function get_votes_from_thread($thread_id) { $retour = array("pro_votes" => 0, "against_votes" => 0, "choice" => 0); $rights = user_privilege_level(); if ($rights > 1) { if ($rights > 2) { // Vaut-il mieux faire porter la charge sur le serveur SQL en utilisant deux requ�tes dont une v�rifiant les hashs, ou sur ecole.org en effectuant les v�rifications dans la boucle PHP ? $result = @mysql_query(sprintf("SELECT vote_id,rand_prop,hash_prop,vote FROM vote WHERE thread_id='%s'", mysql_real_escape_string($thread_id))); if ($result) { while ($row = mysql_fetch_assoc($result)) { if ($row["vote"] == 1) { $retour["pro_votes"]++; if (check_property($row["rand_prop"], $row["hash_prop"])) { $retour["choice"] = $row["vote_id"]; // On note un vote pour et l'ID du vote } } elseif ($row["vote"] == 0) { $retour["against_votes"]++; if (check_property($row["rand_prop"], $row["hash_prop"])) { $retour["choice"] = -1 * $row["vote_id"]; // On note un vote contre et l'ID du vote } } } @mysql_free_result($result); } else { $retour["pro_votes"] = -1; $retour["against_votes"] = -1; } } else { $result = @mysql_query(sprintf("SELECT SUM(vote) AS pro_vote, count(vote) AS total_vote FROM vote WHERE thread_id='%s'", mysql_real_escape_string($thread_id))); if ($result && ($row = mysql_fetch_assoc($result))) { if (!isset($row["pro_vote"])) { $row["pro_vote"] = 0; } if (!isset($row["total_vote"])) { $row["total_vote"] = 0; } $retour["pro_votes"] = $row["pro_vote"]; $retour["against_votes"] = $row["total_vote"] - $row["pro_vote"]; @mysql_free_result($result); } else { $retour["pro_votes"] = -1; $retour["against_votes"] = -1; } } } else { $retour["pro_votes"] = -1; $retour["against_votes"] = -1; } return $retour; }
function display_post() { $privileges = user_privilege_level(); if ($privileges > 1) { // Titre et messages éventuels echo '<h1>Consultation des propositions :</h1> <h2>Pour voter, il faut s\'inscrire <a href="index.php?action=create_account" title="inscription">ICI</a></h2>'; if (isset($_SESSION['transient_display'])) { echo $_SESSION['transient_display']; unset($_SESSION['transient_display']); } // ******************************************************************* // // Formulaire pour gérer le filtrage/l'ordonnancement des propositions // // ******************************************************************* // // Menu de sélection des idées $tail = '<div class="enlarge_lowresol"> <form method="post" action="?action=post_filter_change"> <table class="tab_form_close"> <tr>'; // Choix de catégorie $tail .= '<td> Catégorie : </td> <td> <select name="category_filter"> <option value="0">Toutes</option>'; $result = @mysql_query("SELECT category_id,category_name FROM thread_category"); // Menu déroulant de choix de catégorie en fonction de ce qui est disponible en base if ($result) { while ($row = mysql_fetch_assoc($result)) { if (isset($_SESSION["thread_category_filter"]) && $row["category_id"] == $_SESSION["thread_category_filter"]) { $tail .= '<option value="' . htmlentities($row["category_id"]) . '" selected="selected">' . htmlentities($row["category_name"]) . '</option>'; } else { $tail .= '<option value="' . htmlentities($row["category_id"]) . '">' . htmlentities($row["category_name"]) . '</option>'; } } @mysql_free_result($result); } $tail .= '</select></td>'; // Menu de filtrage pour les utilisateurs loggés if (is_logged()) { $tail .= '<td> Filtre : </td> <td> <select name="admin_filter"> <option value="0">Aucun</option>'; if ($privileges > 3) { if (isset($_SESSION["thread_admin_filter"])) { switch ($_SESSION["thread_admin_filter"]) { case 1: $tail .= '<option value="1" selected="selected">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; break; case 2: $tail .= '<option value="1">Mes propositions</option><option value="2" selected="selected">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; break; case 3: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3" selected="selected">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; break; case 4: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4" selected="selected">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; break; case 5: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5" selected="selected">Commentaires non modérés</option>'; break; default: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; } } else { $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; } } else { if (isset($_SESSION["thread_admin_filter"])) { switch ($_SESSION["thread_admin_filter"]) { case 1: $tail .= '<option value="1" selected="selected">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; break; case 2: $tail .= '<option value="1">Mes propositions</option><option value="2" selected="selected">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; break; case 3: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3" selected="selected">Propositions sans mon vote</option>'; break; default: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; } } else { $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; } } $tail .= '</select></td>'; } // Menu pour le tri des résultats if (isset($_SESSION["thread_ordering"])) { if (isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 5) { $tail .= '<td> Trier par : </td> <td> <select name="sorting" disabled="disabled"> <option value="1" selected="selected">Date</option><option value="2">Nombre de votes favorables</option><option value="3">Proportion de votes favorables</option><option value="4">Nombre total de votes</option>"'; } else { $tail .= '<td> Trier par : </td> <td> <select name="sorting">'; switch ($_SESSION["thread_ordering"]) { case 1: $tail .= "<option value=\"1\" selected=\"selected\">Date</option><option value=\"2\">Nombre de votes favorables</option><option value=\"3\">Proportion de votes favorables</option><option value=\"4\">Nombre total de votes</option>"; break; case 2: $tail .= "<option value=\"1\">Date</option><option value=\"2\" selected=\"selected\">Nombre de votes favorables</option><option value=\"3\">Proportion de votes favorables</option><option value=\"4\">Nombre total de votes</option>"; break; case 3: $tail .= "<option value=\"1\">Date</option><option value=\"2\">Nombre de votes favorables</option><option value=\"3\" selected=\"selected\">Proportion de votes favorables</option><option value=\"4\">Nombre total de votes</option>"; break; case 4: $tail .