001.require_once './db.php';
002.
003.$response = array(
004. 'error' => true,
005. 'msg' => ''
006.);
007.
008.while (true) {
009.
010. if (!isset($_POST['type'])) {
011. $response['msg'] = 'You did not provide type.';
012. break;
013. }
014.
015. switch ($_POST['type']) {
016. case 'reply' :
017.
018. if (!isset($_GET['id'])) {
019. $response['msg'] = 'You did not provide comment ID.';
020. break 2;
021. }
022.
023. $sql = 'SELECT `name`, `id` '
024. . 'FROM `comments_tutor` '
025. . 'WHERE `id` = %d '
026. . 'LIMIT 1';
027.
028. if (($result = mysql_query(sprintf($sql, $_GET['id']), $con)) === false) {
029. $response['msg'] = 'Could not retrieve comment author.';
030. break 2;
031. }
032.
033. if (mysql_num_rows($result) < 1) {
034. $response['msg'] = sprintf('There is not comment with ID `%s`.', $_GET['id']);
035. break 2;
036. }
037.
038. $name = mysql_fetch_object($result);
039.
040. $response['name'] = $name->name;
041. $response['id'] = $name->id;
042.
043. break;
044.
045. case 'post' :
046.
047. if (!isset($_POST['name'])) {
048. $response['msg'] = 'You did not provide name.';
049. break 2;
050. }
051.
052. if (!isset($_POST['email'])) {
053. $response['msg'] = 'You did not provide e-mail.';
054. break 2;
055. }
056.
057. if (!isset($_POST['url'])) {
058. $response['msg'] = 'You did not provide url.';
059. break 2;
060. }
061.
062. if (!isset($_POST['msg'])) {
063. $response['msg'] = 'You did not provide message.';
064. break 2;
065. }
066.
067. if (!isset($_POST['parent'])) {
068. $response['msg'] = 'You did not provide comment ID.';
069. break 2;
070. }
071.
072. if (!preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_POST['email'])) {
073. $response['msg'] = 'E-mail not valid.';
074. break 2;
075. }
076.
077. if (!empty($_POST['url']) && !preg_match('#^((http|ftp|https)\:\/\/)(www\.)?([a-zA-Z]{1}([\w\-]+\.)+([\w]{2,5}))(:[\d]{1,5})?((/?\w+/)+|/?)(\w+\.[\w]{3,4})?((\?\w+=\w+)?(&\w+=\w+)*)?$#i', $_POST['url'])) {
078. $response['msg'] = 'Url not valid.';
079. break 2;
080. }
081.
082. if ($_POST['parent'] > 0) {
083. $sql = 'SELECT `id` '
084. . 'FROM `comments_tutor` '
085. . 'WHERE `id` = %d '
086. . 'LIMIT 1';
087.
088. if (($result = mysql_query(sprintf($sql, $_POST['parent']), $con)) === false) {
089. $response['msg'] = 'Could not check if comment exists.';
090. break 2;
091. }
092.
093. if (mysql_num_rows($result) < 1) {
094. $response['msg'] = sprintf('There is not comment with ID `%s`.', $_POST['parent']);
095. break 2;
096. }
097. }
098.
099. $sql = 'INSERT INTO `comments_tutor` ( '
100. . '`name`, `email`, `url`, `parent`, `message`'
101. . ') VALUES ( '
102. . "'%s', '%s', '%s', %d, '%s'"
103. . ')';
104.
105. if (mysql_query(sprintf(
106. $sql,
107. mysql_real_escape_string($_POST['name']),
108. mysql_real_escape_string($_POST['email']),
109. mysql_real_escape_string($_POST['url']),
110. $_POST['parent'],
111. mysql_real_escape_string($_POST['msg'])
112. )) === false) {
113. $response['msg'] = 'Could not insert comment.';
114. break 2;
115. }
116.
117. break;
118.
119. default :
120. $response['msg'] = 'Invalid type.';
121. break 2;
122. }
123.
124. $response['error'] = false;
125. $response['msg'] = 'Comment saved.';
126.
127. break;
128.}
129.
130.echo json_encode($response);