qemudb/deletecomment.php

<?php
/*******************/
/* delete comments */
/*******************/

/*
 * application environment
 */
include("path.php");
require(BASE."include/"."incl.php");
require(BASE."include/"."application.php");


$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);
$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);

if(!loggedin())
{
    errorpage("You need to be logged in to delete a comment.");
    exit;
}

/* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */
if(!havepriv("admin") && 
        !$_SESSION['current']->is_maintainer($_REQUEST['appId'], 
                                             $_REQUEST['versionId']))
{
    errorpage('You don\'t have admin privileges');
    exit;
}

opendb();

/* retrieve the parentID of the comment we are deleting */
/* so we can fix up the parentIds of this comments children */
$result = query_appdb("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result)
{
    errorpage('Internal error retrieving parent of commentId');
    exit;
}

$ob = mysql_fetch_object($result);
$deletedParentId = $ob->parentId;

/* get the subject and body from the comment */
$result = query_appdb("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result) redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
$ob = mysql_fetch_object($result);
$body = $ob->body;
$subject = $ob->subject;

if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" && 
   !isset($_REQUEST['int_delete_it']))
{
    apidb_header("Delete Comment");
    $mesTitle = "<b>Please state why you are deleting the following comment</b>";
    echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
    echo html_frame_start($mesTitle,500,"",0);
    echo "<br />";
    echo html_frame_start($ob->subject,500);
    echo htmlify_urls($ob->body), "<br /><br />\n";
    echo html_frame_end();
    echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
    echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";
    echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
    echo "  <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";
    echo "</td></tr>\n";
    echo "</table>\n";
    echo html_frame_end();
    echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";
    echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
    echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
    echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
    echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";
    echo "</form>";
    ?>

    <p>&nbsp;</p>

    <?php
    apidb_footer();
} else
{
    /* delete the comment from the database */
    $result = query_appdb("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
    if ($result)
    {
        /* fixup the child comments so the parentId points to a valid parent comment */
        $result = query_appdb("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");
        if(!$result)
        {
            errorpage('Internal database error fixing up the parentId of child comments');
            exit;
        } else 
        {
            $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
            $notify_user_email=lookupEmail($ob->userId);
            $notify_user_username=lookupUsername($ob->userId);
            $email .= $notify_user_email;
            if($email)
            {
                $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
                $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";
                $ms .= "\n";
                $ms .= $_SESSION['current']->username." deleted comment from ".$fullAppName."\n";
                $ms .= "\n";
                $ms .= "This comment was made on ".substr($ob->time,0,10)." by $notify_user_username \n";
                $ms .= "\n";
                $ms .= "Subject: ".$subject."\n";
                $ms .= "\n";
                $ms .= $body."\n";
                $ms .= "\n";
                $ms .= "Because:\n";
                if($_REQUEST['str_why'])
                    $ms .= stripslashes($_REQUEST['str_why'])."\n";
                else
                    $ms .= "No reason given.\n";
                $ms .= "\n";
                $ms .= STANDARD_NOTIFY_FOOTER;
                mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
            } else
                $email = "no one";
            addmsg("mesage sent to: ".$email, "green");
            addmsg("Comment deleted", "green");
            redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
        }
    }
}
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
Uniform headers 2004-12-25 20:08:00 +00:00			`/*******************/`
			`/* delete comments */`
			`/*******************/`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00
Uniform headers 2004-12-25 20:08:00 +00:00			`/*`
Fix header patch typo 2004-12-27 23:54:55 +00:00			`* application environment`
Uniform headers 2004-12-25 20:08:00 +00:00			`*/`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`include("path.php");`
			`require(BASE."include/"."incl.php");`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`require(BASE."include/"."application.php");`

add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00
- when a comment is deleted, one can state the reason why he did this. - the user that made the comment get's an e-mail 2004-12-14 04:30:41 +00:00			`$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);`
			`$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);`
			`$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);`
			`$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);`
add support for application maintainers 2004-11-09 22:41:18 +00:00
Remove isMaintainer() and isSuperMaintainer and instead use the user classes is_maintainer() and is_super_maintainer. 2004-12-19 19:30:27 +00:00			`if(!loggedin())`
			`{`
			`errorpage("You need to be logged in to delete a comment.");`
			`exit;`
			`}`

