<?php
// -----------------------------------------------------------------------
//
// $Id: add.php 178 2012-03-30 15:29:37Z raoul $
//
// Copyright (C) 2003-2012 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
//
// -----------------------------------------------------------------------
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// -----------------------------------------------------------------------
include('./../includes/common.php');
page_header($lang['COMMENTS_ADD_TITLE']);
// User logged ?
if ($_SESSION['user_id'] != 0)
{
// Add or preview forms ?
if (isset($_POST['add_comment']) || isset($_POST['preview_comment']))
{
$error = '';
if (!trim($_POST['comment_subject']))
{
$error .= $lang['NO_COMMENT_SUBJECT'];
}
if (!trim($_POST['comment_text']))
{
$error .= $lang['NO_COMMENT_TEXT'];
}
// Anti-flood
$sql->query('SELECT MAX(comment_creation) AS last_comment
FROM ' . TABLE_COMMENTS . '
WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
$table_comments = $sql->fetch();
if ($table_comments['last_comment'] >= (time() - $settings['posts_interval']))
{
$error .= sprintf($lang['COMMENTS_ADD_ERROR1'], $settings['posts_interval']);
}
if ($error)
{
error_template($error);
}
else
{
$comment_subject = chars2entities($_POST['comment_subject'], ENT_QUOTES);
if ($settings['allow_html'] == 0)
{
$comment_text = chars2entities($_POST['comment_text'], ENT_QUOTES);
}
else
{
$comment_text = do_html($_POST['comment_text']);
}
$temp = $comment_text;
$comment_text = make_clickable($comment_text);
$comment_text = do_bbcodes($comment_text);
if ($settings['allow_smilies'] != 0)
{
$comment_text = do_smilies($comment_text);
}
// Preview form
if (isset($_POST['preview_comment']))
{
$date_format = get_date_format();
$date_offset = get_date_offset();
$comment_creation = date($date_format, (time() + $date_offset));
// Comment (HTML)
$comment_subject = stripslashes($comment_subject);
$comment_text = stripslashes($comment_text);
$comment_text = undo_escape_sequences($comment_text);
// Form
$comment_text2 = stripslashes($temp);
if ($settings['allow_html'] == 0)
{
$html_support = $lang['HTML_DISABLED'];
}
else
{
$html_support = $lang['HTML_ENABLED'];
}
$template->set_file('preview', 'comments/preview.htpl');
$template->set_var(array('ADD' => $lang['ADD'],
'BACK_HOME' => $lang['BACK_HOME'],
'COMMENT_RELEASE' => sprintf($lang['COMMENTS_ADD_RELEASE'], $_SESSION['user_id'], $users['user_name'], $comment_creation),
'COMMENT_SUBJECT' => $comment_subject,
'COMMENT_TEXT' => $comment_text,
'COMMENT_TEXT2' => $comment_text2,
'COMMENTS_ADD_HEADER' => $lang['COMMENTS_ADD_HEADER'],
'FORM_COMMENT_SUBJECT' => $lang['FORM_COMMENT_SUBJECT'],
'FORM_COMMENT_TEXT' => $lang['FORM_COMMENT_TEXT'],
'HTML_SUPPORT' => $html_support,
'NEWS_ID' => $_POST['news_id'],
'PREVIEW' => $lang['PREVIEW'],
'SMILIES_LIST' => get_smilies_list(0),
'USER_AVATAR' => $users['user_avatar']));
if (empty($_POST['story_id']))
{
$template->set_var(array('COMMENT_SUBJECT2' => '<input type="text" name="comment_subject" size="25" maxlength="128" value="' . $comment_subject . '" /> <span class="asterisk">*</span>',
'HIDDEN_STORY' => '',
'HIDDEN_SUBJECT' => ''));
}
else
{
$template->set_var(array('COMMENT_SUBJECT2' => '<span style="font-weight: bold">' . $comment_subject . '</span>',
'HIDDEN_STORY' => '<input type="hidden" value="' . $_POST['story_id'] . '" name="story_id" />',
'HIDDEN_SUBJECT' => '<input type="hidden" value="' . $comment_subject . '" name="comment_subject" />'));
}
$template->parse('preview');
}
// Add form
else
{
$sql->query('INSERT INTO ' . TABLE_COMMENTS . ' (news_id, user_id, comment_subject, comment_text, comment_creation)
VALUES (\'' . $_POST['news_id'] . '\', \'' . $_SESSION['user_id'] . '\', \'' . $comment_subject . '\', \'' . $comment_text . '\', \'' . time() . '\')');
$id = $sql->insert_id();
// Start a story
if (empty($_POST['story_id']))
{
$sql->query('UPDATE ' . TABLE_COMMENTS . '
SET story_id = \'' . $id . '\'
WHERE comment_id = \'' . $id . '\'');
}
// Add comment to story
else
{
$sql->query('UPDATE ' . TABLE_COMMENTS . '
SET story_id = \'' . $_POST['story_id'] . '\'
WHERE comment_id = \'' . $id . '\'');
}
$sql->query('UPDATE ' . TABLE_NEWS . '
SET news_comments = news_comments + 1
WHERE news_id = \'' . $_POST['news_id'] . '\'');
$sql->query('UPDATE ' . TABLE_USERS . '
SET user_comments = user_comments + 1, user_ip = \'' . $_SERVER['REMOTE_ADDR'] . '\'
WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
// Redirect to start of story
if (empty($_POST['story_id']))
{
success_template($lang['COMMENTS_ADD_SUCCESS'], './../comments/index.php?news_id=' . $_POST['news_id']);
}
// Redirect to complete story
else
{
success_template($lang['COMMENTS_ADD_SUCCESS'], './../comments/index.php?news_id=' . $_POST['news_id'] . '&story_id=' . $_POST['story_id']);
}
}
}
}
else
{
error_template($lang['COMMENTS_ADD_ERROR2']);
}
}
else
{
error_template($lang['COMMENTS_ADD_ERROR3']);
}
page_footer();
?>