function render_entry($entry, $comment_attributes = array(), $recaptcha_error = null) { if (!$entry) { return render_not_found(); } echo '<div class="entry" id="entry_' . h($entry->id) . '">' . "\n"; echo '<span class="posted_at">' . h(date('F j, Y @ g:ia', $entry->posted_at)) . '</span>' . "\n"; echo '<h3>' . h($entry->name) . '</h3>' . "\n"; echo '<div class="body">' . $entry->body . '</div>' . "\n"; render_comments($entry->comments(), $comment_attributes, $recaptcha_error); echo '</div>' . "\n"; }
function render_page($template) { global $dir_path, $theme_path, $header_links, $admin_links, $copyright, $start, $limit, $id, $type, $category; $template = file_get_contents($dir_path . $theme_path . "templates/" . $template); if (!isset($_SESSION['identity'])) { $admin_links = NULL; } if (@$type == "blog") { $item = render_single_blog($id); } else { $item = render_single_article($id); } $search = array('<$css_path$>', '<$image_path$>', '<$misc_path$>', '<$header_links$>', '<$admin_links$>', '<$blogs$>', '<$copyright$>', '<$item$>', '<$comments$>', '<$downloads$>', '<$links$>', '<$articles$>', '<$id$>', '<$type$>'); $replace = array($dir_path . $theme_path . "stylesheets/", $dir_path . $theme_path . "images/", $dir_path . $theme_path . "misc/", $header_links, $admin_links, render_many_blogs($start, $limit, $blog), $copyright, $item, render_comments($id, $type), render_downloads($id, $category), render_links($id, $category), render_articles($id, $category), $id, $type); $template = str_replace($search, $replace, $template); print $template; }
/** * @param $comment_type - abbr or short ID * @param $comment_db - Current Application DB - DB_BLOG for example. * @param $comment_col - current sql primary key column - 'blog_id' for example * @param $comment_item_id - current sql primary key value '$_GET['blog_id']' for example * @param $clink - current page link 'FUSION_SELF' is ok. */ function showcomments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); $_GET['comment'] = isset($_GET['comment']) && isnum($_GET['comment']) ? $_GET['comment'] : 0; $cpp = $settings['comments_per_page']; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (!iMEMBER && $settings['guestpost'] == 1) { if (!isset($_POST['comment_name'])) { redirect($link); } if (isnum($_POST['comment_name'])) { $_POST['comment_name'] = ''; } $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) { redirect($link); } } $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) { $comment_updated = FALSE; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "' \n\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\tAND comment_type='" . $comment_type . "' \n\t\t\t\tAND comment_name='" . $userdata['user_id'] . "' \n\t\t\t\tAND comment_hidden='0'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'update'); if ($comment_data['comment_message']) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_data['comment_message'] . "'\n \t\t\t\t\t\t\t\t\t WHERE comment_id='" . $_GET['comment_id'] . "' " . (iADMIN ? "" : "AND comment_name='" . $userdata['user_id'] . "'")); if ($result) { $comment_updated = TRUE; } } } if ($comment_updated) { if ($settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $comment_item_id . "'\n\t\t\t\t\t\t\t\tAND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) { redirect(BASEDIR . "index.php"); } $id = 0; if ($comment_data['comment_name'] && $comment_data['comment_message']) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'save'); $id = dblastid(); } } if ($settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } else { $c_start = 0; } //if (!$settings['site_seo']) { redirect($clink . "&c_start=" . $c_start . "#c" . $id); //} } } $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE)); $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n\t\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\t\tWHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n\t\t\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp); if (dbrows($result) > 0) { $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } while ($data = dbarray($result)) { $c_arr['c_con'][$i]['comment_id'] = $data['comment_id']; $c_arr['c_con'][$i]['edit_dell'] = FALSE; $c_arr['c_con'][$i]['i'] = $i; if ($data['user_name']) { $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status'], 'strong text-dark'); } else { $c_arr['c_con'][$i]['comment_name'] = $data['comment_name']; } $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '35px', '', true, 'img-rounded'); $c_arr['c_con'][$i]['user'] = array('user_id' => $data['user_id'], 'user_name' => $data['user_name'], 'user_avatar' => $avatar = $data['user_avatar'] !