*/ if (!isset($_GET['what']) && !isset($_POST['what'])) { enl_die($lang_errors['param_missing']); } $what = isset($_GET['what']) ? $_GET['what'] : $_POST['what']; switch ($what) { // Comment case 'comment': $msg_id = (int) $_GET['msg_id']; $result = cpg_db_query("SELECT pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}'"); if (!mysql_num_rows($result)) { enl_die($lang_errors['non_exist_comment']); } else { $comment_data = mysql_fetch_array($result); } if (GALLERY_ADMIN_MODE) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}'"; } elseif (USER_ID) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_id ='" . USER_ID . "' LIMIT 1"; } else { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1"; } $result = cpg_db_query($query); enl_message($lang_delete_php['comment_deleted']); ob_end_flush(); break; // Unknow command // Unknow command default: enl_die($lang_errors['param_missing']); }
if (mysql_result(cpg_db_query("select count(user_id) from {$CONFIG['TABLE_USERS']} where UPPER(user_name) = UPPER('{$msg_author}')"), 0, 0)) { enl_die($lang_db_input_php['com_author_error']); } $insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('{$pid}', '{$CONFIG['comments_anon_pfx']}{$msg_author}', '{$msg_body}', NOW(), '{$USER['ID']}', '0', '{$raw_ip}', '{$hdr_ip}')"); $USER['name'] = $_POST['msg_author']; $redirect = "displayimage.php?pos=" . -$pid; if ($CONFIG['email_comment_notification']) { $mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . "</p>\n\r " . $lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect; cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body)); } enl_message($lang_db_input_php['com_added']); ob_end_flush(); exit; } else { // Registered users, we can use Location to redirect $insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('{$pid}', '" . addslashes(USER_NAME) . "', '{$msg_body}', NOW(), '', '" . USER_ID . "', '{$raw_ip}', '{$hdr_ip}')"); $redirect = "displayimage.php?pos=" . -$pid; if ($CONFIG['email_comment_notification'] && !USER_IS_ADMIN) { $mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . "</p>\n\r " . $lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect; cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body)); } enl_message($lang_db_input_php['com_added']); ob_end_flush(); exit; } break; // Unknow event // Unknow event default: enl_die($lang_errors['param_missing']); }
} else { if (eregi("netscape", $browser)) { $browser = "Netscape"; } } } $time = time(); $referer = urlencode(addslashes($_SERVER['HTTP_REFERER'])); // Insert the record in database $query = "INSERT INTO {$CONFIG['TABLE_VOTE_STATS']}\r\n SET\r\n pid = {$pic},\r\n rating = {$rate},\r\n Ip = '{$raw_ip}',\r\n sdate = '{$time}',\r\n referer = '{$referer}',\r\n browser = '{$browser}',\r\n os = '{$os}'"; cpg_db_query($query); } $location = "index.php?file=enlargeit/enl_info&pid=" . $pic . "&enl_img=" . $enl_img; $header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: '; header($header_location . $location); enl_message($lang_rate_pic_php['rate_ok']); ob_end_flush(); function enl_die($enl_error) { echo '<table cellspacing="1" style="width:100%;height:100%">'; echo '<tr>'; echo '<td class="enl_infotablehead" align="center"><b>'; echo $enl_error; echo '</b></td>'; echo '</tr>'; echo '</table>'; exit; } function enl_message($enl_message) { echo '<table cellspacing="1" style="width:100%;height:100%">';
$plaintext_message = template_eval($template_ecard_plaintext, $params); $tempTime = time(); $message .= sprintf($lang_ecard_php['ecards_footer'], $sender_name, $_SERVER['REMOTE_ADDR'], localised_date(-1, $comment_date_fmt)); $subject = sprintf($lang_ecard_php['ecard_title'], $sender_name); $result = cpg_mail($recipient_email, $subject, $message, 'text/html', $sender_name, $sender_email, $plaintext_message); //write ecard log if ($CONFIG['log_ecards'] == 1) { $result_log = cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email, recipient_name, recipient_email, link, date, sender_ip) VALUES ('{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$encoded_data}', '{$tempTime}', '{$_SERVER["REMOTE_ADDR"]}')"); } if (!USER_ID) { $USER['name'] = $sender_name; $USER['email'] = $sender_email; } if ($result) { //pageheader($lang_ecard_php['title']); enl_message($lang_ecard_php['send_success']); /* echo '<br />'; starttable('100%', $lang_ecard_php['preview']); echo '<tr><td>'; echo template_eval($template_ecard, $params); echo '</td></tr>'; endtable(); pagefooter(); ob_end_flush(); */ exit; } else { enl_die($lang_ecard_php['send_failed']); } } } //submit