Location: PHPKode > projects > Bloggie Lite > read.php
<?

// Copyright (C) Bloggie Lite Written by : Sean
// http://www.mywebland.com , http://mybloggie.mywebland.com

// You are requested to retain this copyright notice in order to use
// this software.

//This program is free software; you can redistribute it and/or
//modify it under the terms of the GNU General Public License
//as published by the Free Software Foundation; either version 2
//of the License, or (at your option) any later version.

//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//GNU General Public License for more details.

//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

if ( !defined('IN_BLOGGIE') )
  {
    die("You are not allowed to access this page directly !");
  }

if (isset($_POST['submit'])) {
    if (isset($_GET['post_id']))
       { $post_id = intval($_GET['post_id']); }
    elseif (isset($_POST['post_id']))
       { $post_id = intval($_POST['post_id']); }
    else
    { error($lang['Error'], 'invalid Post ID '); }
    $post_setting = get_post_setting($post_id);
    if ($post_setting['allow_comments'] == 0 || $pref_data['enable_comment'] == false)  {
       error($lang['Error'], $lang['Disable_Comment']);
    }
   $guest_comment = false;
   $commentemail =  (isset($_POST['commentemail'])) ? $_POST['commentemail'] : $commentemail="" ;

   // Flood Control,, Check for possible of flooding
   // Flood control  --> implemented in myBloggie 2.1.3 & onwards
  $flood_interval = $pref_data['flood_interval'] ;

   $current_time = current_timestamp($timezone);

    $sql = "SELECT MAX(com_tstamp) AS most_recent_time
        FROM ".COMMENT_TBL."
        WHERE ip = '".$user_ip."' AND post_id = '".$post_id."'";

   if ($result = $db->sql_query($sql))  {
      if ($row = $db->sql_fetchrow($result))  {
         if ((intval($row['most_recent_time']) > 0 && ($current_time - intval($row['most_recent_time'])) < intval($flood_interval)) && !authenticate() )  {
            error($lang['Alert'], $lang['Flood_Control']);
          }
      }
   }

   // If not admin check for security code
 //     <input name="check_code" type="text" id="check_code" value="" size="10" maxlength="5"><br/><br/>
 //     <input name="hidden_code" type="hidden" id="hidden_code" value="{scodeswitch.SHOW_CODE}">
      if (!authenticate())
      {
        $sql = "DELETE FROM ".SCODE_TBL." WHERE timestamp < '".(time() - 600 )."'";
        $del = $db->sql_query($sql);
         if (isset($_POST['check_code']) && isset($_COOKIE[COMMENT_COOKIE])) {

              $check_code = $_POST['check_code'];
              $comment_cookie = $_COOKIE[COMMENT_COOKIE];
              //echo $_POST['check_code'];
              //echo $comment_cookie ;
              $sql = "SELECT * FROM ".SCODE_TBL." WHERE cookie = '".$comment_cookie."'";
              $result = $db->sql_query($sql);
              if( $db->sql_numrows($result)== 1 ) {
              $code = $db->sql_fetchrow($result);
                 if ($code['scode'] == intval($_POST['check_code'])){
                    $guest_comment = true;
                    $sql = "DELETE FROM ".SCODE_TBL." WHERE  cookie = '".$comment_cookie."'";
                    $del = $db->sql_query($sql);
                    unset($comment_cookie);
                    unset($code);
                    unset($_POST['check_code']);
                 } else{
                    $guest_comment = false;
                    error($lang['Error'],$lang['Msg_scode_notmatch'] );
                    unset($_POST['check_code']);
                 }
             } else {
                $guest_comment = false;
                error($lang['Error'],"Abnormal commenting process, Request Abort!");
                unset($_POST);
             }

         } else {
            unset($_POST);
            $guest_comment = false;
            error($lang['Error'],$lang['Msg_scode_notmatch']);
         }
    } // End security check


if ($guest_comment == true || authenticate() ) {
      //echo $guest_comment;
      $commentsubject = $_POST['commentsubject'];
      $commenttext    = $_POST['commenttext'];
      $commenthome    = $_POST['commenthome'];
      $commentname    = $_POST['commentname'];

      if (isset($commenttext) && isset($commentname) ) {

      if (!$pref_data['comment_html_safe']) {
         $commentname = trim((stripslashes($commentname)));
         $commentsubject = trim((stripslashes($commentsubject)));
         $commenttext= trim((stripslashes($commenttext)));
         $commentemail = trim((stripslashes($commentemail)));
         $commenthome = trim((stripslashes($commenthome)));

        }

     else {
         $commentname = preg_replace($html_entities_match, $html_entities_replace,$commentname); 
         $commentsubject = preg_replace($html_entities_match, $html_entities_replace,$commentsubject); 
         $commenttext = preg_replace($html_entities_match, $html_entities_replace,$commenttext); 
         $commentemail = preg_replace($html_entities_match, $html_entities_replace,$commentemail); 
         $commenthome = preg_replace($html_entities_match, $html_entities_replace,$commenthome); 
        }


      if (!get_magic_quotes_gpc()) {
      $commentsubject = addslashes($commentsubject);
      $commenttext = addslashes($commenttext);
     }

