2007-07-19 12:40:05 +02:00
< ? php
/**
* Represents an interface for viewing and adding page comments
* Create one , passing the page discussed to the constructor . It can then be
* inserted into a template .
2008-02-25 03:10:37 +01:00
* @ package cms
* @ subpackage comments
2007-07-19 12:40:05 +02:00
*/
2008-10-30 23:03:32 +01:00
class PageCommentInterface extends RequestHandler {
2008-08-15 05:37:26 +02:00
static $url_handlers = array (
'$Item!' => '$Item' ,
);
static $allowed_actions = array (
'PostCommentForm' ,
);
2007-07-19 12:40:05 +02:00
protected $controller , $methodName , $page ;
2008-08-12 04:59:27 +02:00
/**
2009-03-10 22:59:19 +01:00
* If this is true , you must be logged in to post a comment
2008-08-12 04:59:27 +02:00
* ( and therefore , you don 't need to specify a ' Your name ' field unless
* your name is blank )
2009-03-10 22:59:19 +01:00
*
* @ var bool
2008-08-12 04:59:27 +02:00
*/
static $comments_require_login = false ;
/**
2009-03-10 22:59:19 +01:00
* If this is a valid permission code , you must be logged in
2008-08-12 04:59:27 +02:00
* and have the appropriate permission code on your account before you can
* post a comment .
2009-03-10 22:59:19 +01:00
*
* @ var string
2008-08-12 04:59:27 +02:00
*/
static $comments_require_permission = " " ;
2009-03-10 22:59:19 +01:00
/**
* If this is true it will include the javascript for AJAX
* commenting . If it is set to false then it will not load
* the files required and it will fall back
*
* @ var bool
*/
static $use_ajax_commenting = true ;
2009-05-26 03:56:07 +02:00
/**
* If this is true then we should show the existing comments on
* the page even when we have disabled the comment form .
*
* If this is false the form + existing comments will be hidden
*
* @ var bool
* @ since 2.4 - Always show them by default
*/
static $show_comments_when_disabled = true ;
2007-07-19 12:40:05 +02:00
/**
* Create a new page comment interface
2008-08-12 04:59:27 +02:00
* @ param controller The controller that the interface is used on
2007-07-19 12:40:05 +02:00
* @ param methodName The method to return this PageCommentInterface object
* @ param page The page that we ' re commenting on
*/
function __construct ( $controller , $methodName , $page ) {
$this -> controller = $controller ;
$this -> methodName = $methodName ;
$this -> page = $page ;
2009-04-29 07:56:33 +02:00
parent :: __construct ();
2007-07-19 12:40:05 +02:00
}
2008-08-15 05:37:26 +02:00
function Link () {
return Controller :: join_links ( $this -> controller -> Link (), $this -> methodName );
}
2008-08-12 04:59:27 +02:00
/**
2009-05-26 03:56:07 +02:00
* See { @ link PageCommentInterface :: $comments_require_login }
*
2008-08-12 04:59:27 +02:00
* @ param boolean state The new state of this static field
*/
static function set_comments_require_login ( $state ) {
self :: $comments_require_login = ( boolean ) $state ;
}
/**
2009-05-26 03:56:07 +02:00
* See { @ link PageCommentInterface :: $comments_require_permission }
*
2008-08-12 04:59:27 +02:00
* @ param string permission The permission to check against .
*/
static function set_comments_require_permission ( $permission ) {
self :: $comments_require_permission = $permission ;
}
2009-05-26 03:56:07 +02:00
/**
* See { @ link PageCommentInterface :: $show_comments_when_disabled }
*
* @ param bool - show / hide the existing comments when disabled
*/
static function set_show_comments_when_disabled ( $state ) {
self :: $show_comments_when_disabled = $state ;
}
2009-03-10 22:59:19 +01:00
/**
* See { @ link PageCommentInterface :: $use_ajax_commenting }
* @ param bool
*/
static function set_use_ajax_commenting ( $state ) {
self :: $use_ajax_commenting = $state ;
}
2007-07-19 12:40:05 +02:00
function forTemplate () {
return $this -> renderWith ( 'PageCommentInterface' );
}
2008-08-12 04:59:27 +02:00
/**
* @ return boolean true if the currently logged in user can post a comment ,
* false if they can ' t . Users can post comments by default , enforce
* security by using
* @ link PageCommentInterface :: set_comments_require_login () and
* @ link { PageCommentInterface :: set_comments_require_permission ()} .
