Esempio n. 1
0
function insert_response()
{
    $id = insert_comment($userId, $request['response'], $request['unit']);
    $query = "INSERT INTO CommentAnswers(id,answerTo) VALUES(?,?)";
    /* Prepared statement, stage 1: prepare */
    if (!($stmt = $mysqli->prepare($query))) {
        echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
    }
    /* Prepared statement, stage 2: bind and execute */
    if (!$stmt->bind_param("ii", $id, $request['responseTo'])) {
        echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    if (!$stmt->execute()) {
        echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    return;
}
Esempio n. 2
0
     header("Location: {$my_pligg_base}/error_404.php");
     die;
 }
 // Hide private group stories
 if ($link->link_group_id) {
     $privacy = $db->get_var("SELECT group_privacy FROM " . table_groups . " WHERE group_id = {$link->link_group_id}");
     if ($privacy == 'private' && !isMember($link->link_group_id)) {
         die('Access denied');
     }
 }
 if (isset($_POST['process']) && sanitize($_POST['process'], 3) != '') {
     if (sanitize($_POST['process'], 3) == 'newcomment') {
         check_referrer();
         $vars = array('user_id' => $link->author, 'link_id' => $link->id);
         check_actions('comment_subscription', $vars);
         insert_comment();
     }
 }
 require_once mnminclude . 'check_behind_proxy.php';
 // Set globals
 $globals['link_id'] = $link->id;
 $globals['category_id'] = $link->category;
 $globals['category_name'] = $link->category_name();
 $globals['category_url'] = $link->category_safe_name();
 $vars = '';
 check_actions('story_top', $vars);
 $main_smarty->assign('link_submitter', $link->username());
 // setup breadcrumbs and page title
 $main_smarty->assign('posttitle', $link->title);
 $navwhere['text1'] = $globals['category_name'];
 $navwhere['link1'] = getmyurl('maincategory', $globals['category_url']);
Esempio n. 3
0
        break;
    case 'sneak':
        $tab_option = 5;
        break;
    case 'favorites':
        $tab_option = 6;
        break;
    case 'trackbacks':
        $tab_option = 7;
        break;
    default:
        not_found();
}
// When we insert a comment we also modify $link
if ($_POST['process'] == 'newcomment') {
    $new_comment_error = insert_comment();
}
// Set globals
$globals['link'] =& $link;
$globals['link_id'] = $link->id;
$globals['category_id'] = $link->category;
$globals['category_name'] = $link->category_name;
$globals['link_permalink'] = $globals['link']->get_permalink();
// to avoid search engines penalisation
if ($tab_option != 1 || $link->status == 'discard') {
    $globals['noindex'] = true;
}
do_modified_headers($link->modified, $current_user->user_id . '-' . $globals['link_id'] . '-' . $link->comments . '-' . $link->modified);
// Enable user AdSense
// do_user_ad: 0 = noad, > 0: probability n/100
if ($link->status == 'published' && $link->user_karma > 7 && !empty($link->user_adcode)) {
Esempio n. 4
0
<?php

$app->get('/comments/unit/:id', function ($id) {
    include_once 'libs/comment.php';
    echo json_encode(fetch_comments_unit($id));
});
$app->post('/comments/unit/', function ($id) {
    include_once 'libs/comment.php';
    $request = get_request_json();
    echo json_encode(insert_comment($userId, $request['comment'], $request['unit']));
});
$app->put('/comments/unit/', function ($id) {
    include_once 'libs/comment.php';
    $request = get_request_json();
    echo json_encode(update_comment($userId, $request['comment'], $request['unit']));
});
$app->post('/comments/unit/response', function ($id) {
    include_once 'libs/comment.php';
    $request = get_request_json();
    echo json_encode(insert_response($userId, $request['comment'], $request['unit']));
});
$app->post('/comments/rate', function ($id) {
    include_once 'libs/comment.php';
    $request = get_request_json();
    echo json_encode(rate_comment($userId, $request['comment'], $request['unit']));
});
Esempio n. 5
0
<?php

