<?php
/*-----------------------------------------------------------------------------------------
mcGalleryPRO
All code is © 2003 Marc Cagninacci.
No files may be redistributed in whole or significant part.
----------------- mcgalleryPRO IS NOT FREE SOFTWARE -------------------
You should have receive a file called license.txt in this package
--------------------------------------------------------------------------------------------*/
session_start();
if (empty($_SESSION['private_login']))
{
include "./sess.php";
exit;
}
include './header.php';
$connect= mysql_connect($host,$login,$pass);
mysql_select_db($base, $connect);
if ($act == 'edit')
{
$query = "SELECT * FROM mcgallery_comment WHERE id=$id";
$res = mysql_query($query);
$row = mysql_fetch_array($res);
echo '<form method="post" action="comments.php">';
echo '<table border="0" align="center" width="50">';
echo '<tr><td bgcolor="Black"><font face="verdana" size="2" color="white">'.$l_Edit.'</font></td></tr>';
echo '<tr><td bgcolor="#CCCCCC" align="center">';
echo '<input type="text" name ="nauthor" value="'.stripslashes($row['author']).'"> ';
echo '<input type="text" name ="nemail" value="'.$row['email'].'"> ';
echo '<input type="text" name ="nnote" size ="4" value="'.$row['note'].'"> ';
echo '<input type="text" name ="ndate" size ="10" value="'.$row['date'].'"> ';
echo '</td></tr>';
echo '<tr><td bgcolor="#CCCCCC" align="center">';
echo '<textarea name="ntext" cols="100" rows="10">'.stripslashes($row['text']).'</textarea>';
echo '<input type="hidden" name="nid" value="'.$row['id'].'">';
echo '</td></tr>';
echo '<tr><td bgcolor="#CCCCCC" align="center">';
echo '<input type="submit" name="submitmod" value=" OK ">';
echo '</td></tr></table></form>';
}
if ($submitmod != '')
{
$nauthor = addslashes($nauthor);
$ntext = addslashes($ntext);
$query = "UPDATE mcgallery_comment SET author='$nauthor', email='$nemail', date='$ndate', note='$nnote', text='$ntext' WHERE id=$nid";
mysql_query($query);
}
if ($act == 'del')
{
$query = "DELETE FROM mcgallery_comment WHERE id=$id";
mysql_query($query);
}
if ($act == 'val')
{
$query = "UPDATE mcgallery_comment SET valid='Y' WHERE id=$id";
mysql_query($query);
}
if ($image == '')
{
echo '<form method="post" action="comments.php">';
echo '<table align="center" border="0" cellspacing="1" cellpadding="4">';
echo '<tr><td bgcolor="black">';
echo ' <select name="last">';
echo '<option value="'.$last.'" selected>'.$last.'</option>';
echo '<option value="">__</option>';
echo '<option value="10">10</option>';
echo '<option value="20">20</option>';
echo '<option value="30">30</option>';
echo '<option value="40">40</option>';
echo '<option value="50">50</option>';
echo '<option value="100">100</option>';
echo '</select>';
echo '<font face="verdana" color="white" size="2"> '.$l_LastComm.'</font>';
echo ' <input type="submit" value="OK"> </td></tr></table></form>';
echo '<table align="center" border="0" cellspacing="1" cellpadding="1">';
if ($last == '')
{
$query = "SELECT p.file, p.idalbum, c.id, c.date, c.email, c.author, c.text, c.note, c.valid FROM mcgallery_photo p, mcgallery_comment c WHERE c.valid='N' AND c.type='P' AND p.id=c.id_photo ORDER BY c.date DESC, c.id DESC";
}
else
{
$query = "SELECT p.file, p.idalbum, c.id, c.date, c.email, c.author, c.text, c.note, c.valid FROM mcgallery_photo p, mcgallery_comment c WHERE c.type='P' AND p.id=c.id_photo ORDER BY c.date DESC, c.id DESC LIMIT 0,$last";
}
$res = mysql_query($query);
$nbre = mysql_num_rows($res);
echo '<tr><td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Photo.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Date.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Auteur.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Email.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Message.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Edit.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_valid_ok.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Suppr.'</font></td></tr>';
if ($nbre == 0)
{ echo '<tr><td bgcolor="#CCCCCC" colspan="8" align="center">';
echo '<font face="verdana" color="black" size="1">'.$l_nothing.'</font></td></tr>';
}
else
{
while ($row = mysql_fetch_array($res))
{
$len = strlen($row['idalbum']);
$image = substr($row['file'], ($len + 1));
$vignette = '../photos/'.$row['idalbum'].'/small/'.substr($row['file'], ($len + 1));
echo '<tr><td bgcolor="#CCCCCC">';
echo '<img src="'.$vignette.'" alt="" border="0"></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['date'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo stripslashes($row['author']).'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['email'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo '<b>'.$l_rating.': '.$row['note'].'/10</b><br>';
echo nl2br(stripslashes($row['text'])).'</font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=edit&id='.$row['id'].'"><img src="../images/b_go.gif" border="0"></a></font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
if ($row['valid'] == 'N')
{
echo '<a href="comments.php?act=val&id='.$row['id'].'"><img src="../images/b_ok.gif" border="0"></a></font></td>';
}
else { echo ' </td>'; }
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=del&id='.$row['id'].'"><img src="../images/b_del.gif" border="0"></a></font></td></tr>';
}
}
if ($last == '')
{
$query = "SELECT p.file, p.idalbum, c.id, c.date, c.email, c.author, c.text, c.note, c.valid FROM mcgallery_video p, mcgallery_comment c WHERE c.valid='N' AND c.type='V' AND p.id=c.id_photo ORDER BY c.date DESC, c.id DESC";
}
else
{
$query = "SELECT p.file, p.idalbum, c.id, c.date, c.email, c.author, c.text, c.note, c.valid FROM mcgallery_video p, mcgallery_comment c WHERE c.type='V' AND p.id=c.id_photo ORDER BY c.date DESC, c.id DESC LIMIT 0,$last";
}
$res = mysql_query($query);
$nbre = mysql_num_rows($res);
