function Joom_CommentPic($id) { $config = Joom_getConfig(); $mainframe =& JFactory::getApplication('site'); $database =& JFactory::getDBO(); $user =& JFactory::getUser(); //Check for hacking attempt $database->setQuery(" SELECT\n COUNT(id)\n FROM \n #__joomgallery AS a\n LEFT JOIN \n #__joomgallery_catg AS c ON c.cid=a.catid\n WHERE \n a.published = '1' \n AND a.approved = '1'\n AND a.id = '" . $id . "' \n AND c.access <= '" . $user->get('aid') . "'\n "); $result = $database->loadResult(); if ($result != 1 || $config->jg_showcomment == 0 || $config->jg_anoncomment == 0 && $user->get('aid') < 1) { die('Hacking attempt, aborted!'); } $codeisright = 1; if ($config->jg_secimages == 2 || $config->jg_secimages == 1 && $user->get('aid') < 1) { if (file_exists(JPATH_ROOT . DS . 'components' . DS . 'com_easycaptcha' . DS . 'class.easycaptcha.php')) { include_once JPATH_ROOT . DS . 'components' . DS . 'com_easycaptcha' . DS . 'class.easycaptcha.php'; $captcha = new easyCaptcha($this->jg_captcha_id); $codeisright = $captcha->checkEnteredCode($this->jg_code) ? 1 : 0; } } if ($codeisright == 1) { // Save new values $cmtip = $_SERVER['REMOTE_ADDR']; $cmtdate = time(); if ($config->jg_approvecom == 0 || $config->jg_approvecom == 1 && $user->get('aid') > 0) { $approve = 1; } elseif ($config->jg_approvecom == 1 && $user->get('aid') < 1 || $config->jg_approvecom == 2) { $approve = 0; // message about new comment TODO $cmtsenderid = $user->get('aid') < 1 ? "62" : $user->get('id'); require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_messages' . DS . 'tables' . DS . 'message.php'; $database->setQuery(" SELECT \n id \n FROM \n #__users \n WHERE \n sendEmail = '1'\n "); $users = $database->loadResultArray(); foreach ($users as $user_id) { $msg = new TableMessage($database); $msg->send($cmtsenderid, $user_id, JText::_('JGS_ALERT_NEW_COMMENT'), JText::_('JGS_ALERT_NEW_COMMENT_MESSAGE_PARTONE') . $this->cmtname . JText::_('JGS_ALERT_NEW_COMMENT_MESSAGE_PARTTWO')); } } //change \r\n or \n to <br /> $this->cmttext = nl2br(stripslashes($this->cmttext)); $database->setQuery(" INSERT INTO \n #__joomgallery_comments\n VALUES(\n '', \n '{$id}', \n '{$cmtip}',\n '{$this->userid}', \n '{$this->cmtname}', \n '{$this->cmttext}', \n '{$cmtdate}', \n '1', \n '{$approve}'\n )\n "); $database->query(); # Get back to details page if ($config->jg_approvecom == 0 || $config->jg_approvecom == 1 && $user->get('aid') > 0) { $mosmsg = JText::_('JGS_ALERT_COMMENT_SAVED'); } else { $mosmsg = JText::_('JGS_ALERT_COMMENT_SAVED_BUT_NEEDS_ARROVAL'); } $mainframe->redirect(JRoute::_('index.php?option=com_joomgallery&func=detail&id=' . $id . _JOOM_ITEMID, false), $mosmsg); } else { ?> <form id="send_form" name="commentform" action="<?php echo JRoute::_('index.php?option=com_joomgallery&func=detail&id=' . $id . _JOOM_ITEMID . '#joomcommentform'); ?> " method="post" class="jg_displaynone"> <textarea cols="40" rows="8" name="cmttext" class="inputbox" wrap="virtual"> <?php echo $this->cmttext; ?> </textarea> </form> <script type="text/javascript"> alert("<?php echo JText::_('JGS_ALERT_SECURITY_CODE_WRONG', true); ?> "); document.getElementById('send_form').submit(); </script> <?php } }