function manageReport($id, $type, $post, $kind) { if ($kind == 1) { // Prepare the statement to delete the message/comment from the database if ($type == 1) { // Get the current type (for images deletion) $query = $this->db->query(sprintf("SELECT `type`, `value` FROM `messages` WHERE `id` = '%s'", $this->db->real_escape_string($post))); $row = $query->fetch_assoc(); // Execute the deletePhotos function deletePhotos($row['type'], $row['value']); $stmt = $this->db->prepare("DELETE FROM `messages` WHERE `id` = '{$this->db->real_escape_string($post)}'"); } else { $stmt = $this->db->prepare("DELETE FROM `comments` WHERE `id` = '{$this->db->real_escape_string($post)}'"); } // Execute the statement $stmt->execute(); // Save the affected rows $affected = $stmt->affected_rows; // Close the statement $stmt->close(); $this->db->query("UPDATE `reports` SET `state` = '2' WHERE `post` = '{$this->db->real_escape_string($post)}' AND `type` = '{$this->db->real_escape_string($type)}'"); return 1; } else { // Make the report safe $stmt = $this->db->prepare("UPDATE `reports` SET `state` = '1' WHERE `post` = '{$this->db->real_escape_string($post)}' AND `type` = '{$this->db->real_escape_string($type)}'"); // Execute the statement $stmt->execute(); // Save the affected rows $affected = $stmt->affected_rows; // Close the statement $stmt->close(); // If the row has been affected return $affected ? 1 : 0; } }
/** * Delete an ad and associated photos * * @param integer $ad_id Ad ID number * @param boolean $admin True if this is an administrator */ function adDelete($ad_id = '', $admin = false, $table = 'ad_ads') { global $_USER, $_TABLES, $_CONF_ADVT; $ad_id = COM_sanitizeID($ad_id); if ($ad_id == '') { return 1; } if ($table != 'ad_ads' && $table != 'ad_submission') { return 2; } // Check the user's access level. If this is an admin call, // force access to read-write. $myaccess = $admin ? 3 : CLASSIFIEDS_checkAccess($ad_id); if ($myaccess < 3) { return 3; } /* $selection = "ad_id = '$ad_id'"; if (!$admin) { $selection.= " AND uid={$_USER['uid']}"; } $ad = DB_getItem($_TABLES[$table], 'ad_id', $selection); if ($ad == '') return 5;*/ // If we've gotten this far, then the current user has access // to delete this ad. if ($table == 'ad_submission') { // Do the normal plugin rejection stuff plugin_moderationdelete_classifieds($ad_id); } else { // Do the extra cleanup manually if (deletePhotos($ad_id) != 0) { return 5; } } // After the cleanup stuff, delete the ad record itself. DB_delete($_TABLES[$table], 'ad_id', $ad_id); CLASSIFIEDS_auditLog("Ad {$ad_id} deleted."); if (DB_error()) { COM_errorLog(DB_error()); return 4; } else { return 0; } }
function delete($id, $type) { // Type 0: Delete Comment // Type 1: Delete Message // Type 2: Delete Chat Message // Prepare the statement if ($type == 0) { $stmt = $this->db->prepare("DELETE FROM `comments` WHERE `id` = '{$this->db->real_escape_string($id)}' AND `uid` = '{$this->db->real_escape_string($this->id)}'"); // Set $x variable to 1 if the delete query is for `comments` $x = 0; } elseif ($type == 1) { // Get the current type (for images deletion) $query = $this->db->query(sprintf("SELECT `type`, `value` FROM `messages` WHERE `id` = '%s'", $this->db->real_escape_string($id))); $row = $query->fetch_assoc(); // Execute the deletePhotos function deletePhotos($row['type'], $row['value']); $stmt = $this->db->prepare("DELETE FROM `messages` WHERE `id` = '{$this->db->real_escape_string($id)}' AND `uid` = '{$this->db->real_escape_string($this->id)}'"); // Set $x variable to 1 if the delete query is for `messages` $x = 1; } elseif ($type == 2) { $stmt = $this->db->prepare("DELETE FROM `chat` WHERE `id` = '{$this->db->real_escape_string($id)}' AND `from` = '{$this->db->real_escape_string($this->id)}'"); $x = 2; } // Execute the statement $stmt->execute(); // Save the affected rows $affected = $stmt->affected_rows; // Close the statement $stmt->close(); // If the messages/comments table was affected if ($affected) { // Deletes the Comments/Likes/Reports if the Message was deleted if ($x == 1) { $this->db->query("DELETE FROM `comments` WHERE `mid` = '{$this->db->real_escape_string($id)}'"); $this->db->query("DELETE FROM `likes` WHERE `post` = '{$this->db->real_escape_string($id)}'"); $this->db->query("DELETE FROM `reports` WHERE `post` = '{$this->db->real_escape_string($id)}' AND `parent` = '0'"); $this->db->query("DELETE FROM `notifications` WHERE `parent` = '{$this->db->real_escape_string($id)}'"); } elseif ($x == 0) { $this->db->query("DELETE FROM `reports` WHERE `post` = '{$this->db->real_escape_string($id)}' AND `parent` != '0'"); $this->db->query("DELETE FROM `notifications` WHERE `child` = '{$this->db->real_escape_string($id)}' AND `type` = '1'"); } } return $affected ? 1 : 0; }
<?php require "Include/Config.php"; require "Include/Functions.php"; $redirectURL = "Menu.php"; $deleted = false; if ($_SESSION['bAddRecords'] || $bOkToEdit) { if (isset($_GET['PersonID'])) { $id = FilterInput($_GET["PersonID"], 'int'); $deleted = deletePhotos("Person", $id); $redirectURL = "PersonView.php?PersonID=" . $id; } else { if (isset($_GET['FamilyID'])) { $id = FilterInput($_GET["FamilyID"], 'int'); $deleted = deletePhotos("Family", $id); $redirectURL = "FamilyView.php?FamilyID=" . $id; } else { if (isset($_GET['GroupID'])) { $id = FilterInput($_GET["GroupID"], 'int'); $deleted = deletePhotos("Group", $id); $redirectURL = "GroupView.php?GroupID=" . $id; } } } if ($deleted) { $redirectURL = $redirectURL . "&ProfileImageDeleted=true"; } } Redirect($redirectURL);