$crumbs->add(new PipeMenuHtmlEntry(userLink($user)));
$crumbs->add(new PipeMenuTextEntry(__("Comments")));
makeBreadcrumbs($crumbs);
$canDeleteComments = ($id == $loguserid || $loguser['powerlevel'] > 2) && IsAllowed("deleteComments") && $loguser['powerlevel'] >= 0;
$canComment = $loguser['powerlevel'] >= 0;
if ($loguserid && ($_GET['token'] == $loguser['token'] || $_POST['token'] == $loguser['token'])) {
if ($canDeleteComments && $_GET['action'] == "delete") {
AssertForbidden("deleteComments");
Query("delete from {usercomments} where uid={0} and id={1}", $id, (int) $_GET['cid']);
if ($mobileLayout) {
die(header("Location: " . actionLink("usercomments", $id)));
} else {
die(header("Location: " . actionLink("profile", $id)));
}
}
if (isset($_POST['actionpost']) && IsReallyEmpty($_POST['text']) && $canComment) {
AssertForbidden("makeComments");
$rComment = Query("insert into {usercomments} (uid, cid, date, text) values ({0}, {1}, {2}, {3})", $id, $loguserid, time(), $_POST['text']);
if ($loguserid != $id) {
Query("update {users} set newcomments = 1 where id={0}", $id);
}
logAction('usercomment', array('user2' => $id));
if ($mobileLayout) {
die(header("Location: " . actionLink("usercomments", $id)));
} else {
die(header("Location: " . actionLink("profile", $id)));
}
}
}
$cpp = 15;
$total = FetchResult("SELECT\n\t\t\t\t\t\tcount(*)\n\t\t\t\t\tFROM {usercomments}\n\t\t\t\t\tWHERE uid={0}", $id);
function HandleUsername($field, $item)
{
global $user;
if (IsReallyEmpty($_POST[$field])) {
$_POST[$field] = $user[$field];
}
$dispCheck = FetchResult("select count(*) from {users} where id != {0} and (name = {1} or displayname = {1})", $user['id'], $_POST[$field]);
if ($dispCheck) {
return format(__("The login name you entered, \"{0}\", is already taken."), SqlEscape($_POST[$field]));
} else {
if ($_POST[$field] !== ($_POST[$field] = preg_replace('/(?! )[\\pC\\pZ]/u', '', $_POST[$field]))) {
return __("The login name you entered cannot contain control characters.");
}
}
}
while ($comment = Fetch($rComments)) {
if ($canDeleteComments) {
$deleteLink = "<small style=\"float: right; margin: 0px 4px;\"><a href=\"profile.php?id=" . $id . "&action=delete&cid=" . $comment['id'] . "\" title=\"" . __("Delete comment") . "\">✘</a></small>";
}
$cellClass = ($cellClass + 1) % 2;
$thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell2 width25\">\n\t\t\t\t\t\t\t\t{0}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td class=\"cell{1}\">\n\t\t\t\t\t\t\t\t{3}{2}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n", UserLink($comment, "cid"), $cellClass, PutASmileOnThatFace(htmlspecialchars($comment['text'])), $deleteLink);
$commentList = $thisComment . $commentList;
if (!isset($lastCID)) {
$lastCID = $comment['cid'];
}
}
} else {
$commentsWasEmpty = true;
$commentList = $thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell0\" colspan=\"2\">\n\t\t\t\t\t\t\t\t" . __("No comments.") . "\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n");
}
if ($_POST['action'] == __("Post") && IsReallyEmpty(strip_tags($_POST['text'])) && $loguserid && $loguserid != $lastCID) {
AssertForbidden("makeComments");
$_POST['text'] = strip_tags($_POST['text']);
$newID = FetchResult("SELECT id+1 FROM usercomments WHERE (SELECT COUNT(*) FROM usercomments u2 WHERE u2.id=usercomments.id+1)=0 ORDER BY id ASC LIMIT 1");
if ($newID < 1) {
$newID = 1;
}
$qComment = "insert into usercomments (id, uid, cid, date, text) values (" . $newID . ", " . $id . ", " . $loguserid . ", " . time() . ", '" . justEscape($_POST['text']) . "')";
$rComment = Query($qComment);
if ($loguserid != $id) {
Query("update users set newcomments = 1 where id=" . $id);
}
$lastCID = $loguserid;
$thisComment = format("\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td class=\"cell2 width25\">\n\t\t\t\t\t\t\t\t{0}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td class=\"cell{1}\">\n\t\t\t\t\t\t\t\t{2}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n", UserLink($loguser), 2, PutASmileOnThatFace(htmlspecialchars($_POST['text'])));
if ($commentsWasEmpty) {
$commentList = "";
function HandleUsername($field, $item)
{
global $user;
if (!IsReallyEmpty($_POST[$field])) {
$_POST[$field] = $user[$field];
}
}
