This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 38
/
file_discussion.php
83 lines (63 loc) · 2.94 KB
/
file_discussion.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php
include_once 'data.php';
include_once 'functions.php';
if (isset($_SESSION['auth'])) {
database_connect(IL_DATABASE_PATH, 'discussions');
if (!empty($_POST['newmessage']) && !empty($_POST['file'])) {
$stmt = $dbHandle->prepare("INSERT INTO filediscussion (fileID, user, timestamp, message) VALUES (:fileID, :user, :timestamp, :message)");
$stmt->bindParam(':fileID', $fileID);
$stmt->bindParam(':user', $user);
$stmt->bindParam(':timestamp', $timestamp);
$stmt->bindParam(':message', $message);
$fileID = $_POST['file'];
$user = $_SESSION['user'];
$timestamp = time();
$message = $_POST['newmessage'];
$insert = $stmt->execute();
$dbHandle = null;
if ($insert)
die('OK');
}
if (isset($_GET['delete']) && !empty($_GET['file'])) {
$delete = $dbHandle->exec("DELETE FROM filediscussion WHERE fileID=" . intval($_GET['file']));
$dbHandle = null;
die('OK');
}
if (isset($_GET['read']) && !empty($_GET['file'])) {
$result = $dbHandle->query("SELECT * FROM filediscussion WHERE fileID=" . intval($_GET['file']) . " ORDER BY id DESC LIMIT 100");
$dbHandle = null;
$ismessage = false;
while ($message = $result->fetch(PDO::FETCH_ASSOC)) {
$ismessage = true;
$message['user'] = htmlspecialchars($message['user']);
$message['message'] = htmlspecialchars($message['message']);
$message['message'] = preg_replace('/(https?\:\/\/\S+)/i', '<a href="\\1" target="_blank">\\1</a>', $message['message']);
$message['message'] = nl2br($message['message']);
print "<div class=\"alternating_row\" style=\"padding:2px\"><b>" . date("M j, Y, h:i:s A", $message['timestamp']) . ", " . $message['user'] . ":</b></div>";
print "<div style=\"padding:2px 2px 10px 2px\">$message[message]</div>" . PHP_EOL;
}
if (!$ismessage)
die('No messages.');
die();
}
?>
<table cellspacing="0" style="width:100%;height:100%;margin-top: 0px">
<tr>
<td class="alternating_row" style="width: 190px;padding: 5px">
<form id="filediscussionform" action="file_discussion.php" method="GET">
<input type="hidden" name="file" value="<?php print htmlspecialchars($_GET['file']) ?>">
<textarea cols="10" rows="10" style="width:99%;height:200px"></textarea>
<button id="newmessage" style="margin-top:2px"><i class="fa fa-edit"></i> Post</button>
</form>
<br>
<div class="separator" style="margin:50px 0 5px 0"></div>
<button id="deletediscussion"><i class="fa fa-trash-o"></i> Delete Discussion</button>
</td>
<td style="padding: 5px">
<div id="messages"></div>
</td>
</tr>
</table>
<?php
}
?>