/** * Delete Comment */ public function delete() { if (!$this->deleteFromTable()) { return false; } // Update comments parent $sql = "UPDATE " . $this->db->prefix("rmc_comments") . " SET parent=" . $this->getVar('parent') . " WHERE parent=" . $this->id(); if (!$this->db->queryF($sql)) { $this->addError($this->db->error()); } // Reduce user posts number $user = new RMCommentUser($this->getVar('user')); if ($user->isNew()) { return true; } if ($user->getVar('xuid') <= 0) { return true; } $sql = "UPDATE " . $this->db->prefix("users") . " SET posts=posts-1 WHERE uid=" . $user->getVar('xuid'); if (!$this->db->queryF($sql)) { $this->addError($this->db->error()); return false; } return true; }
redirect_header(rmc_server_var($_REQUEST, 'comment_url', XOOPS_URL), 1, __('You are not allowed to edit this comment!', 'rmcommon')); die; } $id = rmc_server_var($_GET, 'id', 0); if ($id <= 0) { redirect_header(rmc_server_var($_REQUEST, 'ret', XOOPS_URL), 1, __('Please specify a comment', 'rmcommon')); die; } $comment = new RMComment($id); if ($comment->isNew()) { redirect_header(rmc_server_var($_REQUEST, 'ret', XOOPS_URL), 1, __('Specified comment does not exist!', 'rmcommon')); die; } // Check if user is owner $editor = new RMCommentUser($comment->getVar('user')); if ($xoopsUser->uid() != $editor->getVar('xuid') && !$xoopsUser->isAdmin($comment->getVar('id_obj'))) { redirect_header(rmc_server_var($_REQUEST, 'ret', XOOPS_URL), 1, __('You are not allowed to edit this comment!', 'rmcommon')); die; } include '../../header.php'; $cpath = XOOPS_ROOT_PATH . '/modules/' . $comment->getVar('id_obj') . '/class/' . $comment->getVar('id_obj') . 'controller.php'; if (is_file($cpath)) { include $cpath; $class = ucfirst($comment->getVar('id_obj')) . 'Controller'; $controller = new $class(); } $form = new RMForm(__('Edit Comment', 'rmcommon'), 'editComment', 'post_comment.php'); $form->addElement(new RMFormLabel(__('In reply to', 'rmcommon'), $controller ? $controller->get_item($comment->getVar('params'), $comment) : '')); $form->addElement(new RMFormLabel(__('Posted date', 'rmcommon'), formatTimestamp($comment->getVar('posted'), 'mysql'))); $form->addElement(new RMFormLabel(__('Module', 'rmcommon'), $comment->getVar('id_obj'))); if ($xoopsUser->isAdmin()) {
function save_comment() { global $xoopsSecurity; $id = rmc_server_var($_POST, 'id', 0); $page = rmc_server_var($_POST, 'page', 1); $filter = rmc_server_var($_POST, 'filter', ''); $w = rmc_server_var($_POST, 'w', '1'); $qs = "id={$id}&w={$w}&page={$page}&filter={$filter}"; if (!$xoopsSecurity->check()) { redirectMsg('comments.php?action=edit&' . $qs, __('Sorry, session token expired!', 'rmcommon'), 1); die; } if ($id <= 0) { redirectMsg('comments.php', __('Comment ID not specified!', 'rmcommon'), 1); die; } $comment = new RMComment($id); if ($comment->isNew()) { redirectMsg('comments.php?' . $qs, __('Specified comment does not exist!', 'rmcommon'), 1); die; } $status = rmc_server_var($_POST, 'status', 'unapproved'); $status = $status == 'approved' ? $status : 'unapproved'; $user = rmc_server_var($_POST, 'user', 0); $content = rmc_server_var($_POST, 'content', ''); // save basic info in comment object $comment->setVar('content', $content); $comment->setVar('status', $status); // Modify, if neccessary, the user $cuser = new RMCommentUser($comment->getVar('user')); if ($cuser->getVar('xuid') != $user) { if ($user == 0) { $cuser->setVar('xuid', 0); $cuser->save(); } else { $xuser = new XoopsUser($user); $cuser = new RMCommentUser($xuser->getVar('email')); $cuser->setVar('name', $xuser->getVar('uname')); $cuser->setVar('email', $xuser->getVar('email')); $cuser->setVar('xuid', $user); $cuser->setVar('url', $xuser->getVar('url')); $cuser->save(); } $comment->setVar('user', $cuser->id()); } if ($comment->save()) { redirectMsg('comments.php?' . $qs, __('Comment updated successfully!', 'rmcommon'), 0); } else { redirectMsg('comments.php?action=edit&' . $qs, __('Errros ocurrs while trying to update comment!', 1) . '<br />' . $comment->errors(), 1); } }