Exemple #1
0
/**
 * Plugin function to delete a comment
 * $cid    Comment to be deleted
 * $id     Item id to which $cid belongs
 *
 */
function _mg_deletecomment($cid, $id)
{
    global $_CONF, $_MG_CONF, $_TABLES, $MG_albums;
    // find the album that holds this peice of media
    $sql = "SELECT album_id FROM {$_TABLES['mg_media_albums']} WHERE media_id='" . DB_escapeString($id) . "'";
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    if ($nRows > 0) {
        $row = DB_fetchArray($result);
        $aid = $row['album_id'];
        if ($MG_albums[0]->owner_id) {
            $access = 3;
        } else {
            $access = $MG_albums[$aid]->access;
        }
    } else {
        $access = 0;
    }
    if ($access == 3 || SEC_hasRights('mediagallery.admin')) {
        if (CMT_deleteComment($cid, $id, 'mediagallery') == 0) {
            //reduce count in media table
            $comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery'));
            DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id));
            // Now redirect the program flow to the view of the file and its comments
            return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}");
        } else {
            return false;
        }
    } else {
        return false;
    }
}
Exemple #2
0
/**
 * article: delete a comment
 *
 * @param   int    $cid Comment to be deleted
 * @param   string $id  Item id to which $cid belongs
 * @return  mixed   false for failure, HTML string (redirect?) for success
 */
function plugin_deletecomment_article($cid, $id)
{
    global $_CONF, $_TABLES, $_USER;
    $retval = '';
    $has_editPermissions = SEC_hasRights('story.edit');
    $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '{$id}'");
    $A = DB_fetchArray($result);
    if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
        CMT_deleteComment($cid, $id, 'article');
        $comments = DB_count($_TABLES['comments'], 'sid', $id);
        DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
        // Comment count in Older Stories block may have changed so delete cache
        $cacheInstance = 'olderstories__';
        // remove all olderstories instances
        CACHE_remove_instance($cacheInstance);
        COM_redirect(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments');
    } else {
        COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) " . "tried to illegally delete comment {$cid} from {$id}");
        COM_redirect($_CONF['site_url'] . '/index.php');
    }
    return $retval;
}
Exemple #3
0
/**
 * Handles a comment delete
 *
 * @copyright Vincent Furia 2005
 * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
 * @return string HTML (possibly a refresh)
 */
function handleDelete($formtype)
{
    global $_CONF, $_TABLES;
    $display = '';
    if ($formtype == 'editsubmission') {
        DB_delete($_TABLES['commentsubmissions'], 'cid', COM_applyFilter($_REQUEST['cid'], true));
        $display = COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
    } else {
        $type = COM_applyFilter($_REQUEST['type']);
        $sid = COM_applyFilter($_REQUEST['sid']);
        switch ($type) {
            case 'article':
                $has_editPermissions = SEC_hasRights('story.edit');
                $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
                $A = DB_fetchArray($result);
                if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
                    CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'article');
                    $comments = DB_count($_TABLES['comments'], 'sid', $sid);
                    DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
                    $display .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$sid}") . '#comments');
                } else {
                    COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}");
                    $display .= COM_refresh($_CONF['site_url'] . '/index.php');
                }
                break;
            default:
                // assume plugin
                if (!($display = PLG_commentDelete($type, COM_applyFilter($_REQUEST['cid'], true), $sid))) {
                    $display = COM_refresh($_CONF['site_url'] . '/index.php');
                }
                break;
        }
    }
    return $display;
}
 /**
  * Deletes a given comment
  * (lifted from comment.php)
  * @param    int         $cid    Comment ID
  * @param    string      $sid    ID of object comment belongs to
  * @param    string      $type   Comment type (e.g. article, poll, etc)
  * @return   string      Returns string needed to redirect page to right place
  *
  */
 public function delcomment($cid, $sid, $type)
