PageRenderTime 85ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/comment.php

https://github.com/Bigjoos/U-232-V1
PHP | 300 lines | 197 code | 74 blank | 29 comment | 57 complexity | 9a0dc9b0e4a6f62dcb1b8d281070bb94 MD5 | raw file
    

  1. <?php

    2. 

  2. /**

    3. 

  3.  *   http://btdev.net:1337/svn/test/Installer09_Beta

    4. 

  4.  *   Licence Info: GPL

    5. 

  5.  *   Copyright (C) 2010 BTDev Installer v.1

    6. 

  6.  *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.

    7. 

  7.  *   Project Leaders: Mindless,putyn.

    8. 

  8.  **/

    9. 

  9. require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'include'.DIRECTORY_SEPARATOR.'bittorrent.php');

    10. 

  10. require_once(INCL_DIR.'user_functions.php');

    11. 

  11. require_once(INCL_DIR.'bbcode_functions.php');

    12. 

  12. require_once(INCL_DIR.'torrenttable_functions.php');

    13. 

  13. dbconn(false);

    14. 

  14. 

    15. 

  15. loggedinorreturn();

    16. 

  16. 

    17. 

  17. $lang = array_merge( load_language('global'), load_language('comment') );

    18. 

  18. 

    19. 

  19. if ($CURUSER['suspended'] == 'yes')

    20. 

  20. stderr("Sorry", "Your account is suspended");

    21. 

  21. 

    22. 

  22. flood_limit('comments');

    23. 

  23. 

    24. 

  24. $action = (isset($_GET['action']) ? $_GET['action'] : 0);

    25. 

  25. 

    26. 

  26. /** comment stuffs by pdq **/

    27. 

  27. $locale = 'torrent';

    28. 

  28. $locale_link = 'details';

    29. 

  29. $extra_link = '';

    30. 

  30. $sql_1 = 'name, owner, anonymous FROM torrents';// , anonymous

    31. 

  31. $name = 'name';

    32. 

  32. $table_type = $locale.'s';

    33. 

  33. 

    34. 

  34. $_GET['type'] = (isset($_GET['type']) ? $_GET['type'] : (isset($_POST['locale']) ? $_POST['locale'] : ''));

    35. 

  35. 

    36. 

  36. if (isset($_GET['type'])) {

    37. 

  37.     $type_options = array('torrent' => 'details', 

    38. 

  38.                           'request' => 'viewrequests', 

    39. 

  39.                           //'user'    => 'userdetails'

    40. 

  40.                           );

    41. 

  41.                        

    42. 

  42.     if (isset($type_options[$_GET['type']])) {

    43. 

  43.         $locale_link = $type_options[$_GET['type']];

    44. 

  44.         $locale = $_GET['type'];

    45. 

  45.     }

    46. 

  46.     switch ($_GET['type']) { 

    47. 

  47.         	case 'request':

    48. 

  48.             $sql_1 = 'request FROM requests';

    49. 

  49.             $name = 'request';

    50. 

  50.             $extra_link = '&req_details';

    51. 

  51.             $table_type = $locale.'s';

    52. 

  52.         	break;

    53. 

  53.         

    54. 

  54. //	        case 'user':

    55. 

  55. //          $sql_1 = 'username FROM users';

    56. 

  56. //          $name = 'username';

    57. 

  57. //          $table_type = $locale.'s';

    58. 

  58. //        	break;

    59. 

  59.             

    60. 

  60.             default :

    61. 

  61.            	//case 'torrent':

    62. 

  62.             $sql_1 = 'name, owner, anonymous FROM torrents';// , anonymous

    63. 

  63.             $name = 'name';

    64. 

  64.             $table_type = $locale.'s';

    65. 

  65.         	break;

    66. 

  66.         }

    67. 

  67. }

    68. 

  68. /** end comment stuffs by pdq **/

    69. 