session_start();
require_once "new_connection.php";
if (isset($_POST['action']) && $_POST['action'] == 'messaging') {
    insert_message($_POST);
}
if (isset($_POST['action']) && $_POST['action'] == 'comments') {
    insert_comment($_POST);
}
function insert_message($post)
{
    // Making sure that the message is not blank, not gonna allow people to post blank messages. That would be annoying.
    if (trim($post['message']) == "") {
        $_SESSION['blank'] = "Your message cannot be blank!";
        header('Location: wall.php');
        exit;
    }
    if (!trim($post['message']) == "") {
        $query = "INSERT INTO messages (user_id, message, created_at, updated_at) VALUES ('{$_SESSION['user_id']}', '{$post['message']}', NOW(), NOW())";
        run_mysql_query($query);
        header('Location: wall.php');
        exit;
    }
}
function insert_comment($post)
{
    // Making sure that comment is not empty, don't want any empty comments clogging up my database
    if (empty($post['comment'])) {
        $_SESSION['blank'] = "Your comment cannot be blank!";
        header('Location: wall.php');
/**
 * validate_comment
 * 
 * 
 * 
 * 
 * 
 * 
 */
function validate_comment($config_comments, $article)
{
    if (!session_id()) {
        session_start();
    }
    if (!isset($_POST)) {
        return false;
    }
    if (!isset($_SESSION['comment_data'])) {
        return false;
    }
    $form_data = array();
    // recreate token values
    $salt = $_SESSION['comment_data']['salt'];
    $now = date('Ymdh');
    $token_name = md5($article['id'] . $now . $salt);
    $token_value = md5($salt . $now . $article['id']);
    // check comment posted
    if (isset($_SESSION['comment_posted']) && $_SESSION['comment_posted'] > time()) {
        $delay = $_SESSION['comment_posted'] - time();
        $form_data['error'][] = "You need to wait " . $delay . " seconds before posting another comment";
    }
    // check session/POST token
    if (isset($_SESSION['comment_data'][$token_name])) {
        if ($_SESSION['comment_data'][$token_name] != $token_value) {
            $form_data['error'][] = "<!--session value not set correctly-->";
        }
        if (isset($_POST[$token_name])) {
            if ($_POST[$token_name] != $_SESSION['comment_data'][$token_name]) {
                $form_data['error'][] = "<!--post token does not match session-->";
            }
        } else {
            $form_data['error'][] = "<!--post token not set-->";
        }
        unset($_SESSION['comment_data'][$token_name]);
        // one hour's grace
    } else {
        $prev_now = date('Ymdh', strtotime('1 hour ago'));
        $prev_name = md5($article_id . $prev_now . $salt);
        $prev_value = md5($salt . $prev_now . $article_id);
        if (isset($_SESSION['comment_data'][$prev_name])) {
            if ($_SESSION['comment_data'][$prev_name] != $prev_value) {
                $form_data['error'][] = "<!--prev session value not set correctly-->";
            }
            if (isset($_POST[$token_name])) {
                if ($_POST[$token_name] != $_SESSION['comment_data'][$token_name]) {
                    $form_data['error'][] = "<!--post token does not match prev session-->";
                }
            } else {
                $form_data['error'][] = "<!--prev post token not set-->";
            }
        } else {
            $form_data['error'][] = "<!--session not correctly set-->";
        }
        unset($_SESSION['comment_data'][$prev_name]);
    }
    // check maths answer
    if (isset($_SESSION['comment_data']['comment_answer'])) {
        if (!empty($_POST['comment_answer'])) {
            if ($_POST['comment_answer'] != $_SESSION['comment_data']['comment_answer']) {
                $form_data['error'][] = "Security answer was incorrect";
            }
        } else {
            $form_data['error'][] = "Security answer not given";
        }
    }
    // standard validation
    // moderate
    $form_data['approved'] = empty($config_comments['moderate']) ? 1 : 0;
    // poster_name - required/URLs not allowed
    if (!empty($_POST['poster_name'])) {
        $poster_name = clean_input($_POST['poster_name']);
        if (stripos($poster_name, '://') !== false) {
            $poster_name = '';
        }
        if (empty($poster_name)) {
            $form_data['error'][] = "Invalid name entered";
        }
    } else {
        $poster_name = 'No-one of consequence';
    }
    $form_data['poster_name'] = $poster_name;
    // poster_link - valid web address/strip html
    $form_data['poster_link'] = !empty($_POST['poster_link']) ? clean_input($_POST['poster_link']) : '';
    // poster_email - must be email address
    if (!empty($_POST['poster_email'])) {
        $poster_email = clean_input($_POST['poster_email']);
        if (validate_email($poster_email) == false) {
            $form_data['error'][] = "Please enter a valid email address";
        } else {
            $form_data['poster_email'] = $poster_email;
        }
    } else {
        $form_data['poster_email'] = '';
    }
    // comment title - optional
    if (!empty($_POST['comment_title'])) {
        $form_data['comment_title'] = clean_input($_POST['comment_title']);
        if (stripos($form_data['comment_title'], $disallowed) !== false) {
            $form_data['comment_title'] = '';
        }
    } else {
        $form_data['comment_title'] = '';
    }
    // comment body - required / strip html?
    $allow_html = $config_comments['allow_html'];
    if (!empty($_POST['comment_body'])) {
        $form_data['body'] = clean_input($_POST['comment_body'], $allow_html);
        if (empty($form_data['body'])) {
            $form_data['error'][] = "HTML code is not allowed - as a result your comment has been deleted";
        }
    } else {
        $form_data['error'][] = "No comment entered";
    }
    // article_id - required
    $form_data['article_id'] = $article['id'];
    // reply id - optional / integer
    $form_data['reply_id'] = !empty($_POST['reply_id']) ? (int) $_POST['reply_id'] : 0;
    // others
    $form_data['poster_IP'] = $_SERVER['REMOTE_ADDR'];
    $form_data['date_uploaded'] = date('Y-m-d H:i:s');
    $form_data['author_id'] = isset($_SESSION['ad_user_id']) ? (int) $_SESSION['ad_user_id'] : 0;
    // data for comment approval email
    if (empty($form_data['approved'])) {
        $form_data['article_title'] = $article['title'];
        $form_data['author_email'] = $article['author_email'];
        $form_data['author_name'] = $article['author_name'];
    }
    // clear comment session
    unset($_SESSION['comment_data']);
    if (!empty($form_data['error'])) {
        return $form_data['error'];
    } else {
        insert_comment($form_data);
        return false;
    }
}
Esempio n. 7
0
<?php

