$pic['pic_id'] = mysql_insert_id(); } } if ($pic['pic_id']) { // XXX - $screen_fn can be col $ok = dbquery("UPDATE " . DB_PRP_IMAGES . "\n\t\t\tSET\n\t\t\tpic_desc='" . $pic['pic_desc'] . "',\n\t\t\tpic_url=" . $screen_fn . "\n\t\t\tWHERE pic_id='" . $pic['pic_id'] . "'\n\t\t\t\tAND review_id='" . $review->id . "'"); } $do_pm = true; $log_errno = 0; $log = true; } elseif (isset($_GET['ask_del']) && $pic['pic_id']) { $text = $pic['pic_url']; if (!is_writeable($prp->settings['upload_image'])) { $text .= '<p><span class="small2">' . str_replace('%s', '<strong>' . $prp->settings['upload_image'] . '</strong>', $locale['PRP885']) . '</span></p>'; } prp_ask_del(FUSION_SELF . '?did=' . $review->id, $text, 'pic_id', $pic['pic_id']); } elseif (isset($_GET['del']) && $pic['pic_id']) { $log_event = PRP_EV_DELPIC; $log = true; $do_pm = true; if (!iPRP_MOD || isset($_GET['with_file'])) { if (is_writeable($prp->settings['upload_image'])) { @unlink($prp->settings['upload_image'] . $pic['pic_url']); } } dbquery("DELETE FROM " . DB_PRP_IMAGES . "\n\t\tWHERE review_id='" . $review->id . "'\n\t\t\tAND pic_id='" . $pic['pic_id'] . "'"); } elseif (isset($_POST['desc']) && $pic['pic_id']) { $log_event = PRP_EV_PICDESC; $log = true; $do_pm = true; $log_errno = 0;
$need_redir = true; } elseif (isset($_GET['askdel']) && isset($file_id)) { $res = dbquery("SELECT file_url\n\t\tFROM " . DB_PRP_FILES . "\n\t\tWHERE file_id='" . $file_id . "'\n\t\t\tAND review_id='" . $review->id . "'"); if (!dbrows($res)) { $review->log_event(PRP_EV_DELFILE, PRP_EFILE); fallback(FUSION_SELF . "?did=" . $review->id . "&errno=" . PRP_EFILE); } $url = array_shift(dbarray($res)); // confirm if (prp_is_external($url)) { fallback(FUSION_SELF . "?did=" . $review->id . "&file_id=" . $file_id . "&del=1"); } if (!is_writeable($upload_dir)) { $url .= '<br /><span class="small2">' . str_replace('%s', '<strong>' . $upload_dir . '</strong>', $locale['PRP885']) . '</span>'; } prp_ask_del(FUSION_SELF . "?did=" . $review->id, $url, "file_id", $file_id); } elseif (isset($_GET['del']) && isset($file_id)) { $log_event = PRP_EV_DELFILE; $res = dbquery("SELECT file_url\n\t\tFROM " . DB_PRP_FILES . "\n\t\tWHERE file_id='" . $file_id . "'\n\t\t\tAND review_id='" . $review->id . "'"); if (!dbrows($res)) { $review->log_event($log_event, PRP_EFILE); fallback(FUSION_SELF . "?did=" . $review->id . "&errno=" . PRP_EFILE); } $url = array_shift(dbarray($res)); if (isset($_GET['with_file'])) { @unlink($upload_dir . $url); } $ok = dbquery("DELETE FROM " . DB_PRP_FILES . "" . " WHERE file_id='" . $file_id . "'" . " AND review_id='" . $review->id . "'"); $log_errno = 0; $log = true; if ($ok) {