Exemple #1
0
/**
 * deletes a comment
 *   
 */
function delete_comment($comment_id, $privileges, $login, $output = '')
{
    $priv = $privileges;
    if ($priv > 2) {
        echo '<h1>Suppression :</h1>';
        if (is_numeric($comment_id) && $comment_id > 0) {
            $result = @mysql_query(sprintf("SELECT comment_id,text,rand_prop,hash_prop FROM comment WHERE comment_id='%s'", mysql_real_escape_string($comment_id)));
            if (!$result || mysql_num_rows($result) < 1) {
                $warnings = '<div class="warning">Commentaire inexistant</div>';
            } else {
                $row = mysql_fetch_assoc($result);
                $id = $row["comment_id"];
                $mess_user = trim($row["text"]);
                $is_prop = check_property($row["rand_prop"], $row["hash_prop"]);
                @mysql_free_result($result);
            }
        } else {
            $warnings = '<div class="warning">Commentaire inexistant</div>';
        }
        if (empty($warnings) && $id > 0) {
            if (isset($_SESSION['post'])) {
                $_POST = $_SESSION['post'];
                unset($_SESSION['post']);
            }
            // Traitement d'un formulaire éventuellement déjà validé
            $affich_form = true;
            if (isset($_POST['form_name']) && $_POST['form_name'] == "deletion") {
                if (!isset($_POST["validation"])) {
                    echo '<div class="warning">Vous n\'avez pas confirm&eacute; la suppression</div>';
                } elseif ($_POST["validation"] == "on") {
                    if ($priv > 4 || $is_prop == 1) {
                        if (@mysql_query(sprintf("DELETE FROM comment WHERE comment_id='%s'", mysql_real_escape_string($id)))) {
                            echo '<div class="success">Commentaire correctement supprim&eacute;</div>';
                            $affich_form = false;
                        } else {
                            echo '<div class="warning">Erreur lors de la suppression du commentaire</div>';
                        }
                    } else {
                        echo '<div class="warning">Vous ne disposez pas des droits n&eacute;cessaires</div>';
                    }
                }
            }
            // Affichage du formulaire le cas échéant
            if ($affich_form) {
                if ($priv > 4 || $is_prop == 1) {
                    echo '<form method="post" action="?action=remove_post&comment_id=' . htmlentities($id) . '">';
                    echo 'Souhaitez-vous r&eacute;ellement supprimer le commentaire suivant ?<br />"';
                    echo nl2br(htmlentities(stripslashes($mess_user))) . '"<br /><br />';
                    echo '<input type="checkbox" name="validation" id="v_check" /><label for="v_check">Oui, supprimer !</label>';
                    echo '<input type="hidden" name="form_name" value="deletion" />&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Valider" /></form>';
                } else {
                    echo '<div class="warning">Vous ne disposez pas des droits n&eacute;cessaires</div>';
                }
            }
        } elseif (!empty($warnings)) {
            echo $warnings;
        }
        if (isset($_POST)) {
            unset($_POST);
        }
    } else {
        need_logged_member_privilege();
    }
}
function new_post()
{
    if (user_privilege_level() > 2) {
        echo '<h1>Publication d\'une nouvelle proposition :</h1>';
        // Valeurs réintroduites dans le formulaire en cas d'erreur
        $affich_form = true;
        $title_prec = "";
        $text_prec = "";
        $anon_prec = "";
        $cate_prec = 0;
        if (isset($_SESSION['post'])) {
            $_POST = $_SESSION['post'];
            unset($_SESSION['post']);
        }
        // Le formulaire a été validé
        if (isset($_POST['form_name']) && $_POST['form_name'] == "create_thread") {
            $action = post(trim($_POST["title"]), trim($_POST["message"]), $_POST["anonymization"], $_POST["category"], $_SESSION['login_c']);
            $action->echo_warnings();
            $action->echo_successes();
            if ($action->result) {
                $affich_form = false;
            }
        }
        if ($affich_form) {
            echo '
			<div class="enlarge_lowresol">
            <form method="post" action="?action=new_post">
				<table class="tab_form">
					<tr>
						<td>
							Titre :
						</td>
						<td>
							<input type="text" name="title" value="' . htmlentities($title_prec) . '" />
						</td>
					</tr>
					<tr>
						<td>
							Cat&eacute;gorie :
						</td>
                        <td>
							<select name="category">';
            $tail = "";
            $result = @mysql_query("SELECT category_id,category_name FROM thread_category");
            if ($result) {
                while ($row = mysql_fetch_assoc($result)) {
