host = $host; $this->username = $username; $this->password = $password; $this->db = $db; $this->table = $table; $this->connect(); } /** deletes all the comments in the database for the suppled report */ public function delete_comment($id, $thread){ $table = $this->table; $q = "DELETE FROM $table WHERE report = '$thread' and id = '$id'"; mysql_query($q); return"Deleted Post"; } /** Display all comment entrys for the specified report */ public function get_comments($report) { $page = $_SERVER['PHP_SELF']; $table = $this->table; $entry_display .= << Comments ENTRY_DISPLAY; $q = "SELECT * FROM $table WHERE report=".$report." ORDER BY id"; $r = mysql_query($q); if ( $r !== false && mysql_num_rows($r) > 0 ) { while ( $a = mysql_fetch_assoc($r) ) { $title = stripslashes($a['title']); $bodytext = stripslashes($a['bodytext']); $username = $a['name']; $gravatar = 'http://www.gravatar.com/avatar/' . $a['email'] . '?s=48'; $date = $a['created']; $id = $a['id']; $entry_display .= << $username : $title ENTRY_DISPLAY; if($_SESSION['access'] == "admin" || $_SESSION['username'] == $username) $entry_display .= <<Delete Post ENTRY_DISPLAY; $entry_display .= <<

$bodytext

Posted: $date


ENTRY_DISPLAY; } } else { $entry_display .= << No entries have been made on this page.

ENTRY_DISPLAY; } /* $entry_display .= << Add a New Entry

ADMIN_OPTION; */ return $entry_display; } /* This function will be used to display the new comment entry form */ public function display_post($report) { return << New Comment


ADMIN_FORM; } public function write($thread, $title, $body) { $table = $this->table; $title = mysql_real_escape_string(strip_tags($title)); $bodytext = mysql_real_escape_string(strip_tags($body)); $name = $_SESSION['username']; $email = $_SESSION['email']; if ( $title && $bodytext ) { $created = date("g:iA M d, Y"); $sql = "INSERT INTO $table (title, bodytext, created, report, name, email) VALUES ('$title','$bodytext','$created','$thread', '$name', '$email' )"; return mysql_query($sql) or die("Could not instert." . mysql_error()); } else { return false; } } /** This function connects to the database */ public function connect() { mysql_connect($this->host,$this->username,$this->password) or die("Could not connect. " . mysql_error()); mysql_select_db($this->db) or die("Could not select database. " . mysql_error()); return $this->buildDB(); } private function buildDB() { $table = $this->table; $sql = <<