Esempio n. 1
0
function unTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks)
{
    $r = new folksoResponse();
    $u = $fks->userSession(null, 'folkso', 'tag');
    if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'tag')) {
        return $r->unAuthorized($u);
    }
    try {
        $i = new folksoDBinteract($dbc);
        $sql = '';
        if (is_numeric($q->tag) && is_numeric($q->res)) {
            $sql = 'DELETE FROM tagevent ' . 'WHERE (tag_id = ' . $q->tag . ') ' . 'AND ' . '(resource_id = ' . $q->res . ') ' . ' and ' . "(userid = '" . $u->userid . "')";
        } else {
            $query = 'DELETE FROM tagevent ' . 'USING tagevent JOIN resource r ON tagevent.resource_id = r.id ' . 'JOIN tag t ON tagevent.tag_id = t.id ';
            $where = 'WHERE';
            if (is_numeric($q->tag)) {
                $where .= ' (tagevent.tag_id = ' . $q->tag . ') ';
            } else {
                $where .= " (t.tagnorm = normalize_tag('" . $i->dbescape($q->tag) . "')) ";
            }
            if (is_numeric($q->res)) {
                $where .= ' AND ' . ' (tagevent.resource_id = ' . $q->res . ') ';
            } else {
                $where .= ' AND ' . " (r.uri_normal = url_whack('" . $i->dbescape($q->res) . "')) ";
            }
            $where .= " and (tagevent.userid = '" . $u->userid . "')";
            $sql = $query . $where;
        }
        $i->query($sql);
    } catch (dbException $e) {
        return $r->handleDBexception($e);
    }
    $r->setOK(200, 'Deleted');
    return $r;
}