<?php
// =====================================================
//
// s-p-e - Content management system.
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
//
// This file is part of s-p-e.
//
// s-p-e is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// s-p-e is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
// You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
// comsaver.php
//
// Abstract: Saves comments.
//
// Revision History:
//
// 1 2004-03-27 - 2005-07-02 vbt
// 2 2005-07-19 vbt
// 3 2005-10-30 vbt
// 4 2010-06-23 vbt
// 5 2011-01-22 vbt
// 6 2011-11-04 vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");
include("data/configure/specfg.php");
include("include/functions.php");
if(isset($_POST["lng"]))
{
$lng = $_POST["lng"];
$shortlng = substr($lng, 0, 2);
language($lng);
}
else
{
$cfg["language"] = $cfg["deflang"];
$shortlng = substr($cfg["deflang"], 0, 2);
language($cfg["deflangvisitor"]);
}
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">
<html>
<head>
<title>".(_("Comment saving"))." - ".($cfg["xtitle"])."</title>
<link rel='stylesheet' type='text/css' href='skin/".($cfg["skin"])."/style.css'>
</head>
<body class='client'>";
if(isset($_POST['id']) && isset($_POST['rid']) && isset($_POST['uname'])
&& isset($_POST['umail']) && isset($_POST['comment']) && isset($_POST['send']) && isset($_POST["lng"]))
{
$id = $_POST['id'];
$rid = $_POST['rid'];
$uname = $_POST['uname'];
$uname = addslashes($uname);
$umail = $_POST['umail'];
$umail = trim($umail);
$send = $_POST['send'];
$comment = $_POST['comment'];
$comment = addslashes($comment);
if(isset($send) && ctype_digit($id) && ctype_digit($rid))
{
if($comment)
{
if($uname == false)
echo "<font class='negative'>".(_("Please, specify your name."))."</font>";
else if(strlen($comment)>500)
echo "<font class='negative'>
".(_("Comment is longer than 500 characters. Please shorten it and try again."))."
</font>";
else if($umail)
{
if(ereg("^[0-9A-Z_a-z.\-]+"."@"."[0-9A-Z_a-z\-]+\."."[0-9A-Z_a-z]+(\.[0-9A-Z_a-z]+)?$", $umail) == false)
echo "<font class='negative'>".(_("Invalid e-mail address."))."</font>";
else
{
$umail = addslashes($umail);
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
mysql_query("insert into ".($cfg["prefix"])."comment
(partid, recid, uname, umail, comment, date, timer)
values ('$id', '$rid', '$uname', '$umail', '$comment', '".(date("Y-m-d"))."', now())", $connector)
or die("error #102");
mysql_close($connector);
echo "<font class='positive'>".(_("Comment was saved successfully."))."</font>";
}
}
else
{
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
mysql_query("insert into ".($cfg["prefix"])."comment
(partid, recid, uname, comment, date, timer)
values ('$id', '$rid', '$uname', '$comment', '".(date("Y-m-d"))."', now())", $connector)
or die("error #102");
mysql_close($connector);
echo "<font class='positive'>".(_("Comment was saved successfully."))."</font>";
}
}
else
{
echo "<font class='negative'>".(_("Please, specify your comment."))."</font>";
}
}
else
{
echo "error #101";
}
}
else
{
echo "error #101";
}
echo "<p>
".(_("Back to the"))." <a href='index.php?ins=com&id=$id&rid=$rid&lng=$shortlng'>".(_("Commented page"))."</a>
</p>
<p>
".(_("Back to the"))." <a href='index.php?lng=$shortlng'>".(_("Index page"))."</a>
</p>
</body>
</html>";
?>