sandbox/junyor/comment.module

<?php
// $Id: comment.module,v 1.1 2004/05/17 15:28:43 junyor Exp $

function comment_help($section = "admin/help#comment") {
  $output = "";

  switch ($section) {
    case 'admin/help#comment':
      $output = t("
      <p>When enabled, the Drupal comment module creates a discussion board for each Drupal node. Users can post comments to discuss a forum topic, weblog post, collaborative book page, etc.</p>
      <h3>User control of comment display</h3>
      <p>Attached to each comment board is a control panel for customizing the way that comments are displayed. Users can control the chronological ordering of posts (newest or oldest first) and the number of posts to display on each page. Additional settings include:</p>
      <ul>
      <li><strong>Threaded</strong> -- Displays the posts grouped according to conversations and subconversations, much like the subject view of an e-mail client.</li>
      <li><strong>Flat</strong> --  Displays the posts in chronological order, in the order in which they are posted.</li>
      <li><strong>Expanded</strong> -- Displays the title and text for each post.</li>
      <li><strong>Collapsed</strong> -- Displays only the title for each post.</li>
      </ul>
      <p>When a user chooses <em>save settings</em>, the comments are then redisplayed using the user's new choices. Administrators can set the default settings for the comment control panel, along with other comment defaults, in <a href=\"%comment-config\">administer &raquo; configuration &raquo; modules &raquo; comment</a>.</p>
      <p>NOTE: When comment moderation is enabled, users will have another control panel option to control thresholds (see below).</p>

      <h3>Additional comment configurations</h3>
      <p>Comments behave like other user submissions in Drupal. Filters, smileys and HTML that work in nodes will also work with content. To prevent a single user from spamming the web site with too many comments, administrators can set a comment throttle in <a href=\"%site-config\">administer &raquo; configuration</a> under <em>Submission settings</em>.</p>
      <p>Administrators can control access to various comment module functions through <a href=\"%user-permissions\">administer &raquo; accounts &raquo; permissions</a>. Know that in a new Drupal installation, all comment permissions are disabled by default. The choice of which permissions to grant to which roles (groups of users) is left up to the site administrator.</p>
      <p>The following permissions can be enabled for anonymous users, authenticated users, or any other user roles that the administrator chooses to define:</p>
      <ul>
      <li><strong>Access comments</strong> -- Allows users to view comments.</li>
      <li><strong>Administrate comments</strong> -- Allows users complete control over configuring, editing and deleting all comments on the site. Best reserved for <strong>very</strong> trusted users.</li>
      <li><strong>Moderate comments</strong> -- Allows users to rate comment postings (see more on moderation below).</li>
      <li><strong>Post comments</strong> -- Allows users to post comments into an administrator moderation queue. Administrators then post the comment to the site.</li>
      <li><strong>Post comments without approval</strong> -- Allows users to directly post comments. This bypasses the administrator moderation queue.</li>
      </ul>

      <h3>Notification of new comments</h3>
      <p>Drupal provides specific features to inform site members when new comments have been posted:</p>
      <ul>
      <li>On the home page, Drupal displays the total number of comments attached to each node, and tracks comments read by individual site members. Members which have logged in will see a notice accompanying nodes which contain comments that they have not read.</li>
      <li>The <em>tracker</em> module, disabled by default, displays all the site's recent posts.  There is a link to the <a href=\"%tracker\">recent posts</a> page in the navigation block.  This page is a useful way to browse new or updated nodes and comments. Content which the user has not yet read is tagged with a red star (this graphic depends on the current theme). Visit the comment board for any node, and Drupal will display a red <em>\"new\"</em> label beside the text of unread comments.</li>
      <li>Some administrators may want to <a href=\"%download-notify\">download</a>, install and configure the notify module. Users can then request that Drupal send them an e-mail when new comments are posted (the notify module requires that cron.php be configured properly).</li>
      </ul>

      <h3>Comment moderation</h3>
      <p>On sites with active commenting from users, the administrator can turn over comment moderation to the community. </p>
      <p>With comment moderation, each comment is automatically assigned an initial rating. As users read comments, they can apply a vote which affects the comment rating. At the same time, users have an additional option in the control panel which allows them to set a threshold for the comments they wish to view. Those comments with ratings lower than the set threshold will not be shown.</p>
      <p>To enable moderation, the administrator must grant <a href=\"%permission\">moderate comments</a> permissions. Then, a number of options in <a href=\"%comment-moderation\">administer &raquo; comments &raquo; moderation</a> must be configured.</p>

      <h4>Moderation votes</h4>
      <p>The first step is to create moderation labels which allow users to rate a comment.  Go to <a href=\"%comment-votes\">administer &raquo; comments &raquo; moderation &raquo; votes</a>. In the <em>vote</em> field, enter the textual labels which users will see when casting their votes. Some examples are</p>
      <ul>
      <li>Excellent +3</li>
      <li>Insightful +2</li>
      <li>Caught My Attention +1</li>
      <li>Useful +1</li>
      <li>Redundant -1</li>
      <li>Flame -3</li>
      </ul>
      <p>So that users know how their votes affect the comment, these examples include the vote value as part of the label, although that is optional.</p>
      <p>Using the weight option, you can control the order in which the votes appear to users. Setting the weight heavier (positive numbers) will make the vote label appear at the bottom of the list. Lighter (a negative number) will push it to the top. To encourage positive voting, a useful order might be higher values, positive votes, at the top, with negative votes at the bottom.</p>

