qemudb/addcomment.php

<?php
/********************************/
/* code to submit a new comment */
/********************************/
    
# APPLICATION ENVIRONMENT
include("path.php");
require(BASE."include/"."incl.php");
require(BASE."include/"."application.php");

// you must be logged in to submit comments
if(!loggedin())
{
  unset($_REQUEST['body']);
  apidb_header("Please login");
  echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?cmd=login\">login now</a> or create a <a href=\"account.php?cmd=new\">new account</a>.","\n";
}

if(!isset($_REQUEST['appId']))
{
  errorpage('Internal Database Access Error');
  exit;
}

if(!$_REQUEST['versionId'])
{
  $versionId = 0;
}

if(!$_REQUEST['thread'])
{
  $thread = 0;
}

############################
# ADDS COMMENT TO DATABASE #
############################
if($_REQUEST[body])
{
    $hostname = get_remote();
    
    $subject = strip_tags($subject);
    $subject = mysql_escape_string($subject);
    $body1 = mysql_escape_string($body);

    // get current userid
    $userId = $_SESSION['current']->userid;

    $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".
			   "$appId, $versionId, $userId, '$hostname', '$subject', ".
			   "'$body1', 0)");
		
    if (!$result)
    {
        errorpage('Internal Database Access Error',mysql_error());
        exit;
    } else
    {
        if ($originator)
        {
            if (UserWantsEmail($originator))
            {
                $email = lookupEmail($originator);
                $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
                $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
                $ms .= "\n";
                $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";
                $ms .= "\n";
                $ms .= "Subject: ".$subject."\n";
                $ms .= "\n";
                $ms .= $body."\n";
                $ms .= "\n";
                $ms .= "------- You are receiving this mail because: -------\n";
                $ms .= "Someone posted a comment in responce to your comment\n";
                $ms .= "to change your preverences go to: http://appdb.winehq.org/preferences.php\n";

                mail(stripslashes($email), "[AppDB] (Comment Reply): ".$fullAppName ,$ms);
                
                addmsg("Comment message sent to original poster", "green");                   
            }
        }
        $email = getNotifyEmailAddressList($appId, $versionId);
        if($email)
        {
            $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
            $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
            $ms .= "\n";
            $ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
            $ms .= "\n";
            $ms .= "Subject: ".$subject."\n";
            $ms .= "\n";
            $ms .= $body."\n";
            $ms .= "\n";
            $ms .= STANDARD_NOTIFY_FOOTER;

            mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
        } else
        {
            $email = "no one";
        }
        addmsg("mesage sent to: ".$email, green);

        addmsg("New Comment Posted", "green");
        redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
    }
}

################################
# USER WANTS TO SUBMIT COMMENT #
################################
else if(loggedin())
{
  apidb_header("Add Comment");

  $mesTitle = "<b>Post New Comment</b>";

  if($_REQUEST['thread'])
  {
    $result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");
    $ob = mysql_fetch_object($result);
    if($ob)
    {
      $mesTitle = "<b>Replying To ...</b> $ob->subject\n";
      $originator = $ob->userId;
      echo html_frame_start($ob->subject,500);
      echo htmlify_urls($ob->body), "<br /><br />\n";
      echo html_frame_end();
    }
  }

  echo "<form method=POST action='addcomment.php'>\n";

  echo html_frame_start($mesTitle,500,"",0);
    
  echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
  echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b>&nbsp;</td>\n";
  echo "	<td>&nbsp;".$_SESSION['current']->username."</td></tr>\n";
  echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b>&nbsp;</td>\n";
  echo "	<td>&nbsp;<input type=text size=35 name=subject value='$subject'> </td></tr>\n";
  echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";
  echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
  echo "  <input type=SUBMIT value='Post Comment' class=button>\n";
  echo "  <input type=RESET value='Reset' class=button>\n";
  echo "</td></tr>\n";
  echo "</table>\n";

  echo html_frame_end();

  echo "<input type=HIDDEN name=thread value=$thread>\n";
  echo "<input type=HIDDEN name=appId value=$appId>\n";
  echo "<input type=HIDDEN name=versionId value=$versionId>\n";
  if ($thread)
  {
    echo "<input type=HIDDEN name=originator value=$originator>\n";
  }
  echo "</form>";
}
?>

<p>&nbsp;</p>

<?
apidb_footer();
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`/********************************/`
			`/* code to submit a new comment */`
			`/********************************/`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`# APPLICATION ENVIRONMENT`
Initial revision 2004-03-15 16:22:00 +00:00			`include("path.php");`
			`require(BASE."include/"."incl.php");`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`require(BASE."include/"."application.php");`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`// you must be logged in to submit comments`
			`if(!loggedin())`
			`{`
			`unset($_REQUEST['body']);`
			`apidb_header("Please login");`
			`echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?cmd=login\">login now</a> or create a <a href=\"account.php?cmd=new\">new account</a>.","\n";`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`if(!isset($_REQUEST['appId']))`
			`{`
			`errorpage('Internal Database Access Error');`
			`exit;`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`if(!$_REQUEST['versionId'])`
			`{`
			`$versionId = 0;`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`if(!$_REQUEST['thread'])`
			`{`
			`$thread = 0;`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`############################`
			`# ADDS COMMENT TO DATABASE #`
			`############################`
			`if($_REQUEST[body])`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
			`$hostname = get_remote();`