= "<option value=\"1\">Date</option><option value=\"2\">Nombre de votes favorables</option><option value=\"3\">Proportion de votes favorables</option><option value=\"4\" selected=\"selected\">Nombre total de votes</option>"; break; default: $tail .= "<option value=\"1\">Date</option><option value=\"2\">Nombre de votes favorables</option><option value=\"3\">Proportion de votes favorables</option><option value=\"4\">Nombre total de votes</option>"; } } } else { if (isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 4) { $tail .= '<td> Trier par : </td> <td> <select name="sorting" disabled="disabled"> <option value="1">Date</option><option value="2">Nombre de votes favorables</option><option value="3">Proportion de votes favorables</option><option value="4">Nombre total de votes</option>"'; } else { $tail .= '<td> Trier par : </td> <td> <select name="sorting"> <option value="1">Date</option><option value="2">Nombre de votes favorables</option><option value="3">Proportion de votes favorables</option><option value="4">Nombre total de votes</option>'; } } echo $tail . ' </select> </td> <td> <input type="hidden" name="form_name" value="thread_display_param" /> </td> <td> <input type="submit" value="Valider" /> </td> </tr> </table> </form></div>'; $is_admin = $privileges > 3; // ****************************************************************************** // // Affichage des résultats selon les paramètres définis dans les menus précédents // // ****************************************************************************** // if (isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 5) { affichage_comments(-1, true); // Affichage "brutal" des commentaires confié à une autre fonction } else { $current_mod = isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 4; // Mode modération $vote_filt = isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 3; // Filtrage selon les votes // ************************************************************ // // Construction de la requête de rappatriement des propositions // // ************************************************************ // $recherche = "(T.text LIKE '%" . mysql_real_escape_string($_SESSION['thread_admin_recherche']) . "%' OR T.title LIKE '%" . mysql_real_escape_string($_SESSION['thread_admin_recherche']) . "%') AND"; // Requête de base (deux parties pour prendre en comptes les propositions sans votes) $query_p1 = "(SELECT T.thread_id, T.rand_prop, T.hash_prop, T.title, T.text, T.date, T.is_valid, T.possibly_name, T.already_mod, G.category_name,\n\t\t\t\t\tSUM(V.vote) AS pro_vote, COUNT(V.vote) AS total_vote\n\t\t\t\t\tFROM thread T, thread_category G, vote V\n\t\t\t\t\tWHERE " . $recherche . " V.thread_id=T.thread_id AND G.category_id=T.category"; $query_p2 = "(SELECT T.thread_id, T.rand_prop, T.hash_prop, T.title, T.text, T.date, T.is_valid, T.possibly_name, T.already_mod, G.category_name,\n\t\t\t\t\t0 AS pro_vote, 0 AS total_vote\n\t\t\t\t\tFROM thread T, thread_category G\n\t\t\t\t\tWHERE " . $recherche . " T.thread_id <> ALL (SELECT thread_id FROM vote) AND G.category_id=T.category"; $query_count = "SELECT COUNT(T.thread_id) AS NUM_RES FROM thread T, thread_category G WHERE G.category_id=T.category"; // Requête à part pour déterminer préalablement le nombre de résultats if (isset($_SESSION["thread_admin_filter"])) { switch ($_SESSION["thread_admin_filter"]) { case 0: // Aucune contrainte si ce n'est une question de droits d'affichage if (is_logged()) { if (!$is_admin) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 1: // Posts propriétaires if (is_logged()) { $query_p1 .= sprintf(" AND (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop)", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop)", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop)", mysql_real_escape_string($_SESSION['login_c'])); } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 2: // Posts commentés if (is_logged()) { $query_p1 .= sprintf(" AND T.thread_id IN (SELECT DISTINCT thread_id FROM comment WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND T.thread_id IN (SELECT DISTINCT thread_id FROM comment WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND T.thread_id IN (SELECT DISTINCT thread_id FROM comment WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); if (!$is_admin) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 3: // Posts pour lesquels je n'ai pas voté if (is_logged()) { $query_p1 .= sprintf(" AND T.thread_id NOT IN (SELECT DISTINCT thread_id FROM vote WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND T.thread_id NOT IN (SELECT DISTINCT thread_id FROM vote WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND T.thread_id NOT IN (SELECT DISTINCT thread_id FROM vote WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); if (!$is_admin) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 4: // Propositions non modérées if ($is_admin) { $query_p1 .= " AND T.already_mod=0"; $query_p2 .= " AND T.already_mod=0"; $query_count .= " AND T.already_mod=0"; } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; default: // Dans le doute $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } } else { if (!$is_admin) { if (is_logged()) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } else { $query_p1 .= " AND T.is_valid=1"; $query_p2 .= " AND T.is_valid=1"; $query_count .= " AND T.is_valid=1"; } } } // Filtrage éventuel selon la catégorie if (isset($_SESSION["thread_category_filter"]) && $_SESSION["thread_category_filter"] > 0) { $category_searched = mysql_real_escape_string($_SESSION["thread_category_filter"]); $query_p1 .= " AND T.category={$category_searched}"; $query_p2 .= " AND T.category={$category_searched}"; $query_count .= " AND T.category={$category_searched}"; } // Regroupement propositions avec/sans votes $query = $query_p1 . ' GROUP BY T.thread_id, T.rand_prop, T.hash_prop, T.title, T.text, T.date, T.is_valid, T.possibly_name, G.category_name) UNION ' . $query_p2 . ')'; // Détermination du nombre résultats potentiellement retournés, pour connaître la répartition par pages $num_res = -1; // Valeur par défaut en cas d'échec $res = @mysql_query($query_count); if ($res) { if ($num_res = mysql_fetch_assoc($res)) { $num_res = $num_res["NUM_RES"]; } @mysql_free_result($res); } // Suite de la construction de la requête, GROUP et ORDER BY if (isset($_SESSION["thread_ordering"])) { switch ($_SESSION["thread_ordering"]) { case 2: $query .= " ORDER BY pro_vote DESC"; break; case 3: $query .