File: coco.commenter.php4

<?php
class cocoCOMMENTER
{
  function lastComment($cocodb,$pageid,$scope,$comments)
  {
    global $COCO_CONF_VARS;
    if($comments > 0)
    {
      $query = "SELECT c.id as cid, c.name as cname, c.title as ctitle, ";
      $query.= "c.email as cemail, a.lasttime as ctime from ";
      $query.= "$COCO_CONF_VARS[TBCOMMENT] as c, $COCO_CONF_VARS[TBACCESS] as a WHERE ";
      if($scope=="page")
      {
        $query.= "c.pgid='$pageid' AND ";
      }
      $query.= "c.acid=a.id ORDER BY ctime DESC LIMIT 0,1;";
      $answer = $cocodb -> db_query($query);
      if($result= $cocodb -> db_fetch_array($answer))
      {
        return $result;
      }
    }
  }
  
  // If we receive a comment, we need to process it and add
  // it to the database
  // returns true on success
  function enterComment($cocodb,$pgid,$paid,$acid)
  {
    global $COCO_CONF_VARS;
    global $COCO_STRINGS;
    global $HTTP_POST_VARS;

    // Add some shortcuts

    $cname = $HTTP_POST_VARS[name];
    $ctitle = $HTTP_POST_VARS[title];
    $cemail = $HTTP_POST_VARS[email];
    $curl = $HTTP_POST_VARS[url];
    $ctext = $HTTP_POST_VARS[text];
    $creplies = $HTTP_POST_VARS[replies];
    $errorstring = "";

    // Begin processing the forms input ...

    if($cname==""){$cname=$COCO_STRINGS[ANONYMOUS];}
    if($ctitle==""){$ctitle=$COCO_STRINGS[NOTITLE];}
    if($COCO_CONF_VARS[REQUIREMAIL]=="yes")
    {
      if($cemail=="")
      {
        $errorstring .= "$COCO_STRINGS[REQ_NOEMAIL]\n<br>";
      } else {
        $validator = new email_validation_class;
        $validator -> timeout = 10;
 if($validator->ValidateEmailBox($cemail)!=1)
 {
   $errorstring .= "$COCO_STRINGS[FAILEDEMAIL]\n<br>";
 }
      }
    } else {
      if($cemail==""){$cemail=$COCO_STRINGS[NOEMAIL];}
    }
    if($COCO_CONF_VARS[REQUIRETEXT]=="yes")
    {
      if($ctext=="")
      { $errorstring .= "$COCO_STRINGS[REQ_TEXT]\n<br>";}
    } else {
      if($ctext==""){$ctext=$COCO_STRINGS[NOTEXT];}
    }
    if($errorstring!="")
    {
      $this -> errors .= $errorstring;
      return false;
    }
    if(empty($creplies))
      { $creplies = "no";} else { $creplies = "yes";}

    // Remove all unwanted HTML from all variables ...

    $allowedtags = $COCO_CONF_VARS[ALLOWED_TAGS];
    $cname = strip_tags($cname, $allowedtags);
    $ctitle = strip_tags($ctitle, $allowedtags);
    $cemail = strip_tags($cemail, $allowedtags);
    $curl = strip_tags($curl, $allowedtags);
    $ctext = strip_tags($ctext, $allowedtags);
    
    // Now the input should be fine.
    // Now: If there is a parent comment and the author
    // requested an email to be sent for replies to his
    // comment we have to do this now:
    $query = "SELECT replies,name,email,title FROM";
    $query.= " $COCO_CONF_VARS[TBCOMMENT] WHERE id='$paid';";
    if($answer = $cocodb -> db_query($query))
    {
      if($result = $cocodb -> db_fetch_array($answer))
      {
        if($result[replies]=="yes")
 {
   $mailtext = "$COCO_STRINGS[MAILSTART]\n \n$ctext";
   mail( $result[email],
     "Re: [phpMyCoCo] $result[title]",
     $mailtext,
     "From: phpMyCoCo <$COCO_CONF_VARS[COCOEMAIL]>\n"
     . "Reply-To: $cname <$cemail>");
 }
      }
    }
     
    // Insert Comment into TBCOMMENT
    $query = "INSERT INTO $COCO_CONF_VARS[TBCOMMENT] ";
    $query.= "(id,pgid,paid,acid,name,title,email,url,text,replies) ";
    $query.= "VALUES ('','$pgid','$paid','$acid','$cname',";
    $query.= "'$ctitle','$cemail','$curl','$ctext','$creplies');";
    $cocodb -> db_query($query);
    // Do not forget to add 1 to #comments in TBCOUNTER
    $query = "UPDATE $COCO_CONF_VARS[TBCOUNTER] ";
    $query.= "SET comments=1+comments WHERE id=$pgid;";
    $cocodb -> db_query($query);
    return true;
  }
 }
?>