<?php
$mailid = "hide@address.com";
?>

<html>
<head>
<title> Comments added by user </title>
</head>
<body>

<?php
include "../header.php";
include "../auth/config.php";
$link = mysql_connect($hostname, $username,$password);
if($link)
{
	$dbcon = mysql_select_db($dbname,$link);
}
?>

<!-- main center -->
<table align=center width=85% height=100% cellpadding=0 cellspacing=0 border=0>
<tr><td valign=top>
<br>

<br>

<table width=85% cellpadding=0 cellspacing=0 border=0 align=center>
<tr width=100%>
<td align=left class=cmt>
<?php

$name = $_POST['nam'];
$email = $_POST['email'];
$url = $_POST['url'];
$com = $_POST['com'];
$dat = date('y-m-d');
$rip = $_SERVER['REMOTE_ADDR'];

/* Session Value */
$imag = $_POST['number'];
@session_start();
$key=$_SESSION['count'];

/* End of session values  */

$ref = $_SERVER['HTTP_REFERER'];
$ser = $_SERVER['HTTP_HOST'];
$host = parse_url($ref);
$ser = str_replace('www.','',$ser);
$host = str_replace('www.','',$host);

if($ser == $host['host']){

$rip1 = array($rip);
$arr['addr'] = array();

$result1 = mysql_query("select word from filter where word IS NOT NULL",$link);
$result2 = mysql_query("select ip from filter where ip IS NOT NULL",$link);
$result3 = mysql_query("select count(*) as xxx from comments where review='$com' && email='$email'",$link);

$bloc = false;
while($rrr = mysql_fetch_array($result1)){
	$ff = $rrr['word'];
	$com1=strtolower($com);
      $ff1=strtolower($ff);
      $pos = strpos($com1, $ff1);
     if ($pos === false) { 
	}else{
		$bloc = true;
	}
}


while($rr = mysql_fetch_array($result2)){
  array_push($arr['addr'],$rr['ip']);
}
while($row = mysql_fetch_array($result3)){
	$existcount = $row['xxx'];
}

$counaddr = count($arr['addr']);
$cmpip = array_diff($arr['addr'],$rip1);
$counip = count($cmpip);

/* Check for Capture image */

if($imag==$key)			
{

//echo "$name --- $email ---- $url ---- $com --- $dat ---- $rip <br>";
	if($existcount > 0){
	echo "Your comment is already present in the database.<br>
	      Thanks for your effort.<br><br>
	      <span style='background-color:#cdcdcd; font-size:16px; cursor:pointer; hover:none;' onClick='history.back()'>Go Back</span>";
	}else{
		//if($name == "" || $email == "" || $com == "" || $cou < $countwd ||$counip < $counaddr)
		if($name == "" || $email == "" || $com == "" || $counip < $counaddr || $bloc == true)
		{
			if($bloc == true || $counip < $counaddr){
				echo "<table align=center><tr><td>
				<font color=red>Your message has some blocked words.</font></td></tr><br><br>";
			}else{
				echo "<font color=red>Your information is incomplete. <br>
				Please fill all the required feilds.</font><br><br>";
			}
			echo "<table align=center>";
			echo "<form name=xx action=addcomment.php method=post>";
			echo "<tr><td><textarea name=com rows=3 cols=60>$com</textarea></td></tr> <br>";
			echo "<tr><td>Name : <input type=text name=nam value=\"$name\"></td></tr>";
			echo "<tr><td>Email : <input type=text name=email value=\"$email\" size=25></td></tr>";
			
			echo "<input type=hidden value=\"$url\" name=url>";
			echo "<tr><td> </td></tr>";
			echo "<tr><td><input type=submit value=add></td></tr>";
			echo "</form></table><br><br>";
		}else
		{
			$result = mysql_query("insert into comments values('','g','$com','$url','$rip','$name','$email','$dat','no')",$link);

			$message1 = "NAME :".$name."\r\n";
			$message1 .= "MAIL :".$email."\r\n";
			$message1 .= "FEEDBACK :".$com."\r\n";
			$subject1 = "FEEDBACK from $name";
			/* To send HTML mail, you can set the Content-type header. */
			$headers1  = "MIME-Version: 1.0\r\n";
			$headers1 .= "Content-type: text/html; charset=iso-8859-1\r\n";
		
			/* additional headers */
			$headers1 .= "From: ".$email."\r\n";
			$headers1 .= "Reply-To: ".$email."\r\n";
			$headers1 .= "Cc: \r\n";
	
			if($mailid != "hide@address.com")
				@mail($mailid, $subject1, $message1, $headers1);
			echo "Hi, <br><br>
				Your comments have been added in to the database.<br>
				It will be reviewed and added in to the web page.<br><br>
				Thank you,<br>
				Support Team.<br>
				<br><br>
				<div align=center>
				<input type=button style=\"border: 2px #aacfca inset;\" value=\"Go back\" onClick=\"history.back();\">
				</div>
				<br><br>";
		}
	}
}else{
	echo "You have entered wrong verification code!!<br> 
		Please go back and enter proper value.<br><br>
	      <span style='background-color:#cdcdcd; font-size:16px; cursor:pointer; hover:none;' onClick='history.back()'>Go Back</span>";
} 
}    
?>

</td></tr>
</table>

</td></tr></table>
<?php
include"../footer.php";
?>
</body>
</html>