source: trunk/admin/comments.php @ 1580

Last change on this file since 1580 was 1571, checked in by rub, 18 years ago

Resolved Issue ID 0000356:

o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.

Merge branch-1_6 1568:1570 into BSF

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 5.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-10-21 12:28:07 +0000 (Sat, 21 Oct 2006) $
10// | last modifier : $Author: rub $
11// | revision      : $Revision: 1571 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28if (!defined('PHPWG_ROOT_PATH'))
29{
30  die ("Hacking attempt!");
31}
32
33include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
34
35// +-----------------------------------------------------------------------+
36// | Check Access and exit when user status is not ok                      |
37// +-----------------------------------------------------------------------+
38check_status(ACCESS_ADMINISTRATOR);
39
40// +-----------------------------------------------------------------------+
41// |                                actions                                |
42// +-----------------------------------------------------------------------+
43
44if (isset($_POST))
45{
46  $to_validate = array();
47  $to_reject = array();
48
49  if (isset($_POST['submit']) and !is_adviser())
50  {   
51    foreach (explode(',', $_POST['list']) as $comment_id)
52    {
53      if (isset($_POST['action-'.$comment_id]))
54      {
55        switch ($_POST['action-'.$comment_id])
56        {
57          case 'reject' :
58          {
59            array_push($to_reject, $comment_id);
60            break;
61          }
62          case 'validate' :
63          {
64            array_push($to_validate, $comment_id);
65            break;
66          }
67        }
68      }
69    }
70  }
71  else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
72  {
73    $to_validate = explode(',', $_POST['list']);
74  }
75  else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
76  {
77    $to_reject = explode(',', $_POST['list']);
78  }
79
80  if (count($to_validate) > 0)
81  {
82    $query = '
83UPDATE '.COMMENTS_TABLE.'
84  SET validated = \'true\'
85    , validation_date = NOW()
86  WHERE id IN ('.implode(',', $to_validate).')
87;';
88    pwg_query($query);
89
90    array_push(
91      $page['infos'],
92      sprintf(
93        l10n('%d user comments validated'),
94        count($to_validate)
95        )
96      );
97  }
98
99  if (count($to_reject) > 0)
100  {
101    $query = '
102DELETE
103  FROM '.COMMENTS_TABLE.'
104  WHERE id IN ('.implode(',', $to_reject).')
105;';
106    pwg_query($query);
107
108    array_push(
109      $page['infos'],
110      sprintf(
111        l10n('%d user comments rejected'),
112        count($to_reject)
113        )
114      );
115  }
116}
117
118// +-----------------------------------------------------------------------+
119// |                             template init                             |
120// +-----------------------------------------------------------------------+
121
122$template->set_filenames(array('comments'=>'admin/comments.tpl'));
123
124$template->assign_vars(
125  array(
126    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
127    )
128  );
129
130// +-----------------------------------------------------------------------+
131// |                           comments display                            |
132// +-----------------------------------------------------------------------+
133
134$list = array();
135
136$query = '
137SELECT c.id, c.image_id, c.date, c.author, c.content, i.path, i.tn_ext
138  FROM '.COMMENTS_TABLE.' AS c
139    INNER JOIN '.IMAGES_TABLE.' AS i
140      ON i.id = c.image_id
141  WHERE validated = \'false\'
142;';
143$result = pwg_query($query);
144while ($row = mysql_fetch_array($result))
145{
146  $template->assign_block_vars(
147    'comment',
148    array(
149      'U_PICTURE' =>
150          PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
151          '&amp;image_id='.$row['image_id'],
152      'ID' => $row['id'],
153      'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),
154      'AUTHOR' => $row['author'],
155      'DATE' => format_date($row['date'],'mysql_datetime',true),
156      'CONTENT' => parse_comment_content($row['content'])
157      )
158    );
159
160  array_push($list, $row['id']);
161}
162
163$template->assign_vars(
164  array(
165    'LIST' => implode(',', $list)
166    )
167  );
168
169// +-----------------------------------------------------------------------+
170// |                           sending html code                           |
171// +-----------------------------------------------------------------------+
172
173$template->assign_var_from_handle('ADMIN_CONTENT', 'comments');
174
175?>
Note: See TracBrowser for help on using the repository browser.