== '' && file_exists(IMAGES . 'avatars/' . $data['user_avatar']) ? IMAGES . 'avatars/' . $data['user_avatar'] : IMAGES . "avatars/noavatar50.png", 'user_status' => $data['user_status']); $c_arr['c_con'][$i]['comment_datestamp'] = showdate('shortdate', $data['comment_datestamp']); $c_arr['c_con'][$i]['comment_time'] = timer($data['comment_datestamp']); $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message']))); if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { $edit_link = clean_request('c_action=edit&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment"; $delete_link = clean_request('c_action=delete&comment_id=' . $data['comment_id'], array('c_action', 'comment_id'), false); $c_arr['c_con'][$i]['edit_link'] = array('link' => $edit_link, 'name' => $locale['c108']); $c_arr['c_con'][$i]['delete_link'] = array('link' => $delete_link, 'name' => $locale['c109']); $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<div class='btn-group'>"; $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $edit_link . "'>"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a>\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a class='btn btn-xs btn-default' href='" . $delete_link . "' onclick=\"return confirm('" . $locale['c110'] . "');\">"; $c_arr['c_con'][$i]['edit_dell'] .= "<i class='fa fa-trash'></i> " . $locale['c109'] . "</a>"; $c_arr['c_con'][$i]['edit_dell'] .= "</div>\n"; } $settings['comments_sorting'] == "ASC" ? $i++ : $i--; } if (iADMIN && checkrights("C")) { $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $comment_type . "&comment_item_id=" . $comment_item_id . "'>" . $locale['c106'] . "</a>"; } } opentable($locale['c102']); $comment_message = ""; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $comment_item_id . "'\n\t\t\t\tAND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (dbrows($eresult) > 0) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo openform('inputform', 'post', $clink, array('class' => 'm-b-20', 'max_tokens' => 1)); if (iGUEST) { echo form_text('comment_name', $locale['c104'], '', array('max_length' => 30)); } echo form_textarea('comment_message', '', $comment_message, array('required' => 1, 'autosize' => 1, 'form_name' => 'inputform', 'bbcode' => 1)); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; echo "<div style='width:360px; margin:10px auto;'>"; echo $locale['global_150'] . "<br />\n"; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php"; if (!$_CAPTCHA_HIDE_INPUT) { echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } echo "</div>\n"; } echo form_button('post_comment', $comment_message ? $locale['c103'] : $locale['c102'], $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn-success m-t-10')); echo closeform(); } else { echo "<div class='well'>\n"; echo $locale['c105'] . "\n"; echo "</div>\n"; } closetable(); echo "<a id='comments' name='comments'></a>"; render_comments($c_arr['c_con'], $c_arr['c_info']); } }
function showcomments($ctype, $cdb, $ccol, $cid, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); $cpp = $settings['comments_per_page']; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . "\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { if (!isset($_POST['comment_name'])) { redirect($link); } $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[+0-9\\s]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = FALSE; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_name='" . $userdata['user_id'] . "'\r\n\t\t\t\t\t\tAND comment_hidden='0'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "'\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\t\t\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = TRUE; } } if ($comment_updated) { if ($settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $_GET['comment_id'] . "'\r\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (\r\n\t\t\t\t\t\t\t\tcomment_item_id, comment_type, comment_name, comment_message, comment_datestamp,\r\n\t\t\t\t\t\t\t\tcomment_ip, comment_ip_type, comment_hidden\r\n\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t'" . $cid . "', '" . $ctype . "', '" . $comment_name . "', '" . $comment_message . "', '" . time() . "',\r\n\t\t\t\t\t\t\t\t'" . USER_IP . "', '" . USER_IP_TYPE . "', '0'\r\n\t\t\t\t\t\t\t)"); } } if ($settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } else { $c_start = 0; } redirect($clink . "&c_start=" . $c_start); } } $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE)); $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\r\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp); if (dbrows($result)) { $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } while ($data = dbarray($result)) { $c_arr['c_con'][$i]['comment_id'] = $data['comment_id']; $c_arr['c_con'][$i]['edit_dell'] = FALSE; $c_arr['c_con'][$i]['i'] = $i; if ($data['user_name']) { $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status']); } else { $c_arr['c_con'][$i]['comment_name'] = $data['comment_name']; } //Add user avatar in comments new feature in v7.02.04 $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '80px'); $c_arr['c_con'][$i]['comment_datestamp'] = $locale['global_071'] . showdate("longdate", $data['comment_datestamp']); $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message']))); if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a> |\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "' onclick=\"return confirm('" . $locale['c110'] . "');\">"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c109'] . "</a>"; } $settings['comments_sorting'] == "ASC" ? $i++ : $i--; } if (iADMIN && checkrights("C")) { $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $ctype . "&cid=" . $cid . "'>" . $locale['c106'] . "</a>"; } } // Render comments echo "<a id='comments' name='comments'></a>"; render_comments($c_arr['c_con'], $c_arr['c_info']); // Add / edit comment opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\r\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo openform('inputform', 'inputform', 'post', $clink); if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div class='row'>\n"; echo "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12'>\n"; echo form_textarea('', 'comment_message', 'comment_message', $comment_message, array('required' => 1)); echo display_bbcodes("360px", "comment_message"); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; echo "<div style='width:360px; margin:10px auto;'>"; echo $locale['global_150'] . "<br />\n"; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php"; if (!$_CAPTCHA_HIDE_INPUT) { echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } echo "</div>\n"; } echo form_button($comment_message ? $locale['c103'] : $locale['c102'], 'post_comment', 'post_comment', $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn btn-primary m-t-10')); echo "</div>\n</div>\n"; echo closeform(); } else { echo $locale['c105'] . "\n"; } closetable(); } }
if ($recaptcha->is_valid) { mysql_query("UPDATE comments SET `Visible`='1' WHERE `Id`='{$comment_id}'"); $res = mysql_query("SELECT COUNT(*) FROM comments WHERE `Section`='{$var_table}' AND `ItemId`='{$var_id}' AND `Visible`='1'"); $row = mysql_fetch_array($res); $total = $row['COUNT(*)']; mysql_query("UPDATE {$var_table} SET `CommentCount`='{$total}' WHERE `Id`='{$var_id}'"); if ($var_section == "press" && $linecount >= 2 && $charcount >= 100 && isset($_POST['upvote']) && $_POST['upvote'] == "true") { $res = mysql_query("SELECT Upvotes FROM press WHERE `Id`='{$var_id}'"); if (mysql_num_rows($res) > 0) { $row = mysql_fetch_array($res); $total = $row['Upvotes'] + 1; mysql_query("UPDATE press SET `Upvotes`='{$total}' WHERE `Id`='{$var_id}'"); } } echo "<strong>Your comment is now visible.</strong>\n\t\t\t\t\t<p><a href=\"/{$var_section}/item/{$var_id}/comments/#c-{$comment_id}\" class=\"page-button\"><< back to thread</a></p>"; render_comments($var_table, $var_id); $validated = true; } else { echo "<strong>The captcha you entered was incorrect.</strong> Try again.<br><br>"; } } } else { $error = true; $var_code = ANONNEWS_ERROR_NOT_FOUND; require "module.error.php"; } } if ($error === false && ($posted === true || $validated === false)) { if ($result = mysql_query_cached("SELECT * FROM comments WHERE `Id`='{$comment_id}'")) { $linecount = count(explode("\n", $result->data[0]['Body'])); $charcount = strlen($result->data[0]['Body']);
/** * Display Comments * @param $comment_type * @param $comment_db * @param $comment_col * @param $comment_item_id * @param $clink */ public function showComments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink) { global $aidlink; $locale = fusion_get_locale(); $locale += fusion_get_locale('', LOCALE . LOCALESET . "user_fields.php"); $cpp = $this->settings['comments_per_page']; $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => '', 'comment_message' => '', 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); /** Delete */ if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $this->userdata['user_id'] . "'")) { $result = dbquery("\n DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $this->userdata['user_id'] . "'")); } redirect($clink . ($this->settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($this->settings['comments_enabled'] == "1") { $this->c_arr['c_info']['comments_count'] = format_word(0, $this->locale['fmt_comment']); // Handle Comment Posts if ((iMEMBER || $this->settings['guestposts']) && isset($_POST['post_comment'])) { if (!iMEMBER && $this->settings['guestposts']) { // Process Captchas $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) && $_CAPTCHA_IS_VALID == FALSE) { \defender::stop(); addNotice("danger", $locale['u194']); } } $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $this->userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => form_sanitizer($_POST['comment_cat'], 0, 'comment_cat'), 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) { // Update comment if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'\n AND comment_name='" . $this->userdata['user_id'] . "'\n AND comment_hidden='0'") && \defender::safe()) { $c_name_query = "SELECT comment_name FROM " . DB_COMMENTS . " WHERE comment_id='" . $comment_data['comment_id'] . "'"; $comment_data['comment_name'] = dbresult(dbquery($c_name_query), 0); dbquery_insert(DB_COMMENTS, $comment_data, 'update'); if ($this->settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; addNotice("success", $locale['global_027']); redirect(self::format_clink($clink) . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } } else { // Save New comment if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) { redirect(BASEDIR . "index.php"); } if (\defender::safe()) { $c_start = 0; $id = 0; if ($comment_data['comment_name'] && $comment_data['comment_message']) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'save'); $id = dblastid(); if ($this->settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } } redirect(self::format_clink($clink) . "&c_start=" . $c_start . "#c" . $id); } } } } $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $comment_query = "\n SELECT tcm.*, tcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n FROM " . DB_COMMENTS . " tcm\n LEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n WHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n ORDER BY comment_datestamp " . $this->settings['comments_sorting'] . ", comment_cat DESC"; $query = dbquery($comment_query); if (dbrows($query) > 0) { $i = $this->settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $this->c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } if (iADMIN && checkrights("C")) { $this->c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $this->c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $comment_type . "&comment_item_id=" . $comment_item_id . "'>" . $this->locale['c106'] . "</a>"; } while ($row = dbarray($query)) { $actions = array("edit_dell" => "", "edit_link" => "", "delete_link" => ""); if (iADMIN && checkrights("C") || iMEMBER && $row['comment_name'] == $this->userdata['user_id'] && isset($row['user_name'])) { $edit_link = clean_request('c_action=edit&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment"; $delete_link = clean_request('c_action=delete&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false); $comment_actions = "<!---comment_actions--><div class='btn-group'>\n <a class='btn btn-xs btn-default' href='{$edit_link}'>" . $this->locale['c108'] . "</a>\n <a class='btn btn-xs btn-default' href='{$delete_link}' onclick=\"return confirm('" . $this->locale['c110'] . "');\"><i class='fa fa-trash'></i>" . $this->locale['c109'] . "</a>\n </div><!---//comment_actions-->\n "; $actions = array("edit_link" => array('link' => $edit_link, 'name' => $this->locale['c108']), "delete_link" => array('link' => $delete_link, 'name' => $this->locale['c109']), "edit_dell" => $comment_actions); } $reply_form = ""; if (isset($_GET['comment_reply']) && $_GET['comment_reply'] == $row['comment_id']) { $locale = fusion_get_locale(); $comment_data['comment_cat'] = $row['comment_id']; $reply_form = openform("comments_reply_form", "post", FUSION_REQUEST, array("class" => "comments_reply_form")); if (iGUEST) { $reply_form .= form_text('comment_name', fusion_get_locale('c104'), $comment_data['comment_name'], array('max_length' => 30)); } $reply_form .= form_hidden("comment_cat", "", $comment_data['comment_cat']); $reply_form .= form_textarea("comment_message", "", $comment_data['comment_message'], array("tinymce" => "simple", "type" => fusion_get_settings("tinymce_enabled") ? "tinymce" : "bbcode", "input_id" => "comment_message-" . $i, "required" => true)); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; $reply_form .= "<div class='m-t-10 m-b-10'>"; $reply_form .