Location: PHPKode > projects > WB News > admin/news-comments.php
<?php

/*========================================================*\
||########################################################||
||#                                                      #||
||#     WB News v2.0.0                                   #||
||# ---------------------------------------------------- #||
||#     Copyright (c) 2004-2007                          #||
||#     Created: 25th April 2007                         #||
||#     Filename: comments.php                           #||
||#                                                      #||
||########################################################||
/*========================================================*/

/**
 *  @author $Author: pmcilwaine $
 *	@version $Id: news-comments.php,v 1.1.2.4.2.1 2008/07/14 11:04:07 pmcilwaine Exp $
 */

require_once( "global.php" );
$auth->login_if( !$auth->has_perm( "editcomment" ) );

$page = new PageTemplateEngine( BuildPath("admin/main-page.ihtml") );
$tmpl->SetFilename( BuildPath("admin/comments.ihtml") );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => FALSE,
	"class_open" => "open",
	"links" => toolbarmenu()
	);
$toolbar = include( INCDIR . "/page-menu.php" );

$rows =& $tmpl->AddParam( "rows", array() );

$page->AddParam( "toolbar", $toolbar );
$page->AddParam( "userinfo", $userinfo );

$myform = "comment";

$tables = array(
	TBL_NEWS . " n "
	);
	
$fields = array(
	"DISTINCT n.\"id\"",
	"n.\"title\""
	);

$joins = array();
$joins["join"][] = TBL_COMMENTS . " c ON n.\"id\" = c.\"newsid\"";

$offset = isset($_REQUEST["offset"]) ? $_REQUEST["offset"] : 0;

$news_ids = $DB->ListByJoin( $tables, $fields, NULL, $joins );
$ids = $DB->ListBy( TBL_COMMENTS, NULL, "*", "\"timeposted\" DESC", 50, $offset );
$count_ids = $DB->CountBy( TBL_COMMENTS );

if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
{

	switch ( Submit() )
	{
	case "Ban_IP":

		$err_msg = array();
		
		if ( !isset($_POST["comment_ban"]) )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			Message( "No tick boxes checked to ban IPs" );
			redirect( make_url() );
			exit;
		}
		
		$cond = array();
		$cond[] = "\"id\" IN('" . join( "', '", array_keys($_POST["comment_ban"]) ) . "')";
		$cond = join( " AND ", $cond );
		
		$ips = $DB->ListBy( TBL_COMMENTS, $cond, array("ipaddress") );

		$banned_ips = explode( " ", $config["ipban"] );
		
		foreach ( $ips as $ip )
		{
			if ( !in_array( $ip["ipaddress"], $banned_ips ) )
			{
				$banned_ips[] = $ip["ipaddress"];
			}
		}
		
		$sql = "UPDATE " . TBL_NEWSCONFIG . " SET \"value\" = '" . trim(join( " ", $banned_ips )) . "' WHERE \"var\" = 'ipban'";
		
		if ( !$DB->query( $sql ) )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			Message( "Couldn't update database, query error" );
			redirect( make_url() );
			exit;
		}

		Message( "Updated ban ip list" );
		redirect( make_url() );
		exit;
	case "Mass_Delete":
		
		$err_msg = array();
		
		if ( !isset($_POST["comment_delete"]) )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			Message( "No tick boxes checked to delete comment" );
			redirect( make_url() );
			exit;
		}
		
		$cond = array();
		$cond[] = "\"id\" IN('" . join( "', '", array_keys($_POST["comment_delete"]) ) . "')";
		$cond = join( " AND ", $cond );

		$sql = "DELETE FROM " . TBL_COMMENTS . " WHERE $cond";
		
		if ( !$DB->query( $sql ) )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			Message( "Couldn't update database, query error" );
			redirect( make_url() );
			exit;
		}

		Message( "Deleted comments" );
		redirect( make_url() );
		exit;
	case "Delete_Spam":
		
		$err_msg = array();
		
		$cond = array();
		$cond[] = "\"is_spam\"=1";
		$cond = join( " AND ", $cond );

		$sql = "DELETE FROM " . TBL_COMMENTS . " WHERE $cond";
		
		if ( !$DB->query( $sql ) )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			Message( "Couldn't update database, query error" );
			redirect( make_url() );
			exit;
		}

		Message( "Deleted spam comments" );
		redirect( make_url() );
		exit;
	default:
		exit;
	}

}

$formdata =& $tmpl->AddParam( "formdata", array() );
$pagemenu =& $tmpl->AddParam( "pagemenu", array() );

$formdata["hidden"] = array(
	"form" => $myform
	);

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => FALSE,
	"links" => array(
		"A" => array(
			"label" => "&Back",
			"return_page" => TRUE
			)
		)
	);
$pagemenu = include( INCDIR . "/page-menu.php" );
$rows =& $tmpl->AddParam( "rows", array() );

foreach ( $news_ids as $news )
{
	$rows[$news["id"]]["title"] = $news["title"];
	foreach ( $ids as $comment )
	{
		if ( $comment["newsid"] != $news["id"] )
		{
			continue;
		}

		$comment["message"] = nl2br( $comment["message"] );
		$comment["is_spam"] = ($comment["is_spam"] == 1) ? TRUE : FALSE;
		$comment["timeposted"] = gmdate( $locale["dateformat"], $comment["timeposted"] + (3600 * 10) );
		$comment["is_banned"] = in_array( $comment["ipaddress"], explode( " ", $config["ipban"] ) );
		
		$rows[$news["id"]]["comment"][] = $comment;
		$formdata["comment_ban"][$comment["id"]] = FALSE;
		$formdata["comment_delete"][$comment["id"]] = FALSE;
	}
}

$tmpl->AddParam( "buttons", "Ban IP,Mass Delete" );
$tmpl->AddParam( "spam_button", "Delete Spam" );

if ( isset($_SESSION["formdata"]) )
{
	if ( isset($_SESSION["err_msg"][$myform]) )
	{
		$tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
	}

	if ( isset($_SESSION["formdata"]["comment_ban"] ) )
	{
		foreach ( array_keys($_SESSION["formdata"]["comment_ban"]) as $id )
		{
			$formdata["comment_ban"][$id] = TRUE;
		}
	}

	if ( isset($_SESSION["formdata"]["comment_delete"] ) )
	{
		foreach ( array_keys($_SESSION["formdata"]["comment_delete"]) as $id )
		{
			$formdata["comment_delete"][$id] = TRUE;
		}
	}

	unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
}

$pagemenu =& $tmpl->AddParam( "pagemenu", array() );
$page->BindParam( "pagemenu", $tmpl );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => "\t<li>|</li>\n\t",
	"links" => buildmenu( $theme_info["pagemenu_build"] )
	);
$params = array_merge( $params, $theme_info["pagemenu"] );
$pagemenu = include( INCDIR . "/page-menu.php" );

$tmpl->Pagination( $count_ids, $offset, 50 );
$page->ParseContent( $tmpl->GetHTML() );
$page->ShowPage();

?>
Return current item: WB News