/**
* Plugin function to delete a comment
* $cid Comment to be deleted
* $id Item id to which $cid belongs
*
*/
function _mg_deletecomment($cid, $id)
{
global $_CONF, $_MG_CONF, $_TABLES, $MG_albums;
// find the album that holds this peice of media
$sql = "SELECT album_id FROM {$_TABLES['mg_media_albums']} WHERE media_id='" . DB_escapeString($id) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$row = DB_fetchArray($result);
$aid = $row['album_id'];
if ($MG_albums[0]->owner_id) {
$access = 3;
} else {
$access = $MG_albums[$aid]->access;
}
} else {
$access = 0;
}
if ($access == 3 || SEC_hasRights('mediagallery.admin')) {
if (CMT_deleteComment($cid, $id, 'mediagallery') == 0) {
//reduce count in media table
$comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery'));
DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id));
// Now redirect the program flow to the view of the file and its comments
return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}");
} else {
return false;
}
} else {
return false;
}
}
/**
* article: delete a comment
*
* @param int $cid Comment to be deleted
* @param string $id Item id to which $cid belongs
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_deletecomment_article($cid, $id)
{
global $_CONF, $_TABLES, $_USER;
$retval = '';
$has_editPermissions = SEC_hasRights('story.edit');
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '{$id}'");
$A = DB_fetchArray($result);
if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
CMT_deleteComment($cid, $id, 'article');
$comments = DB_count($_TABLES['comments'], 'sid', $id);
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
// Comment count in Older Stories block may have changed so delete cache
$cacheInstance = 'olderstories__';
// remove all olderstories instances
CACHE_remove_instance($cacheInstance);
COM_redirect(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments');
} else {
COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) " . "tried to illegally delete comment {$cid} from {$id}");
COM_redirect($_CONF['site_url'] . '/index.php');
}
return $retval;
}
/**
* Handles a comment delete
*
* @copyright Vincent Furia 2005
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @return string HTML (possibly a refresh)
*/
function handleDelete($formtype)
{
global $_CONF, $_TABLES;
$display = '';
if ($formtype == 'editsubmission') {
DB_delete($_TABLES['commentsubmissions'], 'cid', COM_applyFilter($_REQUEST['cid'], true));
$display = COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
$type = COM_applyFilter($_REQUEST['type']);
$sid = COM_applyFilter($_REQUEST['sid']);
switch ($type) {
case 'article':
$has_editPermissions = SEC_hasRights('story.edit');
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
$A = DB_fetchArray($result);
if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'article');
$comments = DB_count($_TABLES['comments'], 'sid', $sid);
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
$display .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$sid}") . '#comments');
} else {
COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}");
$display .= COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
default:
// assume plugin
if (!($display = PLG_commentDelete($type, COM_applyFilter($_REQUEST['cid'], true), $sid))) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
}
}
return $display;
}
/**
* Deletes a given comment
* (lifted from comment.php)
* @param int $cid Comment ID
* @param string $sid ID of object comment belongs to
* @param string $type Comment type (e.g. article, poll, etc)
* @return string Returns string needed to redirect page to right place
*
*/
public function delcomment($cid, $sid, $type)
{
global $_CONF, $_TABLES, $LANG_SX00;
$type = COM_applyFilter($type);
$sid = COM_applyFilter($sid);
switch ($type) {
case 'article':
$has_editPermissions = SEC_hasRights('story.edit');
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
$A = DB_fetchArray($result);
if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
CMT_deleteComment(COM_applyFilter($cid, true), $sid, 'article');
$comments = DB_count($_TABLES['comments'], array('sid', 'type'), array($sid, 'article'));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
} else {
COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}");
}
break;
default:
// assume plugin
PLG_commentDelete($type, COM_applyFilter($cid, true), $sid);
break;
}
SPAMX_log($LANG_SX00['spamdeleted']);
}
/**
* article: delete a comment
*
* @param int $cid Comment to be deleted
* @param string $id Item id to which $cid belongs
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_deletecomment_article($cid, $id)
{
global $_CONF, $_TABLES, $_USER;
$retval = '';
$has_editPermissions = SEC_hasRights('story.edit');
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($id) . "'");
$A = DB_fetchArray($result);
if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
CMT_deleteComment($cid, $id, 'article');
$comments = DB_count($_TABLES['comments'], 'sid', DB_escapeString($id));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', DB_escapeString($id));
CACHE_remove_instance('whatsnew');
$retval .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments');
} else {
COM_errorLog("User {$_USER['username']} " . "did not have permissions to delete comment {$cid} from {$id}");
$retval .= COM_refresh($_CONF['site_url'] . '/index.php');
}
return $retval;
}
/**
* Delete a comment
*
* @param string $suffix
*/
function deleteComments($suffix)
{
global $_CONF, $_TABLES, $_USER;
$commentIds = getCommentIds($suffix);
if (SEC_checkToken()) {
if (count($commentIds) > 0) {
foreach ($commentIds as $commentId) {
if ($commentId <= 0) {
COM_errorLog("Attempted to delete a nonexistent comment (cid = {$commentId})");
} else {
if ($suffix === SUFFIX_COMMENTS) {
$sql = "SELECT sid, type FROM {$_TABLES['comments']} WHERE cid = " . DB_escapeString($commentId);
$result = DB_query($sql);
if (!DB_error()) {
$A = DB_fetchArray($result, false);
if (is_array($A) && count($A) > 0) {
$sid = $A['sid'];
$type = $A['type'];
if (CMT_deleteComment($commentId, $sid, $type) > 0) {
COM_errorLog("Attempted to delete a nonexistent comment (cid = {$commentId})");
}
}
}
} elseif ($suffix === SUFFIX_COMMENT_SUBMISSIONS) {
$sql = "DELETE FROM {$_TABLES['commentsubmissions']} " . "WHERE cid = " . DB_escapeString($commentId);
DB_query($sql);
}
}
}
COM_redirect($_CONF['site_admin_url'] . '/comment.php?msg=140');
}
} else {
COM_accessLog("User {$_USER['username']} tried to delete comments (cid = " . implode(', ', $commentIds) . ") and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/index.php');
}
}
function DLM_deleteComments()
{
global $_TABLES, $_LANG_CONV, $_SUCCESS;
$retval = '';
$result = DB_query("SELECT cid, sid FROM {$_TABLES['comments']} WHERE type = 'downloads' ORDER BY date ASC");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
while (list($cid, $sid) = DB_fetchArray($result)) {
$val = CMT_deleteComment($cid, $sid, 'downloads');
if ($val > 0) {
$_SUCCESS = false;
}
if (!$_SUCCESS) {
$retval .= '<p>' . $_LANG_CONV['failure_delete_comment'] . "cid: {$cid}" . '</p>' . LB;
return $retval;
}
}
return $retval;
}
