<?
// Copyright (C) Bloggie Lite Written by : Sean
// http://www.mywebland.com , http://mybloggie.mywebland.com
// You are requested to retain this copyright notice in order to use
// this software.
//This program is free software; you can redistribute it and/or
//modify it under the terms of the GNU General Public License
//as published by the Free Software Foundation; either version 2
//of the License, or (at your option) any later version.
//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
//GNU General Public License for more details.
//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
if ( !defined('IN_BLOGGIE') )
{
die("You are not allowed to access this page directly !");
}
if (isset($_POST['submit'])) {
if (isset($_GET['post_id']))
{ $post_id = intval($_GET['post_id']); }
elseif (isset($_POST['post_id']))
{ $post_id = intval($_POST['post_id']); }
else
{ error($lang['Error'], 'invalid Post ID '); }
$post_setting = get_post_setting($post_id);
if ($post_setting['allow_comments'] == 0 || $pref_data['enable_comment'] == false) {
error($lang['Error'], $lang['Disable_Comment']);
}
$guest_comment = false;
$commentemail = (isset($_POST['commentemail'])) ? $_POST['commentemail'] : $commentemail="" ;
// Flood Control,, Check for possible of flooding
// Flood control --> implemented in myBloggie 2.1.3 & onwards
$flood_interval = $pref_data['flood_interval'] ;
$current_time = current_timestamp($timezone);
$sql = "SELECT MAX(com_tstamp) AS most_recent_time
FROM ".COMMENT_TBL."
WHERE ip = '".$user_ip."' AND post_id = '".$post_id."'";
if ($result = $db->sql_query($sql)) {
if ($row = $db->sql_fetchrow($result)) {
if ((intval($row['most_recent_time']) > 0 && ($current_time - intval($row['most_recent_time'])) < intval($flood_interval)) && !authenticate() ) {
error($lang['Alert'], $lang['Flood_Control']);
}
}
}
// If not admin check for security code
// <input name="check_code" type="text" id="check_code" value="" size="10" maxlength="5"><br/><br/>
// <input name="hidden_code" type="hidden" id="hidden_code" value="{scodeswitch.SHOW_CODE}">
if (!authenticate())
{
$sql = "DELETE FROM ".SCODE_TBL." WHERE timestamp < '".(time() - 600 )."'";
$del = $db->sql_query($sql);
if (isset($_POST['check_code']) && isset($_COOKIE[COMMENT_COOKIE])) {
$check_code = $_POST['check_code'];
$comment_cookie = $_COOKIE[COMMENT_COOKIE];
//echo $_POST['check_code'];
//echo $comment_cookie ;
$sql = "SELECT * FROM ".SCODE_TBL." WHERE cookie = '".$comment_cookie."'";
$result = $db->sql_query($sql);
if( $db->sql_numrows($result)== 1 ) {
$code = $db->sql_fetchrow($result);
if ($code['scode'] == intval($_POST['check_code'])){
$guest_comment = true;
$sql = "DELETE FROM ".SCODE_TBL." WHERE cookie = '".$comment_cookie."'";
$del = $db->sql_query($sql);
unset($comment_cookie);
unset($code);
unset($_POST['check_code']);
} else{
$guest_comment = false;
error($lang['Error'],$lang['Msg_scode_notmatch'] );
unset($_POST['check_code']);
}
} else {
$guest_comment = false;
error($lang['Error'],"Abnormal commenting process, Request Abort!");
unset($_POST);
}
} else {
unset($_POST);
$guest_comment = false;
error($lang['Error'],$lang['Msg_scode_notmatch']);
}
} // End security check
if ($guest_comment == true || authenticate() ) {
//echo $guest_comment;
$commentsubject = $_POST['commentsubject'];
$commenttext = $_POST['commenttext'];
$commenthome = $_POST['commenthome'];
$commentname = $_POST['commentname'];
if (isset($commenttext) && isset($commentname) ) {
if (!$pref_data['comment_html_safe']) {
$commentname = trim((stripslashes($commentname)));
$commentsubject = trim((stripslashes($commentsubject)));
$commenttext= trim((stripslashes($commenttext)));
$commentemail = trim((stripslashes($commentemail)));
$commenthome = trim((stripslashes($commenthome)));
}
else {
$commentname = preg_replace($html_entities_match, $html_entities_replace,$commentname);
$commentsubject = preg_replace($html_entities_match, $html_entities_replace,$commentsubject);
$commenttext = preg_replace($html_entities_match, $html_entities_replace,$commenttext);
$commentemail = preg_replace($html_entities_match, $html_entities_replace,$commentemail);
$commenthome = preg_replace($html_entities_match, $html_entities_replace,$commenthome);
}
