diff options
| -rw-r--r-- | admin/comments.php | 30 | ||||
| -rw-r--r-- | include/functions_comment.inc.php | 28 |
2 files changed, 33 insertions, 25 deletions
diff --git a/admin/comments.php b/admin/comments.php index f95d0b91c..a8f593705 100644 --- a/admin/comments.php +++ b/admin/comments.php @@ -48,35 +48,25 @@ if (!empty($_POST)) } else { + include_once( PHPWG_ROOT_PATH .'include/functions_comment.inc.php' ); check_input_parameter('comments', $_POST, true, PATTERN_ID); if (isset($_POST['validate'])) { - $query = ' -UPDATE '.COMMENTS_TABLE.' - SET validated = \'true\' - , validation_date = NOW() - WHERE id IN ('.implode(',', $_POST['comments']).') -;'; - pwg_query($query); + validate_user_comment($_POST['comments']); - array_push( - $page['infos'], - l10n_dec( - '%d user comment validated', '%d user comments validated', - count($_POST['comments']) - ) - ); + array_push( + $page['infos'], + l10n_dec( + '%d user comment validated', '%d user comments validated', + count($_POST['comments']) + ) + ); } if (isset($_POST['reject'])) { - $query = ' -DELETE - FROM '.COMMENTS_TABLE.' - WHERE id IN ('.implode(',', $_POST['comments']).') -;'; - pwg_query($query); + delete_user_comment($_POST['comments']); array_push( $page['infos'], diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 569ada0fc..c11d3f2b6 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -202,21 +202,30 @@ INSERT INTO '.COMMENTS_TABLE.' * other users can delete their own comments * so to avoid a new sql request we add author in where clause * - * @param comment_id + * @param int or array of int comment_id */ -function delete_user_comment($comment_id) { +function delete_user_comment($comment_id) +{ $user_where_clause = ''; if (!is_admin()) { $user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\''; } + + if (is_array($comment_id)) + $where_clause = 'id IN('.implode(',', $comment_id).')'; + else + $where_clause = 'id = '.$comment_id; + $query = ' DELETE FROM '.COMMENTS_TABLE.' - WHERE id = '.$comment_id. + WHERE '.$where_clause. $user_where_clause.' ;'; $result = pwg_query($query); - if ($result) { + + if ($result) + { email_admin('delete', array('author' => $GLOBALS['user']['username'], 'comment_id' => $comment_id @@ -377,13 +386,22 @@ SELECT return $author_id; } +/** + * Tries to validate a user comment in the database + * @param int or array of int comment_id + */ function validate_user_comment($comment_id) { + if (is_array($comment_id)) + $where_clause = 'id IN('.implode(',', $comment_id).')'; + else + $where_clause = 'id = '.$comment_id; + $query = ' UPDATE '.COMMENTS_TABLE.' SET validated = \'true\' , validation_date = NOW() - WHERE id = '.$comment_id.' + WHERE '.$where_clause.' ;'; pwg_query($query); |