*/
static function CanPostComment () {
$member = Member :: currentUser ();
if ( self :: $comments_require_permission && $member && Permission :: check ( self :: $comments_require_permission )) {
return true ; // Comments require a certain permission, and the user has the correct permission
} elseif ( self :: $comments_require_login && $member && ! self :: $comments_require_permission ) {
return true ; // Comments only require that a member is logged in
} elseif ( ! self :: $comments_require_permission && ! self :: $comments_require_login ) {
return true ; // Comments don't require anything - anyone can add a comment
}
return false ;
}
/**
2009-03-10 22:59:19 +01:00
* if this page comment form requires users to have a
2008-08-12 04:59:27 +02:00
* valid permission code in order to post ( used to customize the error
* message ) .
2009-03-10 22:59:19 +01:00
*
* @ return bool
2008-08-12 04:59:27 +02:00
*/
function PostingRequiresPermission () {
return self :: $comments_require_permission ;
}
function Page () {
return $this -> page ;
}
2007-07-19 12:40:05 +02:00
function PostCommentForm () {
2009-05-26 03:56:07 +02:00
if ( ! $this -> page -> ProvideComments ){
return false ;
}
2007-07-30 00:56:16 +02:00
$fields = new FieldSet (
2008-08-12 04:59:27 +02:00
new HiddenField ( " ParentID " , " ParentID " , $this -> page -> ID )
);
$member = Member :: currentUser ();
if (( self :: $comments_require_login || self :: $comments_require_permission ) && $member && $member -> FirstName ) {
2008-08-18 02:10:26 +02:00
// note this was a ReadonlyField - which displayed the name in a span as well as the hidden field but
// it was not saving correctly. Have changed it to a hidden field. It passes the data correctly but I
// believe the id of the form field is wrong.
$fields -> push ( new ReadonlyField ( " NameView " , _t ( 'PageCommentInterface.YOURNAME' , 'Your name' ), $member -> getName ()));
$fields -> push ( new HiddenField ( " Name " , " " , $member -> getName ()));
2008-08-12 04:59:27 +02:00
} else {
$fields -> push ( new TextField ( " Name " , _t ( 'PageCommentInterface.YOURNAME' , 'Your name' )));
}
2009-01-05 07:17:59 +01:00
// optional commenter URL
$fields -> push ( new TextField ( " CommenterURL " , _t ( 'PageCommentInterface.COMMENTERURL' , " Your website URL " )));
2007-08-14 06:39:29 +02:00
2007-07-30 00:56:16 +02:00
if ( MathSpamProtection :: isEnabled ()){
2008-02-25 03:10:37 +01:00
$fields -> push ( new TextField ( " Math " , sprintf ( _t ( 'PageCommentInterface.SPAMQUESTION' , " Spam protection question: %s " ), MathSpamProtection :: getMathQuestion ())));
2007-07-30 00:56:16 +02:00
}
2008-02-25 03:10:37 +01:00
$fields -> push ( new TextareaField ( " Comment " , _t ( 'PageCommentInterface.YOURCOMMENT' , " Comments " )));
2007-07-30 00:56:16 +02:00
2008-08-15 05:37:26 +02:00
$form = new PageCommentInterface_Form ( $this , " PostCommentForm " , $fields , new FieldSet (
2008-02-25 03:10:37 +01:00
new FormAction ( " postcomment " , _t ( 'PageCommentInterface.POST' , 'Post' ))
2007-07-19 12:40:05 +02:00
));
2009-05-04 03:27:35 +02:00
// Set it so the user gets redirected back down to the form upon form fail
$form -> setRedirectToFormOnValidationError ( true );
2009-03-10 22:59:19 +01:00
// Optional Spam Protection.
