xref: /plugin/discussion/action.php (revision b8a83a8a15da3cc5d5e2d297ab4a7c6943d6edd3) 
1<?php
2/**
3 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
4 * @author     Esther Brunner <wikidesign@gmail.com>
5 */
6
7// must be run within Dokuwiki
8if (!defined('DOKU_INC')) die();
9
10if (!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
11require_once(DOKU_PLUGIN.'action.php');
12
13if (!defined('NL')) define('NL',"\n");
14
15class action_plugin_discussion extends DokuWiki_Action_Plugin{
16
17  /**
18   * Return some info
19   */
20  function getInfo(){
21    return array(
22      'author' => 'Esther Brunner',
23      'email'  => 'wikidesign@gmail.com',
24      'date'   => '2006-11-27',
25      'name'   => 'Discussion Plugin',
26      'desc'   => 'Enables discussion features',
27      'url'    => 'http://www.wikidesign.ch/en/plugin/discussion/start',
28    );
29  }
30
31  /**
32   * Register the eventhandlers
33   */
34  function register(&$contr){
35    $contr->register_hook(
36      'ACTION_ACT_PREPROCESS',
37      'BEFORE',
38      $this,
39      'handle_act_preprocess',
40      array()
41    );
42    $contr->register_hook(
43      'TPL_ACT_RENDER',
44      'AFTER',
45      $this,
46      'comments',
47      array()
48    );
49  }
50
51  /**
52   * Main function; dispatches the comment actions
53   */
54  function comments(&$event, $param){
55    if ($event->data != 'show') return; // nothing to do for us
56
57    $cid  = $_REQUEST['cid'];
58
59    switch ($_REQUEST['comment']){
60
61      case 'add':
62        $comment = array(
63          'user'    => $_REQUEST['user'],
64          'name'    => $_REQUEST['name'],
65          'mail'    => $_REQUEST['mail'],
66          'url'     => $_REQUEST['url'],
67          'address' => $_REQUEST['address'],
68          'date'    => $_REQUEST['date'],
69          'raw'     => cleanText($_REQUEST['text'])
70        );
71        $repl = $_REQUEST['reply'];
72        $this->_add($comment, $repl);
73        break;
74
75      case 'edit':
76        $this->_show(NULL, $cid);
77        break;
78
79      case 'save':
80        $raw  = cleanText($_REQUEST['text']);
81        $this->_save($cid, $raw);
82        break;
83
84      case 'delete':
85        $this->_save($cid, '');
86        break;
87
88      case 'toogle':
89        $this->_save($cid, '', true);
90        break;
91
92      default: // 'show' => $this->_show(), 'reply' => $this->_show($cid)
93        $this->_show($cid);
94    }
95  }
96
97  /**
98   * Shows all comments of the current page
99   */
100  function _show($reply = NULL, $edit = NULL){
101    global $ID;
102
103    // get discussion meta file name
104    $file = metaFN($ID, '.comments');
105
106    if (!file_exists($file)) return true;  // no comments at all
107
108    $data = unserialize(io_readFile($file, false));
109
110    if ($data['status'] == 0) return true; // comments are off
111
112    // section title
113    $title = $this->getLang('discussion');
114    $secid = cleanID($title);
115    echo '<div class="comment_wrapper">';
116    echo '<h2><a name="'.$secid.'" id="'.$secid.'">'.$title.'</a></h2>';
117    echo '<div class="level2">';
118
119    // now display the comments
120    if (isset($data['comments'])){
121      foreach ($data['comments'] as $key => $value){
122        if ($key == $edit) $this->_form($value['raw'], 'save', $edit); // edit form
123        else $this->_print($key, $data, '', $reply);
124      }
125    }
126
127    // comment form
128    if (($data['status'] == 1) && !$reply && !$edit) $this->_form('');
129
130    echo '</div>'; // level2
131    echo '</div>'; // comment_wrapper
132
133    return true;
134  }
135
136  /**
137   * Adds a new comment and then displays all comments
138   */
139  function _add($comment, $parent){
140    global $ID;
141    global $TEXT;
142
143    $otxt = $TEXT; // set $TEXT to comment text for wordblock check
144    $TEXT = $comment['raw'];
145
146    // spamcheck against the DokuWiki blacklist
147    if (checkwordblock()){
148      msg($this->getLang('wordblock'), -1);
149      $this->_show();
150      return false;
151    }
152
153    $TEXT = $otxt; // restore global $TEXT
154
155    // get discussion meta file name
156    $file = metaFN($ID, '.comments');
157
158    $data = array();
159    $data = unserialize(io_readFile($file, false));
160
161    if ($data['status'] != 1) return false;                // comments off or closed
162    if ((!$this->getConf('allowguests'))
163      && ($comment['user'] != $_SERVER['REMOTE_USER']))
164      return false;                                        // guest comments not allowed
165