  69. //$get_hash  = isset($_POST['hash']) ? $_POST['hash'] : (isset($_GET['hash']) ? $_GET['hash'] : '');

    70. 

  70. 

    71. 

  71. if ($action == 'add') {

    72. 

  72.         

    73. 

  73.     if ($_SERVER['REQUEST_METHOD'] == 'POST') {

    74. 

  74.         

    75. 

  75.         $id = (isset($_POST['tid']) ? $_POST['tid'] : 0);

    76. 

  76.             

    77. 

  77.         if (!is_valid_id($id))

    78. 

  78.             stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}");

    79. 

  79.             

    80. 

  80.         //$res_hash = md5($TBDEV['salt1'].$CURUSER['id']);

    81. 

  81.         //if ($get_hash != $res_hash)

    82. 

  82.         //    die('Something went wrong. Please re-submit');

    83. 

  83.        

    84. 

  84.         $res = mysql_query("SELECT $sql_1 WHERE id = $id") or sqlerr(__FILE__,__LINE__);

    85. 

  85.   

    86. 

  86.         $arr = mysql_fetch_array($res, MYSQL_NUM);

    87. 

  87.         if (!$arr)

    88. 

  88.             stderr("{$lang['comment_error']}", "No $locale with that ID.");

    89. 

  89.               

    90. 

  90.         $text = (isset($_POST['text']) ? trim($_POST['text']) : '');

    91. 

  91.           

    92. 

  92.         if (!$text)

    93. 

  93.             stderr("{$lang['comment_error']}", "{$lang['comment_body']}");

    94. 

  94.     

    95. 

  95.         $owner = (isset($arr['owner']) ? $arr['owner'] : 0);

    96. 

  96.         $arr['anonymous'] = (isset($arr['anonymous']) && $arr['anonymous'] == 'yes' ? 'yes' : 'no');

    97. 

  97.     

    98. 

  98.         if ($CURUSER['id'] == $owner && $arr['anonymous'] == 'yes' || (isset($_POST['anonymous']) && $_POST['anonymous'] == 'yes'))

    99. 

  99.             $anon = "'yes'";

    100. 

  100.         else

    101. 

  101.             $anon = "'no'";

    102. 

  102.         

    103. 

  103.         mysql_query("INSERT INTO comments (user, $locale, added, text, ori_text, anonymous) VALUES (".$CURUSER["id"].",$id, ".time().", " . sqlesc($text) .

    104. 

  104.         "," . sqlesc($text) . ", $anon)");

    105. 

  105.     

    106. 

  106.         $newid = mysql_insert_id();

    107. 

  107.     

    108. 

  108.         mysql_query("UPDATE $table_type SET comments = comments + 1 WHERE id = $id") or sqlerr(__FILE__, __LINE__);

    109. 

  109.         $mc1->delete_value('torrent_comments_'.$id);

    110. 

  110.         //if ($locale == 'torrent')

    111. 

  111.         //    mysql_query("UPDATE users SET tcomments = tcomments + 1 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);

    112. 

  112.     

    113. 

  113.         if ($TBDEV['karma'] && isset($CURUSER['seedbonus']))

    114. 

  114.             mysql_query("UPDATE users SET seedbonus = seedbonus+3.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);

    115. 

  115.             

    116. 

  116.         //$Cache->delete_value('MyUser_'.$_COOKIE['session_key']);

    117. 

  117.     

    118. 

  118.     	  header("Refresh: 0; url=$locale_link.php?id=$id$extra_link&viewcomm=$newid#comm$newid");

    119. 

  119.     	  die;

    120. 

  120.     }

    121. 

  121. 

    122. 

  122.     $id = (isset($_GET['tid']) ? $_GET['tid'] : 0);

    123. 

  123.     if (!is_valid_id($id))

    124. 

  124.         stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}");

    125. 

  125. 

    126. 

  126.     $res = mysql_query("SELECT $sql_1 WHERE id = $id") or sqlerr(__FILE__,__LINE__);

    127. 

