Source of trunk/cp_manage.php at revision 363 (05/07/2008 10:05:26, 2871 bytes, 90 lines, language: php) [download]:
| 1 | <?php |
| 2 | |
| 3 | /* |
| 4 | ** Control Panel :: Post Manager |
| 5 | ** for CodewiseBlog Multi-User |
| 6 | ** |
| 7 | |
| 8 | ** Copyright (c) 2005-2008 Codewise.org |
| 9 | */ |
| 10 | |
| 11 | /* |
| 12 | ** This file is part of CodewiseBlog |
| 13 | ** |
| 14 | ** CodewiseBlog is free software; you can redistribute it and/or modify |
| 15 | ** it under the terms of the GNU General Public License as published by |
| 16 | ** the Free Software Foundation; either version 2 of the License, or |
| 17 | ** (at your option) any later version. |
| 18 | ** |
| 19 | ** CodewiseBlog is distributed in the hope that it will be useful, |
| 20 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 21 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 22 | ** GNU General Public License for more details. |
| 23 | ** |
| 24 | ** You should have received a copy of the GNU General Public License |
| 25 | ** along with CodewiseBlog; if not, write to the Free Software |
| 26 | ** Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
| 27 | */ |
| 28 | |
| 29 | $current = "manage"; |
| 30 | |
| 31 | // hack allowing direct links to post deleting |
| 32 | if(isset($_GET['del'])) |
| 33 | { |
| 34 | list($_POST['type'], $_POST['id']) = preg_split('/:/', $_GET['del']); |
| 35 | } |
| 36 | |
| 37 | if(isset($_POST['REALLY_FREAKING_SURE'])) |
| 38 | { |
| 39 | switch($_POST['type']) |
| 40 | { |
| 41 | case "reply": |
| 42 | $q_check = $db->issue_query("SELECT blogid FROM replies WHERE pid = ".$db->prepare_value($_POST['id'])); |
| 43 | if($db->fetch_var($q_check) !== BLOGID) |
| 44 | { |
| 45 | $body = skinvoodoo("error", "error", array('message' => "That post isn't yours to delete.")); |
| 46 | return; |
| 47 | } |
| 48 | |
| 49 | $q_del = $db->issue_query("DELETE FROM replies WHERE pid = ".$db->prepare_value($_POST['id'])); |
| 50 | break; |
| 51 | case "shout": |
| 52 | $q_check = $db->issue_query("SELECT blogid FROM shoutbox WHERE timestamp = ".$db->prepare_value($_POST['id'])); |
| 53 | if($db->fetch_var($q_check) !== BLOGID) |
| 54 | { |
| 55 | $body = skinvoodoo("error", "error", array('message' => "That shout is not yours to delete.")); |
| 56 | return; |
| 57 | } |
| 58 | |
| 59 | $q_del = $db->issue_query("DELETE FROM shoutbox WHERE timestamp = ".$db->prepare_value($_POST['id'])); |
| 60 | break; |
| 61 | default: |
| 62 | $body = skinvoodoo('error', 'error', array('message' => 'Invalid post type.')); |
| 63 | return; |
| 64 | } |
| 65 | |
| 66 | if($db->num_rows[$q_del] != 1) |
| 67 | { |
| 68 | $body = skinvoodoo('error', 'error', array('message' => 'Delete failed... Please contact and administrator')); |
| 69 | return; |
| 70 | } |
| 71 | |
| 72 | header("Location: ".INDEX_URL); |
| 73 | exit; |
| 74 | |
| 75 | //$body = skinvoodoo('controlpanel_manage', 'success', array( |
| 76 | // "type" => $_POST['type'], |
| 77 | // "id" => $_POST['id'], |
| 78 | //)); |
| 79 | } elseif(isset($_POST['type']) && isset($_POST['id'])) { |
| 80 | $body = skinvoodoo('controlpanel_manage', 'confirm', array( |
| 81 | "type" => $_POST['type'], |
| 82 | "id" => $_POST['id'], |
| 83 | "posturl" => INDEX_URL . "?controlpanel:manage", |
| 84 | )); |
| 85 | } else { |
| 86 | $body = "nothing here yet"; |
| 87 | } |
| 88 | |
| 89 | ?> |
| 90 |