Your IP : 216.73.216.40

Current Path : /var/www/html/mmishra/indem/iiita/
Upload File :
Current File : /var/www/html/mmishra/indem/iiita/rtiquery.php

<?php
$id = $_REQUEST["id"];
$query = htmlsafe($_POST["query"]);
$nature = htmlsafe($_POST["nature"]);
$sender = htmlsafe($_POST["sender"]);
$ipaddress = $_SERVER["REMOTE_ADDR"];
$email = htmlsafe($_POST["email"]);
//$reply = htmlsafe($_POST["reply"]);
$reply = $_POST["reply"];
$submit = $_POST["submit"];
$pg = $_REQUEST["pg"];
if (!$pg) $pg = 1;

$tbl = "rtiquery";

echo "You are invited to seek general information from ADA Allahabad. One may also seek information under RTI act.
Please submit complete details so that we can get back to you. Your email is must to receive our response. Thanks. 
<br><b><u>
Alert: Your IP Address will be recorded with submitted details, so kindly avoid throwing garbage on this site.
</u></b><br><br>";

if ($submit == 'SEND' && $query && $sender && $email) {
	if (check_email($email) == TRUE) {
    		if (mysql_num_rows(mysql_query("select * from $tbl where id=$id"))) {
    			mysql_query("update $tbl set query='$query',nature='$nature',sender='$sender',
			email='$email',ipaddress='$ipaddress' where id=$id");
    		} else {
			mysql_query("insert into $tbl(query,nature,sender,email,ipaddress,dated) 
			values('$query','$nature','$sender','$email','$ipaddress',now())");
    		}
	} else { 
		echo "<b>Wrong email address</b><br>";
	}
} else if ($submit == 'SAVE & MAIL') {
        mysql_query("update $tbl set reply='$reply' where id=$id");
        $rs = mysql_query("select * from $tbl where id=$id");
        if (mysql_num_rows($rs)) {
                $o = mysql_fetch_object($rs);
                $email = $o->email;
        }
        if ($email) sendmail($email,"Thanks for your query",$reply);
} else if ($action == "del") {
    	mysql_query("delete from $tbl where id=$id");
}

echo "<table class='normal' width='98%'>";
if (!$id) {
	echo "<table class=normal width='90%'>
  	<tr valign='top'><td nowrap>Query<br>(in 500 words)</td>
	<td><textarea name='query' rows='5' cols='50'>".$query."</textarea></td></tr>
  	<tr><td nowrap>Nature of Query</td>
	<td><input type='radio' name='nature' value='general' checked>General 
	<input type='radio' name='nature' value='RTI'> Right To Information (response would not be available online)</td></tr>
  	<tr><td nowrap>Full Name</td>
	<td><input type='text' name='sender' value='".$sender."' size='50'></td></tr>
  	<tr><td nowrap>Valid Email</td>
	<td><input type='text' name='email' value='".$email."' size='50'>
  	<input type='submit' name='submit' value='SEND'><br>
	Query with <u>fake email</u> will be rejected</td></tr>";
} else {
  	echo "<tr><td>[ <a href='$PHP_SELF?conf=$conf&id='>New query</a> ]</td></tr>";
}
echo "</table>";

$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl order by dated desc,id");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$total = $tro->t;
if ($total > 10) {
	echo "<br><div class=notice>Pages: [ ";
        for($i=1; $i<=ceil($total/10); $i++) {
        	if ($i == $pg) echo "<b>$i</b>&nbsp;";
                else echo "<a href='$PHP_SELF?conf=$conf&pg=$i'>$i</a>&nbsp;";
        }
        echo "]</div>";
}
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where reply='' order by dated desc,id");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$pending = $tro->t;

$i = 0;
echo "<b>Posted Queries</b> (Total: $total / Pending: $pending)<ul>";
$start = (($pg - 1) * 10);
$rs = mysql_query("select * from $tbl order by dated desc,id LIMIT $start,10");
while($o = mysql_fetch_object($rs)) {
	$start++;
      	echo "<li><b>$o->id) <u>$o->nature</u>-</b> $o->query
	<div align='right'><i><b>By $o->sender ($o->email, $o->ipaddress) Dated: $o->dated</b></i></div>
	<b>Reply:</b> ";
	if ($o->reply) echo $o->reply.' '; else echo "Awaited ";
	if ($user) {
		if ($action == 'reply' && $id == $o->id) {
			echo "<b>HTML tags can be used in the reply for text formating only.</b>
			<textarea name='reply' rows='5' cols='60'>$o->reply</textarea>
			<input type='hidden' name='id' value='$o->id'><br>
			<input type='submit' name='submit' value='SAVE & MAIL'>&nbsp;";
		} else if ($o->reply) {
			echo "[ <a href='$PHP_SELF?conf=$conf&action=reply&id=$o->id&pg=$pg'>Edit</a> ]";
		} else {
			echo "[ <a href='$PHP_SELF?conf=$conf&action=reply&id=$o->id&pg=$pg'>Compose</a> ]";
		}
		if ($role == 'admin') echo "[ <a href='$PHP_SELF?conf=$conf&action=del&id=$o->id&pg=$pg'>Delete</a> ]";
	}
	echo "<br><br></li>";
}
echo '</ul>';
$rs = mysql_query("select * from webpages where id='rti'");
while($o = mysql_fetch_object($rs)) {
	echo "<b>$o->title</b><br>$o->content<br>";
}
?>