Location: PHPKode > projects > PHPmotion Media Sharing CMS > comments.php
<?php

///////////////////////////////////////////////////////////////////////////////////////
// PHPmotion                                                http://www.phpmotion.com //
///////////////////////////////////////////////////////////////////////////////////////
// License: You are not to sell or distribute this software without permission       //
// Help and support please visit http://www.phpmotion.com                            //
// Copyright reserved                                                                //
///////////////////////////////////////////////////////////////////////////////////////

include_once ('classes/config.php');
include_once ('classes/sessions.php');

$referer	= mysql_real_escape_string($_SERVER['HTTP_REFERER']);

if ( $referer == "" ) {
	echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_error_comment'].'</b></font>';
	die();
}

if ( isset( $_POST ) )
   $postArray = &$_POST;
else
   $postArray = &$HTTP_POST_VARS;

foreach ( $postArray as $sForm => $value ) {
	if ( get_magic_quotes_gpc() )
		$postedValue[] = htmlspecialchars( stripslashes( $value ) ) ;
	else
		$postedValue[] = htmlspecialchars( $value ) ;
}

$post_check = sizeof($postedValue);
if ( $post_check > 2) {
	echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_error_comment'].'</b></font>';
	die();
}

$comments	= $postedValue[0];
$vid 		= $postedValue[1];

if ( $vid == '' ) {
	echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_error_comment'].'</b></font>';
	die();
}

//check if comments have been filled in || now checks for length
if ( $comments == '' ) {
	echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_error_comment'].'</b></font>';
	die();
}

if ( strlen($comments) < $config['comments_length'] ) {
	echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_error_length'].'</b></font>';
	die();
}

//check if user is logged in
if ($user_id == ''){
	echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_login'].'</b></font>';
	die();
}

//check if users are allowed multiple posts if not, check if user has already posted
$multiple_comments = $config["allow_multiple_video_comments"];

if( $multiple_comments == 'no' ) {

	$user_id = mysql_real_escape_string($user_id);
	$vid = mysql_real_escape_string($vid);
	$sql = "SELECT * from videocomments WHERE video_id = $vid AND by_id = $user_id";

	$query = mysql_query($sql);
	$result = mysql_num_rows($query);
	$comment_time = $result['todays_date'];

	if ($result != 0){
		echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_error_already'].'</b></font>';
		die();
	}
}

// comment flood control
$user_id 		= mysql_real_escape_string($user_id);
$comment_table 	= 'videocomments';
$vid 			= mysql_real_escape_string($vid);
$item_id 		= 'video_id';
$proceed 		= flood_check ( $user_id, $comment_table, $item_id, $vid );

if ( $proceed[0] == 'false' ) {
	echo $proceed[1];
	die();
}

//check if user allows video comments to their video
$sql1		= "SELECT * FROM videos WHERE indexer = $vid AND allow_comments = 'no'";
$result1 	= @mysql_query($sql1);

if(@mysql_num_rows($result1) != 0){
	echo '<p align="center"><font color="#FF4242" face="Arial"><b>'.$config['video_comments_not_allowed'].'</b></font>';
	die();
}

$user_id	= mysql_real_escape_string($user_id);
$user_name 	= mysql_real_escape_string($user_name);
$vid 		= mysql_real_escape_string($vid);
$comments 	= mysql_real_escape_string($comments);

$sql = "INSERT into videocomments (by_id, by_username, video_id, comments, todays_date) VALUES
                                  ($user_id, '$user_name', $vid, '$comments', NOW())";
mysql_query($sql);

	echo '<p align="center"><font color="#009933" face="Arial"><b>'.$config['video_comments_success'].'</b></font>';

	$comments = '';

	// call javascript ajax refresh, need comments ajax but page == 1 to view new posted comment and vid == page vid comments_ajax.php?page=1&vid=2

      echo "<script type='text/javascript'>ahahscript.ahah('comments_ajax.php?page=1&vid=$vid', 'commentajax', '', 'GET', '', this);</script>";
	die();
?>
Return current item: PHPmotion Media Sharing CMS