33 lines
1.1 KiB
PHP
33 lines
1.1 KiB
PHP
<?PHP
|
|
|
|
// do I need to do additional security checks to make sure the script is being called appropriately?
|
|
|
|
include("config.php");
|
|
|
|
if (!$_POST){ header('Location: '.$site_url); }
|
|
|
|
// error checking
|
|
if (isset($_POST[Review_Subject]) && isset($_POST[Review_Contents])) {
|
|
if ($_SERVER['HTTP_X_FORWARD_FOR']) {
|
|
$ip = $_SERVER['HTTP_X_FORWARD_FOR'];
|
|
} else {
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
}
|
|
$tsNow = time();
|
|
$coach_id = $_POST[coach_id];
|
|
$editor_id = $_POST[editor_id];
|
|
$subject = mysql_escape_string(trim($_POST[Review_Subject]));
|
|
$message = mysql_escape_string(nl2br(htmlspecialchars(substr(trim($_POST[Review_Contents]), 0, 4096))));
|
|
|
|
// build the SQL query to delete the edits that are bad
|
|
$sql = "INSERT INTO ".$prefix."CoachesComment (coach_id_fk, comment_time, user_id_fk, comment_subject, comment_message, comment_ip, comment_valid) VALUES ($coach_id, '$tsNow', '$editor_id', '$subject', '$message', '$ip', 0)";
|
|
|
|
//echo $sql;
|
|
mysql_query($sql) or die(mysql_error());
|
|
}
|
|
|
|
header('Location: '.$site_url.'/individual.php?coach_id='.$coach_id.'&review_add=ok');
|
|
|
|
exit();
|
|
|
|
?>
|