  127.       

    128. 

  128.     $arr = mysql_fetch_assoc($res);

    129. 

  129.     

    130. 

  130.     if (!$arr)

    131. 

  131.         stderr("{$lang['comment_error']}", "No $locale with that ID.");

    132. 

  132.       

    133. 

  133.       $HTMLOUT = '';

    134. 

  134. 

    135. 

  135.       $HTMLOUT .= "<h1>{$lang['comment_add']}'".htmlspecialchars($arr[$name])."'</h1>

    136. 

  136.       <br /><form method='post' action='comment.php?action=add'>

    137. 

  137.       <input type='hidden' name='tid' value='{$id}'/>

    138. 

  138.       <input type='hidden' name='locale' value='$name' />";

    139. 

  139.       

    140. 

  140.       if($TBDEV['textbbcode'] && function_exists('textbbcode'))

    141. 

  141.           $HTMLOUT .= textbbcode("add", "text", "");

    142. 

  142.       else

    143. 

  143.           $HTMLOUT .= "<textarea name='text' rows='10' cols='60'></textarea>";

    144. 

  144.           

    145. 

  145.       $HTMLOUT .= "<br />

    146. 

  146.       <label for='anonymous'>Tick this to post anonymously</label>

    147. 

  147.       <input id='anonymous' type='checkbox' name='anonymous' value='yes' />

    148. 

  148.       <br /><input type='submit' class='btn' value='{$lang['comment_doit']}' /></form>";

    149. 

  149. 

    150. 

  150.       $res = mysql_query("SELECT comments.id, text, comments.added, comments.$locale, comments.anonymous, comments.editedby, comments.editedat, username, users.id as user, users.title, users.avatar, users.offavatar, users.av_w, users.av_h, users.class, users.reputation, users.donor, users.warned FROM comments LEFT JOIN users ON comments.user = users.id WHERE $locale = $id ORDER BY comments.id DESC LIMIT 5");

    151. 

  151.       

    152. 

  152.       $allrows = array();

    153. 

  153.       while ($row = mysql_fetch_assoc($res))

    154. 

  154.         $allrows[] = $row;

    155. 

  155. 

    156. 

  156.       if (count($allrows)) {

    157. 

  157.               require_once(INCL_DIR.'html_functions.php');

    158. 

  158.               require_once(INCL_DIR.'bbcode_functions.php');

    159. 

  159.               require_once(INCL_DIR.'torrenttable_functions.php');

    160. 

  160.           $HTMLOUT .= "<h2>{$lang['comment_recent']}</h2>\n";

    161. 

  161.           $HTMLOUT .= commenttable($allrows, $locale);

    162. 

  162.         }

    163. 

  163. 

    164. 

  164.       print stdhead("{$lang['comment_add']}'".$arr[$name]."'").$HTMLOUT.stdfoot();

    165. 

  165.       die;

    166. 

  166. }

    167. 

  167. elseif ($action == "edit") {

    168. 

  168.     

    169. 

  169.      $commentid = (isset($_GET['cid']) ? $_GET['cid'] : 0);

    170. 

  170.      

    171. 

  171.       if (!is_valid_id($commentid))

    172. 

  172.           stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}");

    173. 

  173. 

    174. 

  174.      $res = mysql_query("SELECT c.*, t.$name, t.id as tid FROM comments AS c LEFT JOIN $table_type AS t ON c.$locale = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__);

    175. 

  175. 

    176. 

  176.       $arr = mysql_fetch_assoc($res);

    177. 

  177.       

    178. 

  178.       if (!$arr)

    179. 

  179.         stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}.");

    180. 

  180. 

    181. 

  181.       if ($arr["user"] != $CURUSER["id"] && $CURUSER['class'] < UC_MODERATOR)

    182. 

  182.         stderr("{$lang['comment_error']}", "{$lang['comment_denied']}");

    183. 

  183. 

    184. 

