4images code on GitHub Click here to visit GitHub.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
In your particular case you'll need insert that code below
unset($next_prev_cache);
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: ajaxcomments.php *
* File Version: 1.0.1 *
* Description: module that handles AJAX comment related requests *
* Author: V@no *
* Web: http://4images.vano.org *
* Scriptversion: 1.7.6 *
* *
*************************************************************************/
define("COMMENT_RATING_ENABLE", 1); //enable ratings for comments?
define("COMMENT_RATING_GUEST", 0); //allow guests to vote?
define("COMMENT_RATING_OWN", 0); //allow rate own comments?
define("COMMENT_RATING_HIDE", -3); //comment with rating below this number will be hidden by default (visitors still will be able read them by clicking at + icon)
define("COMMENTS_PAGES", 1); //show pages for comments? must install http://www.4homepages.de/forum/index.php?topic=5830.0
define("COMMENTS_ORDER", 0); //sort comments 0 = ASC or 1 = DESC
if (!defined('ROOT_PATH')) //check if this file included or direct request
{
if (!isset($HTTP_GET_VARS)) {
$HTTP_GET_VARS = &$_GET;
$HTTP_POST_VARS = &$_POST;
$HTTP_COOKIE_VARS = &$_COOKIE;
$HTTP_POST_FILES = &$_FILES;
$HTTP_SERVER_VARS = &$_SERVER;
$HTTP_ENV_VARS = &$_ENV;
}
$HTTP_GET_VARS = JSUnicodeUnEscape($HTTP_GET_VARS);
$HTTP_POST_VARS = JSUnicodeUnEscape($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = JSUnicodeUnEscape($HTTP_COOKIE_VARS);
$HTTP_POST_FILES = JSUnicodeUnEscape($HTTP_POST_FILES);
define('GET_CACHES', 1);
define('ROOT_PATH', './');
$main_template = '';
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
$included = false;
}
else
{
$included = true;
}
/*
comment_rating_check()
returns:
0 = "not rated yet",
1 = "invalid comment id",
2 = "guests are not allowed to vote",
3 = "permission denied",
4 = "can't vote on own comments",
5 = "already voted",
6 = "Comment rating disabled",
*/
function comment_rating_check($id, $row = false)
{
if (!COMMENT_RATING_ENABLE)
return 6;
global $user_info, $site_sess, $site_db;
if (!$id)
return 1;
if ($user_info['user_level'] == GUEST && !COMMENT_RATING_GUEST)
return 2;
if (!isset($user_info['comments_rated']))
{
$comments_rated = $site_sess->get_session_var("comments_rated");
if (empty($comments_rated))
$comments_rated = $site_sess->read_cookie_data("comments_rated");
$user_info['comments_rated'] = explode(",", $comments_rated);
}
if ($user_info['user_level'] != GUEST && empty($row))
{
$sql = "SELECT c.comment_id, c.image_id, c.comment_rating, c.comment_votes, c.comment_rating_users, c.comment_ip, c.user_id, i.cat_id, i.image_allow_comments
FROM ".COMMENTS_TABLE." c
LEFT JOIN ".IMAGES_TABLE." i ON (i.image_id = c.image_id)
WHERE c.comment_id = $id";
if (!($row = $site_db->query_firstrow($sql)))
return 1;
}
if (!$row['image_allow_comments'] || !check_permission("auth_readcomment", $row['cat_id']) || !check_permission("auth_viewimage", $row['cat_id']) || !check_permission("auth_viewcat", $row['cat_id']))
return 3;
if (!COMMENT_RATING_OWN
&& (($user_info['user_level'] == GUEST && $row['user_id'] == GUEST && @$row['comment_ip'] == $site_sess->session_info['session_ip'])
|| ($user_info['user_level'] != GUEST && $row['user_id'] == $user_info['user_id'])))
{
return 4;
}
if ($user_info['user_level'] == GUEST)
{
return (comment_rating_search($id, $user_info['comments_rated']) === false) ? 0 : 5;
}
return (comment_rating_search($user_info['user_id'], explode(",", $row['comment_rating_users'])) === false) ? 0 : 5;
}
function comment_rating_search($id, $array)
{
$id = (int)$id;
foreach ($array as $key)
{
$key = explode(" ", $key);
if ((int)$key[0] == $id)
return (isset($key[1])) ? (int)$key[1] : true;
}
return false;
}
function comment_rating_update($id, $rating, $row = false)
{
global $user_info;
if (!$id)
return false;
global $user_info, $site_sess, $site_db;
if ($row === false)
{
$sql = "SELECT comment_id, comment_ip, user_id, comment_rating, comment_votes, comment_rating_users
FROM ".COMMENTS_TABLE."
WHERE comment_id = $id
LIMIT 1";
if (!($row = $site_db->query_firstrow($sql)))
return false;
}
$row['comment_rating'] = (int)$row['comment_rating'] + ((int)$rating > 0 ? 1 : -1);
$rated = explode(",", $row['comment_rating_users']);
if ($user_info['user_level'] != GUEST && comment_rating_search($user_info['user_id'], $rated) === false)
{
$rated[] = $user_info['user_id']." ".$rating;
}
$rated = trim(implode(",", $rated), ",");
$sql = "UPDATE ".COMMENTS_TABLE."
SET comment_rating = ".$row['comment_rating'].", comment_votes = comment_votes + 1, comment_rating_users = '$rated'
WHERE comment_id = $id";
if (!($result = $site_db->query($sql)))
return false;
if (!isset($user_info['comments_rated']))
{
$comment_rated = $site_sess->get_session_var("comments_rated");
if (!$comment_rated)
$comment_rated = $site_sess->read_cookie_data("comments_rated");
$user_info['comments_rated'] = explode(",", $comment_rated);
}
if (comment_rating_search($id, $user_info['comments_rated']) === false)
{
$user_info['comments_rated'][] = $id." ".$rating;
$comment_rated = trim(implode(",", $user_info['comments_rated']), ",");
$site_sess->set_session_var("comments_rated", $comment_rated);
$site_sess->set_cookie_data("comments_rated", $comment_rated);
}
return array($row['comment_rating'], $row['comment_votes'] + 1);
}
function comment_rating_links($id, $row = false)
{
global $user_info, $site_sess, $site_db;
$type = "_off";
$link = false;
if (!($rating_check = comment_rating_check($id, $row)))
{
$link = true;
$type = "";
}
$img_good = '<img src="'.TEMPLATE_PATH.'/images/good'.$type.'.png" border="0" id="cimgg'.$id.'" align="top" />'; //thumb up
$img_bad = '<img src="'.TEMPLATE_PATH.'/images/bad'.$type.'.png" border="0" id="cimgb'.$id.'" align="top" />'; //thumb down
if ($link)
{
$c_url = ROOT_PATH."ajaxcomments.php?action=ratingset&".URL_ID."=".$id."&mode=";
$img_good = '<a id="cimglg'.$id.'" href="'.$site_sess->url($c_url."1", "&").'" onClick="return aCVote(this,'.$id.',1);">'.$img_good."</a>";
$img_bad = '<a id="cimglb'.$id.'" href="'.$site_sess->url($c_url."0", "&").'" onClick="return aCVote(this,'.$id.',0);">'.$img_bad."</a>";
}
return array($img_good, $img_bad, $rating_check);
}
function comment_rating_template($row)
{
global $site_sess, $site_template, $lang, $row_bg_number;
