root/dev/common/comments.php @ 41

<?php
$html .= "<div id=comments-wrap>";

function bbencode($string)
{
    $string = strip_tags(&$string);
    $string = str_replace(array('[b]','[/b]','[i]','[/i]','[u]','[/u]'),
                          array('<b>','</b>','<i>','</i>','<u>','</u>'), $string);
    $string = preg_replace('^\[color=(.*?)](.*?)\[/color]^', '<font color="\1">\2</font>', $string);
    $string = preg_replace('^\[kill=(.*?)](.*?)\[/kill]^', '<a href="\?a=kill_detail&kll_id=\1">\2</a>', $string);
    $string = preg_replace('^\[pilot=(.*?)](.*?)\[/pilot]^', '<a href="\?a=pilot_detail&plt_id=\1">\2</a>', $string);
        return nl2br($string);
}

//$kll_id defined now in kill_detail
//$kll_id = intval($_GET['kll_id']);
$qry = new DBQuery();
if (isset($_POST['comment']))
{
    $kb = new Killboard(KB_SITE);
    $config = $kb->getConfig();

    $pw = false;
    if (!$config->getConfig('comments_pw') || $page->isAdmin())
    {
        $pw = true;
    }
    if ($_POST['password'] == $config->getPostPassword() || $pw)
    {
        if ($_POST['comment'] == '')
        {
            $html .= "Error: Sillent type hey? good for you, bad for a comment.";
        }
        else
        {
            $comment = $_POST['comment'];
            $comment = bbencode($comment);

            $name = $_POST['name'];
            if ($name == null)
            {
                $name = "Anonymous";
            }
            $name = strip_tags($name);
            // Password if right so insert the comment.
            $qry->execute("INSERT INTO kb3_comments (`kll_id`,`comment`,`name`)
                           VALUES ('$kll_id','$comment','$name')");
        }
    }
    else
    {
        // Password is wrong
        $html .= "Error: Wrong Password";
    }
}

$qry = new DBQuery();
$qry->execute("SELECT id, name, comment FROM kb3_comments WHERE `kll_id` = $kll_id");
if ($qry->recordCount() == 0)
{
    // no commments
    // $html .= "No Comments yet.";
}
else
{
    while ($data = $qry->getRow())
    {
        $name = $data['name'];
        $comment = $data['comment'];
        $html .= "<div class=\"comment-text\"><a href=\"?a=search&searchtype=pilot&searchphrase=".$name."\">".$name."</a>:<p>".$comment."</p>";
        if ($page->isAdmin())
        {
            $html .= "<a href=\"javascript:openWindow('?a=comments_delete&c_id=".$data['id']."', null, 480, 350, '' );\">Delete Comment</a>";
        }
        $html .= "</div><br/>";
    }
}

$html .= "<div><form id=\"postform\" name=\"postform\" method=\"post\" action=\"?a=kill_detail&kll_id=".$kill->getID()."\">";
$html .= "<br><b>Add Comment:</b><br><textarea class=\"comment\" name=\"comment\" cols=\"55\" rows=\"5\" wrap=\"PHYSICAL\" onkeyup=\"limitText(this.form.comment,document.getElementById('countdown'),200);\" onkeypress=\"limitText(this.form.comment,document.getElementById('countdown'),200);\"></textarea><br>";
$html .= "<span name=\"countdown\" id=\"countdown\">200</span> Letters left<br/>";
$html .= "<b>Name:</b>";
$html .= "<input style=\"position:relative; right:-3px;\" class=\"comment-button\" name=\"name\" type=\"text\" size=\"24\" maxlength=\"24\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
if ($config->getConfig('comments_pw') && !$page->isAdmin())
{
    $html .= "<br><b>Password:</b>";
    $html .= "<input type=\"password\" name=\"password\" size=\"19\" class=comment-button>&nbsp;&nbsp;&nbsp;&nbsp;";
}
$html .= "<input class=\"comment-button\" name=\"submit\" type=\"submit\" value=\"Add Comment\">";
$html .= "</form></div></div>";
?>