YaWK  24.1
Yet another WebKit
add-comment.php
Go to the documentation of this file.
1 <?php
2 include '../../../classes/db.php';
3 if (!isset($db)) { $db = new \YAWK\db(); }
4 include '../../../classes/sys.php';
5  $blogid = $_POST['blogid'];
6  $itemid = $_POST['itemid'];
7  $uid = $_POST['uid'];
8  $gid = $_POST['gid'];
9  $ip = $_SERVER['REMOTE_ADDR'];
10  $comment = $_POST['comment'];
11  $name = $_POST['name'];
12  $email = $_POST['email'];
13  $now = date("Y-m-d H:i:s");
14 
15  // if user is not logged in
16  if ($uid === '0' || $gid === '0') {
17  if (isset($_POST['email'])){
18  $email = $_POST['email'];
19  } else {
20  $email = "";
21  }
22  }
23  else {
24  $sql = $db->query("SELECT email FROM {users} WHERE id ='" . $uid . "' AND privacy = 0");
25  $email = mysqli_fetch_row($sql);
26  if (!empty($email[0])) {
27  $email = $email[0];
28  }
29  else {
30  $email = "";
31  }
32  }
33 
34  // remove HTML tags for security reasons
35  $comment = str_replace("\n", "<br>", $comment);
36  $name = strip_tags($name);
37  // remove special chars
38  $comment = \YAWK\sys::encodeChars($comment);
39  $name = \YAWK\sys::encodeChars($name);
40 
41 /*
42  if ($uid === '0' && $gid === '0') {
43  $name = "Guest";
44  }
45 */
46 
47  if ($db->query("INSERT INTO {blog_comments} (blogid, itemid, uid, gid, ip, date_created, name, email, comment)
48  VALUES('$blogid', '$itemid', '$uid', '$gid', '$ip', '$now', '$name', '$email', '$comment')"))
49  {
50  $html = '';
51 
52  $date = \YAWK\sys::splitDate($now);
53  $year = $date['year'];
54  $month = $date['month'];
55  $day = $date['day'];
56  $time = $date['time'];
57  $prettydate = "$day. $month $year $time";
58 
59  // if user is guest, show comment
60  if ($uid === '0' || $gid === '0') {
61  // draw guest comments
62  $html .= "<p id=\"comment_thread\"><i><h5><strong>" . $name . "</strong> <small>on " . $prettydate . "</small></h5></i> <div style=\"padding-left: 0.3em;\">" . $comment . "</div></p><hr>";
63  } else {
64  // if uid != 0, it was a registered user, we want to get username for that uid
65  $sql2 = $db->query("SELECT username FROM {users} WHERE id = '" . $uid . "'");
66  while ($row2 = mysqli_fetch_row($sql2)) {
67  if (!empty($email)){
68  // draw user comments
69  $html .= "<p id=\"comment_thread\"><i><h5><strong><a href=\"mailto:$email\">$row2[0]</a></strong> <small>am " . $prettydate . "</small></h5></i> <div style=\"padding-left: 0.3em;\">" . $comment . "</div></p><hr>";
70  }
71  else {
72  // draw user comments
73  $html .= "<p id=\"comment_thread\"><i><h5><strong>$row2[0]</strong> <small>am " . $prettydate . "</small></h5></i> <div style=\"padding-left: 0.3em;\">" . $comment . "</div></p><hr>";
74  }
75  }
76  }
77  echo $html;
78  }
79  else
80  {
81  echo "<p>There was an error saving your comment, we're sorry.</p>";
82  }
83 
$uid
$uid
Definition: add-comment.php:7
$gid
$gid
Definition: add-comment.php:8
$comment
$comment
Definition: add-comment.php:10
$ip
$ip
Definition: add-comment.php:9
$name
$name
Definition: add-comment.php:11
$blogid
$blogid
Definition: add-comment.php:5
$email
$email
Definition: add-comment.php:12
$itemid
$itemid
Definition: add-comment.php:6
$now
$now
Definition: add-comment.php:13
YAWK\sys\splitDate
static splitDate($date)
split a date to month, day, year and time
Definition: sys.php:1502
YAWK\sys\encodeChars
static encodeChars($string)
convert german special chars and vowels into legal html
Definition: sys.php:1089
$sql
$sql
Definition: message-new.php:32
date
print $tourdates date
Definition: tourdates-edit.php:70
$date
$date
Definition: user-edit.php:285