<?php
// Present a single comment feed in raw html
// Used by script.php but can also be used directly
if (!isset($sid)) {
die('Missing sid');
}
require_once 'shared.php';
$site = GetSiteConstants($sid, false);
if (urlError) {
echo '<div class="commentError">' . urlError . '</div>';
return;
}
$session = GetSessionConstants();
// Read comments
$query = 'SELECT * FROM Comments
WHERE SiteID = ' . $sid . ' AND Page = \'' . mysql_real_escape_string($page) . '\'
AND VerifiedDate IS NOT NULL
ORDER BY CommentDate ASC';
$result = @mysql_query($query) or die(mysql_error());
//Style
echo '<style type="text/css">';
require 'comments.css';
echo '</style>';
//Feed icon
echo '<div class="commentFeed"><a href="' . service_url . '/inc/' . $sid . '/' . str_replace('+', '%20', urlencode($page)) . '.xml"><img src="' . service_url . '/feed.png" /></a></div>';
$count = mysql_num_rows($result);
if ($count === 0) {
echo '<p>No comments</p>';
} elseif ($count === 1) {
echo '<p>One comment</p>';
<?php
require_once "shared.php";
$session = GetSessionConstants() or die('No session');
$cid = intval($_GET['cid']);
$action = $_GET['action'];
//Get comment to do the action on
$res = @mysql_query('SELECT * FROM Comments WHERE CommentID=' . $cid) or die('<div class="commentError">' . mysql_error() . '</div>');
$c = mysql_fetch_assoc($res) or die('<div class="commentError">No comment with id ' . $cid . '</div>');
//DELETE
if ($action === 'delete') {
//Delete unverified comment as poster
$res = @mysql_query('DELETE FROM Comments
WHERE CommentID=' . $cid . '
AND CommentEmail=\'' . mysql_real_escape_string($session['Email']) . '\'
AND VerifiedIP IS NULL
') or die('<div class="commentError">' . mysql_error() . '</div>');
if (mysql_affected_rows() === 1) {
//no need to update since the comment was not verified before, hence not visible
header('Location: ' . service_url . '/dashboard/');
return;
}
//Delete as site admin
$res = mysql_query('
SELECT Sites.AdminEmail, Sites.SiteID
FROM Sites
JOIN Comments ON Comments.SiteID=Sites.SiteID
WHERE Comments.CommentID=' . $cid) or die('<div class="commentError">' . mysql_error() . '</div>');
$row = mysql_fetch_assoc($res) or die('<div class="commentError">No comment found.</div>');
if ($row['AdminEmail'] != $session['Email']) {
die('<div class="commentError">No comment found.</div>');
