diff options
Diffstat (limited to 'delete.php')
-rw-r--r-- | delete.php | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/delete.php b/delete.php new file mode 100644 index 0000000..e253bb4 --- /dev/null +++ b/delete.php @@ -0,0 +1,140 @@ +<?php + +/** + * Copyright (C) 2008-2012 FluxBB + * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB + * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher + */ + +define('PUN_ROOT', dirname(__FILE__).'/'); +require PUN_ROOT.'include/common.php'; + + +if ($pun_user['g_read_board'] == '0') + message($lang_common['No view'], false, '403 Forbidden'); + + +$id = isset($_GET['id']) ? intval($_GET['id']) : 0; +if ($id < 1) + message($lang_common['Bad request'], false, '404 Not Found'); + +// Fetch some info about the post, the topic and the forum +$result = $db->query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.first_post_id, t.closed, p.posted, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); +if (!$db->num_rows($result)) + message($lang_common['Bad request'], false, '404 Not Found'); + +$cur_post = $db->fetch_assoc($result); + +if ($pun_config['o_censoring'] == '1') + $cur_post['subject'] = censor_words($cur_post['subject']); + +// Sort out who the moderators are and if we are currently a moderator (or an admin) +$mods_array = ($cur_post['moderators'] != '') ? unserialize($cur_post['moderators']) : array(); +$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && array_key_exists($pun_user['username'], $mods_array))) ? true : false; + +$is_topic_post = ($id == $cur_post['first_post_id']) ? true : false; + +// Do we have permission to edit this post? +if (($pun_user['g_delete_posts'] == '0' || + ($pun_user['g_delete_topics'] == '0' && $is_topic_post) || + $cur_post['poster_id'] != $pun_user['id'] || + $cur_post['closed'] == '1') && + !$is_admmod) + message($lang_common['No permission'], false, '403 Forbidden'); + +if ($is_admmod && $pun_user['g_id'] != PUN_ADMIN && in_array($cur_post['poster_id'], get_admin_ids())) + message($lang_common['No permission'], false, '403 Forbidden'); + +// Load the delete.php language file +require PUN_ROOT.'lang/'.$pun_user['language'].'/delete.php'; + + +if (isset($_POST['delete'])) +{ + // Make sure they got here from the site + confirm_referrer('delete.php'); + + require PUN_ROOT.'include/search_idx.php'; + + if ($is_topic_post) + { + // Delete the topic and all of its posts + delete_topic($cur_post['tid']); + update_forum($cur_post['fid']); + + redirect('viewforum.php?id='.$cur_post['fid'], $lang_delete['Topic del redirect']); + } + else + { + // Delete just this one post + delete_post($id, $cur_post['tid']); + update_forum($cur_post['fid']); + + // Redirect towards the previous post + $result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['tid'].' AND id < '.$id.' ORDER BY id DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); + $post_id = $db->result($result); + + redirect('viewtopic.php?pid='.$post_id.'#p'.$post_id, $lang_delete['Post del redirect']); + } +} + + +$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_delete['Delete post']); +define ('PUN_ACTIVE_PAGE', 'index'); +require PUN_ROOT.'header.php'; + +require PUN_ROOT.'include/parser.php'; +$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']); + +?> +<div class="linkst"> + <div class="inbox"> + <ul class="crumbs"> + <li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li> + <li><span>» </span><a href="viewforum.php?id=<?php echo $cur_post['fid'] ?>"><?php echo pun_htmlspecialchars($cur_post['forum_name']) ?></a></li> + <li><span>» </span><a href="viewtopic.php?pid=<?php echo $id ?>#p<?php echo $id ?>"><?php echo pun_htmlspecialchars($cur_post['subject']) ?></a></li> + <li><span>» </span><strong><?php echo $lang_delete['Delete post'] ?></strong></li> + </ul> + </div> +</div> + +<div class="blockform"> + <h2><span><?php echo $lang_delete['Delete post'] ?></span></h2> + <div class="box"> + <form method="post" action="delete.php?id=<?php echo $id ?>"> + <div class="inform"> + <div class="forminfo"> + <h3><span><?php printf($is_topic_post ? $lang_delete['Topic by'] : $lang_delete['Reply by'], '<strong>'.pun_htmlspecialchars($cur_post['poster']).'</strong>', format_time($cur_post['posted'])) ?></span></h3> + <p><?php echo ($is_topic_post) ? '<strong>'.$lang_delete['Topic warning'].'</strong>' : '<strong>'.$lang_delete['Warning'].'</strong>' ?><br /><?php echo $lang_delete['Delete info'] ?></p> + </div> + </div> + <p class="buttons"><input type="submit" name="delete" value="<?php echo $lang_delete['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> + </form> + </div> +</div> + +<div id="postreview"> + <div class="blockpost"> + <div class="box"> + <div class="inbox"> + <div class="postbody"> + <div class="postleft"> + <dl> + <dt><strong><?php echo pun_htmlspecialchars($cur_post['poster']) ?></strong></dt> + <dd><span><?php echo format_time($cur_post['posted']) ?></span></dd> + </dl> + </div> + <div class="postright"> + <div class="postmsg"> + <?php echo $cur_post['message']."\n" ?> + </div> + </div> + </div> + <div class="clearer"></div> + </div> + </div> + </div> +</div> +<?php + +require PUN_ROOT.'footer.php'; |