Location: PHPKode > projects > Horizon Blogging Software > process_comment.php
<?php
$time_start = microtime(TRUE);
define('IN_HBS',TRUE);

include('inc/include.php');
$cfg = getConfig();

$vars['config'] = $cfg;
$vars['title'] = $cfg['hzn_title'];
show_page('header',$vars,$cfg['template']);

if (isset($_POST['submit_comment'])) {

    if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
        $vars['error_exists'] = TRUE;
	$vars['error'] = 'You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.';
    }
	

    $entry = hbs_real_escape(htmlspecialchars(strip_tags($_POST['entry'])));
    $timestamp = hbs_real_escape(htmlspecialchars(strip_tags($_POST['timestamp'])));
    $name = hbs_real_escape(htmlspecialchars(strip_tags($_POST['name'])));
    $email = hbs_real_escape(htmlspecialchars(strip_tags($_POST['email'])));
    $url = hbs_real_escape(htmlspecialchars(strip_tags($_POST['url'])));
	$firstname = hbs_real_escape(htmlspecialchars(strip_tags($_POST['firstname'])));
    $comment = hbs_real_escape(htmlspecialchars(strip_tags($_POST['comment'])));
    $comment = nl2br($comment);

	if(!empty($firstname)) { $vars['error_exists'] = TRUE;
	$vars['error'] = (strlen($vars['error'])>0) ? $vars['error'] : 'Comment not posted. If you\'re a bot, you know why. If you are a human, try enabling the CSS in this page or upgrading your web browser.'; }

    if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
	$vars['error_exists'] = TRUE;
	$vars['error'] = (strlen($vars['error'])>0) ? $vars['error'] : "The e-mail address you submitted does not appear to be valid. Please go back and correct it.";
    }
	if ($vars['error_exists'] !== TRUE)
	{

	db();

    $result = mysql_query("INSERT INTO " . $mysql["db_prefix"] . "comments (entry, timestamp, name, email, url, comment) VALUES ('$entry','$timestamp','$name','$email','$url','$comment')");
	$vars['success'] = ($result) ? TRUE : FALSE;
	$vars['redirect'] = TRUE;
	$vars['redirect_url'] = 'comment.php?id=' . $entry;
	$vars['redirect_time'] = 2;
	if ($vars['success'] === FALSE)
	{
		unset($vars['success']);
		$vars['error'] = 'Problem accessing the database to submit your entry';
		$vars['error_exists'] = TRUE;
	}
	}

}
else {
	$vars['error_exists'] = TRUE;
	$vars['error'] = 'You cannot access this page directly';
}

show_page('process_comment',$vars,$cfg['template']);

$vars['version'] = getVersion();
show_page('footer',$vars,$cfg['template']);
$time_end = microtime(TRUE);
$time = $time_end - $time_start;
echo $time;
?>
Return current item: Horizon Blogging Software