Location: PHPKode > projects > EBA-News > admin/comments.php
<?php

// -------------------------------------------------------------
//
// FILENAME		: comments.php
// COPYRIGHT	: © 2003, 2004, 2005, 2006 Espen Andersson
// WWW				: http://ebascripts.com/
//
// -------------------------------------------------------------

define('ADMIN_DIR', './');

include_once ADMIN_DIR . 'includes/page_start.php';
include_once ADMIN_DIR . 'includes/top.php';

// Only administrators are welcome
if ($_SESSION['sess_user_level'] < 3) {
	$auth->not_authorized();
}

$expectedVars->check_get(array('act', 'id', 'do', 'page', 'sort', 'spam'));
$expectedVars->check_post(array('delete', 'name', 'subject', 'comment', 'smilies', 'private', 'comment_name', 'comment_homepage', 'comment_text', 'articles', 'allbox', 'submit', 'display_spam', 'display_private', 'comment_gravatar'));

$id = isset($_GET['id']) ? number_input($_GET['id']) : 0;
$page = isset($_GET['page']) ? number_input($_GET['page'], 1) : 1;

echo '<div class="top"><div id="img">' . GenImage(ADMIN_DIR . 'templates/images/lang_' . LANGUAGE . '/top_administrate_comments.gif', lang('a_header_admin_comments')) . '</div></div>';

// Delete comment
if ( (isset($_GET['act'])) && ($_GET['act'] == 'delete') ) {
	// We are actually dealing with a comment
	if ( (isset($_POST['delete'])) && (is_array($_POST['delete'])) && (sizeof($_POST['delete']) > 0) ) {
		$query = 'DELETE FROM `' . COMMENTS_TABLE . '` WHERE ';

		foreach ($_POST['delete'] as $id) {
			$query .= ' `id` = \'' . $id . '\' OR';
		}

		$query = substr($query, 0, -3);
		$result = $sql_db->query($query, __FILE__, __LINE__);

		redirect('comments.php');
	}
}

/*
	Set comment to be private
*/

if ( (isset($_GET['act'])) && ($_GET['act'] == 'private') && ($id > 0) ) {
	$sql_db->query('UPDATE `' . COMMENTS_TABLE . '`
	  SET `private` = \'1\'
	  WHERE `id` = \'' . $id . '\'', __FILE__, __LINE__);

	$url = ($page != 0) ? 'comments.php?page=' . $page . '#id' . $id . '' : 'comments.php#id' . $id . '';

	redirect($url);
}

/*
	Set comment to be public
*/

if ( (isset($_GET['act'])) && ($_GET['act'] == 'public') && ($id > 0) ) {
	$sql_db->query('UPDATE `' . COMMENTS_TABLE . '`
	  SET `private` = \'0\'
	  WHERE `id` = \'' . $id . '\'', __FILE__, __LINE__);

	$url = ($page != 0) ? 'comments.php?page=' . $page . '#id' . $id . '' : 'comments.php#id' . $id . '';

	redirect($url);
}

// Update comment
if ( (isset($_GET['act'])) && ($_GET['act'] == 'update') && ($id > 0) ) {
	$name = !isset($_POST['comment_name']) || empty($_POST['comment_name']) ? 'NULL' : '\'' . sql_input($_POST['comment_name']) . '\'';
	$gravatar = !isset($_POST['comment_gravatar']) || empty($_POST['comment_gravatar']) ? 'NULL' : '\'' . sql_input($_POST['comment_gravatar']) . '\'';
	$homepage = !isset($_POST['comment_homepage']) || empty($_POST['comment_homepage']) ? 'NULL' : '\'' . sql_input($_POST['comment_homepage']) . '\'';
	$comment = !isset($_POST['comment_text']) || empty($_POST['comment_text']) ? 'NULL' : '\'' . sql_input($_POST['comment_text']) . '\'';

	/*
		This info comes from an array, but comments may only be connected
		to a single article, so we save the first selected article
	*/

	$object_id = isset($_POST['articles']) ? number_input($_POST['articles'][0]) : '';

	$sql_db->query('UPDATE `' . COMMENTS_TABLE . '`
	  SET `name` = ' . $name . ',
	  `gravatar` = ' . $gravatar . ',
	  `url` = ' . $homepage . ',
	  `comment` = ' . $comment . ',
	  `object_id` = ' . $object_id . '
	  WHERE `id` = \'' . $id . '\'', __FILE__, __LINE__);

	redirect('comments.php?page=' . $page);
}

$numrows = $sql_db->result($sql_db->query('SELECT COUNT(`id`) 
  AS `count`
  FROM `' . COMMENTS_TABLE . '`', __FILE__, __LINE__));

$start = $sideantall = 1;
$order_by = 'id';
$page_url = '';

if ($numrows == 0) {
	echo GenInfoBox('admininfo', lang('empty_table'));
} else {
	$page_number = ceil($numrows / ROWS_PER_PAGE);
	$start = ($page * ROWS_PER_PAGE) - ROWS_PER_PAGE;

	$order_by = order_by(isset($_GET['sort']), array('id', 'ip', 'name', 'date'));
	$page_url = isset($_GET['page']) ? '&amp;page=' . $page . '' : '';
}

$form_action = ( (isset($_GET['spam'])) && ($_GET['spam'] == 'true') ) ? 'comments.php?spam=false' : 'comments.php?spam=true';
$spam_checked = ( (isset($_GET['spam'])) && ($_GET['spam'] == 'true') ) ? 'checked="checked"' : '';
$form_action2 = ( (isset($_GET['private'])) && ($_GET['private'] == 'true') ) ? 'comments.php?private=false' : 'comments.php?private=true';
$private_checked = ( (isset($_GET['private'])) && ($_GET['private'] == 'true') ) ? 'checked="checked"' : '';

