Context Navigation

plog-feedback.php @ 602

Revision 602, 12.6 KB checked in by sidtheduck, 11 months ago (diff)

Options re-ordering and updated functionality
- Separate sort ordering for Image, Album, and Collection
- Thumbnail resizing options based on width, height, longest side, or square
- RSS content option to allow albums or pictures to be displayed at Collections and Collection level

Better session security and cleanup of PHP_SELF constant to deter XSS attacks
Deprecated PHP function cleanup (still PHP4 compatible)
Syntax cleanup including mysql_result syntax errors

Line
1	<?php
2	// Load configuration variables from database, plog-globals, & plog-includes/plog-functions
3	require_once(dirname(dirname(__FILE__)).'/plog-load-config.php');
4	require(PLOGGER_DIR.'plog-admin/plog-admin.php');
5
6	global $inHead;
7
8	$inHead = '<script type="text/javascript" src="'.$config['gallery_url'].'plog-admin/js/ajax_editing.js"></script>';
9
10	$output = "\n\t" . '<h1>'.plog_tr('Manage Feedback').'</h1>' . "\n";
11
12	if (isset($_REQUEST['action'])) {
13	if ($_REQUEST['action'] == 'approve-delete') {
14	// Here we will determine if we need to perform an approved or delete action.
15	$num_items = 0;
16
17	// Perform the delete function on the selected items
18	if (isset($_REQUEST['delete_checked'])) {
19	if (isset($_REQUEST['selected'])) {
20	foreach($_REQUEST['selected'] as $del_id) {
21	// Let's build the query string
22	$del_id = intval($del_id);
23	$query = "DELETE FROM ".PLOGGER_TABLE_PREFIX."comments WHERE `id`= '".$del_id."'";
24	$result = run_query($query);
25	$num_items++;
26	}
27	if ($num_items > 0) {
28	$text = ($num_items == 1) ? plog_tr('comment') : plog_tr('comments');
29	$output .= "\n\t" . '<p class="success">'.sprintf(plog_tr('You have deleted %s successfully'), '<strong>'.$num_items.'</strong> '.$text).'.</p>' . "\n";
30	} else {
31	$output .= "\n\t" . '<p class="errors">'.plog_tr('Nothing selected to delete').'!</p>' . "\n";
32	}
33	}
34
35	} else if (isset($_REQUEST['approve_checked'])) {
36	// Set the approval bit to 1 for all selected comments
37	if (isset($_REQUEST['selected'])) {
38	foreach($_REQUEST['selected'] as $appr_id) {
39	// Let's build the query string
40	$appr_id = intval($appr_id);
41	$query = "UPDATE ".PLOGGER_TABLE_PREFIX."comments SET `approved` = 1 WHERE `id`= '".$appr_id."'";
42	$result = run_query($query);
43	$num_items++;
44	}
45	if ($num_items > 0) {
46	$text = ($num_items == 1) ? plog_tr('comment') : plog_tr('comments');
47	$output .= "\n\t" . '<p class="success">'.sprintf(plog_tr('You have approved %s successfully'), '<strong>'.$num_items.'</strong> '.$text).'.</p>' . "\n";
48	} else {
49	$output .= "\n\t" . '<p class="errors">'.plog_tr('Nothing selected to approve').'!</p>' . "\n";
50	}
51	}
52	}
53
54	} else if ($_REQUEST['action'] == 'edit-comment') {
55	// Show the edit form
56	$output .= plog_edit_comment_form($_REQUEST['pid']);
57	$edit_page = 1;
58
59	} else if ($_REQUEST['action'] == 'update-comment') {
60	if (!isset($_REQUEST['cancel'])) {
61	// Update comment in database
62	$result = update_comment($_POST['pid'], $_POST['author'], $_POST['email'], $_POST['url'], $_POST['comment']);
63	if (isset($result['errors'])) {
64	$output .= "\n\t" . '<p class="errors">'.$result['errors'].'</p>' . "\n";
65	} else if (isset($result['output'])) {
66	$output .= "\n\t" . '<p class="success">'.$result['output'].'</p>' . "\n";
67	}
68	}
69	}
70	}
71
72	if (!isset($edit_page)) {
73	// Let's iterate through all the content and build a table
74	// Set the default level if nothing is specified
75
76	// Handle pagination
77	// Let's determine the limit filter based on current page and number of results per page
78	if (isset($_REQUEST['entries_per_page'])) {
