claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-05-24. You can view files and clone it, but cannot push or open issues or pull requests.
Files
3d6da668a1ac7266fb0f8c88956bd350f2ea2264
qemudb/addcomment.php
Jonathan Ernst 3096e63828 Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() 
so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after
we call them
2006-07-06 18:44:56 +00:00

101 lines
3.4 KiB
PHP
Raw Blame History

<?php
/**
* Adds a new comment.
*
* Mandatory parameters:
* - iVersionId, version identifier
*
* Optional parameters:
* - iThread, parent comment identifier
* - sBody, body of the comment
* - sSubject, title of the comment
*/
// application environment
include("path.php");
require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");
$aClean = array(); //array of filtered user input
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iThread'] = makeSafe($_REQUEST['iThread']);
$aClean['sBody'] = makeSafe($_REQUEST['sBody']);
$aClean['sSubject'] = makeSafe($_REQUEST['sSubject']);
// you must be logged in to submit comments
if(!$_SESSION['current']->isLoggedIn())
{
apidb_header("Please login");
echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?sCmd=login\">login now</a> or create a <a href=\"account.php?sCmd=new\">new account</a>.","\n";
exit;
}
if( !is_numeric($aClean['iVersionId']) )
util_show_error_page_and_exit('Internal Database Access Error');
if(!is_numeric($aClean['iThread']))
{
$aClean['iThread'] = 0;
}
// the user submitted his comment
if(!empty($aClean['sBody']))
{
$oComment = new Comment();
$oComment->create($aClean['sSubject'], $aClean['sBody'], $aClean['iThread'], $aClean['iVersionId']);
util_redirect_and_exit(apidb_fullurl("appview.php?iVersionId=".$oComment->iVersionId));
// let's show the comment form
} else
{
apidb_header("Add Comment");
$mesTitle = "<b>Post New Comment</b>";
if($aClean['iThread'] > 0)
{
$hResult = query_parameters("SELECT * FROM appComments WHERE commentId = '?'",
$aClean['iThread']);
$oRow = mysql_fetch_object($hResult);
if($oRow)
{
$mesTitle = "<b>Replying To ...</b> $oRow->subject\n";
$originator = $oRow->userId;
echo html_frame_start($oRow->subject,500);
echo htmlify_urls($oRow->body), "<br /><br />\n";
echo html_frame_end();
}
}
echo "<form method=\"post\" action=\"addcomment.php\">\n";
echo html_frame_start($mesTitle,500,"",0);
echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
echo "<tr class=\"color0\"><td align=right><b>From:</b>&nbsp;</td>\n";
echo " <td>&nbsp;".$_SESSION['current']->sRealname."</td></tr>\n";
echo "<tr class=\"color0\"><td align=right><b>Subject:</b>&nbsp;</td>\n";
echo " <td>&nbsp;<input type=\"text\" size=\"35\" name=\"sSubject\" value=\"".$aClean['sSubject']."\" /> </td></tr>\n";
echo "<tr class=\"color1\"><td colspan=2><textarea name=\"body\" cols=\"70\" rows=\"15\" wrap=\"virtual\">".$aClean['sBody']."</textarea></td></tr>\n";
echo "<tr class=\"color1\"><td colspan=2 align=center>\n";
echo " <input type=\"submit\" value=\"Post Comment\" class=\"button\" />\n";
echo " <input type=\"reset\" value=\"Reset\" class=\"button\" />\n";
echo "</td></tr>\n";
echo "</table>\n";
echo html_frame_end();
echo "<input type=\"hidden\" name=\"iThread\" value=\"".$aClean['iThread']."\" />\n";
echo "<input type=\"hidden\" name=\"iAppId\" value=\"".$aClean['iAppId']."\" />\n";
echo "<input type=\"hidden\" name=\"iVersionId\" value=\"".$aClean['iVersionId']."\" />\n";
if (!empty($aClean['iThread']))
{
echo "<input type=\"hidden\" name=\"iOriginator\" value=\"$originator\" />\n";
}
echo "</form>";
}
apidb_footer();
?>
Reference in New Issue View Git Blame Copy Permalink