-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathdelete.php
executable file
·139 lines (105 loc) · 5.69 KB
/
delete.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
/*
* Copyright (C) 2013-2020 Luna
* Based on code by FluxBB copyright (C) 2008-2012 FluxBB
* Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* Licensed under GPLv2 (http://getluna.org/license.php)
*/
define('LUNA_ROOT', dirname(__FILE__).'/');
require LUNA_ROOT.'include/common.php';
if ($luna_user['g_read_board'] == '0')
message(__('You do not have permission to view this page.', 'luna'), false, '403 Forbidden');
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if ($id < 1)
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
$action = isset($_GET['action']) ? $_GET['action'] : 0;
// Fetch some info about the comment, the thread and the forum
$result = $db->query('SELECT f.id AS fid, f.forum_name, f.moderators, fp.comment, fp.create_threads, t.id AS tid, t.subject, t.first_comment_id, t.closed, p.commented, p.commenter, p.commenter_id, p.message, p.hide_smilies FROM '.$db->prefix.'comments AS p INNER JOIN '.$db->prefix.'threads AS t ON t.id=p.thread_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$luna_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch comment info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
$cur_comment = $db->fetch_assoc($result);
if ($luna_config['o_censoring'] == '1')
$cur_comment['subject'] = censor_words($cur_comment['subject']);
// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = ($cur_comment['moderators'] != '') ? unserialize($cur_comment['moderators']) : array();
$is_admmod = ($luna_user['g_id'] == LUNA_ADMIN || ($luna_user['g_moderator'] == '1' && array_key_exists($luna_user['username'], $mods_array))) ? true : false;
$is_thread_comment = ($id == $cur_comment['first_comment_id']) ? true : false;
// Do we have permission to edit this comment?
if (($luna_user['g_delete_comments'] == '0' ||
($luna_user['g_delete_threads'] == '0' && $is_thread_comment) ||
$cur_comment['commenter_id'] != $luna_user['id'] ||
$cur_comment['closed'] == '1') &&
!$is_admmod)
message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden');
if ($is_admmod && $luna_user['g_id'] != LUNA_ADMIN && in_array($cur_comment['commenter_id'], get_admin_ids()))
message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden');
// Hide comments
if (isset($_POST['soft_delete'])) {
// Make sure they got here from the site
confirm_referrer('delete.php');
require LUNA_ROOT.'include/search_idx.php';
if ($is_thread_comment) {
// Delete the thread and all of its comments
delete_thread($cur_comment['tid'], "soft");
update_forum($cur_comment['fid']);
redirect('viewforum.php?id='.$cur_comment['fid']);
} else {
// Delete just this one comment
$db->query('UPDATE '.$db->prefix.'comments SET soft = 1 WHERE id='.$id) or error('Unable to hide comment', __FILE__, __LINE__, $db->error());
update_forum($cur_comment['fid']);
// Redirect towards the previous comment
$result = $db->query('SELECT id FROM '.$db->prefix.'comments WHERE thread_id='.$cur_comment['tid'].' AND id < '.$id.' ORDER BY id DESC LIMIT 1') or error('Unable to fetch comment info', __FILE__, __LINE__, $db->error());
$comment_id = $db->result($result);
redirect('thread.php?pid='.$comment_id.'#p'.$comment_id);
}
}
// Unhide
if (isset($_POST['reset'])) {
// Make sure they got here from the site
confirm_referrer('delete.php');
require LUNA_ROOT.'include/search_idx.php';
if ($is_thread_comment) {
// Reset the thread and all of its comments
delete_thread($cur_comment['tid'], "reset");
update_forum($cur_comment['fid']);
redirect('viewforum.php?id='.$cur_comment['fid']);
} else {
// Reset just this one comment
$db->query('UPDATE '.$db->prefix.'comments SET soft = 0 WHERE id='.$id) or error('Unable to unhide comment', __FILE__, __LINE__, $db->error());
update_forum($cur_comment['fid']);
// Redirect towards the comment
redirect('thread.php?pid='.$id.'#p'.$id);
}
}
if (isset($_POST['delete'])) {
// Make sure they got here from the site
confirm_referrer('delete.php');
require LUNA_ROOT.'include/search_idx.php';
if ($is_thread_comment) {
// Delete the thread and all of its comments
delete_thread($cur_comment['tid'], "hard");
update_forum($cur_comment['fid']);
redirect('viewforum.php?id='.$cur_comment['fid']);
} else {
// Delete just this one comment
delete_comment($id, $cur_comment['tid'], $cur_comment['commenter_id']);
update_forum($cur_comment['fid']);
// Redirect towards the previous comment
$result = $db->query('SELECT id FROM '.$db->prefix.'comments WHERE thread_id='.$cur_comment['tid'].' AND id < '.$id.' ORDER BY id DESC LIMIT 1') or error('Unable to fetch comment info', __FILE__, __LINE__, $db->error());
$comment_id = $db->result($result);
redirect('thread.php?pid='.$comment_id.'#p'.$comment_id);
}
}
$page_title = array(luna_htmlspecialchars($luna_config['o_board_title']), __('Delete comment', 'luna'));
define ('LUNA_ACTIVE_PAGE', 'delete');
require LUNA_ROOT.'include/parser.php';
$cur_comment['message'] = parse_message($cur_comment['message']);
include LUNA_ROOT.'header.php';
require load_page('header.php');
if ($action == "reset")
require load_page('reset.php');
if ($action == "soft")
require load_page('soft.php');
if ($action == "delete")
require load_page('delete.php');
require load_page('footer.php');