      <h4>Moderator vote/values matrix</h4>

      <p>Next go to <a href=\"%comment-matrix\">administer &raquo; comments &raquo; moderation &raquo; matrix</a>. Enter the values for the vote labels for each permission role in the vote matrix. The values entered here will be used to create the rating for each comment.</p>
      <p>NOTE: Comment ratings are calculated by averaging user votes with the initial rating.</p>
      <h4>Creating comment thresholds</h4>
      <p>In <a href=\"%comment-thresholds\">administer &raquo; comments &raquo; moderation &raquo; thresholds</a>, you'll have to create some comment thresholds to make the comment rating system useful. When comment moderation is enabled and the thresholds are created, users will find another comment control panel option for selecting their thresholds. They'll use the thresholds you enter here to filter out comments with low ratings. Consequently, you'll probably want to create more than one threshold to give users some flexibility in filtering comments.</p>
      <p>When creating the thresholds, note that the <em>Minimum score</em> is asking you for the lowest rating that a comment can have in order to be displayed.</p>
      <p>To see a common example of how thresholds work, you might visit <a href=\"%slashdot\">Slashdot</a> and view one of their comment boards associated with a story. You can reset the thresholds in their comment control panel.</p>

      <h4>Initial comment scores</h4>
      <p>Finally, you may want to enter some <em>initial comment scores</em>. In <a href=\"%comment-initial\">administer &raquo; comments &raquo; initial comment scores</a> you can assign a beginning rating for all comments posted by a particular permission role. If you do not assign any initial scores, Drupal will assign a rating of <strong>0</strong> as the default.</p>", array("%comment-config" => url("admin/system/modules/comment"), "%site-config" => url("admin/system"), "%user-permissions" => url("admin/user/permission"), "%tracker" => url("tracker"), "%download-notify" => "http://drupal.org/project/releases", "%permission" => url("admin/user/permission"), "%comment-moderation" => url("admin/comment/moderation"), "%comment-votes" => url("admin/comment/moderation/votes"), "%comment-matrix" => url("admin/comment/moderation/matrix"), "%comment-thresholds" => url("admin/comment/moderation/filters"), "%slashdot" => " http://slashdot.org", "%comment-initial" => url("admin/comment/moderation/roles")));
      break;
    case 'admin/system/modules#description':
      $output = t("Enables user to comment on content (nodes).");
      break;
    case 'admin/system/modules/comment':
      $output = t("Comments can be attached to any node. Below are the settings for comments. The display comes in two types, a \"flat list\" where everything is flush to the left side, and comments come in cronological order, and a \"threaded list\" where comments to other comments are placed immediately below and slightly indented forming an outline. They also come in two styles: \"expanded\", where you see both the title and the contents, and \"collapsed\" where you only see the title. To set the default threshold you first have to set up thresholds in the <a href=\"%threshold\">administer &raquo; comments &raquo; moderation &raquo; thresholds</a> area. Preview comment forces a user to look at their comment by clicking on a \"Preview\" button before they can actually add the comment. If \"New comment form\" is enabled then at the bottom of every comment page there will be a form too add a new comment.", array("%threshold" => url("admin/comment/moderation/filters")));
      break;
    case 'admin/comment':
      $output = t("Comments let users give feedback to content authors.  Here you may review/approve/deny recent comments, and configure moderation if desired.");
      break;
    case 'admin/comment/comments':
      $output = t("Click on <a href=\"%nup\">new or updated comments</a> to see your latest comments, or <a href=\"%queue\">comment approval queue</a> to approve new comments.", array("%nup" => url("admin/comment/comments/0"), "%queue" => url("admin/comment/comments/1")));
      break;
    case 'admin/comment/comments/0':
      $output = t("Below is a list of the latest comments posted your site. Click on a subject to see the comment, the author's name to edit the author's user information , \"edit comment\" to edit the comment, and \"delete comment\" to remove the comment.");
      break;
    case 'admin/comment/comments/1':
      $output = t("Below is a list of the comments posted to your site that need approval. To approve a comment click on <strong>\"edit comment\"</strong> and then change its <strong>moderation status</strong> to Approved.<br />Click on a subject to see the comment, the author's name to edit the author's user information, \"edit comment\" to edit the comment, and \"delete comment\" to remove the comment.");
      break;
    case 'admin/comment/moderation':
      $output = t("If you have a get a lot of comments, you can enable comment moderation. Once moderation is enabled users can vote on a comment based on dropdown menus. <a href=\"%votes\">Votes</a> sets up the names in the dropdown menu, and the order in which they appear, using weights. <a href=\"%matrix\">Matrix</a> sets up the value of each user's vote, and <a href=\"%threshhold\">threshhold</a> sets up the levels at which a comment will be displayed.", array("%votes" => url("admin/comment/moderation/votes"), "%matrix" => url("admin/comment/moderation/matrix"), "%threshhold" => url("admin/comment/moderation/filters")));
      break;
    case 'admin/comment/moderation/votes':
      $output = t("Here is where you setup the names of each type of vote. Weight lets you set the order of the drop down menu. Click <strong>edit</strong> to edit a current vote weight.<br />Notes: <ul><li>you can have more than one type with the same name. The system does not protect you from this.</li><li>To <strong>delete</strong> a name/weight combiniation go to the <strong>edit</strong> area.</li></ul>");
      break;
    case 'admin/comment/moderation/matrix':
      $output = t("Here is where you assign a value to each item in the dropdown menu. This value is added to the vote total, which is then divided by the number of users who have voted and rounded off to the nearest integer.<br />Notes:<ul><li>In order to use comment moderation, every text box on this page should be populated.</li><li>You must assign the <strong>moderate comments</strong> permission to at least one role in order to use this page.</li><li>Every box not filled in will have a value of zero, which will have the effect of <strong>lowering</strong> a comments over all score.</li></ul>");
      break;
    case 'admin/comment/moderation/filters':
      $output = t("<em>Optional</em> Here you can setup the name and minimum \"cut off\" score to help your users hide comments that they don't want too see. These thresholds appear in the Comment Control Panel. Click \"edit\" to edit the values of an already exsisting threashold. To <strong>delete</strong> a threshold click on \"edit\".");
      break;
    case 'admin/comment/moderation/roles':
      $output = t("Here you can setup the <strong>initial</strong> vote value of a comment posted by each user role. This value is used before any other users vote on the comment.<br />Note: Blank entries are valued at zero");
      break;
    case 'admin/comment/search':
      $output = t("Enter a simple pattern ( '*' maybe used as a wildcard match) to search for a comment.  For example, one may search for 'br' and Drupal might return 'bread brakers', 'our daily bread' and 'brenda'.");
      break;
  }
  return $output;
}