$row['comment_rating'] = (int)$row['comment_rating'];
$links = comment_rating_links($row['comment_id'], $row);
$site_template->register_vars(array(
"comment_rating" => $row['comment_rating'],
"comment_rating_str" => (($row['comment_rating'] > 0) ? "+" : "").$row['comment_rating'],
"comment_votes" => $row['comment_votes'],
"comment_rating_link_good" => $links[0],
"comment_rating_link_bad" => $links[1],
"comment_class" => ($row['comment_rating'] > 0 ? "1" : ($row['comment_rating'] < 0 ? "2" : "0")),
"comment_hide" => ($row['comment_rating'] <= COMMENT_RATING_HIDE) ? 1 : 0,
"comment_vote_tooltip" => $lang['comment_rating_check'][$links[2]],
));
}
function JSUnicodeUnEscape($str)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = JSUnicodeUnEscape($val);
}
}
return preg_replace("/%u([0-9a-fA-F]{4,4})/ei", "'&#'.hexdec('\\1').';'", $str);
}
if (!function_exists("get_self"))
{
function get_self()
{
$list = get_included_files();
return $list[0];
}
}
if (!function_exists("get_self_full"))
{
function get_self_full($remove = array())
{
global $HTTP_GET_VARS;
$q = $HTTP_GET_VARS;
$query = array();
foreach($q as $key => $val)
{
if (in_array($key, $remove))
continue;
$query[] = $key . "=" . $val;
}
return ROOT_PATH.basename(get_self()).(!empty($query) ? "?".trim(implode("&", $query), "&") : "");
}
}
$site_template->register_vars(array(
"lang_author" => $lang['author'],
"lang_comment" => $lang['comment'],
"commentratinghide" => COMMENT_RATING_HIDE,
"comment_rating_enable" => COMMENT_RATING_ENABLE,
"ajaxcommentsurl" => $site_sess->url(ROOT_PATH."ajaxcomments.php", "&"),
"lang_comment_rating" => $lang['comment_rating'],
"lang_votes" => $lang['votes'],
"url_id" => URL_ID,
));
if ($included)
{
$site_sess->set_session_var("back_url", get_self_full());
if ($text = $site_sess->get_session_var("comment_msg"))
{
$site_sess->drop_session_var("comment_msg");
$msg .= (($msg) ? "<br />" : "").$text;
}
return;
}
//execute the rest of the code only if started directly
$return = array();
//-----------------------------------------------------
//--- Get Comment Rating ------------------------------
//-----------------------------------------------------
if ($action == "ratingget" && $id)
{
$return += array(
"error" => 1,
"rating" => "",
"votes" => "",
"msg" => "",
);
$sql = "SELECT c.image_id, c.comment_rating, c.comment_votes, c.comment_rating_users, c.comment_ip, c.user_id, i.cat_id, i.image_allow_comments
FROM ".COMMENTS_TABLE." c
LEFT JOIN ".IMAGES_TABLE." i ON (i.image_id = c.image_id)
WHERE c.comment_id = $id";
if ($row = $site_db->query_firstrow($sql))
{
if ($row['image_allow_comments'] && check_permission("auth_readcomment", $row['cat_id']) && check_permission("auth_viewimage", $row['cat_id']) && check_permission("auth_viewcat", $row['cat_id']))
{
$return['error'] = 0;
$return['rating'] = $row['comment_rating'];
$return['votes'] = $row['comment_votes'];
}
}
}
//-----------------------------------------------------
//--- Save Vote for Comment ---------------------------
//-----------------------------------------------------
if ($action == "ratingset")
{
$return += array(
"error" => 1,
"rating" => "",
"votes" => "",
"status" => 0,
"msg" => "",
);
if ($id)
{
$sql = "SELECT c.comment_id, c.image_id, c.comment_rating, c.comment_votes, c.comment_rating_users, c.comment_ip, c.user_id, i.cat_id, i.image_allow_comments
FROM ".COMMENTS_TABLE." c
LEFT JOIN ".IMAGES_TABLE." i ON (i.image_id = c.image_id)
WHERE c.comment_id = $id";
if ($row = $site_db->query_firstrow($sql))
{
if (!($is_rated = comment_rating_check($id, $row)) && (($rating = comment_rating_update($id, $mode, $row)) !== false))
{
$return['error'] = 0;
$return['rating'] = $rating[0];
$return['votes'] = $rating[1];
$return['status'] = 1;
$return['msg'] = $lang['comment_rating_success'];
}
else
{
$return['status'] = (in_array($is_rated, array(1, 2, 3, 4, 5))) ? 1 : 0;
$return['msg'] = $lang['comment_rating_check'][$is_rated];
}
}
else
{
$return['status'] = 1;
$return['msg'] = $lang['voting_com_error'];
}
}
}
$result = $site_db->query($sql);
while($row = $site_db->fetch_array($result)){
$image_preview[] = $row['image_id'];
$preview_row[$row['image_id']] = $row;
}
$lastPage = count($image_preview);
$t_template = "<table height=\"0\"width=\"600\" border=\"0\" cellspacing=\"5\" cellpadding=\"3\" align=\"center\"><tr>\n";
if($lastPage < 6){
$start = 0;
$end = $lastPage -1;
} elseif ($act_key == 0 || $act_key == 1){
$start = 0;
$end = 4;
} elseif ($act_key == $lastPage-1 || $act_key == $lastPage -2){
$start = $lastPage - 5;
$end = $lastPage - 1;
} else {
$start = $act_key -2;
$end = $act_key +2;
}
$sizeTimes = 0.5;
for($i=$start; $i<=$end; $i++){
if ($preview_row[$image_preview[$i]]['image_id'] == $image_row['image_id']) {
$t_template .= "<td style=\"border: 1px dashed #004C75; text-align:center; padding: .1cm \">\n";
} else {
$t_template .= "<td style=text-align:center; padding: .1cm\">\n";
}
$tag = get_thumbnail_code($preview_row[$image_preview[$i]]['image_media_file'], $preview_row[$image_preview[$i]]['image_thumb_file'], $preview_row[$image_preview[$i]]['image_id'], $preview_row[$image_preview[$i]]['cat_id'], format_text(trim($preview_row[$image_preview[$i]]['image_name']), 2), $mode, 1);
$oriWidth = substr($tag, strpos($tag, "width")+7, strpos($tag, "\" height")-strlen($tag));
$oriHeight = substr($tag, strpos($tag, "height")+8, strpos($tag, " alt")-strlen($tag)-1);
$tag = str_replace('width="'.$oriWidth.'"', 'width="'.$oriWidth*$sizeTimes.'"', $tag);
$tag = str_replace('height="'.$oriHeight.'"', 'height="'.$oriHeight*$sizeTimes.'"', $tag);
$t_template .= $tag."<br>\n";
$t_template .= "<font class=\"smalltext\">".$preview_row[$image_preview[$i]]['image_name']."</font>\n";
}
$t_template .= "</td></table>\n";
$site_template->register_vars("preview_box", $t_template);
unset($image_preview);
/*--- End MOD: Photo Preview Hack ------------------------------------------ */
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$newcomment = 0;
if ($action == "postcomment" && $id)
{
$return += array(
"error" => 1,
"msg" => "",
"clear" => 0,
"paging" => "null",
);
$commentid = 0;
$error = 0;
if (isset($HTTP_POST_VARS[URL_ID])) {
//begin almost original code from details.php
$id = intval($HTTP_POST_VARS[URL_ID]);
$sql = "SELECT cat_id, image_allow_comments
FROM ".IMAGES_TABLE."
