Location: PHPKode > projects > LySite > lysite/comments.php
<?php
/*----------------------------------------------------------

       LySite
       Brad Landis (hide@address.com)

   Copyright (C) 2005 Brad Landis

   This program is free software; you can redistribute it
   and/or modify it under the terms of the GNU General
   Public License as published by the Free Software
   Foundation; either version 2 of the License, or (at your
   option) any later version.

   This program is distributed in the hope that it will be
   useful, but WITHOUT ANY WARRANTY; without even the
   implied warranty of MERCHANTABILITY or FITNESS FOR A
   PARTICULAR PURPOSE.  See the GNU General Public License
   for more details.
   
   You should have received a copy of the GNU General Public
   License along with this program; if not, write to the
   Free Software Foundation, Inc., 51 Franklin Street, Fifth
   Floor, Boston, MA  02110-1301, USA.

----------------------------------------------------------*/
require("includes.php");
$subtitle = "Comments";

if(isset($_GET['song']) && can_post()) {
		$iconlist[] = "<form action='comments.php'><input type='hidden' name='song' value='$_GET[song]'><button type='submit' name='post' title='Add Comment'><img src='icon/comment_add.jpg'><span>Add Comment</span></button></form>";
}

if(isset($_POST['post']) && can_post()) {
	if(isset($_POST['comment_id']) && is_admin_user()) {
		$query = "UPDATE comments SET comment='$_POST[comment]' WHERE comment_id='$_POST[comment_id]' LIMIT 1";
		$log_title = "Comment Edited";
	} else {
		$query = "INSERT INTO comments SET comment='$_POST[comment]',lid='$_POST[song]',date=NOW(),user_id='".get_user_id()."'".(!text_is_clean($_POST['comment'])?",reported_by='1'":"");
		$log_title = "Comment Added";
	}
	if(mysql_query($query)) {
		log_event($log_title,null,"comments.php?comment_id=".($_POST['comment_id']?$_POST['comment_id']:mysql_insert_id()));
		header("Location: songs.php?song=$_POST[song]");
	} else trigger_error(mysql_error());
} else if(isset($_POST['delete']) && is_admin_user()) {
	$query = "DELETE FROM comments WHERE comment_id='$_POST[comment_id]' LIMIT 1";
	if(mysql_query($query)) {
		log_event("Comment Deleted",null,null);
		header("Location: comments.php?song=$_POST[song]&notice=".urlencode("Comment deleted."));
	} else {
		trigger_error(mysql_error());
	}
} else if(isset($_POST['report'])) {
	if($_POST['report'] == "Unreport" && is_admin_user()) {
		$query = "UPDATE comments SET reported_by=NULL WHERE comment_id='$_POST[comment_id]' LIMIT 1";
		$log_title = "Comment Unreported";
	} else {
		$query = "UPDATE comments SET reported_by='".get_user_id()."' WHERE comment_id='$_POST[comment_id]' LIMIT 1";
		$log_title = "Comment Reported";
	}
	if(mysql_query($query)) {
		header("Location: songs.php?song=$_POST[song]&notice=".urlencode("Comment reported."));
	} else trigger_error(mysql_error());
	$message = "A new message has been reported. View it at ".SITE_URL."/comments.php?comment_id=$_POST[comment_id] .";
	log_event($log_title,null,"comments.php?comment_id=$_POST[comment_id]");
	email_updates("A comment has been reported",$message,EM_ADMIN_ONLY);
}

include("header.php");

if(isset($_GET['post']) && can_post()) {
	if($_GET['post'] != 'Preview') {
		echo "<h2>Posting Guidlines:</h2>
		<ul><li>Please try to keep your comments positive and uplifting. No cussing. No criticism that is not constructive please.
		<li>It is advised to use proper english.
		<li>Make sure your comment has something to do with the song.
		</ul>\n";
	} else {
		echo "<h2>Preview</h2>\n";
		echo "<div class='comment'>".get_user_fullname(get_user_id())." (".date("M-j-Y g:i").")\n";
		echo "<div class='comment_body'>".nl2br(stripslashes($_GET['comment']))."</div>\n";
		echo "</div>\n";
	}
	