function comment_help_page() {
  print theme("page", comment_help());
}

function comment_settings() {
  $group  = form_radios(t("Default display mode"), "comment_default_mode", variable_get("comment_default_mode", 4), _comment_get_modes(), t("The default view for comments. Expanded views display the body of the comment. Threaded views keep replies together."));
  $group .= form_radios(t("Default display order"), "comment_default_order", variable_get("comment_default_order", 1), _comment_get_orders(), t("The default sorting for new users and anonymous users while viewing comments. These users may change their view using the comment control panel. For registered users, this change is remembered as a persistent user preference."));
  $group .= form_select(t("Default comments per page"), "comment_default_per_page", variable_get("comment_default_per_page", "50"), _comment_per_page(), t("Default number of comments for each page: more comments are distributed in several pages."));
  $group .= form_radios(t("Comment controls"), "comment_controls", variable_get("comment_controls", 0), array(t("Display above the comments"), t("Display below the comments"), t("Display above and below the comments"), t("Do not display")), t("Position of the comment controls box.  The comment controls let the user change the default display mode and display order of comments."));
  $output = form_group(t('Comment viewing options'), $group);

  $group  = form_radios(t("Preview comment"), "comment_preview", variable_get("comment_preview", 1), array(t("Optional"), t("Required")), t("Must users preview comments before submitting?"));
  $group .= form_radios(t("Location of comment submission form"), "comment_form_location", variable_get("comment_form_location", 0), array(t("Display on separate page"), t("Display below post or comments")), t("The location of the comment submission form."));
  $output .= form_group(t('Comment posting settings'), $group);

  $result = db_query("SELECT fid, filter FROM {moderation_filters} ");
  while ($filter = db_fetch_object($result)) {
    $thresholds[$filter->fid] = ($filter->filter);
  }
  if ($thresholds) {
    $group = form_select(t("Default threshold"), "comment_default_threshold", variable_get("comment_default_threshold", 0), $thresholds, t("Thresholds are values below which comments are hidden. These thresholds are useful for busy sites which want to hide poor comments from most users."));
    $output .= form_group(t('Comment moderation settings'), $group);
  }

  return $output;
}

function comment_user($type, $edit, &$user) {
  switch ($type) {
    case "edit":
      // when user tries to edit his own data
      return array(t('Personal information') => form_textarea(t("Signature"), "signature", $user->signature, 64, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". filter_tips_short()));
    case "edit":
      // validate user data editing
      return array("signature" => $edit["signature"]);
  }
}

function comment_access($op, $comment) {
  global $user;

  if ($op == "edit") {

    /*
    ** Authenticated users can edit their comments as long they have
    ** not been replied to.  This, in order to avoid people changing
    ** or revising their statements based on the replies their posts
    ** got. Furthermore, users can't reply to their own comments and
    ** are encouraged to extend their original comment.
    */

    return $user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0;
  }

}
function comment_referer_save() {
  $_SESSION["comment_referer"] = arg(0) ."/". arg(1) ."/". arg(2);
}

/*
** Restores the referer from a persistent variable:
*/

function comment_referer_load() {
  return $_SESSION["comment_referer"];
}

function comment_edit($cid) {
  global $user;

  $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status != 2", $cid));
  $comment = drupal_unpack($comment);
  if (comment_access("edit", $comment)) {
    return comment_preview(object2array($comment));
  }
}

function comment_reply($pid, $nid) {

  $output = "";

  if (user_access("access comments")) {

    /*
    ** Show comment
    */

    if ($pid) {
      $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = 0", $pid));
      $comment = drupal_unpack($comment);
      $output .= theme("comment_view", $comment);
    }
    else if (user_access("access content")) {
      $output .= node_view(node_load(array("nid" => $nid)));
      $pid = 0;
    }

    /*
    ** If possible, show reply form
    */

    if (node_comment_mode($nid) != 2) {
      $output .= theme("box", t("Reply"), t("This discussion is closed: you can't post new comments."));
    }
    else if (user_access("post comments")) {
      $output .= theme("comment_form", array("pid" => $pid, "nid" => $nid), t("Reply"));
    }
    else {
      $output .= theme("box", t("Reply"), t("You are not authorized to post comments."));
    }
  }
  else {
    $output .= theme("box", t("Reply"), t("You are not authorized to view comments."));
  }

  return $output;
}

function comment_preview($edit) {
  global $user;

  $output = "";

  foreach ($edit as $key => $value) {
    $comment->$key = $value;
  }

  /*
  ** Attach the user and time information:
  */

  $comment->uid = $user->uid;
  $comment->name = $user->name;
  $comment->timestamp = time();

