<?php
$GLOBALS["VERSION"] = "0.10.0";
# 2024 12 24 Ajout partir _GET/POST car les variables d'n POST ne sont plus auto-ajoutées au SUBMIT (sécurité oblige!)
# 2024 12 23 Fin adaptation, partielle, du code avec PDO et mysqli
# 2024 12 18 Adaptation du code à PHP 8.2
# 2010 11 25 Dernière modif avec PHP 4 et sa souplesse !
$GLOBALS["status"] = "";
class Comment
{
// change variable ...
#var $MEPATH = "/var/www/website/comment/";
var $MEPATH = "/var/www/website/comment/";
var $WEBPATH = "https://mans.gyptis.org/comment/";
var $HOST = "localhost";
var $DATABASE = "database_sql_name";
var $TABLE = "web_comment_demo";
var $LOGIN = "login_user";
#var $PASSWD = "password";
var $PASSWD = "password";
var $LANG = "english"; // or france
var $style_table = "style_fresh2.php";
var $link;
const MSQL = 3; # 1 php << 5.5, 2 >>php 5.6, 3 >>php5
# MSQL 1 mysql_connect()
# 2 PDO driver
# 3 mysqli_connect()
// URL
var $addcomment = "addcomment_demo.php";
var $custom = "custom.php";
// Messages interne
var $current_action = "";
var $status_delete = "delete";
var $status_id = "id";
var $status_invisible = "invisible";
var $status_status = "status";
var $status_visible = "visible";
// Name variable for substitution style_table....
var $_title = "replace_title";
var $_author = "replace_signature";
var $_text = "replace_message_text";
var $_time = "replace_date";
var $_select = "replace_select_list";
var $_opts = "replace_opts";
var $_opts_menu = "";
// Créer la table:
function comment_create_table()
{
$nn = "NOT NULL";
$q = ("CREATE TABLE $this->TABLE ( id text $nn, title text $nn, time DATETIME, author text $nn, text text $nn, status text $nn); ");
$q = ("CREATE INDEX id_idx ON $this->TABLE (id);");
}
//function set($host, $database, $table, $login, $passwd, $url)
function set( )
{
$host = $host?$host:$this->HOST;
}
function custom($id = "")
{
$this->comment_header();
form($this->WEBPATH . "/" . $this->custom);?>
<span class="comment_invisible"><INPUT name="script" type="text" value="custom"></span>
<?php
$this->select_list( $this->status_id, $GLOBALS['id'] );
$this->select_list( $this->status_status, $GLOBALS['status'] );
$this->custom_button_ok();
$this->custom_button();
$this->current_action = "custom";
$this->comment2($id);
$this->custom_button();
$this->current_action = "";
uform();
$this->comment_foot();
}
function custom_button_ok()
{
?>
<INPUT TYPE="submit" VALUE="ok" NAME="ok">
<?php
}
function custom_button()
{
?>
<p>
<INPUT TYPE="submit" VALUE="Delete" NAME="purge">
<INPUT TYPE="submit" VALUE="Invisible" NAME="invisible">
<INPUT TYPE="submit" VALUE="Vider la corbeil" NAME="clear">
</p>
<?php
}
function comment_header()
{
?>
<div class="comment_table" style="float: left">
<?php
}
function comment_foot()
{
?>
</div>
<?php
}
function cputs()
{
$this->parse_open();
return;
switch ( $this->current_action )
{
case "";
$this->parse_open();
break;
case "custom";
$this->custom_puts();
break;
}
}
function comment2($id)
{
$result = ""; # For PDO drive
$nline = 0;
$q = sprintf("SELECT author,text,UNIX_TIMESTAMP(time),title, status FROM %s", $this->TABLE );
$q_see = $q;
$this->comment_header();
// WHERE ... ... ..
