qemudb/deletecomment.php

<?php
/*******************/
/* delete comments */
/*******************/

/*
 * application environment
 */
include("path.php");
require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");


$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);
$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);

if(!$_SESSION['current']->isLoggedIn())
{
    errorpage("You need to be logged in to delete a comment.");
    exit;
}

/* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */
if(!$_SESSION['current']->hasPriv("admin") && 
        !$_SESSION['current']->isMaintainer($_REQUEST['appId'], 
                                             $_REQUEST['versionId']))
{
    errorpage('You don\'t have admin privileges');
    exit;
}

/* retrieve the parentID of the comment we are deleting */
/* so we can fix up the parentIds of this comments children */
$result = query_appdb("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result)
{
    errorpage('Internal error retrieving parent of commentId');
    exit;
}

$ob = mysql_fetch_object($result);
$deletedParentId = $ob->parentId;

/* get the subject and body from the comment */
$result = query_appdb("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result) redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
$ob = mysql_fetch_object($result);
$body = $ob->body;
$subject = $ob->subject;

if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" && 
   !isset($_REQUEST['int_delete_it']))
{
    apidb_header("Delete Comment");
    $mesTitle = "<b>Please state why you are deleting the following comment</b>";
    echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
    echo html_frame_start($mesTitle,500,"",0);
    echo "<br />";
    echo html_frame_start($ob->subject,500);
    echo htmlify_urls($ob->body), "<br /><br />\n";
    echo html_frame_end();
    echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
    echo "<tr class=color1><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";
    echo "<tr class=color1><td colspan=2 align=center>\n";
    echo "  <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";
    echo "</td></tr>\n";
    echo "</table>\n";
    echo html_frame_end();
    echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";
    echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
    echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
    echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
    echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";
    echo "</form>";
    ?>

    <p>&nbsp;</p>

    <?php
    apidb_footer();
} else
{
    /* delete the comment from the database */
    $result = query_appdb("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
    if ($result)
    {
        /* fixup the child comments so the parentId points to a valid parent comment */
        $result = query_appdb("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");
        if(!$result)
        {
            errorpage('Internal database error fixing up the parentId of child comments');
            exit;
        } else 
        {
            $sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);
            $oUser = new User($ob->userId);
            $notify_user_email=$oUser->sEmail;
            $notify_user_realname=$oUser->sRealname;
            $sEmail .= $notify_user_email;
            if($sEmail)
            {
                $sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
                $sMsg  = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\r\n";
                $sMsg .= "\r\n";
                $sMsg .= $_SESSION['current']->realname." deleted comment from ".$sFullAppName."\r\n";
                $sMsg .= "\n";
                $sMsg .= "This comment was made on ".substr($ob->time,0,10)." by $notify_user_realname \r\n";
                $sMsg .= "\r\n";
                $sMsg .= "Subject: ".$subject."\r\n";
                $sMsg .= "\r\n";
                $sMsg .= $body."\r\n";
                $sMsg .= "\r\n";
                $sMsg .= "Because:\r\n";
                if($_REQUEST['str_why'])
                    $sMsg .= stripslashes($_REQUEST['str_why'])."\r\n";
                else
                    $sMsg .= "No reason given.\r\n";
                mail_appdb($sEmail, $sFullAppName ,$sMsg);
            } 
            addmsg("Comment deleted", "green");
            redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
        }
    }
}
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
Uniform headers 2004-12-25 20:08:00 +00:00			`/*******************/`
			`/* delete comments */`
			`/*******************/`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00
Uniform headers 2004-12-25 20:08:00 +00:00			`/*`
Fix header patch typo 2004-12-27 23:54:55 +00:00			`* application environment`
Uniform headers 2004-12-25 20:08:00 +00:00			`*/`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`include("path.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/incl.php");`
			`require(BASE."include/application.php");`
			`require(BASE."include/mail.php");`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00
- when a comment is deleted, one can state the reason why he did this. - the user that made the comment get's an e-mail 2004-12-14 04:30:41 +00:00			`$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);`
			`$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);`
			`$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);`
			`$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);`
add support for application maintainers 2004-11-09 22:41:18 +00:00
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`if(!$_SESSION['current']->isLoggedIn())`
Remove isMaintainer() and isSuperMaintainer and instead use the user classes is_maintainer() and is_super_maintainer. 2004-12-19 19:30:27 +00:00			`{`
			`errorpage("You need to be logged in to delete a comment.");`
			`exit;`
			`}`

add support for application maintainers 2004-11-09 22:41:18 +00:00			`/* if we aren't an admin or the maintainer of this app we shouldn't be */`
			`/* allowed to delete any comments */`
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`if(!$_SESSION['current']->hasPriv("admin") &&`
			`!$_SESSION['current']->isMaintainer($_REQUEST['appId'],`
Remove isMaintainer() and isSuperMaintainer and instead use the user classes is_maintainer() and is_super_maintainer. 2004-12-19 19:30:27 +00:00			`$_REQUEST['versionId']))`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`{`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`errorpage('You don\'t have admin privileges');`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`exit;`
			`}`

