Index: include/comments.php
===================================================================
RCS file: /home/wine/appdb/include/comments.php,v
retrieving revision 1.2
diff -u -r1.2 comments.php
--- include/comments.php	24 Mar 2004 19:30:36 -0000	1.2
+++ include/comments.php	18 Oct 2004 00:47:15 -0000
@@ -63,7 +63,22 @@
     echo "	[<a href='addcomment.php?appId=$ob->appId&versionId=$ob->versionId&subject=".
 	        urlencode("$subject")."&thread=$ob->commentId'><small>reply to this</small></a>] \n";
 
-    echo "</td></tr></table>\n";
+    echo "</td></tr>\n";
+
+    // delete message button, for admins
+    //TODO: application managers should also see this button
+    if(havepriv("admin"))
+    {
+        echo "<tr>";
+        echo '<td><form method=post name=message action="deletecomment.php"><input type=submit value="Delete" class=button> ',"\n";
+        echo "<input type=hidden name='commentId' value=$ob->commentId>";
+        echo "<input type=hidden name='appId' value=$ob->appId>";
+        echo "<input type=hidden name='versionId' value=$ob->versionId></form></td>","\n";
+        echo "</td></tr>";
+    }
+
+    echo "</table>\n";
+
     echo html_frame_end();
         
 }
--- /dev/null	2004-08-19 19:23:11.000000000 -0400
+++ deletecomment.php	2004-10-17 20:44:18.000000000 -0400
@@ -0,0 +1,53 @@
+<?
+
+include("path.php");
+require(BASE."include/"."incl.php");
+
+//FIXME: should check to see if the user is an application maintainer when we have application maintainers
+if(!havepriv("admin"))
+{
+    errorpage('You don\'t have admin privilages');
+    exit;
+}
+
+opendb();
+
+$commentId = strip_tags($_POST['commentId']);
+$commentId = mysql_escape_string($commentId);
+
+$appId = strip_tags($_POST['appId']);
+$versionId = strip_tags($_POST['versionId']);
+
+/* retrieve the parentID of the comment we are deleting */
+/* so we can fix up the parentIds of this comments children */
+$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '$commentId'");
+if (!$result)
+{
+    errorpage('Internal error retrieving parent of commentId');
+    exit;
+}
+
+$ob = mysql_fetch_object($result);
+$deletedParentId = $ob->parentId;
+
+/* delete the comment from the database */
+$result = mysql_query("DELETE FROM appComments WHERE commentId = '$commentId'");
+
+if (!$result)
+{
+    errorpage('Internal Database Access Error',mysql_error());
+    exit;
+}
+
+/* fixup the child comments so the parentId points to a valid parent comment */
+$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '$commentId'");
+if(!$result)
+{
+    errorpage('Internal database error fixing up the parentId of child comments');
+    exit;
+}
+
+addmsg("Comment deleted", "green");
+redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
+
+?>