  184.       if ($_SERVER['REQUEST_METHOD'] == 'POST') {

    185. 

  185.           $text = (isset($_POST['text']) ? $_POST['text'] : '');

    186. 

  186.     

    187. 

  187.           if ($text == '')

    188. 

  188.               stderr("{$lang['comment_error']}", "{$lang['comment_body']}");

    189. 

  189. 

    190. 

  190.       $text = sqlesc($text);

    191. 

  191. 

    192. 

  192.       $editedat = time();

    193. 

  193. 

    194. 

  194.           if (isset($_POST['lasteditedby']) || $CURUSER['class'] < UC_MODERATOR)

    195. 

  195.             mysql_query("UPDATE comments SET text=$text, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);

    196. 

  196.         else

    197. 

  197.             mysql_query("UPDATE comments SET text=$text, editedat=$editedat, editedby=0 WHERE id=$commentid") or sqlerr(__FILE__, __LINE__); 

    198. 

  198.             $mc1->delete_value('torrent_comments_'.$commentid); 

    199. 

  199.           

    200. 

  200.   //$Cache->delete_value('comment_id'.$commentid);	

    201. 

  201. 

    202. 

  202.       header("Refresh: 0; url=$locale_link.php?id=$arr[tid]$extra_link&viewcomm=$commentid#comm$commentid");

    203. 

  203. 		die;

    204. 

  204.       }

    205. 

  205. 

    206. 

  206.       $HTMLOUT = '';

    207. 

  207.       $HTMLOUT .= "<h1>{$lang['comment_edit']}'".htmlspecialchars($arr[$name])."'</h1>

    208. 

  208.       <form method='post' action='comment.php?action=edit&amp;cid=$commentid'>

    209. 

  209.       <input type='hidden' name='locale' value='$name' />

    210. 

  210.        <input type='hidden' name='tid' value='$arr[tid]' />

    211. 

  211.       <input type='hidden' name='cid' value='$commentid' />";

    212. 

  212.       

    213. 

  213.        if($TBDEV['textbbcode'] && function_exists('textbbcode'))

    214. 

  214.           $HTMLOUT .= textbbcode("edit", "text", $arr["text"]);

    215. 

  215.       else

    216. 

  216.           $HTMLOUT .= "<textarea name='text' rows='10' cols='60'>".$arr["text"]."</textarea>";

    217. 

  217. 

    218. 

  218.       $HTMLOUT .= '

    219. 

  219.       <br />'.($CURUSER['class'] >= UC_MODERATOR ? '<input type="checkbox" value="lasteditedby" checked="checked" name="lasteditedby" id="lasteditedby" /> Show Last Edited By<br /><br />' : '').

    220. 

  220.       ' <input type="submit" class="btn" value="'.$lang['comment_doit'].'" /></form>';

    221. 

  221. 

    222. 

  222.       print stdhead("{$lang['comment_edit']}'".$arr[$name]."'").$HTMLOUT.stdfoot();

    223. 

  223.       die;

    224. 

  224.     }

    225. 

  225.     elseif ($action == "delete") {

    226. 

  226.       if ($CURUSER['class'] < UC_MODERATOR)

    227. 

  227.         stderr("{$lang['comment_error']}", "{$lang['comment_denied']}");

    228. 

  228. 

    229. 

  229.        $commentid = (isset($_GET['cid']) ? $_GET['cid'] : 0);

    230. 

  230.        $tid = (isset($_GET['tid']) ? $_GET['tid'] : 0);

    231. 

  231.       if (!is_valid_id($commentid))

    232. 

  232.           stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}");

    233. 

  233. 

    234. 

  234.       $sure = isset($_GET["sure"]) ? (int)$_GET["sure"] : false;

    235. 

  235. 

    236. 

  236.       if (!$sure) {

    237. 

  237.         //$referer = $_SERVER["HTTP_REFERER"];

    238. 

  238.         stderr("{$lang['comment_delete']}", "{$lang['comment_about_delete']}\n" .

