<?php require('layout/header.php'); ?>
<script type="text/javascript">
function insert(was) {
document.form.comment.value += was + " ";
document.form.comment.focus();
}
</script>
<script type="text/javascript">
function showSuccessMessage() {
showNotification({
type : "success",
message: "<?php echo $lang['positive_comment']; ?>"
});
}
function showErrorMessage() {
showNotification({
type : "error",
message: "<?php echo $lang['negative_comment']; ?>"
});
}
</script>
<div id="content_wrapper">
<div class="content">
<?php
if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
$blog_id = mysql_real_escape_string($_GET['id']);
$blog_id = intval($_GET['id']);
}else{
echo '<p align="center" class="false">' . $lang['invalid_id'] . '!</p>';
exit();
}
?>
<span class="blog_left"><a href="blog.php">Blog</a> » <?php echo $lang['search_result']; ?></span>
<span class="blog_right"><?php
$abfrage = mysql_query("SELECT blog_id FROM comments WHERE blog_id2 = '" . $blog_id . "'");
$total = mysql_num_rows($abfrage);
echo '' . $total . ' ' . $lang['comments_on_articles'] . '';
?></span>
<br>
<?php
include('functions/bbcode.php');
if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
$blog_id = mysql_real_escape_string($_GET['id']);
$blog_id = intval($_GET['id']);
}elseif((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
$blog_id = htmlentities($_POST['id']);
$blog_id = intval($_GET['id']);
}else{
echo '<p class="false">' . $lang['invalid_id'] . '!</p>';
exit();
}
$query = "SELECT title, post, author, date FROM blog WHERE blog_id='" . $blog_id . "'";
$result = mysql_query($query) OR die(mysql_error());
echo '<table width="100%" cellpadding="6" class="blogtable">';
if($result) {
$row = mysql_fetch_assoc($result);
echo '<tr><td>
<h1>' . htmlentities($row['title'], ENT_QUOTES) . '</h1>
<span class="informations">';
if($language == "de") {
echo date('d.m.Y - H:i', strtotime($row['date']));
}elseif($language == "en") {
echo date('Y-m-d - H:i', strtotime($row['date'])); }
echo ' ' . $lang['o_clock'] . ' |
<a href="mailto:' . $webmaster . '">' . htmlentities($row['author'], ENT_QUOTES) . '</a></span>
<div id="head_line"> </div>
<p>' . parseBBCode2HTML(nl2br(stripslashes($row['post']))) . '</p></td></tr>';
}
echo '<tr><td><img src="images/latest.png" alt="Comments"> <a href="#comment">' . $lang['write_comment'] . '</a></td></tr>';
echo '</table>';
if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
$blog_id = mysql_real_escape_string($_GET['id']);
$blog_id = intval($_GET['id']);
}else{
echo '<p class="false">' . $lang['invalid_id'] . '!</p>';
exit();
}
$pfad = "blog_result.php?id=" . $blog_id;
$query = mysql_query("SELECT blog_id FROM comments WHERE blog_id2 = '" . $blog_id . "'") OR die(mysql_error());
$total = intval(mysql_num_rows($query));
$seiten = ceil($total / $datensaetze_pro_kommentar);
if(empty($_GET['page'])) {
$page = 1;
}elseif($_GET['page'] <= 0 || $_GET['page'] > $seiten) {
$page = 1;
}else{
$page = mysql_real_escape_string($_GET['page']);
}
$links = array();
if(($page - $p) < 1){ $davor = $page - 1; }else { $davor = $p; }
if(($page + $p) > $seiten){ $danach = $seiten - $page; }else{ $danach = $p; }
$off = ($page - $davor);
if($page- $davor > 1) {
$first = 1;
