aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--admin/comments.php30
-rw-r--r--include/functions_comment.inc.php28
2 files changed, 33 insertions, 25 deletions
diff --git a/admin/comments.php b/admin/comments.php
index f95d0b91c..a8f593705 100644
--- a/admin/comments.php
+++ b/admin/comments.php
@@ -48,35 +48,25 @@ if (!empty($_POST))
}
else
{
+ include_once( PHPWG_ROOT_PATH .'include/functions_comment.inc.php' );
check_input_parameter('comments', $_POST, true, PATTERN_ID);
if (isset($_POST['validate']))
{
- $query = '
-UPDATE '.COMMENTS_TABLE.'
- SET validated = \'true\'
- , validation_date = NOW()
- WHERE id IN ('.implode(',', $_POST['comments']).')
-;';
- pwg_query($query);
+ validate_user_comment($_POST['comments']);
- array_push(
- $page['infos'],
- l10n_dec(
- '%d user comment validated', '%d user comments validated',
- count($_POST['comments'])
- )
- );
+ array_push(
+ $page['infos'],
+ l10n_dec(
+ '%d user comment validated', '%d user comments validated',
+ count($_POST['comments'])
+ )
+ );
}
if (isset($_POST['reject']))
{
- $query = '
-DELETE
- FROM '.COMMENTS_TABLE.'
- WHERE id IN ('.implode(',', $_POST['comments']).')
-;';
- pwg_query($query);
+ delete_user_comment($_POST['comments']);
array_push(
$page['infos'],
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 569ada0fc..c11d3f2b6 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -202,21 +202,30 @@ INSERT INTO '.COMMENTS_TABLE.'
* other users can delete their own comments
* so to avoid a new sql request we add author in where clause
*
- * @param comment_id
+ * @param int or array of int comment_id
*/
-function delete_user_comment($comment_id) {
+function delete_user_comment($comment_id)
+{
$user_where_clause = '';
if (!is_admin())
{
$user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\'';
}
+
+ if (is_array($comment_id))
+ $where_clause = 'id IN('.implode(',', $comment_id).')';
+ else
+ $where_clause = 'id = '.$comment_id;
+
$query = '
DELETE FROM '.COMMENTS_TABLE.'
- WHERE id = '.$comment_id.
+ WHERE '.$where_clause.
$user_where_clause.'
;';
$result = pwg_query($query);
- if ($result) {
+
+ if ($result)
+ {
email_admin('delete',
array('author' => $GLOBALS['user']['username'],
'comment_id' => $comment_id
@@ -377,13 +386,22 @@ SELECT
return $author_id;
}
+/**
+ * Tries to validate a user comment in the database
+ * @param int or array of int comment_id
+ */
function validate_user_comment($comment_id)
{
+ if (is_array($comment_id))
+ $where_clause = 'id IN('.implode(',', $comment_id).')';
+ else
+ $where_clause = 'id = '.$comment_id;
+
$query = '
UPDATE '.COMMENTS_TABLE.'
SET validated = \'true\'
, validation_date = NOW()
- WHERE id = '.$comment_id.'
+ WHERE '.$where_clause.'
;';
pwg_query($query);