<?php
// ========================== 文件说明 ==========================//
// 本文件说明：评论管理
// ==============================================================//


if(!defined('IN_ROOT') || !isset($php_self) || !preg_match("/[\/\\\\]index\.php$/", $php_self)) {
	exit('Access Denied');
}

//权限检查
permission();

if (!$action) {
    $action = 'cmlist';
}

$id = intval($_GET['id'] ? $_GET['id'] : $_POST['id']);
$cid = intval($_GET['cid'] ? $_GET['cid'] : $_POST['cid']);
$do = in_array($do,array('hidden','display','del')) ? $do : '';

//设置状态
if($action == 'cmstate') {
	if ($cid) {
		$comment = $db->fetch_one_array("SELECT state,feedid FROM {$tablepre}xna_comment WHERE commid='$cid'");
		if ($comment['state']) {
			$state = '0';
			$query = '-';
			$visible = '隐藏';
		} else {
			$state = '1';
			$query = '+';
			$visible = '显示';
		}
		$db->query("UPDATE {$tablepre}xna_feed SET comments=comments".$query."1 WHERE feedid='".$comment['feedid']."'");
		$db->query("UPDATE {$tablepre}xna_comment SET state='$state' WHERE commid='$cid'");
		echo ("UPDATE {$tablepre}xna_comment SET state='$state' WHERE commid='$cid'");
		$db->query("UPDATE {$tablepre}xna_statistics SET comment_count=comment_count".$query."1");
		newcomments_recache();
		statistics_recache();
		redirect('已经成功把该评论设置为 '.$visible.' 状态', 'index.php?job=comment&action=cmlist&id='.$feedid);
	} else {
		redirect('缺少参数', 'index.php?job=comment&action=cmlist&feedid='.$feedid);
	}
}


// 修改评论

if($action == 'domodcm') {
	$author = trim($_POST['author']);
	$url = trim($_POST['url']);
	if(!$author || strlen($author) > 30) {
		redirect('用户名为空或用户名太长');
	}
	$name_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#','$','(',')','%','@','+','?',';','^');
	foreach($name_key as $value){
		if (strpos($author,$value) !== false){ 
			redirect('此用户名包含不可接受字符或被管理员屏蔽,请选择其它用户名');
		}
	}
	$author = char_cv($author);
	if ($url) {
		if (!isemail($url)) {
			if (!preg_match("#^(http|news|https|ftp|ed2k|rtsp|mms)://#", $url)) {
				redirect('网站URL错误');
			}
			$key = array("\\",' ',"'",'"','*',',','<','>',"\r","\t","\n",'(',')','+',';');
			foreach($key as $value){
				if (strpos($url,$value) !== false){
					redirect('网站URL错误');
				}
			}
		}
		$url = char_cv($url);
	}

    $db->query("UPDATE {$tablepre}xna_comment SET author='$author', url='$url', content='".addslashes($_POST['content'])."' WHERE commid='$commid'");
	newcomments_recache();

    redirect('修改评论成功', 'index.php?job=comment&action=cmlist&feedid='.$feedid);

}



// 显示全部评论

if($action == 'displayall') {	

	$db->query("UPDATE {$tablepre}xna_comment SET state='1'");
	$comment_count = $db->num($db->query("SELECT c.commid FROM {$tablepre}xna_comment c LEFT JOIN {$tablepre}xna_feed a ON (a.feedid=c.feedid) WHERE a.state='1' AND c.state='1'"));
	$db->query("UPDATE {$tablepre}xna_statistics SET comment_count='$comment_count'");
	$result = $db->query("SELECT feedid FROM {$tablepre}xna_feed");
	while ($feed = $db->row($result)) {
		// 更新所有文章的评论数
		$query = "SELECT commid FROM {$tablepre}xna_comment WHERE feedid='".$feed['feedid']."'";
		$tatol = $db->num($db->query($query));
		$db->query("UPDATE {$tablepre}xna_feed SET comments='$tatol' WHERE feedid='".$feed['feedid']."'");
	}
	newcomments_recache();
	statistics_recache();

	redirect('已显示全部评论', 'index.php?job=comment&action=cmlist');

}



// 隐藏全部评论

if($action == 'hiddenall') {

	$db->query("UPDATE {$tablepre}xna_comment SET state='0'");
	$db->query("UPDATE {$tablepre}xna_statistics SET comment_count='0'");
	$db->query("UPDATE {$tablepre}xna_feed SET comments='0'");
	newcomments_recache();
	statistics_recache();
	redirect('已隐藏全部评论', 'index.php?job=comment&action=cmlist');
}

// 删除全部评论
if($action == 'dodelallcm') {
	$db->query("TRUNCATE TABLE {$tablepre}xna_comment");
	$db->query("UPDATE {$tablepre}xna_feed SET comments='0'");
	$db->query("UPDATE {$tablepre}xna_statistics SET comment_count='0'");
	newcomments_recache();
	statistics_recache();
	redirect('已删除所有评论', 'index.php?job=comment&action=cmlist');
}

//批量处理评论状态
if($action == 'domorecmlist') {

	if ($do == 'display') {

		$state = '1';

