Comments in request
my new page reqcomment.php
PHP Code:
<?php
require_once("global.php");
$action = $_GET["action"];
dbconn(false);
loggedinorreturn();
parked(); //=== uncomment if you use the parked mod
if ($action == "add")
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$reqid = 0 + $_POST["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");
$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "No request with that ID.");
$text = ($_POST["message"]);
$text = trim($_POST["message"]);
if (!$text)
stderr("Error", "Don't leave any fields blank!");
mysql_query("INSERT INTO comments (user, request, added, text, ori_text) VALUES (" .
$CURUSER["id"] . "', ". $reqid .", '" . get_date_time() . "', " . sqlesc($text) .
"," . sqlesc($text) . ")");
$newid = mysql_insert_id();
mysql_query("UPDATE requests SET comments = comments + 1 WHERE id = $reqid");
header("Refresh: 0; url=viewrequests.php?do=view_request&rid=$reqid&req_details=1&$newid#comm$newid");
die;
}
$reqid = 0 + $_GET["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");
$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");
stdhead("Add comment to \"" . $arr["request"] . "\"");
include_once INC_PATH . '/editor.php';
print("<p><form method=post name=compose action=reqcomment.php?action=add><input type=hidden name=tid value=$reqid/>".
"<table border=1 cellspacing=0 cellpadding=10><tr><td class=colhead align=center colspan=2><b>".
"Comment on Request: " . htmlspecialchars($arr["request"]) . "</b></td><tr><tr><td align=right class=clearalt6><b>comment:</b>".
"</td><td align=left class=clearalt6>\n");
$str .= insert_editor (false, NULL, (!empty ($_POST['message']) ? $_POST['message'] : ''), $lang->requests['addtitle1'], sprintf ($lang->requests['addtitle'], htmlspecialchars_uni ($arr['name'])));
$str .= '</form>';
echo $str;
$res = mysql_query("SELECT comments.id, text, UNIX_TIMESTAMP(comments.added) as utadded, UNIX_TIMESTAMP(editedat) as uteditedat, comments.added, username, users.id as user, users.class, users.avatar FROM comments LEFT JOIN users ON comments.user = users.id WHERE request = $reqid ORDER BY comments.id DESC LIMIT 5");
$allrows = array();
while ($row = mysql_fetch_array($res))
$allrows[] = $row;
if (count($allrows)) {
commenttable($allrows);
}
echo '</table>';
stdfoot();
die;
}
?>
and add in my viewrequest.php
PHP Code:
if (($do == 'view_request' AND is_valid_id ($rid)))
{
check_rid ();
($query = sql_query ('SELECT r.id, r.userid, r.filledby, r.filledurl, r.request, r.descr, r.added, r.hits, r.cat, r.filled, c.image as category_image, c.name as category_name, u.username, g.namestyle FROM requests r LEFT JOIN categories c ON (r.cat=c.id) LEFT JOIN users u ON (r.userid=u.id) LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE r.id = ' . sqlesc ($rid)) OR sqlerr (__FILE__, 401));
$request = mysql_fetch_assoc ($query);
stdhead ($lang->requests['rhead'] . ' - ' . $lang->requests['viewreq'] . ' : ' . htmlspecialchars_uni ($request['request']));
$delete_image = (($is_mod OR $request['userid'] == $CURUSER['id']) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=delete_request&rid=' . $request['id'] . '" onclick="return confirm_delete_request()">' . $lang->requests['field12'] . '</a></h2> ' : '');
$edit_image = (($is_mod OR $request['userid'] == $CURUSER['id']) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=edit_request&rid=' . $request['id'] . '">' . $lang->requests['field11'] . '</a></h2> ' : '');
$fillrequest = (($request['filled'] == 'no' AND ($is_mod OR $usergroups['canrequest'] == 'yes')) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=fill_request&rid=' . $request['id'] . '">' . $lang->requests['field18'] . '</a></h2> ' : '');
$reset_request = (($request['filled'] == 'yes' AND ($is_mod OR $CURUSER['id'] == $request['userid'])) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=reset_request&rid=' . $request['id'] . '">' . $lang->requests['field13'] . '</a></h2> ' : '');
$back = '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '">' . $lang->requests['return'] . '</a></h2> ';
$commentbar = '' . '<div align=left><br /><h2><a class=hoptobutton size=4 href=reqcomment.php?action=add&tid=' . $request['id'] . '>' . $lang->requests['addcomment'] . '</a></h2></div>';
echo '
<script type="text/javascript">
