Collections functions
Encryption functions
General functions
Theme permission functions
Resource functions

comments_submit()

Description

Write comments to the database, also deals with hiding and flagging comments

Parameters

This function accepts no parameters.

Return

void

Location

include/comment_functions.php lines 8 to 100

Definition

 
function comments_submit() 
    {        
    global 
$username$anonymous_login$userref$regex_email$comments_max_characters$lang$email_notify$comments_email_notification_address;
    
    if (
$username == $anonymous_login && (getvalescaped("fullname","") == "" || preg_match ("/${regex_email}/"getvalescaped("email","")) === false)) return;
    
    
$comment_to_hide getvalescaped("comment_to_hide",0,true);
    
    if ((
$comment_to_hide != 0) && (checkPerm("o"))) {    
        
$sql "update comment set hide=1 where ref='$comment_to_hide'";
        
sql_query ($sql);        
        return;
    }
    
    
$comment_flag_ref getvalescaped("comment_flag_ref",0,true);    
    
    
// --- process flag request
    
    
if ($comment_flag_ref != 0
        {    
        
$comment_flag_reason getvalescaped("comment_flag_reason","");        
        
$comment_flag_url getvalescaped("comment_flag_url","");
        
        if (
$comment_flag_reason == "" || $comment_flag_url == "") return;

        
# the following line can be simplified using strstr (with before_needle boolean) but not supported < PHP 5.3.0        
        
if (!strpos ($comment_flag_url"#") === false$comment_flag_url substr ($comment_flag_url0strpos ($comment_flag_url"#")-1);
        
        
$comment_flag_url .= "#comment${comment_flag_ref}";        // add comment anchor to end of URL
        
        
$comment_body sql_query("select body from comment where ref='$comment_flag_ref'");        
        
$comment_body = (!empty($comment_body[0]['body'])) ? $comment_body[0]['body'] : "";
        
        if (
$comment_body == "") return;
        
        
$email_subject = (text("comments_flag_notification_email_subject")!="") ?
            
text("comments_flag_notification_email_subject") : $lang['comments_flag-email-default-subject'];
            
        
$email_body = (text("comments_flag_notification_email_body")!="") ?
            
text("comments_flag_notification_email_body") : $lang['comments_flag-email-default-body'];
        
        
$email_body .=    "\r\n\r\n\"${comment_body}\"";
        
$email_body .= "\r\n\r\n${comment_flag_url}";        
        
$email_body .= "\r\n\r\n${lang['comments_flag-email-flagged-by']} ${username}";        
        
$email_body .= "\r\n\r\n${lang['comments_flag-email-flagged-reason']} \"${comment_flag_reason}\"";
        
        
$email_to = (
                empty (
$comments_email_notification_address)
                
                
// (preg_match ("/${regex_email}/", $comments_email_notification_address) === false)        // TODO: make this regex better
            
) ? $email_notify $comments_email_notification_address;
        
        
rs_setcookie("comment${comment_flag_ref}flagged""true");                
        
$_POST["comment${comment_flag_ref}flagged"] = "true";        // we set this so that the subsequent getval() function will pick up this comment flagged in the show comments function (headers have already been sent before cookie set)
        
        
send_mail ($email_to$email_subject$email_body);
        return;
    }
    
    
// --- process comment submission
    
if (                                            // we don't want to insert an empty comment or an orphan
        
(getvalescaped("body","") == "") ||
        ((
getvalescaped("collection_ref","") == "") && (getvalescaped("resource_ref","") == "") && (getvalescaped("ref_parent","") == ""))
        )
        return;
        
    if (
$username == $anonymous_login)    // anonymous user        
        
{                
            
$sql_fields "fullname, email, website_url";                
            
$sql_values "'" getvalescaped("fullname""") . "','" getvalescaped("email""") . "','" getvalescaped("website_url""") . "'";                                                    
        }
    else
        {
            
$sql_fields "user_ref";
            
$sql_values "'" $userref "'";
        }

    
$body getvalescaped("body""");        
    if (
strlen ($body) > $comments_max_characters$body substr ($body0$comments_max_characters);        // just in case not caught in submit form
    
    
$parent_ref =  getvalescaped("ref_parent"0,true);
    
$collection_ref =  getvalescaped("collection_ref"0,true);
    
$resource_ref =  getvalescaped("resource_ref"0,true);
    
    
$sql "insert into comment (ref_parent, collection_ref, resource_ref, {$sql_fields}, body) values ("    .
                (
$parent_ref == "NULL" "'$parent_ref'") . "," .
                (
$collection_ref == "NULL" "'$collection_ref'") . "," .
                (
$resource_ref == "NULL" "'$resource_ref'") . "," .    
                
$sql_values "," .                    
                
"'${body}'" .                            
            
")";
    
sql_query($sql);
    }

This article was last updated 16th July 2020 01:35 Europe/London time based on the source file dated 26th June 2020 16:05 Europe/London time.