Location: PHPKode > projects > phpBlogger > comment.php
<?php session_start();
/* * ********************************************************************
*  Copyright notice PHP Blogger 1.2.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
*  All rights reserved
*
*  This script is part of the PHP Blogger project. 
*  The PHP Blogger project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include ('settings.php');
require_once ('languages/lang_english.php');
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin']){
	include ('form.php');
	die();
}
if(get_magic_quotes_gpc()) {
	$comrev = stripslashes($_POST['comrev']);
	$incuser = stripslashes($_POST['incuser']);
        $incid = stripslashes($_POST['incid']);
	$incimage = stripslashes($_POST['incimage']);
	$amess = stripslashes($_POST['amess']);
} else {
	$comrev = $_POST['comrev'];
	$incuser = $_POST['incuser'];
        $incid = $_POST['incid'];
	$incimage = $_POST['incimage'];
	$amess = $_POST['amess'];
}

if(strlen($amess) > $maxtopic) {
        echo "<div id='errormes'>$lang[MAXCHAR]: $maxtopic</div>";
	die();
}
if(strlen($amess) < 5) {
        echo "<div id='errormes'>$lang[LASTFIV]</div>";
	die();
}
$last = date("yhis");
$prerecordSet = &$conn->Execute("SELECT * FROM users WHERE usid = ? LIMIT 1", array($incid));
if(!$prerecordSet)
	print $conn->ErrorMsg();
else
	while(!$prerecordSet->EOF) {
		$checktime = $prerecordSet->fields['lasthour'];
		$checktext = $prerecordSet->fields['lastext'];
		$topfast = $checktime + $timelimit;
		if($last < $topfast) {
			echo "<div id='errormes'>$lang[TOOFAST]</div>";
			die();
		}
		if($checktext == $amess) {
			echo "<div id='errormes'>$lang[LINKALRED]</div>";
			die();
		}
		$prerecordSet->MoveNext();
	}
$time = date("Y-m-d H:i:s");
if(preg_match_all('/(^|\s)(#\w+)/',$amess,$tags) > 0) {
	foreach($tags[2] as $hashtags) {
		if(preg_match('/#\d*[A-Za-z0-9_-]+/i',$hashtags)) {
$sqlh = $conn->Prepare('INSERT INTO catags (hashtags,nofhash) VALUES (?, ?) on duplicate key UPDATE nofhash = nofhash  + ?');
if($conn->Execute($sqlh,array($hashtags,'1','1')) === false) {
	print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
		}
	}
}
$lasttime = date("yhis");
$amess = htmlspecialchars($amess);
$sql = $conn->Prepare('INSERT INTO reviews (comrev,incuser,incimage,incdate,inctext) VALUES (?, ?, ?, ?, ?)');
if($conn->Execute($sql,array($comrev,$incuser,$incimage,$time,$amess)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
$comrev = $conn->addq($comrev);
$sql2 = $conn->Prepare('UPDATE comment SET nocomm = nocomm  + ? WHERE commid = ?');
if($conn->Execute($sql2,array(1,$comrev)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
$incid = $conn->addq($incid);
$sql3 = $conn->Prepare('UPDATE users SET nofposts = nofposts + ?, lastext = ?, lasthour = ? WHERE usid = ?');
if($conn->Execute($sql3,array('1',$amess,$lasttime,$incid)) === false) {
	print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
function get_db_results() {
        global $conn;
        if(get_magic_quotes_gpc()) {
	$comrev = stripslashes($_POST['comrev']);
	} else {
	$comrev = $_POST['comrev'];
	}
        $comrev = $conn->addq($comrev);
	$_query = sprintf('SELECT SQL_CALC_FOUND_ROWS * FROM reviews  WHERE comrev = ? ORDER by revid ASC LIMIT %d,%d',
		SmartyPaginate::getCurrentIndex(),SmartyPaginate::getLimit());
	$arecordSet = $conn->Execute($_query,array($comrev));
	if(!$arecordSet)
		print $conn->ErrorMsg();
	else
		while(!$arecordSet->EOF) {
			$_data[] = $arecordSet->GetRowAssoc(false);
			$arecordSet->MoveNext();
		}
	$_query = "SELECT FOUND_ROWS() as total";
	$brecordSet = $conn->Execute($_query);
	if(!$brecordSet)
		print $conn->ErrorMsg();
	else
		$_row = $brecordSet->GetRowAssoc();
	$total = $brecordSet->fields['total'];
	SmartyPaginate::setTotal($total);
	return @$_data;
	$arecordSet->Close();
	$brecordSet->Close();
}
require ('libs/SmartyPaginate.class.php');
SmartyPaginate::connect();
SmartyPaginate::setLimit(12);
SmartyPaginate::setUrl('comment.php');
$smarty->caching = 0;
$smarty->assign('results',get_db_results());
SmartyPaginate::assign($smarty);
$smarty->display('line.php');
$conn->Close();
##############################
# comment.php  version 1.1.6.#
##############################
?>
Return current item: phpBlogger