* @name Comment
* @version 2.0
* @package Fiyo CMS
* @copyright Copyright (C) 2014 Fiyo CMS.
* @license GNU/GPL, see LICENSE.txt
* @description
**/
defined('_FINDEX_') or die('Access Denied');
$db = new FQuery();
$db->connect();
loadLang(__DIR__);
if (!defined('SEF_URL')) {
$link = check_permalink('link', getLink(), 'link');
$go_link = FUrl . getLink() . "&pid={$_GET['pid']}";
} else {
$link = @check_permalink('permalink', $_REQUEST['link'], 'link');
$go_link = FUrl . @$_REQUEST['link'] . SEF_EXT;
}
require 'entry_comment.php';
define('CAPTCHA', false);
if (!CAPTCHA) {
$valid = true;
if (!isset($_SESSION['captcha'])) {
$_SESSION['captcha'] = 99;
}
$_POST['secure'] = $_SESSION['captcha'];
$_SESSION['ENABLE_CAPTCHA'] = false;
}
if (isset($_POST['send-comment'])) {
//reCaptcha
$privatekey = oneQuery('comment_setting', 'name', "'recaptcha_privatekey'", 'value');
$id = app_param('id');
if ($view != 'default') {
$a = FQuery("pustaka_category", "id={$id}", '', 1);
if (!$a) {
$a = FQuery("pustaka_file", "id={$id}", '', 1);
}
if (!$a and app_param('label') != null) {
$a = app_param('label');
}
} else {
$a = app_param('view') == 'default';
}
if ($a) {
$sef_prefix = "pustaka";
if (defined('SEF_URL')) {
$page = check_permalink('permalink', 'addons', 'pid');
if ($view == 'item') {
$item = oneQuery('pustaka_file', 'id', $id, 'title');
$vcat = oneQuery('pustaka_file', 'id', $id, 'category');
$ncat = oneQuery('pustaka_category', 'id', $vcat, 'name');
$page = oneQuery('menu', 'link', "'?app=pdf&view=category&id={$vcat}'", 'id');
if (!$page) {
$page = oneQuery('permalink', 'link', "'?app=pdf&view=default'", 'pid');
}
if (app_param('go') != 'pdf') {
add_permalink("{$id}-{$item}", "{$sef_prefix}/{$ncat}", $page);
} else {
add_permalink("{$id}-{$item}/pdf", "{$sef_prefix}/{$ncat}", $page);
}
} else {
if ($view == 'category') {
define('_FINDEX_', 1);
session_start();
if (!isset($_SESSION['USER_ID']) or !isset($_SESSION['USER_ID']) or $_SESSION['USER_LEVEL'] > 3 or !isset($_POST['url'])) {
die;
}
require_once '../../../system/jscore.php';
?>
<table class="table tools">
<tbody>
<?php
$db = new FQuery();
$db->connect();
$sql = $db->select(FDBPrefix . "article", "*,DATE_FORMAT(date,'%W, %b %d %Y') as dates", "", 'date DESC LIMIT 10');
$no = 1;
while ($qr = mysql_fetch_array($sql)) {
$read = check_permalink("link", "?app=article&view=item&id={$qr['id']}", "permalink");
if ($read) {
$read = $_POST['url'] . $read;
} else {
$read = $_POST['url'] . "?app=article&view=item&id={$qr['id']}";
}
$edit = "?app=article&act=edit&id={$qr['id']}";
$auth = userInfo("name", "{$qr['author_id']}");
$info = "{$qr['date']}";
$read_article = Read;
$edit_article = Edit;
if ($no % 2 == 0) {
$class = 'clr';
} else {
$class = 'cln';
}
function getLink()
{
if (defined('SEF_URL') and _FINDEX_ != 'BACK') {
$tapos = strpos($_SERVER['REQUEST_URI'], "?");
if (!_Page) {
$link = substr($_SERVER['REQUEST_URI'], $tapos);
} else {
$link = substr($_SERVER['REQUEST_URI'], 0, $tapos);
}
if (isset($_GET['pid'])) {
echo 1;
$link = str_replace("&pid={$_GET['pid']}", "", $link);
}
$link = str_replace("&pid=", "", $link);
} else {
$trim = strlen(siteConfig('sef_extention'));
$link = str_replace(siteConfig('site_url'), "", getUrl());
$trim = strlen($link) - $trim;
if (defined('SEF_URL')) {
$link = substr($link, 0, $trim);
} else {
$link = substr($link, 0);
}
}
//no inject please :)
$link = str_replace("'", "", $link);
$link = str_replace('"', "", $link);
if (checkLocalhost()) {
$base = str_replace('localhost', '', FBase);
$link = str_replace($base, '', $link);
}
if (SEF_URL and check_permalink('permalink', $link, 'link')) {
$link = check_permalink('permalink', $link, 'link');
}
return $link;
}
function add_permalink($title, $cat = NULL, $pid = null, $ext = null, $next = null)
{
$page = _Page;
if (!preg_match("/[0-9]/", $page)) {
$page = null;
}
if (SEF_URL and !checkHomePage() and !$page) {
$db = new FQuery();
$db->connect();
$eqpos = strpos($_SERVER['REQUEST_URI'], "=");
$tapos = strpos($_SERVER['REQUEST_URI'], "?");