$links[] = '<a href="blog_result.php?id=' . $blog_id . '&page=' . $first . '" title="' . $lang['goto_first_page'] . '" class="topicby">« ' . $lang['first'] . ' ...</a>';
}
if($page != 1) {
$prev = $page-1;
$links[] = '<a href="blog_result.php?id=' . $blog_id . '&page=' . $prev . '" title="' . $lang['page_back'] . '" class="topicby"> «</a>';
}
for($i = $off; $i <= ($page + $danach); $i++) {
if($i != $page) {
$links[] = '<a href="blog_result.php?id=' . $blog_id . '&page=' . $i . '" class="topicby">' . $i . '</a>';
}elseif($i == $seiten) {
$links[] = '<span class="current_main">' . $i . '</span>';
}elseif($i == $page) {
$links[] = '<span class="current_main">' . $i . '</span>';
}
}
if($page != $seiten) {
$next = $page+1;
$links[] = '<a href="blog_result.php?id=' . $blog_id . '&page=' . $next . '" title="' . $lang['next_page'] . '" class="topicby"> »</a>';
}
if($seiten - $page - $p > 0 ) {
$last = $seiten;
$links[] = '<a href="blog_result.php?id=' . $blog_id . '&page=' . $last . '" title="' . $lang['last_page'] . '" class="topicby">... ' . $lang['last'] . ' »</a>';
}
$start = ($page-1) * $datensaetze_pro_kommentar;
$link_string = implode(" ", $links);
$query = "SELECT * FROM comments WHERE blog_id2 = '" . $blog_id . "' ORDER BY date DESC LIMIT $start,$datensaetze_pro_kommentar";
$result = mysql_query($query) OR die(mysql_error());
echo '<div id="blog_line"> </div>
<h2>' . $lang['comments'] . '</h2>';
if(!$result) {
echo '<span class="blog_left"><strong>' . $lang['no_comments'] . '.</strong></span>';
}else{
if(intval(mysql_num_rows($result)) == 0) {
echo '<span class="blog_left"><strong>' . $lang['no_comments'] . '.</strong></span>';
}else{
while($row = mysql_fetch_assoc($result)) {
echo '<table width="100%" border="0">
<tr>
<td width="50"><img src="images/icons/body.png" title="' . $lang['submitted_on'] . ': ' . date('d.m.Y - H:i', strtotime($row['date'])) . ' ' . $lang['o_clock'] . '" vspace="10"></td>
<td><strong>' . $lang['author'] . ':</strong> <span class="blue">' . htmlentities($row['author'], ENT_QUOTES) . '</span><br>
<em><small>';
if($language == "de") {
echo date('d.m.Y - H:i', strtotime($row['date']));
}elseif($language == "en") {
echo date('Y-m-d - H:i', strtotime($row['date'])); }
echo ' ' . $lang['o_clock'] . '</small></em></td>
</tr>
<tr>
<td colspan="2"><blockquote class="speech_bubble"><em><strong>' . htmlentities($row['title'], ENT_QUOTES) . '</strong></em><br><br>
' . parseBBCode2HTML(nl2br(stripslashes(strip_tags($row['comment'])))) . '</blockquote></td>
</tr></table>';
}
echo '<span class="pages_main">' . $lang['page'] . ' <u>' . $page . '</u> ' . $lang['by'] . ' ' . $seiten . '</span>';
echo $link_string;
}
}
if($_SERVER['REQUEST_METHOD'] != 'POST') {
include_once('functions/flood.php');
echo '<br><div id="com_line"> </div>
<div class="whole">
<h1>' . $lang['write_comment'] . '</h1><a name="comment" id="comment"></a>';
echo "<a name=\"comment\" id=\"comment\"></a><form action=\"\" method=\"post\" name=\"form\">
<p><input type=\"text\" name=\"title\" class=\"fields\" maxlength=\"70\" size=\"30\"> <strong>" . $lang['title'] . "</strong></p>
<p><input type=\"text\" name=\"author\" class=\"fields\" length=\"25\" maxlength=\"50\" size=\"30\"> <strong>" . $lang['name'] . "</strong></p>
