$c_result .= comment_tmpl($comment_tmpl . '_12', $mn_url, $c_i);
$conf['comments_order'] == 'reverse' ? $c_i-- : $c_i++;
} else {
continue;
}
}
}
if (!empty($c_result)) {
echo '<div id="mn-comments">' . encoding($c_result) . '</div>';
} else {
echo '<p id="mn-comments" class="mn-comment-info">' . encoding($lang['web_msg_no_comments']) . '</p>';
}
} elseif ($p['comments'] == 1) {
echo '<p id="mn-comments" class="mn-comment-info">' . encoding($lang['web_msg_no_comments']) . '</p>';
}
if ($p['comments'] == 1 && check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) {
echo '<p class="mn-comment-info">' . encoding($lang['web_msg_banned_ip']) . '</p>';
} elseif ($p['comments'] == 1 && $conf['comments'] == '1') {
$post_id = $p['id'];
include MN_ROOT . 'stuff/inc/tmpl/comment-form.php';
} elseif ($p['comments'] == 1 && $conf['comments'] == '2') {
if (isset($_COOKIE['mn_logged']) && isset($_COOKIE['mn_user_name']) || isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash'])) {
$post_id = $p['id'];
include MN_ROOT . 'stuff/inc/tmpl/comment-form.php';
} else {
include MN_ROOT . 'stuff/inc/tmpl/login-form.php';
}
} else {
$mn_comments_id = empty($c_result) ? ' id="mn-comments"' : '';
echo '<p' . $mn_comments_id . ' class="mn-comment-info">' . encoding($lang['web_msg_comments_forbidden']) . '</p>';
}
$post = get_post_data($_POST['post_id']);
$mn_redir = isset($_POST['redir']) && !empty($_POST['redir']) ? $_POST['redir'] : str_replace('&mn_msg=c_added', '', $_SERVER['HTTP_REFERER']);
$conf['comments_antiflood'] = isset($conf['comments_antiflood']) && is_numeric($conf['comments_antiflood']) ? $conf['comments_antiflood'] : '30';
if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] && !check_hash()) {
session_destroy();
$url_data = explode('/', $conf['admin_url']);
setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']);
setcookie('mn_logged', '', time() - 3600, '/', $_SERVER['SERVER_NAME']);
header('location: ' . $mn_redir . '#mn-comment-form');
exit;
} elseif (isset($_SESSION['mn_logged']) && !$_SESSION['mn_logged'] && isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) {
permanent_login();
} elseif (in_array(@$_POST['comment_author'], $mn_users) || isset($_POST['comment_pass']) && !empty($_POST['comment_pass'])) {
do_login($_POST['comment_author'], $_POST['comment_pass'], false);
}
if ($post['comments'] == '1' && ($conf['comments'] === true || $conf['comments'] >= 1) && !check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) {
// Check for correct captcha code
if ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) {
require_once './stuff/inc/recaptchalib.php';
$captcha = recaptcha_check_answer('6LfnaQoAAAAAAPi1X1HiWwEWBnCmJ7jLUc5biRpE', $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
}
if (isset($_POST['preview']) && isset($_POST['comment_text']) && !empty($_POST['comment_text'])) {
$preview = true;
} elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && in_array($_POST['comment_author'], $mn_users)) {
$error_msg = $lang['comm_msg_password'];
} elseif (isset($_SESSION['mn_comm_time']) && $_SESSION['mn_comm_time'] + $conf['comments_antiflood'] > time()) {
$error_msg = $lang['comm_msg_flood'];
} elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha'] && !$captcha->is_valid) {
$error_msg = $lang['comm_msg_captcha'];
} else {
if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] || $_POST['robot'] === trim($conf['comments_antispam'])) {
} else {
$var['hide_form'] = true;
login_screen($lang['login_login'], $lang['login_msg_install_file'], 'warning');
}
} elseif (file_exists('./install.php')) {
if (file_exists(MN_ROOT . $file['users'])) {
header('location: ./mn-login.php?install-file');
exit;
} else {
header('location: ./install.php');
exit;
}
} elseif (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged']) {
header('location: ./');
exit;
} elseif (check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) {
$var['hide_form'] = true;
login_screen($lang['login_login'], $lang['login_msg_blocked_ip'], 'warning');
} elseif (isset($_GET['action']) && $_GET['action'] == 'lost-pass') {
login_screen($lang['login_send_new_pass'], $lang['login_send_new_pass'], 'main');
} elseif (isset($_GET['action']) && $_GET['action'] == 'register' && $conf['users_registration']) {
login_screen($lang['login_registration'], $lang['login_registration'], 'main');
} elseif (isset($_GET['back']) && $_GET['back'] == 'regdone' && $conf['users_registration']) {
login_screen($lang['login_registration'], $lang['login_msg_regdone'], 'ok');
} elseif (isset($_POST['action']) && $_POST['action'] == 'register' && $conf['users_registration']) {
if (!empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['pass1']) && !empty($_POST['pass2'])) {
if ($_POST['robot'] === trim($conf['comments_antispam'])) {
if (mb_strlen($_POST['username']) > 1 && mb_strlen($_POST['pass1']) > 5) {
if (preg_match('/^[_ a-zA-Z0-9\\.\\-]+$/', $_POST['username'])) {
if (stripos($_POST['username'], 'admin') === false) {
if (check_email($_POST['email'])) {