166    if ($comment['date']) $date = strtotime($comment['date']);
167    else $date = time();
168    if ($date == -1) $date = time();
169    $cid  = md5($comment['user'].$date);                   // create a unique id
170
171    if (!is_array($data['comments'][$parent])) $parent = NULL; // invalid parent comment
172
173    // render the comment
174    $xhtml = $this->_render($comment['raw']);
175
176    // fill in the new comment
177    $data['comments'][$cid] = array(
178      'user'    => htmlspecialchars($comment['user']),
179      'name'    => htmlspecialchars($comment['name']),
180      'mail'    => htmlspecialchars($comment['mail']),
181      'date'    => $date,
182      'show'    => true,
183      'raw'     => trim($comment['raw']),
184      'xhtml'   => $xhtml,
185      'parent'  => $parent,
186      'replies' => array()
187    );
188    if ($comment['url'])
189      $data['comments'][$cid]['url'] = htmlspecialchars($comment['url']);
190    if ($comment['address'])
191      $data['comments'][$cid]['address'] = htmlspecialchars($comment['address']);
192
193    // update parent comment
194    if ($parent) $data['comments'][$parent]['replies'][] = $cid;
195
196    // update the number of comments
197    $data['number']++;
198
199    // save the comment metadata file
200    io_saveFile($file, serialize($data));
201    $this->_addLogEntry($date, $ID, 'cc', '', $cid);
202
203    // notify subscribers of the page
204    $this->_notify($data['comments'][$cid]);
205
206    $this->_show();
207    return true;
208  }
209
210  /**
211   * Saves the comment with the given ID and then displays all comments
212   */
213  function _save($cid, $raw, $toogle = false){
214    global $ID;
215    global $INFO;
216
217    if ($raw){
218      global $TEXT;
219
220      $otxt = $TEXT; // set $TEXT to comment text for wordblock check
221      $TEXT = $raw;
222
223      // spamcheck against the DokuWiki blacklist
224      if (checkwordblock()){
225        msg($this->getLang('wordblock'), -1);
226        $this->_show();
227        return false;
228      }
229
230      $TEXT = $otxt; // restore global $TEXT
231    }
232
233    // get discussion meta file name
234    $file = metaFN($ID, '.comments');
235
236    $data = array();
237    $data = unserialize(io_readFile($file, false));
238
239    // someone else was trying to edit our comment -> abort
240    if (($data['comments'][$cid]['user'] != $_SERVER['REMOTE_USER'])
241      && ($INFO['perm'] != AUTH_ADMIN)) return false;
242
243    $date = time();
244
245    if ($toogle){     // toogle visibility
246      $now = $data['comments'][$cid]['show'];
247      $data['comments'][$cid]['show'] = !$now;
248      $data['number'] = $this->_count($data);
249
250      $type = ($data['comments'][$cid]['show'] ? 'sc' : 'hc');
251
252    } elseif (!$raw){ // remove the comment
253      unset($data['comments'][$cid]);
254      $data['number'] = $this->_count($data);
255
256      $type = 'dc';
257
258    } else {          // save changed comment
259      $xhtml = $this->_render($raw);
260
261      // now change the comment's content
262      $data['comments'][$cid]['edited'] = $date;
263      $data['comments'][$cid]['raw']    = trim($raw);
264      $data['comments'][$cid]['xhtml']  = $xhtml;
265
266      $type = 'ec';
267    }
268
269    // save the comment metadata file
270    io_saveFile($file, serialize($data));
271    $this->_addLogEntry($date, $ID, $type, '', $cid);
272
273    $this->_show();
274    return true;
275  }
276
277  /**
278   * Prints an individual comment
279   */
280  function _print($cid, &$data, $parent = '', $reply = '', $visible = true){
281    global $conf;
282    global $lang;
283    global $ID;
284    global $INFO;
285
286    if (!isset($data['comments'][$cid])) return false; // comment was removed
287    $comment = $data['comments'][$cid];
288
289    if (!is_array($comment)) return false;          // corrupt datatype
290
291    if ($comment['parent'] != $parent) return true; // reply to an other comment
292
293    if (!$comment['show']){                         // comment hidden
294      if ($INFO['perm'] == AUTH_ADMIN) echo '<div class="comment_hidden">'.NL;
295      else return true;
296    }
297
298    // comment head with date and user data
299    echo '<div class="comment_head">'.NL;
300    echo '<a name="comment__'.$cid.'" id="comment__'.$cid.'">'.NL;
301
302    // show gravatar image
303    if ($this->getConf('usegravatar')){
304      $default = DOKU_URL.'lib/plugins/discussion/images/default.gif';
305      $size    = $this->getConf('gravatar_size');
306      if ($comment['mail']) $src = ml('http://www.gravatar.com/avatar.php?'.
