Viewing file:  ajax_comments.php (9.06 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
//echo (isset($_GET['title'])) ? mem_urldecode(inCode($_GET['title'])) : "" ;
/********************************************************************************
- MemHT Portal -
Copyright (C) 2007-2008 by Miltenovik Manojlo
http://www.memht.com
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your opinion) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
or write to the Free Software Foundation, Inc., 51 Franklin Street,
Fifth Floor, Boston, MA02110-1301, USA.
********************************************************************************/
$httphost = @$_SERVER['HTTP_HOST'];
$httpreferer = @$_SERVER['HTTP_REFERER'];
if (!eregi($httphost,$httpreferer) OR $httpreferer=="") {
header("HTTP/1.1 404 Not Found");
header("Status: 404 Not Found");
exit;
} else {
//===========================================
//HOOK SYSTEM
//===========================================
if (!isset($memHooks)) {
$memHooks = array();
function memReadHooks() {
global $memHooks;
$handle = opendir('../../hooks/');
while (false !== ($file = readdir($handle))) {
if (eregi(".hook.php",$file)) {
include("../../hooks/".$file);
}
}
closedir($handle);
}
function memRunHooks($event,$arguments=array()) {
global $memHooks;
if (isset($memHooks[$event])) {
foreach ($memHooks[$event] as $hook) {
if (function_exists($hook)) {
if ($hook($arguments)===false) { return false; }
}
}
}
return true;
}
memReadHooks();
}
//===========================================
//Database: Connect
//===========================================
require_once("../../inc/inc_config.php");
require_once("../../inc/inc_database.php");
$dblink = new database();
$dblink->connect();
require_once("../../inc/inc_login.php");
require_once("../../inc/inc_functions.php");
require_once("../../inc/inc_bbcode.php");
require_once("../../inc/inc_readConfig.php");
global $siteConfig,$visitorInfo,$admin,$user;
//===========================================
//TIMEZONE SETTING + DATABASE CHECK
//===========================================
$timezonerow = $dblink->get_row("SELECT timezone FROM memht_config");
$siteConfig['timezone'] = intval($timezonerow['timezone']);
$tzNOW = "DATE_ADD(NOW(),INTERVAL ".$siteConfig['timezone']." HOUR)";
//===========================================
//SELECT LANGUAGE
//===========================================
include_once (file_exists("../../lang/".$siteConfig['language'].".php")) ? "../../lang/".$siteConfig['language'].".php" : "../../lang/".$siteConfig['default_language'].".php" ;
if (!defined("_LANG_CHARSET_")) { define("_LANG_CHARSET_","utf-8"); } //utf-8
@header('Content-Type: text/html; charset='._LANG_CHARSET_);
//===========================================
$wid = (isset($_POST['wid'])) ? intval($_POST['wid']) : "" ;
switch ($_POST['op']) {
case "add":
if ($siteConfig['usecomments']==1) {
@session_start();
if ((isset($_POST['code']) AND isset($_SESSION['chk_code']) AND strtolower($_POST['code'])==strtolower($_SESSION['chk_code'])) OR !(extension_loaded('gd') AND $siteConfig['graphic_check']==1)) {
if ($siteConfig['guest_comment']==1 || isUser($user)) {
$whr = (isset($_POST['whr'])) ? intval($_POST['whr']) : "" ;
$name = (isset($_POST['name'])) ? inCode(stripslashes($_POST['name'])) : "" ;
$email = (isset($_POST['email'])) ? inCode(stripslashes($_POST['email'])) : "" ;
$text = (isset($_POST['text'])) ? inCode(stripslashes($_POST['text'])) : "" ;
$save = true;
if ($name=="") { $save = false; $msg = _NAME_." ".strtolower(_FIELD_)." ".strtolower(_REQUIRED_); }
if (!validEmail($email)) { $save = false; $msg = _MAILNOTVALID_; }
if ($text=="") { $save = false; $msg = _TEXT_." ".strtolower(_FIELD_)." ".strtolower(_REQUIRED_); }
if ($save) {
//Moderation
$moderate = 0;
if ($siteConfig['moderate_comments_onspam']==1) {
$urlpattern = array("http","ftp","www","://");
