Web/TP/TPSecurite/article_view.php

<?php
require_once 'lib/common.php';
session_start();

if (empty($_GET['id'])) {
	header('Location: article_list.php');
	exit();
}


$db = initDatabase();
$req = mysqli_query($db,"SELECT * FROM article WHERE id=" .$_GET['id']);
 $article=mysqli_fetch_assoc($req);

$req = mysqli_query($db,"SELECT c.*, u.login, u.url "
								. "FROM comment c JOIN user u ON c.id_user=u.id"
								. " WHERE id_article=" . $_GET['id']);
$comments=mysqli_fetch_all($req,MYSQLI_ASSOC);
?>
<?php 
include 'templates/header.php';
?>
<body container>

<h1>Article</h1>

<?php

echo '<div  id="article">'
	. '<h3>'. $article['title'] .'</h3>'
	. '<div id="content">' . $article['content'] . '</div>';

echo '<h5 class="_bb1">Commentaires</h5>';
if (empty($comments)) {
	echo '<p>Aucun</p>';
} else {
	foreach ($comments as $comment) {
		echo '<section class="alert-box">';
		echo		 "<b class='_ts2'>".$comment['title']."</b>"
			. (isset($_SESSION['user']['id']) && $comment['id_user'] == $_SESSION['user']['id'] ?
			' <a href="comment_create.php?id_article=' . $comment['id_article']
			. '&amp;id_comment=' . $comment['id'] . '" title="'. $comment['title']
			. '">Modifier ce commentaire</a>' :
			'')
			. '<p class="_ts2">' . $comment['content'] ."</p>"
			.  "<p><span class='tag-box -warning'><a href=\"".$comment['url']."\">".$comment['login']."</a></p>";
		echo "</section>";
	}
}
echo "</div>";

if (empty($_SESSION['user'])) {
	echo '<p>Il faut être identifié pour poster un commentaire.</p>';
} else {
	if ($article['closed']) {
		echo "<p>Article fermé, non modifiable.</p>";
	} else {
		echo '<p> <a href="comment_create.php?id_article='. $article['id']
			.'">Ajouter un commentaire</a> avec votre compte : ' . $_SESSION['user']['name']
			.' </p>';
	}
}
?>

<p> <a href="article_list.php">Retour à la liste des articles</a> </p>

<?php
include './templates/footer.php';
?>

</body>
</html>