Author Topic: Edit Comment, Edit Image  (Read 21248 times)

0 Members and 1 Guest are viewing this topic.

rinaldos

  • Guest
Edit Comment, Edit Image
« on: September 15, 2008, 06:50:39 PM »
Ich wollte nun meinen Nutzern die Funktion EDIT COMMENT bzw Edit Image freigeben. Doch sobald sich ein Nutzer einloggt und seinen selber geschrieben Kommentar ändern will, gelangt er immer wieder auf die Startseite.
Wenn ich in der Datei member.php folgendes deaktiviere
Code: [Select]
  if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
    header("Location: ".$site_sess->url($url, "&"));
    exit;
  }
kann er seinen Kommentar editieren, aber mit der URL die oben dann in der Adressleiste steht, auch alle anderen Kommentare :-(
In einer frisch installierten 4images Version kann der Nutzer, obwohl im ACP aktiviert, seine Bilder und seine Kommentare auch nicht bearbeiten. Ein BUG?

Gruß
Ingo

rinaldos

  • Guest
Re: Edit Comment, Edit Image
« Reply #1 on: September 22, 2008, 12:28:37 AM »
Wenn ich in der member.php
folgende Zeilen (insgesamt 4 mal)
Code: [Select]
  if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {

gegen
Code: [Select]
  if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_name'] != $comment_row['comment_user_name'] && $user_info['user_level'] != ADMIN)) {

ersetze, kann der User seine Kommentar editieren und löschen. Die Überprüfung erfolgt nun Anhand des User_Names. Der User kann wenigstens nicht die Kommentare der anderen User bearbeiten. Anscheinend klappt die Abfrage der user_id nicht richtig.

Herausgefunden habe ich es wie folgt. Als ich anstelle von
Code: [Select]
show_error_page($lang['no_permission']);
das einsetze
Code: [Select]
show_error_page($comment_row['user_id']);
wird immer die ID des ersten Kommentares in der DB eingesetzt und nicht wie abgefragt die USER_ID!!!

Die MYSQL Abfrage ist immer noch die originale
Code: [Select]
  $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";

meine admin_links in der details.php
Code: [Select]
      $admin_links = "";
      if ($user_info['user_level'] == ADMIN) {
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&amp;comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&amp;comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
      }
      elseif ($is_image_owner || $comment_user_id == $user_info['user_id'] && $user_info['user_level'] >= USER) {
        $admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
      }

Vielleicht hilft es 4images so zu erweitern, das die Nutzer Ihre eigenen Kommentare bearbeiten können und die Bildinhabe die Kommentare der Nutzer löschen können.

Gruß
Ingo

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: Edit Comment, Edit Image
« Reply #2 on: September 22, 2008, 12:48:23 AM »
Hallo Ingo,

... danke für dieses Tutorial ...
... werde einen Link in die "todo-list for next 4images version" setzen ...
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline KurtW

  • 4images Guru
  • *******
  • Posts: 2.778
    • View Profile
    • Malediven-Bilder ~~Dreams~~
Re: Edit Comment, Edit Image
« Reply #3 on: September 22, 2008, 05:54:55 AM »
Hallo,

in der if Abfrage:
Code: [Select]
$comment_row['user_id'] <= USER_AWAITING

Die "user_id" hat doch nichts mit dem "user_level" zu tun.....  8O


Kurt

rinaldos

  • Guest
Re: Edit Comment, Edit Image
« Reply #4 on: September 22, 2008, 11:34:34 AM »
Ich habe nun noch ein wenig die ganzen Einträge modifiziert. Nun ist es möglich, das der BILD-Eigentümer Kommentare anderer User löschen kann. Der Kommentareigentümer kann seine Kommentare bearbeiten bzw. löschen. Ich habe leider die Abfrage beim löschen der Kommentare herausnehmen müssen, also vorsicht. Es wird nicht mehr gefragt: Wollen Sie den Kommentar löschen?

Codeupdate am 24.10.2008 15:06 Uhr incl Abfrage wollen sie wirklich löschen
Dazu wurde die member.php um deleteowncomment / removeowncomment erweitert und die Adminlinks in der details.php angepasst. Das Problem in den originaldateien ist, das einmal nach comment_user_id und user_id gefragt wird, und die Berechtigungen daher nie passen.

getestet können diese Änderungen hier
Username: test
Passwort: test

Dem User TEST gehört dieses Bild
http://4images.rinaldos.homeip.net/details.php?image_id=9554

Gehe ich auf dieses Bild
http://4images.rinaldos.homeip.net/details.php?image_id=9553
sehe ich, das ich an den Userkommentaren nichts machen kann, da dem User TEST das Bild nicht gehört.