79	$_SESSION['entries_per_page'] = $_REQUEST['entries_per_page'];
80	} else if (!isset($_SESSION['entries_per_page'])) {
81	$_SESSION['entries_per_page'] = 20;
82	}
83
84	$plog_page = isset($_REQUEST['plog_page']) ? $_REQUEST['plog_page'] : 1; // default to the first page
85
86	$first_item = ($plog_page - 1) * $_SESSION['entries_per_page'];
87	if ($first_item < 0) {
88	$first_item = 0;
89	}
90	$limit = "LIMIT ".$first_item.", ".$_SESSION['entries_per_page'];
91
92	// Let's generate the pagination menu as well
93	$recordCount = "SELECT count(*) AS num_comments FROM ".PLOGGER_TABLE_PREFIX."comments WHERE `approved` = 1";
94	$totalRowsResult = mysql_query($recordCount);
95	$num_comments = mysql_result($totalRowsResult, 0, 'num_comments');
96
97	$query = "SELECT count(*) AS in_moderation FROM ".PLOGGER_TABLE_PREFIX."comments WHERE `approved` = 0";
98	$mod_result = run_query($query);
99	$num_comments_im = mysql_result($mod_result, 0, 'in_moderation');
100
101	// Filter based on whether were looking at approved comments or unmoderated comments
102	if (isset($_REQUEST['moderate']) && $_REQUEST['moderate'] == 1) {
103	$approved = 0;
104	$moderate = 1;
105	} else {
106	$approved = 1;
107	$moderate = 0;
108	}
109	$output .= "\n\t" . '<form id="contentList" action="'.$_SERVER['PHP_SELF'].'?moderate='.$moderate.'" method="post">';
110
111	if ($approved) {
112	$pagination_menu = generate_pagination('admin', 'feedback', $plog_page, $num_comments, $_SESSION['entries_per_page']);
113	} else {
114	$pagination_menu = generate_pagination('admin', 'feedback', $plog_page, $num_comments_im, $_SESSION['entries_per_page'], array('moderate' => 1));
115	}
116	$pagination_menu = "\n\t\t" . '<div class="pagination">'.$pagination_menu.'</div>';
117
118	// Generate javascript init function for ajax editing
119	$query = "SELECT *, UNIX_TIMESTAMP(`date`) AS `date` from ".PLOGGER_TABLE_PREFIX."comments WHERE `approved` = ".$approved." ORDER BY `id` DESC ".$limit;
120	$result = run_query($query);
121	if (mysql_num_rows($result) > 0) {
122	$output .= "\n\t\t" . '<script type="text/javascript">';
123	$output .= "\n\t\t\t" . 'Event.observe(window, \'load\', init, false);';
124	$output .= "\n\t\t\t" . 'function init() {' . "\n";
125	while($row = mysql_fetch_assoc($result)) {
126	$output .= "\t\t\t\tmakeEditable('comment-comment-".$row['id']."');
127	makeEditable('comment-author-".$row['id']."');
128	makeEditable('comment-url-".$row['id']."');
129	makeEditable('comment-email-".$row['id']."');\n";
130	}
131	$output .= "\t\t\t" . '}';
132	$output .= "\n\t\t" . '</script>' . "\n";
133	}
134
135	$query = "SELECT *, UNIX_TIMESTAMP(`date`) AS `date` from ".PLOGGER_TABLE_PREFIX."comments WHERE `approved` = ".$approved." ORDER BY `id` DESC ".$limit;
136	$result = run_query($query);
137
138	$empty = 0;
139
140	if ($result) {
141	if (mysql_num_rows($result) == 0) {
142	if ($approved) {
143	$output .= "\n\t\t" . '<p class="stats-info">'.plog_tr('You have no comments on your gallery').'.</p>';
144	} else {
145	$output .= "\n\t\t" . '<p class="stats-info">'.plog_tr('You have no comments waiting for approval').'.</p>';
146	}
147	$empty = 1;
148	}
149	if ($approved) {
150	if ($num_comments_im > 0) {
151	$text = ($num_comments_im == 1) ? plog_tr('comment') : plog_tr('comments');
152	$output.= "\n\t\t" . '<p class="actions">'.sprintf(plog_tr('You have %s waiting for approval.'), '<strong>'.$num_comments_im.'</strong> '.$text).' <a href="plog-feedback.php?moderate=1"><strong>'.plog_tr('Click here').'</strong></a> '.plog_tr('to review and approve/delete the moderated').' '.$text.'.</p>' . "\n";
153	}
154	}
155
156	$counter = 0;
157
158	if (!$empty) {
159	$output .= "\n\t\t" . '<div class="entries-page">'.generate_pagination_view_menu().'
