claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- when a comment is deleted, one can state the reason why he did this.

Browse Source 
- the user that made the comment get's an e-mail
This commit is contained in:
Jonathan Ernst
2004-12-14 04:30:41 +00:00
committed by WineHQ
parent ebcb5254d2
commit 4082220f9c
6 changed files with 106 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
TODO
View File

@@ -9,9 +9,12 @@ sat for too long it would be rejected and an email would be send to the
submitter saying it timed out. If the admin/maintainer clicked on accept it submitter saying it timed out. If the admin/maintainer clicked on accept it
would go into the db like every other image. would go into the db like every other image.
# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines). In particular globally registered vars should be replaced by superglobals and <? ?> should be replaced by <?php ?>. # when deleting an application we should delete linked entries (screenshots, comments, etc.)
# when we delete a comment there should be a box to explain why you are deleting this comment and an email should be sent to the submitter # when deleting a screenshot we should delete the image file as well
# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines).
In particular globally registered vars should be replaced by superglobals (nearly finished)
# Super Maintainers should be able to edit the main app and send a notify message like the versions have. # Super Maintainers should be able to edit the main app and send a notify message like the versions have.

60
addcomment.php
View File

@@ -22,32 +22,32 @@ if(!isset($_REQUEST['appId']))
exit; exit;
} }
if(!$_REQUEST['versionId']) if(!isset($_REQUEST['versionId']))
{ {
$versionId = 0; $_REQUEST['versionId'] = 0;
} }
if(!$_REQUEST['thread']) if(!isset($_REQUEST['thread']))
{ {
$thread = 0; $_REQUEST['thread'] = 0;
} }
############################ ############################
# ADDS COMMENT TO DATABASE # # ADDS COMMENT TO DATABASE #
############################ ############################
if($_REQUEST[body]) if(isset($_REQUEST['body']))
{ {
$hostname = get_remote(); $hostname = get_remote();
$subject = strip_tags($subject); $subject = strip_tags($_REQUEST['subject']);
$subject = mysql_escape_string($subject); $subject = mysql_escape_string($subject);
$body1 = mysql_escape_string($body); $body1 = mysql_escape_string($_REQUEST['body']);
// get current userid // get current userid
$userId = $_SESSION['current']->userid; $userId = $_SESSION['current']->userid;
$result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ". $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, '".$_REQUEST['thread']."','".
"$appId, $versionId, $userId, '$hostname', '$subject', ". $_REQUEST['appId']."', '".$_REQUEST['versionId']."', $userId, '$hostname', '$subject', ".
"'$body1', 0)"); "'$body1', 0)");
if (!$result) if (!$result)
@@ -56,19 +56,19 @@ if($_REQUEST[body])
exit; exit;
} else } else
{ {
if ($originator) if (isset($originator))
{ {
if (UserWantsEmail($originator)) if (UserWantsEmail($originator))
{ {
$email = lookupEmail($originator); $email = lookupEmail($originator);
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
$ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n"; $ms .= APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$ms .= "\n"; $ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n"; $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= "Subject: ".$subject."\n"; $ms .= "Subject: ".$subject."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= $body."\n"; $ms .= $_REQUEST['body']."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= "------- You are receiving this mail because: -------\n"; $ms .= "------- You are receiving this mail because: -------\n";
$ms .= "Someone posted a comment in responce to your comment\n"; $ms .= "Someone posted a comment in responce to your comment\n";
