<?php require_once 'common/functions.php'; if (!loggedIn() || user() || !isset($_GET['id']) || empty($_GET['id'])) { //if not logged in, not editor or no id set, go away redirectMsg("./", 'Operação não permitida'); } $id = (int) $_GET['id']; require_once 'db/db.php'; //in this file it's needed either way if (!admin() && !isNewsFromUser($id, $db)) { //if user isn't admin and news isn't his, go away redirectMsg("./", 'Operação não permitida'); } if ($_SERVER['REQUEST_METHOD'] != "POST" || !isset($_POST['title']) || empty($_POST['title']) || !isset($_POST['text']) || empty($_POST['text'])) { ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Editar Notícia</title> <link rel="stylesheet" href="common/style.css"> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> <script src="common/messages.js"></script> <script src="common/alertnews.js"></script> </head> <body> <?php showHeader('Editar notícia'); ?> <div id="menu">
<?php require_once 'common/functions.php'; require_once 'db/db.php'; if (!loggedIn() || !isset($_GET['id'])) { //if not logged in or no id set, go away die(json_encode('Operação não permitida')); } $id = (int) $_GET['id']; $news_id = (int) $_GET['news_id']; if (user() && !isCommentFromUser($id, $db) || (editor() || admin()) && !isCommentFromUser($id, $db) && !isNewsFromUser($news_id, $db)) { //if it's an user and the comment isn't his, or an editor/admin and the comment isn't in his news and it's not his comment, go away die(json_encode('Operação não permitida')); } $stmt = $db->prepare('DELETE FROM comment WHERE rowid= :id'); $stmt->bindparam(':id', $id); if (!$stmt->execute()) { $error = $db->errorInfo(); echo json_encode("Erro: " . $error[2]); } else { echo json_encode('ok'); }
<?php require_once 'common/functions.php'; require_once 'db/db.php'; $id = $_GET['id']; $stmt = $db->prepare('SELECT comment.rowid, text, username, date, edition_date, edited FROM comment, user WHERE user.id=comment.user_id AND news_id = :id ORDER BY comment.rowid DESC'); $stmt->bindparam(':id', $id); $stmt->execute(); $comments = $stmt->fetchall(); $ret = array(); foreach ($comments as $key => $value) { $value['date_format'] = displayDate($value['date']); $value['edition_date_format'] = displayDate($value['edition_date']); $value['editable'] = isCommentFromUser($value['rowid'], $db); $value['text'] = nl2br(stripslashes($value['text'])); if (editor() || admin()) { $value['deletable'] = isNewsFromUser($id, $db) || isCommentFromUser($value['rowid'], $db); } else { $value['deletable'] = isCommentFromUser($value['rowid'], $db); } array_push($ret, $value); } echo json_encode($ret);