case 'delete_comment': check_pwg_token(); include_once GUESTBOOK_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']); if (can_manage_comment('delete', $author_id)) { delete_user_comment_guestbook($_GET['comment_to_delete']); } redirect($url_self); case 'validate_comment': check_pwg_token(); include_once GUESTBOOK_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']); if (can_manage_comment('validate', $author_id)) { validate_user_comment_guestbook($_GET['comment_to_validate']); } redirect($url_self); } } // +-----------------------------------------------------------------------+ // | add comment | // +-----------------------------------------------------------------------+ if (isset($_POST['content']) && (!is_a_guest() || $conf['guestbook']['guest_can_add'])) { $comm = array('author' => trim(@$_POST['author']), 'email' => trim(@$_POST['email']), 'content' => trim($_POST['content']), 'website' => trim($_POST['website']), 'rate' => @$_POST['score']); include_once GUESTBOOK_PATH . 'include/functions_comment.inc.php'; $comment_action = insert_user_comment_guestbook($comm, @$_POST['key']); switch ($comment_action) { case 'moderate': $page['infos'][] = l10n('An administrator must authorize your comment before it is visible.'); case 'validate':
if (!defined('GUESTBOOK_PATH')) { die('Hacking attempt!'); } include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; // +-----------------------------------------------------------------------+ // | actions | // +-----------------------------------------------------------------------+ if (!empty($_POST)) { if (empty($_POST['comments'])) { $page['errors'][] = l10n('Select at least one comment'); } else { include_once GUESTBOOK_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comments', $_POST, true, PATTERN_ID); if (isset($_POST['validate'])) { validate_user_comment_guestbook($_POST['comments']); $page['infos'][] = l10n_dec('%d user comment validated', '%d user comments validated', count($_POST['comments'])); } if (isset($_POST['reject'])) { delete_user_comment_guestbook($_POST['comments']); $page['infos'][] = l10n_dec('%d user comment rejected', '%d user comments rejected', count($_POST['comments'])); } } } // +-----------------------------------------------------------------------+ // | comments display | // +-----------------------------------------------------------------------+ include GUESTBOOK_PATH . 'include/functions.inc.php'; $list = array(); $query = ' SELECT