Location: PHPKode > projects > php Blogger > comment.php
<?php session_start();
/* * ********************************************************************
*  Copyright notice PHP Blogger 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
*  All rights reserved
*
*  This script is part of the PHP Blogger project. 
*  The PHP Blogger project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
##############################
# comment.php    version 1.1.#
##############################
include ('settings.php');
require_once ('languages/lang_english.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'ESALT_';
$ss->regenerate_id = true;
if(!$ss->Check() || !isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
	include ('form.php');
	die();
} 
include 'libs/pagination.class.php';
$pagination = new pagination;
if(get_magic_quotes_gpc()) {
	$comrev = stripslashes($_POST['comrev']);
	$incuser = stripslashes($_POST['incuser']);
	$incimage = stripslashes($_POST['incimage']);
	$amess = stripslashes($_POST['amess']);
} else {
	$comrev = $_POST['comrev'];
	$incuser = $_POST['incuser'];
	$incimage = $_POST['incimage'];
	$amess = $_POST['amess'];
}
if(preg_match("/</",$amess)) {
	echo "Invalid Characters '<' ";
	die();
}
if(preg_match("/]/",$amess)) {
	echo "Invalid Characters '[' ";
	die();
}
if(strlen($amess) < 5) {
	echo "Field must be at least 5 characters long:";
	die();
}
if(strlen($amess) > 180) {
	echo "Max Characters Field: 180";
	die();
}
$time = date("mis");
$time = $time - $timelimit;
if(@$_SESSION["rcloadser"] > $time) {
	echo "<div id='errormes'>Sorry your posting too fast please try again later.</div>";
	die();
}
$times = date("mis");
$_SESSION["rcloadser"] = $times;
$comrev = mysql_real_escape_string($comrev);
$incuser = mysql_real_escape_string($incuser);
$incimage = mysql_real_escape_string($incimage);
$amess = mysql_real_escape_string($amess);
$erecordSet = &$conn->Execute("INSERT INTO reviews (comrev,incuser,incimage,incdate,inctext) VALUES ('$comrev', '$incuser','$incimage',NOW(),'$amess')");
$frecordSet = &$conn->Execute("UPDATE comment SET nocomm = nocomm + '".mysql_real_escape_string(1)."' WHERE commid = '".mysql_real_escape_string($comrev)."' ");
$drecordSet = &$conn->Execute("SELECT * FROM reviews  WHERE comrev = '".mysql_real_escape_string($comrev)."' ORDER by revid desc");
if(!$drecordSet)
	print $conn->ErrorMsg();
else
	while(!$drecordSet->EOF) {
		$dcval[] = $drecordSet->fields;
		$drecordSet->MoveNext();
	}
/**
 * intergrate()
 * 
 * @param mixed $comment
 * @return
 */
if($rewritemod == 2){
function intergrate($comment) {
        $comment = preg_replace("#(([a-zA-Z]+://)([a-zA-Z0-9?&%.;:/=\-_+\#]*))#e","'<a href=\"$1\" target=\"_blank\">$0</a>'",$comment);
	$comment = preg_replace("/@([A-Za-z0-9_]+)/","<a href='$1'>$0</a> ",$comment).'';
return $comment;
}
}
if($rewritemod == 1){
function intergrate($comment) {
        $comment = preg_replace("#(([a-zA-Z]+://)([a-zA-Z0-9?&%.;:/=\-_+\#]*))#e","'<a href=\"$1\" target=\"_blank\">$0</a>'",$comment);
	$comment = preg_replace("/@([A-Za-z0-9_]+)/","<a href='profile.php?cid=$1'>$0</a> ",$comment).'';
return $comment;
}
}
@$dataPages = $pagination->generate($dcval,12);
$smarty->assign('increv',$dataPages);
$smarty->assign('pagination',$pagination->links());
$smarty->display('line.php');
$recordSet->Close();
$erecordSet->Close();
$frecordSet->Close();
$drecordSet->Close();
$conn->Close();
?>
100% Free PHP Newsletter Script! Download now!
Return current item: php Blogger