307        'gravatar_id='.md5($comment['mail']).
308        '&default='.urlencode($default).
309        '&size='.$size.
310        '&rating='.$this->getConf('gravatar_rating').
311        '&.jpg', 'cache=recache');
312      else $src = $default;
313      $title = ($comment['name'] ? $comment['name'] : obfuscate($comment['mail']));
314      echo '<img src="'.$src.'" class="medialeft" title="'.$title.'"'.
315        ' alt="'.$title.'" width="'.$size.'" height="'.$size.'" />'.NL;
316      $style = ' style="margin-left: '.($size + 14).'px;"';
317    } else {
318      $style = ' style="margin-left: 20px;"';
319    }
320
321    echo '</a>'.NL;
322    if ($this->getConf('linkemail') && $comment['mail']){
323      echo $this->email($comment['email'], $comment['name']);
324    } elseif ($comment['url']){
325      echo $this->external_link($comment['url'], $comment['name'], 'urlextern');
326    } else {
327      echo $comment['name'];
328    }
329    if ($comment['address']) echo ', '.htmlentities($comment['address']);
330    echo ', '.date($conf['dformat'], $comment['date']);
331    if ($comment['edited']) echo ' ('.date($conf['dformat'], $comment['edited']).')';
332    echo ':'.NL;
333    echo '</div>'.NL; // class="comment_head"
334
335    // main comment content
336    echo '<div class="comment_body"'.($this->getConf('usegravatar') ? $style : '').'>'.NL;
337    echo $comment['xhtml'].NL;
338    echo '</div>'.NL; // class="comment_body"
339
340
341    if ($visible){
342      // show hide/show toogle button?
343      echo '<div class="comment_buttons">'.NL;
344      if ($INFO['perm'] == AUTH_ADMIN){
345        if (!$comment['show']) $label = $this->getLang('btn_show');
346        else $label = $this->getLang('btn_hide');
347
348        $this->_button($cid, $label, 'toogle');
349      }
350
351      // show reply button?
352      if (($data['status'] == 1) && !$reply && $comment['show']
353        && ($this->getConf('allowguests') || $_SERVER['REMOTE_USER']))
354        $this->_button($cid, $this->getLang('btn_reply'), 'reply', true);
355
356      // show edit and delete button?
357      if ((($comment['user'] == $_SERVER['REMOTE_USER']) && ($comment['user'] != ''))
358        || ($INFO['perm'] == AUTH_ADMIN))
359        $this->_button($cid, $lang['btn_secedit'], 'edit', true);
360      if ($INFO['perm'] == AUTH_ADMIN)
361        $this->_button($cid, $lang['btn_delete'], 'delete');
362      echo '</div>'.NL; // class="comment_buttons"
363      echo '<div class="comment_line" '.($this->getConf('usegravatar') ? $style : '').'>&nbsp;</div>'.NL;
364    }
365
366    // replies to this comment entry?
