$sql = "UPDATE " . $TABLE["Options"] . " \r\r\n\t\t\tSET `ban_ips` = CONCAT(`ban_ips`, ', " . SaveDB($_REQUEST["ip_addr"]) . "')"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error()); $_REQUEST["act"] = 'comments'; $message = 'IP ' . $_REQUEST["ip_addr"] . ' banned! '; } elseif ($_REQUEST["act"] == 'delComment') { $sql = "DELETE FROM " . $TABLE["Comments"] . " WHERE id='" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error()); $_REQUEST["act"] = 'comments'; $message = $lang['Message_Comment_deleted']; } elseif ($_REQUEST["act"] == "addEditor") { $sql = "INSERT INTO " . $TABLE["Editors"] . " \r\r\n\t\t\tSET `editor_name` \t\t= '" . SaveDB($_REQUEST["editor_name"]) . "',\r\r\n\t\t\t\t`editor_email` \t\t= '" . SaveDB($_REQUEST["editor_email"]) . "',\r\r\n\t\t\t\t`editor_username` \t= '" . SaveDB($_REQUEST["editor_username"]) . "',\r\r\n\t\t\t\t`editor_password` \t= '" . SaveDB($_REQUEST["editor_password"]) . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error()); $_REQUEST["act"] = "editors"; $message .= $lang['Message_Editor_created']; } elseif ($_REQUEST["act"] == "updateEditor") { $sql = "UPDATE " . $TABLE["Editors"] . " \r\r\n\t\t\tSET `editor_name` \t\t= '" . SaveDB($_REQUEST["editor_name"]) . "',\r\r\n\t\t\t\t`editor_email` \t\t= '" . SaveDB($_REQUEST["editor_email"]) . "',\r\r\n\t\t\t\t`editor_username` \t= '" . SaveDB($_REQUEST["editor_username"]) . "',\r\r\n\t\t\t\t`editor_password` \t= '" . SaveDB($_REQUEST["editor_password"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error()); $_REQUEST["act"] = "editors"; $message .= $lang['Message_Editor_updated']; } elseif ($_REQUEST["act"] == 'delEditor') { $sql = "DELETE FROM " . $TABLE["Editors"] . " WHERE id='" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error()); $_REQUEST["act"] = 'editors'; $message = $lang['Message_Editor_deleted']; } if ($_REQUEST["act"] == '' or !isset($_REQUEST["act"])) { $_REQUEST["act"] = 'news'; } ?>
$banIP = trim($BannedIPs[$i]); if (trim($BannedIPs[$i]) != '') { if (preg_match("/" . $banIP . "/i", $checkIP)) { $IPAllowed = false; break; } } } } if ($WordAllowed == false) { $SysMessage = $OptionsLang["Banned_word_used"]; } elseif ($IPAllowed == false) { $SysMessage = ReadDB($OptionsLang["Banned_ip_used"]); } else { $publish_date = date("Y-m-d H:i:s", strtotime(date("Y-m-d H:i:s") . " " . $Options["time_offset"])); $sql = "INSERT INTO " . $TABLE["Comments"] . "\r\r\n\t\t\t\t\tSET `publish_date` \t= '" . $publish_date . "',\r\r\n\t\t\t\t\t\t`ipaddress` \t= '" . SaveDB($_SERVER["REMOTE_ADDR"]) . "',\r\r\n\t\t\t\t\t \t`status` \t\t= '" . $status . "',\r\r\n\t\t\t\t\t \t`archive_id` \t= '" . SaveDB($_REQUEST["id"]) . "',\r\r\n\t\t\t\t\t \t`name` \t\t\t= '" . SaveDB($_REQUEST["name"]) . "',\r\r\n\t\t\t\t\t \t`email` \t\t= '" . SaveDB($_REQUEST["email"]) . "',\r\r\n\t\t\t\t\t \t`comment` \t\t= '" . SaveDB($_REQUEST["comment"]) . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error()); $SysMessage = $OptionsLang["Comment_Submitted"]; if ($Options['approval'] == 'true') { $SysMessage .= ". " . $OptionsLang["After_Approval_Admin"]; } $sql = "SELECT * FROM " . $TABLE["Archives"] . " WHERE id='" . mysql_real_escape_string($_REQUEST["id"]) . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error()); $News = mysql_fetch_assoc($sql_result); mysql_free_result($sql_result); $mailheader = "From: " . ReadDB($Options["email"]) . "\r\n"; $mailheader .= "Reply-To: " . ReadDB($Options["email"]) . "\r\n"; $mailheader .= "Content-type: text/html; charset=UTF-8\r\n"; $Message_body = "News: <strong>" . ReadDB($News["title"]) . "</strong><br /><br />"; $Message_body .= "Comment: <br />" . $_REQUEST["comment"] . "<br /><br />"; $Message_body .= "Name: " . $_REQUEST["name"] . "<br />";
$sql = "UPDATE `" . $TABLE["News"] . "` SET `image` = '' WHERE id = '" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error()); $message = $lang['Message_Image_deleted']; $_REQUEST["act"] = "editNews"; } elseif ($_REQUEST["act2"] == "change_status") { $sql = "UPDATE " . $TABLE["News"] . " \r\r\n\t\t\tSET status = '" . SaveDB($_REQUEST["status"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error()); $message = $lang['Message_Status_Updated']; $_REQUEST["act"] = "news"; } elseif ($_REQUEST["act2"] == "change_status_comm") { $sql = "UPDATE " . $TABLE["Comments"] . " \r\r\n\t\t\tSET status = '" . SaveDB($_REQUEST["status"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . '. Error: ' . mysql_error()); $message = $lang['Message_Comment_Status_Updated']; $_REQUEST["act"] = "comments"; } elseif ($_REQUEST["act"] == 'updateComment') { $sql = "UPDATE " . $TABLE["Comments"] . " \r\r\n\t\t\tSET status\t\t='" . $_REQUEST["status"] . "', \r\r\n\t\t\t\tname\t='" . SaveDB($_REQUEST["name"]) . "', \r\r\n\t\t\t\temail\t='" . SaveDB($_REQUEST["email"]) . "', \r\r\n\t\t\t\tcomment\t='" . SaveDB($_REQUEST["comment"]) . "' \r\r\n\t\t\tWHERE id='" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql); $_REQUEST["act"] = 'comments'; $message = $lang['Message_Comment_updated']; } elseif ($_REQUEST["act"] == 'delComment') { $sql = "DELETE FROM " . $TABLE["Comments"] . " WHERE id='" . $_REQUEST["id"] . "'"; $sql_result = mysql_query($sql, $conn) or die('MySQL query error: ' . $sql . " " . mysql_error()); $_REQUEST["act"] = 'comments'; $message = $lang['Message_Comment_deleted']; } if ($_REQUEST["act"] == '' or !isset($_REQUEST["act"])) { $_REQUEST["act"] = 'news'; } ?>