WHERE image_id = $id";
$row = $site_db->query_firstrow($sql);
if ($row['image_allow_comments'] == 0 || !check_permission("auth_postcomment", $row['cat_id']) || !$row) {
$msg = $lang['comments_deactivated'];
}
else {
$user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['user_name']));
$comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
// Flood Check
$sql = "SELECT comment_ip, comment_date
FROM ".COMMENTS_TABLE."
WHERE image_id = $id
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 180;
if ($session_info['session_ip'] == $spam_row['comment_ip'] && time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
$error = 1;
}
$user_name_field = get_user_table_field("", "user_name");
if (!empty($user_name_field)) {
if ($site_db->not_empty("SELECT $user_name_field FROM ".USERS_TABLE." WHERE $user_name_field = '".strtolower($user_name)."' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
}
if ($user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
if ($comment_headline == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['headline_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if ($captcha_enable_comments && !captcha_validate($captcha)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['captcha_required'];
$error = 1;
}
if (!$error) {
$sql = "INSERT INTO ".COMMENTS_TABLE."
(image_id, user_id, user_name, comment_headline, comment_text, comment_ip, comment_date)
VALUES
($id, ".$user_info['user_id'].", '$user_name', '$comment_headline', '$comment_text', '".$session_info['session_ip']."', ".time().")";
$site_db->query($sql);
$commentid = $site_db->get_insert_id();
update_comment_count($id, $user_info['user_id']);
$msg = $lang['comment_success'];
}
}
unset($row);
unset($spam_row);
}
//end original code from details.php
else
{
$msg = "error";
}
// if (($image_row['image_comments'] + (isset($commentid) ? 1 : 0)) > 24) $cat_cache[$cat_id]['auth_postcomment'] = AUTH_ADMIN;
if ($commentid)
{
$action = "commentget";
$newcomment = 1;
if (isset($HTTP_POST_VARS['one']) || isset($HTTP_GET_VARS['one']))
{
$image_id = 0;
$id = $commentid;
}
else
{
$image_id = $id;
$id = $commentid;
}
}
$return['error'] = $error;
$return['msg'] = $msg;
$return['clear'] = !$error;
}
//-----------------------------------------------------
//--- Show Comments -----------------------------------
//-----------------------------------------------------
if ($action == "commentget" && ($id || $image_id))
{
$return += array(
"comment" => "",
"paging" => "",
"pagingstats" => "",
"page" => 1,
"perpage" => 5,
"type" => 0,
);
$comments_all = ($image_id); //show all comments
include(ROOT_PATH."includes/page_header.php");
$site_template->register_vars(array(
"lang_comment_rating" => $lang['comment_rating'],
"lang_added_by" => $lang['added_by'],
"lang_date" => $lang['date'],
"lang_rating" => $lang['rating'],
));
$offset = null;
if (COMMENTS_PAGES && file_exists(TEMPLATE_PATH."/commentsperpage_dropdown_form.html"))
{
if (isset($HTTP_POST_VARS['commentsetperpage']) || isset($HTTP_GET_VARS['commentsetperpage']))
{
$commentsetperpage = (intval($HTTP_POST_VARS['commentsetperpage']) ) ? intval($HTTP_POST_VARS['commentsetperpage']) : intval($HTTP_GET_VARS['commentsetperpage']);
if ($commentsetperpage)
{
$site_sess->set_session_var("commentperpage", $commentsetperpage);
$session_info['commentperpage'] = $commentsetperpage;
}
}
if (isset($session_info['commentperpage']))
{
$commentperpage = $session_info['commentperpage'];
}
else
{
$commentperpage = 5;
}
$sql = "SELECT COUNT(image_id) AS comments
FROM ".COMMENTS_TABLE."
WHERE image_id = $image_id";
$result = $site_db->query_firstrow($sql);
$site_db->free_result();
$num_comments = $result['comments'];
if ($newcomment && !COMMENTS_ORDER)
{
$page = ceil($num_comments / $commentperpage);
}
$num_rows_all = (isset($num_comments)) ? $num_comments : 0;
$link_arg = $site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=$image_id");
include(ROOT_PATH.'includes/paging.php');
$getpaging = new Paging($page, $commentperpage, $num_rows_all, $link_arg, $lang['comment_stats'], "comments");
$offset = $getpaging->get_offset();
$site_template->register_vars(array(
"paging" => $return['paging'] = str_replace(array("<a ", 'onSubmit="'), array('<a onclick="return CommentsPage(this);" ', 'onSubmit="return CommentsPerPage(this);'), $getpaging->get_paging()),
"paging_stats" => $return['pagingstats'] = ($num_comments) ? $getpaging->get_paging_stats() : "",
));
$additional_sql = "";
if (!empty($additional_user_fields))
{
$table_fields = $site_db->get_table_fields(USERS_TABLE);
foreach ($additional_user_fields as $key => $val)
{
if (isset($table_fields[$key]))
{
$additional_sql .= ", u.$key";
}
}
}
}
else
{
$site_template->register_vars(array(
"paging" => "",
"paging_stats" => "",
));
}
if ($comments_all)
{
$where = "WHERE c.image_id = $image_id
ORDER BY c.comment_date ".(COMMENTS_ORDER ? "DESC" : "ASC");
if ($offset !== null)
{
$where .= " LIMIT $offset, $commentperpage";
}
}
else
{
$where = "WHERE c.comment_id = $id";
}
//the code in this section is almost identical to the code in details.php
$sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date".get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email").get_user_table_field(", u.", "user_showemail").get_user_table_field(", u.", "user_invisible").get_user_table_field(", u.", "user_joindate").get_user_table_field(", u.", "user_lastaction").get_user_table_field(", u.", "user_comments").get_user_table_field(", u.", "user_homepage").get_user_table_field(", u.", "user_icq").", u.userpic, i.image_allow_comments, i.cat_id, i.user_id AS image_user_id".(COMMENT_RATING_ENABLE ? ",c.comment_rating,c.comment_votes,c.comment_rating_users" : "").$additional_sql."
