check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | actions |
// +-----------------------------------------------------------------------+
if (!empty($_POST)) {
if (empty($_POST['comments'])) {
$page['errors'][] = l10n('Select at least one comment');
} else {
include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php';
check_input_parameter('comments', $_POST, true, PATTERN_ID);
if (isset($_POST['validate'])) {
validate_user_comment($_POST['comments']);
$page['infos'][] = l10n_dec('%d user comment validated', '%d user comments validated', count($_POST['comments']));
}
if (isset($_POST['reject'])) {
delete_user_comment($_POST['comments']);
$page['infos'][] = l10n_dec('%d user comment rejected', '%d user comments rejected', count($_POST['comments']));
}
}
}
// +-----------------------------------------------------------------------+
// | template init |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('comments' => 'comments.tpl'));
$template->assign(array('F_ACTION' => get_root_url() . 'admin.php?page=comments'));
// +-----------------------------------------------------------------------+
// | Tabs |
// +-----------------------------------------------------------------------+
include_once PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php';
$my_base_url = get_root_url() . 'admin.php?page=';
$tabsheet = new tabsheet();
}
if ($perform_redirect) {
redirect($url_self);
}
unset($_POST['content']);
}
$edit_comment = $_GET['comment_to_edit'];
}
break;
case 'delete_comment':
check_pwg_token();
include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php';
check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
$author_id = get_comment_author_id($_GET['comment_to_delete']);
if (can_manage_comment('delete', $author_id)) {
delete_user_comment($_GET['comment_to_delete']);
}
redirect($url_self);
case 'validate_comment':
check_pwg_token();
include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php';
check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
$author_id = get_comment_author_id($_GET['comment_to_validate']);
if (can_manage_comment('validate', $author_id)) {
validate_user_comment($_GET['comment_to_validate']);
}
redirect($url_self);
}
}
//---------- incrementation of the number of hits
$inc_hit_count = !isset($_POST['content']);
$actions = array('delete', 'validate', 'edit');
foreach ($actions as $loop_action) {
if (isset($_GET[$loop_action])) {
$action = $loop_action;
check_input_parameter($action, $_GET, false, PATTERN_ID);
$comment_id = $_GET[$action];
break;
}
}
if (isset($action)) {
$comment_author_id = get_comment_author_id($comment_id);
if (can_manage_comment($action, $comment_author_id)) {
$perform_redirect = false;
if ('delete' == $action) {
check_pwg_token();
delete_user_comment($comment_id);
$perform_redirect = true;
}
if ('validate' == $action) {
check_pwg_token();
validate_user_comment($comment_id);
$perform_redirect = true;
}
if ('edit' == $action) {
if (!empty($_POST['content'])) {
check_pwg_token();
$comment_action = update_user_comment(array('comment_id' => $_GET['edit'], 'image_id' => $_POST['image_id'], 'content' => $_POST['content'], 'website_url' => @$_POST['website_url']), $_POST['key']);
switch ($comment_action) {
case 'moderate':
$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
case 'validate':