                    if ($row["category_id"] == $cate_prec) {
                        $tail .= '<option value="' . htmlentities($row["category_id"]) . '" selected="selected">' . htmlentities($row["category_name"]) . '</option>';
                    } else {
                        $tail .= '<option value="' . htmlentities($row["category_id"]) . '">' . htmlentities($row["category_name"]) . '</option>';
                    }
                }
                @mysql_free_result($result);
            }
            if (empty($tail)) {
                $tail = '<option value="0">Defaut</option>';
            }
            echo $tail . '
							</select>
						</td>
					</tr>
					<tr>
						<td>
							Proposition :
						</td>
						<td>
                            <textarea name="message" rows="10" cols="50">' . htmlentities($text_prec) . '</textarea>
						</td>
					</tr>
					<tr>
						<td>
							Anonymiser :
						</td>
						<td>';
            if (empty($anon_prec)) {
                echo '<input type="checkbox" name="anonymization" />';
            } else {
                echo '<input type="checkbox" name="anonymization" checked="checked" />';
            }
            echo '
						</td>
					</tr>
					<tr>
						<td>
							<input type="hidden" name="form_name" value="create_thread" />
						</td>
						<td></td>
					</tr>
					<tr class="submit_center">
						<td colspan="2" rowspan="1">
							<input type="submit" value="Valider" />
						</td>
					</tr>
				</table>
			</form>
			</div>
			';
        }
        if (isset($_POST)) {
            unset($_POST);
        }
        echo '

        <br /><br />
        <p>
			<span class="footnote">
            <b>Note :</b> L\'anonymat repose sur un m&eacute;canisme utilisant une valeur al&eacute;atoirement attribu&eacute;e &agrave; chaque
			proposition. En pratique, vous pourrez donc &agrave; tout moment &eacute;diter votre message, le supprimer, l\'anonymiser ou
			au contraire faire afficher votre nom. Mais dans le cas o&ugrave; vous activez l\'anonymisation, strictement personne, administrateurs compris,
			ne sera capable de vous associer &agrave; un message donn&eacute; &agrave; partir des seules informations stock&eacute;es par le site.
			</span>
        </p>

        ';
    } else {
        need_logged_member_privilege();
    }
}
Exemple #3
0
function edition()
{
    $priv = user_privilege_level();
    if ($priv > 2) {
        echo '<h1>Edition </h1>';
        // Récupération des arguments
        $id = -1;
        $is_prop = 0;
        $mess_user = "";
        $title_prec = "";
        $cate_prec = "";
        $warnings = "";
        $type = 0;
        // 0=thread, 1=comment
        $exist_t = isset($_GET["thread_id"]);
        $exist_c = isset($_GET["comment_id"]);
        if ($exist_c && $exist_t) {
            $warnings = '<div class="warning">Impossible de d&eacute;terminer la cat&eacute;gorie de l\'objet &agrave; &eacute;diter</div>';
        } elseif ($exist_c) {
            $type = 1;
            if (is_numeric($_GET["comment_id"]) && $_GET["comment_id"] > 0) {
                $comment_id = mysql_real_escape_string($_GET["comment_id"]);
                $result = @mysql_query(sprintf("SELECT comment_id,text,rand_prop,hash_prop FROM comment WHERE comment_id='%s'", mysql_real_escape_string($comment_id)));
                if (!$result || mysql_num_rows($result) < 1) {
                    $warnings = '<div class="warning">Commentaire inexistant</div>';
                } else {
                    $row = mysql_fetch_assoc($result);
                    $id = $row["comment_id"];
                    $mess_user = trim($row["text"]);
                    $is_prop = check_property($row["rand_prop"], $row["hash_prop"]);
                    @mysql_free_result($result);
                }
            } else {
                $warnings = '<div class="warning">Commentaire inexistant</div>';
            }
        } elseif ($exist_t) {
            $type = 0;
            if (is_numeric($_GET["thread_id"]) && $_GET["thread_id"] > 0) {
                $thread_id = mysql_real_escape_string($_GET["thread_id"]);
                $result = @mysql_query(sprintf("SELECT thread_id,text,title,category,rand_prop,hash_prop FROM thread WHERE thread_id='%s'", $thread_id));
                if (!$result || mysql_num_rows($result) < 1) {
                    $warnings = '<div class="warning">Proposition inexistante</div>';
                } else {
                    $row = mysql_fetch_assoc($result);
                    $id = $row["thread_id"];
                    $mess_user = trim($row["text"]);
                    $is_prop = check_property($row["rand_prop"], $row["hash_prop"]);
                    $title_prec = $row["title"];
                    $cate_prec = $row["category"];
                    @mysql_free_result($result);
                }
