Home N-13 News Forums Help Search
RegisterForgot password?
How to add image to post necklacesdiscou
Known bugs - 4.0.3 necklacesdiscou

Latest N-13 News 4.0.3

What is N-13 News?
Where can I get help?
Known bugs

Forums Help & Support add a link for users to delete their own comment
Preed
Posted on 28 Jan 2010, 20:01:21

Access: Member
Total Posts: 10
Joined: 2010-01-28

I'm wondering if a function exists to add a link in the comments to allow users to delete their own comment. Seems like it shouldn't be too hard to do since you have the story id in the URL and can know the comment id.

Would it need to be something like a form button in the template with an action that posts the story id and comment id?

Anyone written such a function to do something like this? Maybe based on the user's name if their logged in name matches the {author} of the comment?

If no function exists, any help in writing one would be appreciated since this uses AJAX and I'm not so great at understanding AJAX.
#1749
Chris
Posted on 28 Jan 2010, 20:57:12

Access: Admin
Total Posts: 1395
Joined: 2006-05-19

The problem with allowing users to delete their own comments is the system allows users to posts comments without having an account, this means that the only way to track who posted what comment would be to set a cookie on the users system, problem is the user could delete this cookie then they would have no way of deleting that comment.

Only way around this would be to require users to have an account before letting them post comments, this way you can check the username against the comment ID to see if the comment belongs to that user.

This is how I would go about doing that. Edit functions.php, around line 297~ you'll see this code

Code:
function formatcomments($str,$row){
    global $timezone, $newsusers, $newsfilter, $newssmilies, $newstemplates, $commentstimeformat, $commentslength;
....

just below that line add this code

Code:
    if($_POST['ajax'] == true){
        $pid = $_POST['id'];
    }else{
        $pid = $_GET['id'];
    }
    $str = str_replace("{pid}", $pid, $str);
    // Only show the delete link if the author if $_SESSION['name'] is the same as the author of the comment
    if($_SESSION['name'] == $row['user']){
        $str = preg_replace('#\[delete-link\](.*?)\[\/delete-link\]#si', '<a href="?id=' . $pid . '&delete=' . $row['id'] . '">$1</a>' . $ddlink, $str);
    }else{
        $str = preg_replace('#\[delete-link\](.*?)\[\/delete-link\]#se', '', $str);
    }


Now edit index.php, anywhere near the top, just below these lines of code

Code:
$delimiter = '<!-- ####@@@**split**@@@### -->';
require_once 'db.php';
require_once 'config.php';
require_once 'language/' . $default_index_language;
$_SESSION['language'] = str_replace(".php", "", $default_index_language);


Add this

Code:
if($_GET['delete']){
    // Check the comment the user wants to delete belongs to them
    // $_SESSION['name'] is where the username is stored when the user is logged in

    if(count(DataAccess::fetch("SELECT id FROM $newscomments WHERE user = ? AND id = ?", $_SESSION['name'], $_GET['delete'])) > 0){
        // the comment belongs to them so we can delete it
        DataAccess::put("DELETE FROM $newscomments WHERE user = ? AND id = ?", $_SESSION['name'], $_GET['delete']);
    }else{
        // doesn't belong to them do something here
    }
}


And finally edit the template you're currently using, expand the Comments section and add this code

Code:
[delete-link]Delete[/delete-link]


Users should now be able to delete their own comments.
#1750
Preed
Posted on 28 Jan 2010, 21:04:03

Access: Member
Total Posts: 10
Joined: 2010-01-28

Thanks for the info Chris. I'll see if I can implement into my own code. I forgot to mention that my users have to log into the whole website before they are allowed to post, and instead of them typing their name into the Name box on the comments form, I made that field hidden and made its value equal to their full name as stored in my login session.

So I do know who they are, for example I have a session with

$user=$session->firstname.' '.$session->lastname

I hid the name field and made its value equal to $user before submitting the form data. This way, they have no choice but to have their full and accurate name visible when posting a comment.

I don't want them logging in to N-13's account system.

I will definitely look at the code you've given me and see if I can implement it. You're a big help. I'll let you know how it goes.

#1751
Chris
Posted on 28 Jan 2010, 21:08:11

Access: Admin
Total Posts: 1395
Joined: 2006-05-19

The above code should still work, you would just need to change $_SESSION['name'] to whatever the session is called where you've stored their usernames.
#1752
Preed
Posted on 28 Jan 2010, 21:09:45

Access: Member
Total Posts: 10
Joined: 2010-01-28

That's what I was thinking too! It should still work and be easy to see if their already logged in username matches the name of the author of the post, then show the link.

Thanks again for your help!:smile2:
#1753
Preed
Posted on 28 Jan 2010, 22:06:06

Access: Member
Total Posts: 10
Joined: 2010-01-28

Yay! I got it working Chris! Thanks for the additional code. I was able to set $_SESSION['name'] equal to my own user login and was able to compare the row containing the name that got stored as the {author} to the currently logged in name.

Of course, users have a way to change their own name in the system and if they ever made it match the name of the {author} exactly of the post, they would get the delete link as well.

Truth, however, I doubt any of my users will ever even think of that. If they do, I'll switch it to their userid, which is something none of them know. I'll be watching to see if anyone complains of posts being deleted when they didn't do it.

It's not foolproof on my part of things, I know that, but my users are not very sophisticated, and would not likely think of it.

In any case, it worked, the delete link works when logged in as the user who made the post so long as the first and last name match.

Thanks a bunch.
#1754
Preed
Posted on 29 Jan 2010, 03:46:22

Access: Member
Total Posts: 10
Joined: 2010-01-28

Ugh! Yes, I got that part working but noticed some sort of conflict between your session and mine. Attempting to log into the site with the news/index.php file included in my main page prevents the user data from loading from the database into the array that holds the data.

My login form now stops at /Array with my custom 404 page showing.

I'll keep looking into your code and mine. Hopefully I can figure out where the conflict is in the sessions.
#1756
Chris
Posted on 29 Jan 2010, 07:27:31

Access: Admin
Total Posts: 1395
Joined: 2006-05-19

I may be that the session the news system uses is called 'n13news', you can change that at the beginning of index.php and admin.php

Code:
session_name('n13news');
#1757
Preed
Posted on 29 Jan 2010, 13:39:06

Access: Member
Total Posts: 10
Joined: 2010-01-28

The interesting thing is, there is only a conflict where news actually already appears. For example, users can log in to my site from any page. On the home page, there are shorter stories from N-13 that are visible to the entire world, but to view longer stories, they must log in. If they log in from the home page, the error happens on log in attempt (news from N-13 is already there), but if they log in from the News page, no news has been displayed yet, and it works and refreshes the page and shows the news. It's kind of like my session for log in has to happen before your session for news happens, otherwise logging in to the site fails.

As an interim fix, I may remove the log in box from the home page and only have it on the inside pages, where it works all the time. I'll figure it out, or I'll find a work around.
#1759
Network-13.com © 2013