$user_id = mysql_real_escape_string($user_id); $image_id = mysql_real_escape_string($image_id); $sql = "SELECT image_id, by_id from imagecomments WHERE image_id = {$image_id} AND by_id = {$user_id}"; $query = mysql_query($sql); $result = mysql_num_rows($query); if ($result != 0) { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_already'] . '</b></font>'; die; } } // comment flood control $user_id = mysql_real_escape_string($user_id); $comment_table = 'imagecomments'; $image_id = mysql_real_escape_string($image_id); $item_id = 'image_id'; $proceed = flood_check($user_id, $comment_table, $item_id, $image_id); if ($proceed[0] == 'false') { echo $proceed[1]; die; } //check if user allows image comments to their image $sql1 = "SELECT indexer FROM images WHERE indexer = {$image_id} AND allow_comments = 'no'"; $result1 = @mysql_query($sql1); if (@mysql_num_rows($result1) != 0) { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['audio_comments_not_allowed'] . '</b></font>'; die; } $user_id = mysql_real_escape_string($user_id); $user_name = mysql_real_escape_string($user_name); $image_id = mysql_real_escape_string($image_id); $comments = mysql_real_escape_string($comments);
$query = mysql_query($sql); $result = mysql_num_rows($query); $comment_time = $result['todays_date']; if ($result != 0) { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_already'] . '</b></font>'; die; } } // comment flood control $user_id = mysql_real_escape_string($user_id); $user_name = mysql_real_escape_string($user_name); $blog_id = mysql_real_escape_string($blog_id); $blog_reply = mysql_real_escape_string($blog_reply); $blog_table = 'blog_replys'; $id_name = 'blog_id'; $proceed = flood_check($user_id, $blog_table, $id_name, $blog_id); if ($proceed[0] == 'false') { echo $proceed[1]; die; } //check if user allows blog replies $sql1 = "SELECT * FROM blogs WHERE indexer = {$blog_id} AND allow_replies = 'no'"; $result1 = @mysql_query($sql1); if (@mysql_num_rows($result1) != 0) { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_not_allowed'] . '</b></font>'; die; } // blog reply table => by_id, by_username, blog_id, reply_body, todays_date $sql = "INSERT into blog_replys (by_id, by_username, blog_id, reply_body, todays_date) VALUES\r\n ({$user_id}, '{$user_name}', {$blog_id}, '{$blog_reply}', NOW())"; //mysql_query($sql); $query = @mysql_query($sql);
$member_id = $_POST['member_id']; $profile_comment = $_POST['FCKeditor1']; if ($profile_comment == "") { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_comment'] . '</b></font>'; die; } if ($user_id == "") { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_login'] . '</b></font>'; die; } $user_id = mysql_real_escape_string($user_id); $member_id = mysql_real_escape_string($member_id); $profile_comment = mysql_real_escape_string($profile_comment); $comment_table = 'profilecomments'; $id_name = 'members_id'; $proceed = flood_check($user_id, $comment_table, $id_name, $member_id); if ($proceed[0] == 'false') { echo $proceed[1]; die; } $sql1 = "SELECT * FROM privacy WHERE user_id = {$member_id} AND profilecomments = 'no'"; $result1 = @mysql_query($sql1); if (@mysql_num_rows($result1) != 0) { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_not_allowed'] . '</b></font>'; die; } $sql = "INSERT into profilecomments (by_id, by_username, members_id, comments, todays_date) VALUES\r\n ({$user_id}, '{$user_name}', {$member_id}, '{$profile_comment}', NOW())"; $query = @mysql_query($sql); if (!$query) { die("Error while during sql_query. Error Output: <br/>" . mysql_errno() . ": " . mysql_error() . "<br/>" . "Query follows:<br/>" . $query); @mysql_close();
} else { if ($frm->forum_opt & 8) { reverse_fmt($msg_body); reverse_nl2br($msg_body); $msg_body = str_replace('<br>', "\n", 'Quota: ' . htmlspecialchars($msg->login) . ' ha scritto ' . strftime("%a, %d %B %Y %H:%M", $msg->post_stamp) . '<br />----------------------------------------------------<br />' . $msg_body . '<br />----------------------------------------------------<br />'); } else { $msg_body = '<table border="0" align="center" width="90%" cellpadding="3" cellspacing="1"><tr><td class="SmallText"><b>' . htmlspecialchars($msg->login) . ' ha scritto ' . strftime("%a, %d %B %Y %H:%M", $msg->post_stamp) . '</b></td></tr><tr><td class="quote"><br />' . $msg_body . '<br /></td></tr></table>'; } } $msg_body .= "\n"; } } } } else { /* $_POST['prev_loaded'] */ if ($FLOOD_CHECK_TIME && !$MOD && !$msg_id && ($tm = flood_check())) { error_dialog('ERRORE: è attivo il controllo sui messaggi.', 'Per cortesia, riprova tra ' . $tm . ' secondi'); } /* import message options */ $msg_show_sig = isset($_POST['msg_show_sig']) ? $_POST['msg_show_sig'] : ''; $msg_smiley_disabled = isset($_POST['msg_smiley_disabled']) ? $_POST['msg_smiley_disabled'] : ''; $msg_poster_notif = isset($_POST['msg_poster_notif']) ? $_POST['msg_poster_notif'] : ''; $pl_id = !empty($_POST['pl_id']) ? poll_validate((int) $_POST['pl_id'], $msg_id) : 0; $msg_body = $_POST['msg_body']; $msg_subject = $_POST['msg_subject']; if ($perms & 256) { $attach_count = 0; /* restore the attachment array */ if (!empty($_POST['file_array'])) { $attach_list = @unserialize(base64_decode($_POST['file_array'])); if ($attach_count = count($attach_list)) {
$user_id = mysql_real_escape_string($user_id); $audio = mysql_real_escape_string($audio); $sql = "SELECT * from audiocomments WHERE audio_id = {$audio} AND by_id = {$user_id}"; $query = mysql_query($sql); $result = mysql_num_rows($query); if ($result != 0) { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_already'] . '</b></font>'; die; } } // comment flood control $user_id = mysql_real_escape_string($user_id); $comment_table = 'audiocomments'; $audio = mysql_real_escape_string($audio); $item_id = 'audio_id'; $proceed = flood_check($user_id, $comment_table, $item_id, $audio); if ($proceed[0] == 'false') { echo $proceed[1]; die; } //check if user allows audio comments to their audio $sql1 = "SELECT * FROM audios WHERE indexer = {$audio} AND allow_comments = 'no'"; $result1 = @mysql_query($sql1); if (@mysql_num_rows($result1) != 0) { echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['audio_comments_not_allowed'] . '</b></font>'; die; } $user_id = mysql_real_escape_string($user_id); $user_name = mysql_real_escape_string($user_name); $audio = mysql_real_escape_string($audio); $comments = mysql_real_escape_string($comments);