function insert_response()
{
$id = insert_comment($userId, $request['response'], $request['unit']);
$query = "INSERT INTO CommentAnswers(id,answerTo) VALUES(?,?)";
/* Prepared statement, stage 1: prepare */
if (!($stmt = $mysqli->prepare($query))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
/* Prepared statement, stage 2: bind and execute */
if (!$stmt->bind_param("ii", $id, $request['responseTo'])) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
return;
}
break;
case 'sneak':
$tab_option = 5;
break;
case 'favorites':
$tab_option = 6;
break;
case 'trackbacks':
$tab_option = 7;
break;
default:
not_found();
}
// When we insert a comment we also modify $link
if ($_POST['process'] == 'newcomment') {
$new_comment_error = insert_comment();
}
// Set globals
$globals['link'] =& $link;
$globals['link_id'] = $link->id;
$globals['category_id'] = $link->category;
$globals['category_name'] = $link->category_name;
$globals['link_permalink'] = $globals['link']->get_permalink();
// to avoid search engines penalisation
if ($tab_option != 1 || $link->status == 'discard') {
$globals['noindex'] = true;
}
do_modified_headers($link->modified, $current_user->user_id . '-' . $globals['link_id'] . '-' . $link->comments . '-' . $link->modified);
// Enable user AdSense
// do_user_ad: 0 = noad, > 0: probability n/100
if ($link->status == 'published' && $link->user_karma > 7 && !empty($link->user_adcode)) {
<?php
session_start();
require_once "new_connection.php";
if (isset($_POST['action']) && $_POST['action'] == 'messaging') {
insert_message($_POST);
}
if (isset($_POST['action']) && $_POST['action'] == 'comments') {
insert_comment($_POST);
}
function insert_message($post)
{
// Making sure that the message is not blank, not gonna allow people to post blank messages. That would be annoying.
if (trim($post['message']) == "") {
$_SESSION['blank'] = "Your message cannot be blank!";
header('Location: wall.php');
exit;
}
if (!trim($post['message']) == "") {
$query = "INSERT INTO messages (user_id, message, created_at, updated_at) VALUES ('{$_SESSION['user_id']}', '{$post['message']}', NOW(), NOW())";
run_mysql_query($query);
header('Location: wall.php');
exit;
}
}
function insert_comment($post)
{
// Making sure that comment is not empty, don't want any empty comments clogging up my database
if (empty($post['comment'])) {
$_SESSION['blank'] = "Your comment cannot be blank!";
header('Location: wall.php');
header("Location: {$my_pligg_base}/error_404.php");
die;
}
// Hide private group stories
if ($link->link_group_id) {
$privacy = $db->get_var("SELECT group_privacy FROM " . table_groups . " WHERE group_id = {$link->link_group_id}");
if ($privacy == 'private' && !isMember($link->link_group_id)) {
die('Access denied');
}
}
if (isset($_POST['process']) && sanitize($_POST['process'], 3) != '') {
if (sanitize($_POST['process'], 3) == 'newcomment') {
check_referrer();
$vars = array('user_id' => $link->author, 'link_id' => $link->id);
check_actions('comment_subscription', $vars);
insert_comment();
}
}
require_once mnminclude . 'check_behind_proxy.php';
// Set globals
$globals['link_id'] = $link->id;
$globals['category_id'] = $link->category;
$globals['category_name'] = $link->category_name();
$globals['category_url'] = $link->category_safe_name();
$vars = '';
check_actions('story_top', $vars);
$main_smarty->assign('link_submitter', $link->username());
// setup breadcrumbs and page title
$main_smarty->assign('posttitle', $link->title);
$navwhere['text1'] = $globals['category_name'];
$navwhere['link1'] = getmyurl('maincategory', $globals['category_url']);
<?php
$app->get('/comments/unit/:id', function ($id) {
include_once 'libs/comment.php';
echo json_encode(fetch_comments_unit($id));
});
$app->post('/comments/unit/', function ($id) {
include_once 'libs/comment.php';
$request = get_request_json();
echo json_encode(insert_comment($userId, $request['comment'], $request['unit']));
});
$app->put('/comments/unit/', function ($id) {
include_once 'libs/comment.php';
$request = get_request_json();