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $type = COM_applyFilter($type);
     $sid = COM_applyFilter($sid);
     switch ($type) {
         case 'article':
             $has_editPermissions = SEC_hasRights('story.edit');
             $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
             $A = DB_fetchArray($result);
             if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
                 CMT_deleteComment(COM_applyFilter($cid, true), $sid, 'article');
                 $comments = DB_count($_TABLES['comments'], array('sid', 'type'), array($sid, 'article'));
                 DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
             } else {
                 COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}");
             }
             break;
         default:
             // assume plugin
             PLG_commentDelete($type, COM_applyFilter($cid, true), $sid);
             break;
     }
     SPAMX_log($LANG_SX00['spamdeleted']);
 }
Exemple #5
0
/**
 * article: delete a comment
 *
 * @param   int     $cid    Comment to be deleted
 * @param   string  $id     Item id to which $cid belongs
 * @return  mixed   false for failure, HTML string (redirect?) for success
 */
function plugin_deletecomment_article($cid, $id)
{
    global $_CONF, $_TABLES, $_USER;
    $retval = '';
    $has_editPermissions = SEC_hasRights('story.edit');
    $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($id) . "'");
    $A = DB_fetchArray($result);
    if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
        CMT_deleteComment($cid, $id, 'article');
        $comments = DB_count($_TABLES['comments'], 'sid', DB_escapeString($id));
        DB_change($_TABLES['stories'], 'comments', $comments, 'sid', DB_escapeString($id));
        CACHE_remove_instance('whatsnew');
        $retval .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments');
    } else {
        COM_errorLog("User {$_USER['username']} " . "did not have permissions to delete comment {$cid} from {$id}");
        $retval .= COM_refresh($_CONF['site_url'] . '/index.php');
    }
    return $retval;
}
Exemple #6
0
/**
 * Delete a comment
 *
 * @param   string $suffix
 */
function deleteComments($suffix)
{
    global $_CONF, $_TABLES, $_USER;
    $commentIds = getCommentIds($suffix);
    if (SEC_checkToken()) {
        if (count($commentIds) > 0) {
            foreach ($commentIds as $commentId) {
                if ($commentId <= 0) {
                    COM_errorLog("Attempted to delete a nonexistent comment (cid = {$commentId})");
                } else {
                    if ($suffix === SUFFIX_COMMENTS) {
                        $sql = "SELECT sid, type FROM {$_TABLES['comments']} WHERE cid = " . DB_escapeString($commentId);
                        $result = DB_query($sql);
                        if (!DB_error()) {
                            $A = DB_fetchArray($result, false);
                            if (is_array($A) && count($A) > 0) {
                                $sid = $A['sid'];
                                $type = $A['type'];
                                if (CMT_deleteComment($commentId, $sid, $type) > 0) {
                                    COM_errorLog("Attempted to delete a nonexistent comment (cid = {$commentId})");
                                }
                            }
                        }
                    } elseif ($suffix === SUFFIX_COMMENT_SUBMISSIONS) {
                        $sql = "DELETE FROM {$_TABLES['commentsubmissions']} " . "WHERE cid = " . DB_escapeString($commentId);
                        DB_query($sql);
                    }
                }
            }
            COM_redirect($_CONF['site_admin_url'] . '/comment.php?msg=140');
        }
    } else {
        COM_accessLog("User {$_USER['username']} tried to delete comments (cid = " . implode(', ', $commentIds) . ") and failed CSRF checks.");
        COM_redirect($_CONF['site_admin_url'] . '/index.php');
    }
}
Exemple #7
0
function DLM_deleteComments()
{
    global $_TABLES, $_LANG_CONV, $_SUCCESS;
    $retval = '';
    $result = DB_query("SELECT cid, sid FROM {$_TABLES['comments']} WHERE type = 'downloads' ORDER BY date ASC");
    if (DB_error()) {
        $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
        $_SUCCESS = false;
        return $retval;
    }
    while (list($cid, $sid) = DB_fetchArray($result)) {
        $val = CMT_deleteComment($cid, $sid, 'downloads');
        if ($val > 0) {
            $_SUCCESS = false;
        }
        if (!$_SUCCESS) {
            $retval .= '<p>' . $_LANG_CONV['failure_delete_comment'] . "cid: {$cid}" . '</p>' . LB;
            return $retval;
        }
    }
    return $retval;
}