367    if (count($comment['replies'])){
368      echo '<div class="comment_replies"'.$style.'>'.NL;
369      $visible = ($comment['show'] && $visible);
370      foreach ($comment['replies'] as $rid){
371        $this->_print($rid, $data, $cid, $reply, $visible);
372      }
373      echo '</div>'.NL; // class="comment_replies"
374    }
375
376    if (!$comment['show']) echo '</div>'.NL; // class="comment_hidden"
377
378    // reply form
379    if ($reply == $cid){
380      echo '<div class="comment_replies">'.NL;
381      $this->_form('', 'add', $cid);
382      echo '</div>'.NL; // class="comment_replies"
383    }
384  }
385
386  /**
387   * Outputs the comment form
388   */
389  function _form($raw = '', $act = 'add', $cid = NULL){
390    global $lang;
391    global $conf;
392    global $ID;
393    global $INFO;
394
395    // not for unregistered users when guest comments aren't allowed
396    if (!$_SERVER['REMOTE_USER'] && !$this->getConf('allowguests')) return false;
397
398    // fill $raw with $_REQUEST['text'] if it's empty
399    if (!$raw) $raw = hsc($_REQUEST['text']);
400
401    ?>
402    <div class="comment_form">
403      <form id="discussion__comment_form" method="post" action="<?php echo script() ?>" accept-charset="<?php echo $lang['encoding'] ?>" onsubmit="return validate(this);">
404        <div class="no">
405          <input type="hidden" name="id" value="<?php echo $ID ?>" />
406          <input type="hidden" name="do" value="show" />
407          <input type="hidden" name="comment" value="<?php echo $act ?>" />
408    <?php
409
410    // for adding a comment
411    if ($act == 'add'){
412      ?>
413          <input type="hidden" name="reply" value="<?php echo $cid ?>" />
414      <?php
415      // for registered user
416      if ($conf['useacl'] && $_SERVER['REMOTE_USER']){
417      ?>
418          <input type="hidden" name="user" value="<?php echo $_SERVER['REMOTE_USER'] ?>" />
419          <input type="hidden" name="name" value="<?php echo $INFO['userinfo']['name'] ?>" />
420          <input type="hidden" name="mail" value="<?php echo $INFO['userinfo']['mail'] ?>" />
421      <?php
422      // for guest: show name and e-mail entry fields
423      } else {
424      ?>
425          <input type="hidden" name="user" value="<?php echo clientIP() ?>" />
426          <div class="comment_name">
427            <label class="block" for="discussion__comment_name">
428              <span><?php echo $lang['fullname'] ?>:</span>
429              <input type="text" class="edit" name="name" id="discussion__comment_name" size="50" tabindex="1" value="<?php echo hsc($_REQUEST['name'])?>" />
430            </label>
431          </div>
432          <div class="comment_mail">
433            <label class="block" for="discussion__comment_mail">
434              <span><?php echo $lang['email'] ?>:</span>
435              <input type="text" class="edit" name="mail" id="discussion__comment_mail" size="50" tabindex="2" value="<?php echo hsc($_REQUEST['email'])?>" />
436            </label>
437          </div>
438      <?php
439      }
440
441      // allow entering an URL
442      if ($this->getConf('urlfield')){
443      ?>
444          <div class="comment_url">
445            <label class="block" for="discussion__comment_url">
446              <span><?php echo $this->getLang('url') ?>:</span>
447              <input type="text" class="edit" name="url" id="discussion__comment_url" size="50" tabindex="3" value="<?php echo hsc($_REQUEST['url'])?>" />
448            </label>
449          </div>
450      <?php
451      }
452
453      // allow entering an address
454      if ($this->getConf('addressfield')){
455      ?>
456          <div class="comment_address">
457            <label class="block" for="discussion__comment_address">
458              <span><?php echo $this->getLang('address') ?>:</span>
459              <input type="text" class="edit" name="address" id="discussion__comment_address" size="50" tabindex="4" value="<?php echo hsc($_REQUEST['address'])?>" />
460            </label>
461          </div>
462      <?php
463      }
464
465      // allow setting the comment date
466      if ($this->getConf('datefield') && ($INFO['perm'] == AUTH_ADMIN)){
467      ?>
468          <div class="comment_date">