= " ORDER BY pro_vote/total_vote DESC"; break; case 4: $query .= " ORDER BY total_vote DESC"; break; default: $query .= " ORDER BY date DESC"; break; } } else { $query .= " ORDER BY date DESC"; } // Fin de la construction de la requête, LIMIT selon la page affichée $page_to_display = 1; if (!isset($_SESSION["thread_page"])) { $_SESSION["thread_page"] = 1; } else { $page_to_display = $_SESSION["thread_page"]; if (!is_numeric($page_to_display) || $page_to_display < 1) { $_SESSION["thread_page"] = 1; $page_to_display = 1; } } if ($num_res > -1) { $offset = round(10 * ($page_to_display - 1)); if ($offset >= $num_res) { $offset = 0; $_SESSION["thread_page"] = 1; } $query .= " LIMIT {$offset},10"; } // ********************************************************************* // // Menu de changement de page, sauvegardé pour affichage en base de page // // ********************************************************************* // $change_page = ""; if ($num_res > 10) { $change_page .= '<div class="bottom_page_choice">'; for ($i = 1; $i < ceil($num_res / 10) + 1; $i++) { if ($i == $_SESSION["thread_page"]) { $change_page .= "{$i} "; } else { $change_page .= '<a href="?action=change_thread_page&num_page=' . $i . '">' . $i . '</a> '; } } $change_page .= '</div><br/>'; echo $change_page; } else { echo '<br />'; } //////////////////////////////////////////////////////// // Exécution de la requête et affichage des résultats // //////////////////////////////////////////////////////// $result = @mysql_query($query); if ($result) { $result_returned = false; $need_separator = false; while ($row = mysql_fetch_assoc($result)) { // Informations diverses sur le post $result_returned = true; $thread_id = $row["thread_id"]; $thread_id_affiche = htmlentities($thread_id); $is_proprio = check_property($row["rand_prop"], $row["hash_prop"]); $is_valid = $row["is_valid"]; $already_mod = $row["already_mod"]; $check_vote = get_votes_from_thread($thread_id); $pro_vote = $check_vote["pro_votes"]; $agt_vote = $check_vote["against_votes"]; $per_vote = $check_vote["choice"]; // Hormis l'auteur ou un administrateur, affichage uniquement si le post a été modéré if ($is_valid || $is_proprio || $privileges > 3) { if ($need_separator) { echo '<div class="newsterminator"> <hr /> </div>'; } $need_separator = true; // Titre et état de modération echo '<span class="newstitle" id="' . $thread_id_affiche . '"> ' . htmlentities(stripslashes($row["title"])) . ' [#' . $thread_id_affiche . '] </span>'; if ($privileges > 3) { if ($already_mod) { if ($is_valid) { echo '<img src="rep_img/modere.png" alt="Modéré" class="imgtitlenews" />'; } else { echo '<img src="rep_img/masque.png" alt="Masqué" class="imgtitlenews" />'; } } else { echo '<img src="rep_img/n_modere.png" alt="Non modéré" class="imgtitlenews" />'; } } elseif ($is_proprio) { if ($already_mod) { if (!$is_valid) { echo '<img src="rep_img/masque.png" alt="Masqué" class="imgtitlenews" />'; } } else { echo '<img src="rep_img/n_modere.png" alt="Non modéré" class="imgtitlenews" />'; } } // Votes if ($privileges >= 2) { echo '<span class="vote">'; if ($per_vote > 0) { echo '<a href="?action=vote_post&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="rep_img/bright_votepro.png" alt="+1" class="imgvote" /></a>'; } else { if ($vote_filt) { echo '<a href="?action=vote_post&order=1&thread_id=' . $thread_id_affiche . '"><img src="rep_img/pale_votepro.png" alt="+1" class="imgvote" /></a>'; } else { echo '<a href="?action=vote_post&order=1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="rep_img/pale_votepro.png" alt="+1" class="imgvote" /></a>'; } } if ($per_vote < 0) { echo '<a href="?action=vote_post&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="rep_img/bright_voteneg.png" alt="-1" class="imgvote" /></a>'; } else { if ($vote_filt) { echo '<a href="?action=vote_post&order=-1&thread_id=' . $thread_id_affiche . '"><img src="rep_img/pale_voteneg.png" alt="-1" class="imgvote" /></a>'; } else { echo '<a href="?action=vote_post&order=-1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="rep_img/pale_voteneg.png" alt="-1" class="imgvote" /></a>'; } } echo '</span>'; } // Contexte echo '<div class="newsundertitle"> ' . htmlentities(transfo_date($row["date"])) . ' - ' . htmlentities($row["category_name"]); if (!empty($row["possibly_name"])) { echo ' - ' . htmlentities($row["possibly_name"]); } echo '</div> <div class="votebar">'; // Etat des votes if ($pro_vote == 0) { if ($agt_vote == 0) { echo '<span class="neutralvote"> <span class="votebarannotation"> +0 </span> </span> </div>'; } else { echo '<span class="againstvote" style="height:100%;width:8px;"> <span class="votebarannotation"> -' . htmlentities($agt_vote) . ' </span> </span> </div>'; } } else { if ($agt_vote == 0) { echo '<span class="provote" style="height:100%;width:8px;"> <span class="votebarannotation_pro"> +' . htmlentities($pro_vote) . ' </span> </span> </div>'; } else { $prop_pro = round(100 * $pro_vote / ($agt_vote + $pro_vote)); echo '<span class="provote" style="height:' . $prop_pro . '%;width:8px;"> <span class="votebarannotation_pro"> +' . htmlentities($pro_vote) . ' </span> </span> <span class="againstvote" style="height:' . (100 - $prop_pro) . '%;width:8px;"> <span class="votebarannotation"> -' . htmlentities($agt_vote) . ' </span> </span> </div>'; } } // Corps echo '<div class="newscontent">' . text_display_prepare($row["text"]) . '</div>'; echo '<div class="newsendlinks">'; if ($is_proprio || $privileges > 4) { echo ' <a href="?action=edit_post&thread_id=' . $thread_id_affiche . '">Editer</a> <a href="?action=remove_post&thread_id=' . $thread_id_affiche . '">Supprimer</a>'; if ($is_proprio) { if (!empty($row["possibly_name"])) { echo '<a href="?action=anonymization&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">Masquer mon nom</a>'; } else { echo '<a href="?action=anonymization&order=1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">Afficher mon nom</a>'; } } } if ($is_admin) { if ($is_valid || !$already_mod) { if ($current_mod) { echo '<a href="?action=moderation&order=0&thread_id=' . $thread_id_affiche . '">Refuser</a>'; } else { echo '<a href="?action=moderation&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">Refuser</a>'; } } if (!$is_valid || !$already_mod) { if ($current_mod) { echo '<a href="?action=moderation&order=1&thread_id=' . $thread_id_affiche . '">Accepter</a>'; } else { echo '<a href="?action=moderation&order=1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">Accepter</a>'; } } } // Affichage des commentaires - ferme le div newsendlinks affichage_comments($thread_id, false); } } // Affichage vide / d'un cadre de choix de page / d'un avertissement sur le nombre de résultats / selon les cas if ($result_returned) { echo $change_page . '<div class="newsterminator"><hr />' . NOM_ECOLE . ' </div>'; } else { echo '<div class="warning">Aucune proposition n\'est disponible selon les critères choisis</div>'; } @mysql_free_result($result); } else { echo '<div class="warning">Erreur lors de la requête</div>'; } } } else { need_ecole_member_privilege(2); } }
