Location: PHPKode > projects > Ramui forum script > forum-script/gb/user/include/clscomment.php
<?php
/*
Copyright (c) 2012 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class comment extends clslogin
{
private function save_comment($id='')
{
        $pid=(int)$_POST['pid'];
		if($id){$query=sprintf("SELECT tc.updated FROM ".PREFIX."comments tc LEFT JOIN ".PREFIX."post tp ON tc.pid = tp.id LEFT JOIN ".PREFIX."forum tf ON tp.fid = tf.id WHERE tp.locked <> 'Y' AND tp.publish = 'Y' AND tf.locked <> 'Y' AND tf.publish = 'Y' AND tc.publish = 'Y' AND tc.id = %u",$id);}
		else{$query=sprintf("SELECT tp.id FROM ".PREFIX."post tp LEFT JOIN ".PREFIX."forum tf ON tp.fid = tf.id WHERE tp.locked <> 'Y' AND tp.publish = 'Y' AND tf.locked <> 'Y' AND tf.publish = 'Y' AND tp.id = %u",$pid);}
		$result=@mysql_query($query);
		$num_rows=@mysql_num_rows($result);
		if(empty($num_rows)){exit;}
		$row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if((!$this->site['allowedit'])&&($row['updated']<(time()-900))&&($id)){echo '<span style="color:red; background-color:white;">Sorry! this board doesn\'t allow you to edit your post</span>';exit;}
		if((empty($_SESSION['fw_captcha_code']))||(md5($_POST['fw_captcha_code'])!==($_SESSION['fw_captcha_code']))){
            echo '<span style="color:red; background-color:white;">Error! wrong verification code. Please try again.</span>';
            exit;}
		$title=trim(fw_strip_slashes(rawurldecode($_POST["title"])));
		$title=htmlspecialchars(fw_remove_smarttag($title));
		$comment=fw_strip_slashes(rawurldecode(trim($_POST["comment"])));
		$comment=fw_remove_smarttag($comment);
		$autolink=(empty($_POST["autolink"])? 0 : 1);
		$s=fw_linkcount($comment,$autolink);
		if($s>$this->site['linkperpost']){echo '<span style="color:red">Error! Maximum '.$this->site['linkperpost'].' URL allowed</span>';exit;}
		$comment_text=fw_bb2text($comment);
		$dt=time();
		$publish=(($this->site['approval']=='A')? 'Y':'');
		$max_size=$this->site['postsize'];
		if((strlen($comment)>$max_size)||(strlen($title)>80)){echo '<span style="color:red; background-color:white;">Unespected error! Please try again.</span>';exit;}
		if(empty($id)){$query=sprintf("INSERT INTO ".PREFIX."comments(title, pid, uid, comment, autolink, publish, updated, date) VALUES ('%s', %d, %d, '%s', '$autolink', '$publish', $dt, $dt)",mysql_real_escape_string($title),$pid,$this->uid,mysql_real_escape_string($comment));			}
		else{$query=sprintf("UPDATE ".PREFIX."comments SET title = '%s', comment = '%s', autolink = $autolink, updated = $dt WHERE id = %d AND uid = %d",mysql_real_escape_string($title),mysql_real_escape_string($comment),$id,$this->uid);}
		@mysql_query($query);
		if(empty($id)){
			$new=true;
			$id=mysql_insert_id();
			$edit=$id.'<>';
			$query=sprintf("INSERT INTO ".PREFIX."search(title, cid, pid, uid, publish, body) VALUES ('%s', %d, %d, %d, '$publish', '%s')",mysql_real_escape_string($title),$id,$pid,$this->uid,mysql_real_escape_string($comment_text));}
		else{$query=sprintf("UPDATE ".PREFIX."search SET title = '%s', body = '%s', pid = %d WHERE cid = %d",mysql_real_escape_string($title),mysql_real_escape_string($comment_text),$pid,$id);}
		@mysql_query($query);
		echo $edit.'<span style="color:green; background-color:white;">'.((($this->site['approval']=='A')||(empty($new)))? 'Your message has been successfully posted':'Your message is waiting for approval').'</span>';
		exit;
}
private function add_comment($pid)
{
		$query=sprintf("SELECT id, title FROM ".PREFIX."post WHERE id = %d AND locked <> 'Y'",$pid);
		$result=@mysql_query($query);
		$num=@mysql_num_rows($result);
		if($num<1){@header("LOCATION: index.php");exit;}
		$row = @mysql_fetch_array($result, MYSQL_ASSOC);
		$row['title']=substr('Re: '.$row['title'],0,80);
		$title='Add comment';
		$max=sprintf("%d",$this->site['postsize']);
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script>';
		$scriptfile.='<script type="text/javascript">var pid='.$pid.';var bbCodeEditorID="comment";var maxCodeLength='.$max.';</script>';
		$menu=$this->get_menu();
		include "include/head.php";
		include "include/add_comment.php";
		include "include/footer.html";
}
private function edit_comment($id)
{
		if(!($this->site['allowedit'])){@header("Location: index.php");exit;}
		$query=sprintf("SELECT tc.* FROM ".PREFIX."comments tc, ".PREFIX."post tp WHERE tc.id = %d AND tc.publish = 'Y' AND tc.uid = %d AND tp.publish = 'Y' AND tp.locked <> 'Y'",$id,$this->uid);
		$result=@mysql_query($query);
		$num=@mysql_num_rows($result);
        if($num<1){$loc='../../index.php';@header("Location: $loc");exit;}
		$row =@mysql_fetch_array($result, MYSQL_ASSOC);
		$title=$row['title'];
		$max=sprintf("%d",$this->site['postsize']);
		$menu=$this->get_menu();
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script><script type="text/javascript" src="../bbcode/bbcode.js"></script>';
		$scriptfile.='<script type="text/javascript">var cid='.$id.';var bbCodeEditorID="comment";var maxCodeLength='.$max.';</script>';
		include "include/head.php";
		include "include/add_comment.php";
		include "include/footer.html";
}

public function get_query($qur)
{
		if(($this->admin)&&($qur[1]=="3")){
			$loc="../admin/index.php?qur=9M1M".$qur[2];
			@header("Location: $loc");exit;
		}
		$message='';
		if($this->verify_user($message)){
			switch ($qur[1]){
				case "1":
					$this->add_comment($qur[2]);
				break;
				case "2":
					$this->save_comment($qur[2]);
				break;
				case "3":
					$this->edit_comment($qur[2]);
				break;
				case "5":
					$this->log_out();
				break;
				default:
					@header("Location: index.php");
			}
		}
		else{
			if($qur[1]!="2"){$this->log_in($message);}
		}
}
}
?>
Return current item: Ramui forum script