Location: PHPKode > projects > Spam free PHP GuestBook > guestbook/gb/admin/include/clscomments.php
<?php
/*
Copyright (c) 2008 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class comments extends clsmain
{
private function show_commentlist($page,$uid,$pid,$sortColumn,$sortDirection)
{
        $search='';
        $sortDir=((empty($sortDirection))? 'Desc' : 'Asc');
		$sort_arr=array('tc.id','tc.title','tc.date');
        $sortCol=$sort_arr[$sortColumn];
        if(!empty($_GET['SearchFileString'])){$search=htmlspecialchars(fw_strip_slashes($_GET['SearchFileString']));}
        $this->build_head("Comment list", "");
		$query="SELECT id FROM ".$this->prefix."comments WHERE ";
		if(!empty($uid)){$query.="uid = $uid AND ";}
		if(!empty($pid)){$query.="pid = $pid AND ";}
		$query.="title LIKE '%%%s%%'";
        $result = @mysql_query(sprintf($query,mysql_real_escape_string($search)));
        $num_rows = @mysql_num_rows($result);
        $start_count=($page-1)*$this->list_perpage;
        $totalpage=fw_total_page($num_rows, $this->list_perpage);
		$query ="SELECT tc.id, tc.uid, tc.pid, tc.title, tc.date, tc.publish, tu.user FROM ";
		$query.=$this->prefix."comments tc LEFT JOIN ".$this->prefix."user tu ON tc.uid=tu.id WHERE ";
		if(!empty($uid)){$query.="tc.uid = $uid AND ";}
		if(!empty($pid)){$query.="tc.pid = $pid AND ";}
		$query.="tc.title LIKE '%%%s%%' ";
		$query.="ORDER BY $sortCol $sortDir LIMIT ".$start_count.", ".$this->list_perpage;
		$query=sprintf($query,mysql_real_escape_string($search));
        echo '<table id="list"><tr><td width="66%" class="heading" style="border-left:1px solid #888888;">';
		echo '<a href="index.php?qur=9M6M1M'.$uid.'M'.$pid.'M1M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
		echo '<a href="index.php?qur=9M6M1M'.$uid.'M'.$pid.'M1M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Title</td>';
		echo '<td width="8%" class="heading" style="text-align:center;">User</td>';
		echo '<td width="12%" class="heading" style="text-align:center;">Post</td>';
		echo '<td width="14%" class="heading" style="border-right:#888888;">';
		echo '<a href="index.php?qur=9M6M1M'.$uid.'M'.$pid.'M2M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
		echo '<a href="index.php?qur=9M6M1M'.$uid.'M'.$pid.'M2M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Modified</td></tr>';
		echo '<tr><td colspan="4"><a title="Remove filter" href="index.php?qur=9M">Comment list:</a></td></tr>';
        $result = @mysql_query($query);
        while($row = @mysql_fetch_array($result, MYSQL_ASSOC))
        {
            echo '<tr onMouseOver="this.className=\'highlight\'" onMouseOut="this.className=\'normal\'">';
			$src='<img title= "Pending approval" src="images/unpublished.gif" alt="U" />';$class='pending';
			if($row['publish']==='Y'){$src='<img title="Approved" src="images/approved.gif" alt="P" />';$class='approved';}
            echo '<td>'.$src.'<a class="'.$class.'" href="index.php?qur=9M1M'.$row['id'].'">'.$row['title'].'</a></td>';
			echo '<td><a href="../../index.php?pid='.$row['pid'].'" target="_blank">View post</a></td>';
			echo '<td style="text-align:center;"><a href="index.php?qur=3M7M'.$row['uid'].'">'.$row['user'].'</a></td>';
            echo '<td>'.date("M d, H:i", $row['date']).'</td></tr>';
        }
        echo '<tr><td colspan="4"><b>No. of pages:&nbsp;'.$totalpage.'</b>&nbsp;&nbsp;&nbsp;';
        $start=(($page>10)? $page-10 : 1);
        $end=(($totalpage<=21)? $totalpage : $start+20);
        echo(($page>1)? '<a href="index.php?qur=9M6M'.($page-1).'M'.$uid.'M'.$pid.'M'.$sortColumn.'M'.$sortDirection.'&SearchFileString='.$search.'">Back</a>&nbsp;' : '<span style="color:#808080;">Back</span>&nbsp;');
        for($p=$start; $p<=$end; $p++){
             if($p==$page){echo '<span style="color:#808080;">['.$p.']</span>&nbsp;';}
             else{echo '[<a href="index.php?qur=2M6M'.$p.'M'.$uid.'M'.$pid.'M'.$sortColumn.'M'.$sortDirection.'&SearchFileString='.$search.'">'.$p.'</a>]&nbsp;';}
        }
        echo(($page<$totalpage)? '<a href="index.php?qur=9M6M'.($page+1).'M'.$uid.'M'.$pid.'M'.$sortColumn.'M'.$sortDirection.'&SearchFileString='.$search.'">Next</a>&nbsp;' : '<span style="color:#808080;">Next</span>&nbsp;');
        echo '</td></tr>';
        echo '<tr><td colspan="4" style="background:#e0e0e0; padding-bottom:0;">';
        echo '<form name="frmSearchList" style="float:right; margin:0; color:#000000;" onSubmit="return fw_search(\'index.php?qur=9M6M1M0M0M0\');">';
        echo 'Search file:&nbsp;<input name="txtSearch" style="padding-left:5px; width:180px; font-size:11px; color:#666666;" type="text" value="';
        echo (($search=='')? 'Type few characters...' : $search);
        echo '" size="20" onclick="fw_cleartext(this,\'Type few characters...\');">&nbsp;<input name="Submit" type="button" style="width:80px; font-size:11px; color:#333333;" value="Search" onClick="fw_search(\'index.php?qur=9M6M1M0M0M0\');"></form></td></tr></table>';
        echo '</div>';
        $this->build_footer();
}

private function show_edit($cid)
{
        $query=sprintf("SELECT tc.*, tu.user FROM ".$this->prefix."comments tc, ".$this->prefix."user tu WHERE tc.uid=tu.id AND tc.id = %d",$cid);
        $result= @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		$submit=sprintf("%d,%d",$this->site['commentsize'],$this->site['imagecount']);
		$preview=sprintf("%d,%d,%d,%d",$this->site['commentsize'],$this->site['imagewidth'],$this->site['imageheight'],$this->site['imagecount']);
		$this->build_head("Comment: ".$cid,'<script type="text/javascript" src="script/comment.js"></script><script type="text/javascript" src="../preview/preview.js"></script>');
        include 'include/editcomments.php';
        $this->build_footer();
}


public function get_query($query)
{
if ($this->validate_user()){
      switch ($query[1]) {
          case "1":
              $this->show_edit($query[2]);
          break;
          case "2":
              $this->delete_comment($query[2]);
          break;
          case "3":
              $this->publish_comment($query[2]);
          break;
          case "7":
              $this->edit_comment($query[2]);
          break;
          case "5":
              $this->log_out();
          break;
          case "6":
              $this->show_commentlist($query[2],$query[3],$query[4],$query[5],$query[6]);
          break;
          default :
              $this->show_commentlist(1,0,0,0,0);
      }
}
else {if(($query[1]==6)||($query[1]==1)||empty($query[1])){$this->log_in();}}
}

private function delete_comment($comment_number)
{
        $query = sprintf("DELETE FROM ".$this->prefix."comments  WHERE id = %d",$comment_number);
        @mysql_query($query);
        @header("Location: index.php?qur=9M");
}

private function publish_comment($comment_number)
{
        $query="SELECT publish FROM ".$this->prefix."comments WHERE id = $comment_number";
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if($row['publish']=='Y'){$response='Publish'; $publish='';}
		else{$response='Block'; $publish='Y';}
        $query="UPDATE ".$this->prefix."comments SET publish = '$publish' WHERE id = $comment_number";
        if(@mysql_query($query)!=false){echo $response;}
        exit;
}

private function edit_comment($id)
{
		$title=trim(fw_strip_slashes(rawurldecode($_POST["title"])));
		$title=fw_remove_smarttag($title);
		$comment=fw_strip_slashes(rawurldecode(trim($_POST["comment"])));
		$comment=fw_remove_smarttag($comment);
		$autolink=(isset($_POST["autolink"])? 'Y' : '');
		$dt=time();
		$query="UPDATE ".$this->prefix."comments SET title = '%s', comment = '%s', autolink = '$autolink', date = $dt WHERE id = %d";
		$query=sprintf($query,mysql_real_escape_string($title),mysql_real_escape_string($comment),$id);
		if(!(@mysql_query($query))){echo '<span style="color:red;">Error: '.mysql_error().'</span>';}
		else{echo '<span style="color:green;">Data has been successfully updated</span>';}
		exit;
}
}
?>
Return current item: Spam free PHP GuestBook