$sql = "UPDATE " . $TABLE["Options"] . " \r\r\n\t\t\tSET `ban_ips` = CONCAT(`ban_ips`, ', " . SaveDB($_REQUEST["ip_addr"]) . "')";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error());
$_REQUEST["act"] = 'comments';
$message = 'IP ' . $_REQUEST["ip_addr"] . ' banned! ';
} elseif ($_REQUEST["act"] == 'delComment') {
$sql = "DELETE FROM " . $TABLE["Comments"] . " WHERE id='" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error());
$_REQUEST["act"] = 'comments';
$message = $lang['Message_Comment_deleted'];
} elseif ($_REQUEST["act"] == "addEditor") {
$sql = "INSERT INTO " . $TABLE["Editors"] . " \r\r\n\t\t\tSET `editor_name` \t\t= '" . SaveDB($_REQUEST["editor_name"]) . "',\r\r\n\t\t\t\t`editor_email` \t\t= '" . SaveDB($_REQUEST["editor_email"]) . "',\r\r\n\t\t\t\t`editor_username` \t= '" . SaveDB($_REQUEST["editor_username"]) . "',\r\r\n\t\t\t\t`editor_password` \t= '" . SaveDB($_REQUEST["editor_password"]) . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error());
$_REQUEST["act"] = "editors";
$message .= $lang['Message_Editor_created'];
} elseif ($_REQUEST["act"] == "updateEditor") {
$sql = "UPDATE " . $TABLE["Editors"] . " \r\r\n\t\t\tSET `editor_name` \t\t= '" . SaveDB($_REQUEST["editor_name"]) . "',\r\r\n\t\t\t\t`editor_email` \t\t= '" . SaveDB($_REQUEST["editor_email"]) . "',\r\r\n\t\t\t\t`editor_username` \t= '" . SaveDB($_REQUEST["editor_username"]) . "',\r\r\n\t\t\t\t`editor_password` \t= '" . SaveDB($_REQUEST["editor_password"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error());
$_REQUEST["act"] = "editors";
$message .= $lang['Message_Editor_updated'];
} elseif ($_REQUEST["act"] == 'delEditor') {
$sql = "DELETE FROM " . $TABLE["Editors"] . " WHERE id='" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error());
$_REQUEST["act"] = 'editors';
$message = $lang['Message_Editor_deleted'];
}
if ($_REQUEST["act"] == '' or !isset($_REQUEST["act"])) {
$_REQUEST["act"] = 'news';
}
?>
$banIP = trim($BannedIPs[$i]);
if (trim($BannedIPs[$i]) != '') {
if (preg_match("/" . $banIP . "/i", $checkIP)) {
$IPAllowed = false;
break;
}
}
}
}
if ($WordAllowed == false) {
$SysMessage = $OptionsLang["Banned_word_used"];
} elseif ($IPAllowed == false) {
$SysMessage = ReadDB($OptionsLang["Banned_ip_used"]);
} else {
$publish_date = date("Y-m-d H:i:s", strtotime(date("Y-m-d H:i:s") . " " . $Options["time_offset"]));
$sql = "INSERT INTO " . $TABLE["Comments"] . "\r\r\n\t\t\t\t\tSET `publish_date` \t= '" . $publish_date . "',\r\r\n\t\t\t\t\t\t`ipaddress` \t= '" . SaveDB($_SERVER["REMOTE_ADDR"]) . "',\r\r\n\t\t\t\t\t \t`status` \t\t= '" . $status . "',\r\r\n\t\t\t\t\t \t`archive_id` \t= '" . SaveDB($_REQUEST["id"]) . "',\r\r\n\t\t\t\t\t \t`name` \t\t\t= '" . SaveDB($_REQUEST["name"]) . "',\r\r\n\t\t\t\t\t \t`email` \t\t= '" . SaveDB($_REQUEST["email"]) . "',\r\r\n\t\t\t\t\t \t`comment` \t\t= '" . SaveDB($_REQUEST["comment"]) . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error());
$SysMessage = $OptionsLang["Comment_Submitted"];
if ($Options['approval'] == 'true') {
$SysMessage .= ". " . $OptionsLang["After_Approval_Admin"];
}
$sql = "SELECT * FROM " . $TABLE["Archives"] . " WHERE id='" . mysql_real_escape_string($_REQUEST["id"]) . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error());
$News = mysql_fetch_assoc($sql_result);
mysql_free_result($sql_result);
$mailheader = "From: " . ReadDB($Options["email"]) . "\r\n";
$mailheader .= "Reply-To: " . ReadDB($Options["email"]) . "\r\n";
$mailheader .= "Content-type: text/html; charset=UTF-8\r\n";
$Message_body = "News: <strong>" . ReadDB($News["title"]) . "</strong><br /><br />";
$Message_body .= "Comment: <br />" . $_REQUEST["comment"] . "<br /><br />";
$Message_body .= "Name: " . $_REQUEST["name"] . "<br />";
$sql = "UPDATE `" . $TABLE["News"] . "` SET `image` = '' WHERE id = '" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error());
$message = $lang['Message_Image_deleted'];
$_REQUEST["act"] = "editNews";
} elseif ($_REQUEST["act2"] == "change_status") {
$sql = "UPDATE " . $TABLE["News"] . " \r\r\n\t\t\tSET status = '" . SaveDB($_REQUEST["status"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error());
$message = $lang['Message_Status_Updated'];
$_REQUEST["act"] = "news";
} elseif ($_REQUEST["act2"] == "change_status_comm") {
$sql = "UPDATE " . $TABLE["Comments"] . " \r\r\n\t\t\tSET status = '" . SaveDB($_REQUEST["status"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error());
$message = $lang['Message_Comment_Status_Updated'];
$_REQUEST["act"] = "comments";
} elseif ($_REQUEST["act"] == 'updateComment') {
$sql = "UPDATE " . $TABLE["Comments"] . " \r\r\n\t\t\tSET status\t\t='" . $_REQUEST["status"] . "', \r\r\n\t\t\t\tname\t='" . SaveDB($_REQUEST["name"]) . "', \r\r\n\t\t\t\temail\t='" . SaveDB($_REQUEST["email"]) . "', \r\r\n\t\t\t\tcomment\t='" . SaveDB($_REQUEST["comment"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql);
$_REQUEST["act"] = 'comments';
$message = $lang['Message_Comment_updated'];
} elseif ($_REQUEST["act"] == 'delComment') {
$sql = "DELETE FROM " . $TABLE["Comments"] . " WHERE id='" . $_REQUEST["id"] . "'";
$sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error());
$_REQUEST["act"] = 'comments';
$message = $lang['Message_Comment_deleted'];
}
if ($_REQUEST["act"] == '' or !isset($_REQUEST["act"])) {
$_REQUEST["act"] = 'news';
}
?>
