Your IP : 216.73.216.40
<?php
$id = $_REQUEST["id"];
$message = htmlsafe(strip_tags($_POST["message"]));
$sender = htmlsafe($_POST["sender"]);
$email = htmlsafe($_POST["email"]);
$ip = $_SERVER["REMOTE_ADDR"];
//$reply = htmlsafe($_POST["reply"]);
$reply = $_POST["reply"];
$submit = $_POST["submit"];
$tbl = "feedback";
echo "Your feedback is important for us to improve upon the services of your need.
Please submit complete information. Your email is must to receive our response. Thanks.
<br><br>
<!--<b><marquee behavior='alternate' scrollamount='1' scrolldelay='10'>
Only one feedback per day from an email and IP address is acceptable.
</marquee></b><br><br>-->";
if ($_GET["confirm"] == 1) {
if (mysql_num_rows(mysql_query("select * from $tbl where id=$id"))) {
mysql_query("update $tbl set status='confirmed' where id=$id");
echo "<h1>Thanks for confirmation. We wish you all the best.</h1>";
} else {
echo "<h1>Wrong posting.</h1>";
}
} else if ($submit == 'SEND' && $message && $sender && $email) {
if (check_abuser($message,$sender,$email,$ip) == TRUE) {
echo "<h1>You are blocked under abusers category</h1>";
} else if (check_email($email)) {
mysql_query("insert into $tbl(message,sender,email,ip,dated,postedon)
values('$message','$sender','$email','$ip',now(),curdate())");
$rs = mysql_query("select last_insert_id() as id");
$id = mysql_fetch_object($rs)->id;
$mailbody = "
Dear Mr. $sender
Kindly click on below link to get your feedback posted on ADA website.
http://ada.iiita.ac.in/inner.php?conf=feedback&id=$id&confirm=1
Thanks.
ADA Allahabad";
if (sendmail($email, 'Thanks! Pl. Confirm your feedback',$mailbody) == TRUE) {
//mysql_query("update $tbl set status='confirmed' query='$query',nature='$nature',sender='$sender',
//email='$email',ip='$ip' where id=$id");
echo "<h1>Thanks for your feedback. A mail containing a link for confirmation has been sent on your email.
Kindly click that link to complete the posting of your feedback on ADA website.</h1>";
} else {
echo "<h1>Wrong email address.</h1>";
}
}
} else if ($submit == 'SAVE & MAIL') {
mysql_query("update $tbl set reply='$reply' where id=$id");
$rs = mysql_query("select * from $tbl where id=$id");
if (mysql_num_rows($rs)) {
$o = mysql_fetch_object($rs);
$email = $o->email;
}
if (sendmail($email,"Thanks for your feedback",strip_tags($reply)) == TRUE) echo "<h1>Done</h1>";
} else if ($action == "del") {
mysql_query("delete from $tbl where id=$id");
}
echo "<table class='search' width='98%'>";
if (!$id) {
echo "<table class=normal width='90%'>
<tr valign='top'><td>Feedback<br>(in 500 words)<br>
For query pl. visit<br><a href='inner.php?conf=rtiquery'>Query & RTI</a></td>
<td><textarea name='message' rows='8' cols='60'>".$message."</textarea></td></tr>
<tr><td nowrap>Full Name</td>
<td><input type='text' name='sender' value='".$sender."' size='50'></td></tr>
<tr><td nowrap>Valid Email</td>
<td><input type='text' name='email' value='".$email."' size='50'>
<input type='submit' name='submit' value='SEND'><br>
Feedback with <u>fake email</u> will be rejected</td></tr>";
} else {
echo "<tr><td>[ <a href='$PHP_SELF?conf=$conf&id='>New feedback</a> ]</td></tr>";
}
echo "</table>";
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where status='confirmed' and reply='' order by dated desc,id");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$pending = $tro->t;
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where status='confirmed' order by dated desc,id");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$total = $tro->t;
echo "<b>Posted Feedback</b> (Total: $total";
if ($pending > 0) echo " / <a href='$PHP_SELF?conf=$conf&pending=1'>Pending: $pending</a>";
echo ") Pages: ";
$pno = $_REQUEST["pno"];
if (!$pno) $pno = 1;
$pgsize = 10;
$start = (($pno - 1) * $pgsize);
if ($total > $pgsize) {
$firstpno = max (1, ceil($start/$pgsize) - 2);
$lastpno = $firstpno + 9;
if (ceil($total/$pgsize) > $pgsize && $lastpno >= ceil($total/$pgsize)) $firstpno = ceil($total/$pgsize) - 10;
for($i = $firstpno; $i <= min($lastpno, ceil($total/$pgsize)); $i++) {
if ($i == $pno) echo "<b>$i</b> ";
else echo "<a href='$PHP_SELF?conf=$conf&pno=$i'>$i</a> ";
}
} else echo "1";
$i = 0;
if ($_REQUEST["pending"]) {
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where status='confirmed' and reply='' order by dated desc,id");
$p = 1;
} else {
$rs = mysql_query("select * from $tbl where status='confirmed' and reply<>'' order by dated desc,id LIMIT $start,10");
$p = 0;
}
echo "<ul>";
while($o = mysql_fetch_object($rs)) {
$start++;
echo "<li><b>$o->id)</b> $o->message
<div align='right'><i><b>By $o->sender ($o->email, $o->ip) Dated: $o->dated</b></i></div>
<b>Reply:</b> ";
if ($o->reply) echo $o->reply.' '; else echo "<span style='color:red'>Awaited</span> ";
if ($role == 'admin') {
if ($action == 'reply' && $id == $o->id) {
echo "<textarea name='reply' rows='5' cols='60'>$o->reply</textarea>
<input type='hidden' name='id' value='$o->id'><br>
<input type='submit' name='submit' value='SAVE & MAIL'> ";
} else if ($o->reply) {
echo "[ <a href='$PHP_SELF?conf=$conf&action=reply&id=$o->id&pending=$p&pno=$pno'>Edit</a> ]";
} else {
echo "[ <a href='$PHP_SELF?conf=$conf&action=reply&pending=$p&id=$o->id&pno=$pno'>Compose</a> ]";
}
echo "[ <a href='$PHP_SELF?conf=$conf&action=del&id=$o->id&pending=$p&pno=$pno'>Delete</a> ]";
}
echo "<br><br></li>";
}
echo "</ul>";
?>