Context Navigation

comments.php @ 12641

Last change on this file since 12641 was 1569, checked in by rub, 18 years ago

Resolved Issue ID 0000356:

o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.

Merge branch-1_6 1558:1559 into BSF

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 5.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-10-21 12:07:00 +0000 (Sat, 21 Oct 2006) $
10	// \| last modifier : $Author: rub $
11	// \| revision : $Revision: 1569 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	if (!defined('PHPWG_ROOT_PATH'))
29	{
30	die ("Hacking attempt!");
31	}
32
33	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
34
35	// +-----------------------------------------------------------------------+
36	// \| Check Access and exit when user status is not ok \|
37	// +-----------------------------------------------------------------------+
38	check_status(ACCESS_ADMINISTRATOR);
39
40	// +-----------------------------------------------------------------------+
41	// \| actions \|
42	// +-----------------------------------------------------------------------+
43
44	if (isset($_POST))
45	{
46	$to_validate = array();
47	$to_reject = array();
48
49	if (isset($_POST['submit']) and !is_adviser())
50	{
51	foreach (explode(',', $_POST['list']) as $comment_id)
52	{
53	if (isset($_POST['action-'.$comment_id]))
54	{
55	switch ($_POST['action-'.$comment_id])
56	{
57	case 'reject' :
58	{
59	array_push($to_reject, $comment_id);
60	break;
61	}
62	case 'validate' :
63	{
64	array_push($to_validate, $comment_id);
65	break;
66	}
67	}
68	}
69	}
70	}
71	else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
72	{
73	$to_validate = explode(',', $_POST['list']);
74	}
75	else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
76	{
77	$to_reject = explode(',', $_POST['list']);
78	}
79
80	if (count($to_validate) > 0)
81	{
82	$query = '
83	UPDATE '.COMMENTS_TABLE.'
84	SET validated = \'true\'
85	, validation_date = NOW()
86	WHERE id IN ('.implode(',', $to_validate).')
87	;';
88	pwg_query($query);
89
90	array_push(
91	$page['infos'],
92	sprintf(
93	l10n('%d user comments validated'),
94	count($to_validate)
95	)
96	);
97	}
98
99	if (count($to_reject) > 0)
100	{
101	$query = '
102	DELETE
103	FROM '.COMMENTS_TABLE.'
104	WHERE id IN ('.implode(',', $to_reject).')
105	;';
106	pwg_query($query);
107
108	array_push(
109	$page['infos'],
110	sprintf(
111	l10n('%d user comments rejected'),
112	count($to_reject)
113	)
114	);
115	}
116	}
117
118	// +-----------------------------------------------------------------------+
119	// \| template init \|
120	// +-----------------------------------------------------------------------+
121
122	$template->set_filenames(array('comments'=>'admin/comments.tpl'));
123
124	$template->assign_vars(
125	array(
126	'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
127	)
128	);
129
130	// +-----------------------------------------------------------------------+
131	// \| comments display \|
132	// +-----------------------------------------------------------------------+
133
134	$list = array();
135
136	$query = '
137	SELECT c.id, c.image_id, c.date, c.author, c.content, i.path, i.tn_ext
138	FROM '.COMMENTS_TABLE.' AS c
139	INNER JOIN '.IMAGES_TABLE.' AS i
140	ON i.id = c.image_id
141	WHERE validated = \'false\'
142	;';
143	$result = pwg_query($query);
144	while ($row = mysql_fetch_array($result))
145	{
146	$template->assign_block_vars(
147	'comment',
148	array(
149	'U_PICTURE' =>
150	PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
151	'&image_id='.$row['image_id'],
152	'ID' => $row['id'],
153	'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),
154	'AUTHOR' => $row['author'],
155	'DATE' => format_date($row['date'],'mysql_datetime',true),
156	'CONTENT' => parse_comment_content($row['content'])
157	)
158	);
159
160	array_push($list, $row['id']);
161	}
162
163	$template->assign_vars(
164	array(
165	'LIST' => implode(',', $list)
166	)
167	);
168
169	// +-----------------------------------------------------------------------+
170	// \| sending html code \|
171	// +-----------------------------------------------------------------------+
172
173	$template->assign_var_from_handle('ADMIN_CONTENT', 'comments');
174
175	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/1.6/admin/comments.php @ 12641

Download in other formats: