Location: PHPKode > projects > mBlog > includes/comment_post.php
<?php
// file penting!
require "./user_init.php";

// get vars
$blog_id = post_param ('blog_id');
$comment_title = post_param ('comment_title');
$comment_body = post_param ('comment_body');
$confirm_ses = post_param('confirm_ses');
$confirm_val = post_param('confirm_val');
$err = '';

// enable guest_comment?
if (!$config['guest_comment'] && !$user_login) msg_die ('NOT_MEMBER');

// blog_id exists?
$res = sql_query ("SELECT blog_id FROM m_blog WHERE blog_id='$blog_id' LIMIT 1");
$row = sql_fetch_array ($res);
if (empty ($row)) msg_die ('no_blog');

// visual confirm
if ($config['comment_visual'])
{
	$res = sql_query ("SELECT * FROM m_confirm WHERE confirm_ses = '$confirm_ses' LIMIT 1");
	$row = sql_fetch_array ($res);
	if (empty ($row) || ($row['confirm_val'] != $confirm_val)) msg_die ('invalid_visual', '', -1);
}

// verify input
if (empty ($comment_body)) $err .= $lang['l_message_empty'].'-_';
if ($err) msg_die ('comment_err', $err, -1);

// proses cmd
$usr = get_user_info ();
if ($config['comment_approval'])	// if comment need approval
{
	sql_query ("INSERT INTO m_comment
	            VALUES ('', '$blog_id', '$usr[user_id]', UNIX_TIMESTAMP(), '$comment_title', '$comment_body', '$usr[ip]', 0)");
}
else
{
	sql_query ("INSERT INTO m_comment
	            VALUES ('', '$blog_id', '$usr[user_id]', UNIX_TIMESTAMP(), '$comment_title', '$comment_body', '$usr[ip]', 1)");
	sql_query ("UPDATE m_blog SET blog_comment=blog_comment+1 WHERE blog_id='$blog_id' LIMIT 1");
}
msg_die ('comment_ok');
?>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: mBlog