<?php
include "header.php";
dbConnect();
$id = $_REQUEST["id"];
$message = htmlsafe($_POST["message"]);
$sender = htmlsafe($_POST["sender"]);
$email = htmlsafe($_POST["email"]);
$submit = $_POST["submit"];

$tbl = "feedback";

if ($submit == 'SEND' && $message && $sender && $email) {
    	if (mysql_num_rows(mysql_query("select * from $tbl where id=$id"))) {
    		mysql_query("update $tbl set message='$message',sender='$sender',email='$email' where id=$id");
    	} else {
		mysql_query("insert into $tbl(message,sender,email,dated) values('$message','$sender','$email',curdate())");
    	}
} else if ($action == "del") {
    	mysql_query("delete from $tbl where id=$id");
}

echo "<table class='search' width='98%'>
Your feedback is important for us to improve our services of your need.<br>
Please submit complete information. Thanks.";
if (!$id) {
	echo "<table class=normal width='90%'>
  	<tr valign='top'><td nowrap>Feedback</td>
	<td><textarea name='message' rows='8' cols='50'></textarea></td></tr>
  	<tr><td nowrap>Sender Name</td>
	<td><input type='text' name='sender' value='' size='50'></td></tr>
  	<tr><td nowrap>Sender Email</td>
	<td><input type='text' name='email' value='' size='50'>
  	<input type='submit' name='submit' value='SEND'></td></tr>";
} else {
  	echo "<tr><td><a href='$PHP_SELF?conf=$conf&id='>New feedback</a></td></tr>";
}
echo "</table>
<b>Posted Feedback</b><ul>";

$rs = mysql_query("select * from $tbl order by dated desc,id");
while($o = mysql_fetch_object($rs)) {
	$i++;
      	echo "<li><b>$i)</b> $o->message
	<div align='right'><i><b>By $o->sender ($o->email) Dated: $o->dated</b></i></div>";
  	if ($role == 'Admin') echo "[ <a href='$PHP_SELF?conf=$conf&action=del&id=$o->id'>Delete</a> ]<br>";
	echo "<br></li>";
}
echo "</ul>";

?>