Wenn ich das Bild ändere und in der Adressleiste eine andere comment_id eingebe, bekomme ich die Fehlermeldung das der Nutzer TEST nicht die Rechte dazu hat:
http://4images.rinaldos.homeip.net/member.php?action=editcomment&comment_id=15
bzw das löschen
http://4images.rinaldos.homeip.net/member.php?action=removecomment&comment_id=15
http://4images.rinaldos.homeip.net/member.php?action=deletecomment&comment_id=15

geänderte Dateien:
details.php
member.php

finde in details.php
Code: [Select]
$is_image_owner = ($image_row['user_id'] > USER_AWAITING && $user_info['user_id'] == $image_row['user_id']) ? 1 : 0;
füge darunter ein
Code: [Select]
// Kommentare Editieren
$image_user_id = $image_row['user_id'];
// Kommentare editieren

finde
Code: [Select]
      $admin_links = "";
      if ($user_info['user_level'] == ADMIN) {
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&amp;comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&amp;comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
      }
      elseif ($is_image_owner) {
        $admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
      }

ersetze mit:
Code: [Select]
// Kommentare bearbeiten
      $admin_links = "";
      if ($user_info['user_level'] == ADMIN) {
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&amp;comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&amp;comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
      }
      elseif ($comment_user_id == $user_info['user_id'] && $user_info['user_level'] >= USER ) {
        $admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removeowncomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
      }
       elseif ($is_image_owner || $image_user_id == $user_info['user_id']) {
        $admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
      }
// Kommentare bearbeiten

öffne member.php
ersetze den ganzen Block von

Code: [Select]
  if ($action == "deletecomment") {
.......
  $content = $site_template->parse_template("member_editcomment");
}


mit
Code: [Select]
if ($action == "deletecomment") {
  if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }

  $sql = "SELECT c.comment_id, c.user_id AS comment_user_id, i.image_id, i.cat_id, i.user_id, i.image_name
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  $comment_row = $site_db->query_firstrow($sql);
  if (!$comment_row ||($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_delete'];

  $sql = "UPDATE ".IMAGES_TABLE."
          SET image_comments = image_comments - 1
          WHERE image_id = ".$comment_row['image_id'];
  $site_db->query($sql);

  if ($comment_row['comment_user_id'] != GUEST) {
    $sql = "UPDATE ".USERS_TABLE."
            SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
            WHERE ".get_user_table_field("", "user_id")." = ".$comment_row['comment_user_id'];
    $site_db->query($sql);
  }

  $sql = "DELETE FROM ".COMMENTS_TABLE."
          WHERE comment_id = $comment_id";
  $result = $site_db->query($sql);
  $msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}

if ($action == "removecomment") {
  if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
  }

  $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  $comment_row = $site_db->query_firstrow($sql);
  if (!$comment_row ||($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_delete'];

  if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
    $user_name = $comment_row[$user_table_fields['user_name']];
  }
  else {
    $user_name = $comment_row['comment_user_name'];
  }

  $site_template->register_vars(array(
    "comment_id" => $comment_id,
    "image_name" => format_text($comment_row['image_name']),
    "user_name" => format_text($user_name),
    "comment_headline" => format_text($comment_row['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
    "comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
    "lang_delete_comment" => $lang['comment_delete'],
    "lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
    "lang_image_name" => $lang['image_name'],
    "lang_name" => $lang['name'],
    "lang_headline" => $lang['headline'],
    "lang_comment" => $lang['comment'],
    "lang_submit" => $lang['submit'],
    "lang_reset" => $lang['reset'],
    "lang_yes" => $lang['yes'],
    "lang_no" => $lang['no']
  ));
  $content = $site_template->parse_template("member_deletecomment");
}

if ($action == "deleteowncomment") {
  if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }

  $sql = "SELECT c.comment_id, c.user_id AS comment_user_id, i.image_id, i.cat_id, i.user_id, i.image_name
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  $comment_row = $site_db->query_firstrow($sql);
  if (!$comment_row ||($user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_delete'];

  $sql = "UPDATE ".IMAGES_TABLE."
          SET image_comments = image_comments - 1
          WHERE image_id = ".$comment_row['image_id'];
  $site_db->query($sql);

  if ($comment_row['comment_user_id'] != GUEST) {
    $sql = "UPDATE ".USERS_TABLE."
            SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
            WHERE ".get_user_table_field("", "user_id")." = ".$comment_row['comment_user_id'];
    $site_db->query($sql);
  }

