Location: PHPKode > projects > Gnew > Gnew-2013.1/comments/add.php
<?php
// -----------------------------------------------------------------------------
// $Id: add.php 682 2013-03-28 14:17:41Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['COMMENTS_ADD']);

// Comments in news enabled?
if ($settings['news_commenting'] == 0)
{
    error_template($lang['ERROR_COMMENTING_DISABLED']);
}
// User logged?
elseif ($_SESSION['user_id'] > 0)
{
    // Add or preview forms?
    if (isset($_POST['add']) || isset($_POST['preview']))
    {
        $error = '';
        if (!trim($_POST['comment_subject']))
        {
            $error .= $lang['ERROR_NO_SUBJECT'];
        }
        if (!trim($_POST['comment_text']))
        {
            $error .= $lang['ERROR_NO_TEXT'];
        }
        // Anti-flood
        $sql->query('SELECT MAX(comment_creation) AS last_comment
                     FROM ' . TABLE_COMMENTS . '
                     WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
        $table_comments = $sql->fetch();
        if ($table_comments['last_comment'] >= (time() - $settings['comments_interval']))
        {
            $error .= sprintf($lang['ERROR_COMMENTS_INTERVAL'], $settings['comments_interval']);
        }
        // Story expiry
        if (!empty($_POST['story_id']))
        {
            $sql->query('SELECT MAX(comment_creation) AS last_comment
                         FROM ' . TABLE_COMMENTS . '
                         WHERE story_id = \'' . $_POST['story_id'] . '\'');
            $table_comments = $sql->fetch();
            if (($table_comments['last_comment'] + (60 * 60 * 24 * $settings['stories_expiry'])) < time())
            {
                $error .= sprintf($lang['ERROR_STORY_EXPIRY'], $settings['stories_expiry']);
            }
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            $comment_subject = utf8_entities($_POST['comment_subject']);
            if ($settings['allow_html'])
            {
                $comment_text2 = do_html($_POST['comment_text']);
            }
            else
            {
                $comment_text2 = utf8_entities($_POST['comment_text']);
            }
            $comment_text = $comment_text2;
            $comment_text2 = make_clickable($comment_text2);
            $comment_text2 = do_bbcodes($comment_text2);
            if ($settings['allow_emoticons'])
            {
                $comment_text2 = do_emoticons($comment_text2);
            }
            // Preview form
            if (isset($_POST['preview']))
            {
                // remove_form_data();
                $comment_text2 = undo_escape_sequences($comment_text2);
                if ($settings['allow_html'])
                {
                    $html_support = $lang['HTML_ENABLED'];
                }
                else
                {
                    $html_support = $lang['HTML_DISABLED'];
                }
                if (!empty($users['user_signature']))
                {
                    $user_signature = '<br />&#45;&#45;<br />' . $users['user_signature'];
                }
                else
                {
                    $user_signature = '';
                }
                $template->set_file('preview', 'comments/preview.htpl');
                $template->set_var(array('COMMENT_POSTED' => sprintf($lang['POSTED_BY'], $_SESSION['user_id'], $users['user_name'], format_date(time())),
                                         'COMMENT_SUBJECT' => $comment_subject,
                                         'COMMENT_TEXT' => $comment_text,
                                         'COMMENT_TEXT2' => $comment_text2,
                                         'EMOTICONS_LIST' => get_emoticons_list(0),
                                         'HTML_SUPPORT' => $html_support,
                                         'NEWS_ID' => $_POST['news_id'],
                                         'USER_AVATAR' => $users['user_avatar'],
                                         'USER_SIGNATURE' => $user_signature));
                if (!empty($_POST['comment_id']))
                {
                    $template->set_var('HIDDEN_COMMENT_ID', '<input type="hidden" name="comment_id" value="' . $_POST['comment_id'] . '" />');
                }
                if (!empty($_POST['story_id']))
                {
                    $template->set_var('HIDDEN_STORY_ID', '<input type="hidden" name="story_id" value="' . $_POST['story_id'] . '" />');
                }
                $template->parse('preview');
            }
            // Add form
            else
            {
                $sql->query('INSERT INTO ' . TABLE_COMMENTS . ' (news_id, user_id, comment_active, comment_subject, comment_text, comment_creation)
                             VALUES (\'' . $_POST['news_id'] . '\', \'' . $_SESSION['user_id'] . '\', \'1\', \'' . $comment_subject . '\', \'' . $comment_text2 . '\', \'' . time() . '\')');
                $id = $sql->insert_id();
                // Start a story
                if (empty($_POST['story_id']))
                {
                    $sql->query('UPDATE ' . TABLE_COMMENTS . '
                                 SET story_id = \'' . $id . '\'
                                 WHERE comment_id = \'' . $id . '\'');
                }
                // Add comment to the story
                else
                {
                    // reply_id = comment_id of the comment replied to
                    $sql->query('UPDATE ' . TABLE_COMMENTS . '
                                 SET story_id = \'' . $_POST['story_id'] . '\', reply_id = \'' . $_POST['comment_id'] . '\'
                                 WHERE comment_id = \'' . $id . '\'');
                }
                $sql->query('UPDATE ' . TABLE_NEWS . '
                             SET news_comments = news_comments + 1
                             WHERE news_id = \'' . $_POST['news_id'] . '\'');
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_comments = user_comments + 1
                             WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
                make_comments_feed();
                $GLOBALS['cache']->clean(TABLE_COMMENTS);
                $GLOBALS['cache']->clean(TABLE_NEWS);
                $GLOBALS['cache']->clean(TABLE_USERS);
                // Redirect to start of story
                if (empty($_POST['story_id']))
                {
                    success_template($lang['COMMENT_ADDED'], './../comments/index.php?news_id=' . $_POST['news_id']);
                }
                // Redirect to complete story
                else
                {
                    success_template($lang['COMMENT_ADDED'], './../comments/index.php?news_id=' . $_POST['news_id'] . '&story_id=' . $_POST['story_id']);
                }
            }
        }
    }
    else
    {
        error_template($lang['ERROR_NO_DATA']);
    }
}
else
{
    error_template($lang['ERROR_USER_OFFLINE']);
}

page_footer();

?>
Return current item: Gnew