r24: Initial SVN for editcomment.php and editreport.php.

[bugdar.git] / editcomment.php

<?php
/*=====================================================================*\
|| ################################################################### ||
|| # [#]app[#] [#]version[#]
|| # --------------------------------------------------------------- # ||
|| # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No     # || 
|| # part of this file may be reproduced in any way: part or whole.  # ||
|| # --------------------------------------------------------------- # ||
|| # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
|| ################################################################### ||
\*=====================================================================*/

require_once('./global.php');

sanitize(array('commentid' => INT));

$comment = $DB_sql->query_first("
        SELECT comment.*, user.email, user.showemail, user.displayname
        FROM " . TABLE_PREFIX . "comment AS comment
        LEFT JOIN " . TABLE_PREFIX . "user AS user
                ON (comment.userid = user.userid)
        WHERE comment.commentid = $vars[commentid]"
);

if (!$comment)
{
        echo 'alert: bad comment';
        exit;
}

$bug = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");

if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')))
{
        echo 'no permission';
        exit;
}

// ###################################################################

if (empty($_REQUEST['do']))
{
        $_REQUEST['do'] = 'edit';
}
/*
#*# do these later after we work out some kind of permission system
// ###################################################################

if ($_REQUEST['do'] == 'kill')
{
        // run code to remove item in database
}

// ###################################################################

if ($_REQUEST['do'] == 'delete')
{
        // display delete confirmation message
}*/

// ###################################################################

if ($_POST['do'] == 'update')
{
        sanitize(array('comment' => STR));
        
        if (!$vars['comment'])
        {
                echo 'you need to enter some text';
                exit;
        }
        
        $vars['comment_parsed'] = $vars['comment'];
        
        if (!$bugsys->options['allowhtml'])
        {
                $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']);
        }
        
        $DB_sql->query("
                UPDATE " . TABLE_PREFIX . "comment
                SET comment = '" . addslasheslike($vars['comment']) . "',
                        comment_parsed = '" . addslasheslike(nl2br($vars['comment_parsed'])) . "'
                WHERE commentid = $vars[commentid]"
        );
        
        echo 'comment saved';
}

// ###################################################################

if ($_REQUEST['do'] == 'edit')
{
        echo "<div><strong>Bug:</strong> $bug[summary]</div>";
        echo "<div><strong>Comment posted on:</strong> " . datelike('standard', $comment['dateline']) . "</div>";
        echo "<div><strong>Comment posted by:</strong> " . construct_user_display($comment) . "</div>";
        echo '<form name="editcomment" method="post" action="editcomment.php"><input type="hidden" name="do" value="update" /><input type="hidden" name="commentid" value="' . $comment['commentid'] . '" />';
        echo '<div><strong>Comment:</strong></div><textarea name="comment" cols="100" rows="35">' . htmlspecialcharslike($comment['comment']) . '</textarea>';
        echo '<div><input type="submit" name="submit" value="Save Changes" /></div></form>';
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>