$crumbs->add(new PipeMenuHtmlEntry(userLink($user))); $crumbs->add(new PipeMenuTextEntry(__("Comments"))); makeBreadcrumbs($crumbs); $canDeleteComments = ($id == $loguserid || $loguser['powerlevel'] > 2) && IsAllowed("deleteComments") && $loguser['powerlevel'] >= 0; $canComment = $loguser['powerlevel'] >= 0; if ($loguserid && ($_GET['token'] == $loguser['token'] || $_POST['token'] == $loguser['token'])) { if ($canDeleteComments && $_GET['action'] == "delete") { AssertForbidden("deleteComments"); Query("delete from {usercomments} where uid={0} and id={1}", $id, (int) $_GET['cid']); if ($mobileLayout) { die(header("Location: " . actionLink("usercomments", $id))); } else { die(header("Location: " . actionLink("profile", $id))); } } if (isset($_POST['actionpost']) && IsReallyEmpty($_POST['text']) && $canComment) { AssertForbidden("makeComments"); $rComment = Query("insert into {usercomments} (uid, cid, date, text) values ({0}, {1}, {2}, {3})", $id, $loguserid, time(), $_POST['text']); if ($loguserid != $id) { Query("update {users} set newcomments = 1 where id={0}", $id); } logAction('usercomment', array('user2' => $id)); if ($mobileLayout) { die(header("Location: " . actionLink("usercomments", $id))); } else { die(header("Location: " . actionLink("profile", $id))); } } } $cpp = 15; $total = FetchResult("SELECT\n\t\t\t\t\t\tcount(*)\n\t\t\t\t\tFROM {usercomments}\n\t\t\t\t\tWHERE uid={0}", $id);
function HandleUsername($field, $item) { global $user; if (IsReallyEmpty($_POST[$field])) { $_POST[$field] = $user[$field]; } $dispCheck = FetchResult("select count(*) from {users} where id != {0} and (name = {1} or displayname = {1})", $user['id'], $_POST[$field]); if ($dispCheck) { return format(__("The login name you entered, \"{0}\", is already taken."), SqlEscape($_POST[$field])); } else { if ($_POST[$field] !== ($_POST[$field] = preg_replace('/(?! )[\\pC\\pZ]/u', '', $_POST[$field]))) { return __("The login name you entered cannot contain control characters."); } } }
while ($comment = Fetch($rComments)) { if ($canDeleteComments) { $deleteLink = "<small style=\"float: right; margin: 0px 4px;\"><a href=\"profile.php?id=" . $id . "&action=delete&cid=" . $comment['id'] . "\" title=\"" . __("Delete comment") . "\">✘</a></small>"; } $cellClass = ($cellClass + 1) % 2; $thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell2 width25\">\n\t\t\t\t\t\t\t\t{0}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td class=\"cell{1}\">\n\t\t\t\t\t\t\t\t{3}{2}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n", UserLink($comment, "cid"), $cellClass, PutASmileOnThatFace(htmlspecialchars($comment['text'])), $deleteLink); $commentList = $thisComment . $commentList; if (!isset($lastCID)) { $lastCID = $comment['cid']; } } } else { $commentsWasEmpty = true; $commentList = $thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell0\" colspan=\"2\">\n\t\t\t\t\t\t\t\t" . __("No comments.") . "\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n"); } if ($_POST['action'] == __("Post") && IsReallyEmpty(strip_tags($_POST['text'])) && $loguserid && $loguserid != $lastCID) { AssertForbidden("makeComments"); $_POST['text'] = strip_tags($_POST['text']); $newID = FetchResult("SELECT id+1 FROM usercomments WHERE (SELECT COUNT(*) FROM usercomments u2 WHERE u2.id=usercomments.id+1)=0 ORDER BY id ASC LIMIT 1"); if ($newID < 1) { $newID = 1; } $qComment = "insert into usercomments (id, uid, cid, date, text) values (" . $newID . ", " . $id . ", " . $loguserid . ", " . time() . ", '" . justEscape($_POST['text']) . "')"; $rComment = Query($qComment); if ($loguserid != $id) { Query("update users set newcomments = 1 where id=" . $id); } $lastCID = $loguserid; $thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell2 width25\">\n\t\t\t\t\t\t\t\t{0}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td class=\"cell{1}\">\n\t\t\t\t\t\t\t\t{2}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n", UserLink($loguser), 2, PutASmileOnThatFace(htmlspecialchars($_POST['text']))); if ($commentsWasEmpty) { $commentList = "";
function HandleUsername($field, $item) { global $user; if (!IsReallyEmpty($_POST[$field])) { $_POST[$field] = $user[$field]; } }