33 lines
1.1 KiB
PHP
33 lines
1.1 KiB
PHP
<?PHP
|
|
|
|
include("config.php");
|
|
|
|
if (!$_POST){ header('Location: '.$site_url); }
|
|
|
|
// error checking
|
|
if (isset($_POST[Review_Subject]) && isset($_POST[Review_Contents])) {
|
|
if ($_SERVER['HTTP_X_FORWARD_FOR']) {
|
|
$ip = $_SERVER['HTTP_X_FORWARD_FOR'];
|
|
} else {
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
}
|
|
$tsNow = time();
|
|
$runshop_id = $_POST[runshop_id];
|
|
$editor_id = $_POST[editor_id];
|
|
$subject = mysql_escape_string(trim($_POST[Review_Subject]));
|
|
$message = mysql_escape_string(nl2br(htmlspecialchars(substr(trim($_POST[Review_Contents]), 0, 4096))));
|
|
|
|
// build the SQL query to delete the edits that are bad
|
|
$sql = "INSERT INTO ".$prefix."RunshopsComment (runshop_id_fk, comment_time, user_id_fk, comment_subject, comment_message, comment_ip, comment_valid) VALUES ($runshop_id, '$tsNow', '$editor_id', '$subject', '$message', '$ip', 0)";
|
|
|
|
//echo $sql;
|
|
mysql_query($sql) or die(mysql_error());
|
|
|
|
header('Location: '.$site_url.'/individual.php?runshop_id='.$runshop_id.'&review_add=ok');
|
|
exit();
|
|
} else {
|
|
header('Location: '.$site_url.'/index.php?comment_error=no_post');
|
|
die('comment_error=no_post');
|
|
}
|
|
|
|
?>
|