function Joom_CommentPic($id)
{
$config = Joom_getConfig();
$mainframe =& JFactory::getApplication('site');
$database =& JFactory::getDBO();
$user =& JFactory::getUser();
//Check for hacking attempt
$database->setQuery(" SELECT\n COUNT(id)\n FROM \n #__joomgallery AS a\n LEFT JOIN \n #__joomgallery_catg AS c ON c.cid=a.catid\n WHERE \n a.published = '1' \n AND a.approved = '1'\n AND a.id = '" . $id . "' \n AND c.access <= '" . $user->get('aid') . "'\n ");
$result = $database->loadResult();
if ($result != 1 || $config->jg_showcomment == 0 || $config->jg_anoncomment == 0 && $user->get('aid') < 1) {
die('Hacking attempt, aborted!');
}
$codeisright = 1;
if ($config->jg_secimages == 2 || $config->jg_secimages == 1 && $user->get('aid') < 1) {
if (file_exists(JPATH_ROOT . DS . 'components' . DS . 'com_easycaptcha' . DS . 'class.easycaptcha.php')) {
include_once JPATH_ROOT . DS . 'components' . DS . 'com_easycaptcha' . DS . 'class.easycaptcha.php';
$captcha = new easyCaptcha($this->jg_captcha_id);
$codeisright = $captcha->checkEnteredCode($this->jg_code) ? 1 : 0;
}
}
if ($codeisright == 1) {
// Save new values
$cmtip = $_SERVER['REMOTE_ADDR'];
$cmtdate = time();
if ($config->jg_approvecom == 0 || $config->jg_approvecom == 1 && $user->get('aid') > 0) {
$approve = 1;
} elseif ($config->jg_approvecom == 1 && $user->get('aid') < 1 || $config->jg_approvecom == 2) {
$approve = 0;
// message about new comment TODO
$cmtsenderid = $user->get('aid') < 1 ? "62" : $user->get('id');
require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_messages' . DS . 'tables' . DS . 'message.php';
$database->setQuery(" SELECT \n id \n FROM \n #__users \n WHERE \n sendEmail = '1'\n ");
$users = $database->loadResultArray();
foreach ($users as $user_id) {
$msg = new TableMessage($database);
$msg->send($cmtsenderid, $user_id, JText::_('JGS_ALERT_NEW_COMMENT'), JText::_('JGS_ALERT_NEW_COMMENT_MESSAGE_PARTONE') . $this->cmtname . JText::_('JGS_ALERT_NEW_COMMENT_MESSAGE_PARTTWO'));
}
}
//change \r\n or \n to <br />
$this->cmttext = nl2br(stripslashes($this->cmttext));
$database->setQuery(" INSERT INTO \n #__joomgallery_comments\n VALUES(\n '', \n '{$id}', \n '{$cmtip}',\n '{$this->userid}', \n '{$this->cmtname}', \n '{$this->cmttext}', \n '{$cmtdate}', \n '1', \n '{$approve}'\n )\n ");
$database->query();
# Get back to details page
if ($config->jg_approvecom == 0 || $config->jg_approvecom == 1 && $user->get('aid') > 0) {
$mosmsg = JText::_('JGS_ALERT_COMMENT_SAVED');
} else {
$mosmsg = JText::_('JGS_ALERT_COMMENT_SAVED_BUT_NEEDS_ARROVAL');
}
$mainframe->redirect(JRoute::_('index.php?option=com_joomgallery&func=detail&id=' . $id . _JOOM_ITEMID, false), $mosmsg);
} else {
?>
<form id="send_form" name="commentform" action="<?php
echo JRoute::_('index.php?option=com_joomgallery&func=detail&id=' . $id . _JOOM_ITEMID . '#joomcommentform');
?>
" method="post" class="jg_displaynone">
<textarea cols="40" rows="8" name="cmttext" class="inputbox" wrap="virtual">
<?php
echo $this->cmttext;
?>
</textarea>
</form>
<script type="text/javascript">
alert("<?php
echo JText::_('JGS_ALERT_SECURITY_CODE_WRONG', true);
?>
");
document.getElementById('send_form').submit();
</script>
<?php
}
}
