setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->exec("CREATE TABLE IF NOT EXISTS comments ( id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, comment TEXT NOT NULL, ip TEXT NOT NULL, date TEXT NOT NULL )"); $error = ''; $ip = $_SERVER['REMOTE_ADDR']; $is_admin = false; foreach ($ADMIN_IP_PREFIXES as $prefix) { if (str_starts_with($ip, $prefix)) { $is_admin = true; break; } } // Handle deletions if (isset($_GET['delete']) && $is_admin) { $del_id = intval($_GET['delete']); $stmt = $db->prepare("DELETE FROM comments WHERE id = ?"); $stmt->execute([$del_id]); header("Location: " . strtok($_SERVER["REQUEST_URI"], '?')); exit; } // Handle new comments if ($_SERVER['REQUEST_METHOD'] === 'POST') { $name = trim($_POST['name']); $comment = trim($_POST['comment']); if (strlen($comment) > $COMMENT_MAX_LENGTH) { $error = "Whoa there, sysadmin — keep it under $COMMENT_MAX_LENGTH characters!"; } elseif ($name && $comment) { $check = $db->prepare("SELECT COUNT(*) FROM comments WHERE ip = ? OR name = ?"); $check->execute([$ip, $name]); if ($check->fetchColumn() > 0) { $error = "One post per person — let other engineers join the thread."; } else { $stmt = $db->prepare("INSERT INTO comments (name, comment, ip, date) VALUES (?, ?, ?, datetime('now','localtime'))"); $stmt->execute([$name, $comment, $ip]); header("Location: " . $_SERVER['REQUEST_URI']); exit; } } } // Fetch existing comments $comments = $db->query("SELECT * FROM comments ORDER BY id DESC")->fetchAll(PDO::FETCH_ASSOC); ?>