@@ -79,17 +79,17 @@ if($_REQUEST[body])
addmsg("Comment message sent to original poster", "green"); addmsg("Comment message sent to original poster", "green");
} }
} }
$email = getNotifyEmailAddressList($appId, $versionId); $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
if($email) if($email)
{ {
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
$ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n"; $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$ms .= "\n"; $ms .= "\n";
$ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n"; $ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= "Subject: ".$subject."\n"; $ms .= "Subject: ".$subject."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= $body."\n"; $ms .= $_REQUEST['body']."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER; $ms .= STANDARD_NOTIFY_FOOTER;
@@ -98,10 +98,10 @@ if($_REQUEST[body])
{ {
$email = "no one"; $email = "no one";
} }
addmsg("mesage sent to: ".$email, green); addmsg("mesage sent to: ".$email, "green");
addmsg("New Comment Posted", "green"); addmsg("New Comment Posted", "green");
redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId")); redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
} }
} }
@@ -116,7 +116,7 @@ else if(loggedin())
if($_REQUEST['thread']) if($_REQUEST['thread'])
{ {
$result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread"); $result = mysql_query("SELECT * FROM appComments WHERE commentId = ".$_REQUEST['thread']);
$ob = mysql_fetch_object($result); $ob = mysql_fetch_object($result);
if($ob) if($ob)
{ {
@@ -128,7 +128,7 @@ else if(loggedin())
} }
} }
echo "<form method=POST action='addcomment.php'>\n"; echo "<form method=\"POST\" action=\"addcomment.php\">\n";
echo html_frame_start($mesTitle,500,"",0); echo html_frame_start($mesTitle,500,"",0);
@@ -136,22 +136,22 @@ else if(loggedin())
echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b>&nbsp;</td>\n"; echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b>&nbsp;</td>\n";
echo " <td>&nbsp;".$_SESSION['current']->username."</td></tr>\n"; echo " <td>&nbsp;".$_SESSION['current']->username."</td></tr>\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b>&nbsp;</td>\n"; echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b>&nbsp;</td>\n";
echo " <td>&nbsp;<input type=text size=35 name=subject value='$subject'> </td></tr>\n"; echo " <td>&nbsp;<input type=\"text\" size=\"35\" name=\"subject\" value=\"".$_REQUEST['subject']."\" /> </td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n"; echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"body\" cols=\"70\" rows=\"15\" wrap=\"virtual\">".$_REQUEST['body']."</textarea></td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n"; echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
echo " <input type=SUBMIT value='Post Comment' class=button>\n"; echo " <input type=\"SUBMIT\" value=\"Post Comment\" class=\"button\" />\n";
echo " <input type=RESET value='Reset' class=button>\n"; echo " <input type=\"RESET\" value=\"Reset\" class=\"button\" />\n";
echo "</td></tr>\n"; echo "</td></tr>\n";
echo "</table>\n"; echo "</table>\n";
echo html_frame_end(); echo html_frame_end();
echo "<input type=HIDDEN name=thread value=$thread>\n"; echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
echo "<input type=HIDDEN name=appId value=$appId>\n"; echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
echo "<input type=HIDDEN name=versionId value=$versionId>\n"; echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
if ($thread) if (isset($_REQUEST['thread']))
{ {
echo "<input type=HIDDEN name=originator value=$originator>\n"; echo "<input type=\"HIDDEN\" name=\"originator\" value=\"$originator\" />\n";
} }
echo "</form>"; echo "</form>";
} }

2
appview.php
View File

@@ -635,6 +635,6 @@ else if($appId && $versionId)
<p>&nbsp;</p> <p>&nbsp;</p>
<? <?php
apidb_footer(); apidb_footer();
?> ?>

