$error = 1;
}
}
if ($user_name == "") {
$msg .= ($msg != "" ? "<br />" : "") . $lang['name_required'];
$error = 1;
}
if ($comment_headline == "") {
$msg .= ($msg != "" ? "<br />" : "") . $lang['headline_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= ($msg != "" ? "<br />" : "") . $lang['comment_required'];
$error = 1;
}
if ($captcha_enable_comments && !captcha_validate($captcha)) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required'];
$error = 1;
}
if (!$error) {
$sql = "INSERT INTO " . COMMENTS_TABLE . "\n (image_id, user_id, user_name, comment_headline, comment_text, comment_ip, comment_date)\n VALUES\n ({$id}, " . $user_info['user_id'] . ", '{$user_name}', '{$comment_headline}', '{$comment_text}', '" . $session_info['session_ip'] . "', " . time() . ")";
$site_db->query($sql);
$commentid = $site_db->get_insert_id();
update_comment_count($id, $user_info['user_id']);
$msg = $lang['comment_success'];
$site_sess->set_session_var("msgdetails", $msg);
redirect(ROOT_PATH . "details.php?" . URL_IMAGE_ID . "=" . $image_id . (!empty($mode) ? "&mode=" . $mode : "") . ($page > 1 ? "&page=" . $page : ""));
}
}
unset($row);
unset($spam_row);
if ($user_email != "") {
if (check_email($user_email)) {
$sql = "SELECT " . get_user_table_field("", "user_email") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_email") . " = '" . strtolower($user_email) . "'";
if ($site_db->not_empty($sql)) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['email_exists'];
$error = 1;
}
} else {
$msg .= ($msg != "" ? "<br />" : "") . $lang['invalid_email_format'];
$error = 1;
}
} else {
$msg .= ($msg != "" ? "<br />" : "") . ($field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $lang['email']), $lang['field_required']));
$error = 1;
}
if ($captcha_enable_registration && !captcha_validate($captcha)) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required'];
$error = 1;
}
if (!empty($additional_user_fields)) {
foreach ($additional_user_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
$error = 1;
$field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $val[0]), $lang['field_required']);
$msg .= ($msg != "" ? "<br />" : "") . $field_error;
}
}
}
} else {
$error = 1;
}
$uploaderror = 0;
if ($cat_id == 0) {
$error = 1;
$field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $lang['category']), $lang['field_required']);
$msg .= ($msg != "" ? "<br />" : "") . $field_error;
}
if ((empty($HTTP_POST_FILES['media_file']['tmp_name']) || $HTTP_POST_FILES['media_file']['tmp_name'] == "none") && ($remote_media_file == "" || !check_remote_media($remote_media_file))) {
$error = 1;
$msg .= ($msg != "" ? "<br />" : "") . $lang['image_file_required'];
}
if ($image_name == "") {
$error = 1;
$field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
$msg .= ($msg != "" ? "<br />" : "") . $field_error;
}
if ($captcha_enable_upload && !captcha_validate($captcha)) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required'];
$error = 1;
}
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
$error = 1;
$field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $val[0]), $lang['field_required']);
$msg .= ($msg != "" ? "<br />" : "") . $field_error;
}
}
}
if (!$error) {
// Start Upload
include ROOT_PATH . 'includes/upload.php';
$bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color']));
$border_color = un_htmlspecialchars(trim($HTTP_POST_VARS['border_color']));
$font_color = un_htmlspecialchars(trim($HTTP_POST_VARS['font_color']));
$font_face = un_htmlspecialchars(trim($HTTP_POST_VARS['font_face']));
$sender_name = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_name']));
$sender_email = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_email']));
$recipient_name = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_name']));
$recipient_email = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_email']));
$headline = un_htmlspecialchars(trim($HTTP_POST_VARS['headline']));
$message = un_htmlspecialchars(trim($HTTP_POST_VARS['message']));
$message = strip_tags($message);
$captcha = isset($HTTP_POST_VARS['captcha']) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
$back_url = !empty($HTTP_POST_VARS['back_url']) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['back_url']))) : $site_sess->url(ROOT_PATH . "index.php", "&");
$postcard_id = get_random_key(POSTCARDS_TABLE, "postcard_id");
$current_time = time();
if ($captcha_enable_postcards && !captcha_validate($captcha)) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required'];
$action = "previewcard";
$main_template = "postcard_preview";
} else {
$sql = "INSERT INTO " . POSTCARDS_TABLE . "\n (postcard_id, image_id, postcard_date, postcard_bg_color, postcard_border_color, postcard_font_color, postcard_font_face, postcard_sender_name, postcard_sender_email, postcard_recipient_name, postcard_recipient_email, postcard_headline, postcard_message)\n VALUES\n ('{$postcard_id}', {$image_id}, {$current_time}, '{$bg_color}', '{$border_color}', '{$font_color}', '{$font_face}', '{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$headline}', '{$message}')";
$result = $site_db->query($sql);
if ($result) {
$postcard_url = $script_url . "/postcards.php?" . URL_POSTCARD_ID . "=" . $postcard_id;
include ROOT_PATH . 'includes/email.php';
$site_email = new Email();
$site_email->set_to(stripslashes($recipient_email));
$site_email->set_from(stripslashes($sender_email), stripslashes($sender_name));
$site_email->set_subject($lang['send_postcard_emailsubject']);
$site_email->register_vars(array("sender_name" => stripslashes($sender_name), "sender_email" => stripslashes($sender_email), "recipient_name" => stripslashes($recipient_name), "postcard_url" => stripslashes($postcard_url), "postcard_send_date" => format_date($config['date_format'] . " " . $config['time_format'], $current_time), "site_name" => $config['site_name']));
$site_email->set_body("postcard_message", $config['language_dir']);
