Viewing file: index.php (4.8 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php ob_start();
$domain='http://www.secretariadeambiente.gov.co/comments';
$host='localhost';
$dbuser='admin_uno';
$dbpass='SDA2008';
$dbname='uno';
$db = mysql_connect("$host","$dbuser","$dbpass");
if (!$db) { die('Error : ' . mysql_error()); }
$select_db = mysql_select_db($dbname,$db);
if (!$select_db) { die('Error : ' . mysql_error()); }
function SafeAddSlashes($string) {
if (get_magic_quotes_gpc()) {
return $string;
} else {
return addslashes($string);
}
}
define('INSTALL_ROOT', dirname(dirname(__FILE__))."/install");
define('GRESTUL_ROOT', dirname(dirname(__FILE__))."/");
// Let's count how many pages are available
$identi = $_GET['id'];
$req = "SELECT count(distinct ID) FROM comments";
$result = mysql_query ($req,$db);
$arr = mysql_fetch_row($result);
$count = $arr[0];
echo '<div class="pages">';
$pages = (int)($count / $per_page);
if ($pages == 0) $pages=1;
else if ($count % $per_page > 0)
++$pages;
$cur_page = (int)$_GET['page'];
if (!isset($cur_page))
$cur_page = 1;
if ($cur_page < 1)
$cur_page = 1;
else if ($cur_page > $pages)
$cur_page = (int)$pages;
else
echo $pages .' pages - ';
echo 'Pagina: '.$cur_page.'</p>'."\n";
echo '</div>';
// Time to create the power of Pagination with style
echo '<div class="pagination">';
if ($pages > 1 && $cur_page > 1)
echo "<p><a href=\"index.php?page=1\"> primera </a> |";
else
echo '<p>first | ';
if ($cur_page > 1)
echo '<a href="index.php?page='.($cur_page-1).'"> previa </a> | ';
else
echo 'prev | ';
if ($cur_page < $pages)
echo '<a href="index.php?page='.($cur_page+1).'"> siguiente</a> | ';
else
echo 'next | ';
if ($pages > 1 && $cur_page < $pages)
echo '<a href="index.php?page='.$pages.'"> ultima </a></p>'."\n";
else
echo 'last</p>'."\n";
echo '</div>';
// Lets organize them shall we
$req = 'SELECT ID, name, datetime, comment, id2 FROM comments where id2='.$_GET['id'].' ORDER BY ID desc limit ' .(($cur_page-1)*$per_page) . ", $per_page ";
$result = mysql_query ($req,$db);
while($row = mysql_fetch_assoc($result)) {
mysql_real_escape_string($name = stripslashes(htmlentities($row['name'])));
mysql_real_escape_string($comment = stripslashes(htmlentities($row['comment'])));
$datetime = date("M-jS-o", $row['datetime']);
echo ' <div class="comment">'."\n";
echo ' <div class="postertime"><p>'."\n";
echo ' <span class="poster">';
// Url detection for future version
if ($url && preg_match("/(www\.)", "/(http:\.)", $url)) {
echo '<a href="'.$url.'">'.$name.'</a>';
}
else {
echo "$name";
}
// time to get the time working
echo ' </span> <span class="time"><font size=1>Enviado: '.$datetime.'</font></span></p>'."\n";
echo ' </div>'."\n\n";
// How about the comment?
echo ' <div class="usercomment">'."\n";
echo ' <p>'.(nl2br($comment)).'</p>'."\n";
echo ' </div>'."\n\n";
echo ' </div>'."\n\n";
}
?>
<div class="boxtitle">Comentarios</div>
<div class="formbstyle">
<!-- Begin form-->
<div id="err" />
<form method="post" name="commentforms" action="/comments/index.php">
<p>
<label for="name">Nombre:*<br />
<input class="onebartext" type="text" name="name" id="name" tabindex="1" maxlength="21" /></label></p>
<p>
<label for="comment">Comentario:*<br />
<textarea class="textboxes" name="comment" id="comment" tabindex="3" rows="6"></textarea></label></p>
<input class="input" type="submit" name="submit" value="Enviar comentario" tabindex="4" />
</form>
</div>
<div class="footer">
<!-- DO NOT CHANGE, REMOVE, OR HINDER WITH THE COPYRIGHT OR POWERED BY LINES BELOW -->
<!-- YOU AGREED TO THE AGREEMENT WHEN YOU DOWNLOADED AND INSTALLED OUR SOFTWARE -->
<!-- REMOVING THE LINES BELOW WILL FORCE US TO TAKE LEGAL ACTION -->
<!-- BE FAIR AND KEEP THE POWERED BY AND COPYRIGHT LINES. -->
</div>
<?php
//errors
if (!empty($_GET['errorn'])) {
echo '<div class="errors">';
echo '<img src="images/error.png" /> Please enter your name!';
echo '</div>';
}
if (!empty($_GET['errorm'])) {
echo '<div class="errors">';
echo '<img src="images/error.png" /> Please enter a message!';
echo '</div>';
}
// lets submit the form
if(isset($_POST['submit'])) {
$comment = trim($_POST['comment']);
$name = trim($_POST['name']);
if ($name =="") {
header("Location: ?errorn=1#err");
}
elseif ($comment =="") {
header("Location: ?errorm=1#err");
}
else {
header("Location: $domain#comments");
$ip = $_SERVER["REMOTE_ADDR"];
$datetime = time();
$name = SafeAddSlashes($name);
$comment = SafeAddSlashes($comment);
$sql="INSERT INTO comments (name, comment, ip, datetime, id2) VALUES ('$name', '$comment', '$ip', '$datetime', '$identi')";
$result = mysql_query($sql, $db);
exit;
}
}
?>
<? ob_end_flush(); ?>
|