<?php
SESSION_START();
//Stillsoft's RS v1.0 - Faisal Tasleem's édition
//14:39 22/july/2009 French standard time.
// includes/core_comments.php
if($_SESSION["admin"] == "yes")
{
if($access_core_comments == "allowed")
{
if($_GET["article"] && $_GET["action"] == "deleteallcomments")
{
$artid = secure($_GET["article"]);
if(is_numeric($artid))
{
$articlecheck = mysql_query("SELECT * from comments where art_id = $artid");
$artcheckresult = mysql_fetch_array($articlecheck);
if($artcheckresult == "")
{
SB_error("No results found, this might be because this article doesn't have any comments posted yet?? Or all the comments are already deleted...!");
}else
{
$deleteallcomments = mysql_query("DELETE FROM comments where art_id = $artid;");
echo "<meta http-equiv=\"REFRESH\" 0;URL=?article=$art\">";
}
}else
{
SB_error("Sorry, invalid ARTICLE ID.. request not completed...");
}
}elseif($_GET["article"] && $_GET["action"] == "deletethiscomment")
{
$commentid = $_GET["commentid"];
$artid = $_GET["art"];
if(is_numeric($commentid))
{
$commentid = $_GET["commentid"];
$checkcomment = mysql_query("SELECT * from comments where comment_id = $commentid");
$checkcommentresult = mysql_fetch_array($checkcomment);
if($checkcommentresult == "")
{
SB_error("Invalid comment ID, request not completed.");
}else
{
$deletecomment = mysql_query("DELETE FROM comments where comment_id = $commentid");
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=?article=$artid\">";
}
}else
{
SB_error("Invalid comment ID to delete...!");
}
}elseif($_GET["commentstart"])
{
if(!is_numeric($_GET["commentstart"]))
{
SB_error("An attempt to invalid (wrong) to core information...!");
}
$start = $_GET["commentstart"];
$end = $start;
$back = $start-10;
if(is_numeric("$start"))
{
$commentsnext = mysql_query("SELECT * from comments where art_id = $art ORDER BY comment_id DESC LIMIT $end , 10");
$commentcheck = mysql_fetch_array($commentsnext);
if($commentcheck == "")
{
SB_error("Sorry, invalid try to access!");
}else
{
$comment1 = mysql_query("SELECT * from comments where art_id = $art ORDER BY comment_id DESC LIMIT $end , 10");
while($comment1result = mysql_fetch_array($comment1))
{
echo "<div align=\"center\">
<table width=\"100%\">
<tr>
<td>";
echo "<p align=\"center\">";
comments_raton($comment1result["art_rating"]);
comments_ratoff($comment1result["rating_off"]);
echo "</p><p align=\"center\"><font face=\"Comic Sans MS\"><b>";
$mess = nl2br(stripslashes($comment1result["message"]));
echo $mess;
echo "</b></font></p>
<p align=\"center\"><i><font size=\"1\">comment by $comment1result[poster] ( <b>$comment1result[ip]</b> )</font></i>
<form method=\"POST\" action=\"?article=$art&action=deletethiscomment&commentid=$comment1result[comment_id]&art=$art\">
<p align=\"right\">
<input type=\"submit\" value=\"Delete this comment!\" name=\"deletethisart\" style=\"font-weight: 700\"></p>
</form>
<hr></td>
</tr>
</table>
</div>";
}
}
$endfinale = $end+10;
$endfinaleback = $end-10;
$commentchecking = mysql_query("SELECT * from comments where art_id = $art ORDER BY comment_id DESC LIMIT $endfinale , 10");
$commentcheck1 = mysql_fetch_array($commentchecking);
if($commentcheck1 == "")
{
echo "<table width=\"100%\">
<tr>
<td>
<form method=\"POST\" action=\"?article=$art&action=deleteallcomments\">
<p align=\"center\">
<input type=\"submit\" value=\"Delete all the comments made on this article.\" name=\"deleteallarts\" style=\"color: #FF0000; font-weight: 700\"></p>
</form>
<form method=\"POST\" action=\"?article=$art&commentstart=$endfinaleback\">
<p align=\"center\">
<input type=\"submit\" value=\"<<< Back\" name=\"next\" style=\"font-weight: 700\"></p>
</form>
</td>
</tr>
</table>";
}else
{
echo "
<form method=\"POST\" action=\"?article=$art&action=deleteallcomments\">
<p align=\"center\">
<input type=\"submit\" value=\"Delete all the comments made on this article.\" name=\"deleteallarts\" style=\"color: #FF0000; font-weight: 700\"></p>
</form>
<table width=\"100%\">
<tr>
<td>
<form method=\"POST\" action=\"?article=$art&commentstart=$endfinaleback\">
<p align=\"center\">
<input type=\"submit\" value=\"<<< Back\" name=\"next\" style=\"font-weight: 700\"></p>
</form>
</td>
<td> <form method=\"POST\" action=\"?article=$art&commentstart=$endfinale\">
<p align=\"center\">
<input type=\"submit\" value=\"Next >>>\" name=\"next\" style=\"font-weight: 700\"></p>
</form></td>
</tr>
</table>";
}
}
}else
{
$gcomments = mysql_query("SELECT * from comments where art_id = $art ORDER BY comment_id DESC limit 0,10");
while($gcom = mysql_fetch_array($gcomments))
{
echo "<div align=\"center\">
<table width=\"100%\">
<tr>
<td>";
echo "<p align=\"center\">";
comments_raton($gcom["art_rating"]);
comments_ratoff($gcom["rating_off"]);
echo "</p><p align=\"center\"><font face=\"Comic Sans MS\"><b>";
$mess = nl2br(stripslashes($gcom["message"]));
echo $mess;
echo "</b></font></p>
<p align=\"center\"><i><font size=\"1\">comment by $gcom[poster] ( <b>$gcom[ip] </b>)</font></i>
<form method=\"POST\" action=\"?article=$art&action=deletethiscomment&commentid=$gcom[comment_id]&art=$art\">
<p align=\"right\">
<input type=\"submit\" value=\"Delete this comment!\" name=\"deletethisart\" style=\"font-weight: 700\"></p>
</form>
<hr></td>
</tr>
</table>
</div>";
}
$commentsnext = mysql_query("SELECT * from comments where art_id = $art ORDER BY comment_id DESC limit 10,10");
$commentnxtresult = mysql_fetch_array($commentsnext);
if($commentnxtresult == "")
{
}else
{
echo "
<form method=\"POST\" action=\"?article=$art&commentstart=10\">
<p align=\"center\">
<input type=\"submit\" value=\"Next >>>\" name=\"next\" style=\"font-weight: 700\"></p>
</form> <form method=\"POST\" action=\"?article=$art&action=deleteallcomments\">
<p align=\"center\">
<input type=\"submit\" value=\"Delete all the comments made on this article.\" name=\"deleteallarts\" style=\"color: #FF0000; font-weight: 700\"></p>
</form>";
}
}
}else
{
echo "An attempt to invalid access!";
exit();
}
}
?>