,perm_owner,perm_group,perm_members,perm_anon FROM {$table} WHERE {$idname} = '{$sid}'"); $A = DB_fetchArray ($result); if ($has_editPermissions && SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) { $pid = DB_getItem ($_TABLES['comments'], 'pid', "cid = '$cid'"); DB_change ($_TABLES['comments'], 'pid', $pid, 'pid', $cid); DB_delete ($_TABLES['comments'], 'cid', $cid); if ($type == 'poll') { $retval .= COM_refresh ($_CONF['site_url'] . '/pollbooth.php?qid=' . $sid . '&aid=-1'); } else { $comments = DB_count ($_TABLES['comments'], 'sid', $sid); DB_change ($_TABLES['stories'], 'comments', $comments, 'sid', $sid); $retval .= COM_refresh ($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } } else { COM_errorLog ('User ' . $_USER['username'] . ' (IP: ' . $REMOTE_ADDR . ') tried to illegally delete comment ' . $cid . ' from ' . $type . ' ' . $sid); $retval .= COM_refresh ($_CONF['site_url'] . '/index.php'); } } else { // See if plugin will handle this $retval = PLG_handlePluginComment ($type, $cid, 'delete'); if (empty ($retval)) { $retval = COM_refresh ($_CONF['site_url'] . '/index.php'); } } } else { $retval .= COM_refresh ($_CONF['site_url'] . '/index.php'); } return $retval; } // MAIN switch ($mode) { case $LANG03[14]: // Preview $display .= COM_siteHeader() . commentform (COM_applyFilter ($HTTP_POST_VARS['uid'], true), strip_tags ($HTTP_POST_VARS['title']), $HTTP_POST_VARS['comment'], COM_applyFilter ($HTTP_POST_VARS['sid']), COM_applyFilter ($HTTP_POST_VARS['pid'], true), COM_applyFilter ($HTTP_POST_VARS['type']), COM_applyFilter ($HTTP_POST_VARS['mode']), COM_applyFilter ($HTTP_POST_VARS['postmode'])) . COM_siteFooter(); break; case $LANG03[11]: // Submit Comment $display .= savecomment (COM_applyFilter ($HTTP_POST_VARS['uid'], true), strip_tags ($HTTP_POST_VARS['title']), $HTTP_POST_VARS['comment'], COM_applyFilter ($HTTP_POST_VARS['sid']), COM_applyFilter ($HTTP_POST_VARS['pid'], true), COM_applyFilter ($HTTP_POST_VARS['type']), COM_applyFilter ($HTTP_POST_VARS['postmode'])); break; case $LANG01[28]: // Delete $display .= deletecomment (COM_applyFilter ($cid), COM_applyFilter ($sid), COM_applyFilter ($type)); break; case 'display': $sid = COM_applyFilter ($HTTP_GET_VARS['sid']); $type = COM_applyFilter ($HTTP_GET_VARS['type']); if (!empty ($sid) && !empty ($type)) { $allowed = 1; if ($type == 'article') { $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND') . COM_getTopicSQL ('AND')); $A = DB_fetchArray ($result); $allowed = $A['count']; } else if ($type == 'poll') { $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['pollquestions']} WHERE (qid = '$sid')" . COM_getPermSQL ('AND')); $A = DB_fetchArray ($result); $allowed = $A['count']; } $display .= COM_siteHeader(); if ($allowed == 1) { $display .= COM_userComments ($sid, strip_tags ($HTTP_GET_VARS['title']), $type, COM_applyFilter ($HTTP_GET_VARS['order']), 'threaded', COM_applyFilter ($HTTP_GET_VARS['pid'], true)); } else { $display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate ('_msg_block', 'header')) . $LANG_ACCESS['storydenialmsg'] . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); } $display .= COM_siteFooter(); } else { $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } break; default: if (isset ($HTTP_POST_VARS['sid'])) { $sid = COM_applyFilter ($HTTP_POST_VARS['sid']); $type = COM_applyFilter ($HTTP_POST_VARS['type']); $title = strip_tags ($HTTP_POST_VARS['title']); $pid = COM_applyFilter ($HTTP_POST_VARS['pid'], true); $mode = COM_applyFilter ($HTTP_POST_VARS['mode']); $postmode = COM_applyFilter ($HTTP_POST_VARS['postmode']); } else { $sid = COM_applyFilter ($HTTP_GET_VARS['sid']); $type = COM_applyFilter ($HTTP_GET_VARS['type']); $title = strip_tags ($HTTP_GET_VARS['title']); $pid = COM_applyFilter ($HTTP_GET_VARS['pid'], true); $mode = COM_applyFilter ($HTTP_GET_VARS['mode']); $postmode = COM_applyFilter ($HTTP_GET_VARS['postmode']); } if (!empty ($sid)) { if (empty ($title)) { if ($type == 'article') { $title = DB_getItem ($_TABLES['stories'], 'title', "sid = '{$sid}'"); } elseif ($type == 'poll') { $title = DB_getItem ($_TABLES['pollquestions'], 'question', "qid = '{$sid}'"); } $title = str_replace ('$', '$', $title); } if (!empty ($type)) { $display .= COM_siteHeader() . commentform ($_USER['uid'], $title, '', $sid, $pid, $type, $mode, $postmode) . COM_siteFooter(); } else { $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } } else { // This could still be a plugin wanting comments if (isset ($HTTP_POST_VARS['cid'])) { $cid = COM_applyFilter ($HTTP_POST_VARS['cid']); } else { $cid = COM_applyFilter ($HTTP_GET_VARS['cid']); } if (!empty ($type) && !empty ($cid)) { $display .= PLG_callCommentForm ($type, $cid); } else { // must be a mistake at this point $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } } } echo $display; ?>