<?php
/*----------------------------------------------------------
LySite
Brad Landis (hide@address.com)
Copyright (C) 2005 Brad Landis
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU General
Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public
License along with this program; if not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth
Floor, Boston, MA 02110-1301, USA.
----------------------------------------------------------*/
require("includes.php");
$subtitle = "Comments";
if(isset($_GET['song']) && can_post()) {
$iconlist[] = "<form action='comments.php'><input type='hidden' name='song' value='$_GET[song]'><button type='submit' name='post' title='Add Comment'><img src='icon/comment_add.jpg'><span>Add Comment</span></button></form>";
}
if(isset($_POST['post']) && can_post()) {
if(isset($_POST['comment_id']) && is_admin_user()) {
$query = "UPDATE comments SET comment='$_POST[comment]' WHERE comment_id='$_POST[comment_id]' LIMIT 1";
$log_title = "Comment Edited";
} else {
$query = "INSERT INTO comments SET comment='$_POST[comment]',lid='$_POST[song]',date=NOW(),user_id='".get_user_id()."'".(!text_is_clean($_POST['comment'])?",reported_by='1'":"");
$log_title = "Comment Added";
}
if(mysql_query($query)) {
log_event($log_title,null,"comments.php?comment_id=".($_POST['comment_id']?$_POST['comment_id']:mysql_insert_id()));
header("Location: songs.php?song=$_POST[song]");
} else trigger_error(mysql_error());
} else if(isset($_POST['delete']) && is_admin_user()) {
$query = "DELETE FROM comments WHERE comment_id='$_POST[comment_id]' LIMIT 1";
if(mysql_query($query)) {
log_event("Comment Deleted",null,null);
header("Location: comments.php?song=$_POST[song]¬ice=".urlencode("Comment deleted."));
} else {
trigger_error(mysql_error());
}
} else if(isset($_POST['report'])) {
if($_POST['report'] == "Unreport" && is_admin_user()) {
$query = "UPDATE comments SET reported_by=NULL WHERE comment_id='$_POST[comment_id]' LIMIT 1";
$log_title = "Comment Unreported";
} else {
$query = "UPDATE comments SET reported_by='".get_user_id()."' WHERE comment_id='$_POST[comment_id]' LIMIT 1";
$log_title = "Comment Reported";
}
if(mysql_query($query)) {
header("Location: songs.php?song=$_POST[song]¬ice=".urlencode("Comment reported."));
} else trigger_error(mysql_error());
$message = "A new message has been reported. View it at ".SITE_URL."/comments.php?comment_id=$_POST[comment_id] .";
log_event($log_title,null,"comments.php?comment_id=$_POST[comment_id]");
email_updates("A comment has been reported",$message,EM_ADMIN_ONLY);
}
include("header.php");
if(isset($_GET['post']) && can_post()) {
if($_GET['post'] != 'Preview') {
echo "<h2>Posting Guidlines:</h2>
<ul><li>Please try to keep your comments positive and uplifting. No cussing. No criticism that is not constructive please.
<li>It is advised to use proper english.
<li>Make sure your comment has something to do with the song.
