-
Notifications
You must be signed in to change notification settings - Fork 0
/
convedit.php
121 lines (118 loc) · 5.88 KB
/
convedit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
if (isset($_GET['action'])) {
if ($_GET['action'] == "new" || $_GET['action'] == "update") {
if (isset($_POST['inreplyto'])) { //admin is setting date
$newinreplyto = $_POST['inreplyto'];
} else if (isset($_GET['irtid'])){ //for edits by regular users
$newinreplyto = $_GET['irtid'];
} else {$newinreplyto = 0;}
$newcomm = ltrim(rtrim($_POST['comment']));
if (!isset($_POST['comment']) ) {
die ("error: tried to post blank post");
}
$replacefrom = array("\\'","\\'",'\\"','\\"');
$replaceto = array("\'","\'",'\"','\"');
$newcomm = str_replace($replacefrom, $replaceto, $newcomm);
$newcomm = addslashes($newcomm);
$createtimeadminedit = "";
if ($userid == 1) { //admin
$reqauthor = "";
$newcomm_author= explode (":", $_POST['postingas']);
$newcomm_authorid = $newcomm_author[0];
$newcomm_authorname = $newcomm_author[1];
if (isset($_POST['postingat'])) {
$newcomm_posttime = ltrim(rtrim($_POST['postingat']));
$replacefrom = array(" - ","am.","pm.");
$replaceto = array(" ","am","pm");
$newcomm_posttime = strtotime(str_replace($replacefrom, $replaceto, $newcomm_posttime));
if (($timestamp = $newcomm_posttime) === -1 || $_POST['postingat'] == '') {
$newcomm_posttime = "NOW()";
} else {
$newcomm_posttime = $newcomm_posttime - ((0 + $tz) * 3600);
$newcomm_posttime = "'" . date(MYSQL_DATETIME_FORMAT, $newcomm_posttime) . "'";
$createtimeadminedit = ", `createdate` = $newcomm_posttime";
}
} else {
$newcomm_posttime = "NOW()";
}
} else {
$newcomm_authorid = $userid;
$newcomm_authorname = $username;
$newcomm_posttime = "NOW()";
}
}
$updatecommentcount = false;
if ($_GET['action'] == "new") {
//delete duplicate posts, apparently
$res= mysql_query("DELETE FROM `comments` WHERE `authorid` = '$newcomm_authorid' AND `conid` = '$conv_id' AND `comment` = '$newcomm'") or die("Could not update database: " . mysql_error());
$res= mysql_query("INSERT INTO `comments` (`comid`, `inreplyto`, `conid`, `authorid`, `comment`, `createdate`, `changedate`) VALUES ('', '$newinreplyto', '$conv_id', '$newcomm_authorid', '$newcomm', $newcomm_posttime , $newcomm_posttime);") or die("Could not update comment database.");
if ($newcomm_posttime == "NOW()") {
$res= mysql_query("UPDATE `conversations` SET `changedate` = NOW(), `lastpostuserid` = '$newcomm_authorid', `lastpostusername` = '$newcomm_authorname' WHERE `authorid` = '$userid' AND `conid` = '$conv_id' LIMIT 1") or die("Could not update conversation database.");
}
$updatecommentcount = true;
} elseif ($_GET['action'] == "delete") {
if (isset($_GET['comid'])) {
$editcomid = $_GET['comid'];
if ($userid != 1) $reqauthor = " AND `authorid` = '$userid'";
$res = mysql_query("SELECT comid FROM `comments` WHERE `conid` = '$conv_id' AND `comid` = '$editcomid'$reqauthor",$db);
if (mysql_num_rows($res)==1) {
mysql_query("UPDATE `comments` SET `visible` = 'N' WHERE `conid` = '$conv_id' AND `comid` = '$editcomid';") or die("Could not delete comment");
}
}
} elseif ($_GET['action'] == "edit") {
if (isset($_GET['comid'])) {
$editcomid = $_GET['comid'];
if ($userid != 1) $reqauthor = " AND `authorid` = '$userid'";
$res = mysql_query("SELECT * FROM `comments` WHERE `conid` = '$conv_id' AND `comid` = '$editcomid'$reqauthor",$db);
if (mysql_num_rows($res)==1) {
$hideallexcept = $editcomid;
}
}
} elseif ($_GET['action'] == "reply") {
if (isset($_GET['comid'])) {
$replytoid = $_GET['comid'];
$res = mysql_query("SELECT * FROM `comments` WHERE `conid` = '$conv_id' AND `comid` = '$replytoid'",$db);
if (mysql_num_rows($res)==1) {
$hideallexcept = $replytoid;
}
}
} elseif ($_GET['action'] == "update") { //submitted the edit form
if (isset($_GET['comid'])) {
$editcomid = $_GET['comid'];
if ($userid != 1) $reqauthor = " AND `authorid` = '$userid'";
$res = mysql_query("SELECT * FROM `comments` WHERE `conid` = '$conv_id' AND `comid` = '$editcomid'$reqauthor",$db);
if (mysql_num_rows($res)==1) {
mysql_query("UPDATE `comments` SET `comment` = '$newcomm'$createtimeadminedit, `changedate` = $newcomm_posttime, `authorid` = '$newcomm_authorid', `inreplyto` = '$newinreplyto' WHERE `conid` = '$conv_id' AND `comid` = '$editcomid';") or die("Could not update comment");
$updatecommentcount = true; // I don't see why, maybe for admin
}
}
}
if ($updatecommentcount == true) {
// Update the conversation with the number of comments
$res = mysql_query("SELECT count(*) AS CommCount FROM `comments` WHERE `conid` = '$conv_id' AND `visible` = 'Y'", $db);
if (mysql_num_rows($res) == 1) {
$conv_obj= mysql_fetch_object($res);
$comcount= $conv_obj->CommCount;
$sql = "UPDATE `conversations` SET `numcomm` = '$comcount' WHERE `conid` = '$conv_id';";
mysql_query($sql) or die("Could not update comment count");
}
// Update the conversation about the new last post
$sql = "SELECT MAX(`createdate`) AS finalpostdate FROM `comments` WHERE `conid` = '$conv_id' AND `visible` = 'Y';";
$res = mysql_query($sql, $db);
if (mysql_num_rows($res) == 1) {
$conv_obj= mysql_fetch_object($res);
$finalpost= $conv_obj->finalpostdate;
$sql = "SELECT c.createdate, c.authorid, u.username FROM comments AS c, users AS u WHERE u.userid = c.authorid AND c.conid = '$conv_id' AND c.visible = 'Y' AND c.createdate = '$finalpost';";
$res = mysql_query($sql, $db);
if (mysql_num_rows($res)==1) {
$conv_obj= mysql_fetch_object($res);
$lastposttime = $conv_obj->createdate;
$lastpostid= $conv_obj->authorid;
$lastpostname= $conv_obj->username;
$sql = "UPDATE `conversations` SET `changedate` = '$lastposttime', `lastpostuserid` = '$lastpostid', `lastpostusername` = '$lastpostname' WHERE `conid` = '$conv_id';";
mysql_query($sql) or die("Could not update last post info.");
}
}
}
}
?>