function delete_movies($dbh, $movie_id) { foreach ($movie_id as $id) { $sql = 'DELETE FROM movie WHERE movie_id = ?'; $stmt = $dbh->prepare($sql); $data[] = $id; $stmt->execute($data); $data = array(); delete_reaction($dbh, $id); delete_comments($dbh, $id); } }
function route($action) { global $html_main_content, $title; show_err(); switch ($action) { case '': main(); break; case 'user_show': $title = print_lg('Show all users', $_SESSION['lang']); user_show(); break; case 'user_info': $title = print_lg('User info', $_SESSION['lang']); user_info(); break; case 'show_news': show_news(); break; case 'logout': logout(); break; case 'add_news': $title = print_lg('Add news', $_SESSION['lang']); add_news(); break; case 'registration': $title = print_lg('Registration', $_SESSION['lang']); registration(); break; case 'delete_news': delete_news(); break; case 'edit_news': $title = print_lg('Edit news', $_SESSION['lang']); edit_news(); break; case 'pages': main(); break; case 'profileview': $title = print_lg('You information', $_SESSION['lang']); profileview(); break; case 'delete_user': delete_user(); break; case 'user_delete': user_delete(); break; case 'user_edit': $title = print_lg('Edit user', $_SESSION['lang']); user_edit(); break; case 'edit_language': $title = print_lg('Edit language', $_SESSION['lang']); edit_language(); break; case 'delete_comments': delete_comments(); break; case 'delete_vote': delete_vote(); break; default: $html_main_content .= print_lg('Page not found', $_SESSION['lang']); break; } }
return $error_log; } show_admin_header(); if ($action == "deletecomment") { $deletecomments = isset($HTTP_POST_VARS['deletecomments']) ? $HTTP_POST_VARS['deletecomments'] : array(); $comment_ids = ""; if (!empty($deletecomments)) { foreach ($deletecomments as $val) { $comment_ids .= ($comment_ids != "" ? ", " : "") . $val; } } $lang_key = sizeof($deletecomments) > 1 ? 'comments' : 'comment'; show_table_header($lang['delete'] . ": " . $lang[$lang_key], 1); echo "<tr><td class=\"tablerow\">\n"; echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td> </td><td>\n"; $error_log = delete_comments($comment_ids); echo "</td></tr></table>\n"; echo "</td></tr>\n"; show_table_footer(); if (!empty($error_log)) { show_table_header("Error Log:", 1); echo "<tr><td class=\"tablerow\">\n"; echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td> </td><td>\n"; echo "<b>" . $lang['error_log_desc'] . "</b>\n<ul>\n"; foreach ($error_log as $val) { printf("<li>%s</li>\n", $val); } echo "</ul>\n</td></tr></table>\n"; echo "</td></tr>\n"; show_table_footer(); }
} if ($comment->save()) { redirectMsg('comments.php?' . $qs, __('Comment updated successfully!', 'rmcommon'), 0); } else { redirectMsg('comments.php?action=edit&' . $qs, __('Errros ocurrs while trying to update comment!', 1) . '<br />' . $comment->errors(), 1); } } $action = rmc_server_var($_REQUEST, 'action', ''); switch ($action) { case 'approve': set_comments_status('approved'); break; case 'unapprove': set_comments_status('waiting'); break; case 'spam': set_comments_status('spam'); break; case 'delete': delete_comments(); break; case 'edit': edit_comment(); break; case 'save': save_comment(); break; default: show_comments(); break; }
/** * Builds news dialog for editing / adding news * * @param string $id news id (in case news already exists; otherwise set to "new") * @param string $context_range range id (only for new news; set to 'template' for copied news) * @param string $template_id template id (source of news template) * */ function edit_news_action($id = '', $context_range = '', $template_id = '') { // initialize $this->news_isvisible = array('news_basic' => true, 'news_comments' => false, 'news_areas' => false); $ranges = array(); $this->ranges = array(); $this->area_options_selectable = array(); $this->area_options_selected = array(); $this->may_delete = false; $this->route = "news/edit_news/{$id}"; if ($context_range) { $this->route .