Location: PHPKode > projects > RAMUI WEBBLOG > fw_blog/admin/include/clscomments.php
<?php
/*
Copyright (c) 2008 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class comments extends clsmain
{

private function show_commentlist($page)
{
    $user=$_REQUEST['user'];
    $pagename=fw_strip_slashes($_REQUEST['pagename']);
    if(empty($user)){$user='%';}
    if(empty($pagename)){$pagename='%';}
    $this->build_head("Comments", "");
    $query= "SELECT id FROM ".$this->prefix."comments WHERE user LIKE '$user' AND pagename LIKE '$pagename'";
    $result = @mysql_query($query);
    $num_rows = @mysql_num_rows($result);
    if($num_rows <= 0){
          echo '<div style="margin:20px; font-size:14px;">No user comment available';
          if($user!=='%'){echo ' from <u>'.$user.'</u>';}
          if($pagename!=='%'){echo ' in page <u>'.$pagename.'</u>';}
          echo '!</div>';}
    else{
          $start_count=($page-1)*$this->list_perpage;
          $totalpage=fw_total_page($num_rows, $this->list_perpage);

          echo '<table id="list"><tr><td width="50%" style="background-color: #bbbbbb; color:#000000; border-right:1px solid #000000;"><b>Title</b></td><td width="25%" style="background-color: #bbbbbb; color:#000000; border-left:1px solid #000000; border-right:1px solid #000000;"><b>User</b></td><td width="25%" style="background-color: #bbbbbb; color:#000000; border-left:1px solid #000000;"><b>Date</b></td></tr>';
          $query="SELECT* FROM ".$this->prefix."comments WHERE user LIKE '$user' AND pagename LIKE '$pagename' ORDER BY id Desc LIMIT ".$start_count.", ".$this->list_perpage;
          $result = @mysql_query($query);
          while($row = @mysql_fetch_array($result, MYSQL_ASSOC))
          {
              echo '<tr onMouseOver="this.className=\'highlight\'" onMouseOut="this.className=\'normal\'">';
              echo (($row['publish']==='Y')? '<td>' : '<td style="background-color: #dddddd;">');
              echo '<a href="index.php?qur=9M1M'.$row['id'].'&pagename='.str_replace('%','',$pagename).'&user='.str_replace('%','',$user).'">'.$row['title'].'</a>';
              echo '</td><td><a href="index.php?qur=6M7M0&user='.$row['user'].'">'.$row['user'].'</a></td><td>'.date("M d, H:i", $row['date']).'</td></tr>';
          }

          echo '<tr><td colspan="3"><b>No. of pages:&nbsp;'.$totalpage.'</b>&nbsp;&nbsp;&nbsp;';
          $start=(($page>10)? $page-10 : 1);
          $end=(($totalpage<=21)? $totalpage : $start+20);
          echo(($page>1)? '<a href="index.php?qur=9M6M'.($page-1).'">Back</a>&nbsp;' : '<span style="color:#808080;">Back</span>&nbsp;');
          for($p=$start; $p<=$end; $p++){
               if($p==$page){echo '<span style="color:#808080;">['.$p.']</span>&nbsp;';}
               else{echo '[<a href="index.php?qur=9M6M'.$p.'">'.$p.'</a>]&nbsp;';}
          }
          echo(($page<$totalpage)? '<a href="index.php?qur=9M6M'.($page+1).'">Next</a>&nbsp;' : '<span style="color:#808080;">Next</span>&nbsp;');
          echo '</td></tr></table>';}
    echo '</div>';
    $this->build_footer();
}

private function show_edit($comment_number)
{
        $user=$_REQUEST['user'];
        $pagename=fw_strip_slashes($_REQUEST['pagename']);
        if(empty($user)){$user='%';}
        if(empty($pagename)){$pagename='%';}