  /*
  ** Preview the comment:
  */

  $output .= theme("comment_view", $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1)));
  $output .= theme("comment_form", $edit, t("Reply"));

  if ($edit["pid"]) {
    $comment = db_fetch_object(db_query("SELECT c.*, u.uid, u.name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = 0", $edit["pid"]));
    $comment = drupal_unpack($comment);
    $output .= theme("comment_view", $comment);
  }
  else {
    $output .= node_view(node_load(array("nid" => $edit["nid"])));
    $edit["pid"] = 0;
  }

  return $output;
}

/*
Items in comments database:

cid = comment id, unique identifier for comments (set by comment_save)
pid = Parent ID, ie cid of the comment which is the parent of the current one (used in threading) (0 = no parent) (set by comment_save)
nid = node id, the node the comment is posted to
uid = user id of commentor (0 = anonymous comment)
subject = subject of comment
comment = comment body
hostname = IP of commentor
timestamp = timestamp of comment (Unix format)
score = moderation score of comment
status = publication status of comment (http://drupal.org/book/view/4739)
thread = thread depth (set by comment_save)
users = no idea (set by comment_save)
*/

/*
** This function should always be called before comment_save().
** The $user object should be available to this function.
*/

/* Questions:
1) What happens if user_load can't find the user?

Tasks:
1) Initialize variables
2) Add watchdog warning stuff
3) Shouldn't the error array be output?

Notes:
1) This function validates input and fills in blanks, but doesn't prevent user tampering.  This should be done before sending comments to this function.
*/

function comment_validate($node, &$error) {
  global $user;
  $error = array();

  /*
  ** Convert the comment to an object if necessary:
  */

  $comment = array2object($comment);

  /*
  ** Validate the user.  If the user who generated the comment
  ** isn't the current user, save the current user and load the
  ** user data for the commentor.  This is usually only useful
  ** when a module like an importer is adding comments.
  */
  if ($comment->uid != $user->uid)
  {
    $temp_user = $user;
    user_load(array(uid => $comment->uid));
  }

  /*
  ** Validate the comment's body.
  */
  
  if ($comment->comment == "") {
    watchdog("warning", "comment: empty comment submitted.");
    $error['comment'] = theme('error', t('The comment you submitted is empty.'));
  }

  /*
  ** Validate the subject field.  If not specified, extract
  ** one from the comment's body.
  */
  
  /* Remove HTML from subjects */
  $comment->subject = strip_tags($comment->subject);
  
  /* If empty subject */
  if ($comment->subject == "") {
    /* set subject according to body of comment */
    $body = strip_tags($comment->comment);
    $arr = explode(" ",$body);
	
    for($i=0; $i<5; $i++) { $comment->subject .= $arr[$i]." "; }
  }

  /*
  ** Validate the timestamp field:
  */

  if (!$comment->timestamp) {
    $comment->timestamp = time();
  }

  /*
  ** Set status field.
  */
  
  $status = user_access("post comments without approval") ? 0 : 1;

  /*
  ** Check for duplicate comments.  Note that we have to use the
  ** validated/filtered data to perform such check.
  */

  $duplicate = db_result(db_query("SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND nid = %d AND subject = '%s' AND comment = '%s'", $comment->pid, $comment->nid, $comment->subject, $comment->comment), 0);

  if ($duplicate != 0) {
    watchdog("warning", "comment: duplicate '". $comment->subject ."'");
    $error['comment'] = theme('error', t('The comment you submitted is a duplicate.'));
  }

  // Reset user
  $user = user_load(array(uid => $temp_user->uid));

  return $comment;
}

function comment_save($comment) {
  /* if the comment is being updated */
  if ($comment->cid)
  { 
    db_query("UPDATE {comments} SET subject = '%s', comment = '%s', status = %d WHERE cid = %d", $edit["subject"], $edit["comment"], $edit["status"], $comment->id);

    /*
    ** Fire a hook
    */
    module_invoke_all("comment", "update", $edit);

    /*
    ** Add entry to the watchdog log:
    */
    watchdog("special", "comment: updated '". $edit["subject"] ."'", l(t("view comment"), "node/view/". $edit["nid"], NULL, NULL, "comment-". $edit["cid"]));

    drupal_set_message(t("the comment has been saved."));
  }
  
  /* Otherwise, it's a new comment */
  else {
	
    /*
    ** Add the comment to database:
    */

    $roles = variable_get("comment_roles", array());
    $score = $roles[$user->rid] ? $roles[$user->rid] : 0;
    $users = serialize(array(0 => $score));

    /*
    ** Here we are building the thread field.  See the comment
    ** in comment_render().
    */

    if ($edit["pid"] == 0) {
      /*
      ** This is a comment with no parent comment (depth 0): we start
      ** by retrieving the maximum thread level.
      */

      $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE nid = %d", $edit["nid"]));

      // Strip the "/" from the end of the thread
      $max = rtrim($max, "/");

      /*
      ** Next, we increase this value by one.  Note that we can't
      ** use 1, 2, 3, ... 9, 10, 11 because we order by string and
      ** 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
      ** 92, 93, ... instead.  Ugly but fast.
      */

      $decimals = (string)substr($max, 0, strlen($max) - 1);
      $units = substr($max, -1, 1);
      if ($units) {
        $units++;
      }
      else {
        $units = 1;
      }

      if ($units == 10) {
        $units = "90";
      }

      // Finally build the thread field for this new comment
      $thread = "$decimals$units/";
    }
    else {
      /*
      ** This is comment with a parent comment: we increase
      ** the part of the thread value at the proper depth.
      */

      // Get the parent comment:
      $parent = db_fetch_object(db_query("SELECT * FROM {comments} WHERE cid = '%d'", $edit["pid"]));

