<?php
/*========================================================*\
||########################################################||
||# #||
||# WB News v2.0.0 #||
||# ---------------------------------------------------- #||
||# Copyright (c) 2004-2007 #||
||# Created: 25th April 2007 #||
||# Filename: comments.php #||
||# #||
||########################################################||
/*========================================================*/
/**
* @author $Author: pmcilwaine $
* @version $Id: news-comments.php,v 1.1.2.4.2.1 2008/07/14 11:04:07 pmcilwaine Exp $
*/
require_once( "global.php" );
$auth->login_if( !$auth->has_perm( "editcomment" ) );
$page = new PageTemplateEngine( BuildPath("admin/main-page.ihtml") );
$tmpl->SetFilename( BuildPath("admin/comments.ihtml") );
$params = array(
"entry" => "\t<li>%s</li>\n\t",
"separator" => FALSE,
"class_open" => "open",
"links" => toolbarmenu()
);
$toolbar = include( INCDIR . "/page-menu.php" );
$rows =& $tmpl->AddParam( "rows", array() );
$page->AddParam( "toolbar", $toolbar );
$page->AddParam( "userinfo", $userinfo );
$myform = "comment";
$tables = array(
TBL_NEWS . " n "
);
$fields = array(
"DISTINCT n.\"id\"",
"n.\"title\""
);
$joins = array();
$joins["join"][] = TBL_COMMENTS . " c ON n.\"id\" = c.\"newsid\"";
$offset = isset($_REQUEST["offset"]) ? $_REQUEST["offset"] : 0;
$news_ids = $DB->ListByJoin( $tables, $fields, NULL, $joins );
$ids = $DB->ListBy( TBL_COMMENTS, NULL, "*", "\"timeposted\" DESC", 50, $offset );
$count_ids = $DB->CountBy( TBL_COMMENTS );
if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
{
switch ( Submit() )
{
case "Ban_IP":
$err_msg = array();
if ( !isset($_POST["comment_ban"]) )
{
$_SESSION["formdata"] = $_POST;
$_SESSION["err_msg"][$myform] = $err_msg;
Message( "No tick boxes checked to ban IPs" );
redirect( make_url() );
exit;
}
$cond = array();
$cond[] = "\"id\" IN('" . join( "', '", array_keys($_POST["comment_ban"]) ) . "')";
$cond = join( " AND ", $cond );
$ips = $DB->ListBy( TBL_COMMENTS, $cond, array("ipaddress") );
$banned_ips = explode( " ", $config["ipban"] );
foreach ( $ips as $ip )
{
if ( !in_array( $ip["ipaddress"], $banned_ips ) )
{
$banned_ips[] = $ip["ipaddress"];
}
}
$sql = "UPDATE " . TBL_NEWSCONFIG . " SET \"value\" = '" . trim(join( " ", $banned_ips )) . "' WHERE \"var\" = 'ipban'";
if ( !$DB->query( $sql ) )
{
$_SESSION["formdata"] = $_POST;
$_SESSION["err_msg"][$myform] = $err_msg;
Message( "Couldn't update database, query error" );
redirect( make_url() );
exit;
}
Message( "Updated ban ip list" );
redirect( make_url() );
exit;
case "Mass_Delete":
$err_msg = array();
if ( !isset($_POST["comment_delete"]) )
{
$_SESSION["formdata"] = $_POST;
$_SESSION["err_msg"][$myform] = $err_msg;
Message( "No tick boxes checked to delete comment" );
redirect( make_url() );
exit;
}
$cond = array();
$cond[] = "\"id\" IN('" . join( "', '", array_keys($_POST["comment_delete"]) ) . "')";
$cond = join( " AND ", $cond );
$sql = "DELETE FROM " . TBL_COMMENTS . " WHERE $cond";
if ( !$DB->query( $sql ) )
{
$_SESSION["formdata"] = $_POST;
$_SESSION["err_msg"][$myform] = $err_msg;
Message( "Couldn't update database, query error" );
redirect( make_url() );
exit;
}
Message( "Deleted comments" );
redirect( make_url() );
exit;
case "Delete_Spam":
$err_msg = array();
$cond = array();
$cond[] = "\"is_spam\"=1";
$cond = join( " AND ", $cond );
$sql = "DELETE FROM " . TBL_COMMENTS . " WHERE $cond";
if ( !$DB->query( $sql ) )
{
$_SESSION["formdata"] = $_POST;
$_SESSION["err_msg"][$myform] = $err_msg;
Message( "Couldn't update database, query error" );
redirect( make_url() );
exit;
}
Message( "Deleted spam comments" );
redirect( make_url() );
exit;
default:
exit;
}
}
$formdata =& $tmpl->AddParam( "formdata", array() );
$pagemenu =& $tmpl->AddParam( "pagemenu", array() );
$formdata["hidden"] = array(
"form" => $myform
);
$params = array(
"entry" => "\t<li>%s</li>\n\t",
"separator" => FALSE,
"links" => array(
"A" => array(
"label" => "&Back",
"return_page" => TRUE
)
)
);
$pagemenu = include( INCDIR . "/page-menu.php" );
$rows =& $tmpl->AddParam( "rows", array() );
foreach ( $news_ids as $news )
{
$rows[$news["id"]]["title"] = $news["title"];
foreach ( $ids as $comment )
{
if ( $comment["newsid"] != $news["id"] )
{
continue;
}
$comment["message"] = nl2br( $comment["message"] );
$comment["is_spam"] = ($comment["is_spam"] == 1) ? TRUE : FALSE;
$comment["timeposted"] = gmdate( $locale["dateformat"], $comment["timeposted"] + (3600 * 10) );
$comment["is_banned"] = in_array( $comment["ipaddress"], explode( " ", $config["ipban"] ) );
$rows[$news["id"]]["comment"][] = $comment;
$formdata["comment_ban"][$comment["id"]] = FALSE;
$formdata["comment_delete"][$comment["id"]] = FALSE;
}
}
$tmpl->AddParam( "buttons", "Ban IP,Mass Delete" );
$tmpl->AddParam( "spam_button", "Delete Spam" );
if ( isset($_SESSION["formdata"]) )
{
if ( isset($_SESSION["err_msg"][$myform]) )
{
$tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
}
if ( isset($_SESSION["formdata"]["comment_ban"] ) )
{
foreach ( array_keys($_SESSION["formdata"]["comment_ban"]) as $id )
{
$formdata["comment_ban"][$id] = TRUE;
}
}
if ( isset($_SESSION["formdata"]["comment_delete"] ) )
{
foreach ( array_keys($_SESSION["formdata"]["comment_delete"]) as $id )
{
$formdata["comment_delete"][$id] = TRUE;
}
}
unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
}
$pagemenu =& $tmpl->AddParam( "pagemenu", array() );
$page->BindParam( "pagemenu", $tmpl );
$params = array(
"entry" => "\t<li>%s</li>\n\t",
"separator" => "\t<li>|</li>\n\t",
"links" => buildmenu( $theme_info["pagemenu_build"] )
);
$params = array_merge( $params, $theme_info["pagemenu"] );
$pagemenu = include( INCDIR . "/page-menu.php" );
$tmpl->Pagination( $count_ids, $offset, 50 );
$page->ParseContent( $tmpl->GetHTML() );
$page->ShowPage();
?>