<p><a href=\"javascript:insert('[b][/b]','')\"><img border=\"0\" src=\"images/bbcode/bold.png\" title=\"" . $lang['bold'] . "\"></a><a href=\"javascript:insert('[i][/i]','')\"><img border=\"0\" src=\"images/bbcode/italic.png\" title=\"" . $lang['italic'] . "\"></a><a href=\"javascript:insert('[u][/u]','')\"><img border=\"0\" src=\"images/bbcode/underline.png\" title=\"" . $lang['underline'] . "\"></a><a href=\"javascript:insert('[url]http://[/url]','')\"><img border=\"0\" src=\"images/bbcode/link.png\" title=\"" . $lang['url_with'] . "\"></a><br>
<textarea cols=\"45\" rows=\"8\" name=\"comment\" id=\"comment\" class=\"fields_text\"></textarea></p>
<p><small>" . $lang['spam_protection_question'] . " *</small><br>
<strong>" . $lang['sum_of'] . " " . $random1 . " + " . $code . " =</strong> <input size=\"5\" name=\"zip\" id=\"Spamschutz\" type=\"text\" class=\"fields\" /><input type=\"hidden\" name=\"zip2\" value=" . $rand_result . "></p>
<p><input type=\"submit\" name=\"submit\" class=\"button\" value=\"" . $lang['add_comment'] . " \"></p>
<input type=\"hidden\" name=\"submitted\" value=\"TRUE\">
</form>";
}else{
if(sha1($_POST["zip"]) != $_POST["zip2"]) {
echo '<br><div id="nav_line"> </div>
<div class="whole">
<p class="false">' . $lang['invalid_spam'] . '!</p>
<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
}else{
$errors = array();
if(empty($_POST['title'])) {
$errors[] = '<p>' . $lang['enter_a_title'] . '.</p>';
}else{
$title = htmlentities($_POST['title']);
$title = mysql_real_escape_string($_POST['title']);
}
if(empty($_POST['author'])) {
$errors[] = '<p>' . $lang['enter_a_name'] . '.</p>';
}else{
$author = htmlentities($_POST['author']);
$author = mysql_real_escape_string($_POST['author']);
}
if(empty($_POST['comment'])) {
$errors[] = '<p>' . $lang['enter_a_comment'] . '.</p>';
}else{
$comment = htmlentities($_POST['comment']);
$comment = mysql_real_escape_string($_POST['comment']);
}
if(empty($errors)) {
$query = "INSERT INTO comments (blog_id2, title, author, comment, date) VALUES ($blog_id, '$title', '$author', '$comment', NOW())";
$result = mysql_query($query) OR die(mysql_error());
if($result) {
echo '<br><div id="nav_line"> </div>';
echo '<div class="whole">';
echo '<p class="right">' . $lang['positive_comment'] . '</p>
<p>• <a href="blog_result.php?id=' . $blog_id . '">' . $lang['go_on'] . '</a></p>';
echo "<script type=\"text/javascript\">showSuccessMessage();</script>";
}else{
echo '<br><div id="nav_line"> </div>';
echo '<div class="whole">';
echo '<p class="false">' . $lang['negative_comment'] . '</p>
<p>• <a href="javascript:history.back();">' . $lang['back'] . '</a></p>';
echo "<script type=\"text/javascript\">showErrorMessage();</script>";
}
}else{
echo '<br><div id="nav_line"> </div>';
echo '<div class="whole">';
echo '<p class="false"><u>' . $lang['not_filled_all'] . '.</u></p>';
echo '<ul>';
foreach ($errors as $msg) {
echo '<li>' . $msg . '</li>';
}
echo '</ul>';
echo '<p><br>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
}
}
}
echo '</div>';
echo '<div class="spacer_div"> </div>';
?>
</div>
</div>
<div id="infobox_wrapper">
<div class="infobox">
<?php include('layout/infobox.php'); ?>
</div>
</div>
<?php require('layout/footer.php'); ?>