  $sql = "DELETE FROM ".COMMENTS_TABLE."
          WHERE comment_id = $comment_id";
  $result = $site_db->query($sql);
  $msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}

if ($action == "removeowncomment") {
  if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
  }

  $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  $comment_row = $site_db->query_firstrow($sql);
  if (!$comment_row ||($user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_delete'];

  if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
    $user_name = $comment_row[$user_table_fields['user_name']];
  }
  else {
    $user_name = $comment_row['comment_user_name'];
  }

  $site_template->register_vars(array(
    "comment_id" => $comment_id,
    "image_name" => format_text($comment_row['image_name']),
    "user_name" => format_text($user_name),
    "comment_headline" => format_text($comment_row['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
    "comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
    "lang_delete_comment" => $lang['comment_delete'],
    "lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
    "lang_image_name" => $lang['image_name'],
    "lang_name" => $lang['name'],
    "lang_headline" => $lang['headline'],
    "lang_comment" => $lang['comment'],
    "lang_submit" => $lang['submit'],
    "lang_reset" => $lang['reset'],
    "lang_yes" => $lang['yes'],
    "lang_no" => $lang['no']
  ));
  $content = $site_template->parse_template("member_deleteowncomment");
}

if ($action == "updatecomment") {
  if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }
  $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  $comment_row = $site_db->query_firstrow($sql);
  if (!$comment_row ||($user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_edit'];

  $error = 0;

  $comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
  $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));

  if ($comment_headline == "")  {
    $error = 1;
    $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['headline']), $lang['field_required']);
    $msg .= (($msg != "") ? "<br />" : "").$field_error;
  }
  if ($comment_text == "")  {
    $error = 1;
    $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['comment']), $lang['field_required']);
    $msg .= (($msg != "") ? "<br />" : "").$field_error;
  }

  if (!$error) {
    $sql = "UPDATE ".COMMENTS_TABLE."
            SET comment_headline = '$comment_headline', comment_text = '$comment_text'
            WHERE comment_id = $comment_id";
    $result = $site_db->query($sql);
    $msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
  }
  else {
    $action = "editcomment";
    $sendprocess = 1;
  }
}

if ($action == "editcomment") {
  if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
  }

  $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  $comment_row = $site_db->query_firstrow($sql);
  if (!$comment_row ||($user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_edit'];

  $comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline'];
  $comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];

  if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
    $user_name = $comment_row[$user_table_fields['user_name']];
  }
  else {
    $user_name = $comment_row['comment_user_name'];
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_edit'];

  $error = 0;

  $comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
  $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));

  if ($comment_headline == "")  {
    $error = 1;
    $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['headline']), $lang['field_required']);
    $msg .= (($msg != "") ? "<br />" : "").$field_error;
  }
  if ($comment_text == "")  {
    $error = 1;
    $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['comment']), $lang['field_required']);
    $msg .= (($msg != "") ? "<br />" : "").$field_error;
  }

  if (!$error) {
    $sql = "UPDATE ".COMMENTS_TABLE."
            SET comment_headline = '$comment_headline', comment_text = '$comment_text'
            WHERE comment_id = $comment_id";
    $result = $site_db->query($sql);
    $msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
  }
  else {
    $action = "editcomment";
    $sendprocess = 1;
  }
}

if ($action == "editcomment") {
  if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
  }

  $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
          FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
          LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
          WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  $comment_row = $site_db->query_firstrow($sql);
  if (!$comment_row ||($user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
    show_error_page($lang['no_permission']);
    exit;
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_edit'];

  $comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline'];
  $comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];

  if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
    $user_name = $comment_row[$user_table_fields['user_name']];
  }
  else {
    $user_name = $comment_row['comment_user_name'];
  }

  $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  $txt_clickstream .= $lang['comment_edit'];

  $comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline'];
  $comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];

  if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
    $user_name = $comment_row[$user_table_fields['user_name']];
  }
  else {
    $user_name = $comment_row['comment_user_name'];
  }

  $bbcode = "";
  if ($config['bb_comments'] == 1) {
    $site_template->register_vars(array(
      "lang_bbcode" => $lang['bbcode'],
//      "smiles_text" => get_smiles_text(),
      "lang_tag_prompt" => $lang['tag_prompt'],
      "lang_link_text_prompt" => $lang['link_text_prompt'],
      "lang_link_url_prompt" => $lang['link_url_prompt'],
      "lang_link_email_prompt" => $lang['link_email_prompt'],
      "lang_list_type_prompt" => $lang['list_type_prompt'],
      "lang_list_item_prompt" => $lang['list_item_prompt']
    ));
    $bbcode = $site_template->parse_template("bbcode");
  }