469            <label class="block" for="discussion__comment_date">
470              <span><?php echo $this->getLang('date') ?>:</span>
471              <input type="text" class="edit" name="date" id="discussion__comment_date" size="50" />
472            </label>
473          </div>
474      <?php
475      }
476
477    // for saving a comment
478    } else {
479    ?>
480          <input type="hidden" name="cid" value="<?php echo $cid ?>" />
481    <?php
482    }
483    ?>
484          <div class="comment_text">
485            <textarea class="edit" name="text" cols="80" rows="10" id="discussion__comment_text" tabindex="5"><?php echo $raw ?></textarea>
486          </div>
487    <?php //bad and dirty event insert hook
488    $evdata = array('writable' => true);
489    trigger_event('HTML_EDITFORM_INJECTION', $evdata);
490    ?>
491          <input class="button" type="submit" name="submit" value="<?php echo $lang['btn_save'] ?>" tabindex="6" />
492        </div>
493      </form>
494    </div>
495    <?php
496    if ($this->getConf('usecocomment')) echo $this->_coComment();
497  }
498
499  /**
500   * Adds a javascript to interact with coComments
501   */
502  function _coComment(){
503    global $ID;
504    global $conf;
505    global $INFO;
506
507    $user = $_SERVER['REMOTE_USER'];
508
509    ?>
510    <script type="text/javascript"><!--//--><![CDATA[//><!--
511      var blogTool  = "DokuWiki";
512      var blogURL   = "<?php echo DOKU_URL ?>";
513      var blogTitle = "<?php echo $conf['title'] ?>";
514      var postURL   = "<?php echo wl($ID, '', true) ?>";
515      var postTitle = "<?php echo tpl_pagetitle($ID, true) ?>";
516    <?php
517    if ($user){
518    ?>
519      var commentAuthor = "<?php echo $INFO['userinfo']['name'] ?>";
520    <?php
521    } else {
522    ?>
523      var commentAuthorFieldName = "name";
524    <?php
525    }
526    ?>
527      var commentAuthorLoggedIn = <?php echo ($user ? 'true' : 'false') ?>;
528      var commentFormID         = "discussion__comment_form";
529      var commentTextFieldName  = "text";
530      var commentButtonName     = "submit";
531      var cocomment_force       = false;
532    //--><!]]></script>
533    <script type="text/javascript" src="http://www.cocomment.com/js/cocomment.js">
534    </script>
535    <?php
536  }
537
538  /**
539   * General button function
540   */
541  function _button($cid, $label, $act, $jump = false){
542    global $ID;
543    $anchor = ($jump ? '#discussion__comment_form' : '' );
544
545    ?>
546    <form class="button" method="post" action="<?php echo script().$anchor ?>">
547      <div class="no">
548        <input type="hidden" name="id" value="<?php echo $ID ?>" />
549        <input type="hidden" name="do" value="show" />
550        <input type="hidden" name="comment" value="<?php echo $act ?>" />
551        <input type="hidden" name="cid" value="<?php echo $cid ?>" />
552        <input type="submit" value="<?php echo $label ?>" class="button" title="<?php echo $label ?>" />
553      </div>
554    </form>
555    <?php
556    return true;
557  }
558
559  /**
560   * Adds an entry to the comments changelog
561   *
562   * @author Esther Brunner <wikidesign@gmail.com>
563   * @author Ben Coburn <btcoburn@silicodon.net>
564   */
565  function _addLogEntry($date, $id, $type = 'cc', $summary = '', $extra = ''){
566    global $conf;
567
568    $changelog = $conf['metadir'].'/_comments.changes';
569
570    if(!$date) $date = time(); //use current time if none supplied
571    $remote = $_SERVER['REMOTE_ADDR'];
572    $user   = $_SERVER['REMOTE_USER'];
573
574    $strip = array("\t", "\n");
575    $logline = array(
576      'date'  => $date,
577      'ip'    => $remote,
578      'type'  => str_replace($strip, '', $type),
579      'id'    => $id,
580      'user'  => $user,
581      'sum'   => str_replace($strip, '', $summary),
582      'extra' => str_replace($strip, '', $extra)
583    );
584
585    // add changelog line
586    $logline = implode("\t", $logline)."\n";
587    io_saveFile($changelog, $logline, true); //global changelog cache
588    $this->_trimRecentCommentsLog($changelog);
589  }
590
591  /**
592   * Trims the recent comments cache to the last $conf['changes_days'] recent
593   * changes or $conf['recent'] items, which ever is larger.