function confirm_delete_request()
{
var confirm_delete = confirm("' . $lang->requests['are_you_sure'] . '");
if (confirm_delete)
{
return true;
}
else
{
return false;
}
}
</script>
<table width="100%" border="0" cellpadding="5" cellspacing="0">
<tr>
<td class="thead" colspan="2" align="center">' . $lang->requests['viewreq'] . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['rtitle'] . '</td>
<td align="left" width="80%">' . htmlspecialchars_uni ($request['request']) . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field9'] . '</td>
<td align="left" width="80%"><a href="' . $BASEURL . '/userdetails.php?id=' . $request['userid'] . '">' . get_user_color ($request['username'], $request['namestyle']) . '</a></td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field8'] . '</td>
<td align="left" width="80%">' . my_datee ($dateformat, $request['added']) . ' ' . my_datee ($timeformat, $request['added']) . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field6'] . '</td>
<td align="left" width="80%">' . $request['category_name'] . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['votes'] . '</td>
<td align="left" width="80%">' . $request['hits'] . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field5'] . '</td>
<td align="left" width="80%">' . format_comment ($request['descr']) . '</td>
</tr>';
if ($request['filled'] == 'yes')
{
($query = sql_query ('SELECT u.username, g.namestyle FROM users u LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE u.id=' . sqlesc ($request['filledby'])) OR sqlerr (__FILE__, 455));
$fillerdetails = mysql_fetch_assoc ($query);
echo '
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['filledby'] . '</td>
<td align="left" width="80%"><a href="' . $BASEURL . '/userdetails.php?id=' . $request['filledby'] . '">' . get_user_color ($fillerdetails['username'], $fillerdetails['namestyle']) . '</a> [<a href="' . $request['filledurl'] . '">' . $lang->requests['view_details'] . '</a>]</td>
</tr>';
}
echo '
<tr>
<td colspan="2" align="center" class="subheader"><p>' . $back . $delete_image . $edit_image . $fillrequest . $reset_request . '</p></td>
</tr>
</table>
';
//--- added comments
function reqcommenttable($rows)
{
global $CURUSER, $HTTP_SERVER_VARS;
begin_main_frame();
begin_frame();
$count = 0;
foreach ($rows as $row)
{
//=======change colors
if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
print("<br>");
begin_table(true);
print("<tr><td class=colhead colspan=2><p class=sub><a name=comment_" . $row["id"] . ">#" . $row["id"] . "</a> by: ");
if (isset($row["username"]))
{
$username = $row["username"];
$ratres = mysql_query("SELECT uploaded, downloaded from users where username='$username'");
$rat = mysql_fetch_array($ratres);
if ($rat["downloaded"] > 0)
{
$ratio = $rat['uploaded'] / $rat['downloaded'];
$ratio = number_format($ratio, 3);
$color = get_ratio_color($ratio);
if ($color)
$ratio = "<font color=$color>$ratio</font>";
}
else
if ($rat["uploaded"] > 0)
$ratio = "Inf.";
else
$ratio = "---";
$title = $row["title"];
if ($title == "")
$title = get_user_class_name($row["class"]);
else
$title = htmlspecialchars($title);
print("<a name=comm". $row["id"] .
" href=userdetails.php?id=" . $row["user"] . "><b>" .
htmlspecialchars($row["username"]) . "</b></a>" . ($row["donor"] == "yes" ? "<img src=pic/star.gif alt='Donor'>" : "") . ($row["warned"] == "yes" ? "<img src=".
"pic/warned.gif alt=\"Warned\">" : "") . "<font size=\"-3\"> ($title) (ratio: $ratio)\n");
}
else
print("<a name=\"comm" . $row["id"] . "\"><i>(orphaned)</i></a>\n");
//=== if using report mod uncomment the next bit and change to your report system
print(" at " . $row["added"] . " GMT</font> " .
($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ <a href=reqcomment.php?action=edit&cid=$row[id]>Edit</a> ]" : "") .
(get_user_class() >= UC_MODERATOR ? " [ <a href=reqcomment.php?action=delete&cid=$row[id]>Delete</a> ] " : "") .
($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . " [ <a href=userdetails.php?id=" . $row["user"] . ">Profile</a> ] [ <a href=sendmessage.php?receiver=" . $row["user"] . ">PM</a> ] [ <a href=report.php?reqcommentid=$row[id]>Report</a> ]</p>\n");
/*
//=== if not using report use this instead
print(" at " . $row["added"] . " GMT</font> " .
