if ($reply_edit_on == 1) {
$edit_reply_on = "<div style=\"margin-right:12px; float:right;\">\r\n\t\t\t <a href=\"edit/editcomments.php?type=5&id={$reply_id}\" title=\"{$lang_edit}\" rel=\"gb_page_center[800, 400]\">\r\n <img src=\"{$base_url}/themes/{$user_theme}/images/icons/edit_small.png\" alt=\"{$lang_delete_general}\" width=\"14\" height=\"14\" border=\"0\" />\r\n\t\t\t {$lang_edit}</a>\r\n\t\t\t</div>\n";
} else {
$edit_reply_on = "<div style=\"margin-right:12px; float:right;\"> </div>\n";
}
//_______________________________________________________________________________________________________________
$reply_block .= "<hr style=\"border-top: 1px dashed #C0C0C0; border-bottom: 0px\" />\n\r\n\t\t\t\t\t<div style=\"width: 100%; background-color: {$small_block_background};\" id=\"reply_block\">\n\r\n\t\t\t\t\t <div>\n\r\n\t\t\t\t\t <div style=\"margin-left:12px; float:left;\">{$lang_reply_by}: <b>{$by_username}</b></div>\n\r\n\t\t\t\t\t <div style=\"margin-right:22px; float:right;\"><b>{$lang_date}: </b>{$reply_date}</div>\n\r\n\t\t\t\t\t </div>\n\r\n\t\t\t\t\t<div>\n";
$reply_block .= $delete_reply_on . $edit_reply_on;
$reply_block .= "</div>\n\r\n\t\t\t\t <br />\n\r\n\t\t\t\t <br />\n\r\n\t\t\t\t <div style=\"margin-left:32px; float:left;\">{$reply_wrap}</div>\n\r\n\t\t\t\t <br />\n\r\n\t\t\t\t <br />\n\r\n\t\t\t\t </div>\n";
}
$each_comment = array('indexer' => $result['indexer'], 'by_username' => $result['blog_owner'], 'by_id' => $result['user_id'], 'viewtime' => $result['viewtime'], 'title' => $result['title'], 'description' => $result['description'], 'tags' => $result['tags'], 'category' => $result['category'], 'comments' => $wrap, 'todays_date' => $result['date_created'], 'poster_picture' => $poster_picture, 'thumb_new_width' => $new_smallwidth, 'thumb_new_height' => $new_smallheight, 'rating' => $result['updated_rating'], 'drop_block' => $drop_block, 'reply_block' => $reply_block);
$result_search3[] = $each_comment;
}
$page_title = ucfirst($title) . ' Blog';
// START SECURITY BLOCK
$usercheck = new LoadPermissions('', $blog_id, 'blogs');
$usercheck->CheckPermissions();
$edit_on = $usercheck->ReturnVars('edit_on');
$delete_on = $usercheck->ReturnVars('delete_on');
// END SECURITY BLOCK
//print_r($usercheck);
//update counter
$views_counter = $number_of_views + 1;
$sql = "UPDATE blogs SET number_of_views = {$views_counter} WHERE indexer = {$blog_id}";
$query = @mysql_query($sql);
//record view time in views_tracker table
@media_views_tracker($blog_id, 'blogs');
// update last read time
$sql = "UPDATE blogs SET viewtime = NOW() WHERE indexer = {$blog_id}";
$query = @mysql_query($sql);
// ajax pagination reuseable
//groups
case 17:
managegroups($contentid,'delete');
break;
*/
//group comments
case 18:
$usercheck = new LoadPermissions('', $contentid, 'group_comments');
$usercheck->CheckPermissions();
$usercheck->ActionsCheck('delete');
manage_flagged_comments($contentid, 'delete', 'group_comments');
break;
//Video comments
//Video comments
case 19:
$usercheck = new LoadPermissions('', $contentid, 'video_comments');
$usercheck->CheckPermissions();
$usercheck->ActionsCheck('delete');
manage_flagged_comments($contentid, 'delete', 'videocomments');
break;
}
//display notification
if (@mysql_error()) {
$show_notification = 1;
$message = $config["error_26"];
//error
} else {
$show_notification = 1;
$message = $config["error_25"];
//success
}
<?php
include_once '../classes/config.php';
include_once '../classes/permissions.php';
$id = mysql_real_escape_string($_GET['id']);
if (!empty($_POST)) {
$id = mysql_real_escape_string($_POST['id']);
}
// check if uid is in the requesting url
if ($id == "") {
ErrorDisplay1($config["invalid_request"]);
die;
}
//check permissions again
/////////////////////////
$usercheck = new LoadPermissions('', $id, 'image_album');
//($user_id, $content_id, $content_type);
$usercheck->CheckPermissions();
$usercheck->ActionsCheck('edit');
//Can be ( edit, delete, both ) this returns error and dies if user does not have permissions
// Some basic presets
$show_notification = 0;
///////////////////////
//update mysql database
///////////////////////
if ($_POST["submitted"] == "yes") {
//get form post (no mysql_real_escapE) so that it can be checked for full completion
$title = $_POST["title"];
$description = $_POST["description"];
$tags = $_POST["tags"];
//check if form filled in fully
} else {
// show place holder image
$image_thumb = $config['site_base_url'] . "/themes/{$user_theme}/images/placeholder.gif";
//url
$image_file = $base_path . "/themes/{$user_theme}/images/placeholder.gif";
//full path
$result5 = array('friends_picture' => $image_thumb);
}
//rescale thumbs
$page_display_width = $config['members_prof_friends_thumb_width'];
$display_thumbs = show_thumb($image_file, $page_display_width);
$image_width = $display_thumbs[0];
$image_height = $display_thumbs[1];
$posters_thumb = array('image_width' => $image_width, 'image_height' => $image_width, 'image_thumb' => $image_thumb);
// PERMISSIONS CHECK VIDEOS COMMENTS
$usercheck = new LoadPermissions('', $indexer_id, 'profile_comments');
$usercheck->CheckPermissions();
$profile_comment_edit_on = $usercheck->ReturnVars('edit_on');
$profile_comment_delete_on = $usercheck->ReturnVars('delete_on');
//Edit link
if ($profile_comment_edit_on == 1) {
$profile_comment_edit_on = '<a href="edit/editcomments.php?type=8&id=' . $indexer_id . '" title="Edit" rel="gb_page_center[800, 400]">
<img src="' . $base_url . '/themes/' . $user_theme . '/images/icons/edit_small.png" alt="' . $lang_edit . '" width="14" height="14" border="0" />' . $lang_edit . '</a>';
} else {
$profile_comment_edit_on = '';
}
//Delete link
if ($profile_comment_delete_on == 1) {
$profile_comment_delete_on = '<a href="edit/delete.php?type=6&id=' . $indexer_id . '" title="Delete" rel="gb_page_center[800, 300]">
<img src="' . $base_url . '/themes/' . $user_theme . '/images/icons/delete_small.png" alt="' . $lang_delete_general . '" width="14" height="14" border="0" />' . $lang_delete_general . '</a>';
} else {