echo json_encode(update_comment($userId, $request['comment'], $request['unit']));
});
$app->post('/comments/unit/response', function ($id) {
include_once 'libs/comment.php';
$request = get_request_json();
echo json_encode(insert_response($userId, $request['comment'], $request['unit']));
});
$app->post('/comments/rate', function ($id) {
include_once 'libs/comment.php';
$request = get_request_json();
echo json_encode(rate_comment($userId, $request['comment'], $request['unit']));
});
/**
* validate_comment
*
*
*
*
*
*
*/
function validate_comment($config_comments, $article)
{
if (!session_id()) {
session_start();
}
if (!isset($_POST)) {
return false;
}
if (!isset($_SESSION['comment_data'])) {
return false;
}
$form_data = array();
// recreate token values
$salt = $_SESSION['comment_data']['salt'];
$now = date('Ymdh');
$token_name = md5($article['id'] . $now . $salt);
$token_value = md5($salt . $now . $article['id']);
// check comment posted
if (isset($_SESSION['comment_posted']) && $_SESSION['comment_posted'] > time()) {
$delay = $_SESSION['comment_posted'] - time();
$form_data['error'][] = "You need to wait " . $delay . " seconds before posting another comment";
}
// check session/POST token
if (isset($_SESSION['comment_data'][$token_name])) {
if ($_SESSION['comment_data'][$token_name] != $token_value) {
$form_data['error'][] = "<!--session value not set correctly-->";
}
if (isset($_POST[$token_name])) {
if ($_POST[$token_name] != $_SESSION['comment_data'][$token_name]) {
$form_data['error'][] = "<!--post token does not match session-->";
}
} else {
$form_data['error'][] = "<!--post token not set-->";
}
unset($_SESSION['comment_data'][$token_name]);
// one hour's grace
} else {
$prev_now = date('Ymdh', strtotime('1 hour ago'));
$prev_name = md5($article_id . $prev_now . $salt);
$prev_value = md5($salt . $prev_now . $article_id);
if (isset($_SESSION['comment_data'][$prev_name])) {
if ($_SESSION['comment_data'][$prev_name] != $prev_value) {
$form_data['error'][] = "<!--prev session value not set correctly-->";
}
if (isset($_POST[$token_name])) {
if ($_POST[$token_name] != $_SESSION['comment_data'][$token_name]) {
$form_data['error'][] = "<!--post token does not match prev session-->";
}
} else {
$form_data['error'][] = "<!--prev post token not set-->";
}
} else {
$form_data['error'][] = "<!--session not correctly set-->";
}
unset($_SESSION['comment_data'][$prev_name]);
}
// check maths answer
if (isset($_SESSION['comment_data']['comment_answer'])) {
if (!empty($_POST['comment_answer'])) {
if ($_POST['comment_answer'] != $_SESSION['comment_data']['comment_answer']) {
$form_data['error'][] = "Security answer was incorrect";
}
} else {
$form_data['error'][] = "Security answer not given";
}
}
// standard validation
// moderate
$form_data['approved'] = empty($config_comments['moderate']) ? 1 : 0;
// poster_name - required/URLs not allowed
if (!empty($_POST['poster_name'])) {
$poster_name = clean_input($_POST['poster_name']);
if (stripos($poster_name, '://') !== false) {
$poster_name = '';
}
if (empty($poster_name)) {
$form_data['error'][] = "Invalid name entered";
}
} else {
$poster_name = 'No-one of consequence';
}
$form_data['poster_name'] = $poster_name;
// poster_link - valid web address/strip html
$form_data['poster_link'] = !empty($_POST['poster_link']) ? clean_input($_POST['poster_link']) : '';
// poster_email - must be email address
if (!empty($_POST['poster_email'])) {
$poster_email = clean_input($_POST['poster_email']);
if (validate_email($poster_email) == false) {
$form_data['error'][] = "Please enter a valid email address";
} else {
$form_data['poster_email'] = $poster_email;
}
} else {
$form_data['poster_email'] = '';
}
// comment title - optional
if (!empty($_POST['comment_title'])) {
$form_data['comment_title'] = clean_input($_POST['comment_title']);
if (stripos($form_data['comment_title'], $disallowed) !== false) {
$form_data['comment_title'] = '';
}
} else {
$form_data['comment_title'] = '';
}
// comment body - required / strip html?