($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ <a href=reqcomment.php?action=edit&cid=$row[id]>Edit</a> ]" : "") .
(get_user_class() >= UC_MODERATOR ? " [ <a href=reqcomment.php?action=delete&cid=$row[id]>Delete</a> ] " : "") .
($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . " [ <a href=userdetails.php?id=" . $row["user"] . ">Profile</a> ] [ <a href=sendmessage.php?receiver=" . $row["user"] . ">PM</a> ]</p>\n");
*/
$avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : "");
if (!$avatar)
$avatar = "pic/default_avatar.gif";
$text = format_comment($row["message"]);
if ($row["editedby"])
$text .= "<p><font size=1 class=small>Edited by <a href=userdetails.php?id=$row[editedby]><b>$row[username]</b></a> $row[editedat] GMT</font></p>\n";
print("</td></tr><tr valign=top><td align=center width=150 class=$class><img width=150 src=$avatar></td><td class=$class>$text</td></tr>\n");
end_table();
}
end_frame();
end_main_frame();
}
//=== end request comment
print("<tr><td class=embedded colspan=2><p><a name=startcomments></a></p>\n");
$commentbar = '' . '<div align=left><br /><h2><a class=hoptobutton size=4 href=reqcomment.php?action=add&tid=' . $request['id'] . '>' . $lang->requests['addcomment'] . '</a></h2></div></ br></ br>';
$subres = mysql_query("SELECT COUNT(*) FROM comments WHERE request = $id");
$subrow = mysql_fetch_array($subres);
$count = $subrow[0];
print("</td></tr></table>");
if (!$count)
print($commentbar);
else {
list($pagertop, $pagerbottom, $limit) = pager(20, $count, "viewrequests.php?id=$id&req_details=1&", array(lastpagedefault => 1));
$subres = mysql_query("SELECT comments.id, text, user, comments.added, editedby, editedat, avatar, warned, ".
"username, title, class, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE request = " .
"$id ORDER BY comments.id $limit") or sqlerr(__FILE__, __LINE__);
$allrows = array();
while ($subrow = mysql_fetch_array($subres))
$allrows[] = $subrow;
print($commentbar);
print($pagertop);
reqcommenttable($allrows);
print($pagerbottom);
print($commentbar);
}
end_frame();
die;
//=== end request details
stdfoot ();
exit ();
}
not inscription in Data base WhY???? 
Oki my new viewrequests.php I'm add fonction offcommenttable
PHP Code:
<?
/***********************************************/
/*=========[TS Special Edition v.5.6]==========*/
/*=============[Special Thanks To]=============*/
/* DrNet - wWw.SpecialCoders.CoM */
/* Vinson - wWw.Decode4u.CoM */
/* MrDecoder - wWw.Fearless-Releases.CoM */
/* Fynnon - wWw.BvList.CoM */
/***********************************************/
function offcommenttable ($rows)
{
global $CURUSER;
global $HTTP_SERVER_VARS;
global $lang;
global $timeformat;
global $dateformat;
$count = 0;
foreach ($rows as $row)
{
if ($count2 == 0)
{
$count2 = $count2 + 1;
$class = 'clearalt6';
}
else
{
$count2 = 0;
$class = 'clearalt7';
}
begin_table (true);
print '<tr><td class=subheader colspan=2><p class=text><a name=comment_' . $row['id'] . '>#' . $row['id'] . '</a> ' . $lang->requests['by'] . ' ';
if (isset ($row['username']))
{
$username = $row['username'];
$ratres = sql_query ('' . 'SELECT uploaded, downloaded from users where username=\'' . $username . '\'');
$rat = mysql_fetch_array ($ratres);
if (0 < $rat['downloaded'])
{
$ratio = $rat['uploaded'] / $rat['downloaded'];
$ratio = number_format ($ratio, 3);
$color = get_ratio_color ($ratio);
if ($color)
{
$ratio = '' . '<font color=' . $color . '>' . $ratio . '</font>';
}
}
else
{
if (0 < $rat['uploaded'])
{
$ratio = 'Inf.';
}
else
{
$ratio = '---';
}
}
$title = $row['title'];
if ($title == '')
{
$title = $row['grouptitle'];
}
else
{
$title = htmlspecialchars ($title);
}
