<?phpfunction setComments($conn) { if (isset($_POST['commentSubmit'])) {

1. <?php
2. function setComments($conn) {
3. if (isset($_POST['commentSubmit'])) {
4. $uid = $_POST['uid'];
5. $date = $_POST['date'];
6. $message = $_POST['message'];
7. $message = preg_replace (
8. "/(?<!a href=")(?<!src=")((http|ftp)+(s)?://[^<>s]+)/i",
9. "<a href="\0" target="blank">\0</a>",
10. $message
11. );
12. $sql = "INSERT INTO comments (uid, date, message) VALUES ('".mysqli_real_escape_string($conn,$uid)."','".mysqli_real_escape_string($conn,$date)."','".mysqli_real_escape_string($conn,$message)."')";
13. $result = $conn->query($sql);
14. }
15. }
16.  
17.  
18. function getComments($conn) {
19. $sql = "SELECT * FROM comments";
20. $result = $conn->query($sql);
21. while($row = $result->fetch_assoc()) {
22. $id = $row['uid'];
23. $sql2 = "SELECT * FROM users WHERE id='$id'";
24. $result2 = $conn->query($sql2);
25. if ($row2 = $result2->fetch_assoc()) {
26. echo "<div class='comment-box'><p>";
27. echo $row2['first_name']."<br>";
28. echo $row['date']."<br>";
29. echo nl2br($row['message']);
30. echo "</p>";
31. echo '<input type="button" onclick="displaycount()" value="Click Me"/> <p id="carrier"> 0 </p>
32. ';
33. if (isset($_SESSION['id'])) {
34. if ($_SESSION['id'] == $row2['id']) {
35. echo "<form class='delete-form' method='POST' action='".deleteComments($conn)."'>
36. <input type='hidden' name='cid' value='".$row['cid']."'>
37. <button type='submit' name='commentDelete'>Delete</button>
38. </form>";
39. } else {
40. echo "<form class='edit-form' method='POST' action='replycomment.php'>
41. <input type='hidden' name='cid' value='".$row['cid']."'>
42. <input type='hidden' name='uid' value='".$row['uid']."'>
43. <input type='hidden' name='date' value='".$row['date']."'>
44. <input type='hidden' name='reply' value='".$row['reply']."'>
45. <button>Reply</button>
46. </form>";
47. }
48. } else {
49. echo "<p class='commentmessage'>You need to be logged in to reply</p>";
50. }
51. echo "</div>";
52. }
53. }
54. }
55.  
56. function replyComments($conn) {
57. if (isset($_POST['replySubmit'])) {
58. $cid = $_POST['cid'];
59. $uid = $_POST['uid'];
60. $date = $_POST['date'];
61. $reply = $_POST['reply'];
62. $first_name = $_POST['first_name'];
63. $reply = preg_replace (
64. "/(?<!a href=")(?<!src=")((http|ftp)+(s)?://[^<>s]+)/i",
65. "<a href="\0" target="blank">\0</a>",
66. $reply
67. );
68. $sql = "INSERT INTO replies (uid, first_name, date, reply) VALUES ('".mysqli_real_escape_string($conn,$uid)."','".mysqli_real_escape_string($conn,$first_name)."','".mysqli_real_escape_string($conn,$date)."','".mysqli_real_escape_string($conn,$reply)."')";
69. $result = $conn->query($sql);
70. header("Location: index1.php");
71. }
72. }
73.  
74.  
75. function deleteComments($conn) {
76. if (isset($_POST['commentDelete'])) {
77. $cid = $_POST['cid'];
78.  
79. $sql = "DELETE FROM comments WHERE cid='".mysqli_real_escape_string($conn,$cid)."'";
80. $result = $conn->query($sql);
81. header("Location: index1.php");
82. }
83. }
84.  
85.  
86.  
87.  
88. function getLogin($conn) {
89. if (isset($_POST['loginSubmit'])) {
90. $email = $_POST['email'];
91. $password = md5($_POST['password']);
92.  
93. $sql = "SELECT * FROM users WHERE email='$email' AND password='$password'";
94. $result = $conn->query($sql);
95. if (mysqli_num_rows($result) > 0) {
96. if($row = $result->fetch_assoc()) {
97. $_SESSION['id'] = $row['id'];
98. header("Location: index1.php?loginsuccess");
99. exit();
100. }
101. } else {
102. header("Location: index.php?loginfailed");
103. exit();
104. }
105. }
106. }
107. ?>
108. <!doctype html>
109. <html>
110. <head>
111.  
112. <script>
113. var count = (function () {
114. var counter = 0;
115. return function () {return counter +=1;}
116. })();
117.  
118. function displaycount() {
119. document.getElementById("carrier").innerHTML = count();
120. }
121. </script>
122. </head>
123. <body>
124.  
125. </body>
126. </html>