= "/{$context_range}"; if ($template_id) { $this->route .= "/{$template_id}"; } } $msg_object = new messaging(); if ($id == "new") { unset($id); $this->title = _("Ankündigung erstellen"); } else { $this->title = _("Ankündigung bearbeiten"); } // user has to have autor permission at least if (!$GLOBALS['perm']->have_perm(autor)) { $this->set_status(401); return $this->render_nothing(); } // Output as dialog (Ajax-Request) or as Stud.IP page? if (Request::isXhr()) { $this->set_layout(null); header('X-Title: ' . $this->title); } else { $this->set_layout($GLOBALS['template_factory']->open('layouts/base')); } // load news and comment data and check if user has permission to edit $news = new StudipNews($id); if (!$news->isNew()) { $this->comments = StudipComment::GetCommentsForObject($id); } if (!$news->havePermission('edit') and !$news->isNew()) { $this->set_status(401); PageLayout::postMessage(MessageBox::error(_('Keine Berechtigung!'))); return $this->render_nothing(); } // if form sent, get news data by post vars if (Request::get('news_isvisible')) { // visible categories, selected areas, topic, and body are utf8 encoded when sent via ajax $this->news_isvisible = unserialize(Request::get('news_isvisible')); if (Request::isXhr()) { $this->area_options_selected = unserialize(studip_utf8decode(Request::get('news_selected_areas'))); $this->area_options_selectable = unserialize(studip_utf8decode(Request::get('news_selectable_areas'))); $topic = studip_utf8decode(Request::get('news_topic')); $body = transformBeforeSave(Studip\Markup::purifyHtml(studip_utf8decode(Request::get('news_body')))); } else { $this->area_options_selected = unserialize(Request::get('news_selected_areas')); $this->area_options_selectable = unserialize(Request::get('news_selectable_areas')); $topic = Request::get('news_topic'); $body = transformBeforeSave(Studip\Markup::purifyHtml(Request::get('news_body'))); } $date = $this->getTimeStamp(Request::get('news_startdate'), 'start'); $expire = $this->getTimeStamp(Request::get('news_enddate'), 'end') ? $this->getTimeStamp(Request::get('news_enddate'), 'end') - $this->getTimeStamp(Request::get('news_startdate'), 'start') : ''; $allow_comments = Request::get('news_allow_comments') ? 1 : 0; if (Request::submitted('comments_status_deny')) { $this->anker = 'news_comments'; $allow_comments = 0; } elseif (Request::submitted('comments_status_allow')) { $this->anker = 'news_comments'; $allow_comments = 1; } if ($news->getValue('topic') != $topic or $news->getValue('body') != $body or $news->getValue('date') != $date or $news->getValue('allow_comments') != $allow_comments or $news->getValue('expire') != $expire) { $changed = true; } $news->setValue('topic', $topic); $news->setValue('body', $body); $news->setValue('date', $date); $news->setValue('expire', $expire); $news->setValue('allow_comments', $allow_comments); } elseif ($id) { // if news id given check for valid id and load ranges if ($news->isNew()) { PageLayout::postMessage(MessageBox::error(_('Die Ankündigung existiert nicht!'))); return $this->render_nothing(); } $ranges = $news->news_ranges->toArray(); } elseif ($template_id) { // otherwise, load data from template $news_template = new StudipNews($template_id); if ($news_template->isNew()) { PageLayout::postMessage(MessageBox::error(_('Die Ankündigung existiert nicht!'))); return $this->render_nothing(); } // check for permission if (!$news_template->havePermission('edit')) { $this->set_status(401); return $this->render_nothing(); } $ranges = $news_template->news_ranges->toArray(); // remove those ranges for which user doesn't have permission foreach ($ranges as $key => $news_range) { if (!