start('Comments', array('Main|index.php'));
echo '';
$html->action('?action=insert', 'insertl', 'Add new comment');
echo '
';
foreach($sql->get('*', DB.'comment order by datetime_stamp desc') as $row)
{
echo ''.str2text($row['title']).'';
if($row['user_id'] == 0)
echo ' by '.text($row['signature']);
else
echo ' by '.text($users->get_user_name($row['user_id']));
$is_my = $is_login && ($users->info['id'] == $row['user_id']);
if($is_moderator || $is_my)
{
$html->action('?action=update&id='.$row['id'], 'update', 'Update');
$html->action('?action=delete&id='.$row['id'], 'delete', 'Delete', 'Really delete?');
}
echo '
by '.text($item['signature']).'
';
else
echo 'by '.text($users->get_user_name($item['user_id'])).'
';
echo ''.text($item['description'], true, true).'
';
echo '| ';
echo '';
echo ' | ';
$data = $sql->get('marker_id, lat, lon', DB.'comment_point', 'comment_id='.$sql->i($id).' order by marker_id');
if(!count($data)) echo 'No markers'; else
foreach($data as $row)
{
echo '';
}
echo ' |
';
echo '';
echo '';
$html->stop();
break;
case 'insert': case 'update':
if($action == 'insert')
{
if(isset($_GET['lat']) && isset($_GET['lon']) && isset($_GET['zoom']))
{
$item['lat'] = floatval($_GET['lat']);
$item['lon'] = floatval($_GET['lon']);
$item['zoom'] = floatval($_GET['zoom']);
}
else
{
$item['lat'] = 30;
$item['lon'] = 0;
$item['zoom'] = 1;
}
$html->start('Add new comment', array('Main|index.php', 'Comments|comment.php'));
$html->form_start('comment.php', 'insert_post');
}
else
{
if(!$is_login) out();
$id = @intval($_GET['id']);
$item = $sql->row('*', DB.'comment', 'id='.$sql->i($id));
if($item === false) out();
$is_my = $is_login && ($users->info['id'] == $item['user_id']);
if(!$is_moderator && !$is_my) out();
$item['markers'] = $sql->get('*', DB.'comment_point', 'comment_id='.$sql->i($id).' order by marker_id');
$html->start('Update comment', array('Main|index.php', 'Comments|comment.php'));
$html->form_start('comment.php', 'update_post', $id);
}
$html->form_add_string('title', 'Title', @$item['title'], 40, true);
$html->form_add_text('description', 'Comment', @$item['description'], '500px', '100px', true, true);
$html->form_geo_markers('markers', 'lat', 'lon', 'zoom', 'Markers', @$item['markers'], @$item['lat'], @$item['lon'], @$item['zoom'], '500px', '300px');
if(!$is_login || (($action == 'update') && $is_moderator && (@$item['user_id'] == 0)))
{
$html->form_add_string('signature', 'Name/nickname', @$item['signature'], 40, true);
$html->form_add_string('email', 'E-mail (not shown, enter if you want to be replied)', @$item['email'], 40);
}
if(!$is_login)
{
include 'engine/lib/captcha.lib.php';
$captcha_session_id = captcha_get_session($sql);
$html->form_add_captcha('Enter number on picture', $captcha_session_id);
$html->form_add_variable('captcha', $captcha_session_id);
}
$html->form_actions();
if($action=='insert') $html->form_add_action('Add');
else $html->form_add_action('Update');
$html->form_stop();
$html->stop();
break;
case 'insert_post':
if(!$is_login)
{
include 'engine/lib/captcha.lib.php';
$captcha_session_id = captcha_get_session($sql);
if(captcha_compare_code($sql, $captcha_session_id, $_POST['captcha_code']))
{
captcha_refesh_code($sql, $captcha_session_id);
$sql->insert(array(
'title'=>$sql->s($_POST['title'], 255),
'description'=>$sql->s($_POST['description'], 4000),
'datetime_stamp'=>$sql->i(time()),
'user_id'=>$sql->i(0),
'signature'=>$sql->s($_POST['signature'], 255),
'email'=>$sql->s($_POST['email'], 255),
'lat'=>$sql->f($_POST['lat']),
'lon'=>$sql->f($_POST['lon']),
'zoom'=>$sql->f($_POST['zoom'])
), DB.'comment');
$id = $sql->get_last_id();
foreach(explode("\r\n", trim($_POST['markers'])) as $row)
{
list($marker_id, $lat, $lon) = explode("\t", $row);
$sql->insert(array(
'comment_id'=>$sql->i($id),
'marker_id'=>$sql->i($marker_id),
'lat'=>$sql->f($lat),
'lon'=>$sql->f($lon),
), DB.'comment_point');
}
}
else
location('comment.php?action=bad_captcha');
}
else
{
$sql->insert(array(
'title'=>$sql->s($_POST['title'], 255),
'description'=>$sql->s($_POST['description'], 4000),
'datetime_stamp'=>$sql->i(time()),
'user_id'=>$sql->i($users->info['id']),
'signature'=>$sql->s(''),
'email'=>$sql->s(''),
'lat'=>$sql->f($_POST['lat']),
'lon'=>$sql->f($_POST['lon']),
'zoom'=>$sql->f($_POST['zoom'])
), DB.'comment');
$id = $sql->get_last_id();
if(trim($_POST['markers']) != '')
foreach(explode("\r\n", trim($_POST['markers'])) as $row)
{
list($marker_id, $lat, $lon) = explode("\t", $row);
$sql->insert(array(
'comment_id'=>$sql->i($id),
'marker_id'=>$sql->i($marker_id),
'lat'=>$sql->f($lat),
'lon'=>$sql->f($lon),
), DB.'comment_point');
}
}
location('comment.php?action=show&id='.$id);
break;
case 'update_post':
if(!$is_login) out();
$id = @intval($_POST['id']);
$item = $sql->row('*', DB.'comment', 'id='.$sql->i($id));
if($item === false) out();
$is_my = $is_login && ($users->info['id'] == $item['user_id']);
if(!$is_moderator && !$is_my) out();
if(($item['user_id'] == 0) && $is_moderator)
{
$signature = $_POST['signature'];
$email = $_POST['email'];
}
else
{
$signature = '';
$email = '';
}
$sql->update(array(
'title'=>$sql->s($_POST['title'], 255),
'description'=>$sql->s($_POST['description'], 4000),
'signature'=>$sql->s($signature),
'email'=>$sql->s($email),
'lat'=>$sql->f($_POST['lat']),
'lon'=>$sql->f($_POST['lon']),
'zoom'=>$sql->f($_POST['zoom'])
), DB.'comment', 'id='.$sql->i($id));
$sql->delete(DB.'comment_point', 'comment_id='.$sql->i($id));
if(trim($_POST['markers']) != '')
foreach(explode("\r\n", trim($_POST['markers'])) as $row)
{
list($marker_id, $lat, $lon) = explode("\t", $row);
$sql->insert(array(
'comment_id'=>$sql->i($id),
'marker_id'=>$sql->i($marker_id),
'lat'=>$sql->f($lat),
'lon'=>$sql->f($lon),
), DB.'comment_point');
}
location('comment.php?action=show&id='.$id);
break;
case 'delete':
if(!$is_moderator) out();
$id = intval($_GET['id']);
$sql->delete(DB.'comment', 'id='.$sql->i($id));
$sql->delete(DB.'comment_point', 'comment_id='.$sql->i($id));
location('comment.php');
break;
}
?>