echo '<tr><td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Video.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Date.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Auteur.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Email.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Message.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Edit.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_valid_ok.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Suppr.'</font></td></tr>';
if ($nbre == 0)
{ echo '<tr><td bgcolor="#CCCCCC" colspan="8" align="center">';
echo '<font face="verdana" color="black" size="1">'.$l_nothing.'</font></td></tr>';
}
else
{
while ($row = mysql_fetch_array($res))
{
$len = strlen($row['idalbum']);
$image = substr($row['file'], ($len + 1));
$vignette = '../videos/'.$row['idalbum'].'/small/'.substr($row['file'], ($len + 1), -3).'jpg';
echo '<tr><td bgcolor="#CCCCCC">';
echo '<img src="'.$vignette.'" alt="" border="0"></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['date'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo stripslashes($row['author']).'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['email'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo '<b>'.$l_rating.': '.$row['note'].'/10</b><br>';
echo nl2br(stripslashes($row['text'])).'</font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=edit&id='.$row['id'].'"><img src="../images/b_go.gif" border="0"></a></font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
if ($row['valid'] == 'N')
{
echo '<a href="comments.php?act=val&id='.$row['id'].'"><img src="../images/b_ok.gif" border="0"></a></font></td>';
}
else { echo ' </td>'; }
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=del&id='.$row['id'].'"><img src="../images/b_del.gif" border="0"></a></font></td></tr>';
}
}
if ($last == '')
{
$query = "SELECT p.file, p.idalbum, c.id, c.date, c.email, c.author, c.text, c.note, c.valid FROM mcgallery_flash p, mcgallery_comment c WHERE c.valid='N' AND c.type='F' AND p.id=c.id_photo ORDER BY c.date DESC, c.id DESC";
}
else
{
$query = "SELECT p.file, p.idalbum, c.id, c.date, c.email, c.author, c.text, c.note, c.valid FROM mcgallery_flash p, mcgallery_comment c WHERE c.type='F' AND p.id=c.id_photo ORDER BY c.date DESC, c.id DESC LIMIT 0,$last";
}
$res = mysql_query($query);
$nbre = mysql_num_rows($res);
echo '<tr><td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Flash.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Date.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Auteur.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Email.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="2">';
echo $l_Message.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Edit.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_valid_ok.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Suppr.'</font></td></tr>';
if ($nbre == 0)
{ echo '<tr><td bgcolor="#CCCCCC" colspan="8" align="center">';
echo '<font face="verdana" color="black" size="1">'.$l_nothing.'</font></td></tr>';
}
else
{
while ($row = mysql_fetch_array($res))
{
$len = strlen($row['idalbum']);
$image = substr($row['file'], ($len + 1));
$vignette = '../flash/'.$row['idalbum'].'/small/'.substr($row['file'], ($len + 1), -3).'jpg';
echo '<tr><td bgcolor="#CCCCCC">';
echo '<img src="'.$vignette.'" alt="" border="0"></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['date'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo stripslashes($row['author']).'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['email'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo '<b>'.$l_rating.': '.$row['note'].'/10</b><br>';
echo nl2br(stripslashes($row['text'])).'</font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=edit&id='.$row['id'].'"><img src="../images/b_go.gif" border="0"></a></font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
if ($row['valid'] == 'N')
{
echo '<a href="comments.php?act=val&id='.$row['id'].'"><img src="../images/b_ok.gif" border="0"></a></font></td>';
}
else { echo ' </td>'; }
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=del&id='.$row['id'].'"><img src="../images/b_del.gif" border="0"></a></font></td></tr>';
}
}
echo '</table>';
}
else
{
echo '<table align="center" border="0" cellspacing="1" cellpadding="1">';
$query = " SELECT id, date, email, author, text, note, valid FROM mcgallery_comment WHERE type='$t' AND id_photo=$id ORDER BY valid, date DESC";
$resultat = mysql_query($query);
$nbre = mysql_num_rows($resultat);
echo '<tr><td bgcolor="black" align="center" colspan=7">';
echo '<img src="'.$image.'" alt="" border="0">';
echo '<font face="verdana" color="white" size="1"> '.$nbre.' '.$l_Comments.'</font></td></tr><tr>';
echo '<tr><td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Date.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Auteur.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Email.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Message.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Edit.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_valid_ok.'</font></td>';
echo '<td bgcolor="black"><font face="verdana" color="white" size="1">'.$l_Suppr.'</font></td></tr>';
while ($row = mysql_fetch_array($resultat))
{
echo '<tr><td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['date'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo stripslashes($row['author']).'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo $row['email'].'</font></td>';
echo '<td bgcolor="#CCCCCC"><font face="verdana" color="black" size="1">';
echo '<b>'.$l_rating.': '.$row['note'].'/10</b><br>';
echo nl2br(stripslashes($row['text'])).'</font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=edit&id='.$row['id'].'"><img src="../images/b_go.gif" border="0"></a></font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
if ($row['valid'] == 'N')
{
echo '<a href="comments.php?act=val&id='.$row['id'].'"><img src="../images/b_ok.gif" border="0"></a>';
}
else { echo ' '; }
echo '</font></td>';
echo '<td bgcolor="#CCCCCC" align="center"><font face="verdana" size="2">';
echo '<a href="comments.php?act=del&id='.$row['id'].'"><img src="../images/b_del.gif" border="0"></a></font></td></tr>';
}
echo '</table>';
}
include './footer.php';
?>