r67: - Upping template system to use ISSO

[bugdar.git] / editcomment.php

<?php
/*=====================================================================*\
|| ################################################################### ||
|| # BugStrike [#]version[#]
|| # --------------------------------------------------------------- # ||
|| # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
|| # This file may not be reproduced in any way without permission.  # ||
|| # --------------------------------------------------------------- # ||
|| # User License Agreement at http://www.iris-studios.com/license/  # ||
|| ################################################################### ||
\*=====================================================================*/

$fetchtemplates = array(
        'editcomment'
);

require_once('./global.php');

sanitize(array('commentid' => INT));

$comment = $db->query_first("
        SELECT comment.*, user.email, user.showemail, user.displayname
        FROM " . TABLE_PREFIX . "comment AS comment
        LEFT JOIN " . TABLE_PREFIX . "user AS user
                ON (comment.userid = user.userid)
        WHERE comment.commentid = $vars[commentid]"
);

if (!$comment)
{
        echo 'alert: bad comment';
        exit;
}

$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");

if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')))
{
        echo 'no permission';
        exit;
}

// ###################################################################

if (empty($_REQUEST['do']))
{
        $_REQUEST['do'] = 'edit';
}
/*
#*# do these later after we work out some kind of permission system
// ###################################################################

if ($_REQUEST['do'] == 'kill')
{
        // run code to remove item in database
}

// ###################################################################

if ($_REQUEST['do'] == 'delete')
{
        // display delete confirmation message
}*/

// ###################################################################

if ($_POST['do'] == 'update')
{
        sanitize(array('comment' => STR));
        
        if (!$vars['comment'])
        {
                echo 'you need to enter some text';
                exit;
        }
        
        $vars['comment_parsed'] = $vars['comment'];
        
        if (!$bugsys->options['allowhtml'])
        {
                $vars['comment_parsed'] = htmlspecialcharslike($vars['comment_parsed']);
        }
        
        $db->query("
                UPDATE " . TABLE_PREFIX . "comment
                SET comment = '" . addslasheslike($vars['comment']) . "',
                        comment_parsed = '" . addslasheslike(nl2br($vars['comment_parsed'])) . "'
                WHERE commentid = $vars[commentid]"
        );
        
        echo "<a href=\"showreport.php?bugid=$bug[bugid]\">comment saved</a>";
}

// ###################################################################

if ($_REQUEST['do'] == 'edit')
{
        $comment['posttime'] = datelike('standard', $comment['dateline']);
        $comment['postby'] = construct_user_display($comment);
        $comment['comment'] = htmlspecialcharslike($comment['comment']);
        eval('$template->flush("' . $template->fetch('editcomment') . '");');
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>