claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authors: Jonathan Ernst <Jonathan@ernstfamily.ch>, Chris Morgan <cmorgan@alum.wpi.edu>

Browse Source 
- stop annoymous comments submitions
- code cleanup (more php style than c style  + better indentation + comments + replaced globally registered vars)
This commit is contained in:
WineHQ
2004-12-11 04:07:40 +00:00
parent ac0fc5bd6d
commit 134aca7e3a
1 changed files with 83 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
addcomment.php
View File

@@ -1,31 +1,42 @@
<? <?
/********************************/
/* code to submit a new comment */
/********************************/
# APPLICATION ENVIRONMENT
include("path.php"); include("path.php");
require(BASE."include/"."incl.php"); require(BASE."include/"."incl.php");
require(BASE."include/"."application.php"); require(BASE."include/"."application.php");
// you must be logged in to submit comments
if(!loggedin())
if(!$appId) { {
errorpage('Internal Database Access Error'); unset($_REQUEST['body']);
exit; apidb_header("Please login");
} echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?cmd=login\">login now</a> or create a <a href=\"account.php?cmd=new\">new account</a>.","\n";
}
if(!$versionId) {
$versionId = 0; if(!isset($_REQUEST['appId']))
} {
errorpage('Internal Database Access Error');
if(!$thread) { exit;
$thread = 0; }
}
if(!$_REQUEST['versionId'])
opendb(); {
$versionId = 0;
}
if($body)
if(!$_REQUEST['thread'])
{
$thread = 0;
}
############################
# ADDS COMMENT TO DATABASE #
############################
if($_REQUEST[body])
{ {
// add comment to db
$hostname = get_remote(); $hostname = get_remote();
$subject = strip_tags($subject); $subject = strip_tags($subject);
@@ -33,7 +44,7 @@ if($body)
$body1 = mysql_escape_string($body); $body1 = mysql_escape_string($body);
// get current userid // get current userid
$userId = (loggedin()) ? $_SESSION['current']->userid : 0; $userId = $_SESSION['current']->userid;
$result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ". $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".
"$appId, $versionId, $userId, '$hostname', '$subject', ". "$appId, $versionId, $userId, '$hostname', '$subject', ".
@@ -74,7 +85,7 @@ if($body)
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId); $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
$ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n"; $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n"; $ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
$ms .= "\n"; $ms .= "\n";
$ms .= "Subject: ".$subject."\n"; $ms .= "Subject: ".$subject."\n";
$ms .= "\n"; $ms .= "\n";
@@ -83,7 +94,6 @@ if($body)
$ms .= STANDARD_NOTIFY_FOOTER; $ms .= STANDARD_NOTIFY_FOOTER;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms); mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
} else } else
{ {
$email = "no one"; $email = "no one";
@@ -94,56 +104,61 @@ if($body)
redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId")); redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
} }
} }
else
################################
# USER WANTS TO SUBMIT COMMENT #
################################
else if(loggedin())
{ {
apidb_header("Add Comment");
apidb_header("Add Comment"); $mesTitle = "<b>Post New Comment</b>";
$mesTitle = "<b>Post New Comment</b>"; if($_REQUEST['thread'])
{
if($thread) $result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");
{ $ob = mysql_fetch_object($result);
$result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread"); if($ob)
$ob = mysql_fetch_object($result);
if($ob)
{
$mesTitle = "<b>Replying To ...</b> $ob->subject\n";
$originator = $ob->userId;
echo html_frame_start($ob->subject,500);
echo htmlify_urls($ob->body), "<br><br>\n";
echo html_frame_end();
}
}
echo "<form method=POST action='addcomment.php'>\n";
echo html_frame_start($mesTitle,500,"",0);
echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b>&nbsp;</td>\n";
echo " <td>&nbsp;". ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous") ." </td></tr>\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b>&nbsp;</td>\n";
echo " <td>&nbsp;<input type=text size=35 name=subject value='$subject'> </td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
echo " <input type=SUBMIT value='Post Comment' class=button>\n";
echo " <input type=RESET value='Reset' class=button>\n";
echo "</td></tr>\n";
echo "</table>\n";
echo html_frame_end();
echo "<input type=HIDDEN name=thread value=$thread>\n";
echo "<input type=HIDDEN name=appId value=$appId>\n";
echo "<input type=HIDDEN name=versionId value=$versionId>\n";
if ($thread)
{ {
echo "<input type=HIDDEN name=originator value=$originator>\n"; $mesTitle = "<b>Replying To ...</b> $ob->subject\n";
$originator = $ob->userId;
echo html_frame_start($ob->subject,500);
echo htmlify_urls($ob->body), "<br /><br />\n";
echo html_frame_end();
} }
echo "</form><p>&nbsp;</p>\n"; }
apidb_footer(); echo "<form method=POST action='addcomment.php'>\n";
echo html_frame_start($mesTitle,500,"",0);
echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b>&nbsp;</td>\n";
echo " <td>&nbsp;".$_SESSION['current']->username."</td></tr>\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b>&nbsp;</td>\n";
echo " <td>&nbsp;<input type=text size=35 name=subject value='$subject'> </td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
echo " <input type=SUBMIT value='Post Comment' class=button>\n";
echo " <input type=RESET value='Reset' class=button>\n";
echo "</td></tr>\n";
echo "</table>\n";
echo html_frame_end();
echo "<input type=HIDDEN name=thread value=$thread>\n";
echo "<input type=HIDDEN name=appId value=$appId>\n";
echo "<input type=HIDDEN name=versionId value=$versionId>\n";
if ($thread)
{
echo "<input type=HIDDEN name=originator value=$originator>\n";
}
echo "</form>";
} }
?>
<p>&nbsp;</p>
<?
apidb_footer();
?> ?>