Файл: modules/forum/delete_post.php
Строк: 66
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
$locate = 'in_forum';
$edit_post = $db->query("SELECT * FROM `forum_pt` WHERE `id` = '".abs(intval($_GET['id']))."'")->fetch();
if(User::Id() != $edit_post['user_id'] && User::level() < 2 && User::level() < 5)
{
redirect('/');
exit;
}
if(isset($_GET['id']))
{
$id = abs(intval($_GET['id']));
if(isset($_POST['yes']))
{
if(!empty($postWithFile['file']))
{
unlink(ROOT.'/files/forum/'.$edit_post['file']);
}
if($db->query("SELECT `id` FROM `forum_pt` WHERE `topic_id` = '". abs(intval($_GET['topic_id'])) ."' ORDER BY time ASC")->fetchColumn() == abs(intval($_GET['id'])))
{
$d = $db->query("SELECT cat_id FROM `forum_t` WHERE `id` = '".abs(intval($_GET['topic_id']))."'")->fetchColumn();
$db->query("DELETE FROM `forum_pt` WHERE `id` = '". abs(intval($_GET['id'])) ."'");
$db->query("DELETE FROM `forum_t` WHERE `id` = '". abs(intval($_GET['topic_id'])) ."'");
$db->query("DELETE FROM `forum_pt` WHERE `topic_id` = '". abs(intval($_GET['topic_id'])) ."'");
redirect('/forum/section/'.$d);
}
else
{
if($db->query("SELECT id FROM `forum_pt` WHERE `id` = '$id' ORDER BY time DESC LIMIT 1")->fetchColumn() == $id)
{
$db->query("DELETE FROM `forum_pt` WHERE `id` = '$id' LIMIT 1");
// print_r($db->errorInfo());
$_tmp = $db->query("SELECT * FROM `forum_pt` WHERE `topic_id` = '".$postData['topic_id']."' ORDER BY time DESC LIMIT 1")->fetch();
// print_r($db->errorInfo());
$db->query("UPDATE `forum_t` SET `time_last_post` = '".$_tmp['time']."', `user_last_post` = '".$_tmp['user_id']."' WHERE `id` = '".$postData['topic_id']."' LIMIT 1");
}
else
{
$db->query("DELETE FROM `forum_pt` WHERE `id` = '$id' LIMIT 1");
// print_r($db->errorInfo());
$db->query("UPDATE `forum_t` SET `time_last_post` = '".time()."', `user_last_post` = '".User::Id()."' WHERE `id` = '".$postData['topic_id']."' LIMIT 1");
// print_r($db->errorInfo());
}
redirect('/forum/topic/'.abs(intval($_GET['topic_id'])).'?page=end');
}
}
elseif(isset($_POST['no']))
{
redirect('/forum/topic/'.abs(intval($_GET['topic_id'])).'?page=end');
}
$title = _t('delete');
include_header($title);
$tpl->div('title', _t('delete'));
echo '<form action="/forum/delete_post/'. abs(intval($_GET['id'])) .'?topic_id='.abs(intval(abs(intval($_GET['topic_id'])))).'" method="post">
<div class="menu">
<b>'. _t('r_sure') .'</b><br/>
<input name="yes" type="submit" value="'. _t('yes') .'" /> <input name="no" type="submit" value="'. _t('no') .'" /><br/>
</div>
</form>';
$tpl->div('block', NAV .'<a href="/forum/">'. _t('forum') .'</a><br/>' . HICO .'<a href="/">'. _t('home').'</a>');
include_footer();
} else { redirect('/'); }
?>