foreach ($urlpattern as $item) { $moderate += (@substr_count(strtoupper($text),strtoupper($item))>0) ? 1 : 0 ; }
if ($siteConfig['comments_spam_words']!="") {
$spampattern = explode(",",$siteConfig['comments_spam_words']);
foreach ($spampattern as $item) { $moderate += (@substr_count(strtoupper($text),strtoupper($item))>0) ? 1 : 0 ; }
}
}
$moderate += ($siteConfig['moderate_comments']==1) ? 1 : 0 ;
if ($moderate>0) { $moderate = 1; }
$guest = (isUser($user) AND $user==$name) ? 0 : 1 ;
//-----witty
//$text = iconv('UTF-8', 'TIS-620', $text);
//-----witty
$dblink->query("INSERT INTO memht_comments (id,whr,wid,name,email,text,guest,date,ip,moderate)
VALUES (null,'$whr','$wid','$name','$email','$text','$guest',$tzNOW,'".$visitorInfo['ip']."','$moderate')");
$row = $dblink->get_row("SELECT *,DATE_FORMAT(date,'".$siteConfig['timestamp']."') as date_out FROM memht_comments ORDER BY id DESC LIMIT 1");
$cid = intval($row['id']);
$cname = outCode($row['name']);
$ctext = addslashes(censure(minibb2html(outCode($row['text'],0))));
$cdate_out = $row['date_out'];
$cdate = $row['date'];
$cguest = intval($row['guest']);
$ip = outCode($row['ip']);
$cdate = explode(" ",$cdate);
$cdate = explode("-",$cdate[0]);
$cday = $cdate[2];
$cmonth = $cdate[1];
$cmonth = numToMonth($cmonth,1);
if ($moderate>0) {
$added = '<div align="center" style="margin-bottom:4px; padding:5px; border:1px solid #69876D; background-color:#D9E1DA; color:#69876D;"><b>'._COMMENT_ADDED_.'</b>';
$added .= '<br>'._PUBLISHED_AFTER_MODERATION_;
$added .= '</div>';
}
//3.9.0
if (isUser($user)) { $dblink->query("UPDATE memht_utenti SET contributes=contributes+2 WHERE user='$user'"); }
?>
<script type="text/javascript">
$('div#std_form_info').html('<?php echo $added; ?>');
$('div#std_form_comment_empty').hide();
$('div#std_comment_target').append('<div class="tpl_comments_box"><table width="100%" cellpadding="0" cellspacing="0"><tr><td valign="top"><a $link title="header=[<?php echo _INFORMATIONS_; ?>] body=[<b><?php echo _DATE_; ?>:</b> <?php echo $cdate_out; ?>]"><span class="tpl_comments_title"><b><?php echo $cname; ?></b></span></a><div class="tpl_comments_body"><?php echo str_replace("\n","",$ctext); ?></div></td><td width="1%" valign="top"><div class="datebox"><div class="datebox_day"><?php echo $cday; ?></div><div class="datebox_month"><?php echo $cmonth; ?></div></div></td></tr></table></div>');
$("div#std_showcomments_form").slideUp("slow");
$("input#std_showcomments").show();
$('textarea#form_text').val('');
$('input#form_code').val('');
</script>
<?php
} else {
?>
<script type="text/javascript">
$('div#std_form_info').html('<div style="margin:4px 0; padding:5px; border:1px solid #B36462; color:#B36462; background-color:#EEDBDB;"><b><?php echo $msg; ?></b></div>');
</script>
<?php
}
} else {
?>
<script type="text/javascript">
$('div#std_form_info').html('<div style="margin:4px 0; padding:5px; border:1px solid #B36462; color:#B36462; background-color:#EEDBDB;"><b><?php echo _ACCESSDENIED_; ?></b></div>');
</script>
<?php
}
} else {
?>
<script type="text/javascript">
$('div#std_form_info').html('<div style="margin:4px 0; padding:5px; border:1px solid #B36462; color:#B36462; background-color:#EEDBDB;"><b><?php echo _WRONGSECCODE_; ?></b></div>');
</script>
<?php
}
}
break;
case "delete":
if (isAdmin($admin)) {
if ($wid>0) {
$dblink->query("DELETE FROM memht_comments WHERE id=$wid");
?>
<script type="text/javascript">
$("div#std_commentitem_<?php echo $wid; ?>").slideUp("slow");
</script>
<?php
}
} else {
?>
<script type="text/javascript">
$('div#std_form_info').html('<div style="margin:4px 0; padding:5px; border:1px solid #B36462; color:#B36462; background-color:#EEDBDB;"><b><?php echo _ACCESSDENIED_; ?></b></div>');
</script>
<?php
}
break;
}
//===========================================
//Database: Disconnect
//===========================================
$dblink->disconnect();
}
?>
|