2009-06-17 13:50:02 +02:00
if ( class_exists ( 'SpamProtectorManager' )) {
2009-03-10 22:59:19 +01:00
// Update the form to add the protecter field to it
2009-06-17 13:50:02 +02:00
$protecter = SpamProtectorManager :: update_form ( $form );
2009-03-10 22:59:19 +01:00
if ( $protecter ) {
$protecter -> setFieldMapping ( 'Name' , 'Comment' );
// Because most of the Spam Protection will need to query another service
// disable ajax commenting
self :: set_use_ajax_commenting ( false );
}
}
// Shall We use AJAX?
if ( self :: $use_ajax_commenting ) {
Requirements :: javascript ( THIRDPARTY_DIR . '/behaviour.js' );
Requirements :: javascript ( THIRDPARTY_DIR . '/prototype.js' );
Requirements :: javascript ( THIRDPARTY_DIR . '/scriptaculous/effects.js' );
Requirements :: javascript ( CMS_DIR . '/javascript/PageCommentInterface.js' );
}
// Load the data from Session
2007-07-19 12:40:05 +02:00
$form -> loadDataFrom ( array (
" Name " => Cookie :: get ( " PageCommentInterface_Name " ),
2009-02-03 04:26:44 +01:00
" Comment " => Cookie :: get ( " PageCommentInterface_Comment " ),
" URL " => Cookie :: get ( " PageCommentInterface_CommenterURL " )
2007-07-19 12:40:05 +02:00
));
return $form ;
}
function Comments () {
// Comment limits
2008-11-23 23:58:18 +01:00
$limit = array ();
$limit [ 'start' ] = isset ( $_GET [ 'commentStart' ]) ? ( int ) $_GET [ 'commentStart' ] : 0 ;
$limit [ 'limit' ] = PageComment :: $comments_per_page ;
2007-07-19 12:40:05 +02:00
2009-03-12 22:48:58 +01:00
$spamfilter = isset ( $_GET [ 'showspam' ]) ? '' : " AND \" IsSpam \" =0 " ;
$unmoderatedfilter = Permission :: check ( 'ADMIN' ) ? '' : " AND \" NeedsModeration \" =0 " ;
2008-11-23 23:58:18 +01:00
$comments = DataObject :: get ( " PageComment " , " \" ParentID \" = ' " . Convert :: raw2sql ( $this -> page -> ID ) . " ' $spamfilter $unmoderatedfilter " , '"Created" DESC' , " " , $limit );
2007-07-19 12:40:05 +02:00
if ( is_null ( $comments )) {
return ;
}
// This allows us to use the normal 'start' GET variables as well (In the weird circumstance where you have paginated comments AND something else paginated)
$comments -> setPaginationGetVar ( 'commentStart' );
return $comments ;
}
2007-08-07 06:59:19 +02:00
function CommentRssLink () {
return Director :: absoluteBaseURL () . " PageComment/rss?pageid= " . $this -> page -> ID ;
}
2007-07-19 12:40:05 +02:00
}
2008-02-25 03:10:37 +01:00
/**
* @ package cms
* @ subpackage comments
*/
2007-07-19 12:40:05 +02:00
class PageCommentInterface_Form extends Form {
function postcomment ( $data ) {
// Spam filtering
2009-02-03 04:26:44 +01:00
Cookie :: set ( " PageCommentInterface_Name " , $data [ 'Name' ]);
Cookie :: set ( " PageCommentInterface_CommenterURL " , $data [ 'CommenterURL' ]);
Cookie :: set ( " PageCommentInterface_Comment " , $data [ 'Comment' ]);
2009-04-29 03:44:28 +02:00
2007-07-19 12:40:05 +02:00
if ( SSAkismet :: isEnabled ()) {
try {
$akismet = new SSAkismet ();
$akismet -> setCommentAuthor ( $data [ 'Name' ]);
$akismet -> setCommentContent ( $data [ 'Comment' ]);
if ( $akismet -> isCommentSpam ()) {
if ( SSAkismet :: getSaveSpam ()) {
$comment = Object :: create ( 'PageComment' );
$this -> saveInto ( $comment );
$comment -> setField ( " IsSpam " , true );
$comment -> write ();
}
2008-02-25 03:10:37 +01:00
echo " <b> " . _t ( 'PageCommentInterface_Form.SPAMDETECTED' , 'Spam detected!!' ) . " </b><br /><br /> " ;
printf ( " If you believe this was in error, please email %s. " , ereg_replace ( " @ " , " _(at)_ " , Email :: getAdminEmail ()));
echo " <br /><br /> " . _t ( 'PageCommentInterface_Form.MSGYOUPOSTED' , 'The message you posted was:' ) . " <br /><br /> " ;
2007-07-19 12:40:05 +02:00
echo $data [ 'Comment' ];
return ;
}
} catch ( Exception $e ) {
// Akismet didn't work, continue without spam check
}
}
2007-07-30 00:56:16 +02:00
//check if spam question was right.
