/**
* Allows user to delete a comment.
*
* If the comment is the only one in the discussion, the discussion will
* be deleted as well. Users without administrative delete abilities
* should not be able to delete a comment unless it is a draft. This is
* a "hard" delete - it is removed from the database.
*
* @since 2.0.0
* @access public
*
* @param int $CommentID Unique comment ID.
* @param string $TransientKey Single-use hash to prove intent.
*/
public function deleteComment($CommentID = '', $TransientKey = '')
{
$Session = Gdn::session();
$DefaultTarget = '/discussions/';
$ValidCommentID = is_numeric($CommentID) && $CommentID > 0;
$ValidUser = $Session->UserID > 0 && $Session->validateTransientKey($TransientKey);
if ($ValidCommentID && $ValidUser) {
// Get comment and discussion data
$Comment = $this->CommentModel->getID($CommentID);
$DiscussionID = val('DiscussionID', $Comment);
$Discussion = $this->DiscussionModel->getID($DiscussionID);
if ($Comment && $Discussion) {
$DefaultTarget = discussionUrl($Discussion);
// Make sure comment is this user's or they have Delete permission
if ($Comment->InsertUserID != $Session->UserID || !c('Vanilla.Comments.AllowSelfDelete')) {
$this->permission('Vanilla.Comments.Delete', true, 'Category', $Discussion->PermissionCategoryID);
}
// Make sure that content can (still) be edited
$EditContentTimeout = c('Garden.EditContentTimeout', -1);
$CanEdit = $EditContentTimeout == -1 || strtotime($Comment->DateInserted) + $EditContentTimeout > time();
if (!$CanEdit) {
$this->permission('Vanilla.Comments.Delete', true, 'Category', $Discussion->PermissionCategoryID);
}
// Delete the comment
if (!$this->CommentModel->delete($CommentID)) {
$this->Form->addError('Failed to delete comment');
}
} else {
$this->Form->addError('Invalid comment');
}
} else {
$this->Form->addError('ErrPermission');
}
// Redirect
if ($this->_DeliveryType == DELIVERY_TYPE_ALL) {
$Target = GetIncomingValue('Target', $DefaultTarget);
SafeRedirect($Target);
}
if ($this->Form->errorCount() > 0) {
$this->setJson('ErrorMessage', $this->Form->errors());
} else {
$this->jsonTarget("#Comment_{$CommentID}", '', 'SlideUp');
}
$this->render();
}
public function Controller_Validate($Sender)
{
$form_values = array('user_email' => $Sender->Form->GetValue('user_email'), 'user_login' => $Sender->Form->GetValue('user_login'), 'val_id' => $Sender->Form->GetValue('val_id'));
$oasl = new SocialLogin();
$oa_profile = $oasl->get_validation_data($form_values['val_id']);
if ($oa_profile === FALSE) {
SafeRedirect(Url(Gdn::Router()->GetDestination('DefaultController'), TRUE));
}
$to_validate = array_merge($form_values, $oa_profile);
if ($Sender->Form->IsPostBack() == TRUE) {
// Verify new user submitted data:
// TODO explore vanilla validation: as in $Valid = Gdn_Validation::ValidateRule ($to_validate ['user_email'], 'Email', 'function:ValidateEmail');
$valid = TRUE;
if (empty($to_validate['user_login'])) {
$to_validate['user_login'] = $to_validate['identity_provider'] . 'User';
$valid = FALSE;
}
if ($oasl->get_user_id_by_username($to_validate['user_login']) !== FALSE) {
$i = 1;
$user_login_tmp = $to_validate['user_login'] . $i;
while ($oasl->get_user_id_by_username($user_login_tmp) !== FALSE) {
$user_login_tmp = $to_validate['user_login'] . $i++;
}
$to_validate['user_login'] = $user_login_tmp;
$valid = FALSE;
}
if (empty($to_validate['user_email'])) {
$Sender->Form->AddError('OA_SOCIAL_LOGIN_VALIDATION_FORM_EMAIL_NONE_EXPLAIN', 'user_email');
$valid = FALSE;
}
if ($oasl->get_user_id_by_email($to_validate['user_email']) !== FALSE) {
$to_validate['user_email'] = '';
$Sender->Form->AddError('OA_SOCIAL_LOGIN_VALIDATION_FORM_EMAIL_EXISTS_EXPLAIN', 'user_email');
$valid = FALSE;
}
if ($valid) {
$avatar = C(self::CONFIG_PREFIX . 'AvatarsEnable', 1);
$redirect = C(self::CONFIG_PREFIX . 'Redirect', '');
$to_validate['redirect'] = empty($redirect) ? Url($to_validate['redirect'], TRUE) : $redirect;
$oasl->delete_validation_data($to_validate['val_id']);
$oasl->social_login_resume_handle_callback($to_validate, $avatar);
}
}
$Sender = $this->set_validation_fields($Sender, $to_validate);
$Sender->Render($this->GetView('oa_social_login_validate.php'));
}
/**
* Complete callback once credentials validated.
*/
protected function social_login_redirect($error_message, $user_id, $user_data, $custom_redirect, $registration)
{
// Display an error message
if (isset($error_message)) {
trigger_error($error_message);
} else {
if (is_numeric($user_id)) {
// Update statistics:
$this->incr_login_count_identity_token($user_data['identity_token']);
// Login:
Gdn::Session()->Start($user_id, TRUE);
if (!Gdn::Session()->CheckPermission('Garden.SignIn.Allow')) {
//$this->Form->AddError('ErrorPermission');
Gdn::Session()->End();
}
if ($registration === TRUE) {
Gdn::UserModel()->FireEvent('RegistrationSuccessful');
} else {
Gdn::UserModel()->FireEvent('AfterSignIn');
}
// Redirection:
if (!empty($custom_redirect)) {
SafeRedirect($custom_redirect);
}
// This was set in the callback_uri (JS):
$target = Gdn::Request()->Get('Target');
$target = empty($target) ? Gdn::Router()->GetDestination('DefaultController') : $target;
SafeRedirect(Url($target, TRUE));
}
}
}
/**
* Redirect to the url specified by the discussion.
* @param array|object $Discussion
*/
protected function RedirectDiscussion($Discussion)
{
$Body = Gdn_Format::To(GetValue('Body', $Discussion), GetValue('Format', $Discussion));
if (preg_match('`href="([^"]+)"`i', $Body, $Matches)) {
$Url = $Matches[1];
SafeRedirect($Url, 301);
}
}