</ul>\n";
} else {
echo "<h2>Preview</h2>\n";
echo "<div class='comment'>".get_user_fullname(get_user_id())." (".date("M-j-Y g:i").")\n";
echo "<div class='comment_body'>".nl2br(stripslashes($_GET['comment']))."</div>\n";
echo "</div>\n";
}
echo "<form action='comments.php'".($_GET['post'] == 'Preview' || (isset($_GET['comment_id']) && is_admin_user())?" method='post'":"").">\n<fieldset><legend>Posting a New Comment</legend>\n<input type='hidden' name='song' value='$_GET[song]'>\n";
if(isset($_GET['comment_id']) && is_admin_user()) {
$query = "SELECT * FROM comments WHERE comment_id='$_GET[comment_id]' LIMIT 1";
if($results = mysql_query($query)) {
if(mysql_num_rows($results) > 0)
$comment = mysql_fetch_assoc($results);
} else {
trigger_error(mysql_error());
}
echo "<input type='hidden' name='comment_id' value='$_GET[comment_id]'>\n";
echo "<p><label for='comment'>Comment:</label><br>\n<textarea type='text' name='comment' cols='50' rows='8'>$comment[comment]</textarea>\n";
} else {
echo "<p><label for='comment'>Comment:</label><br>\n<textarea type='text' name='comment' cols='50' rows='8'>".stripslashes($_GET['comment'])."</textarea>\n";
}
echo "<p>";
if(!isset($_GET['comment_id']) && $_GET['post'] != 'Preview') {
echo "<input type='submit' name='post' value='Preview'>\n";
}
if($_GET['post'] == 'Preview' || (isset($_GET['comment_id']) && is_admin_user())) {
echo "<input type='submit' name='post' value='Submit'>\n";
}
echo "</fieldset></form>\n";
} else if(isset($_GET['comment_id']) || isset($_GET['song'])) {
if(isset($_GET['comment_id'])) {
$query = "SELECT * FROM comments WHERE comment_id='$_GET[comment_id]' LIMIT 1";
} else if(isset($_GET['song'])) {
echo "<h2>Comments for ".get_song_title($_GET['song'])."</h2>\n";
$query = "SELECT * FROM comments WHERE lid='$_GET[song]' ".(is_admin_user()?"":"AND reported_by IS NULL ")."ORDER BY date DESC";
}
if($results = mysql_query($query)) {
if(mysql_num_rows($results) > 0) {
while($line = mysql_fetch_assoc($results)) {
echo "<div class='comment'".($line['reported_by'] != NULL?" style='background: #dbb;'":"")."><div style='float:right;'>".($line['reported_by']!=NULL && is_admin_user() ?"<a href='comments.php?comment_id=$line[comment_id]&song=$_GET[song]&report=unreport'>Unreport</a>":"<a href='comments.php?comment_id=$line[comment_id]&report=' title='If this post has offensive comments, please report it.'>Report</a>")."</div>".get_user_fullname($line['user_id'])." (".date("M-j-Y g:i",strtotime($line['date'])).")";
if(is_admin_user()) {
echo "<form action='comments.php' method='get' style='margin: 0px; padding: 3px 2px 1px;'><input type='hidden' name='comment_id' value='$line[comment_id]'><input type='hidden' name='song' value='$line[lid]'>\n";
echo "<input type='submit' name='post' value='Edit'>\n<input type='submit' name='delete' value='Delete'></form>\n";
}
echo "<div class='comment_body'>".nl2br($line['comment'])."</div>";
echo "</div>\n";
}
} else {
echo "No comments found";
}
} else {
trigger_error(mysql_query());
}
if(mysql_num_rows($results)==1) {
if(isset($_GET['report'])) {
echo "<p>Are you sure you want to ".($_GET['report']=="unreport"&&is_admin_user()?"un":"")."report this comment?</p>\n";
echo "<form action='comments.php' method='post'>\n<input type='hidden' name='comment_id' value='$_GET[comment_id]'>\n<input type='hidden' name='song' value='$_GET[song]'>\n";
echo "<input type='submit' name='report' value='".($_GET['report']=="unreport"&&is_admin_user()?"Unreport":"Report")."'>\n<button type='button' onclick='history.back()'>No</button>\n";
echo "</form>\n";
} else if(isset($_GET['delete']) && is_admin_user()) {
echo "<p>Are you sure you want to delete this comment?</p>\n";
echo "<form action='comments.php' method='post'>\n<input type='hidden' name='comment_id' value='$_GET[comment_id]'>\n<input type='hidden' name='song' value='$_GET[song]'>\n";
echo "<input type='submit' name='delete' value='Delete'>\n<button type='button' onclick='history.back()'>No</button>\n";
echo "</form>\n";
}
}
} else {
$query = "SELECT count(*) AS num,lyrics.* FROM comments LEFT JOIN lyrics USING(lid) WHERE lyrics.lid IS NOT NULL ".(is_admin_user()?"":"AND reported_by IS NULL ")."GROUP BY comments.lid ORDER BY date DESC";
if($results = mysql_query($query)) {
echo "<h2>Comments</h2>\n";
if(mysql_num_rows($results) > 0) {
while($line = mysql_fetch_assoc($results)) {
echo "<a href='songs.php?song=$line[lid]'>$line[title]</a> - <a href='comments.php?song=$line[lid]'>$line[num] comment".($line['num']>1?"s":"")."</a><br>\n";
}
} else {
echo "None";
}
} else {
trigger_error(mysql_error());
}
}
include("footer.php");
?>