#PHP55 $q .= sprintf(" WHERE id = '%s'", mysql_escape_string($id));
$q_see .= sprintf(" WHERE id = '%s'", $id);
$q .= sprintf(" WHERE id = :id");
if ( $this->current_action == "")
{
?>
<script>
//Popup Window Script
//By JavaScript Kit (http://javascriptkit.com)
//JavaScript tutorials and over 400+ free scripts
function comment_openpopup(){
var popurl="<?php printf ("%s/%s?id=%s&test='oser'", $this->WEBPATH, $this->addcomment, $id); ?>";
winpops=window.open(popurl,"","width=580,height=750,")
}
</script>
<span class="comment"><a href="javascript:comment_openpopup()" class="comment">
<?php echo $GLOBALS['lang_add_comment'];?>
</a></span>
<?php
#PHP55 $q .= sprintf(" AND !(status = '%s' OR status = '%s')", $this->status_delete, $this->status_invisible);
$q_see .= sprintf(" AND !(status = '%s' OR status = '%s')", $this->status_delete, $this->status_invisible);
$q .= sprintf(" AND !(status = :status_delete OR status = :status_invisible)");
}
else
{
}
if ( $GLOBALS['status'] != "" ) $q_see = sprintf("%s AND status='%s'", $q_see, $GLOBALS['status']);
if ( $GLOBALS['status'] != "" ) $q = sprintf("%s AND status=:status", $q);
// ORDER BY
$q_see = sprintf("%s ORDER BY time;", $q_see);
$q = sprintf("%s ORDER BY time;", $q);
$ret = $this->sql_query($q, $q_see, $id);
if ( $ret == false)
{
print "<B> Query echoue </B><br/>\n";
printf("<BR>Dans '%s' L'erreur est :: %s<br/>\n", __FUNCTION__, $q_see);
}
while ($a = $this->sql_fetch( $q, $q_see, $ret ))
{
#PHP4 $this->author = deencapsuletags($a[0]);
#PHP4 $this->text = deencapsuletags($a[1]);
#PHP4 $this->time = strftime("%c",$a[2]);
#PHP4 $this->tm = $a[2];
#PHP4 $this->title = deencapsuletags($a[3]);
#PHP4 $this->status = deencapsuletags($a[4]);
$this->author = deencapsuletags($a['author']);
$this->text = deencapsuletags($a['text']);
$this->time = strftime("%c",$a['UNIX_TIMESTAMP(time)']);
$this->tm = $a['UNIX_TIMESTAMP(time)'];
$this->title = deencapsuletags($a['title']);
$this->status = deencapsuletags($a['status']);
$this->cputs();
#print_r($a);
$this->comment_foot();
$nline++;
}
?><P><?php
if ( $this->current_action != "")
{
if ($nline > 0)
printf("%s %s", $GLOBALS['lang_number_line'], $nline);
else printf("%s", $GLOBALS['lang_no_data']);
?></P><?php
echo "\n";
}
?>
<span class="comment"><a href="javascript:comment_openpopup()" class="comment">
<?php
printf("%s</a></span>\n", $GLOBALS['lang_add_comment']);
$this->comment_foot();
}
function parse_open()
{
$buffer = "";
$occur = -1;
$fh = fopen($this->MEPATH . $this->style_table, "r");
if ($fh )
{
while ( !feof($fh) )
{
$buffer = fgets( $fh );
if ($buffer == FALSE) break;
$buffer = str_replace($this->_title, $this->title, $buffer);
$buffer = str_replace($this->_author, $this->author, $buffer);
$buffer = str_replace($this->_text, $this->text, $buffer);
$buffer = str_replace($this->_time, $this->time, $buffer);
if ($this->current_action == "")
{
$buffer = str_replace($this->_opts, "", $buffer);
#echo "yesss";
$buffer = str_replace($this->_select, "", $buffer);
}
else
{
$buffer = str_replace($this->_select, $this->select_checkbox($this->time) , $buffer);
#$buffer = str_replace($this->_opts, $this->opts_menu, $buffer);
$buffer = str_replace($this->_opts, $this->status_get($this->status), $buffer);
}
echo $buffer;
#echo $buff;
}
}