function display_post() { $privileges = user_privilege_level(); if ($privileges > 1) { // Titre et messages éventuels if (isset($_SESSION['transient_display'])) { echo $_SESSION['transient_display']; unset($_SESSION['transient_display']); } // ******************************************************************* // // Formulaire pour gérer le filtrage/l'ordonnancement des propositions // // ******************************************************************* // // Menu de sélection des idées $tail = '<form class="row" method="post" action="?action=post_filter_change"> <div class="tab_form_close"> '; // Champ de recherche $tail .= '<input class="span2" placeholder="' . _('Search...') . '"…" type="text" name="admin_recherche" value="' . $_SESSION["thread_admin_recherche"] . '">'; // Choix de catégorie $tail .= '<select class="span2" name="category_filter"> <option value="0">' . _('Catégories') . '</option>'; $result = @mysql_query("SELECT category_id,category_name FROM thread_category"); // Menu déroulant de choix de catégorie en fonction de ce qui est disponible en base if ($result) { while ($row = mysql_fetch_assoc($result)) { if (isset($_SESSION["thread_category_filter"]) && $row["category_id"] == $_SESSION["thread_category_filter"]) { $tail .= '<option value="' . htmlentities($row["category_id"]) . '" selected="selected">' . htmlentities($row["category_name"]) . '</option>'; } else { $tail .= '<option value="' . htmlentities($row["category_id"]) . '">' . htmlentities($row["category_name"]) . '</option>'; } } @mysql_free_result($result); } $tail .= '</select>'; // Menu de filtrage pour les utilisateurs loggés if (is_logged()) { $tail .= '<select class="span2" name="admin_filter"> <option value="0">' . _('No filter') . '</option>'; if ($privileges > 3) { if (isset($_SESSION["thread_admin_filter"])) { switch ($_SESSION["thread_admin_filter"]) { case 1: $tail .= '<option value="1" selected="selected">' . _('My posts') . '</option><option value="2">' . _('Posts with my comments') . '</option><option value="3">Propositions sans mon vote</option> <option value="4">' . _('Not moderated posts') . '</option><option value="5">' . _('Not moderated comments') . '</option>'; break; case 2: $tail .= '<option value="1">Mes propositions</option><option value="2" selected="selected">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; break; case 3: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3" selected="selected">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; break; case 4: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4" selected="selected">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; break; case 5: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5" selected="selected">Commentaires non modérés</option>'; break; default: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; } } else { $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option> <option value="4">Propositions non modérées</option><option value="5">Commentaires non modérés</option>'; } } else { if (isset($_SESSION["thread_admin_filter"])) { switch ($_SESSION["thread_admin_filter"]) { case 1: $tail .= '<option value="1" selected="selected">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; break; case 2: $tail .= '<option value="1">Mes propositions</option><option value="2" selected="selected">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; break; case 3: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3" selected="selected">Propositions sans mon vote</option>'; break; default: $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; } } else { $tail .= '<option value="1">Mes propositions</option><option value="2">Propositions avec mes commentaires</option><option value="3">Propositions sans mon vote</option>'; } } $tail .= '</select></td>'; } // Menu pour le tri des résultats if (isset($_SESSION["thread_ordering"])) { if (isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 5) { $tail .= _('Sort by') . ' <select name="sorting" class="span2" disabled="disabled"> <option value="1" selected="selected">Date</option><option value="2">Upvotes number</option><option value="3">Upvotes ratio</option><option value="4">' . _('Votes total') . '</option>"'; } else { $tail .= _('Sort by') . ' <select class="span2" name="sorting">'; switch ($_SESSION["thread_ordering"]) { case 1: $tail .= "<option value=\"1\" selected=\"selected\">Date</option><option value=\"2\">Upvotes number</option><option value=\"3\">Upvotes ratio</option><option value=\"4\">" . _('Votes total') . "</option>"; break; case 2: $tail .= "<option value=\"1\">Date</option><option value=\"2\" selected=\"selected\">Upvotes number</option><option value=\"3\">Upvotes ratio</option><option value=\"4\">" . _('Votes total') . "</option>"; break; case 3: $tail .= "<option value=\"1\">Date</option><option value=\"2\">Upvotes number</option><option value=\"3\" selected=\"selected\">Upvotes ratio</option><option value=\"4\">" . _('Votes total') . "</option>"; break; case 4: $tail .= "<option value=\"1\">Date</option><option value=\"2\">Upvotes number</option><option value=\"3\">Upvotes ratio</option><option value=\"4\" selected=\"selected\">" . _('Votes total') . "</option>"; break; default: $tail .= "<option value=\"1\">Date</option><option value=\"2\">Upvotes number</option><option value=\"3\">Upvotes ratio</option><option value=\"4\">" . _('Votes total') . "</option>"; } } } else { if (isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 4) { $tail .= _('Sort by') . ' <select class="span2" name="sorting" disabled="disabled"> <option value="1">Date</option><option value="2">Upvotes number</option><option value="3">Upvotes ratio</option><option value="4">' . _('Votes total') . '</option>"'; } else { $tail .