function show_archive_page($dbconn, $diary_login, $mode) { $nid = empty($_GET['nid']) ? NULL : (int) $_GET['nid']; $month = empty($_GET['month']) ? NULL : (int) $_GET['month']; $year = empty($_GET['year']) ? NULL : (int) $_GET['year']; $sql = "SELECT u.uid, s.page_archive, s.format_note FROM " . TABLE_SETTINGS . " AS s, " . TABLE_USERS . " AS u WHERE u.login='******' AND s.uid=u.uid LIMIT 1"; $result = pg_query($sql) or die(pg_last_error($dbconn)); $settings = pg_fetch_object($result, NULL); switch ($mode) { case SHOW_NOTE: $sql2 = "SELECT COUNT(*) AS commentscount FROM " . TABLE_COMMENTS . " AS c WHERE c.uid='1' AND c.nid='" . $nid . "'"; $result2 = pg_query($sql2) or die(pg_last_error($dbconn)); $data2 = pg_fetch_object($result2, NULL); echo assign_vars($settings->page_archive, array('{login}' => $diary_login, '{archive}' => get_note($dbconn, $diary_login, $settings->format_note, $nid), '{commentscount}' => $data2->commentscount)); break; case SHOW_MONTH: $sql = "SELECT * FROM notes"; $result = pg_query($sql) or die(pg_last_error($dbconn)); $data = pg_fetch_object($result, NULL); echo assign_vars($settings->page_archive, array('{login}' => $diary_login, '{archive}' => get_archive_notes($dbconn, $diary_login, $settings->format_note, $month, $year))); break; } }
<?php require_once './common.inc'; $id = (int) $_REQUEST['id']; $note = get_note($id)->next(); if (!$note) { throw new RuntimeException('Note not found'); } if ($note->adminid != $admin_id) { throw new RuntimeException('Permission denied'); } $userid = $note->userid; delete_note($id); redirect('view.php?id=' . $userid);