FROM ".COMMENTS_TABLE." c
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
LEFT JOIN ".IMAGES_TABLE." i ON (i.image_id = c.image_id)
".$where;
$result = $site_db->query($sql);
$comment_row = array();
while ($row = $site_db->fetch_array($result)) {
$comment_row[] = $row;
}
$site_db->free_result($result);
$num_comments = count($comment_row);
$cat_id = (isset($comment_row[0]['cat_id'])) ? $comment_row[0]['cat_id'] : 0;
$is_image_owner = ($comment_row[0]['image_user_id'] > USER_AWAITING && $user_info['user_id'] == $comment_row[0]['image_user_id']) ? 1 : 0;
$image_allow_comments = (check_permission("auth_readcomment", $cat_id) && check_permission("auth_viewimage", $cat_id) && check_permission("auth_viewcat", $cat_id)) ? $comment_row[0]['image_allow_comments'] : 0;
if ($image_allow_comments)
{
$comments = "";
$bgcounter = ($comments_all) ? 0 : ((isset($HTTP_POST_VARS['commentbg'])) ? intval($HTTP_POST_VARS['commentbg']) : ((isset($HTTP_GET_VARS['commentbg'])) ? $HTTP_GET_VARS['commentbg'] : 0));
for ($i = 0; $i < $num_comments; $i++) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$comment_user_email = "";
$comment_user_email_save = "";
$comment_user_mailform_link = "";
$comment_user_email_button = "";
$comment_user_homepage_button = "";
$comment_user_icq_button = "";
$comment_user_profile_button = "";
$comment_user_status_img = REPLACE_EMPTY;
$comment_user_name = format_text($comment_row[$i]['comment_user_name'], 2);
$comment_user_info = $lang['userlevel_guest'];
$comment_user_id = $comment_row[$i]['user_id'];
if (isset($comment_row[$i][$user_table_fields['user_name']]) && $comment_user_id != GUEST) {
$comment_user_name = format_text($comment_row[$i][$user_table_fields['user_name']], 2);
$comment_user_profile_link = !empty($url_show_profile) ? $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_show_profile)) : $site_sess->url(ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$comment_user_id);
$comment_user_profile_button = "<a href=\"".$comment_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$comment_user_name."\" /></a>";
$comment_user_status_img = ($comment_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($comment_row[$i][$user_table_fields['user_invisible']]) && $comment_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";
$comment_user_homepage = (isset($comment_row[$i][$user_table_fields['user_homepage']])) ? format_url($comment_row[$i][$user_table_fields['user_homepage']]) : "";
if (!empty($comment_user_homepage)) {
$comment_user_homepage_button = "<a href=\"".$comment_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$comment_user_homepage."\" /></a>";
}
$comment_user_icq = (isset($comment_row[$i][$user_table_fields['user_icq']])) ? format_text($comment_row[$i][$user_table_fields['user_icq']]) : "";
if (!empty($comment_user_icq)) {
$comment_user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$comment_user_icq."\" target=\"_blank\"><img src=\"http://status.icq.com/online.gif?icq=".$comment_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$comment_user_icq."\" /></a>";
}
if (!empty($comment_row[$i][$user_table_fields['user_email']]) && (!isset($comment_row[$i][$user_table_fields['user_showemail']]) || (isset($comment_row[$i][$user_table_fields['user_showemail']]) && $comment_row[$i][$user_table_fields['user_showemail']] == 1))) {
$comment_user_email = format_text($comment_row[$i][$user_table_fields['user_email']]);
$comment_user_email_save = format_text(str_replace("@", " at ", $comment_row[$i][$user_table_fields['user_email']]));
if (!empty($url_mailform)) {
$comment_user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_mailform));
}
else {
$comment_user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$comment_user_id);
}
$comment_user_email_button = "<a href=\"".$comment_user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$comment_user_email_save."\" /></a>";
}
if (!isset($comment_row[$i][$user_table_fields['user_level']]) || (isset($comment_row[$i][$user_table_fields['user_level']]) && $comment_row[$i][$user_table_fields['user_level']] == USER)) {
$comment_user_info = $lang['userlevel_user'];
}
elseif ($comment_row[$i][$user_table_fields['user_level']] == ADMIN) {
$comment_user_info = $lang['userlevel_admin'];
}
$comment_user_info .= "<br />";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_joindate']])) ? "<br />".$lang['join_date']." ".format_date($config['date_format'], $comment_row[$i][$user_table_fields['user_joindate']]) : "";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_comments']])) ? "<br />".$lang['comments']." ".$comment_row[$i][$user_table_fields['user_comments']] : "";
}
$comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
}
elseif ($is_image_owner) {
$admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
}
$site_template->register_vars(array(
"comment_id" => $comment_row[$i]['comment_id'],
"comment_user_id" => $comment_user_id,
"comment_user_status_img" => $comment_user_status_img,
"comment_user_name" => $comment_user_name,
"comment_user_info" => $comment_user_info,
"comment_user_profile_button" => $comment_user_profile_button,
"comment_user_email" => $comment_user_email,
"comment_user_email_save" => $comment_user_email_save,
"comment_user_mailform_link" => $comment_user_mailform_link,
"comment_user_email_button" => $comment_user_email_button,
"comment_user_homepage_button" => $comment_user_homepage_button,
"comment_user_icq_button" => $comment_user_icq_button,
"comment_user_ip" => $comment_user_ip,
"comment_userpic" => ($config['userpic'] && $comment_row[$i]['userpic']) ? ROOT_PATH."data/userpic/".$comment_row[$i]['userpic'] : "",
"comment_headline" => format_text($comment_row[$i]['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
"row_bg_number" => $row_bg_number,
"admin_links" => $admin_links
));
if (COMMENT_RATING_ANABLE)
{
$comment_row[$i]['cat_id'] = $cat_id;
$comment_row[$i]['image_allow_comments'] = $image_allow_comments;
comment_rating_template($comment_row[$i]);
}
$comments .= $site_template->parse_template("comment_bit");
}
$return['comment'] = $comments;
$return['page'] = $page;
$return['perpage'] = $commentperpage;
$return['type'] = ($comments_all) ? 1 : 0;
}
}
//-----------------------------------------------------
//--- Display results ---------------------------------
//-----------------------------------------------------
if (isset($HTTP_GET_VARS['js']) || isset($HTTP_POST_VARS['js'])) //do we need format return data for JavaScript?
{
$text = "";
if (is_array($return))
{
foreach($return as $key => $val)
{
$text .= ($text ? "|" : "").$key."|".str_replace("|", "&#124;", $val);
}
echo "||".$text; //add two "|" so if something was already printed, the javascript would not through out an error and ignore it.
}
else
{
echo $return;
}
exit;
}
else
{
if (!empty($return))
{
$text = "";
if (is_array($return))
{
$text = $return['msg'];
}
else
{
$text = $return;
}
$site_sess->set_session_var("comment_msg", $text);
}
if ($back_url = $site_sess->get_session_var("back_url"))
{
redirect($back_url);
}
redirect(ROOT_PATH."index.php");
}
?>
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: details.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.6 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
$main_template = 'details';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
/*
MOD AJAX COMMENTS
BEGIN INSERT
*/
include(ROOT_PATH."ajaxcomments.php");
/*
MOD AJAX COMMENTS
END INSERT
*/
if (!$image_id) {
redirect($url);
}
$additional_sql = "";
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
$additional_sql .= ", i.".$key;
}
}
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email")."
FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c)
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
WHERE i.image_id = $image_id AND i.image_active = 1 AND c.cat_id = i.cat_id";
$image_row = $site_db->query_firstrow($sql);
$cat_id = (isset($image_row['cat_id'])) ? $image_row['cat_id'] : 0;
$is_image_owner = ($image_row['user_id'] > USER_AWAITING && $user_info['user_id'] == $image_row['user_id']) ? 1 : 0;
if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !$image_row) {
redirect($url);
}
$random_cat_image = (defined("SHOW_RANDOM_IMAGE") && SHOW_RANDOM_IMAGE == 0) ? "" : get_random_image($cat_id);
$site_template->register_vars("random_cat_image", $random_cat_image);
unset($random_cat_image);
//-----------------------------------------------------
//--- Show Image --------------------------------------
//-----------------------------------------------------
$image_allow_comments = (check_permission("auth_readcomment", $cat_id)) ? $image_row['image_allow_comments'] : 0;
$image_name = format_text($image_row['image_name'], 2);
show_image($image_row, $mode, 0, 1);
$in_mode = 0;
$sql = "";
if ($mode == "lightbox") {
if (!empty($user_info['lightbox_image_ids'])) {
$image_id_sql = str_replace(" ", ", ", trim($user_info['lightbox_image_ids']));
$sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_active = 1 AND image_id IN ($image_id_sql) AND (cat_id NOT IN (".get_auth_cat_sql("auth_viewimage", "NOTIN").", ".get_auth_cat_sql("auth_viewcat", "NOTIN")."))
