Your IP : 216.73.216.40
<?php
$rowid = $_REQUEST["rowid"];
$message = htmlsafe(strip_tags($_POST["message"]));
$sender = htmlsafe($_POST["sender"]);
$email = htmlsafe($_POST["email"]);
$systemip = $_SERVER["REMOTE_ADDR"];
//$reply = htmlsafe($_POST["reply"]);
$reply = $_POST["reply"];
$submit = $_POST["submit"];
$tbl = "feedback";
echo "
<dir>Your query/feedback is important for us to improve upon the services of your need.
Please submit complete information with your valrowid email to receive our response. Thanks.
<br><br>
<!--
Only one query/feedback per day from an email and IP address is acceptable.
<br><br>-->";
if ($_GET["confirm"] == 1) {
if (mysql_num_rows(mysql_query("select * from $tbl where rowid=$rowid"))) {
mysql_query("update $tbl set status='confirmed' where rowid=$rowid");
echo "<b>Thanks for confirmation. Wishing you all the best.</b>";
} else {
echo "<b>Wrong posting.</b>";
}
} else if ($submit == 'SEND' && $message && $sender && $email) {
if (checkAbuser($message,$sender,$email,$systemip) == TRUE) {
echo "<b>You are blocked under abusers category</b>";
} else if (checkEmail($email)) {
mysql_query("insert into $tbl(webid,message,sender,email,systemip,datecreation,datesubmission)
values('$webid','$message','$sender','$email','$systemip',now(),curdate())");
$rowid = mysql_insert_id();
$mailbody = "
Dear Mr. $sender
Kindly click on below link to get your query/feedback posted on desired website.
http://$webid/inner.php?conf=$conf&rowid=$rowid&confirm=1
Thanks.
ADA Allahabad";
if (sendmail($email, 'Thanks! Pl. confirm your query/feedback',$mailbody) == TRUE) {
echo "<b>Thanks for your query/feedback.
A mail containing a link for confirmation has been sent on your email.
Kindly click that link to complete the posting of your query/feedback on desired website.</b>";
} else {
echo "<b>Wrong email address.</b>";
}
}
} else if ($submit == 'SAVE & MAIL') {
mysql_query("update $tbl set reply='$reply' where rowid=$rowid");
$rs = mysql_query("select * from $tbl where rowid=$rowid");
if (mysql_num_rows($rs)) {
$o = mysql_fetch_object($rs);
$message = $o->message;
$email = $o->email;
}
$reply = "
Your query:
$message
Our reply:
$reply";
if (sendmail($email,"Thanks for your feedback",strip_tags($reply)) == TRUE) echo "<b>Done</b>";
} else if ($action == "del") {
mysql_query("delete from $tbl where rowid=$rowid");
}
echo "<table width='98%'>";
if (!$rowid) {
echo "<table class=normal wrowidth='90%'>
<tr valign='top'><td>Query/Feedback<br>(in 500 words)</td>
<td><textarea name='message' rows='8' cols='60'>".$message."</textarea></td></tr>
<tr><td nowrap>Full Name</td>
<td><input type='text' name='sender' value='".$sender."' size='50'></td></tr>
<tr><td nowrap>Valid Email</td>
<td><input type='text' name='email' value='".$email."' size='50'>
<input type='submit' name='submit' value='SEND'><br>
Query/Feedback with <u>fake email</u> address will be rejected.</td></tr>";
} else {
echo "<tr><td>[ <a href='$PHP_SELF?conf=$conf&rowid='>New query/feedback</a> ]</td></tr>";
}
echo "</table>";
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where webid='$webid' and status='confirmed' and reply='' order by datecreation desc,rowid");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$pending = $tro->t;
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where webid='$webid' and status='confirmed' order by datecreation desc,rowid");
$tro = mysql_fetch_object(mysql_query("select FOUND_ROWS() as t"));
$total = $tro->t;
echo "<hr><b>Posted Query/Feedback</b> (Total: $total";
if ($pending > 0) echo " / <a href='$PHP_SELF?conf=$conf&pending=1'>Pending: $pending</a>";
echo ") Pages: ";
$pno = $_REQUEST["pno"];
if (!$pno) $pno = 1;
$pgsize = 10;
$start = (($pno - 1) * $pgsize);
if ($total > $pgsize) {
$firstpno = max (1, ceil($start/$pgsize) - 2);
$lastpno = $firstpno + 9;
if (ceil($total/$pgsize) > $pgsize && $lastpno >= ceil($total/$pgsize)) $firstpno = ceil($total/$pgsize) - 10;
for($i = $firstpno; $i <= min($lastpno, ceil($total/$pgsize)); $i++) {
if ($i == $pno) echo "<b>$i</b> ";
else echo "<a href='$PHP_SELF?conf=$conf&pno=$i'>$i</a> ";
}
} else echo "1";
$i = 0;
if ($_REQUEST["pending"]) {
$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where webid='$webid' and status='confirmed' and reply='' order by datecreation desc,rowid");
$p = 1;
} else {
$rs = mysql_query("select * from $tbl where webid='$webid' and status='confirmed' and reply<>'' order by datecreation desc,rowid LIMIT $start,10");
$p = 0;
}
echo "<ul>";
while($o = mysql_fetch_object($rs)) {
$start++;
echo "<li>$o->rowid) $o->message
<div class='datetime'>By $o->sender ($o->email, $o->systemip), dated: $o->datecreation)</div>
<b>Reply:</b><dir>";
if ($role == 'admin') {
if ($action == 'reply' && $rowid == $o->rowid) {
echo "<textarea name='reply' rows='5' cols='60'>$o->reply</textarea>
<input type='hidden' name='rowid' value='$o->rowid'><br>
<input type='submit' name='submit' value='SAVE & MAIL'> ";
} else if ($o->reply) {
echo "<div>$o->reply</div>";
echo "[ <a href='$PHP_SELF?conf=$conf&action=reply&rowid=$o->rowid&pending=$p&pno=$pno'>Edit</a> ]";
} else {
echo "<div class='error'>Awaited</div>
[ <a href='$PHP_SELF?conf=$conf&action=reply&pending=$p&rowid=$o->rowid&pno=$pno'>Compose</a> ]";
}
echo "[ <a href='$PHP_SELF?conf=$conf&action=del&rowid=$o->rowid&pending=$p&pno=$pno'>Delete</a> ]";
} else if ($o->reply)
echo $o->reply.' ';
else
echo "<span class='error'>Awaited</span> ";
echo "</dir><br></li>";
}
echo "</ul></dir>";
?>