			`/* retrieve the parentID of the comment we are deleting */`
			`/* so we can fix up the parentIds of this comments children */`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`$result = query_appdb("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`if (!$result)`
			`{`
			`errorpage('Internal error retrieving parent of commentId');`
			`exit;`
			`}`

			`$ob = mysql_fetch_object($result);`
			`$deletedParentId = $ob->parentId;`

Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`/* get the subject and body from the comment */`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`$result = query_appdb("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");`
			`if (!$result) redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`$ob = mysql_fetch_object($result);`
			`$body = $ob->body;`
			`$subject = $ob->subject;`

- when a comment is deleted, one can state the reason why he did this. - the user that made the comment get's an e-mail 2004-12-14 04:30:41 +00:00			`if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" &&`
			`!isset($_REQUEST['int_delete_it']))`
			`{`
			`apidb_header("Delete Comment");`
			`$mesTitle = "<b>Please state why you are deleting the following comment</b>";`
			`echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";`
			`echo html_frame_start($mesTitle,500,"",0);`
			`echo "<br />";`
			`echo html_frame_start($ob->subject,500);`
			`echo htmlify_urls($ob->body), "<br /><br />\n";`
			`echo html_frame_end();`
			`echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";`
Clean up HTML and PHP, remove extranious checks for loggedin() 2004-12-29 20:21:31 +00:00			`echo "<tr class=color1><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";`
			`echo "<tr class=color1><td colspan=2 align=center>\n";`
- when a comment is deleted, one can state the reason why he did this. - the user that made the comment get's an e-mail 2004-12-14 04:30:41 +00:00			`echo " <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";`
			`echo "</td></tr>\n";`
			`echo "</table>\n";`
			`echo html_frame_end();`
			`echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";`
			`echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";`
			`echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";`
			`echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";`
			`echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";`
			`echo "</form>";`
			`?>`

			`<p> </p>`

			`<?php`
			`apidb_footer();`
			`} else`
			`{`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`/* delete the comment from the database */`
			`$result = query_appdb("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");`
			`if ($result)`
			`{`
			`/* fixup the child comments so the parentId points to a valid parent comment */`
			`$result = query_appdb("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");`
			`if(!$result)`
			`{`
			`errorpage('Internal database error fixing up the parentId of child comments');`
			`exit;`
			`} else`
			`{`
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`$sEmail = get_notify_email_address_list($_REQUEST['appId'], $_REQUEST['versionId']);`
			`$oUser = new User($ob->userId);`
			`$notify_user_email=$oUser->sEmail;`
			`$notify_user_realname=$oUser->sRealname;`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`$sEmail .= $notify_user_email;`
			`if($sEmail)`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`{`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`$sFullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);`
			`$sMsg = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\r\n";`
			`$sMsg .= "\r\n";`
			`$sMsg .= $_SESSION['current']->realname." deleted comment from ".$sFullAppName."\r\n";`
			`$sMsg .= "\n";`
			`$sMsg .= "This comment was made on ".substr($ob->time,0,10)." by $notify_user_realname \r\n";`
			`$sMsg .= "\r\n";`
			`$sMsg .= "Subject: ".$subject."\r\n";`
			`$sMsg .= "\r\n";`
			`$sMsg .= $body."\r\n";`
			`$sMsg .= "\r\n";`
			`$sMsg .= "Because:\r\n";`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`if($_REQUEST['str_why'])`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`$sMsg .= stripslashes($_REQUEST['str_why'])."\r\n";`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`else`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`$sMsg .= "No reason given.\r\n";`
			`mail_appdb($sEmail, $sFullAppName ,$sMsg);`
			`}`
- addcomment.php uses include/db.php for mysql queries and error handling - deletecomment.php uses include/db.php for mysql queries and error handling - minor fixes (superglobals, indentation, typos) 2004-12-29 03:42:22 +00:00			`addmsg("Comment deleted", "green");`
			`redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));`
			`}`
			`}`
- when a comment is deleted, one can state the reason why he did this. - the user that made the comment get's an e-mail 2004-12-14 04:30:41 +00:00			`}`
add a delete button to comments when the user is an admin 2004-10-21 19:52:35 +00:00			`?>`