2007-08-14 06:39:29 +02:00
if ( MathSpamProtection :: isEnabled ()){
2007-07-30 00:56:16 +02:00
if ( ! MathSpamProtection :: correctAnswer ( $data [ 'Math' ])){
2009-04-29 03:44:28 +02:00
if ( ! Director :: is_ajax ()) {
Director :: redirectBack ();
}
return " spamprotectionfailed " ; //used by javascript for checking if the spam question was wrong
2007-07-30 00:56:16 +02:00
}
}
2007-07-19 12:40:05 +02:00
2008-08-12 04:59:27 +02:00
// If commenting can only be done by logged in users, make sure the user is logged in
$member = Member :: currentUser ();
if ( PageCommentInterface :: CanPostComment () && $member ) {
$this -> Fields () -> push ( new HiddenField ( " AuthorID " , " Author ID " , $member -> ID ));
} elseif ( ! PageCommentInterface :: CanPostComment ()) {
echo " You're not able to post comments to this page. Please ensure you are logged in and have an appropriate permission level. " ;
return ;
}
2007-07-19 12:40:05 +02:00
$comment = Object :: create ( 'PageComment' );
$this -> saveInto ( $comment );
2009-04-29 03:44:28 +02:00
// Store the Session ID if needed for Spamprotection
if ( $session = Session :: get ( 'mollom_user_session_id' )) {
$comment -> SessionID = $session ;
Session :: clear ( 'mollom_user_session_id' );
}
2007-07-19 12:40:05 +02:00
$comment -> IsSpam = false ;
2007-08-10 03:29:09 +02:00
$comment -> NeedsModeration = PageComment :: moderationEnabled ();
$comment -> write ();
2009-04-29 03:44:28 +02:00
2009-02-03 04:26:44 +01:00
Cookie :: set ( " PageCommentInterface_Comment " , '' );
2007-07-19 12:40:05 +02:00
if ( Director :: is_ajax ()) {
2007-08-14 06:39:29 +02:00
if ( $comment -> NeedsModeration ){
2008-10-03 11:54:59 +02:00
echo _t ( 'PageCommentInterface_Form.AWAITINGMODERATION' , " Your comment has been submitted and is now awaiting moderation. " );
2007-08-14 06:39:29 +02:00
} else {
echo $comment -> renderWith ( 'PageCommentInterface_singlecomment' );
}
2007-07-19 12:40:05 +02:00
} else {
2009-04-29 03:44:28 +02:00
// since it is not ajax redirect user down to their comment since it has been posted
// get the pages url off the comments parent ID.
if ( $comment -> ParentID ) {
$page = DataObject :: get_by_id ( " Page " , $comment -> ParentID );
if ( $page ) {
// Redirect to the actual post on the page.
return Director :: redirect ( Director :: baseURL () . $page -> URLSegment . '#PageComment_' . $comment -> ID );
}
}
2009-05-04 03:27:35 +02:00
2009-04-29 03:44:28 +02:00
return Director :: redirectBack (); // worst case, just go back to the page
2007-07-19 12:40:05 +02:00
}
}
}
2008-02-25 03:10:37 +01:00
/**
* @ package cms
* @ subpackage comments
*/
2007-08-14 06:39:29 +02:00
class PageCommentInterface_Controller extends ContentController {
function __construct () {
parent :: __construct ( null );
}
function newspamquestion () {
2007-08-17 05:09:46 +02:00
if ( Director :: is_ajax ()) {
2008-02-25 03:10:37 +01:00
echo Convert :: raw2xml ( sprintf ( _t ( 'PageCommentInterface_Controller.SPAMQUESTION' , " Spam protection question: %s " ), MathSpamProtection :: getMathQuestion ()));
2007-08-14 06:39:29 +02:00
}
}
}
2009-01-05 07:17:59 +01:00
?>