      // Strip the "/" from the end of the parent thread:
      $parent->thread = (string)rtrim((string)$parent->thread, "/");

      // Get the max value in _this_ thread:
      $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE '%s.%%' AND nid = '%d'", $parent->thread, $edit["nid"]));

      if ($max == "") {
        // First child of this parent
        $thread = "$parent->thread.1/";
      }
      else {
        // Strip the "/" at the end of the thread:
        $max = rtrim($max, "/");

        // We need to get the value at the correct depth:
        $parts = explode(".", $max);
        $parent_depth = count(explode(".", $parent->thread));
        $last = $parts[$parent_depth];

        /*
        ** Next, we increase this value by one.  Note that we can't
        ** use 1, 2, 3, ... 9, 10, 11 because we order by string and
        ** 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
        ** 92, 93, ... instead.  Ugly but fast.
        */

        $decimals = (string)substr($last, 0, strlen($last) - 1);
        $units = substr($last, -1, 1);
        $units++;
        if ($units == 10) {
          $units = "90";
        }

        // Finally build the thread field for this new comment:
        $thread = "$parent->thread.". $decimals.$units ."/";
      }
    }


    $edit["cid"] = db_next_id("{comments}_cid");

    db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, hostname, timestamp, status, score, users, thread) VALUES (%d, %d, %d, %d, '%s', '%s', '%s', %d, %d, %d, '%s', '%s')", $edit["cid"], $edit["nid"], $edit["pid"], $user->uid, $edit["subject"], $edit["comment"], $_SERVER['REMOTE_ADDR'], time(), $status, $score, $users, $thread);

    /*
    ** Tell the other modules a new comment has been submitted:
    */

    module_invoke_all("comment", "insert", $edit);

    /*
    ** Add entry to the watchdog log:
    */

    watchdog("special", "comment: added '". $edit["subject"] ."'", l(t("view comment"), "node/view/". $edit["nid"], NULL, NULL, "comment-". $edit["cid"]));
  }

  /*
  ** Clear the cache so an anonymous user can see his comment being
  ** added.
  */

  cache_clear_all();
}

/*
To do:
1) Check the error value of comment_validate()
2) Output the error array
*/

function comment_post($edit) {
  global $user;
  $error = array();

  if (user_access("post comments") && node_comment_mode($edit["nid"]) == 2) {
    $comment = comment_validate($edit, $error);
    comment_save($comment);
  }
  else {
    watchdog("error", "comment: unauthorized comment submitted or comment submitted to a closed node '". $edit["subject"] ."'");
    return array(t("Error"), t("You are not authorized to post comments, or this node doesn't accept new comments."));
  }

  /*
  ** Redirect the user to the node he commented on, or explain queue
  */

  if ($status == 1) {
    return array(t("Comment queued"), t("Your comment has been queued for moderation by site administrators and will be published after approval."));
  }
}

function comment_links($comment, $return = 1) {
  global $user;

  $links = array();

  /*
  ** If we are viewing just this comment, we link back to the node
  */

  if ($return) {
    $links[] = l(t("parent"), comment_referer_load(), NULL, NULL, "comment-$comment->cid");
  }

  if (node_comment_mode($comment->nid) == 2) {
    if (user_access("administer comments") && user_access("access administration pages")) {
      $links[] = l(t("delete comment"), "admin/comment/delete/$comment->cid");
      $links[] = l(t("edit comment"), "admin/comment/edit/$comment->cid");
      $links[] = l(t("reply to this comment"), "comment/reply/$comment->nid/$comment->cid");
    }
    else if (user_access("post comments")) {
      if (comment_access("edit", $comment)) {
        $links[] = l(t("edit your comment"), "comment/edit/$comment->cid");
      }
      $links[] = l(t("reply to this comment"), "comment/reply/$comment->nid/$comment->cid");
    }
    else {
      $links[] = theme("comment_post_forbidden");
    }
  }

  if ($moderation = theme("comment_moderation_form", $comment)) {
    $links[] = $moderation;
  }

  return $links;
}

function comment_render($node, $cid = 0) {
  global $user;

  $mode = $_GET["mode"];
  $order = $_GET["order"];
  $threshold = $_GET["threshold"];
  $comments_per_page = $_GET["comments_per_page"];
  $comment_page = $_GET["comment_page"];

  $output = "";

  if (user_access("access comments")) {

    /*
    ** Save were we come from so we can go back after a reply
    */

    comment_referer_save();

    /*
    ** Pre-process variables:
    */

    $nid = $node->nid;
    if (empty($nid)) {
      $nid = 0;
    }

    if (empty($mode)) {
      $mode = $user->mode ? $user->mode : ($_SESSION["comment_mode"] ? $_SESSION["comment_mode"] : variable_get("comment_default_mode", 4));
    }

    if (empty($order)) {
      $order = $user->sort ? $user->sort : ($_SESSION["comment_sort"] ? $_SESSION["comment_sort"] : variable_get("comment_default_order", 1));
    }

    if (empty($threshold)) {
      $threshold = $user->threshold ? $user->threshold : ($_SESSION["comment_threshold"] ? $_SESSION["comment_threshold"] : variable_get("comment_default_threshold", 0));
    }
    $threshold_min = db_result(db_query("SELECT minimum FROM {moderation_filters} WHERE fid = %d", $threshold));

    if (empty($comments_per_page)) {
      $comments_per_page = $user->comments_per_page ? $user->comments_per_page : ($_SESSION["comment_comments_per_page"] ? $_SESSION["comment_comments_per_page"] : variable_get("comment_default_per_page", "50"));
    }