if (!get_magic_quotes_gpc()) {
$commentsubject = addslashes($commentsubject);
$commenttext = addslashes($commenttext);
}
$approved = ($pref_data['moderate_comment']) ? "0" : "1" ;
if( $userdata = authenticate() ) {
$sql = "SELECT id, user, level FROM ".USER_TBL." WHERE user='".$userdata['username']."'" ;
if( !($result = $db->sql_query($sql)) )
{
$sql_error = $db->sql_error();
error($lang['Error'], $sql_error['message']);
}
$row = $db->sql_fetchrow($result) ;
$userid = $row['id'];
$userlevel = $row['level'];
$approved = 1;
$commentname = $userdata['username'];
} else {
$userid = 0 ;
$approved = 0;
}
$sqladd = "INSERT INTO ".COMMENT_TBL." SET user_id='$userid', post_id='$post_id', comment_subject='$commentsubject', comments='$commenttext', com_tstamp='$current_time' ,
poster = '$commentname', email='$commentemail' , home='$commenthome', ip='$user_ip', approved='$approved'";
$result = $db->sql_query($sqladd) or error("Error", "Unable to insert comment into database" . mysql_error());
/**
$sql = "UPDATE ".POST_TBL." SET comments_count='".comments_count($post_id)."' WHERE post_id='$post_id'";
$result = $db->sql_query($sql);
if( !($result = $db->sql_query($sql)) )
{
$sql_error = $db->sql_error();
error($lang['Error'], 'SQL Query Error : '.$sql_error['message'].' !');
}
**/
//send notification email
if ($pref_data['email_notification']) {
$time = date("h:i a", $current_time);
$date = date("d M Y", $current_time);
include_once($bloggie_root_path.'includes/classes.php');
$stpl = new email;
$stpl->stemplate('comment_notification');
$stpl->assign_vars(array(
'COMMENT_DATE' => $date,
'COMMENT_TIME' => $time,
'POSTER' => $commentname,
'IP' => $user_ip,
'SUBJECT' => $commentsubject,
'BLOG_SUBJECT' => $post_setting['subject'] ,
'POST_ID' => $post_id,
'COMMENT_TEXT' => $commenttext,
));
//$msg = $stpl->;
$msg = $stpl->msg;
//echo $msg ;
$parsed_msg = $stpl->parse($msg);
//echo $parsed_msg ;
echo $stpl->sendmail($pref_data['email_notification'], $pref_data['email_name'], $pref_data['email'], $date." ".$time, $commentsubject, $parsed_msg ) ;
$sent = $stpl->sendmail($pref_data['email_notification'], $pref_data['email_name'], $pref_data['email'], $date." ".$time, $commentsubject, $parsed_msg );
}
}
unset($post_setting);
}
} else {
unset($_POST);
}
$row = get_topic();
$message=$row['message'];
$post_id=$row['post_id'];
$time = date("h:i a", $row['timestamp']) ;
$date = date("d M Y", $row['timestamp']) ;
$time_YYYYMMDD = time_YYYYMMDD($row['timestamp']);
$perma_link->assign_vars(array(
'READ' => "read",
'CAT' => "category",
'YYYY' => $time_YYYYMMDD['YYYY'],
'MM' => $time_YYYYMMDD['MM'],
'DD' => $time_YYYYMMDD['DD'],
'TITLE' => $row['perm_subj'],
'CAT_DESC' => $row['cat_perma'],
'POST_ID' => $row['post_id'],
'CAT_ID' => $row['cat_id'],
));
$modified_link = $perma_link->parse($link_format);
$modified_cat_link = $perma_link->parse($cat_format);
$sef_url = $site_url."/".$modified_link;
$cat_sef= $site_url."/".$modified_cat_link;
$message = nl2br($message);
$message=viewsmile($message);
$message=viewlink($message);
$message=autolink($message);
$message=viewbbcode($message);
if($userdata = authenticate()) { $username=$userdata['username']; } else $username ="";
$template->assign_vars(array(
'USER_NAME' => $row['user'],
'SUBJECT' => $row['subject'],
'MESSAGE' => $message,
// 'TIME' => $time ,
// 'DATE' => $date ,
'TIME' => time_format($row['timestamp']) ,
'DATE' => date_format($row['timestamp']) ,
'DAY' => return_day($row['timestamp']) ,
'MONTH' => return_mth($row['timestamp']) ,
'YEAR' => return_year($row['timestamp']) ,
'PERMALINK' => $sef_url ,
'POST_ID' => $post_id,
'COMMENTS_COUNT' => $row['comments_count'],
'U_CATEGORY' => $cat_sef,
'U_COMMENTS' => $sef_url."#comments",
'CATEGORY' => $row['cat_desc'],
'MENU' => $lang['Home'],
'COMMENTNAME' => $username,
'L_POSTED_BY' => $lang['By'],
'L_NAME' => $lang['Name'],
'L_COMMENTS' => $lang['Comments'],
'L_CATEGORY' => $lang['Category'],
'L_SUBJECT' => $lang['Subject'],
'L_EMAIL_ADD' => $lang['Email_Add'],
'L_HOME_PAGE' => $lang['Home_Page'],
'L_OPTIONAL' => $lang['Optional'],
'L_COMMENT_HEADER' => $lang['Comment_Header'],
));
$n = 0;
$sql = "SELECT ".COMMENT_TBL.".*, ".USER_TBL.".id, ".USER_TBL.".user, ".USER_TBL.".gravatar
FROM ".COMMENT_TBL." , ".USER_TBL."