= _('Sort by') . ' <select class="span2" name="sorting"> <option value="1">Date</option><option value="2">Upvotes number</option><option value="3">Upvotes ratio</option><option value="4">' . _('Votes total') . '</option>'; } } echo $tail . ' </select> <input type="hidden" name="form_name" value="thread_display_param" /> <input type="submit" value="Valider" /> </div> </form>'; $is_admin = $privileges > 3; // ****************************************************************************** // // Affichage des résultats selon les paramètres définis dans les menus précédents // // ****************************************************************************** // if (isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 5) { affichage_comments(-1, true); // Affichage "brutal" des commentaires confié à une autre fonction } else { $current_mod = isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 4; // Mode modération $vote_filt = isset($_SESSION["thread_admin_filter"]) && $_SESSION["thread_admin_filter"] == 3; // Filtrage selon les votes // ************************************************************ // // Construction de la requête de rappatriement des propositions // // ************************************************************ // $recherche = "(T.text LIKE '%" . mysql_real_escape_string($_SESSION['thread_admin_recherche']) . "%' OR T.title LIKE '%" . mysql_real_escape_string($_SESSION['thread_admin_recherche']) . "%') AND"; // Requête de base (deux parties pour prendre en comptes les propositions sans votes) $query_p1 = "(SELECT T.thread_id, T.rand_prop, T.hash_prop, T.title, T.text, T.date, T.is_valid, T.possibly_name, T.already_mod, G.category_name,\n\t\t\t\t\tSUM(V.vote) AS pro_vote, COUNT(V.vote) AS total_vote\n\t\t\t\t\tFROM thread T, thread_category G, vote V\n\t\t\t\t\tWHERE " . $recherche . " V.thread_id=T.thread_id AND G.category_id=T.category"; $query_p2 = "(SELECT T.thread_id, T.rand_prop, T.hash_prop, T.title, T.text, T.date, T.is_valid, T.possibly_name, T.already_mod, G.category_name,\n\t\t\t\t\t0 AS pro_vote, 0 AS total_vote\n\t\t\t\t\tFROM thread T, thread_category G \n\t\t\t\t\tWHERE " . $recherche . " T.thread_id <> ALL (SELECT thread_id FROM vote) AND G.category_id=T.category"; $query_count = "SELECT COUNT(T.thread_id) AS NUM_RES FROM thread T, thread_category G WHERE G.category_id=T.category"; // Requête à part pour déterminer préalablement le nombre de résultats if (isset($_SESSION["thread_admin_filter"])) { switch ($_SESSION["thread_admin_filter"]) { case 0: // Aucune contrainte si ce n'est une question de droits d'affichage if (is_logged()) { if (!$is_admin) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 1: // Posts propriétaires if (is_logged()) { $query_p1 .= sprintf(" AND (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop)", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop)", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop)", mysql_real_escape_string($_SESSION['login_c'])); } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 2: // Posts commentés if (is_logged()) { $query_p1 .= sprintf(" AND T.thread_id IN (SELECT DISTINCT thread_id FROM comment WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND T.thread_id IN (SELECT DISTINCT thread_id FROM comment WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND T.thread_id IN (SELECT DISTINCT thread_id FROM comment WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); if (!$is_admin) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 3: // Posts pour lesquels je n'ai pas voté if (is_logged()) { $query_p1 .= sprintf(" AND T.thread_id NOT IN (SELECT DISTINCT thread_id FROM vote WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND T.thread_id NOT IN (SELECT DISTINCT thread_id FROM vote WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND T.thread_id NOT IN (SELECT DISTINCT thread_id FROM vote WHERE (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); if (!$is_admin) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; case 4: // Propositions non modérées if ($is_admin) { $query_p1 .= " AND T.already_mod=0"; $query_p2 .= " AND T.already_mod=0"; $query_count .= " AND T.already_mod=0"; } else { $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } break; default: // Dans le doute $query_p1 .= " AND FALSE"; $query_p2 .= " AND FALSE"; $query_count .= " AND FALSE"; } } else { if (!$is_admin) { if (is_logged()) { $query_p1 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_p2 .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))) AS CHAR)=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); $query_count .= sprintf(" AND (T.is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(T.rand_prop AS CHAR))))=T.hash_prop))", mysql_real_escape_string($_SESSION['login_c'])); } else { $query_p1 .= " AND T.is_valid=1"; $query_p2 .= " AND T.is_valid=1"; $query_count .= " AND T.is_valid=1"; } } } // Filtrage éventuel selon la catégorie if (isset($_SESSION["thread_category_filter"]) && $_SESSION["thread_category_filter"] > 0) { $category_searched = mysql_real_escape_string($_SESSION["thread_category_filter"]); $query_p1 .= " AND T.category={$category_searched}"; $query_p2 .= " AND T.category={$category_searched}"; $query_count .= " AND T.category={$category_searched}"; } // Regroupement propositions avec/sans votes $query = $query_p1 . ' GROUP BY T.thread_id, T.rand_prop, T.hash_prop, T.title, T.text, T.date, T.is_valid, T.possibly_name, G.category_name) UNION ' . $query_p2 . ')'; // Détermination du nombre résultats potentiellement retournés, pour connaître la répartition par pages $num_res = -1; // Valeur par défaut en cas d'échec $res = @mysql_query($query_count); if ($res) { if ($num_res = mysql_fetch_assoc($res)) { $num_res = $num_res["NUM_RES"]; } @mysql_free_result($res); } // Suite de la construction de la requête, GROUP et ORDER BY if (isset($_SESSION["thread_ordering"])) { switch ($_SESSION["thread_ordering"]) { case 2: $query .= " ORDER BY pro_vote DESC"; break; case 3: $query .= " ORDER BY pro_vote/total_vote DESC"; break; case 4: $query .= " ORDER BY total_vote DESC"; break; default: $query .= " ORDER BY date DESC"; break; } } else { $query .= " ORDER BY date DESC"; } // Fin de la construction de la requête, LIMIT selon la page affichée $page_to_display = 1; if (!isset($_SESSION["thread_page"])) { $_SESSION["thread_page"] = 1; } else { $page_to_display = $_SESSION["thread_page"]; if (!is_numeric($page_to_display) || $page_to_display < 1) { $_SESSION["thread_page"] = 1; $page_to_display = 1; } } if ($num_res > -1) { $offset = round(10 * ($page_to_display - 1)); if ($offset >= $num_res) { $offset = 0; $_SESSION["thread_page"] = 1; } $query .