root/dev/common/comments.php @ 45

Revision 45, 3.7 KB (checked in by andrewgunn, 14 years ago)

Fixed: The field is 'ID' (all caps) in the database not 'id' (no caps). This caused the "Delete Comment" link to not include a comment ID, making comments hard to delete. We might want to do something about that, since all other DB field names are lowercase.

Line 
1<?php
2$html .= "<div id=comments-wrap>";
3
4function bbencode($string)
5{
6    $string = strip_tags(&$string);
7    $string = str_replace(array('[b]','[/b]','[i]','[/i]','[u]','[/u]'),
8                          array('<b>','</b>','<i>','</i>','<u>','</u>'), $string);
9    $string = preg_replace('^\[color=(.*?)](.*?)\[/color]^', '<font color="\1">\2</font>', $string);
10    $string = preg_replace('^\[kill=(.*?)](.*?)\[/kill]^', '<a href="\?a=kill_detail&kll_id=\1">\2</a>', $string);
11    $string = preg_replace('^\[pilot=(.*?)](.*?)\[/pilot]^', '<a href="\?a=pilot_detail&plt_id=\1">\2</a>', $string);
12        return nl2br($string);
13}
14
15//$kll_id defined now in kill_detail
16//$kll_id = intval($_GET['kll_id']);
17$qry = new DBQuery();
18if (isset($_POST['comment']))
19{
20    $kb = new Killboard(KB_SITE);
21    $config = $kb->getConfig();
22
23    $pw = false;
24    if (!$config->getConfig('comments_pw') || $page->isAdmin())
25    {
26        $pw = true;
27    }
28    if ($_POST['password'] == $config->getPostPassword() || $pw)
29    {
30        if ($_POST['comment'] == '')
31        {
32            $html .= "Error: Sillent type hey? good for you, bad for a comment.";
33        }
34        else
35        {
36            $comment = $_POST['comment'];
37            $comment = bbencode($comment);
38
39            $name = $_POST['name'];
40            if ($name == null)
41            {
42                $name = "Anonymous";
43            }
44            $name = strip_tags($name);
45            // Password if right so insert the comment.
46            $qry->execute("INSERT INTO kb3_comments (`kll_id`,`comment`,`name`)
47                           VALUES ('$kll_id','$comment','$name')");
48        }
49    }
50    else
51    {
52        // Password is wrong
53        $html .= "Error: Wrong Password";
54    }
55}
56
57$qry = new DBQuery();
58$qry->execute("SELECT * FROM kb3_comments WHERE `kll_id` = $kll_id");
59if ($qry->recordCount() == 0)
60{
61    // no commments
62    // $html .= "No Comments yet.";
63}
64else
65{
66    while ($data = $qry->getRow())
67    {
68        $name = $data['name'];
69        $comment = $data['comment'];
70        $html .= "\n<div class=\"comment-text\" style=\"position: relative;\"><a href=\"?a=search&searchtype=pilot&searchphrase=".$name."\">".$name."</a>:";
71        if ($data['posttime'] && $data['posttime'] != '0000-00-00 00:00:00')
72        {
73            $html .= '<span style="position:absolute; right: 0px;">'.$data['posttime'].'</span>';
74        }
75        $html .= "<p>".$comment."</p>";
76        if ($page->isAdmin())
77        {
78            $html .= "<a href=\"javascript:openWindow('?a=comments_delete&c_id=".$data['ID']."', null, 480, 350, '' );\">Delete Comment</a>";
79        }
80        $html .= "</div>";
81    }
82}
83
84$html .= "<div><form id=\"postform\" name=\"postform\" method=\"post\" action=\"?a=kill_detail&kll_id=".$kill->getID()."\">";
85$html .= "<br><b>Add Comment:</b><br><textarea class=\"comment\" name=\"comment\" cols=\"55\" rows=\"5\" wrap=\"PHYSICAL\" onkeyup=\"limitText(this.form.comment,document.getElementById('countdown'),200);\" onkeypress=\"limitText(this.form.comment,document.getElementById('countdown'),200);\"></textarea><br>";
86$html .= "<span name=\"countdown\" id=\"countdown\">200</span> Letters left<br/>";
87$html .= "<b>Name:</b>";
88$html .= "<input style=\"position:relative; right:-3px;\" class=\"comment-button\" name=\"name\" type=\"text\" size=\"24\" maxlength=\"24\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
89if ($config->getConfig('comments_pw') && !$page->isAdmin())
90{
91    $html .= "<br><b>Password:</b>";
92    $html .= "<input type=\"password\" name=\"password\" size=\"19\" class=comment-button>&nbsp;&nbsp;&nbsp;&nbsp;";
93}
94$html .= "<input class=\"comment-button\" name=\"submit\" type=\"submit\" value=\"Add Comment\">";
95$html .= "</form></div></div>";
96?>
Note: See TracBrowser for help on using the browser.