function GetComments($fid, $prevcid = 0, $lvl = 0)
{
$query = "select cid, name, date from comments where fid=\"{$fid}\" and prevcid=\"{$prevcid}\";";
$res = MySqlQuery($query);
if (mysql_num_rows($res)) {
$str1 .= "<ul>";
while ($row = mysql_fetch_object($res)) {
$cid = $row->cid;
$str1 .= "<li><a href=\"./viewfile.php?fid={$fid}&commentid={$cid}\">{$row->name} - {$row->date}</a>";
$str1 .= GetComments($fid, $row->cid, $lvl + 1);
$str1 .= "</li>";
}
$str1 .= "</ul>";
}
return $str1;
}
$fdate = $res->date;
include_once "./tpl/header.tpl";
include "./tpl/file.tpl";
$pvevcid = 0;
if ($cid != 0) {
$query = "select prevcid, name, date, text from comments where cid=\"{$cid}\" and fid=\"{$fid}\"";
$res = MySqlRow($query);
if ($res) {
$cn = $res->name;
$cdate = $res->date;
$ctext = $res->text;
$prevcid = $res->prevcid;
if ($cname = "") {
$cname = "Гость";
}
include "./tpl/viewcomment.tpl";
}
}
include "./tpl/addcomment.tpl";
if ($prevcid) {
$prevlvllink = "./viewfile.php?fid={$fid}&commentid={$prevcid}";
} else {
$prevlvllink = "./viewfile.php?fid={$fid}";
}
$toplvllink = "./viewfile.php?fid={$fid}";
$comments = GetComments($fid, $cid);
include "./tpl/comments.tpl";
include_once "./php/footer.php";
// $comments = GetComments($fid)
}
}
print "</TR>\n";
$query = "SELECT num,title,time FROM blogs WHERE blognum='{$blognum}' ORDER BY time DESC";
$result = mysql_query($query);
if (!$result) {
echo mysql_error();
exit;
}
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
$n = $line['num'];
$title = $line['title'];
$t = $line['time'];
print "<TR>\n";
print "<TD><A HREF=blogs.php?action=show&blog={$blognum}&num={$n}>{$title}</A>\n";
$tstr = GetTimeFromDateTime($t);
print "<TD>{$tstr}\n";
$c = GetComments($n);
print "<TD>{$c}\n";
print "</TR>\n";
}
print "</TABLE>\n";
print "<TD bgcolor=#B0A0FF>\n";
/* blog description */
DisplayContents($description);
PrintLinks($blognum);
print "<TR><TD colspan=2>\n";
/* email inform list */
print "<BR><P dir=RTL>\n";
print "<FORM action=blogmail.php?action=add&blog={$blognum} method=post>\n";
print "<TABLE border=0>\n";
print "<TR><TD colspan=2>\n";
print "<H2>קבל עדכון במייל כאשר הבלוג מתעדכן</H2>\n";
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$comment_text = mysqli_real_escape_string($DBConn, $_REQUEST['comment_text']);
if ($_REQUEST['Type'] == "s") {
$q = "INSERT INTO comment (Parent_ID, User_Name, Story_AID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $_REQUEST['Story_AID'] . ", '" . $comment_text . "' )";
auditit($_REQUEST['PID'], $_REQUEST['Story_AID'], $_SESSION['Email'], 'Added Comment', '', $_REQUEST['comment_text']);
} else {
if ($_REQUEST['Story_AID'] == 0) {
$icoid = NextIterationCommentObject();
// so get the next comment object id
$q = 'Update Iteration set Comment_Object_ID=' . $icoid . ' where ID=' . $_REQUEST['Iteration_ID'];
// and set it
$row = mysqli_query($DBConn, $q);
} else {
$icoid = $_REQUEST['Story_AID'];
}
$q = "INSERT INTO comment (Parent_ID, User_Name, Comment_Object_ID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $icoid . ", '" . $comment_text . "' )";
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Added Iteration Comment', '', $_REQUEST['comment_text']);
}
$row = mysqli_query($DBConn, $q);
$id = mysqli_insert_id($DBConn);
if (mysqli_affected_rows($DBConn) == 1) {
$r = mysqli_query($DBConn, 'select * from comment where ID =' . $id);
$row = mysqli_fetch_assoc($r);
GetComments($row, $_REQUEST['replyid'], $_REQUEST['Type']);
} else {
echo $q;
echo "Comment cannot be posted. Please try again.";
}
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-type: application/json");
header("access-control-allow-origin: *");
$method = $_SERVER['REQUEST_METHOD'];
//// REST Decoder
// evaluate method
switch ($method) {
case 'PUT':
UpdateComments();
break;
case 'POST':
SaveComments();
break;
case 'GET':
GetComments();
break;
case 'HEAD':
echo "HEAD";
break;
case 'DELETE':
DeleteComments();
break;
case 'OPTIONS':
echo "OPTIONS";
break;
default:
echo "{$method}";
break;
}
//// DB