            } else {
                $warnings = '<div class="warning">Proposition inexistante</div>';
            }
        } else {
            $warnings = '<div class="warning">Id de l\'objet non pr&eacute;cis&eacute;</div>';
        }
        if (empty($warnings) && $id > 0) {
            if (isset($_SESSION['post'])) {
                $_POST = $_SESSION['post'];
                unset($_SESSION['post']);
            }
            // Traitement d'un formulaire éventuellement déjà validé
            $affich_form = true;
            if (isset($_POST['form_name']) && $_POST['form_name'] == "edition") {
                if ($priv > 4 || $is_prop == 1) {
                    // Afficher les messages d'erreur en une fois, traitement parallèle
                    if (isset($_POST["message"]) && is_string($_POST["message"]) && !empty($_POST["message"])) {
                        $mess_user = $_POST["message"];
                        if ($type == 0) {
                            if (isset($_POST["title"]) && is_string($_POST["title"]) && !empty($_POST["title"])) {
                                if (isset($_POST["category"]) && is_numeric($_POST["category"]) && $_POST["category"] > 0) {
                                    $title_prec = $_POST["title"];
                                    $cate_prec = $_POST["category"];
                                    $chaine_conf = random_password(40);
                                    $chaine_conf_hash = sha1($chaine_conf);
                                    if (@mysql_query(sprintf("UPDATE thread SET is_valid=0,text='%s',title='%s',category='%s',already_mod=0,chaine_moderation='%s' WHERE thread_id='%s'", mysql_real_escape_string($mess_user), mysql_real_escape_string($title_prec), mysql_real_escape_string($cate_prec), $chaine_conf_hash, mysql_real_escape_string($thread_id)))) {
                                        echo '<div class="success">Proposition correctement modifi&eacute;e</div>';
                                        $affich_form = false;
                                        /*
                                        $nexp="Ponts ParisTech Refresh";
                                        $email="*****@*****.**";
                                        $subject="Modération - proposition éditée";
                                        $header = "From: ". $nexp . " <" . $email . ">\r\n";
                                        $mess_userm=stripslashes($mess_user);
                                        $mail_body =$mail_body = "Bonjour,\n\nUne proposition a été éditée et doit être modérée [titre : '$title_prec']. Voici son contenu :\n\n****************\n$mess_userm\n****************\n\nVous pouvez l'approuver dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=proposition&id=$thread_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh";
                                        file_put_contents('fichier.tmp.txt',$subject."\n\n\n\n".$mail_body);
                                        */
                                    } else {
                                        echo '<div class="warning">Erreur lors de l\'&eacute;dition</div>';
                                    }
                                } else {
                                    echo '<div class="warning">Cat&eacute;gorie incorrecte</div>';
                                }
                            } else {
                                echo '<div class="warning">Titre incorrect</div>';
                            }
                        } else {
                            $chaine_conf = random_password(40);
                            $chaine_conf_hash = sha1($chaine_conf);
                            if (@mysql_query(sprintf("UPDATE comment SET is_valid=0,text='%s',already_mod=0,chaine_moderation='%s' WHERE comment_id='%s'", mysql_real_escape_string($mess_user), $chaine_conf_hash, mysql_real_escape_string($comment_id)))) {
                                echo '<div class="success">Commentaire correctement modifi&eacute;</div>';
                                $affich_form = false;
                                /*
                                								
                                								$nexp="Ponts ParisTech Refresh";
                                								$email="*****@*****.**";
                                								$subject="Modération - commentaire édité";
                                								$header = "From: ". $nexp . " <" . $email . ">\r\n";
                                								$mess_userm=stripslashes($mess_user);
                                								
                                								$res_bonus=@mysql_query(sprintf("SELECT thread_id FROM comment WHERE comment_id='%s'",mysql_real_escape_string($comment_id)));
                                								if($res_bonus && $valtmp=mysql_fetch_assoc($res_bonus))
                                								{
