isLoggedIn($sid); //A UR 17.2.2011 if ($ok[0] == 0) { $ok = $sl->checkLoginData($_POST,session_id()); $ok = $sl->isLoggedIn($sid); } //E UR //check if logged in if($ok[0] == 0) { header('Location:' . $_REQUEST['re']); die('Not logged in'); } else { $cusIdNo = $ok[0]; } } else { die("Error #199: Cannot find dynamic extensions"); } require_once './dynsb/module/comments/class.comment.php'; //Kommentar hinzufügen if (isset($_POST['commsubmit'])) { if(empty($_POST['commitemnumber'])) { header('Location: '. $_POST['commreturn']); die("+"); } //if fields are empty or no rating if(($_POST['commrating'] == '') || (''==(trim($_POST['commsubject']))) || (''==(trim($_POST['commbody'])))) { $_SESSION['commrating'] = $_POST['commrating']; $_SESSION['commsubject'] = $_POST['commsubject']; $_SESSION['commbody'] = $_POST['commbody']; $_SESSION['commerr'] = 1; header('Location: gs_addcomment.php?item=' . $_POST['commitemnumber'] . '&re=' . $_POST['commreturn']); die("*"); } //if magice quotes is on, stripslashes because mysql_escape_string() will be //used later if (get_magic_quotes_gpc()) { $_POST['commitemnumber'] = stripslashes($_POST['commitemnumber']); $_POST['commrating'] = stripslashes($_POST['commrating']); $_POST['commsubject'] = stripslashes($_POST['commsubject']); $_POST['commbody'] = stripslashes($_POST['commbody']); } //Insert new comment $oc = new Comment(); $oc->setItemNumber($_POST['commitemnumber']); $oc->setRating($_POST['commrating']); $oc->setSubject($_POST['commsubject']); $oc->setBody($_POST['commbody']); $oc->setCusId($cusIdNo); if(!$oc->save()) { $_SESSION['commerr'] = 2; } header('Location: '. $_REQUEST['commreturn']); //TODO: wenn RE mal fehlt die('#'); } //+++++++++++++++++++++++++++++++ //++++kommentare löschen+++++++++ elseif ($_REQUEST['action'] == "del") { foreach((array)$_REQUEST['items'] as $itemNumber) { Comment::delete($itemNumber, $cusIdNo); } header('Location: gs_commentsuser.php'); die(); } //+++++++++++++++++++++++++++++++ //++++kommentare aktualisieren+++++++++ elseif(isset($_REQUEST['commupd'])) { //commitemnumber in diesem Fall die Kommentar ID $id = trim($_POST['commitemnumber']); if (empty($id)) { header('Location: gs_commentsuser.php'); die(); } //if fields are empty or no rating if(($_POST['commrating'] == '') || (''==(trim($_POST['commsubject']))) || (''==(trim($_POST['commbody'])))) { $_SESSION['commrating'] = $_POST['commrating']; $_SESSION['commsubject'] = $_POST['commsubject']; $_SESSION['commbody'] = $_POST['commbody']; $_SESSION['commerr'] = 1; header('Location: gs_addcomment.php?id=' . $id); die(); } //if magice quotes is on, stripslashes because mysql_escape_string() will be //used later if (get_magic_quotes_gpc()) { $_POST['commrating'] = stripslashes($_POST['commrating']); $_POST['commsubject'] = stripslashes($_POST['commsubject']); $_POST['commbody'] = stripslashes($_POST['commbody']); } //Insert new comment $oc = new Comment($id); $oc->setRating($_POST['commrating']); $oc->setSubject($_POST['commsubject']); $oc->setBody($_POST['commbody']); //save only when customer Ids match if ($cusIdNo == $oc->getCusId()) { if(!$oc->save()) { $_SESSION['commerr'] = 2; } } header('Location: gs_commentsuser.php'); die('#'); } ?>