85
deletecomment.php
View File

@@ -5,15 +5,14 @@ require(BASE."include/"."incl.php");
require(BASE."include/"."application.php"); require(BASE."include/"."application.php");
$appId = strip_tags($_POST['appId']); $_REQUEST['appId'] = strip_tags($_REQUEST['appId']);
$versionId = strip_tags($_POST['versionId']); $_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
$commentId = strip_tags($_POST['commentId']); $_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
$commentId = mysql_escape_string($commentId);
/* if we aren't an admin or the maintainer of this app we shouldn't be */ /* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */ /* allowed to delete any comments */
if(!havepriv("admin") && !isMaintainer($appId, $versionId)) if(!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))
{ {
errorpage('You don\'t have admin privilages'); errorpage('You don\'t have admin privilages');
exit; exit;
@@ -23,7 +22,7 @@ opendb();
/* retrieve the parentID of the comment we are deleting */ /* retrieve the parentID of the comment we are deleting */
/* so we can fix up the parentIds of this comments children */ /* so we can fix up the parentIds of this comments children */
$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '$commentId'"); $result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result) if (!$result)
{ {
errorpage('Internal error retrieving parent of commentId'); errorpage('Internal error retrieving parent of commentId');
@@ -34,7 +33,7 @@ $ob = mysql_fetch_object($result);
$deletedParentId = $ob->parentId; $deletedParentId = $ob->parentId;
/* get the subject and body from the comment */ /* get the subject and body from the comment */
$result = mysql_query("select * FROM appComments WHERE commentId = '$commentId'"); $result = mysql_query("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result) if (!$result)
{ {
errorpage('Internal Database Access Error',mysql_error()); errorpage('Internal Database Access Error',mysql_error());
@@ -44,46 +43,88 @@ $ob = mysql_fetch_object($result);
$body = $ob->body; $body = $ob->body;
$subject = $ob->subject; $subject = $ob->subject;
if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" &&
!isset($_REQUEST['int_delete_it']))
{
apidb_header("Delete Comment");
$mesTitle = "<b>Please state why you are deleting the following comment</b>";
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
echo html_frame_start($mesTitle,500,"",0);
echo "<br />";
echo html_frame_start($ob->subject,500);
echo htmlify_urls($ob->body), "<br /><br />\n";
echo html_frame_end();
echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
echo " <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";
echo "</td></tr>\n";
echo "</table>\n";
echo html_frame_end();
echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";
echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";
echo "</form>";
?>
<p>&nbsp;</p>
<?php
apidb_footer();
} else
{
/* delete the comment from the database */ /* delete the comment from the database */
$result = mysql_query("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
$result = mysql_query("DELETE FROM appComments WHERE commentId = '$commentId'"); if (!isset($result))
if (!$result)
{ {
errorpage('Internal Database Access Error',mysql_error()); errorpage('Internal Database Access Error',mysql_error());
exit; exit;
} }
/* fixup the child comments so the parentId points to a valid parent comment */ /* fixup the child comments so the parentId points to a valid parent comment */
$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '$commentId'"); $result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");
if(!$result) if(!isset($result))
{ {
errorpage('Internal database error fixing up the parentId of child comments'); errorpage('Internal database error fixing up the parentId of child comments');
exit; exit;
} }
$email = getNotifyEmailAddressList($appId, $versionId); $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
$notify_user_email=lookupEmail($ob->userId);
$notify_user_username=lookupUsername($ob->userId);
$email .= $notify_user_email;
if($email) if($email)
{ {
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
$ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId\n"; $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted comment from ".$fullAppName."\n"; $ms .= $_SESSION['current']->username." deleted comment from ".$fullAppName."\n";
$ms .= "\n";
$ms .= "This comment was made on ".substr($ob->time,0,10)." by $notify_user_username \n";
$ms .= "\n"; $ms .= "\n";
$ms .= "Subject: ".$subject."\n"; $ms .= "Subject: ".$subject."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= $body."\n"; $ms .= $body."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= "Because:\n";
if($_REQUEST['str_why'])
$ms .= stripslashes($_REQUEST['str_why'])."\n";
else
$ms .= "No reason given.\n";
$ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER; $ms .= STANDARD_NOTIFY_FOOTER;
echo $ms;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms); mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
} else } else
{ {
$email = "no one"; $email = "no one";
} }
addmsg("mesage sent to: ".$email, green); addmsg("mesage sent to: ".$email, "green");
addmsg("Comment deleted", "green"); addmsg("Comment deleted", "green");
redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId")); redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
}
?> ?>