594   * The trimming is only done once a day.
595   *
596   * @author Ben Coburn <btcoburn@silicodon.net>
597   */
598  function _trimRecentCommentsLog($changelog){
599    global $conf;
600
601    if (@file_exists($changelog) &&
602      (filectime($changelog) + 86400) < time() &&
603      !@file_exists($changelog.'_tmp')){
604
605      io_lock($changelog);
606      $lines = file($changelog);
607      if (count($lines)<$conf['recent']) {
608          // nothing to trim
609          io_unlock($changelog);
610          return true;
611      }
612
613      io_saveFile($changelog.'_tmp', '');                  // presave tmp as 2nd lock
614      $trim_time = time() - $conf['recent_days']*86400;
615      $out_lines = array();
616
617      for ($i=0; $i<count($lines); $i++) {
618        $log = parseChangelogLine($lines[$i]);
619        if ($log === false) continue;                      // discard junk
620        if ($log['date'] < $trim_time) {
621          $old_lines[$log['date'].".$i"] = $lines[$i];     // keep old lines for now (append .$i to prevent key collisions)
622        } else {
623          $out_lines[$log['date'].".$i"] = $lines[$i];     // definitely keep these lines
624        }
625      }
626
627      // sort the final result, it shouldn't be necessary,
628      // however the extra robustness in making the changelog cache self-correcting is worth it
629      ksort($out_lines);
630      $extra = $conf['recent'] - count($out_lines);        // do we need extra lines do bring us up to minimum
631      if ($extra > 0) {
632        ksort($old_lines);
633        $out_lines = array_merge(array_slice($old_lines,-$extra),$out_lines);
634      }
635
636      // save trimmed changelog
637      io_saveFile($changelog.'_tmp', implode('', $out_lines));
638      @unlink($changelog);
639      if (!rename($changelog.'_tmp', $changelog)) {
640        // rename failed so try another way...
641        io_unlock($changelog);
642        io_saveFile($changelog, implode('', $out_lines));
643        @unlink($changelog.'_tmp');
644      } else {
645        io_unlock($changelog);
646      }
647      return true;
648    }
649  }
650
651  /**
652   * Sends a notify mail on new comment
653   *
654   * @param  array  $comment  data array of the new comment
655   *
656   * @author Andreas Gohr <andi@splitbrain.org>
657   * @author Esther Brunner <wikidesign@gmail.com>
658   */
659  function _notify($comment){
660    global $conf;
661    global $ID;
662
663    if ((!$conf['subscribers']) && (!$conf['notify'])) return; //subscribers enabled?
664    $bcc  = subscriber_addresslist($ID);
665    if ((empty($bcc)) && (!$conf['notify'])) return;
666    $to   = $conf['notify'];
667    $text = io_readFile($this->localFN('subscribermail'));
668
669    $text = str_replace('@PAGE@', $ID, $text);
670    $text = str_replace('@TITLE@', $conf['title'], $text);
671    $text = str_replace('@DATE@', date($conf['dformat'], $comment['date']), $text);
672    $text = str_replace('@NAME@', $comment['name'], $text);
673    $text = str_replace('@TEXT@', $comment['raw'], $text);
674    $text = str_replace('@UNSUBSCRIBE@', wl($ID, 'do=unsubscribe', true, '&'), $text);
675    $text = str_replace('@DOKUWIKIURL@', DOKU_URL, $text);
676
677    $subject = '['.$conf['title'].'] '.$this->getLang('mail_newcomment');
678
679    mail_send($to, $subject, $text, $conf['mailfrom'], '', $bcc);
680  }
681
682  /**
683   * Counts the number of visible comments
684   */
685  function _count($data){
686    $number = 0;
687    foreach ($data['comments'] as $cid => $comment){
688      if ($comment['parent']) continue;
689      if (!$comment['show']) continue;
690      $number++;
691      $rids = $comment['replies'];
692      if (count($rids)) $number = $number + $this->_countReplies($data, $rids);
693    }
694    return $number;
695  }
696