160	</div><!-- /entries-page -->' . "\n";
161
162	$output .= $pagination_menu;
163	}
164
165	while($row = mysql_fetch_assoc($result)) {
166	// If we're on our first iteration, dump the header
167	if ($counter == 0) {
168	if ($approved) {
169	if ($num_comments > 0) {
170	$text = ($num_comments == 1) ? plog_tr('comment') : plog_tr('comments');
171	$output .= "\n\n\t\t" . '<div id="comment-count">'.sprintf(plog_tr('You have %s'), '<strong>'.$num_comments.'</strong> '.$text).'.</div>';
172	}
173	} else {
174	if ($num_comments_im > 0) {
175	$text = ($num_comments_im == 1) ? plog_tr('comment') : plog_tr('comments');
176	$output .= "\n\n\t\t" . '<div id="comment-count">'.sprintf(plog_tr('You have %s awaiting approval'), '<strong>'.$num_comments_im.'</strong> '.$text).'.</div>';
177	}
178	}
179
180	$output .= "\n\n\t\t" . '<table style="width: 100%;" cellpadding="3" cellspacing="0">
181	<tr class="header">
182	<th class="table-header-left align-center width-15"><input name="allbox" type="checkbox" onclick="checkAll(document.getElementById(\'contentList\'));" /></th>
183	<th class="table-header-middle align-center width-150">'.plog_tr('Thumb').'</th>
184	<th class="table-header-middle align-left width-175">'.plog_tr('Author').'/'.plog_tr('Email').'/'.plog_tr('Website').'</th>
185	<th class="table-header-middle align-left width-100">'.plog_tr('Date').'</th>
186	<th class="table-header-middle align-left">'.plog_tr('Comment').'</th>
187	<th class="table-header-right align-center width-100">'.plog_tr('Actions').'</th>
188	</tr>';
189	}
190
191	foreach ($row as $key => $value) {
192	$value = SmartStripSlashes(htmlspecialchars($value));
193	if ($value == '') {
194	$row[$key] = ' ';
195	}
196	}
197
198	if ($counter%2 == 0) {
199	$table_row_color = 'color-1';
200	} else {
201	$table_row_color = 'color-2';
202	}
203
204	// Start a new table row (alternating colors)
205	$output .= "\n\t\t\t" . '<tr class="'.$table_row_color.'">';
206
207	// Give the row a checkbox
208	$output .= "\n\t\t\t\t" . '<td class="align-center width-15"><p class="margin-5"><input type="checkbox" name="selected[]" value="'.$row['id'].'" /></p></td>';
209
210	// Give the row a thumbnail, we need to look up the parent picture for the comment
211	$picture = get_picture_by_id($row['parent_id']);
212	$thumbpath = generate_thumb($picture['path'], $picture['id'], THUMB_SMALL);
213
214	// Generate XHTML with thumbnail and link to picture view.