			`$subject = strip_tags($subject);`
			`$subject = mysql_escape_string($subject);`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`$body1 = mysql_escape_string($body);`
Initial revision 2004-03-15 16:22:00 +00:00
			`// get current userid`
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`$userId = $_SESSION['current']->userid;`
Initial revision 2004-03-15 16:22:00 +00:00
use datetime instead of timestamp 2004-11-17 22:54:30 +00:00			`$result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".`
Initial revision 2004-03-15 16:22:00 +00:00			`"$appId, $versionId, $userId, '$hostname', '$subject', ".`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`"'$body1', 0)");`
Initial revision 2004-03-15 16:22:00 +00:00
			`if (!$result)`
			`{`
			`errorpage('Internal Database Access Error',mysql_error());`
			`exit;`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`} else`
			`{`
send an email to the original poster if this is a reply. 2004-11-17 23:05:36 +00:00			`if ($originator)`
			`{`
			`if (UserWantsEmail($originator))`
			`{`
			`$email = lookupEmail($originator);`
			`$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);`
			`$ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";`
			`$ms .= "\n";`
- access most globals by their $_XYZ['varname'] name - fix some code errors and typos (missing $ in front of variable names and so on) - fixed a lot of warnings that would have been thrown when error_reporting is set to show notices (if(isset($variable))) instead of if($variable) for example) 2004-12-10 01:07:45 +00:00			`$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";`
send an email to the original poster if this is a reply. 2004-11-17 23:05:36 +00:00			`$ms .= "\n";`
			`$ms .= "Subject: ".$subject."\n";`
			`$ms .= "\n";`
			`$ms .= $body."\n";`
			`$ms .= "\n";`
			`$ms .= "------- You are receiving this mail because: -------\n";`
			`$ms .= "Someone posted a comment in responce to your comment\n";`
			`$ms .= "to change your preverences go to: http://appdb.winehq.org/preferences.php\n";`

			`mail(stripslashes($email), "[AppDB] (Comment Reply): ".$fullAppName ,$ms);`

			`addmsg("Comment message sent to original poster", "green");`
			`}`
			`}`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`$email = getNotifyEmailAddressList($appId, $versionId);`
			`if($email)`
			`{`
			`$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);`
send an email to the original poster if this is a reply. 2004-11-17 23:05:36 +00:00			`$ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`$ms .= "\n";`
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`$ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";`
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`$ms .= "\n";`
			`$ms .= "Subject: ".$subject."\n";`
			`$ms .= "\n";`
			`$ms .= $body."\n";`
			`$ms .= "\n";`
			`$ms .= STANDARD_NOTIFY_FOOTER;`
Initial revision 2004-03-15 16:22:00 +00:00
Set up notify system. Send notify emails for ad and delete Coments 2004-11-09 22:42:12 +00:00			`mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);`
			`} else`
			`{`
			`$email = "no one";`
			`}`
			`addmsg("mesage sent to: ".$email, green);`

			`addmsg("New Comment Posted", "green");`
			`redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));`
			`}`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`################################`
			`# USER WANTS TO SUBMIT COMMENT #`
			`################################`
			`else if(loggedin())`
			`{`
			`apidb_header("Add Comment");`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`$mesTitle = "<b>Post New Comment</b>";`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`if($_REQUEST['thread'])`
			`{`
			`$result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");`
			`$ob = mysql_fetch_object($result);`
			`if($ob)`
send an email to the original poster if this is a reply. 2004-11-17 23:05:36 +00:00			`{`
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`$mesTitle = "<b>Replying To ...</b> $ob->subject\n";`
			`$originator = $ob->userId;`
			`echo html_frame_start($ob->subject,500);`
			`echo htmlify_urls($ob->body), "<br /><br />\n";`
			`echo html_frame_end();`
send an email to the original poster if this is a reply. 2004-11-17 23:05:36 +00:00			`}`
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`}`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`echo "<form method=POST action='addcomment.php'>\n";`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`echo html_frame_start($mesTitle,500,"",0);`

			`echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";`
			`echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b> </td>\n";`
			`echo " <td> ".$_SESSION['current']->username."</td></tr>\n";`
			`echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b> </td>\n";`
			`echo " <td> <input type=text size=35 name=subject value='$subject'> </td></tr>\n";`
			`echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";`
			`echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";`
			`echo " <input type=SUBMIT value='Post Comment' class=button>\n";`
			`echo " <input type=RESET value='Reset' class=button>\n";`
			`echo "</td></tr>\n";`
			`echo "</table>\n";`

			`echo html_frame_end();`

			`echo "<input type=HIDDEN name=thread value=$thread>\n";`
			`echo "<input type=HIDDEN name=appId value=$appId>\n";`
			`echo "<input type=HIDDEN name=versionId value=$versionId>\n";`
			`if ($thread)`
			`{`
			`echo "<input type=HIDDEN name=originator value=$originator>\n";`
			`}`
			`echo "</form>";`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`?>`
Initial revision 2004-03-15 16:22:00 +00:00
Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu> - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) 2004-12-11 04:07:40 +00:00			`<p> </p>`

			`<?`
			`apidb_footer();`
Initial revision 2004-03-15 16:22:00 +00:00			`?>`