$news->haveRangePermission('edit', $news_range['range_id'])) { $changed_areas++; $this->news_isvisible['news_areas'] = true; unset($ranges[$key]); } } if ($changed_areas == 1) { PageLayout::postMessage(MessageBox::info(_('1 zugeordneter Bereich wurde nicht übernommen, weil Sie dort keine Ankündigungen erstellen dürfen.'))); } elseif ($changed_areas) { PageLayout::postMessage(MessageBox::info(sprintf(_('%s zugeordnete Bereiche wurden nicht übernommen, weil Sie dort keine Ankündigungen erstellen dürfen.'), $changed_areas))); } $news->setValue('topic', $news_template->getValue('topic')); $news->setValue('body', $news_template->getValue('body')); $news->setValue('date', $news_template->getValue('date')); $news->setValue('expire', $news_template->getValue('expire')); $news->setValue('allow_comments', $news_template->getValue('allow_comments')); } else { // for new news, set startdate to today and range to dialog context $news->setValue('date', strtotime(date('Y-m-d'))); // + 12*60*60; $news->setValue('expire', 604800); if ($context_range != '' and $context_range != 'template') { $add_range = new NewsRange(array('', $context_range)); $ranges[] = $add_range->toArray(); } } // build news var for template $this->news = $news->toArray(); // treat faculties and institutes as one area group (inst) foreach ($ranges as $range) { switch ($range['type']) { case 'fak': $this->area_options_selected['inst'][$range['range_id']] = $range['name']; break; default: $this->area_options_selected[$range['type']][$range['range_id']] = $range['name']; } } // define search presets $this->search_presets['user'] = _('Meine Profilseite'); if ($GLOBALS['perm']->have_perm('autor') and !$GLOBALS['perm']->have_perm('admin')) { $my_sem = $this->search_area('__THIS_SEMESTER__'); if (count($my_sem['sem'])) { $this->search_presets['sem'] = _('Meine Veranstaltungen im aktuellen Semester') . ' (' . count($my_sem['sem']) . ')'; } } if ($GLOBALS['perm']->have_perm('dozent') and !$GLOBALS['perm']->have_perm('root')) { $my_inst = $this->search_area('__MY_INSTITUTES__'); if (count($my_inst)) { $this->search_presets['inst'] = _('Meine Einrichtungen') . ' (' . count($my_inst['inst']) . ')'; } } if ($GLOBALS['perm']->have_perm('root')) { $this->search_presets['global'] = $this->area_structure['global']['title']; } // perform search if (Request::submitted('area_search') or Request::submitted('area_search_preset')) { $this->anker = 'news_areas'; $this->search_term = studip_utf8decode(Request::get('area_search_term')); if (Request::submitted('area_search')) { $this->area_options_selectable = $this->search_area($this->search_term); } else { $this->current_search_preset = Request::option('search_preset'); if ($this->current_search_preset == 'inst') { $this->area_options_selectable = $my_inst; } elseif ($this->current_search_preset == 'sem') { $this->area_options_selectable = $my_sem; } elseif ($this->current_search_preset == 'user') { $this->area_options_selectable = array('user' => array($GLOBALS['auth']->auth['uid'] => get_fullname())); } elseif ($this->current_search_preset == 'global') { $this->area_options_selectable = array('global' => array('studip' => _('Stud.IP'))); } } if (!count($this->area_options_selectable)) { unset($this->search_term); } else { // already assigned areas won't be selectable foreach ($this->area_options_selected as $type => $data) { foreach ($data as $id => $title) { unset($this->area_options_selectable[$type][$id]); } } } } // delete comment(s) if (Request::submitted('delete_marked_comments')) { $this->anker = 'news_comments'; $this->flash['question_text'] = delete_comments(Request::optionArray('mark_comments')); $this->flash['question_param'] = array('mark_comments' => Request::optionArray('mark_comments'), 'delete_marked_comments' => 1); // reload comments if (!