215	$imgtag = '<img src="'.$thumbpath.'" title="'.htmlspecialchars(strip_tags($picture['caption']), ENT_QUOTES).'" alt="'.htmlspecialchars(strip_tags($picture['caption']), ENT_QUOTES).'" />';
216	$output .= "\n\t\t\t\t" . '<td class="align-center width-150"><div class="img-shadow"><a href="'.generate_thumb($picture['path'], $picture['id'], THUMB_LARGE).'" rel="lightbox" title="'.htmlspecialchars($picture['caption'], ENT_QUOTES).'">'.$imgtag.'</a></div></td>';
217
218	// Author / Email / Website
219	$output .= "\n\t\t\t\t" . '<td class="align-left width-175">
220	<p class="margin-5 no-margin-bottom"><strong>'.plog_tr('Author').':</strong></p>
221	<p class="margin-5 no-margin-top" id="comment-author-'.$row['id'].'">'.$row['author'].'</p>
222	<p class="margin-5 no-margin-bottom"><strong>'.plog_tr('Email').':</strong></p>
223	<p class="margin-5 no-margin-top" id="comment-email-'.$row['id'].'">'.$row['email'].'</p>
224	<p class="margin-5 no-margin-bottom"><strong>'.plog_tr('Website').':</strong></p>
225	<p class="margin-5 no-margin-top" id="comment-url-'.$row['id'].'">'.$row['url'].'</p>
226	</td>';
227
228	// Date
229	$output .= "\n\t\t\t\t" . '<td class="align-left width-100"><p class="margin-5">'.date($config['date_format'], $row['date']).'</p></td>';
230
231	// Comment
232	$output .= "\n\t\t\t\t" . '<td class="align-left vertical-top"><p class="margin-5" id="comment-comment-'.$row['id'].'">'.$row['comment'].'</p></td>';
233
234	// Actions panel
235	$query = "?action=edit-comment&pid=$row[id]";
236	$output .= "\n\t\t\t\t" . '<td class="align-center width-100"><p class="margin-5"><a href="'.$_SERVER['PHP_SELF'].$query.'&entries_per_page='.$_SESSION['entries_per_page'].'&moderate='.$moderate.'"><img src="'.$config['gallery_url'].'plog-admin/images/edit.gif" alt="'.plog_tr('Edit').'" title="'.plog_tr('Edit').'" /></a>';
237	$output .= '  <a href="'.$_SERVER['PHP_SELF'].'?action=approve-delete&delete_checked=1&selected[]='.$row['id'].'&moderate='.$moderate.'" onclick="return confirm(\''.plog_tr('Are you sure you want to delete this comment?').'\');"><img src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="'.plog_tr('Delete').'" title="'.plog_tr('Delete').'" /></a>';
238
239	if (!$approved) {
240	$output .= "\n\t\t\t\t\t" . '  <a href="'.$_SERVER['PHP_SELF'].'?action=approve-delete&approve_checked=1&selected[]='.$row['id'].'&moderate=1" onclick="return confirm(\''.plog_tr('Are you sure you want to approve this comment?').'\');"><img src="'.$config['gallery_url'].'plog-admin/images/new_file.gif" alt="'.plog_tr('Approve').'" title="'.plog_tr('Approve').'" /></a>';
241	}
242
243	$output .= '</p></td>' . "\n\t\t\t" . '</tr>';
244	$counter++;
245	}
246
247	if ($counter > 0) {
248	$output .= "\n\t\t\t" . '<tr class="footer">
249	<td class="invert-selection" colspan="9"><a href="#" onclick="checkToggle(document.getElementById(\'contentList\')); return false;">'.plog_tr('Toggle Checkbox Selection').'</a></td>
250	</tr>
251	</table>';
252	}
253	}
254
255	if (!$empty) {
256	$output .= "\n\t\t\t" . ''.$pagination_menu;
257
258	$output .= "\n\n\t\t" . '<div id="approve-delete">
259	<input type="hidden" name="action" value="approve-delete" />
260	<input class="submit-delete" type="submit" name="delete_checked" onclick="return confirm(\''.plog_tr('Are you sure you want to delete the selected comments?').'\');" value="'.plog_tr('Delete Checked').'" />';
261	}
262	if (!$approved && !$empty) {
263	$output .= "\n\t\t\t" . '<input class="submit" type="submit" name="approve_checked" onclick="return confirm(\''.plog_tr('Are you sure you want to approve the selected comments?').'\');" value="'.plog_tr('Approve Checked').'" />';
264	}
265	if (!$empty) {
266	$output .= "\n\t\t" . '</div><!-- /approve-delete -->';
267	}
268	$output .= "\n\t" . '</form>'. "\n";
269	}
270
271	display($output, 'feedback');
272
273	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/plog-admin/plog-feedback.php @ 602

Download in other formats: