Location: PHPKode > scripts > Particle Gallery > includes/functions_comments.php
<?php
function postcomments($imageid, $comments){
	global $db, $dbprefix, $usr, $config;
	
	$imageid = intval($imageid);
	if ($comments == ""){ return "No comments entered"; }
	$usr->Auth(1);
	
	// get image recordset
	$sql = "SELECT * FROM " . $dbprefix . "images WHERE imageid = " . dbSecure(intval($imageid));
	$img = $db->execute($sql);
	if ($img->rows < 1){ return "The image could not be found"; }
	
	// get album recordset
	$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . $img->fields["albumid"];
	$alb = $db->execute($sql);
	if ($alb->rows < 1){ return "The album could not be found"; }
	
	// validate lockage status
	if ($usr->Access < 2){
		if ($img->fields["status"] == 0){
			return "You cannot comment on a locked image";
		} elseif ($alb->fields["status"] == 0){
			return "You cannot comment on an image in a locked album";
		}
	}
	
	// get the user's profile
	$sql = "SELECT * FROM " . $dbprefix . "users WHERE userid = " . dbSecure(intval($_SESSION["userid"]));
	$use = $db->execute($sql);
	if ($use->rows < 1){ return "Your user account could not be found"; }
	
	// check for flood control
	$floodcontrol = intval($config["commentsfloodcontrol"]);
	$chk_time = (time() - $floodcontrol);
	if ($usr->Access < 2){
		// check flood control
		if ($use->fields["lastcomment"] > $chk_time){
			return "Flood control engaged as you have posted very recently. Please wait " . $floodcontrol . " seconds between posting.";
		}
	}
	
	// ok, insert the post
	$sql  = "INSERT INTO " . $dbprefix . "comments (imageid, userid, postdate, ipaddress, comments) VALUES (";
	$sql .= $img->fields["imageid"] . ", ";
	$sql .= $use->fields["userid"] . ", ";
	$sql .= time() . ", ";
	$sql .= "'" . dbSecure($_SERVER["REMOTE_ADDR"]) . "', ";
	$sql .= "'" . dbSecure($comments) . "')";
	$db->execute($sql);
	
	// log timestamp of comment in user's account
	$sql  = "UPDATE " . $dbprefix . "users SET ";
	$sql .= "lastcomment = " . time() . " ";
	$sql .= "WHERE userid = " . dbSecure(intval($_SESSION["userid"]));
	$db->execute($sql);
	
	// and return
	return "Comments posted successfully!";
}

function editcomments($commentid, $comments){
	global $db, $dbprefix, $usr;
	
	// standard validation
	$commentid = intval($commentid);
	if ($comments == ""){ return "No comments entered"; }
	
	// find the comment
	$sql = "SELECT * FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure($commentid);
	$com = $db->execute($sql);
	if ($com->rows < 1){ return "The comment could not be found"; }
	
	// check authorisation
	if ($usr->Access < 2 && ($com->fields["userid"] <> intval($_SESSION["userid"]))){
		return "Only the author or a moderator can edit a comment";
	}
	
	// ok, lets run the update
	$sql  = "UPDATE " . $dbprefix . "comments SET ";
	$sql .= "comments = '" . dbSecure($comments) . "' ";
	$sql .= "WHERE commentid = " . $com->fields["commentid"];
	$db->execute($sql);
	
	// and return
	return "Comments edited successfully!";
}

function deletecomments($commentid){
	global $db, $dbprefix, $usr;
	
	$usr->Auth(1);
	$commentid = intval($commentid);
	
	// get comment recordset
	$sql = "SELECT * FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure($commentid);
	$com = $db->execute($sql);
	if ($com->rows < 1){ return "The comment could not be found"; }
	
	// get the image recordset
	$sql = "SELECT * FROM " . $dbprefix . "images WHERE imageid = " . intval($com->fields["imageid"]);
	$img = $db->execute($sql);
	if ($img->rows < 1){ return "The image could not be found"; }
	
	// get album recordset
	$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . intval($img->fields["albumid"]);
	$alb = $db->execute($sql);
	if ($alb->rows < 1){ return "The album could not be found"; }
	
	// check for lockage
	if ($usr->Access < 2){
		if ($img->fields["status"] == 0){
			return "Comments cannot be deleted while the image is locked";
		} elseif ($alb->fields["status"] == 0){
			return "Commentd cannot be deleted while the album is locked";
		}
	}
	
	// delete the comment
	$sql = "DELETE FROM " . $dbprefix . "comments WHERE commentid = " . intval($com->fields["commentid"]);
	$db->execute($sql);
	
	// and return
	return "Comment deleted successfully!";
}

function massdeletecomments($ids){
	global $db, $dbprefix, $usr;
	
	// validate level
	if ($usr->Access < 2){
		return "Only moderators can mass delete comments";
	}
	
	// check ids
	if ($ids == ""){ return "No comments selected"; }
	
	// check for non-array
	if (!(is_array($ids))){
		$id  = $ids;
		$ids = array();
		array_push($ids, $id);
	}
	
	// loop through comment ids
	foreach($ids as $x){
		$x = intval($x);
		
		$sql = "DELETE FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure($x);
		$db->execute($sql);
	}
	
	// and return
	return "Comments deleted successfully!";
}
?>
PHPKode Newsletter X is easy to install and configure on the most servers. Try now!
Return current item: Particle Gallery