$curr_time = time();
$clean_before = $curr_time - $CONFIG['keep_votes_time'] * 86400;
$sql = "DELETE " . "FROM {$CONFIG['TABLE_VOTES']} " . "WHERE vote_time < {$clean_before}";
$result = cpg_db_query($sql);
// Check if user already rated this picture
$user_md5_id = USER_ID ? md5(USER_ID) : $USER['ID'];
$sql = "SELECT * " . "FROM {$CONFIG['TABLE_VOTES']} " . "WHERE pic_id = '{$pic}' AND user_md5_id = '{$user_md5_id}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
enl_die($lang_rate_pic_php['already_rated']);
}
//Test for Self-Rating
$user = USER_ID;
$owner = $row['owner_id'];
if (!empty($user) && $user == $owner && !USER_IS_ADMIN) {
enl_die($lang_rate_pic_php['forbidden']);
}
// Update picture rating
$new_rating = round(($row['votes'] * $row['pic_rating'] + $rate * 2000) / ($row['votes'] + 1));
$sql = "UPDATE {$CONFIG['TABLE_PICTURES']} " . "SET pic_rating = '{$new_rating}', votes = votes + 1 " . "WHERE pid = '{$pic}' LIMIT 1";
$result = cpg_db_query($sql);
// Update the votes table
$sql = "INSERT INTO {$CONFIG['TABLE_VOTES']} " . "VALUES ('{$pic}', '{$user_md5_id}', '{$curr_time}')";
$result = cpg_db_query($sql);
/**
* Code to record the details of hits for the picture if the option is set in CONFIG
*/
if ($CONFIG['vote_details']) {
// Get the details of user browser, IP, OS, etc
$os = "Unknown";
if (eregi("Linux", $_SERVER["HTTP_USER_AGENT"])) {
*/
if (!isset($_GET['what']) && !isset($_POST['what'])) {
enl_die($lang_errors['param_missing']);
}
$what = isset($_GET['what']) ? $_GET['what'] : $_POST['what'];
switch ($what) {
// Comment
case 'comment':
$msg_id = (int) $_GET['msg_id'];
$result = cpg_db_query("SELECT pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}'");
if (!mysql_num_rows($result)) {
enl_die($lang_errors['non_exist_comment']);
} else {
$comment_data = mysql_fetch_array($result);
}
if (GALLERY_ADMIN_MODE) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}'";
} elseif (USER_ID) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_id ='" . USER_ID . "' LIMIT 1";
} else {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1";
}
$result = cpg_db_query($query);
enl_message($lang_delete_php['comment_deleted']);
ob_end_flush();
break;
// Unknow command
// Unknow command
default:
enl_die($lang_errors['param_missing']);
}
$USER['email'] = $sender_email;
}
if ($result) {
//pageheader($lang_ecard_php['title']);
enl_message($lang_ecard_php['send_success']);
/* echo '<br />';
starttable('100%', $lang_ecard_php['preview']);
echo '<tr><td>';
echo template_eval($template_ecard, $params);
echo '</td></tr>';
endtable();
pagefooter();
ob_end_flush(); */
exit;
} else {
enl_die($lang_ecard_php['send_failed']);
}
}
}
//submit
//pageheader($lang_ecard_php['title']);
//ecard form
if ($CONFIG['show_bbcode_help']) {
$captionLabel = ' ' . cpg_display_help('f=index.html&base=64&h=' . urlencode(base64_encode(serialize($lang_bbcode_help_title))) . '&t=' . urlencode(base64_encode(serialize($lang_bbcode_help))), 470, 245);
}
echo <<<EOT
<form method="post" name="post" action="{$_SERVER['PHP_SELF']}?album={$album}&pid={$pid}&pos={$pos}">
EOT;
//starttable("100%", $lang_ecard_php['title'], 3);
echo '<table align="center" cellspacing="1" cellpadding="0" style="width:100%;">';
echo '<tr>';
