<?php
    require_once('include/functions/table_exists.php');

    $_back = isset($_GET['b']) ? str_replace('@', '&', trim(strval($_GET['b']))) : 's=home';
    $_id = isset($_GET['i']) ? intval($_GET['i']) : 0;        
    $_link = isset($_POST['link']) ? intval($_POST['link']) : 0;
    $_table = isset($_POST['table']) ? trim(strval($_POST['table'])) : '';
    $_comment = isset($_POST['comment']) ? trim(strval($_POST['comment'])) : '';
    
    if ($GLOBALS['auth']['id'])
    {
        if (table_exists($_table))
        {
            if (mysqli_num_rows(mysqli_query_logged("SELECT id FROM " . $_table . " WHERE id = " . sq($_link))))
            {
                mysqli_query_logged("DELETE FROM " . $_table . "_comments WHERE id = " . sq($_id) . " AND link_id = " . sq($_link) . " AND user_id = '" . $GLOBALS['auth']['id'] . "'");
                if ($_comment != '')
                {
                    mysqli_query_logged("INSERT INTO " . $_table . "_comments SET link_id = " . sq($_link) . ", user_id = '" . $GLOBALS['auth']['id'] . "', comment = " . sq(substr($_comment, 0, 1024)) . ", posted_on = NOW()");
                }
            }
            else
            {
                make_cookie('notice', 'Sorry, but you can\'t comment on something that doesn\'t exist.');
            }
        }
    }

    header('Location: ./?' . $_back);
    die;
?>