= " LIMIT {$offset},10"; } // ********************************************************************* // // Menu de changement de page, sauvegardé pour affichage en base de page // // ********************************************************************* // $change_page = ""; if ($num_res > 10) { $change_page .= '<div class="bottom_page_choice">'; for ($i = 1; $i < ceil($num_res / 10) + 1; $i++) { if ($i == $_SESSION["thread_page"]) { $change_page .= "{$i} "; } else { $change_page .= '<a href="?action=change_thread_page&num_page=' . $i . '">' . $i . '</a> '; } } $change_page .= '</div><br/>'; echo $change_page; } else { echo '<br />'; } //////////////////////////////////////////////////////// // Exécution de la requête et affichage des résultats // //////////////////////////////////////////////////////// $result = @mysql_query($query); if ($result) { $result_returned = false; $need_separator = false; while ($row = mysql_fetch_assoc($result)) { // Informations diverses sur le post $result_returned = true; $thread_id = $row["thread_id"]; $thread_id_affiche = htmlentities($thread_id); $is_proprio = check_property($row["rand_prop"], $row["hash_prop"]); $is_valid = $row["is_valid"]; $already_mod = $row["already_mod"]; $check_vote = get_votes_from_thread($thread_id); $pro_vote = $check_vote["pro_votes"]; $agt_vote = $check_vote["against_votes"]; $per_vote = $check_vote["choice"]; // Hormis l'auteur ou un administrateur, affichage uniquement si le post a été modéré if ($is_valid || $is_proprio || $privileges > 3) { if ($need_separator) { echo '<hr />'; } $need_separator = true; echo ' <article class="feed_item row" id="item-' . $thread_id_affiche . '""> <div class="span2"> '; // Etat de modération if ($privileges > 3) { if ($already_mod) { if ($is_valid) { echo '<img src="img/modere.png" alt="Modéré" class="imgtitlenews" />'; } else { echo '<img src="img/masque.png" alt="Masqué" class="imgtitlenews" />'; } } else { echo '<img src="img/n_modere.png" alt="Non modéré" class="imgtitlenews" />'; } } elseif ($is_proprio) { if ($already_mod) { if (!$is_valid) { echo '<img src="img/masque.png" alt="Masqué" class="imgtitlenews" />'; } } else { echo '<img src="img/n_modere.png" alt="Non modéré" class="imgtitlenews" />'; } } // Catégories avec images echo ' <img src="img/placeholder_100x100.gif" alt="icon" class="avatar bordered"/> '; // Votes if ($privileges > 2) { echo '<span class="vote">'; if ($per_vote > 0) { echo '<a href="?action=vote_post&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="img/bright_votepro.png" alt="+1" class="imgvote" /></a>'; } else { if ($vote_filt) { echo '<a href="?action=vote_post&order=1&thread_id=' . $thread_id_affiche . '"><img src="img/pale_votepro.png" alt="+1" class="imgvote" /></a>'; } else { echo '<a href="?action=vote_post&order=1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="img/pale_votepro.png" alt="+1" class="imgvote" /></a>'; } } if ($per_vote < 0) { echo '<a href="?action=vote_post&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="img/bright_voteneg.png" alt="-1" class="imgvote" /></a>'; } else { if ($vote_filt) { echo '<a href="?action=vote_post&order=-1&thread_id=' . $thread_id_affiche . '"><img src="img/pale_voteneg.png" alt="-1" class="imgvote" /></a>'; } else { echo '<a href="?action=vote_post&order=-1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '"><img src="img/pale_voteneg.png" alt="-1" class="imgvote" /></a>'; } } echo '</span>'; } //close-open columns echo ' </div> <div class="span6">'; //add gravatar echo ' <header class="row"> <div class="span1"> <img src="img/placeholder_50x50.gif" alt="icon" class="avatar bordered"/> </div> '; //start meta echo ' <div class="span5"> <p class="meta"> <small> Posted by : '; // name + link to profile if (!empty($row["possibly_name"])) { echo '<a href="#">' . htmlentities($row["possibly_name"]) . '</a>'; } // tags echo ' with tags : <a href="#">' . htmlentities($row["category_name"]) . '</a>'; //close meta echo ' </small> </p>'; // Titre echo ' <h3>' . htmlentities(stripslashes($row["title"])) . '</h3>'; //share sns buttons + close header echo ' <section class="sns"><!-- AddThis Button BEGIN --> <div class="addthis_toolbox addthis_default_style "> <a class="addthis_button_preferred_1"></a> <a class="addthis_button_preferred_2"></a> <a class="addthis_button_preferred_3"></a> </div> <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=xa-4f3e39a4223675c7"></script> </section><!-- AddThis Button END --> </div><!--span5 --> </header> '; /* echo(' <div class="votebar">'); // Etat des votes if ($pro_vote==0) { if($agt_vote==0) { echo('<span class="neutralvote"> <span class="votebarannotation"> +0 </span> </span> </div>'); } else { echo('<span class="againstvote" style="height:100%;width:8px;"> <span class="votebarannotation"> -'.htmlentities($agt_vote).' </span> </span> </div>'); } } else { if($agt_vote==0) { echo('<span class="provote" style="height:100%;width:8px;"> <span class="votebarannotation_pro"> +'.htmlentities($pro_vote).' </span> </span> </div>'); } else { $prop_pro=round(100*$pro_vote/($agt_vote+$pro_vote)); echo('<span class="provote" style="height:'.$prop_pro.'%;width:8px;"> <span class="votebarannotation_pro"> +'.htmlentities($pro_vote).' </span> </span> <span class="againstvote" style="height:'.(100-$prop_pro).'%;width:8px;"> <span class="votebarannotation"> -'.htmlentities($agt_vote).' </span> </span> </div>'); } } */ // Corps du texte echo '<div class="content"><p>' . text_display_prepare($row["text"]) . '</p></div>'; // utils echo '<footer class="">'; //upvote echo '<a class="" href="?action=vote_post&order=' . '1' . '&thread_id=' . $thread_id_affiche . '">' . _('Upvote') . '<i class="icon-thumbs-up"></i>' . '</a>'; echo " - "; // downvote echo '<a class="" href="?action=vote_post&order=' . '-1' . '&thread_id=' . $thread_id_affiche . '">' . _('Downvote') . '<i class="icon-thumbs-down"></i>' . '</a>'; echo " - "; // Date echo '<time class="" datetime="' . htmlentities(transfo_date($row["date"])) . '">' . htmlentities(transfo_date($row["date"])) . '</time>'; echo " - "; // comments affichage_comments($thread_id, false); // utils delete/edite/anonymize if ($is_proprio || $privileges > 4) { echo ' | <a class="adminutil" href="?action=edit_post&thread_id=' . $thread_id_affiche . '">' . _('Edit') . '</a> - <a class="adminutil" href="?action=remove_post&thread_id=' . $thread_id_affiche . '">' . _('Delete') . '</a>'; // hide name if ($is_proprio) { if (!empty($row["possibly_name"])) { echo ' - <a href="?action=anonymization&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">' . _('Hide my name') . '</a>'; } else { echo ' - <a href="?action=anonymization&order=1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">' . _('Show my name') . '</a>'; } } } if ($is_admin) { if ($is_valid || !