From 134aca7e3aaa31593c09325e13c116a2c40a481d Mon Sep 17 00:00:00 2001 From: WineHQ Date: Sat, 11 Dec 2004 04:07:40 +0000 Subject: [PATCH] Authors: Jonathan Ernst , Chris Morgan - stop annoymous comments submitions - code cleanup (more php style than c style + better indentation + comments + replaced globally registered vars) --- addcomment.php | 151 +++++++++++++++++++++++++++---------------------- 1 file changed, 83 insertions(+), 68 deletions(-) diff --git a/addcomment.php b/addcomment.php index f6bb4c1..12f6db9 100644 --- a/addcomment.php +++ b/addcomment.php @@ -1,31 +1,42 @@ login now or create a new account.","\n"; +} + +if(!isset($_REQUEST['appId'])) +{ + errorpage('Internal Database Access Error'); + exit; +} + +if(!$_REQUEST['versionId']) +{ + $versionId = 0; +} + +if(!$_REQUEST['thread']) +{ + $thread = 0; +} + +############################ +# ADDS COMMENT TO DATABASE # +############################ +if($_REQUEST[body]) { - // add comment to db - $hostname = get_remote(); $subject = strip_tags($subject); @@ -33,7 +44,7 @@ if($body) $body1 = mysql_escape_string($body); // get current userid - $userId = (loggedin()) ? $_SESSION['current']->userid : 0; + $userId = $_SESSION['current']->userid; $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ". "$appId, $versionId, $userId, '$hostname', '$subject', ". @@ -74,7 +85,7 @@ if($body) $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n"; $ms .= "\n"; - $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n"; + $ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n"; $ms .= "\n"; $ms .= "Subject: ".$subject."\n"; $ms .= "\n"; @@ -83,7 +94,6 @@ if($body) $ms .= STANDARD_NOTIFY_FOOTER; mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms); - } else { $email = "no one"; @@ -94,56 +104,61 @@ if($body) redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId")); } } -else + +################################ +# USER WANTS TO SUBMIT COMMENT # +################################ +else if(loggedin()) { + apidb_header("Add Comment"); - apidb_header("Add Comment"); + $mesTitle = "Post New Comment"; - $mesTitle = "Post New Comment"; - - if($thread) - { - $result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread"); - $ob = mysql_fetch_object($result); - if($ob) - { - $mesTitle = "Replying To ... $ob->subject\n"; - $originator = $ob->userId; - echo html_frame_start($ob->subject,500); - echo htmlify_urls($ob->body), "

\n"; - echo html_frame_end(); - } - } - - echo "
\n"; - - echo html_frame_start($mesTitle,500,"",0); - - echo '',"\n"; - echo "\n"; - echo " \n"; - echo "\n"; - echo " \n"; - echo "\n"; - echo "\n"; - echo "
From:  ". ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous") ."
Subject:  
\n"; - echo " \n"; - echo " \n"; - echo "
\n"; - - echo html_frame_end(); - - echo "\n"; - echo "\n"; - echo "\n"; - if ($thread) + if($_REQUEST['thread']) + { + $result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread"); + $ob = mysql_fetch_object($result); + if($ob) { - echo "\n"; + $mesTitle = "Replying To ... $ob->subject\n"; + $originator = $ob->userId; + echo html_frame_start($ob->subject,500); + echo htmlify_urls($ob->body), "

\n"; + echo html_frame_end(); } - echo "

 

\n"; + } - apidb_footer(); + echo "
\n"; + echo html_frame_start($mesTitle,500,"",0); + + echo '',"\n"; + echo "\n"; + echo " \n"; + echo "\n"; + echo " \n"; + echo "\n"; + echo "\n"; + echo "
From:  ".$_SESSION['current']->username."
Subject:  
\n"; + echo " \n"; + echo " \n"; + echo "
\n"; + + echo html_frame_end(); + + echo "\n"; + echo "\n"; + echo "\n"; + if ($thread) + { + echo "\n"; + } + echo "
"; } - +?> + +

 

+ +