/**
* returns single post XML
* @param $post_id post id
* @param $force_show force show hidden post
*/
function getHiddenPostXML($post_id, $force_show)
{
global $gConf;
$post_id = (int) $post_id;
if (!$post_id) {
return false;
}
$ui = array();
$fdb = new DbForum();
$topic_id = $fdb->getTopicIdByPostId($post_id);
$forum_id = $fdb->getForumIdByPostId($post_id);
// check user permission to read this topic posts
$forum_type = $fdb->getForumTypeByTopicId($topic_id);
if (!$this->_checkUserPerm('', $forum_type, 'read')) {
return $this->_no_access();
}
// check user permissions to delete or edit posts
$gl_allow_edit = 0;
$gl_allow_del = 0;
if ($this->_checkUserPerm('', $forum_type, 'edit')) {
$gl_allow_edit = 1;
}
if ($this->_checkUserPerm('', $forum_type, 'del')) {
$gl_allow_del = 1;
}
$u = $this->_getLoginUser();
$r = $fdb->getPost($post_id, $u);
// acquire user info
if (!$ui[$r['user']]) {
$aa = $this->_getUserInfo($r['user']);
$ui[$r['user']] = array('posts' => (int) $fdb->getUserPosts($r['user']), 'avatar' => $aa['avatar'], 'url' => $aa['profile_url'], 'onclick' => $aa['profile_onclick']);
}
$allow_edit = $gl_allow_edit;
$allow_del = $gl_allow_del;
if (!$allow_edit && $r['user'] == $this->_getLoginUserName()) {
if ($this->_checkUserPerm($r['user'], 'own', 'edit')) {
$allow_edit = 1;
}
}
if (!$allow_del && $r['user'] == $this->_getLoginUserName()) {
if ($this->_checkUserPerm($r['user'], 'own', 'del')) {
$allow_del = 1;
}
}
$cu = $this->getUrlsXml();
encode_post_text($r['post_text']);
return <<<EOF
<root>
{$cu}
<forum><id>{$forum_id}</id></forum>
<topic><id>{$topic_id}</id></topic>
<post id="{$r['post_id']}" force_show="{$force_show}">
\t<text>{$r['post_text']}</text>
\t<when>{$r['when']}</when>
\t<allow_edit>{$allow_edit}</allow_edit>
\t<allow_del>{$allow_del}</allow_del>
\t<points>{$r['votes']}</points>
\t<vote_user_point>{$r['vote_user_point']}</vote_user_point>\t
\t<user posts="{$ui[$r['user']]['posts']}" name="{$r['user']}">
\t\t<avatar>{$ui[$r['user']]['avatar']}</avatar>
\t\t<url>{$ui[$r['user']]['url']}</url>
\t\t<onclick>{$ui[$r['user']]['onclick']}</onclick>
\t</user>
\t<min_point>{$gConf['min_point']}</min_point>
</post>
</root>
EOF;
}
/**
* delete post
* @param $post_id post id
* @param $topic_id topic id
* @param $forum_id forum id
*/
function deletePostXML($post_id, $topic_id, $forum_id)
{
$no_access = true;
$fdb = new DbForum();
$f_type = $fdb->getForumTypeByPostId($post_id);
$forum_id = $fdb->getForumIdByPostId($post_id);
if ($this->_checkUserPerm('', $f_type, 'del', $forum_id)) {
$no_access = false;
}
if ($no_access && $fdb->getPostUser((int) $post_id) == $this->_getLoginUserName()) {
if ($this->_checkUserPerm('', 'own', 'del', $forum_id)) {
$no_access = false;
}
}
if ($no_access) {
return <<<EOF
<html>
<body>
<script language="javascript" type="text/javascript">
\twindow.parent.document.f.accessDenied();
</script>
</body>
</html>
EOF;
}
// delete post here
$fdb->deletePost($post_id);
$exists = $fdb->getTopic($topic_id) ? 1 : 0;
return <<<EOF
<html>
<body>
<script language="javascript" type="text/javascript">
\twindow.parent.document.f.deleteSuccess({$forum_id}, {$topic_id}, {$exists});
</script>
</body>
</html>
EOF;
}
