diff options
Diffstat (limited to 'comments.php')
| -rw-r--r-- | comments.php | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/comments.php b/comments.php index 8786605ef..4d9ca26db 100644 --- a/comments.php +++ b/comments.php @@ -155,28 +155,30 @@ else // +-----------------------------------------------------------------------+ // | comments management | // +-----------------------------------------------------------------------+ -if (is_admin() and !is_adviser() ) -{ - if (isset($_GET['delete']) and is_numeric($_GET['delete']) ) - {// comments deletion - $query = ' +if (isset($_GET['delete']) and is_numeric($_GET['delete']) + and !is_adviser() ) +{// comments deletion + check_status(ACCESS_ADMINISTRATOR); + $query = ' DELETE FROM '.COMMENTS_TABLE.' WHERE id='.$_GET['delete'].' ;'; - pwg_query($query); - } + pwg_query($query); +} - if (isset($_GET['validate']) and is_numeric($_GET['validate']) ) - { // comments validation - $query = ' +if (isset($_GET['validate']) and is_numeric($_GET['validate']) + and !is_adviser() ) +{ // comments validation + check_status(ACCESS_ADMINISTRATOR); + $query = ' UPDATE '.COMMENTS_TABLE.' SET validated = \'true\' - , validation_date = NOW() + , validation_date = NOW() WHERE id='.$_GET['validate'].' ;'; - pwg_query($query); - } + pwg_query($query); } + // +-----------------------------------------------------------------------+ // | page header and options | // +-----------------------------------------------------------------------+ |