Location: PHPKode > projects > BNews Multiple Site News System > bNews/comments.php
<?
// This file is totally oblivious of most outside settings. the only thing it needs to know is
// $id, which is passed to it from the outside. This doesnt include setup.inc.php, so heres that:

$setup = 'setup.inc.php';

$dateform = 'm/d/y';
$timeform = 'g:i A';

// DO NOT EDIT BELOW THIS LINE
// ---------------------------

if ($a == '') { $a = 'display'; }

require_once($setup);

if ($a == 'post') {
	require_once($base_path . $include_path . 'bCode.php');
	$bcode = new bCode;
	
	if ($form['id'] == '') { die ('Error: No newsid specified'); }
	if ($form['username'] == '') { die ('The username field was blank.'); }
	if ($form['password'] == '') { die ('The password field was blank.'); }
	if ($form['comment'] == '') { die ('The comment field was blank.'); }
	
	// Connect to mysql
	if ($mysql['link'] == '') {
		$mysql['link'] = mysql_connect($mysql['host'],$mysql['user'],$mysql['pass'])
			or die('MYSQL - Unable to connect.. check username and password in bNews setup.inc.php');
		mysql_select_db($mysql['database'])
			or die('MYSQL - Unable to select database "' . $mysql['database'] . '"');
	}

	init_g_users();
	
	if ($uid = login($form['username'],$form['password'])) {
		list($check) = mysql_quick('SELECT count(id) FROM ' . $mysql['table_pre'] . 'news WHERE id = \'' . $form['id'] . '\'');
		if ($check) {
			// check for banned
			list($perm) = mysql_quick('SELECT p.permissions FROM ' . $mysql['table_pre'] . 'news n, ' . $mysql['table_pre'] . 'permissions p WHERE n.id = \'' . $form['id'] . '\' AND n.site_id = p.site_id AND p.user_id = \'' . $uid . '\'');
			list($g_admin) = mysql_quick('SELECT globaladmin FROM ' . $mysql['table_pre'] . 'users WHERE id = \'' . $uid . '\'');
			if (($perm === '0') && ($g_admin != '1')) die ('You are banned from commenting.');
			
			$query = 'INSERT INTO ' . $mysql['table_pre'] . 'comments (news_id,user_id,comment,ip,time) VALUES (\'' . $form['id'] . '\', \'' . $uid . '\', \'' . $bcode->encode(htmlspecialchars($form['comment'])) . '\', \'' . $_SERVER['REMOTE_ADDR'] . '\', \'' . time() . '\')';
			$result = mysql_query($query)
				or die('Error posting comment: error 1');
			$query = 'UPDATE ' . $mysql['table_pre'] . 'news SET comments=comments+1 WHERE id = \'' . $form['id'] . '\'';
			$result = mysql_query($query)
				or die('Error posting comment: error 2');
		}
	}
	else { die('Invalid username/password'); }
	
	$id = $form['id'];
	$a = 'display';
}

if ($a == 'display') {
	if ($id == '') { die ('Error: No newsid specified'); }

	// the timer class
	require_once($base_path . $include_path . 'bTimer.php');

	// Instantiate timer
	$timer = new Timer; $timer->start();

	// Connect to mysql
	if ($mysql['link'] == '') {
		$mysql['link'] = mysql_connect($mysql['host'],$mysql['user'],$mysql['pass'])
			or die('MYSQL - Unable to connect.. check username and password in bNews setup.inc.php');
		mysql_select_db($mysql['database'])
			or die('MYSQL - Unable to select database "' . $mysql['database'] . '"');
	}

	// grab the news
	$query = 'SELECT n.site_id, c.special, n.id, n.comments as num_comments, n.title, n.time, n.content, u.user as poster, u.email, u.showemail, c.name as cat_name, c.id as cat_id FROM ' . $mysql['table_pre'] . 'news n, ' . $mysql['table_pre'] . 'users u, ' . $mysql['table_pre'] . 'cat c WHERE c.id = n.cat_id AND n.user_id = u.id AND n.id = \'' . $id . '\'';
	$result = mysql_query($query)
		or die('Error displaying comments: error 1');

	if (!mysql_num_rows($result)) { die('Error displaying comments: news not found with that ID'); }

