} else { $item['contents'] = 'Error!'; } $item['title'] = $app->setTitle(array($lang['edit'], $lang['comments'] . ' No.' . $item['comments']['id'])); // Pager $item['pager'] = ''; $item['result'] = ''; $app->display($item, $sessionState); // Edit Action } elseif (isset($_POST['user_name'], $_POST['user_pass'], $_POST['title'], $_POST['comment'], $_POST['id'], $_POST['refer_id'], $_POST['mod_del'])) { $userName = $_POST['user_name']; $userPass = $_POST['user_pass']; $title = $_POST['title']; $comment = $_POST['comment']; $id = intval($_POST['id']); $referId = intval($_POST['refer_id']); $modifyOrDelete = intval($_POST['mod_del']); $userUri = isset($_POST['user_uri']) ? $_POST['user_uri'] : ''; $item = array('user_name' => $userName, 'user_pass' => $userPass, 'title' => $title, 'comment' => $comment, 'id' => $id, 'refer_id' => $referId, 'trash' => $modifyOrDelete, 'user_uri' => $userUri); $userCheckSql = 'SELECT ' . 'user_pass ' . 'FROM ' . COMMENT_TABLE . ' ' . 'WHERE ' . "id = '" . $item['id'] . "'"; $checkRes = $app->db->query($userCheckSql); $checkRow = $checkRes->fetch(); $checkRes = null; // to unlock database // Authorize $authorized = $sessionState == 'on' && isset($_POST['admin']) == 'yes' || $checkRow['user_pass'] == $userPass ? 'yes' : 'no'; $app->updateComment($item, $authorized); } else { header('Location: ' . $pathToIndex . '/index.php'); exit; }