public function action_AddComment() { $item = Model::factory('kwalbum_item')->load((int) $_POST['item']); if (!$this->user->can_view_item($item)) { echo 'no commenting for you'; return; } $comment = new Model_Kwalbum_Comment(); $comment->name = $this->user->name; $comment->text = htmlspecialchars(trim($_POST['comment'])); $comment->item_id = $item->id; $comment->save(); echo $comment->name . ' : ' . $comment->date . '<br/>' . $comment->text . '<hr/>'; }