Summary: Comment recipe - with pagination and RSS feed
Version: 1.0beta - 26 January 2006
Prerequisites: Last tested on PmWiki version: 2.1.beta17
Add the possibility for the users to comment on the pages. The existing solution lacks two important features:
- Comments are not paginated, so once there are 500 comments on a page, it takes a while to load.
- An RSS-feed for the comments is a desired feature that lacks there.
Also any "standard" forum-based solution a-la PhpBB has an UI that is too-complex to be elegant (to my taste at least).
A remake of the comment-box-styled script, that uses a MySQL database to store comments.
For this price it provides comment pagination (only N comments are displayed at once on a page) and a convenient RSS-feed for the comments. Visually, the resulting comment thread looks just like the one produced by the CommentBox script.
- You need to set up a MySQL database. (someone could set up a clearer explanation perhaps)
- Create a new database:
$ mysql -p -u root
> create database mydatabase;
> grant all privileges on mydatabase.* to myuser@localhost identified by 'mypassword';
- In the database, create a table given in commentdb.mysql.txt:Δ
$ mysql -p -u myuser mydatabase < commentdb.mysql
- Check that table's encoding is the one you need (the script currently assumes utf8).
- Put commentdb.phpΔ in the
- Edit your
local/config.php, add lines similar to the following:
$CdbCommentsPerPage = 15;
$CdbMySQLHost = "localhost";
$CdbMySQLDb = "mydatabase";
$CdbMySQLUser = "myuser";
$CdbMySQLPass = "mypassword";
- On a page where you want the comments to be shown (the last line is a good choice), put the
- You might also put it in a GroupFooter to add comment functionality to all pages in a group simultaneously.
- If your site does not use UTF8 as the encoding, you'll have to take a look into
commentdb.php, and try changing the encoding. I can't promise it'll work out-of-the-box as I haven't tested it..
- The comments RSS-feed is provided by
- GroupHeader/GroupFooter support not tested, but should work.
- Currently only supports UTF-8 encoding. There's a lame attempt at making it configurable but its not tested at all.
- If you see encoding errors, these might be caused by the "
set names 'utf8'" query being done. On some machines this is needed for the code to work with UTF8 nicely, on others it just produces encoding mess. It's not clear to me why's that so. Anyway, you might try deleting the corresponding line from the code if needed.
- The thing was used in a small friendly community, so it's not guaranteed to be secure and durable for use in the wild.
- In particular, it does not respect page protection (anyone can post comments even to a password-protected page, of course, posting comments does not modify the page in any way)
- Although read-protected pages will still be read-protected, the last page of comments is still readable via RSS.
- Linkspam protection missing.
- The CSS styling was only tested in a single context, so it most probably requires further tuning for general use.
- In general PmWiki markup seems to be supported within the comments. At least one exception is with line breaks. Somewhy they don't produce paragraphs.
- Some lame attempts at making it internationalizable/localizable, but these are not tested.
- If your MySQL server breaks you most probably won't get very informative error messages. At least it wasn't tested.
- Comments can only be deleted via database, no nice interface for that (should not at all be hard to make, anyone?)
- The whole thing was created and tested with CleanUrls enabled.
- RSS does not completely validate for two reasons: a) the "author" in RSS is not a valid email. b) The xml encoding is given as "utf8" while it should be "utf-8". Thunderbird can read the RSS anyway.. (and a trivial modification would solve these of course).
- RSS will be invalid if some comments contain the < character (easily fixable by a str_replace in line 6 of format_rss2)
- [Not verified] It seems that although the comments are substituted during the fulltext stage, some html codes may appear unescaped on the page, which presents the possibility of an XSS. I think the person knowleadgeble enough to fix issue 5 might figure out this one too.
- The code fails to recognize the daylight-savings period [at least on my machine]. It is fixable by adding a timezone specification such as
putenv('TZ=EST'). Maybe, however, the problem arised due to misconfiguration of the specific machine where this was observed, I don't know. Can anyone explain?
- Initial version "1.0beta" released on Jan. 26, 2006.
See discussion at CommentDb-Talk
User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.