=' . $element->id . '"><strong>' . $webgets[$webget]['translations']['review_comments'] . '</strong></a>' . ' | ' . '<a style=" color: #008830" href="' . $base_url . '?nv_approve_comment&id=' . $comment->id . '&hash=' . $hash . '">' . t(258, "Publish") . '</a>' . ' | ' . '<a style=" color: #FF0090" href="' . $base_url . '?nv_remove_comment&id=' . $comment->id . '&hash=' . $hash . '">' . t(525, "Remove comment (without confirmation)") . '</a>')), array('background' => $background_color, 'title-color' => $title_color, 'content-color' => $text_color)); // trying to implement One-Click actions (used in Google GMail) // You need to be registered with Google first: https://developers.google.com/gmail/markup/registering-with-google $one_click_actions = ' <script type="application/ld+json"> { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "name": "' . $webgets[$webget]['translations']['review_comments'] . '", "url": "' . NAVIGATE_URL . '/' . NAVIGATE_MAIN . '?wid=' . $website->id . '&fid=10&act=2&tab=5&id=' . $element->id . '" } } </script> '; $message = '<html><head>' . $one_click_actions . '</head><body>' . $message . '</body></html>'; foreach ($website->contact_emails as $contact_address) { @nvweb_send_email($website->name . ' | ' . $webgets[$webget]['translations']['new_comment'], $message, $contact_address, null, true); } } break; case 'reply': if ($element->comments_enabled_to == 2 && empty($webuser->id)) { // Post a comment form (unsigned users) $out = ' <div class="comments-reply"> <div><div class="comments-reply-info">' . $webgets[$webget]['translations']['post_a_comment'] . '</div></div> <br /> <form action="' . NVWEB_ABSOLUTE . '/' . $current['route'] . '" method="post"> <input type="hidden" name="form-type" value="comment-reply" /> <div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['name'] . '</label> <input type="text" name="reply-name" value="" /></div> <div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['email'] . ' *</label> <input type="text" name="reply-email" value="" /></div> <div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['message'] . '</label> <textarea name="reply-message"></textarea></div> <!-- {{navigate-comments-reply-extra-fields-placeholder}} --> <div class="comments-reply-field comments-reply-field-info-email"><label> </label> * ' . $webgets[$webget]['translations']['email_will_not_be_published'] . '</div> <div class="comments-reply-field comments-reply-field-submit"><input class="comments-reply-submit" type="submit" value="' . $webgets[$webget]['translations']['submit'] . '" /></div> </form> </div> '; $extensions_messages = $events->trigger('comment', 'reply_extra_fields', array('html' => &$out)); // add any extra field generated if (!empty($extensions_messages)) { $extra_fields = array_map(function ($v) { return $v; }, array_values($extensions_messages)); $out = str_replace('<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->', implode("\n", $extra_fields), $out); } } else { if ($element->comments_enabled_to > 0 && !empty($webuser->id)) { // Post a comment form (signed in users) if (empty($vars['avatar_size'])) { $vars['avatar_size'] = 32; } $avatar_url = NVWEB_OBJECT . '?type=blank'; if (!empty($webuser->avatar)) { $avatar_url = NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $webuser->avatar . '&disposition=inline&width=' . $vars['avatar_size'] . '&height=' . $vars['avatar_size']; } $out = ' <div class="comments-reply"> <div><div class="comments-reply-info">' . $webgets[$webget]['translations']['post_a_comment'] . '</div></div> <br /> <form action="' . NVWEB_ABSOLUTE . '/' . $current['route'] . '" method="post"> <input type="hidden" name="form-type" value="comment-reply" /> <div class="comments-reply-field"><label style="display: none;"> </label> <img src="' . $avatar_url . '" width="' . $vars['avatar_size'] . '" height="' . $vars['avatar_size'] . '" align="absmiddle" /> <span class="comments-reply-username">' . $webuser->username . '</span><a class="comments-reply-signout" href="?webuser_signout">(x)</a></div> <br /> <div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['message'] . '</label> <textarea name="reply-message"></textarea></div> <!-- {{navigate-comments-reply-extra-fields-placeholder}} --> <div class="comments-reply-field-submit"><input class="comments-reply-submit" type="submit" value="' . $webgets[$webget]['translations']['submit'] . '" /></div> </form> </div> '; $extensions_messages = $events->trigger('comment', 'reply_extra_fields', array('html' => $out)); // add any extra field generated if (!empty($extensions_messages)) { $extra_fields = array_map(function ($v) { return $v; }, array_values($extensions_messages)); $out = str_replace('<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->', implode("\n", $extra_fields), $out); } } else { if ($element->comments_enabled_to == 1) { $out = '<div class="comments-reply"> <div class="comments-reply-info">' . $webgets[$webget]['translations']['sign_in_or_sign_up_to_post_a_comment'] . '</div> </div>'; } else { $out = '<div class="comments-reply"> <div class="comments-reply-info">' . $webgets[$webget]['translations']['comments_on_this_entry_are_closed'] . '</div> </div>'; } } } break; case 'comments': setlocale(LC_ALL, $website->languages[$session['lang']]['system_locale']); list($comments, $comments_total) = nvweb_comments_list(0, NULL, NULL, $vars['order']); // get all comments of the current entry if (empty($vars['avatar_size'])) { $vars['avatar_size'] = '48'; } if (empty($vars['date_format'])) { $vars['date_format'] = '%d %B %Y %H:%M'; } for ($c = 0; $c < $comments_total; $c++) { $avatar = $comments[$c]->avatar; if (!empty($avatar)) { $avatar = '<img src="' . NVWEB_OBJECT . '?type=image&id=' . $avatar . '" width="' . $vars['avatar_size'] . 'px" height="' . $vars['avatar_size'] . 'px"/>'; } else { $avatar = '<img src="data:image/gif;base64,R0lGODlhAQABAPAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" width="' . $vars['avatar_size'] . 'px" height="' . $vars['avatar_size'] . 'px"/>'; } $comment = new comment(); $comment->load_from_resultset(array($comments[$c])); $depth = 'data-depth="' . $comment->depth() . '"'; $out .= ' <div class="comment"' . $depth . '> <div class="comment-avatar">' . $avatar . '</div> <div class="comment-username">' . (!empty($comments[$c]->username) ? $comments[$c]->username : $comments[$c]->name) . '</div> <div class="comment-date">' . Encoding::toUTF8(strftime($vars['date_format'], $comments[$c]->date_created)) . '</div> <div class="comment-message">' . nl2br($comments[$c]->message) . '</div> <div style="clear:both"></div> </div> '; } break; } return $out; }