Please log in before you can submit or view comments.\n";
}
else
{
if($_GET['cmd'] == "all")
{ // show all comments
echo "Please click on subject to show full message.
";
$query="select *, DATE_FORMAT(date, '%e %b %Y') as posted from ${DB_TABLE}_comment";
$query.=" order by date desc";
$result=query($query);
$rownum=0;
echo "
";
while($row=mysql_fetch_array($result))
{
$rownum++;
if($rownum % 2 == 0)
echo "";
else
echo "
";
echo "";
// make entries clickable -> link to specific comment
echo htmlentities($row['posted']);
echo " | ";
echo "";
echo htmlentities($row['appid']);
echo " ";
echo htmlentities($row['version']);
echo " | ";
echo "";
// protect against simple harvesting by replacing @ and . with @ etc.
echo htmlentities($row['from']);
echo " | ";
echo "";
echo htmlentities($row['subject']);
echo " | ";
echo "
\n";
}
mysql_free_result($result);
echo "
\n";
include "include/footer.inc.php";
exit;
}
// echo " [ Delete ]";
if($_GET['cmd'] == "delete")
{
echo "Delete Comment for App: ".$_GET['appid']."
";
echo "From ".$_GET['from']."
";
echo "Date ".$_GET['date']."
";
// look up record specified
// check if($row['from'] == loginname() || manage())
include "include/footer.inc.php";
exit;
}
if($_GET['cmd'] == "save")
{
if(($_GET['app']+0) && $_POST['subject'] && $_POST['body'])
{ // store comment
$query="insert into ${DB_TABLE}_comment (appid, version, `from`, subject, body, `date`) values(";
$query.=($_GET['app']+0).", '?', ".quote(loginname()).", ".quote($_POST['subject']);
$query.=", ".quote($_POST['body']).", now())";
query($query);
echo "Comment saved. Go back.\n";
include "include/footer.inc.php";
exit;
}
echo "Please provide Subject and Body!";
}
$query="select *, DATE_FORMAT(updated, '%e %b %Y') as upd, DATE_FORMAT(added, '%e %b %Y') as ad from ${DB_TABLE}";
$query.=" where id=".($_GET['app']+0);
$result=query($query);
$row=mysql_fetch_array($result);
mysql_free_result($result);
echo "Please add comments for ".$row['name']." - ".$row['version']."\n";
?>