else
{
printf("Fichier '%s' impossible à ouvrir\n", $this->style_table);
}
fclose ( $fh );
}
function add($id, $title, $author, $text, $email)
{
$id = encapsuleTags($id);
$title = encapsuleTags($title);
$author = encapsuleTags($author);
$text = encapsuleTags($text);
$q = sprintf(
"INSERT INTO %s (id, time, title, author, text, status, email)
VALUES (:id, FROM_UNIXTIME('%s'), '%s', '%s', '%s', '', '%s');",
$this->TABLE,
time(),
$title,
$author,
$text,
$email);
$q_see = sprintf(
"INSERT INTO %s (id, time, title, author, text, status, email)
VALUES ('%s', FROM_UNIXTIME('%s'), '%s', '%s', '%s', '', '%s');",
$this->TABLE,
#mysql_escape_string($id),
$id,
time(),
$title,
$author,
$text,
$email);
printf ("<B> Query SQL échoué -> %s</B><br/>\n", $q_see);
$ret = $this->sql_query($q, $q_see, $id);
if (! $ret )
{
printf ("<B> Query SQL échoué -> %s</B><br/>\n", $q_see);
}
#mysql_close($link);
}
function delete($opts, $status = "delete")
{
if ($status == "clear" )
$q = "DELETE FROM $this->TABLE WHERE status = 'delete'";
else
$q = "UPDATE $this->TABLE SET status='$status' WHERE 0";
if (isset($opts) AND $status != "clear")
{
$narg = count($opts);
for($i = 0; $i <= $narg; $i++)
{
#printf("%s: %s -> %s<BR>\n", $status, strftime("%c", $opts[$i]), $opts[$i] );
if (!empty($opts[$i]) )
{
$q .= sprintf(" OR %s=FROM_UNIXTIME('%s')", 'time', $opts[$i] );
}
}
}
#p( $q);
if ( ! $res = $this->sql_query( "$q", "$q", "" ))
{
printf("<B>%s : &id_list()</B><BR>", $GLOBALS['lang_query_error']);
printf("Query->( %s )<BR>", $q);
}
else
{
printf("%s", $GLOBALS['lang_job_ok']);
}
}
function invisible($opts)
{
return($this->delete($opts, "invisible"));
}
function clear($opts)
{
return($this->delete($opts, "clear"));
}
function select_checkbox()
{
$var = "<input type=\"checkbox\" name=\"opts_";
$var = "<input type=\"checkbox\" name=\"opts[";
$var .= "]\" value=\"$this->tm\"> ";
return( $var );
}
function select_list( $name, $opt = "")
{
$q = ("SELECT DISTINCT $name FROM $this->TABLE WHERE $name IS NOT NULL;");
// if ( ! ($res = mysql_query( "$q" )) );
if ( ! $res = $this->sql_query( "$q", "$q", "" ))
{
print "<B> Query échoué dans &tatuslist()</B>";
print "<BR>" . $q;
}
?>
<SELECT SIZE="1" NAME="<?php echo $name ?>" CLASS="comment_select">
<?php
if ($name == $this->status_status )
{
option( $GLOBALS['lang_all'], "", $opt );
}
while ($id = $this->sql_fetch($q, $q, $res))
{
if ($name == $this->status_status)
{
$q = $this->status_get($id[$name]);
}
else
{
$q = $id[$name];
#option( deencapsuletags( $id[0]?$id[0]:$GLOBALS['lang_undefined']), $id[0], $opt );
}
option( urldecode( $q ), $id[$name], $opt );
echo "JOJO";
}
?>
</SELECT>
<?php
}
function status_get($var)
{
$q = "";
if ( preg_match("/".$this->status_delete."/i", $var) )
$q = $GLOBALS['lang_delete'];
else if ( preg_match("/".$this->status_invisible."/i", $var) )
$q = $GLOBALS['lang_invisible'];
else if ( preg_match("/".$this->status_visible."/i", $var) ) // Warning order :)
$q = $GLOBALS['lang_visible'];
#else
// On ne mets rien pour ne pas agrandir la taille du fichier...
#$q = $GLOBALS['lang_unknown'];
return ($q);
}
function lang ($var)
{
#$ilang->undefined;
}
function sql_query ($var, $var_old, $id="")
{
# SQL méthod 1
if (Comment::MSQL == 1) # Déclassé avant php 5.5
{
$ret = mysql_query($var_old);
