Location: PHPKode > projects > ArticleSetup > ArticleSetup-v1-1/upload/comments/classes/Reply.class.php
<?php
require_once 'DB.class.php';

class Reply {
	
	private $action = array();
	
	public function form( $id, $replytocom = NULL ) {
		
		if (isset($replytocom)) {
			$replytocom = mysql_real_escape_string($replytocom);
			(preg_match("/^[0-9]+$/", $replytocom)) ? '' : $replytocom = 0;
		} else
			$replytocom = 0;
			
		return '		
			<br/><div id="respond">   
				<h3>Your Response<a name="add"></a></h3>
				<form action="?'.$_SERVER['QUERY_STRING'].'" method="post"> 
					<fieldset>
						<p>
							<label for="author">Name</label>
							<input type="text" name="author" id="author" size="22" tabindex="1" class="input" value=""/>
						</p>
						<p>
							<label for="email">E-mail</label>
							<input type="text" name="email" id="email" size="22" tabindex="1" class="input" value=""/>
						</p>
						<p>
							<label for="comment">Comment</label>
							<textarea class="mceNoEditor" name="comment" id="comment" rows="4" cols="40" tabindex="4"></textarea> 
						</p>
						<br class="clear" />
						<div id="cancel-comment-reply"><a rel="nofollow" id="cancel-comment-reply-link" href="#respond" style="display:none;">Cancel</a></div>
						<input name="submit" type="submit" id="submit" tabindex="5" value="Submit Comment" />
						<input type="hidden" name="comment_post_ID" value="'.$id.'" id="comment_post_ID" />
						<input type="hidden" name="comment_parent" id="comment_parent" value="'.$replytocom.'" />
					</fieldset> 
				</form> 
			</div>
		';
	}
	
	public function validation( $moderation ) {
		
		/* Setup some variables/arrays */
		$this->action['result'] = null;
		$text = array();
		
		/* Cleanup the variables */
		/* Prevent mysql injection */
		$comment_post_id = $_POST['comment_post_ID'];
		$comment_parent = $_POST['comment_parent'];
		$author = mysql_real_escape_string($_POST['author']);
		$email = mysql_real_escape_string($_POST['email']);
		$comment = mysql_real_escape_string($_POST['comment']);
		
		/* Quick/simple validation */
		if(empty($author)){ $this->action['result'] = 'error'; array_push($text,'Please fill the author field'); }
		if(!preg_match("/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/", $email)) { $this->action['result'] = 'error'; array_push($text,'Invalid email'); }
		if(empty($comment)){ $this->action['result'] = 'error'; array_push($text,'Your comment is too short!'); }
		
		if($this->action['result'] != 'error'){
			/* This would be a nice place to start customizing - the default user */
			/* You can integrate it to any site and show a different username. */
			
			if ($moderation) {
				$accepted = 0;
			} else {
				$accepted = 1;
			}
			
			$addon = "";
			if ($comment_parent)
				$addon = ", parent_id = ".$comment_parent;
			mysql_query("INSERT INTO comments SET accepted = ".$accepted.", author = '".$author."', email = '".$email."', comment = '".$comment."', created_at = NOW(), post_id = ".$comment_post_id."".$addon);
		}
		
		$this->action['text'] = $text;
		return $this->show_errors($this->action,$moderation);
		
	}
	
	private function show_errors( $action, $moderation ){
		
		$error = false;
		
		if (!empty($action['result'])) {
			$error = "<div class=\"notification error\"><div>";
			if(is_array($action['text']) ){
				/* Loop out each error */
				foreach ($action['text'] as $text)
					$error .= "$text"."<br />";
			} else
				/* Single error */
				$error .= "$action[text]";
			$error .= "</div></div>\n";
		} else
			$error = "<br/><div class=\"notification success\"><div>".(($moderation) ? 'Your comment is awaiting moderation!' : 'Your comment has been posted!')."</div></div>\n";
		return $error;
		
	}

}
?>
Return current item: ArticleSetup