ORDER BY ".$config['image_order']." ".$config['image_sort'].", image_id ".$config['image_sort'];
$in_mode = 1;
}
}
elseif ($mode == "search") {
if (!isset($session_info['searchid']) || empty($session_info['searchid'])) {
$session_info['search_id'] = $site_sess->get_session_var("search_id");
}
if (!empty($session_info['search_id'])) {
$search_id = unserialize($session_info['search_id']);
}
$sql_where_query = "";
if (!empty($search_id['image_ids'])) {
$sql_where_query .= "AND image_id IN (".$search_id['image_ids'].") ";
}
if (!empty($search_id['user_ids'])) {
$sql_where_query .= "AND user_id IN (".$search_id['user_ids'].") ";
}
if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
$new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff'];
$sql_where_query .= "AND image_date >= $new_cutoff ";
}
if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) {
$cat_id_sql = 0;
if (check_permission("auth_viewcat", $search_id['search_cat'])) {
$sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
$cat_id_sql .= ", ".$search_id['search_cat'];
if (!empty($sub_cat_ids[$search_id['search_cat']])) {
foreach ($sub_cat_ids[$search_id['search_cat']] as $val) {
if (check_permission("auth_viewcat", $val)) {
$cat_id_sql .= ", ".$val;
}
}
}
}
$cat_id_sql = $cat_id_sql !== 0 ? "AND cat_id IN ($cat_id_sql)" : "";
}
else {
$cat_id_sql = get_auth_cat_sql("auth_viewcat", "NOTIN");
$cat_id_sql = $cat_id_sql !== 0 ? "AND cat_id NOT IN (".$cat_id_sql.")" : "";
}
if (!empty($sql_where_query)) {
$sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_active = 1
$sql_where_query
$cat_id_sql
ORDER BY ".$config['image_order']." ".$config['image_sort'].", image_id ".$config['image_sort'];
$in_mode = 1;
}
}
if (!$in_mode || empty($sql)) {
$sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_active = 1 AND cat_id = $cat_id
ORDER BY ".$config['image_order']." ".$config['image_sort'].", image_id ".$config['image_sort'];
}
$result = $site_db->query($sql);
$image_id_cache = array();
$next_prev_cache = array();
$break = 0;
$prev_id = 0;
while($row = $site_db->fetch_array($result)) {
$image_id_cache[] = $row['image_id'];
$next_prev_cache[$row['image_id']] = $row;
if ($break) {
break;
}
if ($prev_id == $image_id) {
$break = 1;
}
$prev_id = $row['image_id'];
}
$site_db->free_result();
if (!function_exists("array_search")) {
function array_search($needle, $haystack) {
$match = false;
foreach ($haystack as $key => $value) {
if ($value == $needle) {
$match = $key;
}
}
return $match;
}
}
$act_key = array_search($image_id, $image_id_cache);
$next_image_id = (isset($image_id_cache[$act_key + 1])) ? $image_id_cache[$act_key + 1] : 0;
$prev_image_id = (isset($image_id_cache[$act_key - 1])) ? $image_id_cache[$act_key - 1] : 0;
unset($image_id_cache);
// Get next and previous image
if (!empty($next_prev_cache[$next_image_id])) {
$next_image_name = format_text($next_prev_cache[$next_image_id]['image_name'], 2);
$next_image_url = $site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$next_image_id.((!empty($mode)) ? "&mode=".$mode : ""));
if (!get_file_path($next_prev_cache[$next_image_id]['image_media_file'], "media", $next_prev_cache[$next_image_id]['cat_id'], 0, 0)) {
$next_image_file = ICON_PATH."/404.gif";
}
else {
$next_image_file = get_file_path($next_prev_cache[$next_image_id]['image_media_file'], "media", $next_prev_cache[$next_image_id]['cat_id'], 0, 1);
}
if (!get_file_path($next_prev_cache[$next_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$next_image_id]['cat_id'], 0, 0)) {
$next_thumb_file = ICON_PATH."/".get_file_extension($next_prev_cache[$next_image_id]['image_media_file']).".gif";
}
else {
$next_thumb_file = get_file_path($next_prev_cache[$next_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$next_image_id]['cat_id'], 0, 1);
}
}
else {
$next_image_name = REPLACE_EMPTY;
$next_image_url = REPLACE_EMPTY;
$next_image_file = REPLACE_EMPTY;
$next_thumb_file = REPLACE_EMPTY;
}
if (!empty($next_prev_cache[$prev_image_id])) {
$prev_image_name = format_text($next_prev_cache[$prev_image_id]['image_name'], 2);
$prev_image_url = $site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$prev_image_id.((!empty($mode)) ? "&mode=".$mode : ""));
if (!get_file_path($next_prev_cache[$prev_image_id]['image_media_file'], "media", $next_prev_cache[$prev_image_id]['cat_id'], 0, 0)) {
$prev_image_file = ICON_PATH."/404.gif";
}
else {
$prev_image_file = get_file_path($next_prev_cache[$prev_image_id]['image_media_file'], "media", $next_prev_cache[$prev_image_id]['cat_id'], 0, 1);
}
if (!get_file_path($next_prev_cache[$prev_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$prev_image_id]['cat_id'], 0, 0)) {
$prev_thumb_file = ICON_PATH."/".get_file_extension($next_prev_cache[$prev_image_id]['image_media_file']).".gif";
}
else {
$prev_thumb_file = get_file_path($next_prev_cache[$prev_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$prev_image_id]['cat_id'], 0, 1);
}
}
else {
$prev_image_name = REPLACE_EMPTY;
$prev_image_url = REPLACE_EMPTY;
$prev_image_file = REPLACE_EMPTY;
$prev_thumb_file = REPLACE_EMPTY;
}
$site_template->register_vars(array(
"next_image_id" => $next_image_id,
"next_image_name" => $next_image_name,
"next_image_url" => $next_image_url,
"next_image_file" => $next_image_file,
"next_thumb_file" => $next_thumb_file,
"prev_image_id" => $prev_image_id,
"prev_image_name" => $prev_image_name,
"prev_image_url" => $prev_image_url,
"prev_image_file" => $prev_image_file,
"prev_thumb_file" => $prev_thumb_file
));
unset($next_prev_cache);
//-----------------------------------------------------
//--- Show Count Lightbox -----------------------------
//-----------------------------------------------------
$sql = "SELECT COUNT(*) AS counter
FROM ".LIGHTBOXES_TABLE."
