editcomment.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # BugStrike [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
   7 || # This file may not be reproduced in any way without permission.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # User License Agreement at http://www.iris-studios.com/license/  # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 $fetchtemplates = array(
  14         'editcomment'
  15 );
  16
  17 require_once('./global.php');
  18
  19 $comment = $db->query_first("
  20         SELECT comment.*, user.email, user.showemail, user.displayname
  21         FROM " . TABLE_PREFIX . "comment AS comment
  22         LEFT JOIN " . TABLE_PREFIX . "user AS user
  23                 ON (comment.userid = user.userid)
  24         WHERE comment.commentid = " . intval($bugsys->in['commentid'])
  25 );
  26
  27 if (!$comment)
  28 {
  29         echo 'alert: bad comment';
  30         exit;
  31 }
  32
  33 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
  34
  35 if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')))
  36 {
  37         echo 'no permission';
  38         exit;
  39 }
  40
  41 // ###################################################################
  42
  43 if (empty($_REQUEST['do']))
  44 {
  45         $_REQUEST['do'] = 'edit';
  46 }
  47 /*
  48 #*# do these later after we work out some kind of permission system
  49 // ###################################################################
  50
  51 if ($_REQUEST['do'] == 'kill')
  52 {
  53         // run code to remove item in database
  54 }
  55
  56 // ###################################################################
  57
  58 if ($_REQUEST['do'] == 'delete')
  59 {
  60         // display delete confirmation message
  61 }*/
  62
  63 // ###################################################################
  64
  65 if ($_POST['do'] == 'update')
  66 {
  67         if (!$bugsys->in['comment'])
  68         {
  69                 echo 'you need to enter some text';
  70                 exit;
  71         }
  72
  73         $bugsys->in['comment_parsed'] = $bugsys->in['comment'];
  74
  75         if (!$bugsys->options['allowhtml'])
  76         {
  77                 $vars['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
  78         }
  79
  80         $db->query("
  81                 UPDATE " . TABLE_PREFIX . "comment
  82                 SET comment = '" . $bugsys->in['comment'] . "',
  83                         comment_parsed = '" . nl2br($bugsys->in['comment_parsed']) . "'
  84                 WHERE commentid = $vars[commentid]"
  85         );
  86
  87         echo "<a href=\"showreport.php?bugid=$bug[bugid]\">comment saved</a>";
  88 }
  89
  90 // ###################################################################
  91
  92 if ($_REQUEST['do'] == 'edit')
  93 {
  94         $comment['posttime'] = datelike('standard', $comment['dateline']);
  95         $comment['postby'] = construct_user_display($comment);
  96         $comment['comment'] = $bugsys->sanitize($comment['comment']);
  97         eval('$template->flush("' . $template->fetch('editcomment') . '");');
  98 }
  99
 100 /*=====================================================================*\
 101 || ###################################################################
 102 || # $HeadURL$
 103 || # $Id$
 104 || ###################################################################
 105 \*=====================================================================*/
 106 ?>