Location: PHPKode > scripts > Ramui web hosting directory script > Ramui web hosting directory script/gb/user/include/clscomment.php
<?php
/*
Copyright (c) 2011 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class comment extends clslogin
{
private function save_comment($id='')
{
        if((!($this->site['allowedit']))&&(!empty($id))){
			$query=sprintf("SELECT date FROM ".$this->prefix."comments WHERE id = %d",$id);
			$result=@mysql_query($query);
			$row = @mysql_fetch_array($result, MYSQL_ASSOC);
			if(empty($row['date'])||($row['date']<(time()-900))){echo '<span style="color:red; background-color:white;">Sorry! this board doesn\'t allow you to edit your post</span>';exit;}
		}
		if((empty($_SESSION['fw_captcha_code']))||(md5($_POST['fw_captcha_code'])!==($_SESSION['fw_captcha_code']))){
            echo '<span style="color:red; background-color:white;">Error! wrong verification code. Please try again.</span>';
            exit;}
		$title=trim(fw_strip_slashes(rawurldecode($_POST["title"])));
		$title=htmlspecialchars(fw_remove_smarttag($title));
		$comment=trim(fw_strip_slashes(rawurldecode($_POST["comment"])));
		$comment=fw_remove_smarttag($comment);
		$comment_text=fw_bb2text($comment);
		$autolink=(empty($_POST["autolink"])? '' : 'Y');
		$pid=$_POST['pid'];
		$dt=time();
		$publish=(($this->site['approval']=='A')? 'Y':'');
		$max_size=$this->site['commentsize'];
		if((strlen($comment)>$max_size)||(strlen($title)>80)){echo '<span style="color:red; background-color:white;">Unespected error! Please try again.</span>';exit;}
		if(empty($id)){$query=sprintf("INSERT INTO ".$this->prefix."comments(title, pid, uid, comment, autolink, publish, updated, date) VALUES ('%s', %d, %d, '%s', '$autolink', '$publish', $dt, $dt)",mysql_real_escape_string($title),$pid,$this->uid,mysql_real_escape_string($comment));			}
		else{$query=sprintf("UPDATE ".$this->prefix."comments SET title = '%s', comment = '%s', autolink = '$autolink', updated = $dt WHERE id = %d AND uid = %d",mysql_real_escape_string($title),mysql_real_escape_string($comment),$id,$this->uid);}
		@mysql_query($query);
		if(empty($id)){
			$new=true;
			$id=mysql_insert_id();
			$edit=$id.'<>';
			$query=sprintf("INSERT INTO ".$this->prefix."search(title, cid, pid, uid, publish, body) VALUES ('%s', %d, %d, %d, '$publish', '%s')",mysql_real_escape_string($title),$id,$pid,$this->uid,mysql_real_escape_string($comment_text));}
		else{$query=sprintf("UPDATE ".$this->prefix."search SET title = '%s', body = '%s', pid = %d WHERE cid = %d",mysql_real_escape_string($title),mysql_real_escape_string($comment_text),$pid,$id);}
		@mysql_query($query);
		echo $edit.'<span style="color:green; background-color:white;">'.((($this->site['approval']=='A')||(empty($new)))? 'Your message has been successfully posted':'Your message is waiting for approval').'</span>';
		exit;
}
private function add_comment($pid)
{
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script>';
		$scriptfile.='<script type="text/javascript">var pid='.$pid.';</script>';
		$query=sprintf("SELECT id, title FROM ".$this->prefix."post WHERE id = %d AND locked <> 'Y'",$pid);
		$result=@mysql_query($query);
		$num=@mysql_num_rows($result);
		if($num<1){@header("LOCATION: index.php");exit;}
		$row = @mysql_fetch_array($result, MYSQL_ASSOC);
		$row['title']=substr('Re: '.$row['title'],0,80);
		$title='Add comment';
		$max=sprintf("%d",$this->site['commentsize']);
		$menu=$this->get_menu();
		include "include/head.php";
		include "include/add_comment.php";
		include "include/footer.html";
}
private function edit_comment($id)
{
		if(!($this->site['allowedit'])){@header("Location: index.php");exit;}
		$query=sprintf("SELECT tc.* FROM ".$this->prefix."comments tc, ".$this->prefix."post tp WHERE tc.id = %d AND tc.publish = 'Y' AND tc.uid = %d AND tp.publish = 'Y' AND tp.locked <> 'Y'",$id,$this->uid);
		$result=@mysql_query($query);
		$num=@mysql_num_rows($result);
        if($num<1){$loc='../../index.php';@header("Location: $loc");exit;}
		$row =@mysql_fetch_array($result, MYSQL_ASSOC);
		$title=$row['title'];
		$max=sprintf("%d",$this->site['commentsize']);
		$menu=$this->get_menu();
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script>';
		$scriptfile.='<script type="text/javascript">var cid='.$id.';</script>';
		include "include/head.php";
		include "include/add_comment.php";
		include "include/footer.html";
}
private function bbcode_editor($id='')
{
		if(!empty($id)){
			$query=sprintf("SELECT comment FROM ".$this->prefix."comments WHERE id = %d",$id);
			$result=@mysql_query($query);
			$row = @mysql_fetch_array($result, MYSQL_ASSOC);
			$bbcode=$row['comment'];}
		include "../bbcode/bbeditor.php";
}
public function get_query($qur)
{
		if(($this->admin)&&($qur[1]=="3")){
			$loc="../admin/index.php?qur=9M1M".$qur[2];
			@header("Location: $loc");exit;
		}
		$message='';
		if($this->verify_user($message)){
			switch ($qur[1]){
				case "1":
					$this->add_comment($qur[2]);
				break;
				case "2":
					$this->save_comment($qur[2]);
				break;
				case "3":
					$this->edit_comment($qur[2]);
				break;
				case "4":
					$this->bbcode_editor($qur[2]);
				break;
				case "5":
					$this->log_out();
				break;
				default:
					$this->add_comment($qur[2]);
			}
		}
		else{
			if($qur[1]!="2"){$this->log_in($message);}
		}
}
}
?>
Return current item: Ramui web hosting directory script