Location: PHPKode > projects > H-tracker > reqcomment.php
<?
//
//  H-Tracker v0.2
//    http://h-tracker.org
//    Based on TorrentTrader (http://www.torrenttrader.org)
//
//
include("backend/functions.php");
include("backend/bbcode.php");


dbconn();
loggedinonly();
$action = $_GET["action"];   

if ($action == "add")
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$reqid = (int)$_POST["tid"];
if (!is_valid_id($reqid))
show_error_msg("Error", "Wrong ID $reqid.",1);

$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or die (mysql_error());
$arr = mysql_fetch_array($res);
if (!$arr)
show_error_msg("Error", "No request with ID $reqid.",1);

$text = trim($_POST["msg"]);
if (!$text)
show_error_msg("Error", "Don't leave any fields blank!",1);

mysql_query("INSERT INTO comments (user, req, added, text, ori_text) VALUES (" . $CURUSER["id"] . ",$reqid, '" . get_date_time() . "', " . sqlesc($text) . "," . sqlesc($text) . ")") or die (mysql_error());

$newid = mysql_insert_id();

mysql_query("UPDATE requests SET comments = comments + 1 WHERE id = $reqid");
header("Refresh: 0; url=reqdetails.php?id=$reqid&viewcomm=$newid#comm$newid");
exit();
}

$reqid = (int)$_GET["tid"];
if (!is_valid_id($reqid))
show_error_msg("Error", "Wrong ID $reqid.",1);

$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or die (mysql_error());
$arr = mysql_fetch_array($res);
if (!$arr)
show_error_msg("Error", "Wrong ID $reqid.",1);

stdhead("Add comment to \"" . $arr["request"] . "\"");
begin_frame("Add a request comment");

print("<h1>Add comment to \"" . htmlspecialchars($arr["request"]) . "\"</h1>\n");
print("<p><form name=\"Form\" method=\"post\" action=\"reqcomment.php?action=add\">\n");
print("<input type=\"hidden\" name=\"tid\" value=\"$reqid\"/>\n");
print("".textbbcode("Form","msg").""); 

print("<p><input type=\"submit\" class=lbutton value=\"Add!\" /></p></form>\n");
 
$res = mysql_query("SELECT comments.id, text, comments.added, username, users.id as user, users.avatar FROM comments LEFT JOIN users ON comments.user = users.id WHERE req = $reqid ORDER BY comments.id DESC LIMIT 5");

$allrows = array();
while ($row = mysql_fetch_array($res))
$row[] = $row;

if (count($allrows)) {
print("<h2>Last comments in reverse order.</h2>\n");
commenttable($row);
}

end_frame();
stdfoot();
die;
}
elseif ($action == "edit")
{
$commentid = (int)$_GET["cid"];
if (!is_valid_id($commentid))
show_error_msg("Error", "Wrong ID $commentid.",1);
$res = mysql_query("SELECT c.*, o.request FROM comments AS c JOIN requests AS o ON c.req = o.id WHERE c.id=$commentid") or die (mysql_error());

$arr = mysql_fetch_array($res);
if (!$arr)
show_error_msg("Error", "Wrong ID $commentid.",1);

if ($arr["user"] != $CURUSER["id"] && get_user_class($CURUSER) < 5)
show_error_msg("Error", "Access denied.",1);

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$text = $_POST["msg"];
$returnto = $_POST["returnto"];

if ($text == "")
show_error_msg("Error", "Don't leave any fields blank!",1);

$text = sqlesc($text);

$editedat = sqlesc(get_date_time());

mysql_query("UPDATE comments SET text=$text, editedby=$CURUSER[id], editedat=$editedat WHERE id=$commentid") or die
(mysql_error());

if ($returnto)
header("Location: $returnto");
else
header("Location: $site_config[SITEURL]/"); // change later ----------------------

die;
}

stdhead("Edit comment for \"" . $arr["request"] . "\"");
begin_frame("Edit comment for \"" . $arr["request"] . "\"");
print("<form name=Form method=\"post\" action=\"reqcomment.php?action=edit&amp;cid=$commentid\">\n");
print("<input type=\"hidden\" name=\"returnto\" value=\"" . $_SERVER["HTTP_REFERER"] . "\" />\n");
print("<input type=\"hidden\" name=\"cid\" value=\"$commentid\" />\n");
print("".textbbcode("Form","msg",$content=$arr["text"])."");
print("<p><input type=\"submit\" class=btn value=\"Edit!\" /></p></form>\n");

end_frame();
stdfoot();
die;
}
elseif ($action == "delete")
{
if (get_user_class($CURUSER) < 5)
show_error_msg("Error", "Access denied.",1);

$commentid = (int)$_GET["cid"];

if (!is_valid_id($commentid))
show_error_msg("Error", "Invalid ID $commentid.",1);

$sure = $_GET["sure"];

if (!$sure)
{
show_error_msg("Delete comment", "You`re about to delete this comment. Click " . "<a href=?action=delete&cid=$commentid&sure=1".">here</a> if you're sure.");
}


$res = mysql_query("SELECT req FROM comments WHERE id=$commentid") or die (mysql_error());
$arr = mysql_fetch_array($res);
if ($arr)
$reqid = $arr["req"];

mysql_query("DELETE FROM comments WHERE id=$commentid") or die (mysql_error());
if (mysql_affected_rows() > 0)
mysql_query("UPDATE requests SET comments = comments - 1 WHERE id = $reqid");

$returnto = (int)$_GET["returnto"];

if ($returnto)
header("Location: $returnto");
else
autolink("reqdetails.php?id=$reqid","Your Comment was deleted successfully.",0);   // change later ----------------------
die;
}
elseif ($action == "vieworiginal")
{
if (get_user_class() < 5)
show_error_msg("Error", "Access denied.",1);
$commentid = (int)$_GET["cid"];

if (!is_valid_id($commentid))
show_error_msg("Error", "Invalid ID $commentid.",1);

$res = mysql_query("SELECT c.*, t.request FROM comments AS c JOIN requests AS t ON c.req = t.id WHERE c.id=$commentid") or die (mysql_error());
$arr = mysql_fetch_array($res);
if (!$arr)
show_error_msg("Error", "Invalid ID $commentid.",1);

stdhead("Original");
begin_frame("View Original Post");
print("<h1>Original content of comment #$commentid</h1><p>\n");
print("<table width=500 border=1 cellspacing=0 cellpadding=5>");
print("<tr><td class=comment>\n");
echo htmlspecialchars($arr["ori_text"]);
print("</td></tr></table>\n");

$returnto = $_SERVER["HTTP_REFERER"];

if ($returnto)
print("<p><font size=small>(<a href=$returnto>Back</a>)</font></p>\n");
end_frame();
stdfoot();
die;
}
else
show_error_msg("Error", "Unknown action $action",1);
die;
?>
Return current item: H-tracker