<?php
/*
*
* @copyright (c) 2010 animegame.eu
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
*
*/
include_once('path.inc.php'); // get the path ;)
include_once (ROOT_PATH . '/include/config.inc.php');
include_once (ROOT_PATH . '/include/designfunctions.inc.php');
include_once (ROOT_PATH . '/include/parse.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$komment = validateString($_GET['komment']);
$news_id = validateUnsignedInteger($_GET['id'], null);
$pagenum = validateUnsignedInteger($_GET['pagenum'], null);
// Unkritisch
$charm = $_GET['charm'];
$username = $user_ida['nickname'];
function insertComment($username, $komment, $news_id) {
$sql = 'INSERT ff11_komments SET user=\'' . $username . '\', text=\'' . encodeNoHTMLWithBB($komment) . '\', ip=\'' . $_SERVER['REMOTE_ADDR'] . '\', datum=CURRENT_DATE, zeit=CURRENT_TIME, news_id=' . $news_id;
db_query($sql);
// echo $sql;
}
function showNewsKomments($userid, $news_id) {
$nachricht = mysqli_fetch_assoc(db_query('SELECT * FROM ff11_news WHERE id=' . $news_id));
?>
< table cellpadding = "0" cellspacing = "0" width = "100%" >
< tr >
< td height = "35" valign = "top" align = "center" > < / td >
< / tr >
< tr >
< td id = "content" height = "57" valign = "top" >< b >< img src = "pictures/news.jpg" > Von:</ b > <?php echo $nachricht [ 'name' ] ?> < br >< br >< b > Datum:</ b > <?php echo $nachricht [ 'datum' ]; ?> um <?php echo $nachricht [ 'zeit' ]; ?> Uhr< br >< b > Betreff:</ b > <?php echo $nachricht [ 'betreff' ]; ?> </ td >
< / tr >
< tr >
< td height = "1" > < / td >
< / tr >
< tr >
< td id = "content" height = "50" valign = "top" >< br > <?php echo $nachricht [ 'text' ]; ?> < br ></ td >
< / tr >
< tr >
< td height = "1" > < br > < / td >
< / tr >
<?php
$kommens = db_query('SELECT * FROM ff11_komments WHERE news_id=' . $news_id . ' order by id ASC');
while ($row = mysqli_fetch_assoc($kommens)) {
?>
< tr >
< td id = "content" height = "15" valign = "top" >< b > Name:</ b > <?php echo $row [ 'user' ] . ' schrieb am ' . $row [ 'datum' ] . ' um ' . $row [ 'zeit' ] . ' Uhr' ; ?> < img src = pictures/komment.jpg ></ td >
< / tr >
< tr >
< td height = "1" > < / td >
< / tr >
< tr >
< td id = "content" height = "50" valign = "top" >< br > <?php echo $row [ 'text' ]; ?> < br ></ td >
< / tr >
< tr >
< td height = "1" > < br > < / td >
< / tr >
<?php
}
if ($userid != NULL) {
?>
< tr >
< td height = "50" align = "center" >
< br >
< form action = " <?php echo $_SERVER [ 'PHP_SELF' ]; ?> " method = "get" >
< input type = "hidden" name = "as" value = "news" >
< input type = "hidden" name = "id" value = " <?php echo $news_id ; ?> " >
< input type = "hidden" name = "charm" value = "1" >
< textarea id = "input" name = "komment" cols = "65" rows = "5" > < / textarea >
< br > < br >
< input id = "input" type = "submit" value = "Senden" >
< / form >
< / td >
< / tr >
<?php
}
?>
< / table >
<?php
}
function displayNews($pagenum) {
?>
< table cellpadding = "0" cellspacing = "0" width = "100%" >
< tr >
< td id = "content" align = "center" > < / td >
< / tr >
<?php
if (!is_numeric($pagenum) || $pagenum < 0 ) {
$pagenum = 0;
}
$nachrichten = db_query('SELECT * FROM ff11_news order by id DESC LIMIT ' . ($pagenum*5) . ', 5');
while ($row = mysqli_fetch_assoc($nachrichten)) {
$komments = mysqli_fetch_assoc(db_query('SELECT count(id) as anzahl FROM ff11_komments WHERE news_id=' . $row['id']));
$komments = $komments['anzahl'];
?>
< tr >
< td id = "content" height = "30" valign = "top" >< img src = "pictures/news1.jpg" > < b > Von:</ b > <?php echo $row [ 'name' ]; ?> < b > am</ b > <?php echo $row [ 'datum' ]; ?> < b > um</ b > <?php echo $row [ 'zeit' ]; ?> Uhr< br >< b > Betreff:</ b > <?php echo $row [ 'betreff' ]; ?> </ td >
< / tr >
< tr >
< td height = "1" > < br > < / td >
< / tr >
< tr >
< td id = "content" height = "50" valign = "top" >< br > <?php echo $row [ 'text' ]; ?>
< p >< a href = "index.php?as=news&id= <?php echo $row [ 'id' ]; ?> " id = "content" > antworten:</ a > (<?php echo $komments ; ?> )</ td >
< / tr >
< tr >
< td height = "1" > < br > < / td >
< / tr >
<?php
}
$total = mysqli_fetch_assoc(db_query('SELECT count(*) as anzahl FROM ff11_news'));
$total = $total['anzahl'];
$url = '< a href = "index.php?as=news&pagenum=###PAGE###" > ###LABEL###< / a > ';
?>
< tr >
< td id = "content" height = "15" > <?php echo displayPagelinksNew ( 5 , $total , $pagenum , $url ); ?> </ td >
< / tr >
< / table >
<?php
}
// so nun die aufrufenden Funktionen noch einbinden!
if ($charm == 1 & & $user_ida['nickname'] != NULL) {
insertComment($username, $komment, $news_id);
showNewsKomments($user_ida['id'], $news_id);
} else
if ($news_id != NULL) {
showNewsKomments($user_ida['id'], $news_id);
} else {
displayNews($pagenum);
}
?>