<% //====== Comment PAGE LOGIC ================================== // Copyright 2005 SiC. All Rights Reserved. // Last Update: 2005-02-26 23:57:15 //============================================================ switch(String(input["act"])){ case "save": if(theCache.settings["enableComment"]==1){ commentSave(); }else{ pageHeader(lang["error"]); redirectMessage(lang["error"], lang["comment_disabled"], lang["goback"], "javascript:window.history.back();", false, "errorbox"); } break; case "edit": commentEdit(false); break; case "update": commentEdit(true); break; case "delete": commentDelete(); break; default: // View Comment List pageHeader(lang["comments"]); commentList(); } pageFooter(); // Output Comment List //////////////////////////////////////////////////////// function commentList(){ var sqlWHERE=""; var strURLPrefix="?"; var arrKeywords=""; // Check current page number if(input["page"]){ input["page"]=func.checkInt(input["page"]); if(input["page"]<=0){ input["page"]=1; } }else{ input["page"]=1; } // Check category id if(input["cat"]){ input["cat"]=func.checkInt(input["cat"]); if(input["cat"]>0){ sqlWHERE += " AND tLog.log_catID="+input["cat"]; strURLPrefix += strURLPrefix=="?" ? "" : "&"; strURLPrefix += "cat="+input["cat"]; } } // Check if has search keywords if(input["q"]){ arrKeywords=input["q"].split(" "); for(var i=0;i2){ sqlWHERE += " AND tComm.comm_content LIKE '%"+func.checkStr(arrKeywords[i])+"%'"; } } strURLPrefix += strURLPrefix=="?" ? "" : "&"; strURLPrefix += "q="+input["q"]; } // Check if has highlight keywords if(input["hl"]){ arrKeywords=input["hl"].split(" "); strURLPrefix += strURLPrefix=="?" ? "" : "&"; strURLPrefix += "hl="+input["hl"]; } // Check for Hidden category display rights if(theUser.rights["view"]<2){ sqlWHERE+=" AND tLog.log_mode=1"; for(var i=0;i"; }else if(connBlog.query("SELECT user_id FROM [blog_User] WHERE user_name='"+func.checkStr(input["comm_username"])+"'")){ strError+="

"+lang["user_exist"]+"

"; } theUser.id=0; theUser.username=input["comm_username"]; } } // Check for data strError+=checkPostData(bCheckCode, true); // Check for ubbFlags var strUbbFlags=getUbbFlags(); if(strError!=""){ pageHeader(lang["error"]); redirectMessage(lang["error"], strError, lang["goback"], "javascript:window.history.back();", false, "errorbox"); }else{ var arrInsert={ "log_id": input["logid"], "comm_content": input["message"], "comm_authorID": theUser.id, "comm_author": theUser.username, "comm_ubbFlags": strUbbFlags, "comm_hidden": input["comm_hidden"]=="true" ? true:false, "comm_postTime": new Date(), "comm_ip": theUser.IP }; connBlog.insert("blog_Comment", arrInsert); connBlog.updateSQL("[blog_Article]","log_commentCount=log_commentCount+1", "log_id="+input["logid"]); connBlog.updateSQL("[blog_User]","user_commentCount=user_commentCount+1", "user_id="+theUser.id); connBlog.updateSQL("[blog_Settings]","set_value0=set_value0+1", "set_name='counterComment'"); theCache.updateArticleCounter(input["logid"],"comment",1); theCache.updateGlobalCounter("counterComment",1); theCache.loadComments(); // Clean up to avoid abuse Session("lbsSecurityCode")=undefined; // Flood Control Session("FloodControl")=new Date(); // Output ok message pageHeader(lang["done"]); redirectMessage(lang["done"], lang["comment_save_done"], lang["redirect"], "article.asp?id="+input["logid"], true, "messagebox"); } } } // Check Post Form Data ----------------------- function checkPostData(bCheckCode, bCheckArticle){ var strError=""; // Check Security Code if(theCache.settings["enableSecurityCode"]==1 && bCheckCode && Session("lbsSecurityCode")!=input["scode"]){ strError+="

"+lang["scode_invalid"]+"

"; } // Check content input["message"]=func.trim(input["message"]); if(!input["message"]){ strError+="

"+lang["content_blank"]+"

"; }else{ if(input["message"].length>theCache.settings["maxCommentLength"]||input["message"].length<2){ strError+="

"+lang["length_invalid"]+"

"; } input["message"]=func.wordFilter(input["message"]); if(!input["message"]){ strError+="

"+lang["wordfilter_block"]+"

"; } } // Exit with error so we don't need to query the db any more if(strError!=""||!bCheckArticle){ return strError; } // Check if target article exists var theArticle=new lbsArticle(); input["logid"]=func.checkInt(input["logid"]); if(!input["logid"]){ strError=lang["invalid_parameter"]; }else{ if(theArticle.load("log_catid, log_mode, log_locked","log_id="+input["logid"])){ strError=""; }else{ strError=lang["article_not_found"]; } } if(strError!=""){ // Article not found return strError; } // Check article status for different user permissions if(theArticle.locked||theArticle.category.locked|| theArticle.category.hidden&&theUser.rights["view"]<2|| theArticle.mode==1&&theUser.rights["view"]<1|| theArticle.mode==2&&(!theUser.loggedIn||theUser.rights["view"]<1)|| theArticle.mode==3&&(!theUser.loggedIn||theUser.rights["view"]<2)|| theArticle.mode==4&&(!theUser.loggedIn||theUser.rights["view"]<3) ){ strError="

