Location: PHPKode > projects > GENU > GENU-2012.3/comments/add.php
<?php
// -----------------------------------------------------------------------
//
// $Id: add.php 178 2012-03-30 15:29:37Z raoul $
//
// Copyright (C) 2003-2012 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
//
// -----------------------------------------------------------------------
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// -----------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['COMMENTS_ADD_TITLE']);

// User logged ?
if ($_SESSION['user_id'] != 0)
{
    // Add or preview forms ?
    if (isset($_POST['add_comment']) || isset($_POST['preview_comment']))
    {
        $error = '';
        if (!trim($_POST['comment_subject']))
        {
            $error .= $lang['NO_COMMENT_SUBJECT'];
        }
        if (!trim($_POST['comment_text']))
        {
            $error .= $lang['NO_COMMENT_TEXT'];
        }
        // Anti-flood
        $sql->query('SELECT MAX(comment_creation) AS last_comment
                     FROM ' . TABLE_COMMENTS . '
                     WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
        $table_comments = $sql->fetch();
        if ($table_comments['last_comment'] >= (time() - $settings['posts_interval']))
        {
            $error .= sprintf($lang['COMMENTS_ADD_ERROR1'], $settings['posts_interval']);
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            $comment_subject = chars2entities($_POST['comment_subject'], ENT_QUOTES);
            if ($settings['allow_html'] == 0)
            {
                $comment_text = chars2entities($_POST['comment_text'], ENT_QUOTES);
            }
            else
            {
                $comment_text = do_html($_POST['comment_text']);
            }
            $temp = $comment_text;
            $comment_text = make_clickable($comment_text);
            $comment_text = do_bbcodes($comment_text);
            if ($settings['allow_smilies'] != 0)
            {
                $comment_text = do_smilies($comment_text);
            }
            // Preview form
            if (isset($_POST['preview_comment']))
            {
                $date_format = get_date_format();
                $date_offset = get_date_offset();
                $comment_creation = date($date_format, (time() + $date_offset));
                // Comment (HTML)
                $comment_subject = stripslashes($comment_subject);
                $comment_text = stripslashes($comment_text);
                $comment_text = undo_escape_sequences($comment_text);
                // Form
                $comment_text2 = stripslashes($temp);
                if ($settings['allow_html'] == 0)
                {
                    $html_support = $lang['HTML_DISABLED'];
                }
                else
                {
                    $html_support = $lang['HTML_ENABLED'];
                }
                $template->set_file('preview', 'comments/preview.htpl');
                $template->set_var(array('ADD' => $lang['ADD'],
                                         'BACK_HOME' => $lang['BACK_HOME'],
                                         'COMMENT_RELEASE' => sprintf($lang['COMMENTS_ADD_RELEASE'], $_SESSION['user_id'], $users['user_name'], $comment_creation),
                                         'COMMENT_SUBJECT' => $comment_subject,
                                         'COMMENT_TEXT' => $comment_text,
                                         'COMMENT_TEXT2' => $comment_text2,
                                         'COMMENTS_ADD_HEADER' => $lang['COMMENTS_ADD_HEADER'],
                                         'FORM_COMMENT_SUBJECT' => $lang['FORM_COMMENT_SUBJECT'],
                                         'FORM_COMMENT_TEXT' => $lang['FORM_COMMENT_TEXT'],
                                         'HTML_SUPPORT' => $html_support,
                                         'NEWS_ID' => $_POST['news_id'],
                                         'PREVIEW' => $lang['PREVIEW'],
                                         'SMILIES_LIST' => get_smilies_list(0),
                                         'USER_AVATAR' => $users['user_avatar']));
                if (empty($_POST['story_id']))
                {
                    $template->set_var(array('COMMENT_SUBJECT2' => '<input type="text" name="comment_subject" size="25" maxlength="128" value="' . $comment_subject . '" />&nbsp;<span class="asterisk">*</span>',
                                             'HIDDEN_STORY' => '',
                                             'HIDDEN_SUBJECT' => ''));
                }
                else
                {
                    $template->set_var(array('COMMENT_SUBJECT2' => '<span style="font-weight: bold">' . $comment_subject . '</span>',
                                             'HIDDEN_STORY' => '<input type="hidden" value="' . $_POST['story_id'] . '" name="story_id" />',
                                             'HIDDEN_SUBJECT' => '<input type="hidden" value="' . $comment_subject . '" name="comment_subject" />'));
                }
                $template->parse('preview');
            }
            // Add form
            else
            {
                $sql->query('INSERT INTO ' . TABLE_COMMENTS . ' (news_id, user_id, comment_subject, comment_text, comment_creation)
                             VALUES (\'' . $_POST['news_id'] . '\', \'' . $_SESSION['user_id'] . '\', \'' . $comment_subject . '\', \'' . $comment_text . '\', \'' . time() . '\')');
                $id = $sql->insert_id();
                // Start a story
                if (empty($_POST['story_id']))
                {
                    $sql->query('UPDATE ' . TABLE_COMMENTS . '
                                 SET story_id = \'' . $id . '\'
                                 WHERE comment_id = \'' . $id . '\'');
                }
                // Add comment to story
                else
                {
                    $sql->query('UPDATE ' . TABLE_COMMENTS . '
                                 SET story_id = \'' . $_POST['story_id'] . '\'
                                 WHERE comment_id = \'' . $id . '\'');
                }
                $sql->query('UPDATE ' . TABLE_NEWS . '
                             SET news_comments = news_comments + 1
                             WHERE news_id = \'' . $_POST['news_id'] . '\'');
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_comments = user_comments + 1, user_ip = \'' . $_SERVER['REMOTE_ADDR'] . '\'
                             WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
                // Redirect to start of story
                if (empty($_POST['story_id']))
                {
                    success_template($lang['COMMENTS_ADD_SUCCESS'], './../comments/index.php?news_id=' . $_POST['news_id']);
                }
                // Redirect to complete story
                else
                {
                    success_template($lang['COMMENTS_ADD_SUCCESS'], './../comments/index.php?news_id=' . $_POST['news_id'] . '&story_id=' . $_POST['story_id']);
                }
            }
        }
    }
    else
    {
        error_template($lang['COMMENTS_ADD_ERROR2']);
    }
}
else
{
    error_template($lang['COMMENTS_ADD_ERROR3']);
}

page_footer();

?>
Return current item: GENU