WHERE lightbox_image_ids REGEXP '([^0-9]|^)".$image_row['image_id']."([^0-9]|$)'";
$lightbox_count = $site_db->query_firstrow($sql);
$site_template->register_vars(array(
"lang_image_lightbox_count" => $lang['image_lightbox_count'],
"lightbox_count" => (isset($lightbox_count['counter']) && $lightbox_count['counter']) ? $lightbox_count['counter'] : 0
));
unset($lightbox_count);
/*--------------------------------------------- Start MOD: Photo Preview Hack ----------------------------------------- */
$result = $site_db->query($sql);
while($row = $site_db->fetch_array($result)){
$image_preview[] = $row['image_id'];
$preview_row[$row['image_id']] = $row;
}
$lastPage = count($image_preview);
$t_template = "<table height=\"0\"width=\"600\" border=\"0\" cellspacing=\"5\" cellpadding=\"3\" align=\"center\"><tr>\n";
if($lastPage < 6){
$start = 0;
$end = $lastPage -1;
} elseif ($act_key == 0 || $act_key == 1){
$start = 0;
$end = 4;
} elseif ($act_key == $lastPage-1 || $act_key == $lastPage -2){
$start = $lastPage - 5;
$end = $lastPage - 1;
} else {
$start = $act_key -2;
$end = $act_key +2;
}
$sizeTimes = 0.5;
for($i=$start; $i<=$end; $i++){
if ($preview_row[$image_preview[$i]]['image_id'] == $image_row['image_id']) {
$t_template .= "<td style=\"border: 1px dashed #004C75; text-align:center; padding: .1cm \">\n";
} else {
$t_template .= "<td style=text-align:center; padding: .1cm\">\n";
}
$tag = get_thumbnail_code($preview_row[$image_preview[$i]]['image_media_file'], $preview_row[$image_preview[$i]]['image_thumb_file'], $preview_row[$image_preview[$i]]['image_id'], $preview_row[$image_preview[$i]]['cat_id'], format_text(trim($preview_row[$image_preview[$i]]['image_name']), 2), $mode, 1);
$oriWidth = substr($tag, strpos($tag, "width")+7, strpos($tag, "\" height")-strlen($tag));
$oriHeight = substr($tag, strpos($tag, "height")+8, strpos($tag, " alt")-strlen($tag)-1);
$tag = str_replace('width="'.$oriWidth.'"', 'width="'.$oriWidth*$sizeTimes.'"', $tag);
$tag = str_replace('height="'.$oriHeight.'"', 'height="'.$oriHeight*$sizeTimes.'"', $tag);
$t_template .= $tag."<br>\n";
$t_template .= "<font class=\"smalltext\">".$preview_row[$image_preview[$i]]['image_name']."</font>\n";
}
$t_template .= "</td></table>\n";
$site_template->register_vars("preview_box", $t_template);
unset($image_preview);
/*--- End MOD: Photo Preview Hack ------------------------------------------ */
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$error = 0;
if ($action == "postcomment" && isset($HTTP_POST_VARS[URL_ID])) {
$id = intval($HTTP_POST_VARS[URL_ID]);
$sql = "SELECT cat_id, image_allow_comments
FROM ".IMAGES_TABLE."
WHERE image_id = $id";
$row = $site_db->query_firstrow($sql);
if ($row['image_allow_comments'] == 0 || !check_permission("auth_postcomment", $row['cat_id']) || !$row) {
$msg = $lang['comments_deactivated'];
}
else {
$user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['user_name']));
$comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
// Flood Check
$sql = "SELECT comment_ip, comment_date
FROM ".COMMENTS_TABLE."
WHERE image_id = $id
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 180;
if ($session_info['session_ip'] == $spam_row['comment_ip'] && time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
$error = 1;
}
$user_name_field = get_user_table_field("", "user_name");
if (!empty($user_name_field)) {
if ($site_db->not_empty("SELECT $user_name_field FROM ".USERS_TABLE." WHERE $user_name_field = '".strtolower($user_name)."' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
}
if ($user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
if ($comment_headline == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['headline_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if ($captcha_enable_comments && !captcha_validate($captcha)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['captcha_required'];
$error = 1;
}
if (!$error) {
$sql = "INSERT INTO ".COMMENTS_TABLE."
(image_id, user_id, user_name, comment_headline, comment_text, comment_ip, comment_date)
VALUES
($id, ".$user_info['user_id'].", '$user_name', '$comment_headline', '$comment_text', '".$session_info['session_ip']."', ".time().")";
$site_db->query($sql);
$commentid = $site_db->get_insert_id();
update_comment_count($id, $user_info['user_id']);
$msg = $lang['comment_success'];
}
}
unset($row);
unset($spam_row);
}
//-----------------------------------------------------
//--- Show Comments -----------------------------------
//-----------------------------------------------------
if ($image_allow_comments == 1) {
$site_template->register_vars(array(
"has_rss" => true,
"rss_title" => "RSS Feed: ".$image_name." (".str_replace(':', '', $lang['comments']).")",
"rss_url" => $script_url."/rss.php?action=comments&".URL_IMAGE_ID."=".$image_id
));
$sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date".get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email").get_user_table_field(", u.", "user_showemail").get_user_table_field(", u.", "user_invisible").get_user_table_field(", u.", "user_joindate").get_user_table_field(", u.", "user_lastaction").get_user_table_field(", u.", "user_comments").get_user_table_field(", u.", "user_homepage").get_user_table_field(", u.", "user_icq").", u.userpic
,c.comment_rating,c.comment_votes,c.comment_rating_users
FROM ".COMMENTS_TABLE." c
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.image_id = $image_id
ORDER BY c.comment_date ".(COMMENTS_ORDER ? "DESC" : "ASC")."";
$result = $site_db->query($sql);
$comment_row = array();
while ($row = $site_db->fetch_array($result)) {
$comment_row[] = $row;
}
$site_db->free_result($result);
$num_comments = sizeof($comment_row);
if (!$num_comments) {
$comments = "<tr><td class=\"commentrow1\" colspan=\"2\">".$lang['no_comments']."</td></tr>";
}
else {
$comments = "";
$bgcounter = 0;
for ($i = 0; $i < $num_comments; $i++) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$comment_user_email = "";
$comment_user_email_save = "";
$comment_user_mailform_link = "";
$comment_user_email_button = "";
$comment_user_homepage_button = "";
$comment_user_icq_button = "";
$comment_user_profile_button = "";
$comment_user_status_img = REPLACE_EMPTY;
$comment_user_name = format_text($comment_row[$i]['comment_user_name'], 2);
$comment_user_info = $lang['userlevel_guest'];
$comment_user_id = $comment_row[$i]['user_id'];
if (isset($comment_row[$i][$user_table_fields['user_name']]) && $comment_user_id != GUEST) {
$comment_user_name = format_text($comment_row[$i][$user_table_fields['user_name']], 2);
$comment_user_profile_link = !empty($url_show_profile) ? $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_show_profile)) : $site_sess->url(ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$comment_user_id);
$comment_user_profile_button = "<a href=\"".$comment_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$comment_user_name."\" /></a>";
$comment_user_status_img = ($comment_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($comment_row[$i][$user_table_fields['user_invisible']]) && $comment_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";
$comment_user_homepage = (isset($comment_row[$i][$user_table_fields['user_homepage']])) ? format_url($comment_row[$i][$user_table_fields['user_homepage']]) : "";
if (!empty($comment_user_homepage)) {
$comment_user_homepage_button = "<a href=\"".$comment_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$comment_user_homepage."\" /></a>";
}
$comment_user_icq = (isset($comment_row[$i][$user_table_fields['user_icq']])) ? format_text($comment_row[$i][$user_table_fields['user_icq']]) : "";
if (!empty($comment_user_icq)) {
$comment_user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$comment_user_icq."\" target=\"_blank\"><img src=\"http://status.icq.com/online.gif?icq=".$comment_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$comment_user_icq."\" /></a>";
}
if (!empty($comment_row[$i][$user_table_fields['user_email']]) && (!isset($comment_row[$i][$user_table_fields['user_showemail']]) || (isset($comment_row[$i][$user_table_fields['user_showemail']]) && $comment_row[$i][$user_table_fields['user_showemail']] == 1))) {
$comment_user_email = format_text($comment_row[$i][$user_table_fields['user_email']]);
$comment_user_email_save = format_text(str_replace("@", " at ", $comment_row[$i][$user_table_fields['user_email']]));
if (!empty($url_mailform)) {
$comment_user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_mailform));
}
else {
$comment_user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$comment_user_id);
}
$comment_user_email_button = "<a href=\"".$comment_user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$comment_user_email_save."\" /></a>";
}