        $this->build_head("Comment".$comment_number,"script/comment.js");
        echo '<table id="menu"><tr><td><a href="index.php?qur=9M6M1&pagename='.str_replace('%','',$pagename).'&user='.str_replace('%','',$user).'">comments</a></td><td><a href="javascript:fw_delete_page(\'9M2M'.$comment_number.'&pagename='.str_replace('%','',$pagename).'&user='.str_replace('%','',$user).'\')">Delete</a></td>';
        $query="SELECT id FROM ".$this->prefix."comments WHERE user LIKE '$user' AND pagename LIKE '$pagename' AND id < $comment_number ORDER BY id DESC LIMIT 1";
        $result= @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(!(empty($row['id']))){echo '<td><a href="index.php?qur=9M1M'.$row['id'].'&pagename='.str_replace('%','',$pagename).'&user='.str_replace('%','',$user).'">Previous Comment</a></td>';}
        $query="SELECT id FROM ".$this->prefix."comments WHERE user LIKE '$user' AND pagename LIKE '$pagename' AND id > $comment_number ORDER BY id ASC LIMIT 1";
        $result= @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(!(empty($row['id']))){echo '<td><a href="index.php?qur=9M1M'.$row['id'].'&pagename='.str_replace('%','',$pagename).'&user='.str_replace('%','',$user).'">Next Comment</a></td>';}
        echo '<td><a href="index.php?qur=9M3M'.$comment_number.'&pagename='.str_replace('%','',$pagename).'&user='.str_replace('%','',$user).'">';
        $query="SELECT* FROM ".$this->prefix."comments WHERE id = ".$comment_number;
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        echo (($row['publish']=='Y')? 'Block' : 'Publish');
        echo '</a></td></tr></table>';

        include 'include/editcomments.php';
        $this->build_footer();
}


public function get_query($query)
{

//get comments.
    if ((!(empty($_GET['get_comment'])))&&($_GET['get_comment']=='true')){
       $this->receive_comment();
       return;
    }

if ($this->validate_user()){
      switch ($query[1]) {
          case "1":
              $this->show_edit($query[2]);
          break;
          case "2":
              $this->delete_comment($query[2]);
          break;
          case "3":
              $this->publish_comment($query[2]);
          break;
          case "4":
              $this->edit_comment($query[2]);
          break;
          case "5":
              $this->log_out();
          break;
          case "6":
              $this->show_commentlist($query[2]);
          break;
          default :
              $this->show_commentlist(1);
      }
}
else {if($query[1]!="4"){$this->log_in();}}
}

private function delete_comment($comment_number)
{
        $query = "DELETE FROM ".$this->prefix."comments  WHERE id = $comment_number";
        @mysql_query($query);
        $user=$_REQUEST['user'];
        $pagename=fw_strip_slashes($_REQUEST['pagename']);
        @header("Location: index.php?qur=9M6M1&pagename=$pagename&user=$user");
}

private function publish_comment($comment_number)
{
        $query="SELECT publish FROM ".$this->prefix."comments WHERE id = $comment_number";
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        $publish=(($row['publish']=='Y')? '' : 'Y');
        $query="UPDATE ".$this->prefix."comments SET publish = '$publish' WHERE id = $comment_number";
        @mysql_query($query);
        $user=$_REQUEST['user'];
        $pagename=fw_strip_slashes($_REQUEST['pagename']);
        $loc="Location: index.php?qur=9M1M".$comment_number."&pagename=$pagename&user=$user";
        header($loc);
}

private function edit_comment($comment_number)
{
        $pagename=trim(rawurldecode($_REQUEST["pagename"]));
        $title=trim(fw_add_slashes(rawurldecode($_REQUEST["title"])));
        $comment=htmlentities(trim(fw_add_slashes(rawurldecode($_REQUEST["comment"]))),ENT_QUOTES);
        $query="UPDATE ".$this->prefix."comments SET title = '$title', comment = '$comment', pagename = '$pagename' WHERE id = $comment_number";
        if(!(@mysql_query($query))){echo 'error';}
        else{echo 'success';}
}