    $output .= "<a id=\"comment\"></a>\n";


    if ($cid) {

      /*
      ** Single comment view
      */

      $output .= "<form method=\"post\" action=\"". url("comment") ."\"><div>\n";
      $output .= form_hidden("nid", $nid);

      $result = db_query("SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.picture, u.data, c.score, c.users FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = 0 GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.picture, u.data, c.score, c.users", $cid);

      if ($comment = db_fetch_object($result)) {
        $output .= theme("comment_view", $comment, theme('links', module_invoke_all('link', 'comment', $comment, 1)));
      }

      if ((comment_user_can_moderate($node)) && $user->uid != $comment->uid && !(comment_already_moderated($user->uid, $comment->users))) {
        $output .= "<div style=\"text-align: center;\">". form_submit(t("Moderate comment")) ."</div><br />";
      }
      $output .= "</div></form>";
    }
    else {

      /*
      ** Multiple comments view
      */

      $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0";

      $query .= " GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.timestamp, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread";

      /*
      ** We want to use the standard pager, but threads would need every
      ** comment to build the thread structure, so we need to store some
      ** extra info.
      **
      ** We use a "thread" field to store this extra info. The basic idea
      ** is to store a value and to order by that value. The "thread" field
      ** keeps this data in a way which is easy to update and convenient
      ** to use.
      **
      ** A "thread" value starts at "1". If we add a child (A) to this
      ** comment, we assign it a "thread" = "1.1". A child of (A) will have
      ** "1.1.1". Next brother of (A) will get "1.2". Next brother of the
      ** parent of (A) will get "2" and so on.
      **
      ** First of all note that the thread field stores the depth of the
      ** comment: depth 0 will be "X", depth 1 "X.X", depth 2 "X.X.X", etc.
      **
      ** Now to get the ordering right, consider this example:
      **
      ** 1
      ** 1.1
      ** 1.1.1
      ** 1.2
      ** 2
      **
      ** If we "ORDER BY thread ASC" we get the above result, and this is
      ** the natural order sorted by time.  However, if we "ORDER BY thread
      ** DESC" we get:
      **
      ** 2
      ** 1.2
      ** 1.1.1
      ** 1.1
      ** 1
      **
      ** Clearly, this is not a natural way to see a thread, and users
      ** will get confused. The natural order to show a thread by time
      ** desc would be:
      **
      ** 2
      ** 1
      ** 1.2
      ** 1.1
      ** 1.1.1
      **
      ** which is what we already did before the standard pager patch. To
      ** achieve this we simply add a "/" at the end of each "thread" value.
      ** This way out thread fields will look like depicted below:
      **
      ** 1/
      ** 1.1/
      ** 1.1.1/
      ** 1.2/
      ** 2/
      **
      ** we add "/" since this char is, in ASCII, higher than every number,
      ** so if now we "ORDER BY thread DESC" we get the correct order.  Try
      ** it, it works ;).  However this would spoil the "ORDER BY thread ASC"
      ** Here, we do not need to consider the trailing "/" so we use a
      ** substring only.
      */

      if ($order == 1) {
        if ($mode == 1 || $mode == 2) {
          $query .= " ORDER BY c.timestamp DESC";
        }
        else {
          $query .= " ORDER BY c.thread DESC";
        }
      }
      else if ($order == 2) {
        if ($mode == 1 || $mode == 2) {
          $query .= " ORDER BY c.timestamp";
        }
        else {

          /*
          ** See comment above.  Analysis learns that this doesn't cost
          ** too much.  It scales much much better than having the whole
          ** comment structure.
          */

          $query .= " ORDER BY SUBSTRING(c.thread, 1, (LENGTH(c.thread) - 1))";
        }
      }

      /*
      ** Start a form, to use with comment control and moderation.
      */

      $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'");
      if (db_num_rows($result) && (variable_get("comment_controls", 0) == 0 || variable_get("comment_controls", 0) == 2)) {
        $output .= "<form method=\"post\" action=\"". url("comment") ."\"><div>\n";
        $output .= theme("comment_controls", $threshold, $mode, $order, $comments_per_page);
        $output .= form_hidden("nid", $nid);
        $output .= "</div></form>";
      }

      $output .= "<form method=\"post\" action=\"". url("comment") ."\"><div>\n";
      $output .= form_hidden("nid", $nid);

      while ($comment = db_fetch_object($result)) {
        $comment = drupal_unpack($comment);
        $comment->depth = count(explode(".", $comment->thread)) - 1;

        if ($mode == 1) {
          $output .= theme("comment_flat_collapsed", $comment, $threshold_min);
        }
        else if ($mode == 2) {
          $output .= theme("comment_flat_expanded", $comment, $threshold_min);
        }
        else if ($mode == 3) {
          $output .= theme("comment_thread_min", $comment, $threshold_min);
        }
        else if ($mode == 4) {
          $output .= theme("comment_thread_max", $comment, $threshold_min);
        }
      }

      /*
      ** Use the standard pager, $pager_total is the number of returned rows,
      ** is global and defined in pager.inc
      */
      if ($pager = theme("pager", NULL, $comments_per_page, 0, array("comments_per_page" => $comments_per_page))) {
        $output .= $pager;
      }

      if (db_num_rows($result) && comment_user_can_moderate($node)) {
        $output .= "<div align=\"center\">". form_submit(t("Moderate comments")) ."</div><br />";
      }

      $output .= "</div></form>";

      if (db_num_rows($result) && (variable_get("comment_controls", 0) == 1 || variable_get("comment_controls", 0) == 2)) {
        $output .= "<form method=\"post\" action=\"". url("comment") ."\"><div>\n";
        $output .= theme("comment_controls", $threshold, $mode, $order, $comments_per_page);
        $output .= form_hidden("nid", $nid);
        $output .= "</div></form>";
      }
    }

