line_comment.php

   1 <?php
   2
   3 include_once("auth_root.php");
   4
   5 //if($role != 0) { die("Account \"".$user_name."\" Is Not Authorized To View This Page.<br><br>This Event Will Be Logged And Reported."); }
   6
   7 if (!$_GET["file_id"])  { die("No File ID Sent"); }
   8 if (!$_GET["line_num"]) { die("No Line Number Sent"); }
   9 if (!$_GET["comment"])  { die("No Comment Sent"); }
  10 if ($_GET["comment"] == "")  { die("Comment of Zero Length Cannot Be Posted"); }
  11
  12 $_GET["file_id"] = mysql_real_escape_string($_GET["file_id"]);
  13 $_GET["line_num"] = mysql_real_escape_string($_GET["line_num"]);
  14
  15 // comments are being sent with double quotes on each end... remove them
  16 $comment = substr($_GET[comment], 1, -1);
  17
  18 $comment = mysql_real_escape_string($comment);
  19
  20 //TODO: Verify that this file belongs to user if role not root...
  21
  22 /*
  23 if($role == 0) { // faculty comment to student
  24         detail_viewed_update($_GET["user"], $_GET["sched"], 0, "std");
  25         detail_viewed_update($_GET["user"], $_GET["sched"], 1, "fac");
  26 } else { // student comment to faculty
  27         detail_viewed_update($_GET["user"], $_GET["sched"], 1, "std");
  28         detail_viewed_update($_GET["user"], $_GET["sched"], 0, "fac");
  29 }
  30 */
  31
  32 // insert comment contents into DB
  33 $sql = 'insert into filecom values ("", '.$_GET["file_id"].','.$_GET["line_num"].','.$user_id.',"'.$comment.'",NOW())';
  34
  35 //echo $sql;
  36
  37 $result = mysql_query($sql);
  38
  39 if (!$result) { die("SQL ERROR: File Comment Insert"); }
  40
  41 $html = '';
  42 $html .= "<img src='gfx/down_arrow.png'>";
  43 $html .= "<span class=line_comment_txt>".$comment."</span>";
  44 $html .= "<span class=line_comment_name>".$user_name."</span>";
  45 $html .= "<span class=line_comment_time>Just Now</span>";
  46
  47 echo $html;
  48
  49 ?>