"._('Add a comment to')." \"" . htmlspecialchars($arr["name"]) . "\"\n"); print("

\n"); $res = do_mysql_query("SELECT comments.id, text_parsed, comments.editedat as editdat, UNIX_TIMESTAMP(comments.added) as utadded, UNIX_TIMESTAMP(editedat) as uteditedat, comments.added, username, users.id as user, users.class, users.avatar FROM comments LEFT JOIN users ON comments.user = users.id WHERE torrent = $torrentid ORDER BY comments.id DESC LIMIT 5"); $allrows = array(); while ($row = mysql_fetch_assoc($res)) $allrows[] = $row; if (count($allrows)) { print("

"._('Most recent comments, in reverse order')."

"); print("

"._('Tags')." | "._('Smilies')."

\n"); commenttable($allrows); } stdfoot(); die; } elseif ($action == "edit") { $commentid = (int) $_GET["cid"]; if (!is_valid_id($commentid)) stderr( _("Error"), _("Invalid ID")); $res = do_mysql_query("SELECT c.*, t.name FROM comments AS c LEFT JOIN torrents AS t ON c.torrent = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); if (!$arr) stderr( _("Error"), _("Invalid ID")); if ($arr["user"] != $CURUSER["id"] && get_user_class() < UC_MODERATOR) stderr( _("Error"), _("Permission denied.")); if ($_SERVER["REQUEST_METHOD"] == "POST") { $text = $_POST["text"]; $returnto = htmlspecialchars($_POST["returnto"]); if ($text == "") stderr( _("Error"), "Comment body cannot be empty!"); $text_parsed = format_comment($text); $text = mysql_escape_string($text); $text_parsed = mysql_escape_string($text_parsed); $update_comment_sql = sprintf("UPDATE comments SET text='%s', text_parsed='%s', editedat=NOW(), editedby=%u WHERE id=%u", $text, $text_parsed, $CURUSER['id'],$commentid); do_mysql_query($update_comment_sql) or sqlerr(__FILE__, __LINE__); if ($returnto) header("Location: ".$returnto); else header("Location: ".$GLOBALS['DEFAULTBASEURL']); // change later ---------------------- die; } stdhead("Edit comment to \"" . $arr["name"] . "\""); print("

Edit comment to \"" . htmlspecialchars($arr["name"]) . "\"

\n"); print("

\n"); stdfoot(); die; } elseif ($action == "delete") { if( get_user_class() < UC_MODERATOR) stderr( _("Error"), _("Permission denied.")); $commentid = (int) $_GET["cid"]; if (!is_valid_id($commentid)) stderr( _("Error"), _("Invalid ID")); $sure = (int) $_GET["sure"]; if (!$sure) { $referer = htmlspecialchars($_SERVER["HTTP_REFERER"]); stderr( _("Delete comment"), sprintf( _("You are about to delete a comment. Click %s here %s if you are sure."), "", "") ); } $res = do_mysql_query("SELECT torrent FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); if ($arr) $torrentid = $arr["torrent"]; do_mysql_query("DELETE FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__); if ($torrentid && mysql_affected_rows() > 0) do_mysql_query("UPDATE torrents SET comments = comments - 1 WHERE id = $torrentid"); $returnto = htmlspecialchars($_GET["returnto"]); if ($returnto) header("Location: $returnto"); else header("Location: ".$GLOBALS['DEFAULTBASEURL']); die; } elseif ($action == "vieworiginal") { if( get_user_class() < UC_MODERATOR) stderr( _("Error"), _("Permission denied.")); $commentid = (int) $_GET["cid"]; if (!is_valid_id($commentid)) stderr( _("Error"), _("Invalid ID") ); $res = do_mysql_query("SELECT c.*, t.name FROM comments AS c LEFT JOIN torrents AS t ON c.torrent = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); if (!$arr) stderr( _("Error"), _("Invalid ID.")); stdhead( _("Original comment") ); print("

". _('Original contents of comment')." #$commentid

\n"); print(""); print("
\n"); echo htmlspecialchars($arr["ori_text"]); print("
\n"); $returnto = htmlspecialchars($_SERVER["HTTP_REFERER"]); // $returnto = "details.php?id=$torrentid&viewcomm=$commentid#$commentid"; if ($returnto) print("

(". _('Back').")

\n"); stdfoot(); die; } else stderr( _("Error"), _("Unknown action")); die; ?>