    /*
    ** If enabled, show new comment form
    */

    if (user_access("post comments") && node_comment_mode($nid) == 2 && variable_get("comment_form_location", 0)) {
      $output .= theme("comment_form", array("nid" => $nid), t("Post new comment"));
    }
  }
  return $output;
}

function comment_perm() {
  return array("access comments", "post comments", "administer comments", "moderate comments", "post comments without approval", "administer moderation");
}

function comment_link($type, $node = 0, $main = 0) {
  $links = array();

  if ($type == "node" && $node->comment) {

    if ($main) {

      /*
      ** Main page: display the number of comments that have been posted.
      */

      if (user_access("access comments")) {
        $all = comment_num_all($node->nid);
        $new = comment_num_new($node->nid);

        if ($all) {
          $links[] = l(format_plural($all, "1 comment", "%count comments"), "node/view/$node->nid", array("title" => t("Jump to the first comment of this posting.")), NULL, "comment");

          if ($new) {
            $links[] = l(format_plural($new, "1 new comment", "%count new comments"), "node/view/$node->nid", array("title" => t("Jump to the first new comment of this posting.")), NULL, "new");
          }
        }
        else {
          if ($node->comment == 2) {
            if (user_access("post comments")) {
              $links[] = l(t("add new comment"), "comment/reply/$node->nid", array("title" => t("Add a new comment to this page.")));
            }
            else {
              $links[] = theme("comment_post_forbidden");
            }
          }
        }
      }
    }
    else {
      /*
      ** Node page: add a "post comment" link if the user is allowed to
      ** post comments and if this node is not read-only
      */

      if ($node->comment == 2) {
        if (user_access("post comments")) {
          $links[] = l(t("add new comment"), "comment/reply/$node->nid", array("title" => t("Share your thoughts and opinions related to this posting.")), NULL, "comment");
        }
        else {
          $links[] = theme("comment_post_forbidden");
        }
      }
    }
  }

  if ($type == "comment") {
    $links = comment_links($node, $main);
  }

  if ($type == "system") {
    if (user_access("administer comments")) {

      menu("admin/comment", t("comments"), "comment_admin", 1);
      menu("admin/comment/comments", t("overview"), "comment_admin", 2);
      menu("admin/comment/comments/0", t("new/updated"), "comment_admin", 1);
      menu("admin/comment/comments/1", t("approval queue"), "comment_admin", 2);
      menu("admin/comment/help", t("help"), "comment_help_page", 9);
      menu("admin/comment/edit", t("edit comment"), "comment_admin", 0, MENU_HIDE);
      menu("admin/comment/delete", t("delete comment"), "comment_admin", 0, MENU_HIDE);
      if (module_exist('search')) {
        menu("admin/comment/search", t("search"), "comment_admin", 8);
      }

      // comment settings:
      if (user_access("administer moderation")) {
        menu("admin/comment/moderation", t("moderation"), "comment_admin", 3);
        menu("admin/comment/moderation/votes", t("votes"), "comment_admin");
        menu("admin/comment/moderation/matrix", t("matrix"), "comment_admin");
        menu("admin/comment/moderation/filters", t("thresholds"), "comment_admin");
        menu("admin/comment/moderation/roles", t("initial scores"), "comment_admin", 6);
      }
    }
    menu("comment", t("comments"), "comment_page", 0, MENU_HIDE);
  }

  return $links;
}

function comment_page() {
  $op = $_POST["op"];
  $edit = $_POST["edit"];

  if (empty($op)) {
    $op = arg(1);
  }

  switch ($op) {
    case "edit":
      print theme("page", comment_edit(check_query(arg(2))), t("Edit comment"));;
      break;
    case t("Moderate comments"):
    case t("Moderate comment"):
      comment_moderate($edit);
      drupal_goto(comment_referer_load());
      break;
    case "reply":
      print theme("page", comment_reply(check_query(arg(3)), check_query(arg(2))), t("Add new comment"));
      break;
    case t("Preview comment"):
      print theme("page", comment_preview($edit), t("Preview comment"));
      break;
    case t("Post comment"):
      list($error_title, $error_body) = comment_post($edit);
      if ($error_body) {
        print theme("page", $error_body, $error_title);
      }
      else {
        drupal_goto(comment_referer_load());
      }
      break;
    case t("Save settings"):
      $mode = $_POST["mode"];
      $order = $_POST["order"];
      $threshold = $_POST["threshold"];
      $comments_per_page = $_POST["comments_per_page"];

      comment_save_settings(check_query($mode), check_query($order), check_query($threshold), check_query($comments_per_page));
      drupal_goto(comment_referer_load());
      break;
  }
}

/**
*** admin functions
**/

function comment_node_link($node) {

  if (user_access("administer comments")) {

    /*
    ** Edit comments:
    */

    $result = db_query("SELECT c.cid, c.subject, u.uid, u.name FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE nid = %d AND c.status = 0 ORDER BY c.timestamp", $node->nid);


