delimage.pl
Copying Source is Forbidden
114 lines of code
1
#!/usr/local/bin/perl
2
3
# must have's!
4
use strict;
5
use warnings;
6
use CGI::Carp qw(fatalsToBrowser);
7
use DBI;
8
use URI::Escape;
9
10
use lib "/var/www/html/Pm";
11
12
use Html qw(pre_html_header);
13
use Redir qw(notice_redir error_redir);
14
use Bc_chef qw(cookie_get);
15
use Bc_misc qw(get_param);
16
use Bc_sql qw(get_constant
17
sql_execute
18
user_exists
19
$QUERY_PAGE
20
$QUERY_UID
21
$LOGGEDIN
22
is_flagged
23
24
$DB
25
);
26
27
use Date qw(get_today get_time);
28
use Security qw(banned);
29
use User qw(isUserModerator $USER_DATA);
30
31
my $PAGE = $QUERY_PAGE;
32
my $PHOTOS = get_constant("PHOTOS_PAGE");
33
34
my $DEBUG = 0;
35
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN)) {
36
my $msg = "Access Denied";
37
if ($DEBUG) { $msg .= " (delimage.pl)"; }
38
print error_redir("/", $msg);
39
40
exit 1;
41
}
42
43
my $imgid = get_param("id");
44
my $admin = get_param("a");
45
46
if ($a) {
47
if (not isUserAdmin($LOGGEDIN)) {
48
my $msg = "Access Denied";
49
if ($DEBUG) { $msg .= " (delimage.pl)"; }
50
print error_redir("/", $msg);
51
52
exit 1;
53
}
54
}
55
56
my $sql = "select * from images where ID=" . $DB->quote($imgid);
57
my $ref = sql_execute($sql, "delimage.pl"); # this SHOULD return just ONE hit
58
if (ref $ref eq "HASH") {
59
# now, check if the logged in user is the rightful owner to the image
60
# or is allowed to at least delete an image
61
my $allowed = 0;
62
if ($ref->{UID} eq $LOGGEDIN) { $allowed = 1; }
63
if (isUserModerator($LOGGEDIN) and is_flagged($ref->{UID}, $imgid, "i")) { $allowed = 1; }
64
65
if ($allowed) {
66
# delete the image!
67
my $fid = is_flagged($ref->{UID}, $imgid, "i");
68
69
my $disql = "delete from images where ID=" . $DB->quote($imgid);
70
if (sql_execute($disql, "delimage.pl")) {
71
if ($fid) {
72
my $dfsql = "delete from flagged where ID=" . $DB->quote($fid->{ID});
73
if (sql_execute($dfsql, "delimage.pl")) {
74
if ($admin) {
75
# send msg to user
76
my $msgSQL = "insert into messages (from_ID, to_ID, sent, subject, msg, seen, deled, sent_time) values (";
77
$msgSQL .= "0000000000";
78
$msgSQL .= $fid->{UID};
79
$msgSQL .= get_today("db", 1);
80
$msgSQL .= "Your image was deleted";
81
$msgSQL .= "";
82
$msgSQL .= 1;
83
$msgSQL .= 1;
84
$msgSQL .= get_time(0, 1);
85
$msgSQL .= ")";
86
if (sql_execute($msgSQL, "delimage.pl")) {
87
print notice_redir("/?$PAGE=" . get_constant("PROFILE_PAGE") . "&uid=$fid->{ID}", "Image and flag deleted, and msg sent to $fid->{UID}");
88
} else {
89
print error_redir(referrer(), "Failed to send msg after successfully deleting image");
90
}
91
} else {
92
print notice_redir("/?$PAGE=$PHOTOS", "Image deleted");
93
}
94
} else {
95
if ($admin) {
96
print error_redir(referrer(), "Failed to delete flag");
97
} else {
98
print error_redir(referrer(), "Failed to delete flag");
99
}
100
}
101
} else {
102
print notice_redir("/?$PAGE=$PHOTOS", "Image deleted");
103
}
104
} else {
105
print error_redir("/?$PAGE=$PHOTOS", "Failed to delete image");
106
}
107
} else {
108
print error_redir("/?$PAGE=$PHOTOS", "You don't own that image! " . isUserModerator($LOGGEDIN));
109
}
110
} else {
111
print error_redir("/?$PAGE=$PHOTOS", "Image doesn't exist!");
112
}
113
114
exit 1;