[AppDB] no anonymous comments
Jonathan Ernst
Jonathan at ErnstFamily.ch
Fri Dec 10 05:32:10 CST 2004
Change Log:
- stop annoymous comments submitions
- code cleanup (more php style than c style + better indentation +
comments + replaced globally registered vars)
Files changed:
- addcomment.php
-------------- next part --------------
Index: addcomment.php
===================================================================
RCS file: /home/wine/appdb/addcomment.php,v
retrieving revision 1.5
diff -u -r1.5 addcomment.php
--- addcomment.php 10 Dec 2004 01:07:45 -0000 1.5
+++ addcomment.php 10 Dec 2004 11:28:19 -0000
@@ -1,31 +1,38 @@
<?
+/********************************/
+/* code to submit a new comment */
+/********************************/
+# APPLICATION ENVIRONMENT
include("path.php");
require(BASE."include/"."incl.php");
require(BASE."include/"."application.php");
-
-
-if(!$appId) {
- errorpage('Internal Database Access Error');
- exit;
+// you must be logged in to submit comments
+if(!loggedin()) {
+ unset($_REQUEST['body']);
+ apidb_header("Please login");
+ echo "To submit a comment for an application you must be logged in. Please <a href=\"account.php?cmd=login\">login now</a> or create a <a href=\"account.php?cmd=new\">new account</a>.","\n";
}
-if(!$versionId) {
- $versionId = 0;
+if(!isset($_REQUEST['appId'])) {
+ errorpage('Internal Database Access Error');
+ exit;
}
-if(!$thread) {
- $thread = 0;
+if(!$_REQUEST['versionId']) {
+ $versionId = 0;
}
-opendb();
-
+if(!$_REQUEST['thread']) {
+ $thread = 0;
+}
-if($body)
-{
- // add comment to db
-
+############################
+# ADDS COMMENT TO DATABASE #
+############################
+if($_REQUEST[body]) {
+
$hostname = get_remote();
$subject = strip_tags($subject);
@@ -33,22 +40,19 @@
$body1 = mysql_escape_string($body);
// get current userid
- $userId = (loggedin()) ? $_SESSION['current']->userid : 0;
+ $userId = $_SESSION['current']->userid;
$result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".
"$appId, $versionId, $userId, '$hostname', '$subject', ".
"'$body1', 0)");
- if (!$result)
- {
+ if (!$result) {
errorpage('Internal Database Access Error',mysql_error());
exit;
- } else
- {
- if ($originator)
- {
- if (UserWantsEmail($originator))
- {
+ }
+ else {
+ if ($originator) {
+ if (UserWantsEmail($originator)) {
$email = lookupEmail($originator);
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
$ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
@@ -69,12 +73,11 @@
}
}
$email = getNotifyEmailAddressList($appId, $versionId);
- if($email)
- {
+ if($email) {
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
$ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
$ms .= "\n";
- $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";
+ $ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
$ms .= "\n";
$ms .= "Subject: ".$subject."\n";
$ms .= "\n";
@@ -84,8 +87,8 @@
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
- } else
- {
+ }
+ else {
$email = "no one";
}
addmsg("mesage sent to: ".$email, green);
@@ -94,26 +97,27 @@
redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
}
}
-else
-{
- apidb_header("Add Comment");
+################################
+# USER WANTS TO SUBMIT COMMENT #
+################################
+else if(loggedin()) {
- $mesTitle = "<b>Post New Comment</b>";
+ apidb_header("Add Comment");
- if($thread)
- {
+ $mesTitle = "<b>Post New Comment</b>";
+
+ if($_REQUEST['thread']) {
$result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");
$ob = mysql_fetch_object($result);
- if($ob)
- {
+ if($ob) {
$mesTitle = "<b>Replying To ...</b> $ob->subject\n";
- $originator = $ob->userId;
+ $originator = $ob->userId;
echo html_frame_start($ob->subject,500);
- echo htmlify_urls($ob->body), "<br><br>\n";
+ echo htmlify_urls($ob->body), "<br /><br />\n";
echo html_frame_end();
- }
- }
+ }
+ }
echo "<form method=POST action='addcomment.php'>\n";
@@ -121,7 +125,7 @@
echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b> </td>\n";
- echo " <td> ". ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous") ." </td></tr>\n";
+ echo " <td> ".$_SESSION['current']->username."</td></tr>\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b> </td>\n";
echo " <td> <input type=text size=35 name=subject value='$subject'> </td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";
@@ -136,14 +140,15 @@
echo "<input type=HIDDEN name=thread value=$thread>\n";
echo "<input type=HIDDEN name=appId value=$appId>\n";
echo "<input type=HIDDEN name=versionId value=$versionId>\n";
- if ($thread)
- {
- echo "<input type=HIDDEN name=originator value=$originator>\n";
+ if ($thread) {
+ echo "<input type=HIDDEN name=originator value=$originator>\n";
}
- echo "</form><p> </p>\n";
-
- apidb_footer();
-
+ echo "</form>";
}
-
?>
+
+<p> </p>
+
+<?
+apidb_footer();
+?>
\ No newline at end of file
More information about the wine-patches
mailing list