14
include/comments.php
View File

@@ -67,10 +67,10 @@ function view_app_comment($ob)
if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId)) if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId))
{ {
echo "<tr>"; echo "<tr>";
echo "<td><form method=post name=message action=$apidb_root/deletecomment.php><input type=submit value='Delete' class=button>\n"; echo "<td><form method=\"post\" name=\"message\" action=\"".$apidb_root."deletecomment.php\"><input type=submit value='Delete' class=button>\n";
echo "<input type=hidden name='commentId' value=$ob->commentId>"; echo "<input type=\"hidden\" name=\"commentId\" value=\"$ob->commentId\" />";
echo "<input type=hidden name='appId' value=$ob->appId>"; echo "<input type=\"hidden\" name=\"appId\" value=\"$ob->appId\" />";
echo "<input type=hidden name='versionId' value=$ob->versionId></form></td>","\n"; echo "<input type=\"hidden\" name=\"versionId\" value=\"$ob->versionId\" /></form></td>","\n";
echo "</td></tr>"; echo "</td></tr>";
} }
@@ -200,8 +200,6 @@ function display_comments_flat($appId, $versionId)
function view_app_comments($appId, $versionId, $threadId = 0) function view_app_comments($appId, $versionId, $threadId = 0)
{ {
global $cmode;
// count posts // count posts
$result = mysql_query("SELECT commentId FROM appComments WHERE appId = $appId AND versionId = $versionId"); $result = mysql_query("SELECT commentId FROM appComments WHERE appId = $appId AND versionId = $versionId");
$messageCount = mysql_num_rows($result); $messageCount = mysql_num_rows($result);
@@ -216,8 +214,8 @@ function view_app_comments($appId, $versionId, $threadId = 0)
if (loggedin()) if (loggedin())
{ {
// FIXME we need to change this so not logged in users can change current view as well // FIXME we need to change this so not logged in users can change current view as well
if ($cmode) if (isset($_REQUEST['cmode']))
$_SESSION['current']->setpref("comments:mode", $cmode); $_SESSION['current']->setpref("comments:mode", $_REQUEST['cmode']);
$sel[$_SESSION['current']->getpref("comments:mode")] = 'selected'; $sel[$_SESSION['current']->getpref("comments:mode")] = 'selected';
echo '<td><form method=get name=smode action="appview.php">',"\n"; echo '<td><form method=get name=smode action="appview.php">',"\n";

2
tables/prefs_list.sql
View File

@@ -17,7 +17,7 @@ INSERT INTO prefs_list VALUES (0, 'sidebar', 'left', 'left|right', 'Sidebar loca
INSERT INTO prefs_list VALUES (0, 'window:query', 'no', 'yes|no', 'Display query results in a new window'); INSERT INTO prefs_list VALUES (0, 'window:query', 'no', 'yes|no', 'Display query results in a new window');
INSERT INTO prefs_list VALUES (0, 'window:help', 'no', 'yes|no', 'Display help in a new window'); INSERT INTO prefs_list VALUES (0, 'window:help', 'no', 'yes|no', 'Display help in a new window');
INSERT INTO prefs_list VALUES (0, 'window:offsite', 'no', 'yes|no', 'Display offsite URLs in a new window'); INSERT INTO prefs_list VALUES (0, 'window:offsite', 'no', 'yes|no', 'Display offsite URLs in a new window');
INSERT INTO prefs_list VALUES (0, 'confirm_comment_deletion', 'yes', 'yes|no', 'Asks why you are deleting a comment before to delete it');
INSERT INTO prefs_list VALUES (0, 'query:mode', 'view', 'view|edit', 'Default API details mode'); INSERT INTO prefs_list VALUES (0, 'query:mode', 'view', 'view|edit', 'Default API details mode');
INSERT INTO prefs_list VALUES (0, 'query:hide_header', 'no', 'yes|no', 'Hide apidb header in query results'); INSERT INTO prefs_list VALUES (0, 'query:hide_header', 'no', 'yes|no', 'Hide apidb header in query results');
INSERT INTO prefs_list VALUES (0, 'query:hide_sidebar', 'no', 'yes|no', 'Hide apidb sidebar in query results'); INSERT INTO prefs_list VALUES (0, 'query:hide_sidebar', 'no', 'yes|no', 'Hide apidb sidebar in query results');