$user_id = mysql_real_escape_string($user_id);
$image_id = mysql_real_escape_string($image_id);
$sql = "SELECT image_id, by_id from imagecomments WHERE image_id = {$image_id} AND by_id = {$user_id}";
$query = mysql_query($sql);
$result = mysql_num_rows($query);
if ($result != 0) {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_already'] . '</b></font>';
die;
}
}
// comment flood control
$user_id = mysql_real_escape_string($user_id);
$comment_table = 'imagecomments';
$image_id = mysql_real_escape_string($image_id);
$item_id = 'image_id';
$proceed = flood_check($user_id, $comment_table, $item_id, $image_id);
if ($proceed[0] == 'false') {
echo $proceed[1];
die;
}
//check if user allows image comments to their image
$sql1 = "SELECT indexer FROM images WHERE indexer = {$image_id} AND allow_comments = 'no'";
$result1 = @mysql_query($sql1);
if (@mysql_num_rows($result1) != 0) {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['audio_comments_not_allowed'] . '</b></font>';
die;
}
$user_id = mysql_real_escape_string($user_id);
$user_name = mysql_real_escape_string($user_name);
$image_id = mysql_real_escape_string($image_id);
$comments = mysql_real_escape_string($comments);
$query = mysql_query($sql);
$result = mysql_num_rows($query);
$comment_time = $result['todays_date'];
if ($result != 0) {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_already'] . '</b></font>';
die;
}
}
// comment flood control
$user_id = mysql_real_escape_string($user_id);
$user_name = mysql_real_escape_string($user_name);
$blog_id = mysql_real_escape_string($blog_id);
$blog_reply = mysql_real_escape_string($blog_reply);
$blog_table = 'blog_replys';
$id_name = 'blog_id';
$proceed = flood_check($user_id, $blog_table, $id_name, $blog_id);
if ($proceed[0] == 'false') {
echo $proceed[1];
die;
}
//check if user allows blog replies
$sql1 = "SELECT * FROM blogs WHERE indexer = {$blog_id} AND allow_replies = 'no'";
$result1 = @mysql_query($sql1);
if (@mysql_num_rows($result1) != 0) {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_not_allowed'] . '</b></font>';
die;
}
// blog reply table => by_id, by_username, blog_id, reply_body, todays_date
$sql = "INSERT into blog_replys (by_id, by_username, blog_id, reply_body, todays_date) VALUES\r\n ({$user_id}, '{$user_name}', {$blog_id}, '{$blog_reply}', NOW())";
//mysql_query($sql);
$query = @mysql_query($sql);
$member_id = $_POST['member_id'];
$profile_comment = $_POST['FCKeditor1'];
if ($profile_comment == "") {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_comment'] . '</b></font>';
die;
}
if ($user_id == "") {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_login'] . '</b></font>';
die;
}
$user_id = mysql_real_escape_string($user_id);
$member_id = mysql_real_escape_string($member_id);
$profile_comment = mysql_real_escape_string($profile_comment);
$comment_table = 'profilecomments';
$id_name = 'members_id';
$proceed = flood_check($user_id, $comment_table, $id_name, $member_id);
if ($proceed[0] == 'false') {
echo $proceed[1];
die;
}
$sql1 = "SELECT * FROM privacy WHERE user_id = {$member_id} AND profilecomments = 'no'";
$result1 = @mysql_query($sql1);
if (@mysql_num_rows($result1) != 0) {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_not_allowed'] . '</b></font>';
die;
}
$sql = "INSERT into profilecomments (by_id, by_username, members_id, comments, todays_date) VALUES\r\n ({$user_id}, '{$user_name}', {$member_id}, '{$profile_comment}', NOW())";
$query = @mysql_query($sql);
if (!$query) {
die("Error while during sql_query. Error Output: <br/>" . mysql_errno() . ": " . mysql_error() . "<br/>" . "Query follows:<br/>" . $query);
@mysql_close();
} else {
if ($frm->forum_opt & 8) {
reverse_fmt($msg_body);
reverse_nl2br($msg_body);
$msg_body = str_replace('<br>', "\n", 'Quota: ' . htmlspecialchars($msg->login) . ' ha scritto ' . strftime("%a, %d %B %Y %H:%M", $msg->post_stamp) . '<br />----------------------------------------------------<br />' . $msg_body . '<br />----------------------------------------------------<br />');
} else {
$msg_body = '<table border="0" align="center" width="90%" cellpadding="3" cellspacing="1"><tr><td class="SmallText"><b>' . htmlspecialchars($msg->login) . ' ha scritto ' . strftime("%a, %d %B %Y %H:%M", $msg->post_stamp) . '</b></td></tr><tr><td class="quote"><br />' . $msg_body . '<br /></td></tr></table>';
}
}
$msg_body .= "\n";
}
}
}
} else {
/* $_POST['prev_loaded'] */
if ($FLOOD_CHECK_TIME && !$MOD && !$msg_id && ($tm = flood_check())) {
error_dialog('ERRORE: è attivo il controllo sui messaggi.', 'Per cortesia, riprova tra ' . $tm . ' secondi');
}
/* import message options */
$msg_show_sig = isset($_POST['msg_show_sig']) ? $_POST['msg_show_sig'] : '';
$msg_smiley_disabled = isset($_POST['msg_smiley_disabled']) ? $_POST['msg_smiley_disabled'] : '';
$msg_poster_notif = isset($_POST['msg_poster_notif']) ? $_POST['msg_poster_notif'] : '';
$pl_id = !empty($_POST['pl_id']) ? poll_validate((int) $_POST['pl_id'], $msg_id) : 0;
$msg_body = $_POST['msg_body'];
$msg_subject = $_POST['msg_subject'];
if ($perms & 256) {
$attach_count = 0;
/* restore the attachment array */
if (!empty($_POST['file_array'])) {
$attach_list = @unserialize(base64_decode($_POST['file_array']));
if ($attach_count = count($attach_list)) {
$user_id = mysql_real_escape_string($user_id);
$audio = mysql_real_escape_string($audio);
$sql = "SELECT * from audiocomments WHERE audio_id = {$audio} AND by_id = {$user_id}";
$query = mysql_query($sql);
$result = mysql_num_rows($query);
if ($result != 0) {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['video_comments_error_already'] . '</b></font>';
die;
}
}
// comment flood control
$user_id = mysql_real_escape_string($user_id);
$comment_table = 'audiocomments';
$audio = mysql_real_escape_string($audio);
$item_id = 'audio_id';
$proceed = flood_check($user_id, $comment_table, $item_id, $audio);
if ($proceed[0] == 'false') {
echo $proceed[1];
die;
}
//check if user allows audio comments to their audio
$sql1 = "SELECT * FROM audios WHERE indexer = {$audio} AND allow_comments = 'no'";
$result1 = @mysql_query($sql1);
if (@mysql_num_rows($result1) != 0) {
echo '<p align="center"><font color="#FF4242" face="Arial"><b>' . $config['audio_comments_not_allowed'] . '</b></font>';
die;
}
$user_id = mysql_real_escape_string($user_id);
$user_name = mysql_real_escape_string($user_name);
$audio = mysql_real_escape_string($audio);
$comments = mysql_real_escape_string($comments);