     $approved = ($pref_data['moderate_comment']) ? "0" : "1" ;
     if( $userdata = authenticate() ) {
        $sql    = "SELECT id, user, level FROM ".USER_TBL." WHERE user='".$userdata['username']."'" ;
        if( !($result = $db->sql_query($sql)) )
        {
           $sql_error = $db->sql_error();
           error($lang['Error'], $sql_error['message']);
        }
        $row = $db->sql_fetchrow($result) ;
        $userid    =   $row['id'];
        $userlevel =   $row['level'];
        $approved = 1;
        $commentname = $userdata['username'];
      } else {
       $userid = 0 ;
       $approved = 0;
      }

      $sqladd = "INSERT INTO ".COMMENT_TBL." SET user_id='$userid', post_id='$post_id', comment_subject='$commentsubject', comments='$commenttext', com_tstamp='$current_time' ,
              poster = '$commentname', email='$commentemail' , home='$commenthome', ip='$user_ip', approved='$approved'";
      $result = $db->sql_query($sqladd) or error("Error", "Unable to insert comment into database" . mysql_error());

/**
      $sql = "UPDATE ".POST_TBL." SET  comments_count='".comments_count($post_id)."' WHERE post_id='$post_id'";
      $result = $db->sql_query($sql);
      if( !($result = $db->sql_query($sql)) )
      {
        $sql_error = $db->sql_error();
        error($lang['Error'], 'SQL Query Error : '.$sql_error['message'].' !');
      }
**/
      //send notification email
      if ($pref_data['email_notification'])  {
         $time = date("h:i a", $current_time);
         $date = date("d M Y", $current_time);
         include_once($bloggie_root_path.'includes/classes.php');
         $stpl = new email;
         $stpl->stemplate('comment_notification');
         $stpl->assign_vars(array(

                 'COMMENT_DATE' => $date,
                 'COMMENT_TIME' => $time,
                 'POSTER'       => $commentname,
                 'IP'           => $user_ip,
                 'SUBJECT'      => $commentsubject,
                 'BLOG_SUBJECT' => $post_setting['subject'] ,
                 'POST_ID'      => $post_id,
                 'COMMENT_TEXT' => $commenttext,

               ));

         //$msg = $stpl->;
         $msg = $stpl->msg;
         //echo $msg ;
         $parsed_msg  = $stpl->parse($msg);
         //echo $parsed_msg ;
          echo $stpl->sendmail($pref_data['email_notification'], $pref_data['email_name'], $pref_data['email'], $date." ".$time, $commentsubject, $parsed_msg ) ;
         $sent = $stpl->sendmail($pref_data['email_notification'], $pref_data['email_name'], $pref_data['email'], $date." ".$time, $commentsubject, $parsed_msg );
      }

      }
       unset($post_setting);
   }
} else   {
 unset($_POST);
}



$row = get_topic();

$message=$row['message'];
$post_id=$row['post_id'];

$time = date("h:i a", $row['timestamp']) ;
$date = date("d M Y", $row['timestamp']) ;

$time_YYYYMMDD = time_YYYYMMDD($row['timestamp']);
$perma_link->assign_vars(array(
       'READ'         => "read",
       'CAT'          =>  "category",
       'YYYY'         => $time_YYYYMMDD['YYYY'],
       'MM'           => $time_YYYYMMDD['MM'],
       'DD'           => $time_YYYYMMDD['DD'],
       'TITLE'        => $row['perm_subj'],
       'CAT_DESC'     => $row['cat_perma'],
       'POST_ID'      => $row['post_id'],
       'CAT_ID'       => $row['cat_id'],
    ));

$modified_link  = $perma_link->parse($link_format);
$modified_cat_link = $perma_link->parse($cat_format);
$sef_url = $site_url."/".$modified_link;
$cat_sef= $site_url."/".$modified_cat_link;

$message = nl2br($message);
$message=viewsmile($message);
$message=viewlink($message);
$message=autolink($message);
$message=viewbbcode($message);

if($userdata = authenticate()) { $username=$userdata['username']; } else $username ="";

$template->assign_vars(array(
          'USER_NAME'        => $row['user'],
          'SUBJECT'          => $row['subject'],
          'MESSAGE'          => $message,
//          'TIME'             => $time ,
//          'DATE'             => $date ,
     'TIME'             => time_format($row['timestamp']) ,
     'DATE'             => date_format($row['timestamp']) ,
     'DAY'              => return_day($row['timestamp']) ,
     'MONTH'            => return_mth($row['timestamp']) ,
     'YEAR'             => return_year($row['timestamp']) ,
          'PERMALINK'        => $sef_url ,
          'POST_ID'          => $post_id,
          'COMMENTS_COUNT'   => $row['comments_count'],
          'U_CATEGORY'       => $cat_sef,
          'U_COMMENTS'       => $sef_url."#comments",
          'CATEGORY'         => $row['cat_desc'],
          'MENU'             => $lang['Home'],
          'COMMENTNAME'      => $username,
          'L_POSTED_BY'      => $lang['By'],
          'L_NAME'           => $lang['Name'],
          'L_COMMENTS'       => $lang['Comments'],
          'L_CATEGORY'       => $lang['Category'],
          'L_SUBJECT'        => $lang['Subject'],
          'L_EMAIL_ADD'      => $lang['Email_Add'],
          'L_HOME_PAGE'      => $lang['Home_Page'],
          'L_OPTIONAL'       => $lang['Optional'],
          'L_COMMENT_HEADER' => $lang['Comment_Header'],
));