if (!isset($comment_row[$i][$user_table_fields['user_level']]) || (isset($comment_row[$i][$user_table_fields['user_level']]) && $comment_row[$i][$user_table_fields['user_level']] == USER)) {
$comment_user_info = $lang['userlevel_user'];
}
elseif ($comment_row[$i][$user_table_fields['user_level']] == ADMIN) {
$comment_user_info = $lang['userlevel_admin'];
}
$comment_user_info .= "<br />";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_joindate']])) ? "<br />".$lang['join_date']." ".format_date($config['date_format'], $comment_row[$i][$user_table_fields['user_joindate']]) : "";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_comments']])) ? "<br />".$lang['comments']." ".$comment_row[$i][$user_table_fields['user_comments']] : "";
}
$comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
}
elseif ($is_image_owner) {
$admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
}
//--- Kommentar-Autor COUNTRY FLAGS ---
if (!class_exists("GeoIP"))
{
include(ROOT_PATH."includes/geoip.inc");
}
$gi = geoip_open(ROOT_PATH."includes/GeoIP.dat",GEOIP_STANDARD);
$countries = array();
$cid = geoip_country_code_by_addr($gi, $comment_row[$i]['comment_ip']);
if (empty($cid)) $cid = "lan";
$countries[$cid] = isset($countries[$cid]) ? $countries[$cid]+1 : 1;
$comment_user_flag = "<img src=\"".ROOT_PATH."flags/".strtolower($cid).".gif"."\" alt=\"".(($cid != "lan") ? $gi->GEOIP_COUNTRY_NAMES[$gi->GEOIP_COUNTRY_CODE_TO_NUMBER[$cid]] : "Unknown or LAN")."\" border=0>";
//--- Kommentar-Autor COUNTRY FLAGS ---
$site_template->register_vars(array(
"comment_id" => $comment_row[$i]['comment_id'],
"comment_user_flag" => $comment_user_flag,
"comment_user_id" => $comment_user_id,
"comment_user_status_img" => $comment_user_status_img,
"comment_user_name" => $comment_user_name,
"comment_user_info" => $comment_user_info,
"comment_user_profile_button" => $comment_user_profile_button,
"comment_user_email" => $comment_user_email,
"comment_user_email_save" => $comment_user_email_save,
"comment_user_mailform_link" => $comment_user_mailform_link,
"comment_user_email_button" => $comment_user_email_button,
"comment_user_homepage_button" => $comment_user_homepage_button,
"comment_user_icq_button" => $comment_user_icq_button,
"comment_user_ip" => $comment_user_ip,
"comment_userpic" => ($config['userpic'] && $comment_row[$i]['userpic']) ? ROOT_PATH."data/userpic/".$comment_row[$i]['userpic'] : "",
"comment_headline" => format_text($comment_row[$i]['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
"row_bg_number" => $row_bg_number,
"admin_links" => $admin_links
));
/*
MOD AJAX COMMENTS
BEGIN INSERT
*/
if (COMMENT_RATING_ANABLE)
{
$comment_row[$i]['cat_id'] = $cat_id;
$comment_row[$i]['image_allow_comments'] = $image_allow_comments;
comment_rating_template($comment_row[$i]);
}
/*
MOD AJAX COMMENTS
END INSERT
*/
$comments .= $site_template->parse_template("comment_bit");
} // end while
} //end else
/*
MOD AJAX COMMENTS
START REPLACE
*/
$site_template->register_vars(array(
"comments" => $comments,
"comments_num" => $num_comments,
"commentbg" => (isset($row_bg_number)) ? $row_bg_number : 0,
"page" => $page,
"perpage" => $commentperpage,
));
/*
MOD AJAX COMMENTS
END REPLACE
*/
unset($comments);
//-----------------------------------------------------
//--- BBCode & Form -----------------------------------
//-----------------------------------------------------
$allow_posting = check_permission("auth_postcomment", $cat_id);
$bbcode = "";
if ($config['bb_comments'] == 1 && $allow_posting) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
if (!$allow_posting) {
$comment_form = "";
}
else {
$user_name = (isset($HTTP_POST_VARS['user_name']) && $error) ? format_text(trim(stripslashes($HTTP_POST_VARS['user_name'])), 2) : (($user_info['user_level'] != GUEST) ? format_text($user_info['user_name'], 2) : "");
$comment_headline = (isset($HTTP_POST_VARS['comment_headline']) && $error) ? format_text(trim(stripslashes($HTTP_POST_VARS['comment_headline'])), 2) : "";
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? format_text(trim(stripslashes($HTTP_POST_VARS['comment_text'])), 2) : "";
$site_template->register_vars(array(
"bbcode" => $bbcode,
"user_name" => $user_name,
"comment_headline" => $comment_headline,
"comment_text" => $comment_text,
"lang_post_comment" => $lang['post_comment'],
"lang_name" => $lang['name'],
"lang_headline" => $lang['headline'],
"lang_comment" => $lang['comment'],
"lang_captcha" => $lang['captcha'],
"lang_captcha_desc" => $lang['captcha_desc'],
"captcha_comments" => (bool)$captcha_enable_comments
));
$comment_form = $site_template->parse_template("comment_form");
}
$site_template->register_vars("comment_form", $comment_form);
unset($comment_form);
} // end if allow_comments
// Admin Links
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=editimage&image_id=".$image_id))."\" target=\"_blank\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=removeimage&image_id=".$image_id))."\" target=\"_blank\">".$lang['delete']."</a>";
}
elseif ($is_image_owner) {
$admin_links .= ($config['user_edit_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editimage&".URL_IMAGE_ID."=".$image_id)."\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removeimage&".URL_IMAGE_ID."=".$image_id)."\">".$lang['delete']."</a>";
}
$site_template->register_vars("admin_links", $admin_links);
// Update Hits
if ($user_info['user_level'] != ADMIN) {
$sql = "UPDATE ".IMAGES_TABLE."
SET image_hits = image_hits + 1
WHERE image_id = $image_id";
$site_db->query($sql);
}
//-----------------------------------------------------
//---Clickstream---------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'];
if ($mode == "lightbox" && $in_mode) {
$page_url = "";
if (preg_match("/".URL_PAGE."=([0-9]+)/", $url, $regs)) {
if (!empty($regs[1]) && $regs[1] != 1) {
$page_url = "?".URL_PAGE."=".$regs[1];
}
}
$clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."lightbox.php".$page_url)."\" class=\"clickstream\">".$lang['lightbox']."</a>".$config['category_separator'];
}
elseif ($mode == "search" && $in_mode) {
$page_url = "";
if (preg_match("/".URL_PAGE."=([0-9]+)/", $url, $regs)) {
if (!empty($regs[1]) && $regs[1] != 1) {
$page_url = "&".URL_PAGE."=".$regs[1];
}
}
$clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."search.php?show_result=1".$page_url)."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'];
}
else {
$clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
}
$clickstream .= $image_name."</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"msg" => $msg,
"clickstream" => $clickstream,
"lang_category" => $lang['category'],
"lang_added_by" => $lang['added_by'],
"lang_description" => $lang['description'],
"lang_keywords" => $lang['keywords'],
"lang_date" => $lang['date'],
"lang_hits" => $lang['hits'],
"lang_downloads" => $lang['downloads'],
"lang_rating" => $lang['rating'],
"lang_votes" => $lang['votes'],
"lang_author" => $lang['author'],
"lang_comment" => $lang['comment'],
"lang_prev_image" => $lang['prev_image'],
"lang_next_image" => $lang['next_image'],
"lang_file_size" => $lang['file_size']
));
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: details.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) f?r weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
$main_template = 'guestbook';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
if ($config['guestbook_view'] != 1) {
header("Location: ".$site_sess->url(ROOT_PATH."index.php"));
exit;
}
if ($action == "") {
$action = "showcomments";
}
if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) {
$comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]);
}
else {
$comment_id = 0;
}
if ($action == "deletecomment") {
if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_delete'];
$sql = "DELETE FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}
if ($action == "removecomment") {
if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = $lang['comment_delete'];
$comment_user_name = $comment_row['comment_user_name'];
$site_template->register_vars(array(
"comment_id" => $comment_id,
"comment_user_name" => htmlspecialchars($comment_user_name),
"comment_site" => format_text($comment_row['comment_site'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"lang_delete_comment" => $lang['comment_delete'],
"lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$contents = $site_template->parse_template("guestbook_deletecomment");
}
if ($action == "updatecomment") {
if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_edit'];
$error = 0;
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
if ($comment_user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
if ($comment_site =="http://") {
$comment_site = "";
}
$sql = "UPDATE ".GUESTBOOK_TABLE."
