Location: PHPKode > scripts > Ja2BU > review.php
<?php session_start();
/**********************************************************************
*  Copyright notice Ja2BU 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
*  All rights reserved
*
*  This script is part of the Ja2BU project. 
*  The Ja2BU project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
************************************************************************/
include ('settings.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
  {
     header('Location: signin.php');
     die();
  }
if (!$_SESSION['inecsess'])
  {
    header('Location: signin.php');
    die();
  }
if(get_magic_quotes_gpc()) {
	$main = stripslashes($_POST['main']);
	$comrev = stripslashes($_POST['comrev']);
        $idrev = stripslashes($_POST['idrev']);
	$text = stripslashes($_POST['text']);
	$newimg = stripslashes($_POST['newimg']);
	$ccuid = stripslashes($_POST['ccuid']);
        $chelper = stripslashes($_POST['chelper']);
	$text1 = stripslashes($_POST['text1']);
} else {
	$main = $_POST['main'];
	$comrev = $_POST['comrev'];
        $idrev = $_POST['idrev'];
	$text = $_POST['text'];
	$newimg = $_POST['newimg'];
	$ccuid = $_POST['ccuid'];
        $chelper = $_POST['chelper'];
	$text1 = $_POST['text1'];
}
?>
<head>
<link rel="stylesheet" type="text/css" href="themes/<?php echo $themes; ?>/styles/style.css" />
</head>
<?php
$subtext = substr($text1,0,8);
if(@$_SESSION["reloadse"] == $subtext) {
	echo "<center><div id='error'>$lang[BOOKERR9]</div></center>";
	die();
}
$realmessage = "$lang[VIDCOMM] ".$text;
if(preg_match("/</",$text1)) {
	echo "<center><div id='error'>$lang[INVALIDCHAR]&nbsp;'<'&nbsp;<a href=\"javascript:history.go(-1)\">$lang[BOOKBACK]</a></div></center>";
	Die();
}
if(preg_match("/\\[/",$text1)) {
	echo "<center><div id='error'>$lang[INVALIDCHAR]&nbsp;'['&nbsp;<a href=\"javascript:history.go(-1)\">$lang[BOOKBACK]</a></div></center>";
	Die();
}
if(strlen($text1) < 9) {
	echo "<center><div id='error'>$lang[POSTERR3]&nbsp;<a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></center>";
	die();
}
if(strlen($text1) > 700) {
	echo "<center><div id='error'>$lang[VIDOERR]&nbsp;<a href=\"javascript:history.go(-1)\">$lang[BOOKBACK]</a></div></center>";
	die();
}
if($idrev == false) {
	echo 'Error [72]';
	die();
}
@$_SESSION["reloadse"] = $subtext;
$text1 = htmlspecialchars($text1);
$time = date("Y-m-d H:i:s");
$helper = preg_replace('/([?,\/,|,",\',:,%,(,),[,\,\],\,])/', "-", $chelper);
$helper = urlencode($helper);
$sql2 = $conn->Prepare('INSERT INTO reviews (comrev,idrev,cmain,comenter,comimage,cdate,chelper,ctexte) VALUES (?, ?, ?, ?, ?, ?, ?, ?)');
if($conn->Execute($sql2,array($comrev,$idrev,"1",$text,$newimg,$time,$helper,$text1)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
$sql3 = $conn->Prepare('UPDATE article SET commno = commno +  ? WHERE univer = ?');
if($conn->Execute($sql3,array("1",$comrev)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$conn->Close();
$asty = $_SERVER['HTTP_REFERER'];
?>
<head>
<script type="text/javascript">
function delayer(){ 
window.location = "<?php echo $asty ?>"
    }
</script>
</head>
<body onLoad="setTimeout('delayer()', 2000)">
<center><div style='text-align:center;width:468px;margin:0px auto;min-height:98px;max-height:98px;background: #F8F8F8;font-size:12px;color:#555;font-family:tahoma;helvetica,arial;border-top: 1px dashed #EEE;margin-top:32px;padding-top:8px;'><?php echo $lang['CREDIR'] ?><br /><br /><img src="themes/<?php echo $themes; ?>/styles/images/ajax-loader.gif" border="0"><br /><br /></div></center>
<?php
######################################
##review.php                    1.1.##
######################################
?>
Return current item: Ja2BU