print '<a name=comm' . $row['id'] . ' href=userdetails.php?id=' . $row['user'] . '><b>' . htmlspecialchars ($row['username']) . '</b></a>' . ($row['donor'] == 'yes' ? '<img src=' . $pic_base_url . 'star.gif alt=\'' . $lang->global['imgdonated'] . '\'>' : '') . ($row['warned'] == 'yes' ? '<img src=' . $pic_base_url . 'warned.gif alt="' . $lang->global['imgwarned'] . '">' : '') . ('' . ' <i>' . $title . '</i>') . '
';
}
else
{
print '<a name="comm' . $row['id'] . '"><i>' . $lang->requests['orphaned'] . '</i></a>
';
}
print ' ' . my_datee ($dateformat, $row['added']) . ' ' . $lang->requests['at'] . ' ' . my_datee ($timeformat, $row['added']) . ' ' . (($row['user'] == $CURUSER['id'] OR is_mod ($usergroups)) ? '' . '[ <a href=offcomment.php?action=edit&cid=' . $row['id'] . '>' . $lang->requests['edit'] . '</a> ] ' : '') . (is_mod ($usergroups) ? '' . '[ <a href=offcomment.php?action=delete&cid=' . $row['id'] . '>' . $lang->requests['delete'] . '</a> ]' : '') . (($row['editedby'] AND is_mod ($usergroups)) ? '' : '') . ' [ <a href=userdetails.php?id=' . $row['user'] . '>' . $lang->requests['profile'] . '</a> ] [ <a href=sendmessage.php?receiver=' . $row['user'] . '>' . $lang->requests['pm'] . ('' . '</a> ] [ <a href=report.php?action=reportoffercomment&reportid=' . $row['id'] . '>') . $lang->requests['report'] . '</a> ]</p>
';
$text = format_comment ($row['text']);
$avatar = get_user_avatar ($row['useravatar']);
if ($row['editedby'])
{
$text .= '<p><font size=1 class=small>' . $lang->requests['editedby'] . ('' . ' <a href=userdetails.php?id=' . $row['editedby'] . '><b>' . $row['username'] . '</b></a> ' . $row['editedat'] . ' ') . $lang->requests['gmt'] . '</font></p>
';
}
print '' . '</td></tr><td class="comments" width="20%" align="center" valign="middle">' . $avatar . ('' . '</td><td class="comments" width="80%" align="left" valign="top" >' . $text . '</td></tr>
');
end_table ();
}
}
function check_r_count ()
{
global $lang;
global $CURUSER;
global $error;
global $usergroups;
global $is_mod;
$query = sql_query ('SELECT COUNT(id) as total FROM requests WHERE filled=\'no\' AND userid = ' . sqlesc ($CURUSER['id']));
$count = @mysql_result ($query, 0, 'total');
if (((0 < $count AND !$is_mod) AND $usergroups['isvipgroup'] != 'yes'))
{
$error[] = $lang->requests['can_not_add'];
return null;
}
if ($usergroups['canrequest'] != 'yes')
{
$error[] = $lang->requests['no_perm'];
return null;
}
return '';
}
function check_rid ()
{
global $rid;
global $lang;
$query = sql_query ('SELECT id FROM requests WHERE id = ' . sqlesc ($rid));
if (mysql_num_rows ($query) == 0)
{
stderr ($lang->global['error'], $lang->requests['noreqid']);
return null;
}
return '';
}
function check_rid_permission ()
{
global $rid;
global $is_mod;
global $CURUSER;
$query = sql_query ('SELECT userid FROM requests WHERE id = ' . sqlesc ($rid));
$userid = mysql_result ($query, 0, 'userid');
if (($CURUSER['id'] != $userid AND !$is_mod))
{
print_no_permission ();
return null;
}
return '';
}
function check_fill_permission ()
{
global $is_mod;
global $usergroups;
global $CURUSER;
if (($is_mod OR $usergroups['canrequest'] == 'yes'))
{
return '';
}
print_no_permission ();
}
function show_request_errors ()
{
global $error;
global $lang;
if (0 < count ($error))
{
$errors = implode ('<br />', $error);
echo '
<table class="main" border="1" cellspacing="0" cellpadding="5" width="100%">
<tr>
<td class="thead">
' . $lang->global['error'] . '
</td>
</tr>
<tr>
<td>
<font color="red">
<strong>
' . $errors . '
</strong>
</font>
</td>
</tr>
</table>
<br />
';
}
}
function unesc ($x)
{
if (get_magic_quotes_gpc ())
{
return stripslashes ($x);
}
return $x;
}
require_once 'global.php';