}
elseif (Comment::MSQL == 2) # Déclassé après php 5.5
# SQL méthod 2
{
# fonctionne 100% avec php-fpm 5.6.37 mais pas php 8.2 qui lui ne trouve rien mais se connecte.
$result = $this->link->prepare( $var );
if ($result == false)
{
printf("\n\nQUERY PDO echec!<br/>\n");
}
#$result->bindParam(":table", $this->TABLE, PDO::PARAM_STR);
$result->bindParam(":id", $id, PDO::PARAM_STR);
$result->bindParam(":status_delete", $this->status_delete, PDO::PARAM_STR);
$result->bindParam(":status_invisible", $this->status_invisible, PDO::PARAM_STR);
if ( $GLOBALS['status'] != "" ) $result->bindParam(":status", $GLOBALS['status'], PDO::PARAM_STR);
printf("REQUETE '%s'<br/>\n", $var);
$result->execute();
$count = $result->rowCount();
if ($count <= 0 ) printf("Pas de concordances trouvées ou insérées avec la requette SQL %s<br/>\n", $var_old);
$ret = $result;
}
elseif (Comment::MSQL == 3)
# SQL méthod 3
{
$ret = mysqli_query($this->link, $var_old);
}
return( $ret );
}
function sql_fetch($var="SELECT 1;", $var_old="SELECT 1;", $result)
{
$ret = false;
# SQL méthod 1
if (Comment::MSQL == 1) # Déclassé avant php 5.5
{
$ret = mysql_fetch_array($result, MYSQL_ASSOC);
}
elseif (Comment::MSQL == 2) # Déclassé après php 5.5
# SQL méthod 2
{
$ret = $result->fetch(PDO::FETCH_ASSOC);
}
elseif (Comment::MSQL == 3)
# SQL méthod 3
{
$ret = mysqli_fetch_assoc($result);
}
return( $ret );
}
}
#date_default_timezone_set( date_default_timezone_get() );
date_default_timezone_set( "UTC" );
$comment = new Comment();
include_once($comment->MEPATH . "/lib.php");
include_once($comment->MEPATH . "/lang/" . $comment->LANG . ".php");
$author = "";
$email = "";
$title = "";
$id = "default";
$text = "";
$ok = "";
$status = "";
$delete = "";
$clear = "";
$invisible = "";
$purge = "";
$opts = array();
if (0) {
printf("SERVER<br/>\n");
print_r($_SERVER);
printf("GET<br/>\n");
print_r($_GET);
printf("POST<br/>\n");
print_r($_POST); }
if (isset($_GET))
if (isset($_GET["id"]))
$id = $_GET["id"];
if (isset($_SERVER["REQUEST_METHOD"]) && stripslashes($_SERVER["REQUEST_METHOD"] == "POST"))
{
if (stripslashes($_POST['script']) == "addcomment" )
{
$title = encapsuleTags($_POST['title']);
$author = encapsuleTags($_POST['author']);
$text = encapsuleTags($_POST['text']);
$email = encapsuleTags($_POST['email']);
}
elseif( stripslashes($_POST['script']) == "custom" )
{
if (isset($_POST['id'])) $id = stripslashes($_POST['id']);
if (isset($_POST['status'])) $status = stripslashes($_POST['status']);
if (isset($_POST['ok'])) $ok = stripslashes($_POST['ok']);
if (isset($_POST['purge'])) $purge = stripslashes($_POST['purge']);
if (isset($_POST['invisible'])) $invisible = stripslashes($_POST['invisible']);
if (isset($_POST['clear'])) $clear = stripslashes($_POST['clear']);
if (isset($_POST['opts'])) $opts = stripslashes_deep($_POST['opts']);
}
}
#$comment->comment2("coin");
if (Comment::MSQL == 1) # Déclassé après php 4
{
# SQL méthod 1
if (! $link = mysql_connect("$comment->HOST", "$comment->LOGIN", "$comment->PASSWD"))
{ // Mettre mot de passse et login
print "<B>Connection SQL échoué à \"$comment->HOST\"</B>\n";
}
if (! mysql_select_db($comment->DATABASE))
{ // Base de donnée
print "<B>Selection DB échoué</B>\n";
}
}
elseif(Comment::MSQL == 2)
{
# SQL méthod 2
try {
$dsn = "mysql:host={$comment->HOST};dbname=$comment->DATABASE";
$comment->link = new PDO($dsn, $comment->LOGIN, $comment->PASSWD);
#$comment->link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); PDO::ERRMODE_EXCEPTION fait sortir php.
$comment->link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
}
catch (PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
#printf("%s, %s, %s, %s, %s", $comment->HOST, $comment->DATABASE, $comment->LOGIN, $comment->PASSWD, $comment->TABLE);
}
elseif(Comment::MSQL == 3)
{
# SQL méthod 3
$comment->link = mysqli_connect($comment->HOST, $comment->LOGIN, $comment->PASSWD, $comment->DATABASE);
}
// 1 Déc. 2002
// v0.9 Effacement du fichier config.php.
?>
php-comment Code
Branches
[3e0f85]: / comment.php Maximize Restore History
Download this file
629 lines (499 with data), 15.4 kB