diff options
Diffstat (limited to 'comments.php')
-rw-r--r-- | comments.php | 69 |
1 files changed, 52 insertions, 17 deletions
diff --git a/comments.php b/comments.php index 0c813face..048e8d692 100644 --- a/comments.php +++ b/comments.php @@ -26,6 +26,7 @@ // +-----------------------------------------------------------------------+ define('PHPWG_ROOT_PATH','./'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); +include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); // +-----------------------------------------------------------------------+ // | Check Access and exit when user status is not ok | @@ -142,14 +143,9 @@ $page['where_clauses'][] = get_sql_condition_FandF // | comments management | // +-----------------------------------------------------------------------+ if (isset($_GET['delete']) and is_numeric($_GET['delete']) - and !is_adviser() ) + and (is_admin() || $conf['user_can_delete_comment'])) {// comments deletion - check_status(ACCESS_ADMINISTRATOR); - $query = ' -DELETE FROM '.COMMENTS_TABLE.' - WHERE id='.$_GET['delete'].' -;'; - pwg_query($query); + delete_user_comment($_GET['delete']); } if (isset($_GET['validate']) and is_numeric($_GET['validate']) @@ -165,6 +161,25 @@ UPDATE '.COMMENTS_TABLE.' pwg_query($query); } +if (isset($_GET['edit']) and is_numeric($_GET['edit']) + and (is_admin() || $conf['user_can_edit_comment'])) +{ + if (!empty($_POST['content'])) + { + update_user_comment(array('comment_id' => $_GET['edit'], + 'image_id' => $_POST['image_id'], + 'content' => $_POST['content']), + $_POST['key'] + ); + + $edit_comment = null; + } + else + { + $edit_comment = $_GET['edit']; + } +} + // +-----------------------------------------------------------------------+ // | page header and options | // +-----------------------------------------------------------------------+ @@ -367,20 +382,40 @@ SELECT id, name, permalink, uppercats 'CONTENT'=>trigger_event('render_comment_content',$comment['content']), ); - if ( is_admin() ) + if (can_manage_comment('delete', $comment['author'])) { - $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate')); - $tpl_comment['U_DELETE'] = add_url_params($url, - array('delete'=>$comment['comment_id']) - ); - - if ($comment['validated'] != 'true') + $url = get_root_url().'comments.php' + .get_query_string_diff(array('delete','validate','edit')); + $tpl_comment['U_DELETE'] = + add_url_params($url, + array('delete'=>$comment['comment_id']) + ); + } + if (can_manage_comment('edit', $comment['author'])) + { + $url = get_root_url().'comments.php' + .get_query_string_diff(array('edit', 'delete','validate')); + $tpl_comment['U_EDIT'] = + add_url_params($url, + array('edit'=>$comment['comment_id']) + ); + if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment)) { - $tpl_comment['U_VALIDATE'] = add_url_params($url, - array('validate'=>$comment['comment_id']) - ); + $tpl_comment['IN_EDIT'] = true; + $key = get_comment_post_key($comment['image_id']); + $tpl_comment['KEY'] = $key; + $tpl_comment['IMAGE_ID'] = $comment['image_id']; + $tpl_comment['CONTENT'] = $comment['content']; } } + + if ( is_admin() && $comment['validated'] != 'true') + { + $tpl_comment['U_VALIDATE'] = + add_url_params($url, + array('validate'=>$comment['comment_id']) + ); + } $template->append('comments', $tpl_comment); } } |