697  function _countReplies(&$data, $rids){
698    $number = 0;
699    foreach ($rids as $rid){
700      if (!isset($data['comments'][$rid])) continue; // reply was removed
701      if (!$data['comments'][$rid]['show']) continue;
702      $number++;
703      $rids = $data['comments'][$rid]['replies'];
704      if (count($rids)) $number = $number + $this->_countReplies($data, $rids);
705    }
706    return $number;
707  }
708
709  /**
710   * Renders the comment text
711   */
712  function _render($raw){
713    if ($this->getConf('wikisyntaxok')){
714      $xhtml = $this->render($raw);
715    } else { // wiki syntax not allowed -> just encode special chars
716      $xhtml = htmlspecialchars(trim($raw));
717    }
718    return $xhtml;
719  }
720
721  /**
722   * Checks if 'newthread' was given as action or the comment form was submitted
723   */
724  function handle_act_preprocess(&$event, $param){
725    if ($event->data == 'newthread'){
726      $this->_handle_newThread($event);
727    }
728    if ((in_array($_REQUEST['comment'], array('add', 'save')))
729      && (@file_exists(DOKU_PLUGIN.'captcha/action.php'))){
730      $this->_handle_captchaCheck();
731    }
732  }
733
734  /**
735   * Creates a new thread page
736   */
737  function _handle_newThread(&$event){
738    global $ACT;
739    global $ID;
740
741    // we can handle it -> prevent others
742    $event->stopPropagation();
743    $event->preventDefault();
744
745    $ns    = $_REQUEST['ns'];
746    $title = str_replace(':', '', $_REQUEST['title']);
747    $id    = ($ns ? $ns.':' : '').cleanID($title);
748
749    // check if we are allowed to create this file
750    if (auth_quickaclcheck($id) >= AUTH_CREATE){
751      $back = $ID;
752      $ID   = $id;
753      $file = wikiFN($ID);
754
755      //check if locked by anyone - if not lock for my self
756      if (checklock($ID)){
757        $ACT = 'locked';
758      } else {
759        lock($ID);
760      }
761
762      // prepare the new thread file with default stuff
763      if (!@file_exists($file)){
764        global $TEXT;
765        global $INFO;
766        global $conf;
767
768        $TEXT = pageTemplate(array($ns.':'.$title));
769        if (!$TEXT) $TEXT = "<- [[:$back]]\n\n====== $title ======\n\n".
770                            "{{gravatar>".$INFO['userinfo']['mail']." }} ".
771                            "//".$INFO['userinfo']['name'].", ".
772                            date($conf['dformat']).": //\n\n\n\n".
773                            "~~DISCUSSION~~\n";
774        $ACT = 'preview';
775      } else {
776        $ACT = 'edit';
777      }
778    } else {
779      $ACT = 'show';
780    }
781  }
782
783  /**
784   * Checks if the CAPTCHA string submitted is valid
785   *
786   * @author     Andreas Gohr <gohr@cosmocode.de>
787   * @adaption   Esther Brunner <wikidesign@gmail.com>
788   */
789  function _handle_captchaCheck(){
790    if (@file_exists(DOKU_PLUGIN.'captcha/disabled')) return; // CAPTCHA is disabled
791
792    require_once(DOKU_PLUGIN.'captcha/action.php');
793    $captcha = new action_plugin_captcha;
794
795    // compare provided string with decrypted captcha
796    $rand = PMA_blowfish_decrypt($_REQUEST['plugin__captcha_secret'], auth_cookiesalt());
797    $code = $captcha->_generateCAPTCHA($captcha->_fixedIdent(), $rand);
798
799    if (!$_REQUEST['plugin__captcha_secret'] ||
800      !$_REQUEST['plugin__captcha'] ||
801      strtoupper($_REQUEST['plugin__captcha']) != $code){
802
803      // CAPTCHA test failed! Continue to edit instead of saving
804      msg($captcha->getLang('testfailed'),-1);
805      if ($_REQUEST['comment'] == 'save') $_REQUEST['comment'] = 'edit';
806      elseif ($_REQUEST['comment'] == 'add') $_REQUEST['comment'] = 'show';
807    }
808    // if we arrive here it was a valid save
809  }
810
811}
812
813//Setup VIM: ex: et ts=4 enc=utf-8 :
814