<?php
# Add a comment to this package
if (isset($_REQUEST['comment'])) {

	# Insert the comment
	$dbh = db_connect();
	$q = 'INSERT INTO PackageComments ';
	$q.= '(PackageID, UsersID, Comments, CommentTS) VALUES (';
	$q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', ';
	$q.= "'" . db_escape_string($_REQUEST['comment']) . "', ";
	$q.= 'UNIX_TIMESTAMP())';
	db_query($q, $dbh);

	# Send email notifications
	$q = 'SELECT CommentNotify.*, Users.Email ';
	$q.= 'FROM CommentNotify, Users ';
	$q.= 'WHERE Users.ID = CommentNotify.UserID ';
	$q.= 'AND CommentNotify.UserID != ' . uid_from_sid($_COOKIE['AURSID']) . ' ';
	$q.= 'AND CommentNotify.PkgID = ' . intval($_REQUEST['ID']);
	$result = db_query($q, $dbh);
	$bcc = array();

	if (mysql_num_rows($result)) {
		while ($row = mysql_fetch_assoc($result)) {
			array_push($bcc, $row['Email']);
		}

		$q = 'SELECT Packages.* ';
		$q.= 'FROM Packages ';
		$q.= 'WHERE Packages.ID = ' . intval($_REQUEST['ID']);
		$result = db_query($q, $dbh);
		$row = mysql_fetch_assoc($result);

		# TODO: native language emails for users, based on their prefs
		# Simply making these strings translatable won't work, users would be
		# getting emails in the language that the user who posted the comment was in
		$body =
		'from ' . $AUR_LOCATION . '/packages.php?ID='
		. $_REQUEST['ID'] . "\n"
		. username_from_sid($_COOKIE['AURSID'], $dbh) . " wrote:\n\n"
		. $_POST['comment']
		. "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button.";
		$body = wordwrap($body, 70);
		$bcc = implode(', ', $bcc);
		$headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n";
		@mail('undisclosed-recipients: ;', "AUR Comment for " . $row['Name'], $body, $headers);
	}
}

	# Prompt visitor for comment
?>
<div id="generic-form" class="box">
	<h2><?php echo __("Add Comment"); ?></h2>
	<form call="general-form" action="<?php echo $_SERVER['REQUEST_URI'] ?>" method="post">
		<fieldset>
<?php
if (isset($_REQUEST['comment'])) {
	echo '<p>' . __('Comment has been added.') . '</p>';
}
?>
			<div>
				<input type="hidden" name="ID" value="<?php echo intval($_REQUEST['ID']) ?>" />
			</div>
			<p>
				<label for="id_comment"><?php echo __("Comment") . ':' ?></label>
				<textarea id="id_comment" name="comment" cols="80" rows="10"></textarea>
			</p>
			<p>
				<label></label>
				<input type="submit" value="<?php echo __("Add Comment") ?>" />
			</p>
		</fieldset>
	</form>
</div>