    239. 

  239.           "<a href='comment.php?action=delete&amp;cid=$commentid&amp;tid=$tid&amp;sure=1" .

    240. 

  240.           ($locale == 'request' ? '&amp;type=request' : '')."'>

    241. 

  241.           here</a> {$lang['comment_delete_sure']}");

    242. 

  242.       }

    243. 

  243. 

    244. 

  244. 

    245. 

  245.       $res = mysql_query("SELECT $locale FROM comments WHERE id=$commentid")  or sqlerr(__FILE__,__LINE__);

    246. 

  246. 	  $arr = mysql_fetch_assoc($res);

    247. 

  247.     

    248. 

  248.       $id = 0;

    249. 

  249. 	  if ($arr)

    250. 

  250. 		  $id = $arr[$locale];

    251. 

  251. 

    252. 

  252.       mysql_query("DELETE FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);

    253. 

  253. 	  if ($id && mysql_affected_rows() > 0)

    254. 

  254. 		  mysql_query("UPDATE $table_type SET comments = comments - 1 WHERE id = $id");

    255. 

  255. 	    $mc1->delete_value('torrent_comments_'.$id);

    256. 

  256.     //$Cache->delete_value('comment_id'.$commentid);	

    257. 

  257.     //if ($locale == 'torrent')

    258. 

  258.     //     mysql_query("UPDATE users SET tcomments = tcomments - 1 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);

    259. 

  259. 

    260. 

  260.     if ($TBDEV['karma'] && isset($CURUSER['seedbonus']))

    261. 

  261.         mysql_query("UPDATE users SET seedbonus = seedbonus+3.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);

    262. 

  262. 

    263. 

  263.     //$Cache->delete_value('MyUser_'.$_COOKIE['session_key']);

    264. 

  264.     header("Refresh: 0; url=$locale_link.php?id=$tid$extra_link");

    265. 

  265.     die;

    266. 

  266.     }

    267. 

  267.     elseif ($action == "vieworiginal") {

    268. 

  268.       if ($CURUSER['class'] < UC_MODERATOR)

    269. 

  269.           stderr("{$lang['comment_error']}", "{$lang['comment_denied']}");

    270. 

  270. 

    271. 

  271.       $commentid = (isset($_GET['cid']) ? $_GET['cid'] : 0);

    272. 

  272. 

    273. 

  273.       if (!is_valid_id($commentid))

    274. 

  274.           stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}");

    275. 

  275. 

    276. 

  276.       $res = mysql_query("SELECT c.*, t.$name FROM comments AS c LEFT JOIN $table_type AS t ON c.$locale = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__);

    277. 

  277.       $arr = mysql_fetch_assoc($res);

    278. 

  278. 

    279. 

  279.       if (!$arr)

    280. 

  280.         stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']} $commentid.");

    281. 

  281. 

    282. 

  282.       $HTMLOUT = '';

    283. 

  283.       $HTMLOUT .= "<h1>{$lang['comment_original_content']}#$commentid</h1><p>

    284. 

  284.       <table width='500' border='1' cellspacing='0' cellpadding='5'>

    285. 

  285.       <tr><td class='comment'>

    286. 

  286.       ".htmlspecialchars($arr["ori_text"])."

    287. 

  287.       </td></tr></table>";

    288. 

  288. 

    289. 

  289. $returnto = (isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 0);

    290. 

  290. 

    291. 

  291. 	if ($returnto)

    292. 

  292.  		$HTMLOUT .= "<p>(<a href='$returnto'>back</a>)</p>\n";

    293. 

  293.         

    294. 

  294.   print stdhead("{$lang['comment_original']}").$HTMLOUT.stdfoot();

    295. 

  295.   die;

    296. 

  296. }

    297. 

  297. else

    298. 

  298.       stderr("{$lang['comment_error']}", "{$lang['comment_unknown']}");

    299. 

  299. die;

    300. 

  300. ?>
    301.