  $site_template->register_vars(array(
    "bbcode" => $bbcode,
    "comment_id" => $comment_id,
    "image_name" => format_text($comment_row['image_name'], 2),
    "user_name" => format_text($user_name, 2),
    "comment_headline" => format_text($comment_headline, 2),
    "comment_text" => format_text($comment_text, 2),
    "lang_edit_comment" => $lang['comment_edit'],
    "lang_image_name" => $lang['image_name'],
    "lang_name" => $lang['name'],
    "lang_headline" => $lang['headline'],
    "lang_comment" => $lang['comment'],
    "lang_submit" => $lang['submit'],
    "lang_reset" => $lang['reset'],
    "lang_yes" => $lang['yes'],
    "lang_no" => $lang['no']
  ));
  $content = $site_template->parse_template("member_editcomment");
}

erstelle ein neues Template in templates/default/member_deleteowncomment.html
mit folgendem Code
Code: [Select]
<form method="post" action="{url_member}" enctype="multipart/form-data" onsubmit="uploadbutton.disabled=true;">
  <input type="hidden" name="action" value="deleteowncomment" />
  <input type="hidden" name="comment_id" value="{comment_id}" />
  <table width="100%" border="0" cellspacing="0" cellpadding="1">
    <tr>
      <td valign="top" class="head1">
        <table width="100%" border="0" cellpadding="4" cellspacing="0">
          <tr>
            <td valign="top" class="head1">{lang_delete_comment}</td>
          </tr>
          <tr>
            <td class="row2">{lang_delete_comment_confirm}</td>
          </tr>
        </table>
      </td>
    </tr>
  </table>
  <p align="center">
    <input type="submit" name="uploadbutton" value="{lang_yes}" class="button" />
    <input type="button" value="{lang_no}" class="button" onclick="javascript:history.go(-1)" />
  </p>
</form>
Ich hoffe ich habe alles und es funktioniert nicht nur hier bei mir :-)

Die Einstellungen im ACP
Dürfen User Kommentare zu Ihren eigenen Bildern bearbeiten         JA
Dürfen User Kommentare zu Ihren eigenen Bildern löschen          JA



Gruß
Ingo


« Last Edit: September 24, 2008, 03:12:12 PM by rinaldos »

Offline honda2000

  • 4images Guru
  • *******
  • Posts: 3.263
    • View Profile
    • Wir machen Internet!
Re: Edit Comment, Edit Image
« Reply #5 on: September 24, 2008, 02:44:11 PM »
Supi, genau das hat schon immer gefehlt!
Okay, noch paar kleine Schönheitsfehler

aber es musste möglich sein, Kommentare (z.b. bei Screibfehlern) zu korrigieren (bearbeiten) und wenn einem bei seinem Bild ein Kommentar eines fremden Users so gar nicht gefallen hat, auch zu löschen!

Das sollte in der nächsten Version von 4images berücksichtigt werden.
Okay, schön wäre die Rückfrage :wink:

rinaldos

  • Guest
Re: Edit Comment, Edit Image
« Reply #6 on: September 24, 2008, 03:14:49 PM »
@Honda
habe gerade ein Codeupdate durchgeführt. Bei mir können die Nutzer Ihre Kommentare ändern, eigene löschen, und auf Ihren eigenen Bilder fremde Kommentare löschen. Dazu habe ich die details.php mit den Adminlinks angepasst, ein neues template, sowei ein paar neue if action in der member.php. Berichte doch bitte ob alles dann bei dir auch klappt. Bei mir funktioniert es soweit auf der Homepage, sowei auf der Standard 4Images installation.

http://www.4homepages.de/forum/index.php?topic=22730.msg124511#msg124511

Gruß
Ingo

Offline honda2000

  • 4images Guru
  • *******
  • Posts: 3.263
    • View Profile
    • Wir machen Internet!
Re: Edit Comment, Edit Image
« Reply #7 on: September 24, 2008, 07:53:50 PM »
ja, ja, schon so eingebaut und erweitert!
hm, bei mir funktionierts 100%
8aber ich wart mal noch einen oder zwei Tage bis die ersten User meckern :wink: :roll:)

ansonsten: perfekt!