private function receive_comment()
{
        $pageinf=htmlentities(trim(rawurldecode($_POST["referer"])));
        if(empty($pageinf)){exit;}
        $table=((substr($pageinf,0,4)==='post')? 'postinf' : 'pageinf');
        $id=round(substr($pageinf,4));
        $query="SELECT pagename FROM ".$this->prefix.$table." WHERE id = $id";
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(empty($row['pagename'])){
             echo '<span style="color:red; font-size:12px;">Unable to accept comment at this moment. Please try again later.</span>';
             exit;}
        $pagename=$row['pagename'];

        if(!(bin2hex($_SESSION['user_verification'])===bin2hex($_POST['user_verification']) && !empty($_POST['user_verification']))){
             echo '<span style="color:red; font-size:12px;">Wrong verification code! Please try again.</span>';
             exit;}
        $title=htmlentities(trim(fw_add_slashes(rawurldecode($_POST["title"]))));
        $comment=htmlentities(trim(fw_add_slashes(rawurldecode($_POST["comment"]))),ENT_QUOTES);
        $user=htmlentities(trim(fw_strip_slashes(rawurldecode($_POST["user"]))));
        $email=htmlentities(trim(fw_strip_slashes(rawurldecode($_POST["from"]))));
        $website=htmlentities(trim(fw_add_slashes(rawurldecode($_POST["website"]))));
        $dt=time();
        if(empty($user)||empty($email)||empty($comment)){exit;}
        if(!fw_validate_user($user,$email)){exit;}
        if(empty($title)){$title='No title';}
        if(!empty($_POST['remember'])){setcookie('fw_user', $user.'||'.$email, time()+60*60*24*30*12,'/');}
        else{setcookie('fw_user','',time()-3600,'/');}

        $query=sprintf("SELECT id, level FROM ".$this->prefix."user WHERE user = '%s' AND email = '%s'",mysql_real_escape_string($user),mysql_real_escape_string($email));
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(!(empty($row['id']))){
             if($row['level']<1){
               echo '<span style="color:red; font-size:12px;">Sorry! you have been banned from this site</span>';
               exit;}}
        if(empty($row['id'])){
             $query=sprintf("SELECT id FROM ".$this->prefix."user WHERE user = '%s'",mysql_real_escape_string($user));
             $result = @mysql_query($query);
             $row = @mysql_fetch_array($result, MYSQL_ASSOC);
             if(!empty($row['id'])){
                  echo '<span style="color:red; font-size:12px;">Username already exist. Please use different user name.</span>';
                  exit;}
             $query=sprintf("SELECT id FROM ".$this->prefix."user WHERE email = '%s'",mysql_real_escape_string($email));
             $result = @mysql_query($query);
             $row = @mysql_fetch_array($result, MYSQL_ASSOC);
             if(!empty($row['id'])){
                  echo '<span style="color:red; font-size:12px;">Another user using this email id. Please use different one.</span>';
                  exit;}
             $query = "INSERT INTO ".$this->prefix."user(user, email, website, level, date) VALUES ('$user', '$email', '$website', 9, $dt)";
             if(!(@mysql_query($query))){
                  echo '<span style="color:red; font-size:12px;">Unable to accept comment at this moment. Please try again later.</span>';
                  exit;}
        }
        $query = "INSERT INTO ".$this->prefix."comments(pagename, user, title, comment, date) VALUES ('$pagename', '$user', '$title', '$comment', $dt)";
        unset($_SESSION['comment_verification']);
        if(!(@mysql_query($query))){echo '<span style="color:red; font-size:12px;">Unable to accept comment at this moment. Please try again later.</span>';}
        else{echo '<span style="color:green; font-size:12px;">Your comment is waiting for approval. Thank you.<br /><a href="javascript:window.close();"><b>Close this window</b></a>.</span>';}
}
}
?>
Return current item: RAMUI WEBBLOG