function get_post_var($name, $default = '')
{
if ($_GET[$name] == 'undefined') {
return '';
} else {
return isset($_GET[$name]) ? enl_utf8Urldecode($_GET[$name]) : enl_utf8Urldecode($default);
}
}
$str = str_replace($replacements, '(...)', $str);
}
if (!isset($_GET['event']) && !isset($_POST['event'])) {
enl_die($lang_errors['param_missing']);
}
$event = isset($_POST['event']) ? $_POST['event'] : $_GET['event'];
switch ($event) {
// Comment
case 'comment':
if (!USER_CAN_POST_COMMENTS) {
enl_die($lang_errors['perm_denied']);
}
check_comment($_GET['msg_body']);
check_comment($_GET['msg_author']);
$msg_author = enl_utf8Urldecode(addslashes(trim($_GET['msg_author'])));
$msg_body = enl_utf8Urldecode(addslashes(trim($_GET['msg_body'])));
$pid = (int) $_GET['pos'];
$pid = -$pid;
if (($msg_author == '' || $msg_author == 'undefined') && !USER_ID) {
enl_die($lang_db_input_php['empty_name_or_com']);
}
if ($msg_body == '' || $msg_body == 'undefined') {
enl_die($lang_db_input_php['empty_name_or_com']);
}
$result = cpg_db_query("SELECT comments FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'");
if (!mysql_num_rows($result)) {
enl_die($lang_errors['non_exist_ap']);
}
$album_data = mysql_fetch_array($result);
mysql_free_result($result);
if ($album_data['comments'] != 'YES') {