Offline honda2000

  • 4images Guru
  • *******
  • Posts: 3.263
    • View Profile
    • Wir machen Internet!
Re: Edit Comment, Edit Image
« Reply #8 on: September 26, 2008, 02:42:54 PM »
es ging einen tag, dann plötzlich nicht mehr! 8O :|

Offline Mr_LovaLove

  • Full Member
  • ***
  • Posts: 233
  • Unkown
    • View Profile
Re: Edit Comment, Edit Image
« Reply #9 on: September 26, 2008, 06:04:28 PM »
sorry guyz

but is this code for editting the comments !!?

i mean

if im a normal member and i wrote a comment i found that i have spelling mistake

so this code let the normal member change the comments ( correct or even change the whole text )

i know some of you will say

use google transelator

tell ya the truth

the google trans in my country sick

all the time give us a spyware msg
English Please :@

Offline honda2000

  • 4images Guru
  • *******
  • Posts: 3.263
    • View Profile
    • Wir machen Internet!
Re: Edit Comment, Edit Image
« Reply #10 on: September 26, 2008, 09:29:07 PM »
@Rinaldos,
seit ich:

http://www.4homepages.de/forum/index.php?topic=21960.150
Code: [Select]



if ($config['pm'] && $user_info['user_level'] >= USER) {




if ($config['pm'] && $user_info['user_level'] > 2) {



if ($config['pm'] && $user_info['user_level'] > GUEST) {

Letzte Antwort von mir, geändert habe, habe ich beim Löschen und bearbeiten der Kommentare plötzlich keine Berechtigung mehr!!! Kann das sein??

rinaldos

  • Guest
Re: Edit Comment, Edit Image
« Reply #11 on: September 27, 2008, 06:03:38 PM »
Hi,
irre ich mich, oder bist du in der falschen Datei? In meinem Code ist nichts von PM (private Mail) :-)
Wo magst du denn den Code einbauen. Sorry für die späte Antwort, ich geister gerade durch Norwegen und versuche das ein oder andere Bild zu schiessen :-)

LG
Ingo

Offline honda2000

  • 4images Guru
  • *******
  • Posts: 3.263
    • View Profile
    • Wir machen Internet!
Re: Edit Comment, Edit Image
« Reply #12 on: September 27, 2008, 07:18:51 PM »
Hallo Ingo,
nein, ich habe Editt-Comment von dir eingebaut, ging 100%
einen Tag, ich habe nichts, aber auch nichts geändert, und plötzlich: wenn ich einen Kommentar ändern möchte: Sie haben keine Rechte!

Ich habe wirklich nichts geändert, lediglich im PM-Mod mal die eine einzige Zeile

(selbst wenn ich es zurücksetze, gehts trotzdem nicht)

Darum frage ich, ob die Rechtevergabe was damit zu tun haben könne??

Viel Licht, gute Linsen und gute Motive

rinaldos

  • Guest
Re: Edit Comment, Edit Image
« Reply #13 on: September 27, 2008, 09:00:58 PM »
Also die Rechtvergabe wird nicht wie die Rechtevergabe bei PM Mod geprüft. Es wird lediglich die Kommentar ID mit der des angemeldeten USERS verglichen. Wie meine Änderungen nur einen Tag lang funktionieren können ist mir schleierhaft. Da weiss ich leider auch keinen Rat. Denn beide Änderungen einmal PM und einmal die Kommentare sind vollkommen unabhängig voneinander.
Kann es sein das ein Gast seine Kommentare ändern will? Das geht nicht. Nur angemeldete User können IHRE Kommentare löschen bzw. ändern, und angemeldete User können auf IHREN Bilder andere Kommentare löschen. Dazu muss aber auch im ACP die EINSTELLUNGEN auf JA  stehen  ( Dürfen User Ihre Kommentare löschen und ändern stehen) Denn sobald einer diese Haken auf nein steht, dürfte es nicht mehr funktionieren.
Ich habe genau den gleichen Code auf meiner HP und da funktioniert es nach wie vor.
Siehst du denn überhaupt die EDIT / LÖSCHEN Links auf der detailseite? Wenn nein, sind bei dir die ADMIN Links in der details.php Fehlerhaft.

Ansonsten nimm nochmal den Code und füge den so ein wie gepostet. Das muss klappen.

Gruß aus Norwegen ...

Ingo

Offline qBass17

  • Addicted member
  • ******
  • Posts: 1.800
  • I ♥ 4I
    • View Profile
Re: Edit Comment, Edit Image
« Reply #14 on: October 25, 2008, 04:00:24 AM »
Hey das Teil ist super,

habs in meiner Liste mit aufgenommen!

Eine Frage,

kann man das auch so einstellen das bestimmte Usergruppen das können? Also man kann ja z.B ein Usergruppe erstellen und den Direkten Upload zulassen! So in der Art meine ich das, dass man diese Rechte bestimmten Usergruppen geben kann.