<?php session_start();
/* * ********************************************************************
* Copyright notice PHP Blogger 1.2.
*
* (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
* All rights reserved
*
* This script is part of the PHP Blogger project.
* The PHP Blogger project is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
* This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include ('settings.php');
require_once ('languages/lang_english.php');
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin']){
include ('form.php');
die();
}
if(get_magic_quotes_gpc()) {
$cusid = stripslashes($_POST['cusid']);
$incuser = stripslashes($_POST['incuser']);
$incimage = stripslashes($_POST['incimage']);
$amess = stripslashes($_POST['amess']);
} else {
$cusid = $_POST['cusid'];
$incuser = $_POST['incuser'];
$incimage = $_POST['incimage'];
$amess = $_POST['amess'];
}
if(strlen($amess) > $maxtopic) {
echo "<div id='errormes'>$lang[MAXCHAR]: $maxtopic</div>";
die();
}
if(strlen($amess) < 5) {
echo "<div id='errormes'>$lang[LASTFIV]</div>";
die();
}
$last = date("yhis");
$prerecordSet = &$conn->Execute("SELECT * FROM users WHERE usid = ? LIMIT 1", array($cusid));
if(!$prerecordSet)
print $conn->ErrorMsg();
else
while(!$prerecordSet->EOF) {
$checktime = $prerecordSet->fields['lasthour'];
$checktext = $prerecordSet->fields['lastext'];
$topfast = $checktime + $timelimit;
$lasttime = date("yhis");
if($last < $topfast) {
$sql2 = $conn->Prepare('UPDATE users SET lasthour = ? WHERE usid = ?');
if($conn->Execute($sql2,array($lasttime,$cusid)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
echo "<div id='errormes'>$lang[TOOFAST]</div>";
die();
}
if($checktext == $amess) {
echo "<div id='errormes'>$lang[LINKALRED]</div>";
die();
}
$prerecordSet->MoveNext();
}
$time = date("Y-m-d H:i:s");
if(preg_match_all('/(^|\s)(#\w+)/',$amess,$tags) > 0) {
foreach($tags[2] as $hashtags) {
if(preg_match('/#\d*[A-Za-z_]+/i',$hashtags)) {
$sqlh = $conn->Prepare('INSERT INTO catags (hashtags,nofhash) VALUES (?, ?) on duplicate key UPDATE nofhash = nofhash + ?');
if($conn->Execute($sqlh,array($hashtags,'1','1')) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
}
}
}
$amess = htmlspecialchars($amess);
$sql = $conn->Prepare('INSERT INTO comment (userid,texty,imgs,date,amess) VALUES (?, ?, ?, ?, ?)');
if($conn->Execute($sql,array($cusid,$incuser,$incimage,$time,$amess)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$cusid = $conn->addq($cusid);
$sql2 = $conn->Prepare('UPDATE users SET nofposts = nofposts + ?, lastext = ?, lasthour = ? WHERE usid = ?');
if($conn->Execute($sql2,array('1',$amess,$lasttime,$cusid)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$brecordSet = &$conn->Execute("SELECT * FROM comment ORDER BY commid DESC LIMIT 12");
if(!$brecordSet)
print $conn->ErrorMsg();
else
while(!$brecordSet->EOF) {
$bval[] = $brecordSet->fields;
$brecordSet->MoveNext();
}
$crecordSet = &$conn->Execute("SELECT * FROM reviews ORDER BY revid ASC LIMIT 70");
if(!$crecordSet)
print $conn->ErrorMsg();
else
while(!$crecordSet->EOF) {
$cval[] = $crecordSet->fields;
$crecordSet->MoveNext();
}
$smarty->assign('results',@$bval);
$smarty->assign('reviews',@$cval);
$smarty->display('cline.php');
$prerecordSet->Close();
$brecordSet->Close();
$crecordSet->Close();
$conn->Close();
##############################
# insert.php version 1.1.6.#
##############################
?>