} // +-----------------------------------------------------------------------+ // | Check Access and exit when user status is not ok | // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | actions | // +-----------------------------------------------------------------------+ if (!empty($_POST)) { if (empty($_POST['comments'])) { $page['errors'][] = l10n('Select at least one comment'); } else { include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comments', $_POST, true, PATTERN_ID); if (isset($_POST['validate'])) { validate_user_comment($_POST['comments']); $page['infos'][] = l10n_dec('%d user comment validated', '%d user comments validated', count($_POST['comments'])); } if (isset($_POST['reject'])) { delete_user_comment($_POST['comments']); $page['infos'][] = l10n_dec('%d user comment rejected', '%d user comments rejected', count($_POST['comments'])); } } } // +-----------------------------------------------------------------------+ // | template init | // +-----------------------------------------------------------------------+ $template->set_filenames(array('comments' => 'comments.tpl')); $template->assign(array('F_ACTION' => get_root_url() . 'admin.php?page=comments')); // +-----------------------------------------------------------------------+ // | Tabs |
case 'delete_comment': check_pwg_token(); include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id($_GET['comment_to_delete']); if (can_manage_comment('delete', $author_id)) { delete_user_comment($_GET['comment_to_delete']); } redirect($url_self); case 'validate_comment': check_pwg_token(); include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id($_GET['comment_to_validate']); if (can_manage_comment('validate', $author_id)) { validate_user_comment($_GET['comment_to_validate']); } redirect($url_self); } } //---------- incrementation of the number of hits $inc_hit_count = !isset($_POST['content']); // don't increment counter if in the Mozilla Firefox prefetch if (isset($_SERVER['HTTP_X_MOZ']) and $_SERVER['HTTP_X_MOZ'] == 'prefetch') { $inc_hit_count = false; } else { // don't increment counter if comming from the same picture (actions) if (pwg_get_session_var('referer_image_id', 0) == $page['image_id']) { $inc_hit_count = false; } pwg_set_session_var('referer_image_id', $page['image_id']);
$comment_id = $_GET[$action]; break; } } if (isset($action)) { $comment_author_id = get_comment_author_id($comment_id); if (can_manage_comment($action, $comment_author_id)) { $perform_redirect = false; if ('delete' == $action) { check_pwg_token(); delete_user_comment($comment_id); $perform_redirect = true; } if ('validate' == $action) { check_pwg_token(); validate_user_comment($comment_id); $perform_redirect = true; } if ('edit' == $action) { if (!empty($_POST['content'])) { check_pwg_token(); $comment_action = update_user_comment(array('comment_id' => $_GET['edit'], 'image_id' => $_POST['image_id'], 'content' => $_POST['content'], 'website_url' => @$_POST['website_url']), $_POST['key']); switch ($comment_action) { case 'moderate': $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.'); case 'validate': $_SESSION['page_infos'][] = l10n('Your comment has been registered'); $perform_redirect = true; break; case 'reject': $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');