Location: PHPKode > projects > Horizon Blogging Software > admin/editcomment.php
<?php
$time_start = microtime(TRUE);
define('IN_HBS',TRUE);
include("../inc/include.php");
?>
<?php include("password_protect.php"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>HBS Administrative Control Panel</title>
</head>

<?php include ("default_style.css"); ?>

<body>
<div align="center"><img src="images/header.png" />
</div>
<table id="table" align="center">
<tr>
<td id="menu">
<?php include ("navigation.php"); ?>
</td>
<td id="content">

<table width="100%">
<tr>
  <td style="background-color:#FFFFD9; border: #FFFFB7 1px solid;">
  To edit a comment, click the hyper-link with the comment you want to edit. Otherwise, you can click the check box beside a certain comment, and then delete it.
<?php
db();
if (isset($_POST['edit'])) {
    $name = htmlspecialchars(strip_tags($_POST['name']));
    $email = htmlspecialchars(strip_tags($_POST['email']));
    $url = htmlspecialchars(strip_tags($_POST['url']));
    $comment = htmlspecialchars(strip_tags($_POST['comment']));
    $comment = nl2br($comment);
    $id = (int)$_POST['id'];

    if (!get_magic_quotes_gpc()) {
        $name = addslashes($name);
        $url = addslashes($url);
        $comment = addslashes($comment);
    }

    $result = mysql_query("UPDATE " . $mysql["db_prefix"] . "comments SET name='$name', email='$email', url='$url', comment='$comment' WHERE id='$id' LIMIT 1") or print ("Can't update comment.<br />" . $result . "<br />" . mysql_error());
    if ($result != false) {
       print "<p>The comment has successfully been edited!</p>";
    }
}

if (isset($_POST['multi_del']))
{
	foreach ($_POST['cdel_id'] as $id)
	{
		$result = mysql_query("DELETE FROM " . $mysql["db_prefix"] . "comments WHERE id='".(int)$id."' LIMIT 1") or print ("Can't delete comment.<br />" . $result . "<br />" . mysql_error());
	}
}

if(isset($_POST['delete'])) {
$id = (int)$_POST['id'];
     $result = mysql_query("DELETE FROM " . $mysql["db_prefix"] . "comments WHERE id='$id' LIMIT 1") or print ("Can't delete comment.<br />" . $result . "<br />" . mysql_error());
     if ($result != false) {
         print "<p>The comment has successfully been deleted!</p>";
     }
}

if (isset($_GET['id']) && !empty($_GET['id']) && is_numeric($_GET['id'])) {

$result = mysql_query ("SELECT * FROM " . $mysql["db_prefix"] . "comments WHERE id='$_GET[id]'") or print ("Can't select comment.<br />" . mysql_error());

while ($row = mysql_fetch_array($result)) {
      $old_name = stripslashes($row['name']);
      $old_email = $row['email'];
      $old_url = stripslashes($row['url']);
      $old_comment = stripslashes($row['comment']);
      $old_comment = str_replace('<br />', '', $old_comment);
}

?><center>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <p><input type="hidden" name="id" id="id" value="<?php echo $_GET['id']; ?>">
    <strong><label for="name">Name:</label></strong> <input type="text" name="name" id="name" size="40" value="<?php echo $old_name; ?>" /></p>
    <p><strong><label for="email">E-mail:</label></strong> <input type="text" name="email" id="email" size="40" value="<?php echo $old_email; ?>" /></p>
    <p><strong><label for="url">URL:</label></strong> <input type="text" name="url" id="url" size="40" value="<?php echo $old_url; ?>" /></p>
    <p><strong><label for="comment">Comment:<label></strong><br />
    <textarea cols="80" rows="20" name="comment" id="comment"><?php echo $old_comment; ?></textarea></p>
    <p><input type="submit" name="edit" id="edit" value="Save Changes"> <input type="submit" name="delete" id="delete" value="Delete Comment"> <input type="submit" value="Cancel"></p>
</form>
</center>
<?php

}
else {

$result = mysql_query("SELECT entry AS get_group FROM " . $mysql["db_prefix"] . "comments GROUP BY get_group DESC LIMIT 10") or print ("Can't select comments.<br />" . $result . "<br />" . mysql_error());
if (!(mysql_num_rows($result)>0))
{
	echo 'There are no comments posted to your blog';
}
else
{
while($row = mysql_fetch_array($result)) {
     $get_group = $row['get_group'];

     print '<form method="post"><input type="hidden" name="multi_del" value="TRUE" /><p>'."\n";

    $result2 = mysql_query("SELECT timestamp, title FROM " . $mysql["db_prefix"] . "main WHERE id='$get_group'");
    while($row2 = mysql_fetch_array($result2)) {
        $date = date("l F d Y",$row2['timestamp']);
        $title = stripslashes($row2['title']);
        print "<strong>" . $date . " - " . $title . "</strong>";
    }

    $result3 = mysql_query("SELECT * FROM " . $mysql["db_prefix"] . "comments WHERE entry='$get_group' ORDER BY timestamp DESC");
    while($row3 = mysql_fetch_array($result3)) {
        $id = $row3['id'];
        $name = stripslashes($row3['name']);
        $comment = stripslashes($row3['comment']);
        $date = date("l F d Y",$row3['timestamp']);

        if (strlen($comment) > 50 || strstr($comment, "<br />") || strstr($comment, "\n")) {
            $comment = substr($comment,0,50) . " ...";
            $comment = str_replace("<br />", "", $comment);
            $comment = str_replace("\n", " ", $comment);
        }

        print "<br /><input type=\"checkbox\" name=\"cdel_id[$id]\" value=\"$id\" /> <a href=\"editcomment.php?id=" . $id . "\">" . $comment . "</a> Comment by " . $name . " @  " . $date."\n";

    }
}
echo '</p><br /><input type="submit" name="submit" value="Delete Comment" /></form>';
}
}
mysql_close();

?>

</td>
</tr>
</table>

</td>
</table>
<?php include("footer.php");?>

</body>
</html>
Return current item: Horizon Blogging Software