	echo "<form action='comments.php'".($_GET['post'] == 'Preview' || (isset($_GET['comment_id']) && is_admin_user())?" method='post'":"").">\n<fieldset><legend>Posting a New Comment</legend>\n<input type='hidden' name='song' value='$_GET[song]'>\n";
	if(isset($_GET['comment_id']) && is_admin_user()) {
		$query = "SELECT * FROM comments WHERE comment_id='$_GET[comment_id]' LIMIT 1";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) > 0)
				$comment = mysql_fetch_assoc($results);
		} else {
			trigger_error(mysql_error());
		}
		echo "<input type='hidden' name='comment_id' value='$_GET[comment_id]'>\n";
		echo "<p><label for='comment'>Comment:</label><br>\n<textarea type='text' name='comment' cols='50' rows='8'>$comment[comment]</textarea>\n";
	} else {
		echo "<p><label for='comment'>Comment:</label><br>\n<textarea type='text' name='comment' cols='50' rows='8'>".stripslashes($_GET['comment'])."</textarea>\n";
	}
	echo "<p>";
	if(!isset($_GET['comment_id']) && $_GET['post'] != 'Preview') {
		echo "<input type='submit' name='post' value='Preview'>\n";
	}
	if($_GET['post'] == 'Preview' || (isset($_GET['comment_id']) && is_admin_user())) {
		echo "<input type='submit' name='post' value='Submit'>\n";
	}
	echo "</fieldset></form>\n";
} else if(isset($_GET['comment_id']) || isset($_GET['song'])) {
	if(isset($_GET['comment_id'])) {
		$query = "SELECT * FROM comments WHERE comment_id='$_GET[comment_id]' LIMIT 1";
	} else if(isset($_GET['song'])) {
		echo "<h2>Comments for ".get_song_title($_GET['song'])."</h2>\n";
		$query = "SELECT * FROM comments WHERE lid='$_GET[song]' ".(is_admin_user()?"":"AND reported_by IS NULL ")."ORDER BY date DESC";
	}
	if($results = mysql_query($query)) {
		if(mysql_num_rows($results) > 0) {
			while($line = mysql_fetch_assoc($results)) {
				echo "<div class='comment'".($line['reported_by'] != NULL?" style='background: #dbb;'":"")."><div style='float:right;'>".($line['reported_by']!=NULL && is_admin_user() ?"<a href='comments.php?comment_id=$line[comment_id]&song=$_GET[song]&report=unreport'>Unreport</a>":"<a href='comments.php?comment_id=$line[comment_id]&report=' title='If this post has offensive comments, please report it.'>Report</a>")."</div>".get_user_fullname($line['user_id'])." (".date("M-j-Y g:i",strtotime($line['date'])).")";
				if(is_admin_user()) {
					echo "<form action='comments.php' method='get' style='margin: 0px; padding: 3px 2px 1px;'><input type='hidden' name='comment_id' value='$line[comment_id]'><input type='hidden' name='song' value='$line[lid]'>\n";
					echo "<input type='submit' name='post' value='Edit'>\n<input type='submit' name='delete' value='Delete'></form>\n";
				}
				echo "<div class='comment_body'>".nl2br($line['comment'])."</div>";
				echo "</div>\n";
			}
		} else {
			echo "No comments found";
		}
	} else {
		trigger_error(mysql_query());
	}
	if(mysql_num_rows($results)==1) {
		if(isset($_GET['report'])) {
			echo "<p>Are you sure you want to ".($_GET['report']=="unreport"&&is_admin_user()?"un":"")."report this comment?</p>\n";
			echo "<form action='comments.php' method='post'>\n<input type='hidden' name='comment_id' value='$_GET[comment_id]'>\n<input type='hidden' name='song' value='$_GET[song]'>\n";
			echo "<input type='submit' name='report' value='".($_GET['report']=="unreport"&&is_admin_user()?"Unreport":"Report")."'>\n<button type='button' onclick='history.back()'>No</button>\n";
			echo "</form>\n";
		} else if(isset($_GET['delete']) && is_admin_user()) {
			echo "<p>Are you sure you want to delete this comment?</p>\n";
			echo "<form action='comments.php' method='post'>\n<input type='hidden' name='comment_id' value='$_GET[comment_id]'>\n<input type='hidden' name='song' value='$_GET[song]'>\n";
			echo "<input type='submit' name='delete' value='Delete'>\n<button type='button' onclick='history.back()'>No</button>\n";
			echo "</form>\n";
		}
	}
} else {
	$query = "SELECT count(*) AS num,lyrics.* FROM comments LEFT JOIN lyrics USING(lid) WHERE lyrics.lid IS NOT NULL ".(is_admin_user()?"":"AND reported_by IS NULL ")."GROUP BY comments.lid ORDER BY date DESC";
	if($results = mysql_query($query)) {
		echo "<h2>Comments</h2>\n";
		if(mysql_num_rows($results) > 0) {
			while($line = mysql_fetch_assoc($results)) {
				echo "<a href='songs.php?song=$line[lid]'>$line[title]</a> - <a href='comments.php?song=$line[lid]'>$line[num] comment".($line['num']>1?"s":"")."</a><br>\n";
			}
		} else {
			echo "None";
		}
	} else {
		trigger_error(mysql_error());
	}
}

include("footer.php");
?>
Return current item: LySite