if ($eqpos > 0 and $tapos > 0 and empty($_GET['page'])) {
$permalink = str_replace(" ", "-", strtolower($title));
if (app_param('app') == 'article' and app_param('view') == 'item') {
while (substr_count($permalink, '/')) {
$permalink = str_replace("/", "-", $permalink);
}
}
$category = str_replace(" ", "-", strtolower($cat));
if (!empty($cat)) {
$permalink = strtolower($category) . "/" . $permalink;
} else {
$permalink = $permalink;
}
while (substr_count($permalink, "[")) {
$permalink = str_replace("[", "", $permalink);
}
while (substr_count($permalink, "]")) {
$permalink = str_replace("]", "", $permalink);
}
while (substr_count($permalink, "(")) {
$permalink = str_replace("(", "", $permalink);
}
while (substr_count($permalink, ")")) {
$permalink = str_replace(")", "", $permalink);
}
while (substr_count($permalink, "{")) {
$permalink = str_replace("{", "", $permalink);
}
while (substr_count($permalink, "}")) {
$permalink = str_replace("}", "", $permalink);
}
while (substr_count($permalink, "&")) {
$permalink = str_replace("&", "", $permalink);
}
while (substr_count($permalink, "&")) {
$permalink = str_replace("&", "", $permalink);
}
/************ ? removal **************/
while (substr_count($permalink, "?")) {
$permalink = str_replace("?", "", $permalink);
}
/************ + removal **************/
while (substr_count($permalink, "+")) {
$permalink = str_replace("+", "", $permalink);
}
/************ # removal **************/
while (substr_count($permalink, "#")) {
$permalink = str_replace("#", "", $permalink);
}
/************ & removal **************/
while (substr_count($permalink, "\\&")) {
$permalink = str_replace("\\&", "", $permalink);
}
/************ . removal **************/
while (substr_count($permalink, ".")) {
$permalink = str_replace(".", "-", $permalink);
}
/************ ! removal **************/
while (substr_count($permalink, "!")) {
$permalink = str_replace("!", "", $permalink);
}
/************ ` removal **************/
while (substr_count($permalink, "`")) {
$permalink = str_replace("`", "", $permalink);
}
/************ ' removal **************/
while (substr_count($permalink, "'")) {
$permalink = str_replace("'", "", $permalink);
}
/************ " removal **************/
while (substr_count($permalink, "\"")) {
$permalink = str_replace('"', "", $permalink);
}
/************ ; removal **************/
while (substr_count($permalink, ";")) {
$permalink = str_replace(';', "", $permalink);
}
/************ " removal **************/
while (substr_count($permalink, '|')) {
$permalink = str_replace('|', "", $permalink);
}
/************ % removal **************/
while (substr_count($permalink, '%')) {
$permalink = str_replace('%', "", $permalink);
}
/************ * removal **************/
while (substr_count($permalink, '*')) {
$permalink = str_replace('*', "", $permalink);
}
/************ ^ removal **************/
while (substr_count($permalink, '^')) {
$permalink = str_replace('^', "", $permalink);
}
/************ \ removal **************/
while (substr_count($permalink, '\\')) {
$permalink = str_replace("\\", "", $permalink);
}
/************ \ removal **************/
/************ , removal **************/
while (substr_count($permalink, ',')) {
$permalink = str_replace(",", "", $permalink);
}
/************ $ removal **************/
while (substr_count($permalink, '$')) {
$permalink = str_replace("\$", "", $permalink);
}
/************ @ removal **************/
while (substr_count($permalink, '@')) {
$permalink = str_replace("@", "", $permalink);
}
while (substr_count($permalink, "--")) {
$permalink = str_replace("--", "-", $permalink);
}
if (empty($pid)) {
$pid = Page_ID;
}
$link = getLink();
if (!empty($category) and empty($ext)) {
$permalink = $permalink . SEF_EXT;
} else {
if (!empty($ext)) {
$ext = str_replace(".", "", $ext);
$permalink = "{$permalink}.{$ext}";
}
}
if (check_permalink('link', $link)) {
redirect(FUrl . $permalink);
} else {
if (!empty($permalink)) {
if ($c = check_permalink('permalink', $permalink)) {
$x = 2;
$permalink = str_replace(SEF_EXT, "", $permalink);
