<?php session_start();
/**********************************************************************
* Copyright notice Ja2BU 1.1.
*
* (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
* All rights reserved
*
* This script is part of the Ja2BU project.
* The Ja2BU project is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
* This copyright notice MUST appear in all copies of the script!
************************************************************************/
include ('settings.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
{
header('Location: signin.php');
die();
}
if (!$_SESSION['inecsess'])
{
header('Location: signin.php');
die();
}
if(get_magic_quotes_gpc()) {
$main = stripslashes($_POST['main']);
$comrev = stripslashes($_POST['comrev']);
$idrev = stripslashes($_POST['idrev']);
$text = stripslashes($_POST['text']);
$newimg = stripslashes($_POST['newimg']);
$ccuid = stripslashes($_POST['ccuid']);
$chelper = stripslashes($_POST['chelper']);
$text1 = stripslashes($_POST['text1']);
} else {
$main = $_POST['main'];
$comrev = $_POST['comrev'];
$idrev = $_POST['idrev'];
$text = $_POST['text'];
$newimg = $_POST['newimg'];
$ccuid = $_POST['ccuid'];
$chelper = $_POST['chelper'];
$text1 = $_POST['text1'];
}
?>
<head>
<link rel="stylesheet" type="text/css" href="themes/<?php echo $themes; ?>/styles/style.css" />
</head>
<?php
$subtext = substr($text1,0,8);
if(@$_SESSION["reloadse"] == $subtext) {
echo "<center><div id='error'>$lang[BOOKERR9]</div></center>";
die();
}
$realmessage = "$lang[VIDCOMM] ".$text;
if(preg_match("/</",$text1)) {
echo "<center><div id='error'>$lang[INVALIDCHAR] '<' <a href=\"javascript:history.go(-1)\">$lang[BOOKBACK]</a></div></center>";
Die();
}
if(preg_match("/\\[/",$text1)) {
echo "<center><div id='error'>$lang[INVALIDCHAR] '[' <a href=\"javascript:history.go(-1)\">$lang[BOOKBACK]</a></div></center>";
Die();
}
if(strlen($text1) < 9) {
echo "<center><div id='error'>$lang[POSTERR3] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></center>";
die();
}
if(strlen($text1) > 700) {
echo "<center><div id='error'>$lang[VIDOERR] <a href=\"javascript:history.go(-1)\">$lang[BOOKBACK]</a></div></center>";
die();
}
if($idrev == false) {
echo 'Error [72]';
die();
}
@$_SESSION["reloadse"] = $subtext;
$text1 = htmlspecialchars($text1);
$time = date("Y-m-d H:i:s");
$helper = preg_replace('/([?,\/,|,",\',:,%,(,),[,\,\],\,])/', "-", $chelper);
$helper = urlencode($helper);
$sql2 = $conn->Prepare('INSERT INTO reviews (comrev,idrev,cmain,comenter,comimage,cdate,chelper,ctexte) VALUES (?, ?, ?, ?, ?, ?, ?, ?)');
if($conn->Execute($sql2,array($comrev,$idrev,"1",$text,$newimg,$time,$helper,$text1)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$sql3 = $conn->Prepare('UPDATE article SET commno = commno + ? WHERE univer = ?');
if($conn->Execute($sql3,array("1",$comrev)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$conn->Close();
$asty = $_SERVER['HTTP_REFERER'];
?>
<head>
<script type="text/javascript">
function delayer(){
window.location = "<?php echo $asty ?>"
}
</script>
</head>
<body onLoad="setTimeout('delayer()', 2000)">
<center><div style='text-align:center;width:468px;margin:0px auto;min-height:98px;max-height:98px;background: #F8F8F8;font-size:12px;color:#555;font-family:tahoma;helvetica,arial;border-top: 1px dashed #EEE;margin-top:32px;padding-top:8px;'><?php echo $lang['CREDIR'] ?><br /><br /><img src="themes/<?php echo $themes; ?>/styles/images/ajax-loader.gif" border="0"><br /><br /></div></center>
<?php
######################################
##review.php 1.1.##
######################################
?>