/*
	Loop page numbers ...
*/

if ($numrows > 0) {
	echo '<div id="page-number">' . GenImage(ADMIN_DIR . 'templates/images/page.gif', lang('select_page')) . ' <strong>' .
	  lang('select_page') . ':</strong> ' . generate_pagination('comments.php', $numrows, ROWS_PER_PAGE, $start)  . '</div>';
}

if ($numrows > 0) {
	$template = new Page(ADMIN_DIR . 'templates/comments_top.tpl');
	$template->replace_tags(array('PAGE' => $page_url));
	$template->output_page();

	$result = $sql_db->query('SELECT *
	  FROM `' . COMMENTS_TABLE . '`
	  ORDER BY \'' . $order_by . '\'
	  DESC LIMIT ' . $start . ', ' . ROWS_PER_PAGE, __FILE__, __LINE__);

	while ($row = $sql_db->fetch_object($result)) {
		$template = new Page(ADMIN_DIR . 'templates/comments_middle.tpl');

		$page_url = ($page > 0) ? '&amp;page=' . $page : '';

		$news_title = $sql_db->result($sql_db->query('SELECT `title`
		  FROM `' . ARTICLES_TABLE . '`
		  WHERE `id` = \'' . $row->object_id . '\'', __FILE__, __LINE__));

		$private = $spam = '';

		if ($row->private == 1) {
			$private = 'private';
		} elseif ($row->spam == 1) {
			if ($row->private == 0) {
				$spam = 'spam';
			}
		}

		if ($row->private == 1) {
			$public_link = '<a href="' . ADMIN_DIR . 'comments.php?act=public&amp;id=' . $row->id . $page_url . '">' . lang('a_comments_public') . '</a>';
			$private_link = lang('a_comments_private');
		} else {
			$public_link = lang('a_comments_public');
			$private_link = '<a href="' . ADMIN_DIR . 'comments.php?act=private&amp;id=' . $row->id . $page_url . '">' . lang('a_comments_private') . '</a>';
		}

		if ($row->spam == 1) {
			$spam_link = '<a href="' . ADMIN_DIR . 'comments.php?act=notspam&amp;id=' . $row->id . $page_url . '">' . lang('a_comments_not_spam') . '</a>';
		} else {
			$spam_link = '<a href="' . ADMIN_DIR . 'comments.php?act=spam&amp;id=' . $row->id . $page_url . '">' . lang('a_comments_spam') . '</a>';
		}

		$comment = print_ascii($row->comment);
		$comment = bbcode($comment);

		$comment = '<p>' . nl2para($comment) . '</p>';

		// Replace :smiley_text: with smilies
		if (DISABLE_SMILIES == 0) {
			// Replace :smiley_text: with smilies
			$result2 = $sql_db->query('SELECT `filename`, `smiley_text`
			  FROM `' . SMILIES_TABLE . '`', __FILE__, __LINE__);

			while ($row2 = $sql_db->fetch_object($result2)) {
				$comment = str_replace($row2->smiley_text, '<img src="' . ADMIN_DIR . 'templates/images/smilies/' . $row2->filename . '" />', $comment);
			}
		}

		if (DISABLE_GRAVATARS == 0) {
			if (isset($row->gravatar)) {
				$gravatar_url = 'http://www.gravatar.com/avatar.php?gravatar_id=' . md5($row->gravatar);
				$gravatar_url .= '&amp;default=' . urlencode(SITE_URL . 'templates/images/nogravatar.gif');
				$gravatar_url .= '&amp;size=' . GRAVATAR_SIZE;

				$gravatar = '<img src="' . $gravatar_url . '" height="' . GRAVATAR_SIZE . '" alt="" class="gravatar" />';
			} else {
				$gravatar = '';
			}
		} else {
			$gravatar = '';
		}

		$template->replace_tags(array(
		  'PRIVATE' => $private,
		  'SPAM' => $spam,
		  'ROW->id' => $row->id,
		  'DATE' => generate_date($row->date),
		  'SPAM_LINK' => $spam_link,
		  'ROW->comment' => fix_html_errors($comment),
		  'ROW->name' => print_ascii($row->name),
		  'ROW->ip' => $row->ip,
		  'ROW->url' => (remove_whitespace($row->url) != '') ? make_clickable($row->url) : '-',
		  'NEWS_TITLE' => lang('comment_belongs_to') . ' <strong>«' . $news_title . '»</strong>',
		  'GRAVATAR' => $gravatar,
		  'PUBLIC_LINK' => $public_link,
		  'PRIVATE_LINK' => $private_link,
		  'PAGE' => $page
		));

		$template->output_page();
	}

	$template = new Page(ADMIN_DIR . 'templates/comments_bottom.tpl');
	$template->output_page();

	if ($id > 0) {
		$result = $sql_db->query('SELECT `object_id`, `name`, `gravatar`, `url`, `comment`
		  FROM `' . COMMENTS_TABLE . '`
		  WHERE `id` = \'' . $id . '\'', __FILE__, __LINE__);

		$row = $sql_db->fetch_object($result);

		$template = new Page(ADMIN_DIR . 'templates/comments_edit.tpl');

		$template->replace_tags(array(
		  'COMMENT_NAME' => print_input_field($row->name),
		  'COMMENT_GRAVATAR' => $row->gravatar,
		  'COMMENT_HOMEPAGE' => $row->url,
		  'COMMENT_TEXT' => print_input_field($row->comment),
		  'ID' => $id,
		  'ARTICLE_DROPDOWN' => article_dropdown($row->object_id)
		));

		$template->output_page();
	}
}

include_once ADMIN_DIR . 'includes/bottom.php';

?>
Return current item: EBA-News