$del_1 = $db->exec("DELETE FROM " . OSDB_COMMENTS . " WHERE id = '" . (int) $id . "' AND post_id = '" . (int) $pid . "' LIMIT 1");
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_COMMENTS . " WHERE post_id=:post_id LIMIT 1");
$sth->bindValue(':post_id', (int) $pid, PDO::PARAM_INT);
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$TotalComments = $r[0];
$update = $db->exec("UPDATE " . OSDB_NEWS . " SET comments = '" . (int) $TotalComments . "' WHERE news_id = '" . (int) $pid . "' ");
header('location: ' . OS_HOME . '?post_id=' . $pid . '#comments');
die;
}
if (isset($_POST["add_comment"]) and os_is_logged() and isset($_GET["post_id"]) and is_numeric($_GET["post_id"]) and isset($_SESSION["code"]) and isset($_POST["code"]) and isset($_POST["pid"])) {
require_once OS_PLUGINS_DIR . 'index.php';
os_init();
$id = safeEscape((int) $_GET["post_id"]);
$text = OS_StrToUTF8($_POST["post_comment"]);
$text = PrepareTextDB($text);
//$text = EscapeStr( ($text) );
//$text = (($text));
$errors = "";
//Check if comments is allowed for this post
$sth = $db->prepare("SELECT * FROM " . OSDB_NEWS . " WHERE news_id=:news_id AND allow_comments = 1");
$sth->bindValue(':news_id', (int) $id, PDO::PARAM_INT);
$result = $sth->execute();
if ($sth->rowCount() <= 0) {
$errors .= "<div>" . $lang["error_comment_not_allowed"] . "</div>";
}
if ($_SESSION["code"] != $_POST["code"]) {
$errors .= "<div>" . $lang["error_invalid_form"] . "</div>";
}
if ($_POST["pid"] != $id) {
$errors .= "<div>" . $lang["error_invalid_form"] . "</div>";
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$errors = "";
?>
<div align="center">
<h2>Ban Appeals</h2>
<?php
if (isset($_POST["answer"]) and strlen($_POST["answer"]) >= 2) {
$answer = OS_StrToUTF8($_POST['answer']);
$answer = PrepareTextDB(strip_tags($answer));
$t = safeEscape($_GET["t"]);
$player = safeEscape($_GET["edit"]);
$sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET resolved_text = '" . $answer . "', resolved = '" . $_SESSION["username"] . "' WHERE LOWER(player_name) = LOWER('" . $player . "') AND added = '" . $t . "' LIMIT 1");
$result = $sth->execute();
if (isset($_POST["email"]) and $_POST["email"] == 1) {
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE LOWER(bnet_username) = LOWER('" . $player . "') LIMIT 1");
$result = $sth->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
if (isset($_SESSION["adm_email_send"]) and $_SESSION["adm_email_send"] == $row["user_email"]) {
$dontSend = 1;
}
//send only one email (when edit)
if (!empty($row["user_email"]) and !isset($dontSend)) {
$message = "You have just received a message from " . $_SESSION["username"] . "<br />";
$message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />";
$message .= convEnt($answer);
//eDIT
if (isset($_GET["edit"]) and is_numeric($_GET["edit"])) {
$name = "";
$server = "";
if (isset($_GET["edit"]) and is_numeric($_GET["edit"])) {
$id = safeEscape((int) $_GET["edit"]);
}
//UPDATE
if (isset($_POST["edit_comment"])) {
/*
$text = my_nl2br( trim($_POST["comment"]) );
$text = nl2br($text);
$text = EscapeStr( ($text) );
$text = (($text));
*/
$text = PrepareTextDB($_POST["comment"]);
if (strlen($text) <= 2) {
$errors .= "<div>Field Text does not have enough characters</div>";
}
$time = date("Y-m-d H:i:s", time());
$d = EscapeStr($_POST["_d"]);
$m = EscapeStr($_POST["_m"]);
$Y = EscapeStr($_POST["_Y"]);
$H = EscapeStr($_POST["_H"]);
$i = EscapeStr($_POST["_i"]);
$DateErr = 0;
$PostTime = strtotime($Y . "-" . $m . "-" . $d . " " . $H . ":" . $i . ":00");
$sqlPostDate = ", date = '" . $PostTime . "' ";
if ($d <= 0 or $d >= 32) {
$sqlPostDate = '';
}