$this->flash['question_text']) { $this->comments = StudipComment::GetCommentsForObject($id); $changed = true; } } if ($news->havePermission('delete')) { $this->comments_admin = true; } if (is_array($this->comments)) { foreach ($this->comments as $key => $comment) { if (Request::submitted('news_delete_comment_' . $comment['comment_id'])) { $this->anker = 'news_comments'; $this->flash['question_text'] = delete_comments($comment['comment_id']); $this->flash['question_param'] = array('mark_comments' => array($comment['comment_id']), 'delete_marked_comments' => 1); } } } // open / close category foreach ($this->news_isvisible as $category => $value) { if (Request::submitted('toggle_' . $category) or Request::get($category . '_js')) { $this->news_isvisible[$category] = $this->news_isvisible[$category] ? false : true; $this->anker = $category; } } // add / remove areas if (Request::submitted('news_add_areas') and is_array($this->area_options_selectable)) { $this->anker = 'news_areas'; foreach (Request::optionArray('area_options_selectable') as $range_id) { foreach ($this->area_options_selectable as $type => $data) { if (isset($data[$range_id])) { $this->area_options_selected[$type][$range_id] = $data[$range_id]; unset($this->area_options_selectable[$type][$range_id]); } } } } if (Request::submitted('news_remove_areas') and is_array($this->area_options_selected)) { $this->anker = 'news_areas'; foreach (Request::optionArray('area_options_selected') as $range_id) { foreach ($this->area_options_selected as $type => $data) { if (isset($data[$range_id])) { $this->area_options_selectable[$type][$range_id] = $data[$range_id]; unset($this->area_options_selected[$type][$range_id]); } } } } // prepare to save news if (Request::submitted('save_news') and Request::isPost()) { CSRFProtection::verifySecurityToken(); //prepare ranges array for already assigned news_ranges foreach ($news->getRanges() as $range_id) { $this->ranges[$range_id] = get_object_type($range_id, array('global', 'fak', 'inst', 'sem', 'user')); } // check if new ranges must be added foreach ($this->area_options_selected as $type => $area_group) { foreach ($area_group as $range_id => $area_title) { if (!isset($this->ranges[$range_id])) { if ($news->haveRangePermission('edit', $range_id)) { $news->addRange($range_id); $changed = true; } else { PageLayout::postMessage(MessageBox::error(sprintf(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung für "%s".'), htmlReady($area_title)))); $error++; } } } } // check if assigned ranges must be removed foreach ($this->ranges as $range_id => $range_type) { if ($range_type === 'fak' && !isset($this->area_options_selected['inst'][$range_id]) || $range_type !== 'fak' && !isset($this->area_options_selected[$range_type][$range_id])) { if ($news->havePermission('unassign', $range_id)) { $news->deleteRange($range_id); $changed = true; } else { PageLayout::postMessage(MessageBox::error(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung.'))); $error++; } } } // save news if ($news->validate() and !$error) { if ($news->getValue('user_id') != $GLOBALS['auth']->auth['uid']) { $news->setValue('chdate_uid', $GLOBALS['auth']->auth['uid']); setTempLanguage($news->getValue('user_id')); $msg = sprintf(_('Ihre Ankündigung "%s" wurde von %s verändert.'), $news->getValue('topic'), get_fullname() . ' (' . get_username() . ')') . "\n"; $msg_object->insert_message($msg, get_username($news->getValue('user_id')), "____%system%____", FALSE, FALSE, "1", FALSE, _("Systemnachricht:") . " " . _("Ankündigung geändert")); restoreLanguage(); } else { $news->setValue('chdate_uid', ''); } $news->store(); PageLayout::postMessage(MessageBox::success(_('Die Ankündigung wurde gespeichert.'))); // in fallback mode redirect to edit page with proper news id if (!Request::isXhr() and !$id) { $this->redirect('news/edit_news/' . $news->getValue('news_id')); } elseif (Request::isXhr()) { $this->render_nothing(); } } } // check if user has full permission on news object if ($news->havePermission('delete')) { $this->may_delete = true; } }