$already_mod) { if ($current_mod) { echo '<a href="?action=moderation&order=0&thread_id=' . $thread_id_affiche . '">Refuser</a>'; } else { echo '<a href="?action=moderation&order=0&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">Refuser</a>'; } } if (!$is_valid || !$already_mod) { if ($current_mod) { echo '<a href="?action=moderation&order=1&thread_id=' . $thread_id_affiche . '">Accepter</a>'; } else { echo '<a href="?action=moderation&order=1&thread_id=' . $thread_id_affiche . '#' . $thread_id_affiche . '">Accepter</a>'; } } } echo '</small></footer>'; // COMMENTS echo '<div class="commentbox"> <article class="comment clearfix"> <header class="span1"> <img src="img/placeholder_50x50.gif" alt="icon" class="avatar bordered"/> </header> <div class="com-content span4"> Lorem Ipsum </div> <footer>'; //upvote echo '<a class="" href="?action=vote_post&order=' . '1' . '&thread_id=' . $thread_id_affiche . '">' . _('Upvote') . '<i class="icon-thumbs-up"></i>' . '</a>'; echo " - "; // downvote echo '<a class="" href="?action=vote_post&order=' . '-1' . '&thread_id=' . $thread_id_affiche . '">' . _('Downvote') . '<i class="icon-thumbs-down"></i>' . '</a>'; echo " - "; // timestamp echo '<time datetime="2010-12-16T11:15Z">16/12/2010 11:15</time> </footer> </article> </div><!-- .commentbox--> </article><!-- .feeditem -->'; } } // Affichage vide / d'un cadre de choix de page / d'un avertissement sur le nombre de résultats / selon les cas if ($result_returned) { echo $change_page . '<div class="newsterminator"><hr />' . NOM_ECOLE . ' REFRESH</div>'; } else { echo '<div class="warning">Aucune proposition n\'est disponible selon les critères choisis</div>'; } @mysql_free_result($result); } else { echo '<div class="warning">Erreur lors de la requête</div>'; } } } else { need_ecole_member_privilege(2); } }
*/ include_once "pages_secondlevel/tool.php"; if (is_logged()) { $email = "{$_SESSION['login_c']}"; $defaultavatar = "img/default-avatar.png"; $size = 80; $grav_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($email))) . "?d=" . urlencode($defaultavatar) . "&s=" . $size; echo '<img src="' . $grav_url . '" alt="avatar" />'; echo ' <li><a href="?action=logout">' . _('Disconnect') . '</a></li> <li><a href="?action=change_pass">' . _('Change password') . '</a></li> <li><a href="?action=delete_account">' . _('Unsubscribe') . '</a></li> '; if (user_privilege_level() > 3) { echo ' <a href="?action=new_document">Ajouter un document</a> '; } } else { log_in(); echo ' <li><a href="?action=lost_ids">' . _('Lost your log?') . '</a></li> <li><a href="?action=create_account">' . _('Register') . '</a></li> <li><a href="?action=display_useterms">' . _('Terms of use') . '</a></li> '; }
function edit_doc() { if (isset($_SESSION['post'])) { $_POST = $_SESSION['post']; unset($_SESSION['post']); } $priv = user_privilege_level(); echo '<h1>Edition d\'un document :</h1>'; if ($priv > 3) { $id = -1; $titre = ""; $description = ""; $category = ""; $warnings = ""; if (isset($_GET["document_id"])) { if (is_numeric($_GET["document_id"]) && $_GET["document_id"] > 0) { $document_id = $_GET["document_id"]; $result = @mysql_query(sprintf("SELECT document_id,name,description,category FROM document WHERE document_id='%s'", mysql_real_escape_string($document_id))); if ($result && ($row = mysql_fetch_assoc($result))) { $id = $row["document_id"]; $titre = $row["name"]; $description = $row["description"]; $category = $row["category"]; @mysql_free_result($result); } else { $warnings = '<div class="warning">Document inexistant</div>'; } } else { $warnings = '<div class="warning">Document inexistant</div>'; } } else { $warnings = '<div class="warning">Document à supprimer non précisé</div>'; } if (empty($warnings) && $id > 0) { $affich_form = true; if (isset($_POST['form_name']) && $_POST['form_name'] == "document_edition") { if ($priv > 3) { $trait = true; if (isset($_POST["title"]) && is_string($_POST["title"]) && !empty($_POST["title"])) { $titre = $_POST["title"]; } else { $trait = false; echo '<div class="warning">Titre incorrect</div>'; } if (isset($_POST["description"]) && is_string($_POST["description"]) && !empty($_POST["description"])) { $description = $_POST["description"]; } else { $trait = false; echo '<div class="warning">Description incorrecte</div>'; } if (isset($_POST["category"]) && is_numeric($_POST["category"]) && $_POST["category"] > 0) { $category = $_POST["category"]; } else { $trait = false; echo '<div class="warning">Catégorie incorrecte</div>'; } if ($trait) { // On vérifie l'existence de la catégorie : le stockage MyIsam n'autorise pas une simple clé étrangère comme dans le cas des posts etc. $res_temp = @mysql_query(sprintf("SELECT COUNT( * ) AS NUM_ENR FROM document_category WHERE CATEGORY_ID = '%s'", mysql_real_escape_string($category))); if ($res_temp && ($row = mysql_fetch_assoc($res_temp))) { if ($row["NUM_ENR"] == 1) { @mysql_free_result($result); if (@mysql_query(sprintf("UPDATE document SET name='%s',description='%s',category='%s' WHERE document_id='%s'", mysql_real_escape_string($titre), mysql_real_escape_string($description), mysql_real_escape_string($category), mysql_real_escape_string($id)))) { echo '<div class="success">Document correctement modifié</div>'; $affich_form = false; } else { echo '<div class="warning">Erreur lors de la mise à jour du document</div>'; } } else { echo '<div class="warning">Erreur lors de la mise à jour du document</div>'; } } else { echo '<div class="warning">Erreur lors de la mise à jour du document</div>'; } } } else { echo '<div class="warning">Vous ne disposez pas des droits nécessaires</div>'; } } // Affichage du formulaire le cas échéant if ($affich_form) { echo ' <form method="post" action="?action=edit_doc&document_id=' . $id . '"> <table class="tab_form"> <tr> <td> Titre : </td> <td> <input type="text" name="title" value="' . htmlentities(stripslashes($titre)) . '" /> </td> </tr> <tr> <td> Catégorie : </td> <td> <select name="category">'; $tail = ""; $result = @mysql_query("SELECT category_id,category_name FROM document_category"); if ($result) { while ($row = mysql_fetch_assoc($result)) { if ($category == $row["category_id"]) { $tail .