Changeset 106
- Timestamp:
- 05/23/07 15:49:06 (2 years ago)
- Files:
-
- commentwall/lib.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
commentwall/lib.php
r75 r106 7 7 } 8 8 9 // tells Elgg the widget sexists9 // tells Elgg the widget exists 10 10 function commentwall_init() { 11 global $CFG, $profile_id, $db ;11 global $CFG, $profile_id, $db, $messages; 12 12 13 13 $tables = $db->Metatables(); … … 16 16 modify_database($CFG->dirroot . "mod/commentwall/$CFG->dbtype.sql"); 17 17 } else { 18 error("Error: Your database ($CFG->dbtype) is not yet fully 19 supported by the comment wall. See the mod/commentwall directory."); 18 error("Error: Your database ($CFG->dbtype) is not yet fully supported by the comment wall. See the mod/commentwall directory."); 20 19 } 21 20 print_continue("index.php"); … … 25 24 //If a comment has been submitted, populate the database here 26 25 $action = optional_param("action"); 27 $widget_id = optional_param("widget_id");28 $comment_id = optional_param("comment_id");29 $comment_owner = optional_param("comment-owner");30 $comment = optional_param("comment");31 $logged_in_user = $_SESSION['userid']; // get the id of the person logged in32 $profile_owner = optional_param("profile_id"); // get the profile owner33 $sneaky = optional_param("sneaky"); // used to try and stop spam34 26 35 27 if($action == 'commentwall:add' && $sneaky == '') { 28 $widget_id = optional_param("widget_id"); 29 $comment_id = optional_param("comment_id"); 30 $comment_owner = optional_param("comment-owner"); 31 $comment = optional_param("comment"); 32 33 // TODO: check for access permissions! 34 35 $logged_in_user = $_SESSION['userid']; // get the id of the person logged in 36 $profile_owner = optional_param("profile_id"); // get the profile owner 37 $sneaky = optional_param("sneaky"); // used to try and stop spam 36 38 $commentwall = new stdClass; 37 39 $commentwall->parent_widget = $widget_id; … … 44 46 notify_user(page_owner(), __gettext("Someone has posted to your comment wall"), __gettext("Check it out") . ": " . $CFG->wwwroot . user_info("username", page_owner()) . "/profile/"); 45 47 //To stop the back browser issue, use redirect 48 $_SESSION['messages'] = $messages; 46 49 header("Location: {$CFG->wwwroot}" . user_info("username", page_owner()) . "/profile/"); 47 50 exit; 48 } 49 50 //deleting a comment, make sure the logged in user is the profile owner 51 if($profile_owner == $logged_in_user) { 52 51 } else if((profile_permissions_check("foo")) && ($action == 'commentwall:delete')) { 52 $widget_id = optional_param("widget_id"); 53 $comment_id = optional_param("comment_id"); 53 54 //check the comment actually exists 54 55 if ($records = get_records_sql("select * from {$CFG->prefix}profile_commentwall where ident={$comment_id}")) { … … 111 112 112 113 //delete comments 113 $delete_path = $CFG->wwwroot . "profile/index.php?profile_id=" . page_owner() ."& comment_id=" . $record->ident;114 $delete_path = $CFG->wwwroot . "profile/index.php?profile_id=" . page_owner() ."&action=commentwall:delete&comment_id=" . $record->ident; 114 115 115 116 // only show the option to delete if the logged in user owns the profile