SET comment_site = '$comment_site', comment_text = '$comment_text', user_name= '$comment_user_name'
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
} else {
$action = "editcomment";
$sendprocess = 1;
}
}
if ($action == "editcomment") {
if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_edit'];
$comment_site = (isset($HTTP_POST_VARS['comment_site'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_site']))) : (empty($comment_row['comment_site']) ? "http://" : $comment_row['comment_site']);
$comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_user_name']))) : $comment_row['comment_user_name'];
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_id" => $comment_id,
"comment_user_name" => htmlspecialchars($comment_user_name),
"comment_site" => htmlspecialchars($comment_site),
"comment_text" => htmlspecialchars($comment_text),
"lang_edit_comment" => $lang['comment_edit'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no'],
));
$contents = $site_template->parse_template("guestbook_editcomment");
}
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$error = 0;
if ($action == "postcomment" && $config['guestbook_post'] == 1) {
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
// Flood Check
$sql = "SELECT comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
WHERE comment_ip = '".$session_info['session_ip']."'
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 360;
if (time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
$error = 1;
}
if ($comment_user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
if ($comment_site =="http://") {
$comment_site = "";
}
$sql = "INSERT INTO ".GUESTBOOK_TABLE."
(user_name, comment_site, comment_text, comment_ip, comment_date)
VALUES
('$comment_user_name', '$comment_site', '$comment_text', '".$session_info['session_ip']."', ".time().")";
$site_db->query($sql);
}
unset($spam_row);
}
//-----------------------------------------------------
//---Show Guestbook Comments---------------------------
//-----------------------------------------------------
if (($action == "showcomments" || $action == "postcomment" ) && $config['guestbook_view'] == 1) {
if (isset($HTTP_POST_VARS['commentsetperpage']) || isset($HTTP_GET_VARS['commentsetperpage'])) {
$commentsetperpage = (intval($HTTP_POST_VARS['commentsetperpage']) ) ? intval($HTTP_POST_VARS['commentsetperpage']) : intval($HTTP_GET_VARS['commentsetperpage']);
if ($commentsetperpage) {
$site_sess->set_session_var("commentperpage", $commentsetperpage);
$session_info['commentperpage'] = $commentsetperpage;
}
}
if (isset($session_info['commentperpage'])) {
$commentperpage = $session_info['commentperpage'];
} else {
$commentperpage = 8;
}
$sql = "SELECT COUNT(user_name) AS comments
FROM ".GUESTBOOK_TABLE;
$result = $site_db->query_firstrow($sql);
$num_comments = $result['comments'];
$site_db->free_result();
$num_rows_all = (isset($num_comments)) ? $num_comments : 0;
$link_arg = $site_sess->url(ROOT_PATH."guestbook.php");
include_once(ROOT_PATH.'includes/paging.php');
$getpaging = new Paging($page, $commentperpage, $num_rows_all, $link_arg);
$offset = $getpaging->get_offset();
$site_template->register_vars(array(
"paging" => $getpaging->get_paging(),
"paging_stats" => $getpaging->get_paging_stats()
));
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
ORDER BY comment_date DESC
LIMIT $offset, $commentperpage";
$result = $site_db->query($sql);
$comment_row = array();
while ($row = $site_db->fetch_array($result)) {
$comment_row[] = $row;
}
$site_db->free_result($result);
$num_comments = sizeof($comment_row);
$comments = "";
$site_template->register_vars(array(
"lang_guest_from" => $lang['guest_from'],
"lang_guest_site" => $lang['guest_site']
));
if ($num_comments) {
$bgcounter = 0;
for ($i = 0; $i < $num_comments; $i++) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$comment_user_name = htmlspecialchars($comment_row[$i]['comment_user_name']);
$comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".
$site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&comment_id=".
$comment_row[$i]['comment_id']).
"\" target=\"admin_edit\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>";
} elseif ($comment_row[$i]['comment_ip'] == $session_info['session_ip']) { // if ip equals, permit to edit
$admin_links .= ($config['user_edit_guestbook'] != 1) ? "" :
"<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_guestbook'] != 1) ? "" :
"<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>";
}
if (!class_exists("GeoIP"))
{
include(ROOT_PATH."includes/geoip.inc");
}
$gi = geoip_open(ROOT_PATH."includes/GeoIP.dat",GEOIP_STANDARD);
$countries = array();
$cid = geoip_country_code_by_addr($gi, $comment_row[$i]['comment_ip']);
if (empty($cid)) $cid = "lan";
$countries[$cid] = isset($countries[$cid]) ? $countries[$cid]+1 : 1;
$comment_user_flag = "<img src=\"".ROOT_PATH."flags/".strtolower($cid).".gif"."\" alt=\"".(($cid != "lan") ? $gi->GEOIP_COUNTRY_NAMES[$gi->GEOIP_COUNTRY_CODE_TO_NUMBER[$cid]] : "Unknown or LAN")."\" border=0>";
$site_template->register_vars(array(
"comment_id" => $comment_row[$i]['comment_id'],
"comment_user_flag" => $comment_user_flag,
"comment_user_name" => $comment_user_name,
"comment_user_ip" => $comment_user_ip,
"comment_site" => format_text($comment_row[$i]['comment_site'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
"row_bg_number" => $row_bg_number,
"admin_links" => $admin_links,
));
$comments .= $site_template->parse_template("guestbook_comment_bit");
} // end for
} else {
$comments = $lang['be_the_first'];
}
//---End Show Guestbook Comments----
//-----------------------------------------------------
//--- BBCode & Form -----------------------------------
//-----------------------------------------------------
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
if ($config['guestbook_post'] != 1) {
$comment_form = "";
} else {
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
$comment_site = (isset($HTTP_POST_VARS['comment_site']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_site']))) : "http://";
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_user_name" => $comment_user_name,
"comment_site" => $comment_site,
"comment_text" => $comment_text,
"lang_post_guestbook" => $lang['post_guestbook'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment']
));
$comment_form = $site_template->parse_template("guestbook_form");
$site_template->register_vars("guestbook_form", $comment_form);
$contents = $site_template->parse_template("guestbook_showcomments");
unset($comment_form);
} // end if allow_comments
$txt_clickstream = $lang['post_guestbook'];
}
//-----------------------------------------------------
//---Clickstream---------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator']
."<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=showcomments")."\">".$lang['guestbook']."</a>".$config['category_separator'].$txt_clickstream."</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"contents" => $contents,
"guestbook_comments" => $comments,
"lang_sign_my_guestbook" => $lang['sign_my_guestbook'],
"msg" => $msg,
"clickstream" => $clickstream
));
unset($contents);
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>