gzip ();
dbconn ();
loggedinorreturn ();
maxsysop ();
parked ();
define ('VR_VERSION', '2.2.5 ');
define ('NcodeImageResizer', true);
$lang->load ('requests');
$is_mod = is_mod ($usergroups);
if (($rqs == 'no' AND !$is_mod))
{
stderr ($lang->global['error'], $lang->requests['offline']);
}
$do = (isset ($_GET['do']) ? trim ($_GET['do']) : (isset ($_POST['do']) ? trim ($_POST['do']) : ''));
$rid = (isset ($_GET['rid']) ? intval ($_GET['rid']) : (isset ($_POST['rid']) ? intval ($_POST['rid']) : 0));
if (($do == 'delete_request' AND is_valid_id ($rid)))
{
check_rid ();
check_rid_permission ();
sql_query ('DELETE FROM requests WHERE id = ' . sqlesc ($rid));
sql_query ('DELETE FROM addedrequests WHERE requestid = ' . sqlesc ($rid));
}
if (($do == 'add_vote' AND is_valid_id ($rid)))
{
check_rid ();
$query = sql_query ('SELECT filled FROM requests WHERE id = ' . sqlesc ($rid));
$is_filled = mysql_result ($query, 0, 'filled');
if ($is_filled == 'yes')
{
$error[] = $lang->requests['not_voted_yet'];
}
else
{
$query = sql_query ('SELECT userid FROM addedrequests WHERE userid = ' . sqlesc ($CURUSER['id']) . ' AND requestid = ' . sqlesc ($rid));
if (0 < mysql_num_rows ($query))
{
$error[] = $lang->requests['already_voted'];
}
else
{
sql_query ('UPDATE requests SET hits = hits + 1 WHERE id = ' . sqlesc ($rid));
sql_query ('INSERT INTO addedrequests (requestid, userid) VALUES (' . sqlesc ($rid) . ', ' . sqlesc ($CURUSER['id']) . ')');
}
}
}
if (($do == 'remove_vote' AND is_valid_id ($rid)))
{
check_rid ();
$query = sql_query ('SELECT filled FROM requests WHERE id = ' . sqlesc ($rid));
$is_filled = mysql_result ($query, 0, 'filled');
if ($is_filled == 'yes')
{
$error[] = $lang->requests['not_voted_yet'];
}
else
{
$query = sql_query ('SELECT userid FROM addedrequests WHERE userid = ' . sqlesc ($CURUSER['id']) . ' AND requestid = ' . sqlesc ($rid));
if (0 < mysql_num_rows ($query))
{
sql_query ('UPDATE requests SET hits = hits - 1 WHERE id = ' . sqlesc ($rid));
sql_query ('DELETE FROM addedrequests WHERE userid = ' . sqlesc ($CURUSER['id']) . ' AND requestid = ' . sqlesc ($rid));
}
else
{
$error[] = $lang->requests['not_voted_yet'];
}
}
}
if (($do == 'edit_request' AND is_valid_id ($rid)))
{
check_rid ();
check_rid_permission ();
if (strtoupper ($_SERVER['REQUEST_METHOD']) == 'POST')
{
if (($_POST['previewpost'] AND !empty ($_POST['message'])))
{
$avatar = get_user_avatar ($CURUSER['avatar']);
$prvp = '
<table border="0" cellspacing="0" cellpadding="4" class="none" width="100%">
<tr>
<td class="thead" colspan="2"><strong><h2>' . $lang->global['buttonpreview'] . '</h2></strong></td>
</tr>
<tr>
<td class="tcat" width="20%" align="center" valign="middle">' . $avatar . '</td><td class="tcat" width="80%" align="left" valign="top">' . format_comment ($_POST['message']) . '</td>
</tr>
</table>
<br />';
}
if (isset ($_POST['submit']))
{
$title = trim ($_POST['subject']);
$descr = trim ($_POST['message']);
$cat = intval ($_POST['category']);
if ($is_mod)
{
$filled = ($_POST['filled'] == 'yes' ? 'yes' : 'no');
$filledurl = $_POST['filledurl'];
}
if ((empty ($title) OR strlen ($title) < 3))
{
$error[] = $lang->requests['error1'];
}
if ((empty ($descr) OR strlen ($descr) < 3))
{
$error[] = $lang->requests['error3'];
}
if (!is_valid_id ($cat))
{
$error[] = $lang->requests['error2'];
}
$query = sql_query ('SELECT id FROM categories WHERE id = ' . sqlesc ($cat));
if (mysql_num_rows ($query) == 0)
{
$error[] = $lang->requests['error2'];
}
$set = '';
if (($filled == 'yes' AND $is_mod))
{
if (!preg_match ('#^' . preg_quote ('' . $BASEURL . '/details.php?id=') . ('' . '([0-9]{1,6})$#'), $filledurl))
{