while ($c) {
$p = "{$permalink}-{$x}";
$c = check_permalink('permalink', $p . SEF_EXT);
$x++;
}
$permalink = $p . SEF_EXT;
}
if (!empty($permalink) and $permalink != "-" and !empty($link)) {
$qr = $db->insert(FDBPrefix . 'permalink', array("", "{$link}", "{$permalink}", $pid, 1, 0));
}
if (isset($qr)) {
redirect(FUrl . $permalink);
}
}
}
}
}
}
$info = "{$qr['date']}";
$imgr = md5("{$qr['email']}");
$foto = " <span class='c_gravatar' data-gravatar-hash=\"{$imgr}\"></span>";
$comment = cutWords(htmlToText($qr['comment']), 10);
$hide = Hide;
$cedit = Edit;
$read = Read;
$delete = Delete;
$approve = Approve;
$app = link_param('app', "{$qr['link']}");
$aid = link_param('id', "{$qr['link']}");
$app = "{$qr['apps']}";
if (empty($app)) {
$app = 'article';
}
$lread = $_POST['url'] . check_permalink("link", "?app=article&view=item&id={$aid}", "permalink");
$edit = "?app={$app}&view=comment&act=edit&id={$id}";
$title = oneQuery('article', 'id', $aid, 'title');
$red = '';
if ($qr['status']) {
$approven = "<a class='btn-tools btn btn-danger btn-sm btn-grad disable-user' title='{$hide}' data-id='{$id}'>{$hide}</a><a class='btn-tools btn btn-success btn-sm btn-grad approve-user' title='{$approve}' style='display:none;' data-id='{$id}'>{$approve}</a>";
} else {
$approven = "<a data-id='{$id}' class='btn-tools btn btn-success btn-sm btn-grad approve-user' title='{$approve}'>{$approve}</a><a data-id='{$id}' class='btn-tools btn btn-danger btn-sm btn-grad disable-user' title='{$hide}' style='display:none;'>{$hide}</a>";
$red = "class='unapproved'";
}
echo "<tr {$red}><td style='text-align: center; vertical-align: middle; padding: 7px 8px 6px 10px;'>{$foto}</td><td style='width: 97%; padding: 7px 8px 8px 0;'><b>{$qr['name']}</b> <span>on</span> {$title}<a data-toggle='tooltip' data-placement='right' title='{$info}' class='icon-time tooltips'></a><a data-toggle='tooltip' data-placement='left' title='{$qr['email']}' class='icon-envelope-alt tooltips'></a>\n\t\t\t<br/><span>{$comment} ...</span><br/>\n\t\t\t<div class='tool-box tool-{$no}'>\n\t\t\t\t{$approven}\n\t\t\t\t<a href='{$edit}' class='btn btn-tools tips' title='{$cedit}'>{$cedit}</a>\n\t\t\t\t<a href='{$lread}#comment-{$qr['id']}' target='_blank' class='btn btn-tools tips' title='{$read}'>{$read}</a>\n\t\t\t\t<!--a class='btn btn-tools tips' title='{$delete}'>{$delete}</a-->\n\t\t\t</div>\n\t\t\t</td></tr>";
$no++;
}
if ($no < 1) {
echo "<tr><td style='text-align:center; padding: 40px 0; color: #ccc; font-size: 1.5em'>" . No_Comment . "</td></tr>";
}
if (isset($_GET['pid']) and is_numeric($_GET['pid'])) {
define('Page_ID', pageInfo($_GET['pid'], 'id'));
} else {
define('Page_ID', oneQuery('menu', 'global', 1, 'id'));
}
}
}
} else {
if (SEF_URL) {
if (!empty($pid) and $pid == menuInfo('id')) {
define('Page_ID', $pid);
} else {
if (isset($_GET['pid']) and is_numeric($_GET['pid'])) {
define('Page_ID', pageInfo($_GET['pid'], 'id'));
} else {
$pid = @check_permalink('permalink', $_REQUEST['link'], 'pid');
if ($pid == 0) {
$pid = oneQuery('menu', 'global', 1, 'id');
}
if ($pid == 0) {
$pid = oneQuery('menu', 'home', 1, 'id');
}
define('Page_ID', $pid);
}
}
}
}
}
}
/********************************************/
/* Delete Installer */
break;
}
$lcat = "{$ncat}/{$lcat}";
$i++;
}
$lcat = strtolower($lcat);
$item = articleInfo('title');
add_permalink($item, $lcat, $page);
} else {
if ($view == 'category' or $view == 'catlist') {
$icat = categoryInfo('id');
$ncat = categoryInfo('name');
$page = menuInfo('id', "?app=article&view=category&id={$icat}");
$lcat = "{$ncat}";
$i = 1;
while (empty($page) and !check_permalink('link', getLink()) and $i < 10 and $icat != 0) {
$icat = categoryInfo('parent_id', $icat);
$ncat = categoryInfo('name', $icat);
$page = menuInfo('id', "?app=article&view=category&id={$icat}");
if ($icat == 0) {
break;
}
$lcat = "{$ncat}/{$lcat}";
$i++;
}
$lcat = strtolower($lcat);
$item = articleInfo('title');
if (_FEED_ == 'rss') {
add_permalink("{$lcat}", "", "", "rss");
} else {
add_permalink($lcat, '', $page);