$allow_html = $config_comments['allow_html'];
if (!empty($_POST['comment_body'])) {
$form_data['body'] = clean_input($_POST['comment_body'], $allow_html);
if (empty($form_data['body'])) {
$form_data['error'][] = "HTML code is not allowed - as a result your comment has been deleted";
}
} else {
$form_data['error'][] = "No comment entered";
}
// article_id - required
$form_data['article_id'] = $article['id'];
// reply id - optional / integer
$form_data['reply_id'] = !empty($_POST['reply_id']) ? (int) $_POST['reply_id'] : 0;
// others
$form_data['poster_IP'] = $_SERVER['REMOTE_ADDR'];
$form_data['date_uploaded'] = date('Y-m-d H:i:s');
$form_data['author_id'] = isset($_SESSION['ad_user_id']) ? (int) $_SESSION['ad_user_id'] : 0;
// data for comment approval email
if (empty($form_data['approved'])) {
$form_data['article_title'] = $article['title'];
$form_data['author_email'] = $article['author_email'];
$form_data['author_name'] = $article['author_name'];
}
// clear comment session
unset($_SESSION['comment_data']);
if (!empty($form_data['error'])) {
return $form_data['error'];
} else {
insert_comment($form_data);
return false;
}
}
<?php
/* AFFICHAGE D'UN EVENEMENT */
/**** Préparation des contenus ****/
// Appels au modèle
// Appels au modèle
require MODELES . 'events/getEventDetails.php';
require MODELES . 'events/insert_comment.php';
require MODELES . 'events/checkParticipation.php';
require MODELES . 'events/getMembersPicture.php';
require MODELES . 'events/getEventPicture.php';
$_GET['id'] = htmlspecialchars($_GET['id']);
if (!empty($_POST) && !empty($_POST['comment'])) {
$_POST['comment'] = htmlspecialchars($_POST['comment']);
insert_comment($_POST['comment'], $_GET['id'], $_SESSION['id']);
header("Location: " . getLink(['events', 'display', $_GET['id']]));
}
// Chargement des paramètres de la page
$event = getEvents($_GET['id']);
$contents['titreEvenement'] = $event['titre'];
$title = $event['titre'];
$styles = ['events.css', 'form.css', 'simple-slideshow.css'];
$scripts = ['alert.js', 'simple-slideshow.js', 'participate.js'];
$blocks = ['display'];
// Affectation des valeurs spécifiques à l'event :
// @ Guillaume & Aude : si l'event n'est pas trouvé, il faut rediriger vers getLink(['accueil','404'])
$type = eventType($_GET['id']);
$contents['type'] = $type[0];
$photo_principale = getEventPicture($_GET['id']);
if ($photo_principale) {
$contents['photo_principale'] = PHOTO_EVENT . $photo_principale[0];
<?php
include 'functions.php';
session_start();
check_valid_user();
$post_id = $_POST['post_id'];
$title = $_POST['title'];
$content = $_POST['content'];
//do_html_header('Post comment');
$result = insert_comment($post_id, $title, $content);
if ($result) {
header('Content-Type: text/xml');
/* echo "<?xml version=\"1.0\" ?>
<comment>
<post_id>".$post_id."</post_id>
<title>".$title."</title>
<content>".$content."</content>
</comment>";
*/
echo $title . "," . $content;
} else {
echo "Fail to post your comment.";
}
//do_html_url('blog/post.php?id='.$post_id, 'Back to post');
//do_html_footer();
$smarty->assign('indiv', $o);
# populate keyword array
keyword_push(gtc("Comments"));
keyword_push($o->full_name());
# assign other smarty variables
$smarty->assign('page_title', sprintf(gtc("Comments for %s"), $o->full_name()));
$smarty->assign('surname_title', sprintf(gtc("%s Surname"), $o->sname));
$content_title = $o->prefix . ' ' . $o->full_name();
if ($o->suffix) {
$content_title .= ', ' . $o->suffix;
}
$smarty->assign('content_title', $content_title);
# If the form has been posted then let's validate the form variables
if (!empty($_POST)) {
if (empty($_POST['email'])) {
$form_errors['email'] = gtc("YOU MUST ENTER AN EMAIL ADDRESS");
} elseif (!rgds_is_email(trim($_POST['email']))) {
$form_errors['email'] = gtc("THE EMAIL ADDRESS YOU ENTERED IS NOT VALID");
}
if (empty($_POST['comment'])) {
$form_errors['comment'] = gtc("PLEASE ENTER SOME TEXT");
}
$smarty->assign('form_errors', $form_errors);
# The form validated ok, so now save the data
if (!$form_errors) {
insert_comment($g_indiv, $_POST['email'], $_POST['comment']);
$comment_preview = rgds_parse_links($_POST['comment']);
$smarty->assign('comment_preview', $comment_preview);
$smarty->assign('SAVED', 1);
}
}
<?php
include 'functions/connect_bd.php';
include 'functions/functions.php';
$mysqli = connect();
if (isset($_GET["action"])) {
$action = $_GET["action"];
} else {
$action = "";
}
if ($action == "add") {
$id = $_GET["id"];
$author = $_POST["author"];
$page_id = $_POST["page_id"];
$comment = $_POST["comment"];
$insert = insert_comment($mysqli, $author, $page_id, $comment);
header("Location: single_article.php?id={$id}");
} else {
$id = $_GET["id"];
$mydata_article = take_single_article($mysqli, $id);
$mydata_comment = take_comment($mysqli, $id);
include 'view/single_view.php';
}