$error[] = sprintf ($lang->requests['error6'], $BASEURL);
}
else
{
$set = ', filled=' . sqlesc ($filled) . ', filledurl = ' . sqlesc ($filledurl);
}
}
else
{
if ($is_mod)
{
$set = ', filled=' . sqlesc ($filled) . ', filledurl = \'\'';
}
}
if (count ($error) == 0)
{
(sql_query ('UPDATE requests SET request = ' . sqlesc ($title) . ', descr = ' . sqlesc ($descr) . ', cat = ' . sqlesc ($cat) . $set . ' WHERE id = ' . sqlesc ($rid)) OR sqlerr (__FILE__, 257));
redirect ('viewrequests.php?do=view_request&rid=' . $rid);
exit ();
}
}
}
define ('IN_EDITOR', true);
include_once INC_PATH . '/editor.php';
stdhead ($lang->requests['rhead'] . ' - ' . $lang->requests['field11']);
show_request_errors ();
$query = sql_query ('SELECT request, descr, cat, filled, filledurl FROM requests WHERE id = ' . sqlesc ($rid));
$request = mysql_fetch_assoc ($query);
$str = '<form method="post" action="' . $_SERVER['SCRIPT_NAME'] . '?do=edit_request&rid=' . $rid . '">';
if (!empty ($prvp))
{
$str .= $prvp;
}
require_once INC_PATH . '/functions_category.php';
$catdropdown = ts_category_list ('category', intval (($_POST['category'] ? $_POST['category'] : $request['cat'])));
$postoptionstitle = array ('1' => $lang->global['type'], '2' => ($is_mod ? $lang->requests['filled'] : ''), '3' => ($is_mod ? $lang->requests['filledurl'] : ''));
$postoptions = array ('1' => $catdropdown, '2' => ($is_mod ? '<select name="filled"><option values="yes"' . (($request['filled'] == 'yes' OR $_POST['filled'] == 'yes') ? ' selected="selected"' : '') . '>' . $lang->global['yes'] . '</option><option values="no"' . (($request['filled'] == 'no' OR $_POST['filled'] == 'no') ? ' selected="selected"' : '') . '>' . $lang->global['no'] . '</option></select>' : ''), '3' => ($is_mod ? '<input type="text" size="50" name="filledurl" value="' . htmlspecialchars_uni (($_POST['filledurl'] ? $_POST['filledurl'] : $request['filledurl'])) . '">' : ''));
$str .= insert_editor (true, (!empty ($_POST['subject']) ? $_POST['subject'] : unesc ($request['request'])), (!empty ($_POST['message']) ? $_POST['message'] : $request['descr']), $lang->requests['rhead3'], $lang->requests['rhead3'] . ': ' . htmlspecialchars_uni ($request['request']), $postoptionstitle, $postoptions);
$str .= '</form>';
echo $str;
stdfoot ();
exit ();
}
if ($do == 'add_request')
{
check_r_count ();
if (count ($error) == 0)
{
if (strtoupper ($_SERVER['REQUEST_METHOD']) == 'POST')
{
if (($_POST['previewpost'] AND !empty ($_POST['message'])))
{
$avatar = get_user_avatar ($CURUSER['avatar']);
$prvp = '
<table border="0" cellspacing="0" cellpadding="4" class="none" width="100%">
<tr>
<td class="thead" colspan="2"><strong><h2>' . $lang->global['buttonpreview'] . '</h2></strong></td>
</tr>
<tr>
<td class="tcat" width="20%" align="center" valign="middle">' . $avatar . '</td>
<td class="tcat" width="80%" align="left" valign="top">' . format_comment ($_POST['message']) . '</td>
</tr>
</table>
<br />';
}
if (isset ($_POST['submit']))
{
$title = trim ($_POST['subject']);
$descr = trim ($_POST['message']);
$cat = intval ($_POST['category']);
if ((empty ($title) OR strlen ($title) < 3))
{
$error[] = $lang->requests['error1'];
}
if ((empty ($descr) OR strlen ($descr) < 3))
{
$error[] = $lang->requests['error3'];
}
if (!is_valid_id ($cat))
{
$error[] = $lang->requests['error2'];
}
$query = sql_query ('SELECT id FROM categories WHERE id = ' . sqlesc ($cat));
if (mysql_num_rows ($query) == 0)
{
$error[] = $lang->requests['error2'];
}
if (count ($error) == 0)
{
(sql_query ('INSERT INTO requests (userid,request,descr,added,hits,cat) VALUES (' . sqlesc ($CURUSER['id']) . ',' . sqlesc ($title) . ',' . sqlesc ($descr) . ',' . sqlesc (get_date_time ()) . ',1,' . sqlesc ($cat) . ')') OR sqlerr (__FILE__, 348));