= "<label class='col-xs-12 col-sm-3'>" . $locale['global_150'] . "</label><div class='col-xs-12 col-sm-9'>\n"; ob_start(); include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_display.php"; $reply_form .= ob_get_contents(); ob_end_clean(); if (!$_CAPTCHA_HIDE_INPUT) { $reply_form .= "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; $reply_form .= "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } $reply_form .= "</div>\n"; $reply_form .= "</div>\n"; } $reply_form .= form_button('post_comment', $locale['c102'], $locale['c102'], array('class' => 'btn-success m-t-10')); $reply_form .= closeform(); } /** formats $row */ $row = array("comment_id" => $row['comment_id'], "comment_cat" => $row['comment_cat'], "i" => $i, "user_avatar" => display_avatar($row, '50px', '', false, 'img-rounded'), "user" => array("user_id" => $row['user_id'], "user_name" => $row['user_name'], "user_avatar" => $row['user_avatar'], "status" => $row['user_status']), "reply_link" => clean_request("comment_reply=" . $row['comment_id'], array("comment_reply"), false), "reply_form" => $reply_form, "comment_datestamp" => showdate('shortdate', $row['comment_datestamp']), "comment_time" => timer($row['comment_datestamp']), "comment_message" => "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($row['comment_message']))) . "<!--//comment_message-->\n", "comment_name" => $row['user_name'] ? profile_link($row['comment_name'], $row['user_name'], $row['user_status'], 'strong text-dark') : $row['comment_name']); $row += $actions; $id = $row['comment_id']; $parent_id = $row['comment_cat'] === NULL ? "0" : $row['comment_cat']; $data[$id] = $row; $this->c_arr['c_con'][$parent_id][$id] = $row; $this->settings['comments_sorting'] == "ASC" ? $i++ : $i--; } // Paginate the array $this->c_arr['c_con'][0] = array_chunk($this->c_arr['c_con'][0], $cpp, true); // Pass cpp settings $this->c_arr['c_info']['comments_per_page'] = $cpp; $this->c_arr['c_info']['comments_count'] = format_word(number_format($i - 1, 0), $this->locale['fmt_comment']); } echo "<a id='comments' name='comments'></a>"; render_comments($this->c_arr['c_con'], $this->c_arr['c_info']); render_comments_form($comment_type, $clink, $comment_item_id, isset($_CAPTCHA_HIDE_INPUT) ? $_CAPTCHA_HIDE_INPUT : FALSE); } }
echo render_metadata($mysqli, $question, $question->use_bloom(), $q_teams, $q_disabled, $string, $userObject); ?> </div> </div> <div id="changes" class="tab-area"> <?php $changes = $question->get_changes(); echo render_changes($changes, $string); ?> </div> <div id="comments" class="tab-area"> <?php $comments = $question->get_comments($paper_id); echo render_comments($comments, $string); ?> </div> <div id="performance" class="tab-area"> <table style="font-size:90%; width:100%" class="data"> <?php echo "<tr><th></th><th>" . $string['papername'] . "</th><th>" . $string['screenno'] . "</th><th>" . $string['examdate'] . "</th><th>" . $string['cohort'] . "</th><th></th><th>" . $string['p'] . "</th><th>" . $string['d'] . "</th></tr>\n"; $performance_array = $question->id > -1 ? question_info::question_performance($question->id, $mysqli) : array(); foreach ($performance_array as $paper => $performance) { echo "<tr><td><img src=\"../../artwork/" . $performance['icon'] . "\" width=\"16\" height=\"16\" /></td>"; echo "<td>" . $performance['title'] . "</td>"; echo "<td class=\"num\">" . $performance['screen'] . "</td>"; $q_type = $question->get_type(); if (isset($performance['performance'][1]['taken'])) { echo "<td>" . $performance['performance'][1]['taken'] . "</td><td class=\"num\">" . $performance['performance'][1]['cohort'] . "</td><td style=\"text-align:right\">" . question_info::display_parts($performance['performance'], $q_type) . "</td><td class=\"num\">" . question_info::display_p($performance['performance'], $q_type) . "</td><td class=\"num\">" . question_info::display_d($performance['performance'], $q_type) . "</td>";
<?php if (!isset($_ANONNEWS)) { die; } /* Protect from direct requests */ /* This module handles all comments. */ $var_id = is_numeric($var_id) ? $var_id : 0; $error = false; if (!($output = file_get_contents_cached("{$render_dir}/c-{$var_table}-{$var_id}.render"))) { if (!($res = render_comments($var_table, $var_id))) { $var_code = ANONNEWS_ERROR_NOT_FOUND; require "module.error.php"; $error = true; } else { $output->source = "render"; $output->data = $res; } } if ($error === false) { if ($var_section == "press") { echo "<div class=\"form-notice\" style=\"width: 100%;\"><strong>Note:</strong> To be able to upvote a press release, you need to leave a comment that is 2 or more lines, and 100 or more characters.</div>"; } echo $output->data; }