function checkUserPass($input) { $output = clean(cleanXSS($input)); $output = strip_tags($output); if (ctype_alnum($output) === true && strlen($output) > 3 && strlen($output) < 14) { return $output; } else { return null; } }
* @todo Replace the customized Framework with the latest uncustomized Green Framework? */ /** * */ define('FRAMEWORK_STARTING_MICROTIME', get_microtime()); // All constants that can be defined before customizing your framework if (!defined('DEBUG')) { define('DEBUG', false); } if (!defined('CORE_ROOT')) { define('CORE_ROOT', dirname(__FILE__)); } // Turn on experimental XSS filtering? if (defined('GLOBAL_XSS_FILTERING') && GLOBAL_XSS_FILTERING) { cleanXSS(); } if (!defined('APP_PATH')) { define('APP_PATH', CORE_ROOT . DIRECTORY_SEPARATOR . 'app'); } if (!defined('HELPER_PATH')) { define('HELPER_PATH', CORE_ROOT . DIRECTORY_SEPARATOR . 'helpers'); } if (!defined('BASE_URL')) { define('BASE_URL', 'http://' . dirname($_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']) . '/?/'); } if (!defined('DEFAULT_CONTROLLER')) { define('DEFAULT_CONTROLLER', 'index'); } if (!defined('DEFAULT_ACTION')) { define('DEFAULT_ACTION', 'index');
function comment($freeze_status) { $comments_order = s('comments_order'); $category = get_id('category'); $article = get_id('article'); $commentspage = get_id('commentspage'); if (isset($_POST['commentspage'])) { $go_to_page = $_POST['commentspage']; } $query = "SELECT * FROM " . s('prefix') . "articles WHERE seftitle = '{$article}'"; $result = mysql_query($query); while ($r = mysql_fetch_array($result)) { $articleid = $r['id']; $id = $r['id']; } if ($commentspage == 0) { $commentspage = 1; } // if (isset($_POST['comment']) AND strlen($_POST['name']) > 2 AND strlen($_POST['comment']) > 5) { if (isset($_POST['comment']) and audit() and strlen($_POST['name']) > 2 and strlen($_POST['comment']) > 5) { echo "<h2>" . l('comment_sent') . "</h2>"; if ($go_to_page > 1) { echo "<p><a href='" . s('website') . $_POST['category'] . "/" . $_POST['article'] . "/" . $go_to_page . "/'>" . l('backarticle') . "</a></p>"; } else { echo "<p><a href='" . s('website') . $_POST['category'] . "/" . $_POST['article'] . "/'>" . l('backarticle') . "</a></p>"; } $name = $_POST['name']; $comment = $_POST['text']; $time = date('Y-m-d H:i:s'); $articleid = $_POST['id']; mysql_query("INSERT INTO " . s('prefix') . "comments(articleid,name,comment,time) VALUES('{$articleid}', '{$name}', '{$comment}', '{$time}')"); } else { if (isset($_POST['comment'])) { echo "<h2>" . l('comment_error') . "</h2>"; echo "<p>" . l('ce_reasons') . "</p>"; echo "<p><a href='index.php?id=" . $articleid . "&commentspage=" . $commentspage . "'>" . l('back') . "</a></p>"; } else { $results_per_page = s('results_per_page'); $pageNum = 1; if (isset($commentspage)) { $pageNum = $commentspage; } $offset = ($pageNum - 1) * $results_per_page; $totalrows = "SELECT * FROM " . s('prefix') . "comments WHERE articleid = {$articleid} ORDER by id DESC"; $rowsresult = mysql_query($totalrows) or die(s('dberror')); $numrows = mysql_num_rows($rowsresult); $query = "SELECT * FROM " . s('prefix') . "comments WHERE articleid = {$articleid} ORDER by id {$comments_order} LIMIT {$offset}, {$results_per_page}"; $result = mysql_query($query) or die(s('dberror')); while ($r = mysql_fetch_array($result)) { echo "<div class='comments'><p>" . cleanXSS($r['comment']) . "</p>"; $date = date(s('comment_dt_format'), strtotime($r['time'])); echo "<p><img src='" . s('website') . "images/commentname.gif' alt='>' /> <b>" . cleanXSS($r['name']) . "</b>"; if (date("Y", strtotime($r['time'])) == 1999 or s('display_comment_time') == "NO") { $date = ""; } else { echo " <img src='" . s('website') . "images/arrow.gif' alt='|' /> "; echo $date; } if (isset($_SESSION['Logged_In'])) { echo " <img src='" . s('website') . "images/arrow.gif' alt='|' /> "; ?