WHERE ".COMMENT_TBL.".comment_type <> 'trackback' AND
".COMMENT_TBL.".user_id=".USER_TBL.".id AND ".COMMENT_TBL.".approved = '1' AND ".COMMENT_TBL.".post_id = ".$row['post_id']. "
Order by ".COMMENT_TBL.".com_tstamp ASC ";
//
//echo "Post id".$row['post_id'];
if( !($result = $db->sql_query($sql)) ) {
$sql_error = $db->sql_error();
die($sql_error['message']);
}
//echo $db->sql_numrows($result);
$result = $db->sql_query($sql) ;
while ($row = $db->sql_fetchrow($result)){
if (!(preg_match("#^http\\:\\/\\/#i", $row['home']))) {
$commenthome1 = "http://".$row['home'] ;
}
else
{ $commenthome1 = $row['home'] ; }
if (!empty($row['email'])) { $com_email =" <a class=\"std\" href=\"mailto:".$row['email']."\">".$lang['Email']."</a> "; } else { $com_email = "";}
if (!empty($row['home'])) { $com_home =" <a class=\"std\" href=\"".$commenthome1."\">".$lang['Home']."</a> "; } else { $com_home = "";}
$comments = $row['comments'] ;
$comment_id = $row['comment_id'] ;
$com_subject = $row['comment_subject'];
$comments = viewsmile($comments);
$comments = viewbbcode($comments);
$comments = viewlink($comments);
$comments = autolink($comments);
$comments = nl2br($comments);
if ($row['user_id'] >0 ) {
$gravatar = (!empty($row['gravatar']) || isset($row['gravatar'])) ? $row['gravatar'] : $pref_data['guest_gravatar'];
} else {
$gravatar = $pref_data['guest_gravatar'];
}
$time = date("h:i a", $row['com_tstamp']) ;
$date = date("d M Y", $row['com_tstamp']) ;
$commentboxcss = ( $n % 2 ) ? "comment-box-even" : "comment-box-odd";
$template->assign_block_vars('comment', array(
'COM_TIME' => $date." ".$time,
'GRAVATAR' => $pref_data['bloggie_path']."/images/gravatar/".$gravatar,
'POSTER' => $row['poster'],
'L_BY' => $lang['By'],
'L_TIME' => $lang['Time'],
'COM_EMAIL' => $com_email,
'COM_HOME' => $com_home,
'COMMENTS' => $comments,
'COM_SUBJECT' => $com_subject,
'COMMENTBOXCSS' => $commentboxcss,
));
if (authenticate()) {
$template->assign_block_vars('comment.admin', array(
'ADMIN' => "[<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=editcom&post_id=".$post_id."&comment_id=".$comment_id."\">".$lang['Edit']."</a>] [<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=delcom&post_id=".$post_id."&comment_id=".$comment_id."\">".$lang['Del']."</a>]",
));
}
$n++;
}
$template->assign_vars(array(
'COMMENT_ACTION' => $sef_url,
)
);
//Security Code -- Only applicable to guest commenting only
$sql = "DELETE FROM ".SCODE_TBL." WHERE timestamp < ".(time() - 600 );
$del = $db->sql_query($sql);
include_once(dirname(__FILE__).'/includes/jshide.php');
$show_code ="";
$hiddencode = "<div id=\"getid\"><a href=\"javascript:void(null);\" onclick=\"javascript:loadFragmentInToElement('".$site_url."/genscode.php', 'getid')\">Click to display security code</a><br />
<em>Note:Security Code valid for only 10 minutes!<br />Need to enable javascript & accept cookies to work</em></div>" ; // new antispam code
$template->assign_block_vars('scodeswitch', array(
'SHOW_IMAGE_CODE' => $hiddencode, //$security_code,
'SECURITY_CODE' => $lang['Security_Code'],
'SECURITY_PROMPT' => $lang['Security_Prompt'],
));
$template->pparse('read');
?>