$rid = mysql_insert_id ();
(sql_query ('' . 'INSERT INTO addedrequests VALUES(0, ' . $rid . ', ' . sqlesc ($CURUSER['id']) . ')') OR sqlerr (__FILE__, 350));
(sql_query ('UPDATE users SET seedbonus = seedbonus-5.0 WHERE id = ' . sqlesc ($CURUSER['id'])) OR sqlerr (__FILE__, 351));
write_log ('' . 'Request (' . $title . ') was added to the Request section by ' . $CURUSER['username']);
if (($tsshoutbot == 'yes' AND preg_match ('#request#', $tsshoutboxoptions)))
{
$shoutbOT = sprintf ($lang->requests['shoutbOT'], '[URL=' . $BASEURL . '/viewrequests.php?do=view_request&rid=' . $rid . ']' . $title . '[/URL]', '[URL=' . $BASEURL . '/userdetails.php?id=' . $CURUSER['id'] . ']' . $CURUSER['username'] . '[/URL]');
$shout_sql = 'INSERT INTO shoutbox (userid, date, content) VALUES (\'999999999\', \'' . TIMENOW . '\', ' . sqlesc ('{systemnotice}' . $shoutbOT) . ')';
$shout_result = sql_query ($shout_sql);
}
redirect ('viewrequests.php?do=view_request&rid=' . $rid);
exit ();
}
}
}
require_once INC_PATH . '/functions_category.php';
define ('IN_EDITOR', true);
include_once INC_PATH . '/editor.php';
stdhead ($lang->requests['rhead'] . ' - ' . $lang->requests['makereq']);
show_request_errors ();
$str = '<form method="post" action="' . $_SERVER['SCRIPT_NAME'] . '?do=add_request">';
if (!empty ($prvp))
{
$str .= $prvp;
}
require_once INC_PATH . '/functions_category.php';
$catdropdown = ts_category_list ('category', intval (($_POST['category'] ? $_POST['category'] : 0)));
$postoptionstitle = array ('1' => $lang->global['type']);
$postoptions = array ('1' => $catdropdown);
$str .= insert_editor (true, (!empty ($_POST['subject']) ? $_POST['subject'] : ''), (!empty ($_POST['message']) ? $_POST['message'] : ''), $lang->requests['makereq'], $lang->requests['makereq'], $postoptionstitle, $postoptions);
$str .= '</form>';
echo $str;
stdfoot ();
exit ();
}
}
if (($do == 'view_request' AND is_valid_id ($rid)))
{
check_rid ();
($query = sql_query ('SELECT r.id, r.userid, r.filledby, r.filledurl, r.request, r.descr, r.added, r.hits, r.cat, r.filled, c.image as category_image, c.name as category_name, u.username, g.namestyle FROM requests r LEFT JOIN categories c ON (r.cat=c.id) LEFT JOIN users u ON (r.userid=u.id) LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE r.id = ' . sqlesc ($rid)) OR sqlerr (__FILE__, 401));
$request = mysql_fetch_assoc ($query);
stdhead ($lang->requests['rhead'] . ' - ' . $lang->requests['viewreq'] . ' : ' . htmlspecialchars_uni ($request['request']));
$delete_image = (($is_mod OR $request['userid'] == $CURUSER['id']) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=delete_request&rid=' . $request['id'] . '" onclick="return confirm_delete_request()">' . $lang->requests['field12'] . '</a></h2> ' : '');
$edit_image = (($is_mod OR $request['userid'] == $CURUSER['id']) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=edit_request&rid=' . $request['id'] . '">' . $lang->requests['field11'] . '</a></h2> ' : '');
$fillrequest = (($request['filled'] == 'no' AND ($is_mod OR $usergroups['canrequest'] == 'yes')) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=fill_request&rid=' . $request['id'] . '">' . $lang->requests['field18'] . '</a></h2> ' : '');
$reset_request = (($request['filled'] == 'yes' AND ($is_mod OR $CURUSER['id'] == $request['userid'])) ? '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '?do=reset_request&rid=' . $request['id'] . '">' . $lang->requests['field13'] . '</a></h2> ' : '');
$back = '<h2><a class=hoptobutton size=4 href="' . $_SERVER['SCRIPT_NAME'] . '">' . $lang->requests['return'] . '</a></h2> ';
