Changeset 107
- Timestamp:
- 05/24/07 11:35:11 (2 years ago)
- Files:
-
- commentwall/lib.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
commentwall/lib.php
r106 r107 9 9 // tells Elgg the widget exists 10 10 function commentwall_init() { 11 global $CFG, $profile_id, $db, $messages ;11 global $CFG, $profile_id, $db, $messages, $page_owner; 12 12 13 13 $tables = $db->Metatables(); … … 26 26 27 27 if($action == 'commentwall:add' && $sneaky == '') { 28 28 29 $widget_id = optional_param("widget_id"); 29 30 $comment_id = optional_param("comment_id"); 30 $comment_owner = optional_param("comment-owner");31 31 $comment = optional_param("comment"); 32 32 33 33 // TODO: check for access permissions! 34 $access = run("users:access_level_sql_where",$_SESSION['userid']); 35 if ($widget = get_record_sql("select ident from {$CFG->prefix}widgets where {$access} and type = \"commentwall::example\"")) { 34 36 35 $logged_in_user = $_SESSION['userid']; // get the id of the person logged in 36 $profile_owner = optional_param("profile_id"); // get the profile owner 37 $sneaky = optional_param("sneaky"); // used to try and stop spam 38 $commentwall = new stdClass; 39 $commentwall->parent_widget = $widget_id; 40 $commentwall->comment_owner = $comment_owner; 41 $commentwall->content = $comment; 42 $commentwall->time_posted = time(); 43 insert_record("profile_commentwall",$commentwall); 37 $logged_in_user = $_SESSION['userid']; // get the id of the person logged in 38 $profile_owner = optional_param("profile_id"); // get the profile owner 39 $sneaky = optional_param("sneaky"); // used to try and stop spam 40 $commentwall = new stdClass; 41 $commentwall->parent_widget = $widget_id; 42 $commentwall->comment_owner = $_SESSION['userid']; 43 $commentwall->content = $comment; 44 $commentwall->time_posted = time(); 45 46 $comment = new stdClass; 47 $comment->owner = $comment_owner; 48 $comment->posted = time(); 49 $comment->body = $comment; 50 $comment = plugin_hook("weblog_comment","create",$comment); 51 52 if ($comment) { 53 insert_record("profile_commentwall",$commentwall); 44 54 45 //used to email the comment wall owner 46 notify_user(page_owner(), __gettext("Someone has posted to your comment wall"), __gettext("Check it out") . ": " . $CFG->wwwroot . user_info("username", page_owner()) . "/profile/"); 55 //used to email the comment wall owner 56 notify_user(page_owner(), __gettext("Someone has posted to your comment wall"), __gettext("Check it out") . ": " . $CFG->wwwroot . user_info("username", page_owner()) . "/profile/"); 57 } 58 59 } 60 47 61 //To stop the back browser issue, use redirect 48 62 $_SESSION['messages'] = $messages; 49 63 header("Location: {$CFG->wwwroot}" . user_info("username", page_owner()) . "/profile/"); 50 64 exit; 51 } else if((profile_permissions_check("foo")) && ($action == 'commentwall:delete')) { 65 } else if ($action == 'commentwall:delete' && 66 ($page_owner == $_SESSION['userid']) 67 || user_flag_get('admin',$_SESSION['userid'])) { 52 68 $widget_id = optional_param("widget_id"); 53 69 $comment_id = optional_param("comment_id"); … … 55 71 if ($records = get_records_sql("select * from {$CFG->prefix}profile_commentwall where ident={$comment_id}")) { 56 72 //delete the comment 57 $commentwall_delete = new stdClass;58 mysql_query("delete from {$CFG->prefix}profile_commentwall where ident='$comment_id'");73 delete_records("profile_commentwall","ident",$comment_id); 74 $_SESSION['messages'] = $messages; 59 75 header("Location: {$CFG->wwwroot}" . user_info("username", page_owner()) . "/profile/"); 60 76 exit;
