source: trunk/gm_system/forum/forum_submit_delete.php@ 638

Last change on this file since 638 was 638, checked in by barny, 16 years ago
File size: 4.3 KB
Line 
1<?php
2/*
3 $Id: forum_submit.php 1704 2008-01-01 06:09:52Z andrewsimpson $
4
5 (c) 2002 - 2009 Andrew Simpson <andrew.simpson at paradise.net.nz>
6
7 WebCollab
8 ---------------------------------------
9
10 This program is free software; you can redistribute it and/or modify it under the
11 terms of the GNU General Public License as published by the Free Software Foundation;
12 either version 2 of the License, or (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful, but WITHOUT ANY
15 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
16 PARTICULAR PURPOSE. See the GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License along with this
19 program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave,
20 Cambridge, MA 02139, USA.
21
22 Function:
23 ---------
24
25 Forum delete submission
26
27*/
28
29//security check
30if(! defined('UID' ) ) {
31 die('Direct file access not permitted' );
32}
33
34//
35// Function for listing all posts of a task
36//
37
38function find_posts( $postid ) {
39
40 global $post_array, $parent_array, $match_array, $index, $post_count;
41
42 $post_array = array();
43 $parent_array = array();
44 $match_array = array();
45 $parent_count = 0;
46 $post_count = 0;
47 $index = 0;
48
49 $taskid = db_result(db_query('SELECT taskid FROM '.PRE.'forum WHERE id='.$postid ), 0, 0 );
50
51 $q = db_query('SELECT id, parent FROM '.PRE.'forum WHERE taskid='.$taskid );
52
53 for( $i=0 ; $row = @db_fetch_array($q, $i ) ; ++$i) {
54
55 //put values into array
56 $post_array[$i]['id'] = $row['id'];
57 $post_array[$i]['parent'] = $row['parent'];
58 ++$post_count;
59
60 //if this is a subpost, store the parent id
61 if($row['parent'] != 0 ) {
62 $parent_array[$parent_count] = $row['parent'];
63 ++$parent_count;
64 }
65 }
66
67 //record first match
68 $match_array[$index] = $postid;
69 ++$index;
70
71 //if selected post has children (subposts), iterate recursively to find them
72 if(in_array($postid, (array)$parent_array ) ){
73 find_children($postid);
74 }
75
76 return;
77}
78
79//
80// List subposts (recursive function)
81//
82
83function find_children($parent ) {
84
85 global $post_array, $parent_array, $match_array, $index, $post_count;
86
87 for($i=0 ; $i < $post_count ; ++$i ) {
88
89 if($post_array[$i]['parent'] != $parent ){
90 continue;
91 }
92 $match_array[$index] = $post_array[$i]['id'];
93 ++$index;
94
95 //if this post has children (subposts), iterate recursively to find them
96 if(in_array($post_array[$i]['id'], (array)$parent_array ) ){
97 find_children($post_array[$i]['id'] );
98 }
99 }
100 return;
101}
102
103//
104// Perform delete of all forum messages in the thread below the selected message
105//
106
107function delete_messages($postid ) {
108
109 global $match_array, $index;
110
111 find_posts($postid );
112
113 // perform the delete - delete from newest post first to oldest post last to prevent database referential errors
114 for($i=0; $i < $index; ++$i ) {
115 db_query('DELETE FROM '.PRE.'forum WHERE id='.$match_array[($index - 1) - $i] );
116
117 }
118 return;
119}
120
121//if user aborts, let the script carry onto the end
122ignore_user_abort(TRUE);
123
124//check for valid form token
125$token = (isset($_POST['token'])) ? (safe_data($_POST['token'])) : null;
126token_check($token );
127
128//check input
129$input_array = array('postid', 'taskid' );
130foreach($input_array as $var ) {
131 if(! @safe_integer($_POST[$var]) ){
132 error('Forum delete', "Variable $var is not set" );
133 }
134 ${$var} = $_POST[$var];
135}
136
137//initialise
138$allowed = false;
139
140//admin can delete
141if(ADMIN ) {
142 $allowed = true;
143}
144//owner of the thread can delete
145elseif(db_result(db_query('SELECT COUNT(*) FROM '.PRE.'forum WHERE userid='.UID.' AND id='.$postid ), 0, 0 ) == 1 ) {
146 $allowed = true;
147}
148//task owner can delete
149elseif(db_result(db_query('SELECT COUNT(*) FROM '.PRE.'forum
150 LEFT JOIN '.PRE.'tasks ON ('.PRE.'forum.taskid='.PRE.'tasks.id)
151 WHERE '.PRE.'tasks.owner='.UID.' AND '.PRE.'forum.id='.$postid ), 0, 0 ) == 1 ) {
152
153 $allowed = true;
154}
155
156if($allowed ) {
157 db_begin();
158 delete_messages($postid );
159 db_commit();
160}
161else {
162 error('Forum submit', 'You are not authorised to delete that post.' );
163}
164
165//go back to where this request came from
166header('Location: '.BASE_URL.'tasks.php?x='.X.'&action=show&taskid='.$taskid );
167
168?>
Note: See TracBrowser for help on using the repository browser.