$_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['parent'] = AT_PA_BASENAME . 'index.php'; //$_pages[AT_PA_BASENAME.'albums.php?id='.$aid]['children'] = array(AT_PA_BASENAME.'photo.php'); $_pages[AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid]['title'] = _AT('pa_photo'); $_pages[AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid]['parent'] = AT_PA_BASENAME . 'albums.php?id=' . $aid; $_pages[AT_PA_BASENAME . 'delete_comment.php']['parent'] = AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid; //init $pa = new PhotoAlbum($aid); if ($pid == 0) { //not a photo $isPhoto = false; } else { $isPhoto = true; } //Check permission //owner of comments and album owner can delete comments. if (!$pa->checkCommentPriv($comment_id, $_SESSION['member_id'], $isPhoto) && !$pa->checkAlbumPriv($_SESSION['member_id'])) { $msg->addError('ACCESS_DENIED'); header('Location: index.php'); exit; } if ($_POST['submit_no']) { $msg->addFeedback('CANCELLED'); if ($isPhoto) { header('Location: photo.php?pid=' . $pid . SEP . 'aid=' . $aid); } else { header('Location: albums.php?id=' . $aid); } exit; } if ($_POST['submit_yes']) { //delete
/* modify it under the terms of the GNU General Public License */ /* as published by the Free Software Foundation. */ /***********************************************************************/ // $Id$ $_user_location = 'public'; define('AT_INCLUDE_PATH', '../../../include/'); require AT_INCLUDE_PATH . 'vitals.inc.php'; include AT_PA_INCLUDE . 'classes/PhotoAlbum.class.php'; //check what comment this is for. Album or Photo. $pid = intval($_POST['pid']); $aid = intval($_POST['aid']); $cid = $_POST['cid']; $comment = $_POST['comment']; if (isset($_POST['pid']) && $pid > 0) { $isPhoto = true; } else { $isPhoto = false; } $cid = intval(str_replace('cid_', '', $cid)); $pa = new PhotoAlbum($aid); //validates if ($pa->checkAlbumPriv($_SESSION['member_id']) || $pa->checkCommentPriv($cid, $_SESSION['member_id'], $isPhoto)) { $result = $pa->editComment($cid, $comment, $isPhoto); } if ($result === true) { //TODO: AJAX header('HTTP/1.0 200 OK'); } else { header('HTTP/1.0 404 Not Found'); } exit;