Smashly Community Forums » PhotoSmash Help » Allowing users to delete their own image

About this topic

  • Posted by lee 2 years ago. There are 12 posts. The latest reply is from byron.
  • This topic is resolved

No tags yet.

  1. lee
    Member
    Posted 2 years ago #

    Hi Byron,

    I posted this in the comments on smashly.net, but I wasn't sure if you check it anymore with the forums - sorry for hte duplicate post.

    I decided tackle the request to allow users to delete their own images.

    Basically, I created a custom shortcode in PS called [delete_image] that I can use in the custom layout. The shortcode compares the current user ID to the image contributor ID (all authenticated users are contributors). If they match, then I place a delete button in the custom layout below the image. The link invokes the bwbpsModerateImage() function, using the ‘bury’ action.

    This works great when I’m logged in as the admin, but when I log in as the contributor, I get the error: ‘Failed due to security: invalid nonce’. Obviously a security issue with contributors or level_1 deleting an image that is their own.

    Any ideas how I can modify to allow the contributors to delete their own images before or after they have been approved?

    Thanks,

    Lee

  2. byron
    Key Master
    Posted 2 years ago #

    Hi Lee,

    You have a couple of choices...1) you could go the route you're going, but it will need the moderate nonce...I'd have to look at how it's implemented when I display the moderation links.

    2) There is an ajax file called: ajax_useractions.php that has functionality for allowing non-Admins to delete an image...and a Post that they created.

    You might check that out as well. Again, it will require a nonce.

    When I get some time, I'll dive deeper...but I'm going to be out of pocket for a few days.
    BB

  3. lee
    Member
    Posted 2 years ago #

    Hi Byron,

    For some reason, it just won't allow a particular user to delete any image they uploaded unless it is the admin account. Could it be a folder or database permissions issue? (using WAMP in my dev environment).

    In my custom shortcode in bwbps-layout.php, I'm executing:

    onclick='bwbpsModerateImage(\"bury\",($image[image_id]));'

    As I mentioned above, it seems to send -1 for 'data' to the bwbpsModerateSuccess() function when a contributor user tries to delete and gets stuck here with the invalid nonce error.

    I tried creating a copy of the bwbpsModerateImage() function and renamed it to bwbpsUserModerateImage() and changed the url: in the ajax call to url: bwbpsAjaxUserURL. (also changed the "bury" action to both myaction = "userdelete" and myaction = "userdeletewithpost". Neither worked).

    I am by no means an expert at JavaScript or PHP, but I get by. All of this works when the authenticated user is the admin account, just not when the contributors are logged in. Any other suggestions that I could try?

    Thanks,

    Lee

  4. deanhodges
    Member
    Posted 2 years ago #

    im interested in this post. did we find a solution??

  5. mfacer
    Member
    Posted 1 year ago #

    I'm also interested in this. I've got this plugin working perfectly - everything is great - except the one missing delete image by a user.

  6. byron
    Key Master
    Posted 1 year ago #

    Noted....thanks to everyone for weighing in on this...bumping up the list.

    BB

  7. claralisse
    Member
    Posted 1 year ago #

    Hi,

    I have made a page where the users can see their pictures and can delete them too. This is how I did it:

    In bwbps-layout.php I created a custom shortcode called [allow_delete_images]:

    case '[allow_delete_images]':
    $nonce = wp_create_nonce('bwb_upload_photos');
    global $current_user;
    get_currentuserinfo();
    if ((int)$image['user_id'] == $current_user->ID)
       $ret = "<input type='button' value='Eliminar' onclick='bwbpsModerateImageLaVoz(\"burybyuser\",(".$image['psimageID']."),\"\",\"".$nonce."\")'>";
    else
       $ret = "";
    break;

    This code call a Javascript function that I have added to bwbps.js. This function is like bwbpsModerateImage function but it receives the nonce param that will be used in the ajax call. This is the code of bwbpsModerateImageLaVoz function:

    function bwbpsModerateImageLaVoz(action, image_id, post_id, nonce)
{
    var imgid = parseInt('' + image_id);
    var myaction = false;
    var actiontext = "";
    var postid = parseInt('' + post_id);
    var img_id_text = " (image id: " + imgid + ")";
    var sendMsg = jQuery("#ps_mod_send_msg").attr('checked') ? 1 : 0;
    var modMsg = '';
    var confirmOn = true;

    switch (action) {
        case 'burybyuser' :
            myaction = 'userdeletewithpost';
            actiontext = "eliminar esta fotografía (Nota: al eliminar esta fotografía la eliminará también de la galería a la que pertenezca.) ";

            if( sendMsg && !confirm('Is Rejection Moderation Message correct?\n\n ' + jQuery("#").val() )){

                return;
            } else {
                if( sendMsg ){
                    modMsg = jQuery("#ps_mod_reject_msg").val();
                }
            }
            break;
    }

    if(!myaction){ alert('Invalid action.'); return false;}
    if(confirmOn){
        if(!confirm('¿Desea ' + actiontext + '?')){ return false;}
    }

    var _moderate_nonce = nonce;
    var image_caption = '';
    var image_url = "";
    var image_tags = "";
    var meta_data = "";
    var file_url = "";
    var image_seq = "";
    var image_post_id = 0;

    try{
        $j('#ps_savemsg').show();
    }catch(err){}
$j.ajax({
	type: 'POST',
	url: bwbpsAjaxUserURL,
	data: { 'action': myaction,
       'image_id': imgid,
       '_ajax_nonce' : _moderate_nonce,
       'image_caption' : image_caption,
       'image_url' : image_url,
       'image_tags' : image_tags,
       'meta_data' : meta_data,
       'file_url' : file_url,
       'seq' : image_seq,
       'post_id' : postid,
       'image_post_id' : image_post_id,
       'mod_msg' : modMsg,
       'send_msg' : sendMsg
       },
		dataType: 'json',
		success: function(data) {
			bwbpsModerateSuccess(data, imgid);
		}
	});

    Sorry for my bad english :S

    Hope it helps!

  8. byron
    Key Master
    Posted 1 year ago #

    That is excellent!

    I will see if I can incorporate into the core PhotoSmash code. You may need to tweak your settings when the upload comes through, but what you've got is a great foundation.

    Thanks!
    BB

  9. elizabethanne
    Member
    Posted 1 year ago #

    hi! bumping this to see if allowing users to delete their own images ever made it into a release? THANK YOU!

  10. byron
    Key Master
    Posted 1 year ago #

    Yes...it's in there ;-)

    http://smashly.net/photosmash-galleries/change-log/
    change dated - 0.8.03 – 9/24/2010

  11. elizabethanne
    Member
    Posted 1 year ago #

    awesome, thank you!!!

  12. byron
    Key Master
    Posted 1 year ago #

    Welcome!
    BB

RSS feed for this topic