<?php
/*=====================================================================*\
|| ################################################################### ||
|| # BugStrike [#]version[#]
|| # --------------------------------------------------------------- # ||
|| # Copyright Š2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
|| # This file may not be reproduced in any way without permission.  # ||
|| # --------------------------------------------------------------- # ||
|| # User License Agreement at http://www.iris-studios.com/license/  # ||
|| ################################################################### ||
\*=====================================================================*/

$fetchtemplates = array(
	'editcomment'
);

require_once('./global.php');

$comment = $db->query_first("
	SELECT comment.*, user.email, user.showemail, user.displayname
	FROM " . TABLE_PREFIX . "comment AS comment
	LEFT JOIN " . TABLE_PREFIX . "user AS user
		ON (comment.userid = user.userid)
	WHERE comment.commentid = " . intval($bugsys->in['commentid'])
);

if (!$comment)
{
	$message->error('alert: bad comment');
}

$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");

if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')))
{
	$message->error_permission();
}

if ($bug['hidden'] AND !can_perform('canviewhidden'))
{
	$message->error_permissison();
}

// ###################################################################

if (empty($_REQUEST['do']))
{
	$_REQUEST['do'] = 'edit';
}
/*
#*# do these later after we work out some kind of permission system
// ###################################################################

if ($_REQUEST['do'] == 'kill')
{
	// run code to remove item in database
}

// ###################################################################

if ($_REQUEST['do'] == 'delete')
{
	// display delete confirmation message
}*/

// ###################################################################

if ($_POST['do'] == 'update')
{
	if (!$bugsys->in['comment'])
	{
		$message->error('you need to enter some text');
	}
	
	$bugsys->in['comment_parsed'] = $bugsys->in['comment'];
	
	if (!$bugsys->options['allowhtml'])
	{
		$bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
	}
	
	$db->query("
		UPDATE " . TABLE_PREFIX . "comment
		SET comment = '" . $bugsys->in['comment'] . "',
			comment_parsed = '" . nl2br($bugsys->in['comment_parsed']) . "',
			hidden = " . intval($bugsys->in['hidden']) . "
		WHERE commentid = $comment[commentid]"
	);
	
	// setup logging
	require_once('./includes/class_history.php');
	$log = new History();
	$log->bugid = $bug['bugid'];
	$log->language = 'log_update_comment';
	$log->arguments = array($comment['commentid']);
	$log->log();
	$log->log($log->diff('hidden', $comment['hidden'], intval($bugsys->in['hidden'])));
	
	$message->redirect('comment saved', "showreport.php?bugid=$bug[bugid]");
}

// ###################################################################

if ($_REQUEST['do'] == 'edit')
{
	$comment['posttime'] = datelike('standard', $comment['dateline']);
	$comment['postby'] = construct_user_display($comment);
	$comment['comment'] = $bugsys->sanitize($comment['comment']);
	eval('$template->flush("' . $template->fetch('editcomment') . '");');
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>