/* AFFICHAGE D'UN EVENEMENT */
/**** Préparation des contenus ****/
// Appels au modèle
// Appels au modèle
require MODELES . 'events/getEventDetails.php';
require MODELES . 'events/insert_comment.php';
require MODELES . 'events/checkParticipation.php';
require MODELES . 'events/getMembersPicture.php';
require MODELES . 'events/getEventPicture.php';
$_GET['id'] = htmlspecialchars($_GET['id']);
if (!empty($_POST) && !empty($_POST['comment'])) {
    $_POST['comment'] = htmlspecialchars($_POST['comment']);
    insert_comment($_POST['comment'], $_GET['id'], $_SESSION['id']);
    header("Location: " . getLink(['events', 'display', $_GET['id']]));
}
// Chargement des paramètres de la page
$event = getEvents($_GET['id']);
$contents['titreEvenement'] = $event['titre'];
$title = $event['titre'];
$styles = ['events.css', 'form.css', 'simple-slideshow.css'];
$scripts = ['alert.js', 'simple-slideshow.js', 'participate.js'];
$blocks = ['display'];
// Affectation des valeurs spécifiques à l'event :
// @ Guillaume & Aude : si l'event n'est pas trouvé, il faut rediriger vers getLink(['accueil','404'])
$type = eventType($_GET['id']);
$contents['type'] = $type[0];
$photo_principale = getEventPicture($_GET['id']);
if ($photo_principale) {
    $contents['photo_principale'] = PHOTO_EVENT . $photo_principale[0];
Esempio n. 8
0
<?php

include 'functions.php';
session_start();
check_valid_user();
$post_id = $_POST['post_id'];
$title = $_POST['title'];
$content = $_POST['content'];
//do_html_header('Post comment');
$result = insert_comment($post_id, $title, $content);
if ($result) {
    header('Content-Type: text/xml');
    /*	echo "<?xml version=\"1.0\" ?>
    		<comment>
    			<post_id>".$post_id."</post_id>
    			<title>".$title."</title>
    			<content>".$content."</content>
    			</comment>";
     */
    echo $title . "," . $content;
} else {
    echo "Fail to post your comment.";
}
//do_html_url('blog/post.php?id='.$post_id, 'Back to post');
//do_html_footer();
Esempio n. 9
0
$smarty->assign('indiv', $o);
# populate keyword array
keyword_push(gtc("Comments"));
keyword_push($o->full_name());
# assign other smarty variables
$smarty->assign('page_title', sprintf(gtc("Comments for %s"), $o->full_name()));
$smarty->assign('surname_title', sprintf(gtc("%s Surname"), $o->sname));
$content_title = $o->prefix . ' ' . $o->full_name();
if ($o->suffix) {
    $content_title .= ', ' . $o->suffix;
}
$smarty->assign('content_title', $content_title);
# If the form has been posted then let's validate the form variables
if (!empty($_POST)) {
    if (empty($_POST['email'])) {
        $form_errors['email'] = gtc("YOU MUST ENTER AN EMAIL ADDRESS");
    } elseif (!rgds_is_email(trim($_POST['email']))) {
        $form_errors['email'] = gtc("THE EMAIL ADDRESS YOU ENTERED IS NOT VALID");
    }
    if (empty($_POST['comment'])) {
        $form_errors['comment'] = gtc("PLEASE ENTER SOME TEXT");
    }
    $smarty->assign('form_errors', $form_errors);
    # The form validated ok, so now save the data
    if (!$form_errors) {
        insert_comment($g_indiv, $_POST['email'], $_POST['comment']);
        $comment_preview = rgds_parse_links($_POST['comment']);
        $smarty->assign('comment_preview', $comment_preview);
        $smarty->assign('SAVED', 1);
    }
}
Esempio n. 10
0
<?php

include 'functions/connect_bd.php';
include 'functions/functions.php';
$mysqli = connect();
if (isset($_GET["action"])) {
    $action = $_GET["action"];
} else {
    $action = "";
}
if ($action == "add") {
    $id = $_GET["id"];
    $author = $_POST["author"];
    $page_id = $_POST["page_id"];
    $comment = $_POST["comment"];
    $insert = insert_comment($mysqli, $author, $page_id, $comment);
    header("Location: single_article.php?id={$id}");
} else {
    $id = $_GET["id"];
    $mydata_article = take_single_article($mysqli, $id);
    $mydata_comment = take_comment($mysqli, $id);
    include 'view/single_view.php';
}