The following files exists in this folder. Click to view.
Foogler_blog/pages
PAuthor.php
PCommentProcess.php
PDeleteCommentProcess.php
PDeletePost.php
PDeletePostProcess.php
PEditPost.php
PEditPostProcess.php
PErDiagramme.php
PIndex.php
PInstall.php
PInstallProcess.php
PNewPost.php
PNewPostProcess.php
PRssFeed.php
PShowPost.php
PStatistics.php
PValidate.php
login/
<?php
//--------------------------
// PCommentProcess.php
//
// Handles process for adding comment to post
//--------------------------
//--------------------------
//Handles POST variables
$postId = isset($_POST['post']) ? $_POST['post'] : '';
$signature = isset($_POST['signature']) ? $_POST['signature'] : '';
$title = isset($_POST['title']) ? $_POST['title'] : '';
$commentText = isset($_POST['commentText']) ? $_POST['commentText'] : '';
//--------------------------
//Make sure input is OK
//--------------------------
//Checks that a correct (-ish) e-mail has been entered
if(isset($_POST['email']) && strpos($_POST['email'], '@')) {
$email = $_POST['email'];
} else {
//Sets error message and returns to post page
$redirect = "post&id={$postId}&error=Invalid e-mail entered#comment";
header('Location: ' . WS_SITELINK . "?p={$redirect}");
exit;
}
//--------------------------
//DB stuff
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE); //New DB object
if (mysqli_connect_error()) {
echo "Connect failed: ".mysqli_connect_error()."<br>";
exit();
}
$mysqli->set_charset("utf8");
//Prevent SQL injections
$signature = $mysqli->real_escape_string($signature);
$email = $mysqli->real_escape_string($email);
$title = $mysqli->real_escape_string($title);
$commentText = $mysqli->real_escape_string($commentText);
$postId = $mysqli->real_escape_string($postId);
//--------------------------
//SQL query
$tableComment = DB_PREFIX . 'Comment';
$query = <<<END
--
-- Inserts new comment into DB
--
INSERT INTO {$tableComment} (commTitle, commText, commDate, commSignature, commEmail, Comment_idPost)
VALUES ('{$title}', '{$commentText}', NOW(), '{$signature}', '{$email}', '{$postId}');
END;
$res = $mysqli->query($query) or die("Could not query database" . $mysqli->errno . " : " . $mysqli->error); //Performs query
$mysqli->close(); //Closes DB connection
//---------------------
//Redirects to post page
require_once(TP_SOURCEPATH . 'CHTMLPage.php');
header("Location:" . WS_SITELINK . "?p=post&id=" . $postId . "#comment");
exit;