*/
if (!isset($_GET['what']) && !isset($_POST['what'])) {
enl_die($lang_errors['param_missing']);
}
$what = isset($_GET['what']) ? $_GET['what'] : $_POST['what'];
switch ($what) {
// Comment
case 'comment':
$msg_id = (int) $_GET['msg_id'];
$result = cpg_db_query("SELECT pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}'");
if (!mysql_num_rows($result)) {
enl_die($lang_errors['non_exist_comment']);
} else {
$comment_data = mysql_fetch_array($result);
}
if (GALLERY_ADMIN_MODE) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}'";
} elseif (USER_ID) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_id ='" . USER_ID . "' LIMIT 1";
} else {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1";
}
$result = cpg_db_query($query);
enl_message($lang_delete_php['comment_deleted']);
ob_end_flush();
break;
// Unknow command
// Unknow command
default:
enl_die($lang_errors['param_missing']);
}
if (mysql_result(cpg_db_query("select count(user_id) from {$CONFIG['TABLE_USERS']} where UPPER(user_name) = UPPER('{$msg_author}')"), 0, 0)) {
enl_die($lang_db_input_php['com_author_error']);
}
$insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('{$pid}', '{$CONFIG['comments_anon_pfx']}{$msg_author}', '{$msg_body}', NOW(), '{$USER['ID']}', '0', '{$raw_ip}', '{$hdr_ip}')");
$USER['name'] = $_POST['msg_author'];
$redirect = "displayimage.php?pos=" . -$pid;
if ($CONFIG['email_comment_notification']) {
$mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . "</p>\n\r " . $lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect;
cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body));
}
enl_message($lang_db_input_php['com_added']);
ob_end_flush();
exit;
} else {
// Registered users, we can use Location to redirect
$insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('{$pid}', '" . addslashes(USER_NAME) . "', '{$msg_body}', NOW(), '', '" . USER_ID . "', '{$raw_ip}', '{$hdr_ip}')");
$redirect = "displayimage.php?pos=" . -$pid;
if ($CONFIG['email_comment_notification'] && !USER_IS_ADMIN) {
$mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . "</p>\n\r " . $lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect;
cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body));
}
enl_message($lang_db_input_php['com_added']);
ob_end_flush();
exit;
}
break;
// Unknow event
// Unknow event
default:
enl_die($lang_errors['param_missing']);
}
} else {
if (eregi("netscape", $browser)) {
$browser = "Netscape";
}
}
}
$time = time();
$referer = urlencode(addslashes($_SERVER['HTTP_REFERER']));
// Insert the record in database
$query = "INSERT INTO {$CONFIG['TABLE_VOTE_STATS']}\r\n SET\r\n pid = {$pic},\r\n rating = {$rate},\r\n Ip = '{$raw_ip}',\r\n sdate = '{$time}',\r\n referer = '{$referer}',\r\n browser = '{$browser}',\r\n os = '{$os}'";
cpg_db_query($query);
}
$location = "index.php?file=enlargeit/enl_info&pid=" . $pic . "&enl_img=" . $enl_img;
$header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . $location);
enl_message($lang_rate_pic_php['rate_ok']);
ob_end_flush();
function enl_die($enl_error)
{
echo '<table cellspacing="1" style="width:100%;height:100%">';
echo '<tr>';
echo '<td class="enl_infotablehead" align="center"><b>';
echo $enl_error;
echo '</b></td>';
echo '</tr>';
echo '</table>';
exit;
}
function enl_message($enl_message)
{
echo '<table cellspacing="1" style="width:100%;height:100%">';
$plaintext_message = template_eval($template_ecard_plaintext, $params);
$tempTime = time();
$message .= sprintf($lang_ecard_php['ecards_footer'], $sender_name, $_SERVER['REMOTE_ADDR'], localised_date(-1, $comment_date_fmt));
$subject = sprintf($lang_ecard_php['ecard_title'], $sender_name);
$result = cpg_mail($recipient_email, $subject, $message, 'text/html', $sender_name, $sender_email, $plaintext_message);
//write ecard log
if ($CONFIG['log_ecards'] == 1) {
$result_log = cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email, recipient_name, recipient_email, link, date, sender_ip) VALUES ('{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$encoded_data}', '{$tempTime}', '{$_SERVER["REMOTE_ADDR"]}')");
}
if (!USER_ID) {
$USER['name'] = $sender_name;
$USER['email'] = $sender_email;
}
if ($result) {
//pageheader($lang_ecard_php['title']);
enl_message($lang_ecard_php['send_success']);
/* echo '<br />';
starttable('100%', $lang_ecard_php['preview']);
echo '<tr><td>';
echo template_eval($template_ecard, $params);
echo '</td></tr>';
endtable();
pagefooter();
ob_end_flush(); */
exit;
} else {
enl_die($lang_ecard_php['send_failed']);
}
}
}
//submit
