From 64c872a83e726ec4d298be479b57dae13fb2c0c6 Mon Sep 17 00:00:00 2001 From: nikrou Date: Tue, 23 Jun 2009 21:18:16 +0000 Subject: Feature 1026 step 2 : add author_id column so that guest cannot modify old users comments git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/picture_comment.inc.php | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) (limited to 'include/picture_comment.inc.php') diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index 1e30fa2d9..8845ee47a 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -128,8 +128,10 @@ SELECT COUNT(*) AS nb_comments } $query = ' -SELECT id,author,date,image_id,content,validated - FROM '.COMMENTS_TABLE.' +SELECT com.id,author,author_id,username,date,image_id,content,validated + FROM '.COMMENTS_TABLE.' AS com + LEFT JOIN '.USERS_TABLE.' AS u + ON u.id = author_id WHERE image_id = '.$page['image_id']. $validated_clause.' ORDER BY date ASC @@ -139,19 +141,29 @@ $validated_clause.' while ($row = mysql_fetch_array($result)) { + if (!empty($row['author'])) + { + $author = $row['author']; + if ($author == 'guest') + { + $author = l10n('guest'); + } + } + else + { + $author = $row['username']; + } + $tpl_comment = array( - 'AUTHOR' => trigger_event('render_comment_author', - empty($row['author']) - ? l10n('guest') - : $row['author']), + 'AUTHOR' => trigger_event('render_comment_author', $author), 'DATE' => format_date( $row['date'], true), 'CONTENT' => trigger_event('render_comment_content',$row['content']), ); - if (can_manage_comment('delete', $row['author'])) + if (can_manage_comment('delete', $row['author_id'])) { $tpl_comment['U_DELETE'] = add_url_params($url_self, @@ -161,7 +173,7 @@ $validated_clause.' ) ); } - if (can_manage_comment('edit', $row['author'])) + if (can_manage_comment('edit', $row['author_id'])) { $tpl_comment['U_EDIT'] = add_url_params($url_self, -- cgit v1.2.3