"+lang["no_rights"]+"

"; } return strError; } // Get ubbFlags String ----------------------- function getUbbFlags(){ var ubbFlags = ""; ubbFlags+= input["e_ubb"]=="true" ? "1":"0"; ubbFlags+= input["e_autourl"]=="true" ? "1":"0"; ubbFlags+= "2"; // bImage - always 2 ubbFlags+= "2"; // bMedia - always 2 ubbFlags+= input["e_smilies"]=="true" ? "1":"0"; ubbFlags+= "1"; // bTextBlock - always 1 return ubbFlags; } // Edit Comment /////////////////////////////////////////////////////////////////////////////////// function commentEdit(bSave){ if(theUser.rights["edit"]<1){ // Check User Right - without DB Query pageHeader(lang["error"]); redirectMessage(lang["error"], lang["no_rights"], lang["goback"], "javascript:window.history.back();", false, "errorbox"); }else{ var strError=""; var arrData; input["id"]=func.checkInt(input["id"]); if(!input["id"]){ strError=lang["invalid_parameter"]; }else{ // Check user right again arrData=connBlog.query("SELECT TOP 1 tLog.log_id,tLog.log_authorID,tLog.log_title,tComm.comm_authorid,tComm.comm_content,tComm.comm_ubbFlags,tComm.comm_hidden FROM [blog_Article] tLog,[blog_Comment] tComm WHERE tLog.log_id=tComm.log_id AND tComm.comm_id="+input["id"]); if(arrData){ arrData=arrData[0]; if(theUser.id!=arrData["log_authorid"]&&theUser.id!=arrData["comm_authorid"]&&theUser.rights["edit"]<2){ strError=lang["no_rights"]; } }else{ strError=lang["comment_not_found"]; } } if(strError!=""){ pageHeader(lang["error"]); redirectMessage(lang["error"], strError, lang["goback"], "javascript:window.history.back();", false, "errorbox"); }else{ if(!bSave){ // Output the Edit Form theCache.genSecurityCode(); pageHeader(lang["comment"]); outputEditComment(lang["edit_comment_on"]+": "+arrData["log_title"], "?act=update&id="+input["id"], arrData["comm_content"], arrData["comm_ubbflags"],arrData["comm_hidden"]); }else{ // Save changes var strError=checkPostData(true, false); var strUbbFlags=getUbbFlags(); if(strError!=""){ pageHeader(lang["error"]); redirectMessage(lang["error"], strError, lang["goback"], "javascript:window.history.back();", false, "errorbox"); }else{ var arrUpdate={ "comm_content": input["message"], "comm_ubbFlags": strUbbFlags, "comm_hidden": input["comm_hidden"]=="true" ? true:false, "comm_ip": theUser.IP }; if(input["message"]!=arrData["comm_content"]) arrUpdate["comm_editMark"] = theUser.username + "$|$" + func.getDateTimeString(); connBlog.update("blog_Comment", arrUpdate, "comm_id="+input["id"]); theCache.loadComments(); // Clean up to avoid abuse Session("lbsSecurityCode")=undefined; // Output ok message pageHeader(lang["done"]); redirectMessage(lang["done"], lang["comment_save_done"], lang["redirect"], "article.asp?id="+arrData["log_id"], true, "messagebox"); } } } } } // Delete Comment /////////////////////////////////////////////////////////////////////////////////// function commentDelete(){ if(theUser.rights["delete"]<1){ // Check User Right - without DB Query pageHeader(lang["error"]); redirectMessage(lang["error"], lang["no_rights"], lang["goback"], "javascript:window.history.back();", false, "errorbox"); }else{ var strError=""; var arrData; input["id"]=func.checkInt(input["id"]); if(!input["id"]){ strError=lang["invalid_parameter"]; }else{ // Check user right again arrData=connBlog.query("SELECT TOP 1 tLog.log_id,tLog.log_authorID,tComm.comm_authorid FROM [blog_Article] tLog,[blog_Comment] tComm WHERE tLog.log_id=tComm.log_id AND tComm.comm_id="+input["id"]); if(arrData){ arrData=arrData[0]; if(theUser.id!=arrData["log_authorid"]&&theUser.id!=arrData["comm_authorid"]&&theUser.rights["delete"]<2){ strError=lang["no_rights"]; } }else{ strError=lang["comment_not_found"]; } } if(strError!=""){ pageHeader(lang["error"]); redirectMessage(lang["error"], strError, lang["goback"], "javascript:window.history.back();", false, "errorbox"); }else{ connBlog.doDelete("[blog_Comment]","comm_id="+input["id"]); connBlog.updateSQL("[blog_Article]","log_commentCount=log_commentCount-1", "log_id="+arrData["log_id"]); connBlog.updateSQL("[blog_User]","user_commentCount=user_commentCount-1", "user_id="+arrData["comm_authorid"]); connBlog.updateSQL("[blog_Settings]","set_value0=set_value0-1", "set_name='counterComment'"); theCache.updateArticleCounter(arrData["log_id"],"comment",-1); theCache.updateGlobalCounter("counterComment",-1); theCache.loadComments(); pageHeader(lang["done"]); redirectMessage(lang["done"], lang["comment_delete_done"], lang["redirect"], "article.asp?id="+arrData["log_id"], true, "messagebox"); } } } %>