add support for application maintainers 2004-11-09 22:41:18 +00:00			`/* if we aren't an admin or the maintainer of this app we shouldn't be */`
			`/* allowed to delete any comments */`
Remove isMaintainer() and isSuperMaintainer and instead use the user classes is_maintainer() and is_super_maintainer. 2004-12-19 19:30:27 +00:00			`if(!havepriv("admin") &&`
			`!$_SESSION['current']->is_maintainer($_REQUEST['appId'],`
			`$_REQUEST['versionId']))`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`{`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`errorpage('You don\'t have admin privileges');`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`exit;`
			`}`

			`opendb();`

			`/* retrieve the parentID of the comment we are deleting */`
			`/* so we can fix up the parentIds of this comments children */`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`$result = query_appdb("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`if (!$result)`
			`{`
			`errorpage('Internal error retrieving parent of commentId');`
			`exit;`
			`}`

			`$ob = mysql_fetch_object($result);`
			`$deletedParentId = $ob->parentId;`

Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`/* get the subject and body from the comment */`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`$result = query_appdb("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");`
			`if (!$result) redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`$ob = mysql_fetch_object($result);`
			`$body = $ob->body;`
			`$subject = $ob->subject;`

- when a comment is deleted, one can state the reason why he did this. - the user that made the comment get's an e-mail 2004-12-14 04:30:41 +00:00			`if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" &&`
			`!isset($_REQUEST['int_delete_it']))`
			`{`
			`apidb_header("Delete Comment");`
			`$mesTitle = "<b>Please state why you are deleting the following comment</b>";`
			`echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";`
			`echo html_frame_start($mesTitle,500,"",0);`
			`echo "<br />";`
			`echo html_frame_start($ob->subject,500);`
			`echo htmlify_urls($ob->body), "<br /><br />\n";`
			`echo html_frame_end();`
			`echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";`
			`echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";`
			`echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";`
			`echo " <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";`
			`echo "</td></tr>\n";`
			`echo "</table>\n";`
			`echo html_frame_end();`
			`echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";`
			`echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";`
			`echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";`
			`echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";`
			`echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";`
			`echo "</form>";`
			`?>`

			`<p> </p>`

			`<?php`
			`apidb_footer();`
			`} else`
			`{`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`/* delete the comment from the database */`
			`$result = query_appdb("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");`
			`if ($result)`
			`{`
			`/* fixup the child comments so the parentId points to a valid parent comment */`
			`$result = query_appdb("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");`
			`if(!$result)`
			`{`
			`errorpage('Internal database error fixing up the parentId of child comments');`
			`exit;`
			`} else`
			`{`
			`$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);`
			`$notify_user_email=lookupEmail($ob->userId);`
			`$notify_user_username=lookupUsername($ob->userId);`
			`$email .= $notify_user_email;`
			`if($email)`
			`{`
			`$fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);`
			`$ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";`
			`$ms .= "\n";`
			`$ms .= $_SESSION['current']->username." deleted comment from ".$fullAppName."\n";`
			`$ms .= "\n";`
			`$ms .= "This comment was made on ".substr($ob->time,0,10)." by $notify_user_username \n";`
			`$ms .= "\n";`
			`$ms .= "Subject: ".$subject."\n";`
			`$ms .= "\n";`
			`$ms .= $body."\n";`
			`$ms .= "\n";`
			`$ms .= "Because:\n";`
			`if($_REQUEST['str_why'])`
			`$ms .= stripslashes($_REQUEST['str_why'])."\n";`
			`else`
			`$ms .= "No reason given.\n";`
			`$ms .= "\n";`
			`$ms .= STANDARD_NOTIFY_FOOTER;`
			`mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);`
			`} else`
			`$email = "no one";`
			`addmsg("mesage sent to: ".$email, "green");`
			`addmsg("Comment deleted", "green");`
			`redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));`
			`}`
			`}`
- when a comment is deleted, one can state the reason why he did this. - the user that made the comment get's an e-mail 2004-12-14 04:30:41 +00:00			`}`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`?>`