// +----------------------------------------------------------------------+
// | Copyright (c) 2004 |
// | author: Jason Taylor |
// | Neo-era : mofobikes |
// | comment.php |
// +----------------------------------------------------------------------+
/**
* comment servlet
*
* @package www
*
* $Id: comment.php,v 1.1 2010/10/30 21:48:35 catherine Exp $
*/
$GALLERY = true;
include "../../includes/config.inc.php";
$PageConfig->set_noindex(true);
if (!USERID) {
$smarty->assign("error","You must be logged in as a registered user to comment on a Bike.");
$smarty->display(TEMPLATE_DIR . "gallery_template.tpl.smrt");
die();
}
$bike_id = nBase::get_value("bike_id", $_GET, $_POST, 0, 1);
$comment_id = nBase::get_value("comment_id", $_GET, $_POST, 0, 1);
$type = nBase::get_value("type", $_GET, NULL, 'new');
if ($comment_id) {
$comment = db_get_comment($comment_id);
if (!$comment) {
$smarty->assign("error","Comment cannot be edited");
$smarty->display(TEMPLATE_DIR . "gallery_template.tpl.smrt");
die();
}
} else {
$comment->comment_id = 0;
$comment->bike_id = $bike_id;
$comment->user_id = USERID;
}
if ($type == 'report') {
$message = "Reporting on Comment id $comment->comment_id
BY ".USERNAME."
COMMENT URL: " . URL . "/gallery/bikes.php?bike_id=$comment->bike_id
$comment->comment";
mail("webmaster@oppracing.com","OPP Gallery Comment Report",$message,"From: \"OPP Mailer\" ");
$smarty->assign("message","A report has been sent to the administrator on that comment.
Thank you for bringing it to our attention.
Return to bike");
} else if ($type == 'remove') {
if ($comment->user_id != USERID || !ISADMIN) {
$smarty->assign("error","You can not remove a comment that does not belong to you.");
} else {
$submit = nBase::get_value("submit", $_GET, NULL, false);
if ($submit) {
db_remove_comment($comment_id);
$smarty->assign("message","Comment was removed from the system
Return to bike");
} else {
// CONFIRMATION
$smarty->assign("comment",$comment);
$smarty->assign("page_tpl",TEMPLATE_DIR . "gallery/comment_delete_conf.tpl.smrt");
}
}
} else {
if (!ISADMIN && $comment->comment_id && $comment->user_id != USERID) {
$smarty->assign("error","You can not update a comment that does not belong to you.");
} else {
$submit = nBase::get_value("submit", $_POST, NULL, false);
if ($submit) {
$comment->comment = nBase::get_value("mycomment", $_POST, NULL, "", false, false, 'xss');
$banned_word_list = db_get_banned_words();
$error = validate_words($comment->comment, "Comment",$banned_word_list);
if (!$error) {
db_save_comment($comment);
$smarty->assign("message","Comment has been updated/added. All comments must go under review before being displayed.
Return to bike");
$smarty->display(TEMPLATE_DIR . "gallery_template.tpl.smrt");
die();
} else {
$comment->comment = stripslashes($comment->comment);
$smarty->assign("error",$error);
}
}
$smarty->assign("comment",$comment);
$smarty->assign("page_tpl",TEMPLATE_DIR . "gallery/comment.tpl.smrt");
}
}
$smarty->display(TEMPLATE_DIR . "gallery_template.tpl.smrt");