$commentbar = '' . '<div align=left><br /><h2><a class=hoptobutton size=4 href=reqcomment.php?action=add&tid=' . $request['id'] . '>' . $lang->requests['addcomment'] . '</a></h2></div>';
echo '
<script type="text/javascript">
function confirm_delete_request()
{
var confirm_delete = confirm("' . $lang->requests['are_you_sure'] . '");
if (confirm_delete)
{
return true;
}
else
{
return false;
}
}
</script>
<table width="100%" border="0" cellpadding="5" cellspacing="0">
<tr>
<td class="thead" colspan="2" align="center">' . $lang->requests['viewreq'] . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['rtitle'] . '</td>
<td align="left" width="80%">' . htmlspecialchars_uni ($request['request']) . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field9'] . '</td>
<td align="left" width="80%"><a href="' . $BASEURL . '/userdetails.php?id=' . $request['userid'] . '">' . get_user_color ($request['username'], $request['namestyle']) . '</a></td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field8'] . '</td>
<td align="left" width="80%">' . my_datee ($dateformat, $request['added']) . ' ' . my_datee ($timeformat, $request['added']) . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field6'] . '</td>
<td align="left" width="80%">' . $request['category_name'] . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['votes'] . '</td>
<td align="left" width="80%">' . $request['hits'] . '</td>
</tr>
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['field5'] . '</td>
<td align="left" width="80%">' . format_comment ($request['descr']) . '</td>
</tr>';
if ($request['filled'] == 'yes')
{
($query = sql_query ('SELECT u.username, g.namestyle FROM users u LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE u.id=' . sqlesc ($request['filledby'])) OR sqlerr (__FILE__, 455));
$fillerdetails = mysql_fetch_assoc ($query);
echo '
<tr>
<td align="right" width="20%" class="subheader">' . $lang->requests['filledby'] . '</td>
<td align="left" width="80%"><a href="' . $BASEURL . '/userdetails.php?id=' . $request['filledby'] . '">' . get_user_color ($fillerdetails['username'], $fillerdetails['namestyle']) . '</a> [<a href="' . $request['filledurl'] . '">' . $lang->requests['view_details'] . '</a>]</td>
</tr>';
}
echo '
<tr>
<td colspan="2" align="center" class="subheader"><p>' . $back . $delete_image . $edit_image . $fillrequest . $reset_request . '</p></td>
</tr>
</table>
';
print("<tr><td class=embedded colspan=2><p><a name=startcomments></a></p>\n");
$commentbar = '' . '<div align=left><br /><h2><a class=hoptobutton size=4 href=reqcomment.php?action=add&tid=' . $request['id'] . '>' . $lang->requests['addcomment'] . '</a></h2></div></ br></ br>';
$subres = sql_query ('' . 'SELECT COUNT(*) FROM comments WHERE request = ' . $id);
$subrow = mysql_fetch_array ($subres);
$count = $subrow[0];
print '</td></tr></table>';
if ($count)
{
list ($pagertop, $pagerbottom, $limit) = pager ($ts_perpage, $count, '' . 'viewrequests1.php?do=view_request&rid=' . $id .' &', array (lastpagedefault => 1));
($subres = sql_query ('' . 'SELECT c.id, c.text, c.user, c.added, c.editedby, c.editedat, u.warned, u.username, u.title, u.usergroup, u.donor, g.title as grouptitle,u.avatar as useravatar FROM comments c LEFT JOIN users u ON (c.user=u.id) LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE c.request = ' . $id . ' ORDER BY c.id ' . $limit) OR sqlerr (__FILE__, 335));
$allrows = array ();
while ($subrow = mysql_fetch_array ($subres))
{
$allrows[] = $subrow;
}
print $pagertop;
offcommenttable ($allrows);
print $pagerbottom;
}
$subres
print $commentbar;
echo '</table>';
stdfoot ();
exit ();
}
Last edited by lafouine022; 7th June 2010 at 06:13.
|