$n = 0;
$sql = "SELECT ".COMMENT_TBL.".*, ".USER_TBL.".id, ".USER_TBL.".user, ".USER_TBL.".gravatar
FROM ".COMMENT_TBL." , ".USER_TBL."
WHERE ".COMMENT_TBL.".comment_type <> 'trackback'  AND
".COMMENT_TBL.".user_id=".USER_TBL.".id AND ".COMMENT_TBL.".approved = '1' AND   ".COMMENT_TBL.".post_id = ".$row['post_id']. "
Order by ".COMMENT_TBL.".com_tstamp ASC ";

//

//echo "Post id".$row['post_id'];

if( !($result = $db->sql_query($sql)) )   {
   $sql_error = $db->sql_error();
   die($sql_error['message']);
}
//echo $db->sql_numrows($result);
$result = $db->sql_query($sql) ;

while ($row = $db->sql_fetchrow($result)){
      if (!(preg_match("#^http\\:\\/\\/#i", $row['home']))) {
      $commenthome1 = "http://".$row['home'] ;
      }
      else
      {       $commenthome1 = $row['home'] ; }

if (!empty($row['email'])) { $com_email =" <a class=\"std\" href=\"mailto:".$row['email']."\">".$lang['Email']."</a> "; } else { $com_email = "";}
if (!empty($row['home']))  { $com_home =" <a class=\"std\"  href=\"".$commenthome1."\">".$lang['Home']."</a> "; } else { $com_home = "";}

$comments  =  $row['comments'] ;
$comment_id = $row['comment_id'] ;

$com_subject = $row['comment_subject'];

$comments = viewsmile($comments);
$comments = viewbbcode($comments);
$comments = viewlink($comments);
$comments = autolink($comments);
$comments = nl2br($comments);


if ($row['user_id'] >0 ) {
$gravatar = (!empty($row['gravatar']) || isset($row['gravatar'])) ? $row['gravatar'] : $pref_data['guest_gravatar'];
} else {
$gravatar = $pref_data['guest_gravatar'];
}

$time = date("h:i a", $row['com_tstamp']) ;
$date = date("d M Y", $row['com_tstamp']) ;
$commentboxcss = ( $n % 2 ) ? "comment-box-even" : "comment-box-odd";

$template->assign_block_vars('comment', array(
  'COM_TIME'         => $date." ".$time,
  'GRAVATAR'         => $pref_data['bloggie_path']."/images/gravatar/".$gravatar,
  'POSTER'           => $row['poster'],
  'L_BY'             => $lang['By'],
  'L_TIME'           => $lang['Time'],
  'COM_EMAIL'        => $com_email,
  'COM_HOME'        =>  $com_home,
  'COMMENTS'         => $comments,
  'COM_SUBJECT'      => $com_subject,
  'COMMENTBOXCSS'    => $commentboxcss,
));
if (authenticate()) {
    $template->assign_block_vars('comment.admin', array(

      'ADMIN'         => "[<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=editcom&amp;post_id=".$post_id."&amp;comment_id=".$comment_id."\">".$lang['Edit']."</a>] [<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=delcom&amp;post_id=".$post_id."&amp;comment_id=".$comment_id."\">".$lang['Del']."</a>]",
   ));
   }
$n++;
}

   $template->assign_vars(array(
      'COMMENT_ACTION'   => $sef_url,
     )
     );

//Security Code  -- Only  applicable to guest commenting only

     $sql = "DELETE FROM ".SCODE_TBL." WHERE timestamp < ".(time() - 600 );
     $del = $db->sql_query($sql);
     include_once(dirname(__FILE__).'/includes/jshide.php');
     $show_code ="";

     $hiddencode = "<div id=\"getid\"><a href=\"javascript:void(null);\" onclick=\"javascript:loadFragmentInToElement('".$site_url."/genscode.php', 'getid')\">Click to display security code</a><br />
                 <em>Note:Security Code valid for only 10 minutes!<br />Need to enable javascript & accept cookies to work</em></div>" ;    // new antispam code

     $template->assign_block_vars('scodeswitch', array(
          'SHOW_IMAGE_CODE'  => $hiddencode,        //$security_code,
          'SECURITY_CODE'    => $lang['Security_Code'],
          'SECURITY_PROMPT'  => $lang['Security_Prompt'],
     ));

$template->pparse('read');

?>
Return current item: Bloggie Lite