                                									$validtmp=$valtmp["thread_id"];
                                									$mail_body =$mail_body = "Bonjour,\n\nUn commentaire en réponse à la proposition #$validtmp [http://refresh.enpc.org/index.php?action=display_post&unique=$validtmp] a été édité et doit être modéré. Voici son contenu :\n\n****************\n$mess_userm\n****************\n\nVous pouvez approuver ce commentaire dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=comment&id=$comment_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh";
                                								}
                                								else
                                									$mail_body =$mail_body = "Bonjour,\n\nUn commentaire a été édité et doit être modéré. Voici son contenu :\n\n****************\n$mess_userm\n****************\n\nVous pouvez approuver ce commentaire dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=comment&id=$comment_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh";
                                			
                                								//@mb_send_mail("*****@*****.**",$subject,$mail_body,$header);
                                								file_put_contents('fichier.tmp.txt',$subject."\n\n\n\n".$mail_body);
                                */
                            } else {
                                echo '<div class="warning">Erreur lors de l\'&eacute;dition du commentaire</div>';
                            }
                        }
                    } else {
                        echo '<div class="warning">Message incorrect</div>';
                    }
                } else {
                    echo '<div class="warning">Vous ne disposez pas des droits n&eacute;cessaires</div>';
                }
            }
            // Affichage du formulaire le cas échéant
            if ($affich_form) {
                if ($priv > 4 || $is_prop == 1) {
                    if ($type == 0) {
                        echo '<form method="post" action="?action=edit_post&amp;thread_id=' . htmlentities($id) . '"><table class="tab_form">';
                    } else {
                        echo '<form method="post" action="?action=edit_post&amp;comment_id=' . htmlentities($id) . '"><table class="tab_form">';
                    }
                    if ($type == 0) {
                        echo '<tr>
								<td>
									Titre :
								</td>
								<td>';
                        if (empty($title_prec)) {
                            echo '<input type="text" name="title" />';
                        } else {
                            echo '<input type="text" name="title" value="' . htmlentities(stripslashes($title_prec)) . '" />';
                        }
                        echo '</td>
							</tr>
							<tr>
								<td>
									Cat&eacute;gorie :
								</td>
								<td>
									<select name="category">';
                        $tail = "";
                        $result = @mysql_query("SELECT category_id,category_name FROM thread_category");
                        if ($result) {
                            while ($row = mysql_fetch_assoc($result)) {
                                if ($cate_prec == $row["category_id"]) {
                                    $tail .= '<option value="' . htmlentities($row["category_id"]) . '" selected="selected">' . htmlentities($row["category_name"]) . '</option>';
                                } else {
                                    $tail .= '<option value="' . htmlentities($row["category_id"]) . '">' . htmlentities($row["category_name"]) . '</option>';
                                }
                            }
                            @mysql_free_result($result);
                        }
                        if (empty($tail)) {
                            $tail = '<option value="0">Defaut</option>';
                        }
                        echo $tail . '</select>
								</td>
							</tr>
							';
                    }
                    echo '<tr>
								<td colspan="2">
									<textarea name="message" rows="15" cols="80">' . htmlentities(stripslashes($mess_user)) . '</textarea>
								</td>
							</tr>
							<tr>
								<td colspan="2">
									<input type="hidden" name="form_name" value="edition" />
								</td>
							</tr>
							<tr class="submit_center">
								<td colspan="2" rowspan="1">
									<input type="submit" value="Valider" />
								</td>
							</tr>
						</table>
					</form>';
                } else {
                    echo '<div class="warning">Vous ne disposez pas des droits n&eacute;cessaires</div>';
                }
            }
        } elseif (!empty($warnings)) {
            echo $warnings;
        }
        if (isset($_POST)) {
            unset($_POST);
        }
    } else {
        need_logged_member_privilege();
    }
}