<?php # Add a comment to this package if (isset($_REQUEST['comment'])) { # Insert the comment $dbh = db_connect(); $q = 'INSERT INTO PackageComments '; $q.= '(PackageID, UsersID, Comments, CommentTS) VALUES ('; $q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', '; $q.= "'" . db_escape_string($_REQUEST['comment']) . "', "; $q.= 'UNIX_TIMESTAMP())'; db_query($q, $dbh); # Send email notifications $q = 'SELECT CommentNotify.*, Users.Email '; $q.= 'FROM CommentNotify, Users '; $q.= 'WHERE Users.ID = CommentNotify.UserID '; $q.= 'AND CommentNotify.UserID != ' . uid_from_sid($_COOKIE['AURSID']) . ' '; $q.= 'AND CommentNotify.PkgID = ' . intval($_REQUEST['ID']); $result = db_query($q, $dbh); $bcc = array(); if (mysql_num_rows($result)) { while ($row = mysql_fetch_assoc($result)) { array_push($bcc, $row['Email']); } $q = 'SELECT Packages.* '; $q.= 'FROM Packages '; $q.= 'WHERE Packages.ID = ' . intval($_REQUEST['ID']); $result = db_query($q, $dbh); $row = mysql_fetch_assoc($result); # TODO: native language emails for users, based on their prefs # Simply making these strings translatable won't work, users would be # getting emails in the language that the user who posted the comment was in $body = 'from ' . $AUR_LOCATION . '/packages.php?ID=' . $_REQUEST['ID'] . "\n" . username_from_sid($_COOKIE['AURSID'], $dbh) . " wrote:\n\n" . $_POST['comment'] . "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button."; $body = wordwrap($body, 70); $bcc = implode(', ', $bcc); $headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n"; @mail('undisclosed-recipients: ;', "AUR Comment for " . $row['Name'], $body, $headers); } } # Prompt visitor for comment ?> <div class="pgbox"> <form action='<?php echo $_SERVER['REQUEST_URI'] ?>' method='post'> <div style="padding: 1%"> <?php if (isset($_REQUEST['comment'])) { echo '<b>' . __('Comment has been added.') . '</b>'; } ?> <input type='hidden' name='ID' value="<?php echo intval($_REQUEST['ID']) ?>" /> <?php echo __('Enter your comment below.') ?><br /> <textarea name='comment' cols='80' rows='10' style="width: 100%"></textarea><br /> <input type='submit' value="<?php echo __("Submit") ?>" /> <input type='reset' value="<?php echo __("Reset") ?>" /> </div> </form> </div>