		$msg     = '所选评论已显示';
		$del     = false;

	} elseif ($do == 'hidden') {
		$state = '0';
		$msg     = '所选评论已隐藏';
		$del     = false;
	} elseif ($do == 'del') {
		$msg     = '所选评论已删除';
		$del     = true;
	} else {

		redirect('未选择任何操作');

	}
	if ($cids = implode_ids($_POST['comment'])) {
		if ($del) {
			$db->query("DELETE FROM {$tablepre}xna_comment WHERE cid IN ($cids)");
		} else {
			$db->query("UPDATE {$tablepre}xna_comment SET state='$state' WHERE commid IN ($cids)");
		}
		$comment_count = $db->num($db->query("SELECT c.cid FROM {$tablepre}xna_comment c LEFT JOIN {$tablepre}xna_feed a ON (a.feedid=c.feedid) WHERE a.state='1' AND c.state='1'"));
		$db->query("UPDATE {$tablepre}xna_statistics SET comment_count='$comment_count'");
		$query = $db->query("SELECT feedid FROM {$tablepre}xna_feed");
		while ($feed = $db->row($query)) {
			// 更新所有文章的评论数
			$tatol = $db->num($db->query("SELECT cid FROM {$tablepre}xna_comment WHERE feedid='".$feed['feedid']."' AND state='1'"));
			$db->query("UPDATE {$tablepre}xna_feed SET comments='$tatol' WHERE feedid='".$feed['feedid']."'");
		}
		newcomments_recache();
		statistics_recache();

		redirect($msg, 'index.php?job=comment&action=cmlist&id='.$feedid);
	} else {		
		redirect('未选择任何评论');
	}

}

if ($action == 'cmlist') {
	$sql_query = ' WHERE 1=1 ';
	$subnav = '全部评论';
	$kind = in_array($_GET['kind'],array('display','hidden')) ? $_GET['kind'] : '';
	if ($kind == 'display') {

		$sql_query .= " AND state='1'";
		$pagelink   = '&kind=display';
		$subnav     = '全部显示的评论';
	}
	if ($kind == 'hidden') {

		$sql_query .= " AND state='0'";
		$pagelink   = '&kind=hidden';
		$subnav     = '全部隐藏的评论';

	}
	if ($feedid) {
		$article = $db->fetch_one_array("SELECT feed_title FROM {$tablepre}xna_feed WHERE feedid='$feedid'");
		$sql_query .= " AND feedid='$feedid'";
		$pagelink   = '&id='.$feedid;
		$subnav     = '文章:'.$article['title'];
	}
	$ip = char_cv($_GET['ip']);
	if ($ip) {
		$frontlen = strrpos($ip, '.');
		$ipc = substr($ip, 0, $frontlen);
		$sql_query .= " AND (ipaddress LIKE '%".$ipc."%')";
		$pagelink   = '&ip='.$ip;
		$subnav     = '与 '.$ip.' 同一C段提交的评论';
	}
	if($page) {
		$start_limit = ($page - 1) * 30;
	} else {
		$start_limit = 0;
		$page = 1;
	}
	$tatol     = $db->num($db->query("SELECT commid FROM {$tablepre}xna_comment $sql_query"));
	$multipage = multi($tatol, 30, $page, 'index.php?job=comment&action=cmlist'.$pagelink);

	$query  = $db->query("SELECT * FROM {$tablepre}xna_comment $sql_query ORDER BY commid DESC LIMIT $start_limit, 30");
	$commentdb = array();

    while ($comment = $db->row($query)) {
		$comment['state'] = $comment['state'] ? '<span class="yes">显示</span>' : '<span class="no">隐藏</span>';
		$comment['url'] = $comment['url'] ? (isemail($comment['url']) ? '<a href="mailto:'.$comment['url'].'" target="_blank">发送邮件</a>' : '<a href="'.$comment['url'].'" target="_blank">访问主页</a>') : '<font color="#FF0000">Null</font>';
		$comment['addtime'] = sadate('Y-m-d H:i',$comment['addtime']);
		$comment['content'] = htmlspecialchars($comment['content']);
		$commentdb[] = $comment;
	}
	unset($comment);
	$db->free($query);
}//end list

if ($action == 'modcm') {
	$comment = $db->fetch_one_array("SELECT c.feedid,c.commid,c.author,c.url,c.addtime,c.content, a.feed_title FROM {$tablepre}xna_comment c LEFT JOIN {$tablepre}xna_feed a ON (a.feedid=c.feedid) WHERE c.commid='$cid'");
	$comment['content'] = htmlspecialchars($comment['content']);
	$subnav = '修改评论';
}//end mod



//删除全部评论页面

if ($action == 'delallcm') {
	$subnav = '删除所有评论';
}//end delall


if (strstr($action, 'cm')) {
	$catenav = '评论管理';
	$cateurl = 'cmlist';
}

$navlink_L = ' &raquo; <a href="index.php?job=comment&action='.$cateurl.'">'.$catenav.'</a>'.($subnav ? ' &raquo; '.$subnav : '');
cpheader();
include template("comment", _ROOT . "/template/admin/");

?>