> <a href="<?php echo s('website'); ?> index.php?action=process&action=editcomment&commentid=<?php echo $r['id']; ?> "><?php echo l('edit'); ?> </a> <img src="<?php echo s('website'); ?> images/arrow.gif" alt="|" /> <a href="<?php echo s('website'); ?> index.php?action=process&task=deletecomment&articleid=<?php echo $articleid; ?> &commentid=<?php echo $r['id']; ?> "<?php if_javascript_on(" onclick='return confirm(\"" . l('warning_delete') . "\");'"); ?> "><?php echo l('delete_comment'); ?> </a> <?php } echo "</p></div>"; } $maxPage = ceil($numrows / $results_per_page); $back_to_page = ceil(($numrows + 1) / $results_per_page); $self = $_SERVER['PHP_SELF']; if ($pageNum > 1) { $page = $pageNum - 1; if ($page == 1) { $prev = " <a href='" . s('website') . $category . "/" . $article . "/'>< " . l('previous_page') . "</a> "; } else { $prev = " <a href='" . s('website') . $category . "/" . $article . "/" . $page . "/'>< " . l('previous_page') . "</a> "; } $first = " <a href='" . s('website') . $category . "/" . $article . "/'><< " . l('first_page') . "</a>"; } else { $prev = "< " . l('previous_page'); $first = "<< " . l('first_page'); } if ($pageNum < $maxPage) { $page = $pageNum + 1; $next = " <a href='" . s('website') . $category . "/" . $article . "/" . $page . "/'>" . l('next_page') . " ></a> "; $last = " <a href='" . s('website') . $category . "/" . $article . "/" . $maxPage . "/'>" . l('last_page') . " >></a> "; } else { $next = l('next_page') . " > "; $last = l('last_page') . " >>"; } if ($maxPage > 1) { echo "<div class='date'>" . $first . " " . $prev . " <strong> [{$pageNum}</strong> / <strong>{$maxPage}] </strong> " . $next . " " . $last . "</div>"; } if ($freeze_status != "freezed") { ?> <div class="commentsbox"> <h2><?php echo l('addcomment'); ?> </h2> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <p><?php echo l('comment'); ?> </p> <p><textarea name="text" class="text" rows="5" cols="5"></textarea></p> <p><?php echo l('name'); ?> </p> <p><input name="name" type="text" class="field" id="name" /></p> <!-- Mod commets validation by bramsyuur --> <p><?php echo l('code_validation'); ?> </p> <p><img width="120" height="30" src="core/button.php" alt="" /></p> <p><?php echo l('enter_validation_code'); ?> </p> <p><input maxlength="5" size="5" name="userdigit" type="text" class="field" value="" /></p> <!-- End comments validation by bramsyuur--> <p><input name="category" id="category" type="hidden" value="<?php echo get_id('category'); ?> " /> <input name="id" id="id" type="hidden" value="<?php echo $articleid; ?> " /> <input name="article" id="article" type="hidden" value="<?php echo get_id('article'); ?> " /> <input name="commentspage" id="commentspage" type="hidden" value="<?php echo $back_to_page; ?> " /></p> <p><input name="comment" type="submit" class="<?php echo s('button'); ?> " value="<?php echo l('sendcomment'); ?> " /></p> </form> </div><?php } } } }