= '<option value="' . htmlentities($row["category_id"]) . '" selected="selected">' . htmlentities($row["category_name"]) . '</option>'; } else { $tail .= '<option value="' . htmlentities($row["category_id"]) . '">' . htmlentities($row["category_name"]) . '</option>'; } } @mysql_free_result($result); } if (empty($tail)) { $tail = '<option value="0">Défaut</option>'; } echo $tail . ' </select> </td> </tr> <tr> <td colspan="2"> <textarea name="description" rows="15" cols="80">' . htmlentities(stripslashes($description)) . '</textarea> </td> </tr> <tr> <td colspan="2"> <input type="hidden" name="form_name" value="document_edition" /> </td> </tr> <tr class="submit_center"> <td colspan="2" rowspan="1"> <input type="submit" value="Valider" /> </td> </tr> </table> </form>'; } } elseif (!empty($warnings)) { echo $warnings; } } else { echo '<div class="warning">Vous ne disposez pas des privilèges nécessaires à l\'édition d\'un document</div>'; } if (isset($_POST)) { unset($_POST); } }
License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Contact : nicolas.seichepine.org/?action=contact */ session_start(); include_once "config.php"; include_once "script_php/pages_secondlevel/actions.php"; $privileges = user_privilege_level(); $login = $_SESSION['login_c']; // Demande if (isset($_GET["action"]) && is_string($_GET["action"])) { $ccar_to_treat = htmlentities($_GET["action"]); } // Appel de la fonction associée à la demande switch ($ccar_to_treat) { // appel de la fonction post par Ajax case "post": post($_POST['title'], $_POST['message'], $_POST['anonymization'], $_POST['category'], $login, $valid = 0, $output = 'JSON'); break; case "comments": get_comments($_POST['thread_id'], $privileges, $login, $output = 'JSON'); break; case "delete_comment":
function affichage_comments($thread_id, $moderation_mode = false, $unique_mode = false) { $privileges = user_privilege_level(); $is_admin = $privileges > 3; $is_logged = is_logged(); $ancre = htmlentities($thread_id); if ($moderation_mode) { if ($is_admin) { $escaped_name = mysql_real_escape_string($_SESSION['login_c']); $comments = get_comments($thread_id, $privileges, $escaped_name, $output = ''); if ($comments->result) { $result_returned = false; foreach ($comments->data as $thread_id => $row) { $result_returned = true; $is_proprio = check_property($row["rand_prop"], $row["hash_prop"]); $ancre = htmlentities($row["comment_id"]); $date = $row['date']; $possibly_name = $row['possibly_name']; $sec_cid = htmlentities($row["comment_id"]); $thread_tmp = htmlentities($row["thread_id"]); $text = text_display_prepare(trim($row["text"])); // Informations de contexte display_comment($row, True, $privileges, $is_admin, $unique_mode); } if (!$result_returned) { echo '<div class="warning">Aucun commentaire n\'est disponible selon les critères choisis</div>'; } } else { echo '<div class="warning">Erreur lors de la recherche des commentaires non modérés</div>'; } } else { echo '<div class="warning">Vous ne disposez pas des droits nécessaires</div>'; } } else { if ($privileges > 1) { if (isset($_SESSION["unroll_comment"]) && $_SESSION["unroll_comment"] == $thread_id) { $escaped_threadid = mysql_real_escape_string($thread_id); $escaped_name = isset($_SESSION['login_c']) ? mysql_real_escape_string($_SESSION['login_c']) : ''; $comments = get_comments($escaped_threadid, $privileges, $escaped_name, $output = ''); if ($comments->result) { if ($privileges > 3) { $result_temp = @mysql_query(sprintf("SELECT COUNT(*) AS NB_COMMENT FROM comment WHERE thread_id='%s'", mysql_real_escape_string($thread_id))); } else { if ($is_logged) { $result_temp = @mysql_query(sprintf("SELECT COUNT(*) AS NB_COMMENT FROM comment WHERE thread_id='%s' AND (is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($thread_id), mysql_real_escape_string($_SESSION['login_c']))); } else { $result_temp = @mysql_query(sprintf("SELECT COUNT(*) AS NB_COMMENT FROM comment WHERE is_valid=1 AND thread_id='%s'", mysql_real_escape_string($thread_id))); } } if ($row = mysql_fetch_assoc($result_temp)) { $nb_comment = htmlentities($row["NB_COMMENT"]); display_speccom($unique_mode, $ancre, $thread_id, $nb_comment, 'roll'); } @mysql_free_result($result_temp); foreach ($comments->data as $thread_id => $row) { $is_proprio = check_property($row["rand_prop"], $row["hash_prop"]); $is_valid = $row["is_valid"]; if ($is_valid || $is_proprio || $privileges > 3) { // afficher les commentaires display_comment($row, $is_logged, $privileges, $unique_mode); } } $text_prec = ""; $anon_prec = ""; if (isset($_SESSION["text_new_comment_rest"])) { $text_prec = $_SESSION["text_new_comment_rest"]; } if (isset($_SESSION["text_anonymous_rest"])) { $anon_prec = 1; } if ($privileges > 2) { // display the form that allows users to post comments display_comment_form($unique_mode, $ancre, $thread_id, $text_prec, $anon_prec); } if (isset($_SESSION["text_new_comment_rest"])) { unset($_SESSION["text_new_comment_rest"]); } if (isset($_SESSION["text_anonymous_rest"])) { unset($_SESSION["text_anonymous_rest"]); } } else { echo '<div class="warning">Erreur lors de la recherche des commentaires</div></div>'; } } else { if ($privileges > 3) { $result = @mysql_query(sprintf("SELECT COUNT(*) AS NB_COMMENT FROM comment WHERE thread_id='%s'", mysql_real_escape_string($thread_id))); } else { if (is_logged()) { $result = @mysql_query(sprintf("SELECT COUNT(*) AS NB_COMMENT FROM comment WHERE thread_id='%s' AND (is_valid=1 OR (CAST(SHA1(CONCAT('%s',CAST(rand_prop AS CHAR))) AS CHAR)=hash_prop))", mysql_real_escape_string($thread_id), mysql_real_escape_string($_SESSION['login_c']))); } else { $result = @mysql_query(sprintf("SELECT COUNT(*) AS NB_COMMENT FROM comment WHERE is_valid=1 AND thread_id='%s'", mysql_real_escape_string($thread_id))); } } if ($result && ($row = mysql_fetch_assoc($result))) { $nb_comment = htmlentities($row["NB_COMMENT"]); display_speccom($unique_mode, $ancre, $thread_id, $nb_comment, 'unroll'); } else { echo '<div class="warning">Erreur lors de la recherche des commentaires</div></div>'; } @mysql_free_result($result); } } else { echo '<div class="warning">Vous ne disposez pas des droits nécessaires</div>'; } } }