	$news = mysql_fetch_assoc($result);
	// format news
	// get newsdate
	$date = date('Ymd',$row['time']);
	// format time
	$news['date'] = date($dateform,$news['time']);
	$news['time'] = date($timeform,$news['time']);
	// format email
	if ($news['showemail'] == '1' && $news['email'] != '') { $news['poster'] = '<a href="mailto:' . $news['email'] . '">' . $news['poster'] . '</a>'; }
	// setup cases for tpl
	if ($news['special']) { $news['case'] = $news['cat_name']; }
	else { $news['case'] = 'default'; }
	// change stuff for output
	$news['content'] = nl2br($news['content']);

	// grab the tpl
	$query = 'SELECT template FROM ' . $mysql['table_pre'] . 'sites WHERE id = \'' . $news['site_id'] . '\'';
	$result = mysql_query($query)
		or die('Error displaying comments: error 2');

	list ($tpl) = mysql_fetch_row($result);

	if ($tpl == '') { die('Error displaying news: Site does not have a template. Please use the Template Editor to create a template for this site.'); }

	// grab the comments
	$query = 'SELECT c.id, u.user, c.comment, c.time FROM ' . $mysql['table_pre'] . 'comments c, ' . $mysql['table_pre'] . 'users u WHERE c.news_id = \'' . $id . '\' AND u.id = c.user_id ORDER BY c.time';
	$result = mysql_query($query);

	$comments = '';

	// nullify <mainpage> tagsets if they exist
	while ((strpos($tpl,'<mainpage>')) && (strpos($tpl,'</mainpage>'))) {
		$tpl = replace_tags('<mainpage>','</mainpage>','',$tpl);
	}

	// if there are any comments
	if (@mysql_num_rows($result)) {
		
		// grab the bcomment tagset
		$com_tpl = get_btw_tags('<bcomment>','</bcomment>',$tpl);
		
		// for each row, replace the right tags
		while ($row = mysql_fetch_assoc($result)) {
			$comments .= str_replace(
								array(
									'<tag:poster />',
									'<tag:content />',
									'<tag:id />',
									'<tag:date />',
									'<tag:time />'
									),
								array(
									$row['user'],
									nl2br($row['comment']),
									$row['id'],
									date($dateform,$row['time']),
									date($timeform,$row['time'])
									),
									$com_tpl
									);
		}
	}

	// put this processed data where the old tags were
	$tpl = replace_tags('<bcomment>','</bcomment>',$comments,$tpl);

	// newsviewing vars
	$open = '<bnews>';
	$close = '</bnews>';
	$co = '<category:';
	$co2 = '>';
	$cc = '</category:';
	$cc2 = '>';
	$do = '<date>';
	$dc = '</date>';
	$iho = '<itemheader>';
	$ihc = '</itemheader>';
	$ifo = '<itemfooter>';
	$ifc = '</itemfooter>';
	$to = '<tag:';
	$tc = ' />';

	$ihead = get_btw_tags($iho,$ihc,$tpl);
	$ifoot = get_btw_tags($ifo,$ifc,$tpl);

	$output .= $ihead . str_replace (
	array(
		$to.'title'.$tc,
		$to.'time'.$tc,
		$to.'content'.$tc,
		$to.'poster'.$tc,
		$to.'cat_name'.$tc,
		$to.'date'.$tc,
		$to.'id'.$tc,
		$to.'num_comments'.$tc),
	array(
		$news['title'],
		$news['time'],
		$news['content'],
		$news['poster'],
		$news['cat_name'],
		$news['date'],
		$news['id'],
		$news['num_comments']),
	get_btw_tags(
		$co.$news['case'].$co2,
		$cc.$news['case'].$cc2,
		$tpl)
	) . $ifoot;

	$tpl = replace_tags($open,$close,$output,$tpl);
	
	$tpl = str_replace($to.'nid'.$tc,$id,$tpl);
	$tpl = str_replace($to.'base_path_web'.$tc,$base_path_web,$tpl);


	// End the timer
	$timer->finish();
		
	print (str_replace($to.'timer'.$tc,$timer->getTime(),$tpl));
}

?>
Return current item: BNews Multiple Site News System