} else {
$item['contents'] = 'Error!';
}
$item['title'] = $app->setTitle(array($lang['edit'], $lang['comments'] . ' No.' . $item['comments']['id']));
// Pager
$item['pager'] = '';
$item['result'] = '';
$app->display($item, $sessionState);
// Edit Action
} elseif (isset($_POST['user_name'], $_POST['user_pass'], $_POST['title'], $_POST['comment'], $_POST['id'], $_POST['refer_id'], $_POST['mod_del'])) {
$userName = $_POST['user_name'];
$userPass = $_POST['user_pass'];
$title = $_POST['title'];
$comment = $_POST['comment'];
$id = intval($_POST['id']);
$referId = intval($_POST['refer_id']);
$modifyOrDelete = intval($_POST['mod_del']);
$userUri = isset($_POST['user_uri']) ? $_POST['user_uri'] : '';
$item = array('user_name' => $userName, 'user_pass' => $userPass, 'title' => $title, 'comment' => $comment, 'id' => $id, 'refer_id' => $referId, 'trash' => $modifyOrDelete, 'user_uri' => $userUri);
$userCheckSql = 'SELECT ' . 'user_pass ' . 'FROM ' . COMMENT_TABLE . ' ' . 'WHERE ' . "id = '" . $item['id'] . "'";
$checkRes = $app->db->query($userCheckSql);
$checkRow = $checkRes->fetch();
$checkRes = null;
// to unlock database
// Authorize
$authorized = $sessionState == 'on' && isset($_POST['admin']) == 'yes' || $checkRow['user_pass'] == $userPass ? 'yes' : 'no';
$app->updateComment($item, $authorized);
} else {
header('Location: ' . $pathToIndex . '/index.php');
exit;
}
