<?php
/*
===========================
boastMachine v3.1 (BETA 2)
Released : Tuesday, May 5th 2005 ( 05/05/2005 )
http://boastology.com
Developed by Kailash Nadh
Email : hide@address.com
Website : kailashnadh.name, bnsoft.net
boastMachine is a free software and is licensed under GPL (General public license)
===========================
*/
include_once dirname(__FILE__)."/config.php";
include_once dirname(__FILE__)."/$bmc_dir/main.php";
if(!isset($_REQUEST['id']) || !is_numeric(trim($_REQUEST['id']))) {
bmc_Go($bmc_vars['site_url']);
}
// Check whether commenting is enabled
if(!$bmc_vars['user_comment']) {
bmc_template('error_page', $lang['cmt_no_comment']);
}
if(isset($_REQUEST['blog']) && is_numeric($_REQUEST['blog'])) {
$i_post=$db->query("SELECT id,user_comment,user_comment_notify,title,author FROM ".MY_PRF."posts WHERE blog='{$_REQUEST['blog']}' AND id='{$_REQUEST['id']}' AND status='1'", false);
if(!$i_blog['blog_name']) {
bmc_template('error_page', $lang['no_blog']);
}
if(!$i_post['id']) {
bmc_template('error_page', $lang['no_id']);
}
// Commenting is not enabled for the current post
if(!$i_post['user_comment']) {
bmc_template('error_page', $lang['cmt_no_comment_post']);
}
} else {
bmc_template('error_page', $lang['no_blog']);
}
$user=bmc_isLogged(); // The currently logged in user
// Check whether guests can comment
if(!$bmc_vars['user_comment_guests'] && !$user) {
bmc_template('error_page', $lang['cmt_guest_no']);
}
// Show the comment form
if(!isset($_POST['action']) || $_POST['action'] != "post_comment") {
bmc_Template('page_header', $lang['cmt_post_ttl']);
include CFG_PARENT."/templates/".CFG_THEME."/comment_form.php";
bmc_Template('page_footer');
exit;
}
// =============== Save the comment
if(isset($_POST['action']) && $_POST['action'] == "post_comment" && isset($_POST['id']) && is_numeric($_POST['id'])) {
// Check whether the user is posting more than 1 comment/session
if($bmc_vars['user_comment_session']) {
if(isset($_COOKIE['bmc_cmt_sess'])) {
$commented=unserialize($_COOKIE['bmc_cmt_sess']); // Get the list of posts on which the user has commented
if(isset($commented[$_REQUEST['id']])) {
bmc_template('error_page', $lang['error'],$lang['del_cmt_sess']);
}
}
}
// Check for empty fields
if(empty($user)) {
if(empty($_POST['name'])) {
bmc_template('error_page', $lang['empty_fields']);
}
if(empty($_POST['email'])) {
$email="";
} else {
$email=$_POST['email'];
}
if(empty($_POST['url'])) {
$url="";
} else {
$url=$_POST['url'];
}
} else {
// Get the user's ID
$user_info=$db->query("SELECT id FROM ".MY_PRF."users WHERE user_login='{$user}'", false);
$user_id=$user_info['id'];
}
if(!isset($_POST['comments']) || empty($_POST['comments'])) {
bmc_template('error_page', $lang['empty_fields']);
}
// If Image verification is enabled, DO IT (Added in 3.1)
if($bmc_vars['image_verify']) {
session_start(); // Start the session
// Check whether the code entered by the user matches the code the script generated
if(!isset($_SESSION['img_verification']) || trim($_POST['verify']) != $_SESSION['img_verification']) {
bmc_template('error_page', $lang['cmt_verify_wrong']);
} else {
unset($_SESSION['img_verification']);
}
}
// Get the parent comment id if it was a thread reply
$parent_id="";
if($bmc_vars['user_comment_threading']) {
if(!empty($_POST['parent_id'])) {
$parent_id=$_POST['parent_id'];
}
}
// Remember info of the guest (3.1)
if(isset($_COOKIE['BMC_cmt_guest']) && !isset($_POST['remember'])) {
setcookie("BMC_cmt_guest", '' ,time()-604800,BMC_COOKIE,BMC_COOKIE_DOMAIN);
}
if(!$user && isset($_POST['remember'])) {
$guest_info['name']=$_POST['name'];
$guest_info['email']=$_POST['email'];
$guest_info['url']=$_POST['url'];
$guest_info_serialized=serialize($guest_info); // Serialize the array
setcookie("BMC_cmt_guest", $guest_info_serialized ,time()+604800,BMC_COOKIE,BMC_COOKIE_DOMAIN);
}
// CHECK FOR SPAM
bmc_filterSpam($_POST['comments']);
$time_now=time();
// Save the name,email,url for unregistered users
if(empty($user)) {
$db->query("INSERT INTO ".MY_PRF."comments (auth_name,auth_email,auth_url,auth_ip,data,post,parent_id,date,blog) VALUES('{$_POST['name']}','$email','$url','".$_SERVER['REMOTE_ADDR']."','{$_POST['comments']}','{$_POST['id']}','{$parent_id}','{$time_now}','{$_REQUEST['blog']}')");
} else {
$db->query("INSERT INTO ".MY_PRF."comments (author,auth_ip,data,post,parent_id,date,blog) VALUES('{$user_id}','".$_SERVER['REMOTE_ADDR']."','{$_POST['comments']}','{$_POST['id']}','{$parent_id}','".time()."','{$_REQUEST['blog']}')");
}
// Notify the author about the comment (3.1)
if($bmc_vars['user_comment_notify'] && $i_post['user_comment_notify']) {
// Get the email of the author of the post
$author_info=$db->query("SELECT user_email,user_login FROM ".MY_PRF."users WHERE id='{$i_post['author']}'", false);
$message=@fread(fopen(CFG_PARENT."/templates/new_comment_notify.txt","r"), filesize(CFG_PARENT."/templates/new_comment_notify.txt"));
if(isset($guest_info['name'])) {
$poster_name=$guest_info['name']; // Guest
} else {
$poster_name=$user; // Registered user
}
// If the author himself is not commenting, send the info..
if($user != $author_info['user_login']) {
// Replace the custom tags with real values (See docs for information)
$message=str_replace("[NAME]", $poster_name,$message);
$message=str_replace("[IP]", $_SERVER['REMOTE_ADDR'],$message);
$message=str_replace("[POST_TITLE]", $i_post['title'],$message);
$message=str_replace("[POST_URL]", $bmc_vars['site_url']."/".bmc_SE_friendly_url('post',BLOG_FILE,$i_post['id'],$i_post['title']), $message);
$message=str_replace("[TIME]", bmc_Date($time_now),$message);
// There goest the mail !
bmc_Mail($author_info['user_email'],$lang['cmt_notfiy_subject'], $message);
}
}
// Set the cookie for 'once per session' comment
if($bmc_vars['user_comment_session']) {
$commented[$_REQUEST['id']]=1;
setcookie('bmc_cmt_sess',serialize($commented),0,BMC_COOKIE,BMC_COOKIE_DOMAIN);
}
bmc_Go($bmc_vars['site_url']."/".bmc_SE_friendly_url('post',$i_blog['blog_file'],$i_post['id'],$i_post['title'])."#cmt"); // redirect to the posts page
}
?>