Location: PHPKode > scripts > Noostr > _engine/handlers/moderation.php
<?php defined('SYSPATH') OR die('No direct access to this file is allowed.');
/**
 * Moderation (flag, edit, delete) handler for URL-based voting.
 *
 * @package Noostr
 * @subpackage Handler_Votes
 */

$legal_moderation = array('flag', 'edit', 'delete');
if (isset($site->uri[1]) && isset($site->uri[2]) && in_array(strtolower($site->uri[2]), $legal_moderation)) {
	$next = '';
	$flagged = false;
	$deleted = false;
	$edited = false;
	switch (strtolower($site->uri[2])) {
		case 'flag':
			$story['userid'] = null;
			switch (strtolower($site->uri[0])) {
				case 'story':
					$story = get_story();
					break;
				case 'comment':
					$story = get_comment();
					break;
			}
			if ($acl->flagStory && $user->karma >= $site->karmaflagthreshhold && $story['userid'] != $user->uid) {
				// Totally allowed to flag.
				$sql = 'insert into '.PREFIX.'users_flags (userid,nodeid,flagid) values (?,?,?)';
				$data = array($user->uid, $story['uid'], get_flagid('spam'));
				$db->query($sql, $data);
				$sql = 'update '.PREFIX.'nodes set flags = flags + 1 where uid = ?';
				$db->query($sql, $story['uid']);
			} else {
				if (!$acl->flagStory) {
					// No flagging permission.
					if (!$user->loggedin) {
						// User isn't logged in!
						set_error('f01');
					} else {
						set_error('f02');
					}
				} elseif ($user->karma < $site->karmaflagthreshhold) {
					// Not enough karma to flag.
					set_error('f03');
				} elseif ($story['userid'] == $user->uid) {
					// The owner can't flag their own story.
					set_error('f04');
				}
			}
			$next = $site->root.'/'.$site->uri[0].'/'.$site->uri[1];
			$flagged = true;
			break;
		case 'delete':
			$story['userid'] = null;
			$candelete = false;
			switch (strtolower($site->uri[0])) {
				case 'story':
					$story = get_story();
					if ($acl->editStory || $acl->editOwnStory) {
						$candelete = true;
					}
					break;
				case 'comment':
					$story = get_comment();
					if ($acl->editComment || $acl->editOwnComment) {
						$candelete = true;
					}
					break;
			}
			if ($candelete && $story['userid'] == $user->uid) {
				// Totally allowed to delete.
				$sql = 'update '.PREFIX.'nodes set deleted = 1 where uid = ?';
				$db->query($sql, $story['uid']);
				$next = $site->root.'/'.$site->startpage;
			} else {
				if (!$candelete) {
					// No deleting permission.
					if (!$user->loggedin) {
						// User isn't logged in!
						set_error('d01');
					} else {
						set_error('d02');
					}
				} else {
					// User must own the content to be deleted.
					set_error('d03');
				}
			}
			$deleted = true;
			break;
		case 'edit':
			$story['userid'] = null;
			$canedit = false;
			switch (strtolower($site->uri[0])) {
				case 'story':
					$story = get_story();
					if ($acl->editStory || $acl->editOwnStory) {
						$canedit = true;
					}
					break;
				case 'comment':
					$story = get_comment();
					if ($acl->editComment || $acl->editOwnComment) {
						$canedit = true;
					}
					break;
			}
			if ($canedit && $story['userid'] == $user->uid) {
				// Totally allowed to edit.
				form_preserve(array('type' => strtolower($site->uri[0]), 'node' => $story['uid'], 'action' => 'edit', 'title' => $story['title'], 'url' => $story['url'], 'content' => $story['description']));
				$next = $site->root.'/submit/';
			} else {
				if (!$canedit) {
					// No editing permission.
					if (!$user->loggedin) {
						// User isn't logged in!
						set_error('e01');
					} else {
						set_error('e02');
					}
				} else {
					// User must own the content to be edited.
					set_error('e03');
				}
			}
			$edited = true;
			break;
	}
	if ($next == '') {
		if ($site->referrer != '') {
			$next = $site->referrer;
		} else {
			$next = $site->root.'/'.$site->startpage;
		}
	}
	if ($next != '') {
		locate($next);
	}
}
Return current item: Noostr