    $header = array(t("title"), t("author"), array("data" => t("operations"), "colspan" => 3));

    while ($comment = db_fetch_object($result)) {
      $rows[] = array(l($comment->subject, "node/view/$node->nid", NULL, NULL, "comment-$comment->cid"), format_name($comment), l(t("view comment"), "node/view/$node->nid", NULL, NULL, $comment->cid), l(t("edit comment"), "admin/comment/edit/$comment->cid"), l(t("delete comment"), "admin/comment/delete/$comment->cid"));
    }

    if ($rows) {
      $output  = "<h3>". t("Edit comments") ."</h3>";
      $output .= theme("table", $header, $rows);
    }

    return $output;
  }
}

function comment_admin_edit($id) {

  $result = db_query("SELECT c.*, u.name, u.uid FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status != 2", $id);
  $comment = db_fetch_object($result);
  $comment = drupal_unpack($comment);

  if ($comment) {
    $form .= form_textfield(t("Authored by"), "name", $user->name, 20, 64);
    $form .= form_textfield(t("Authored on"), "timestamp", $edit["timestamp"], 20, 64);
    $form .= form_textfield(t("Subject"), "subject", $comment->subject, 70, 128);
    $form .= form_textarea(t("Comment"), "comment", $comment->comment, 70, 15, filter_tips_short());
    $form .= form_radios(t("Status"), "status", $comment->status, array("published", "not published"));
    $form .= form_hidden("cid", $id);
    $form .= form_submit(t("Submit"));

    return form($form);
  }
}

function _comment_delete_thread($comment) {
  // Delete the comment:
  db_query("DELETE FROM {comments} WHERE cid = %d", $comment->cid);
  watchdog("special", "comment: deleted '$comment->subject'");

  // Delete the comment's replies:
  $result = db_query("SELECT cid, subject FROM {comments} WHERE pid = %d", $comment->cid);
  while ($comment = db_fetch_object($result)) {
    _comment_delete_thread($comment);
  }
}

function comment_delete($cid, $confirmed = 0) {
  $comment = db_fetch_object(db_query("SELECT c.*, u.name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.cid = %d", $cid));

  if ($comment->cid) {
    if ($confirmed) {
      drupal_set_message(t("the comment and all its replies have been deleted."));

      /*
      ** Delete the comment and all of its replies:
      */

      _comment_delete_thread($comment);

      /*
      ** Clear the cache so an anonymous user can see his comment being
      ** added.
      */

      cache_clear_all();
    }
    else {
      drupal_set_message(t("do you want to delete this comment and all its replies?"));

      /*
      ** Print a confirmation screen:
      */

      $output  = theme("comment", $comment);
      $output .= form_submit(t("Delete comment"));

      return form($output);
    }
  }
  else {
    drupal_set_message(t("the comment no longer exists."));
  }
}

function comment_admin_overview($status = 0) {

  $header = array(
    array("data" => t("subject"), "field" => "subject"),
    array("data" => t("author"), "field" => "u.name"),
    array("data" => t("status"), "field" => "status"),
    array("data" => t("time"), "field" => "c.timestamp", "sort" => "desc"),
    array("data" => t("operations"), "colspan" => 2)
  );

  $sql = "SELECT c.*, u.name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = ". check_query($status);
  $sql .= tablesort_sql($header);
  $result = pager_query($sql,  50);

  while ($comment = db_fetch_object($result)) {
    $rows[] = array(l($comment->subject, "node/view/$comment->nid/$comment->cid", array("title" => htmlspecialchars(substr($comment->comment, 0, 128))), NULL, "comment-$comment->cid") ." ". (node_is_new($comment->nid, $comment->timestamp) ? theme("mark") : ""), format_name($comment), ($comment->status == 0 ? t("published") : t("not published")) ."</td><td>". format_date($comment->timestamp, "small") ."</td><td>". l(t("edit comment"), "admin/comment/edit/$comment->cid"), l(t("delete comment"), "admin/comment/delete/$comment->cid"));
  }

  if ($pager = theme("pager", NULL, 50, 0, tablesort_pager())) {
    $rows[] = array(array("data" => $pager, "colspan" => 6));
  }

  return theme("table", $header, $rows);
}

function comment_mod_matrix($edit) {

  $output .= "<h3>Moderation vote/value matrix</h3>";

  if ($edit) {
    db_query("DELETE FROM {moderation_roles} ");
    foreach ($edit as $role_id => $votes) {
      foreach ($votes as $mid => $value) {
        $sql[] = "('$mid', '$role_id', '". ($value ? $value : 0) ."')";
      }
    }
    db_query("INSERT INTO {moderation_roles} (mid, rid, value) VALUES ". implode(", ", $sql));
    drupal_set_message(t("the vote values have been saved."));
  }

  $result = db_query("SELECT r.rid, r.name FROM {role} r, {permission} p WHERE r.rid = p.rid AND p.perm LIKE '%moderate comments%'");
  $role_names = array();
  while ($role = db_fetch_object($result)) {
    $role_names[$role->rid] = $role->name;
  }

  $result = db_query("SELECT rid, mid, value FROM {moderation_roles} ");
  while ($role = db_fetch_object($result)) {
    $mod_roles[$role->rid][$role->mid] = $role->value;
  }

  $header = array_merge(array(t("votes")), array_values($role_names));

  $result = db_query("SELECT mid, vote FROM {moderation_votes} ORDER BY weight");
  while ($vote = db_fetch_object($result)) {
    $row = array($vote->vote);
    foreach (array_keys($role_names) as $rid) {
      $row[] = array("data" => form_textfield(NULL, "$rid][$vote->mid", $mod_roles[$rid][$vote->mid], 4, 3), "align" => "center");
    }
    $rows[] = $row;
  }
  $output .= theme("table", $header, $rows);
  $output .= "<br />". form_submit(t("Submit votes"));

  return form($output);
}

function comment_mod_roles($edit) {

  $output .= "<h3>Initial comment scores</h3>";

  if ($edit) {
    variable_set("comment_roles", $edit);
    drupal_set_message(t("the comment scores have been saved."));
  }

  $start_values = variable_get("comment_roles", array());
