rabtb |
3rd January 2013 21:17 |
offcomment.php
Code:
require_once("include/bittorrent.php");
$action = $_GET["action"];
dbconn(false);
loggedinorreturn();
parked(); //=== uncomment if you use the parked mod
if ($action == "add")
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$offid = 0 + $_POST["tid"];
if (!is_valid_id($offid))
stderr("Error", "Wrong ID");
$res = mysql_query("SELECT name FROM offers WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "No offer with that ID");
$text = trim($_POST["body"]);
if (!$text)
stderr("Error", "Don't leave any fields blank!");
mysql_query("INSERT INTO comments (user, offer, added, text, ori_text) VALUES (" .
$CURUSER["id"] . ",$offid, '" . get_date_time() . "', " . sqlesc($text) .
"," . sqlesc($text) . ")");
$newid = mysql_insert_id();
mysql_query("UPDATE offers SET comments = comments + 1 WHERE id = $offid");
header("Refresh: 0; url=viewoffers.php?id=$offid&off_details=1&viewcomm=$newid#comm$newid");
die;
}
$offid = 0 + $_GET["tid"];
if (!is_valid_id($offid))
stderr("Error", "Wrong ID.");
$res = mysql_query("SELECT name FROM offers WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");
stdhead("Add comment to \"" . $arr["name"] . "\"");
print("
|