$error = 1; } } if ($user_name == "") { $msg .= ($msg != "" ? "<br />" : "") . $lang['name_required']; $error = 1; } if ($comment_headline == "") { $msg .= ($msg != "" ? "<br />" : "") . $lang['headline_required']; $error = 1; } if ($comment_text == "") { $msg .= ($msg != "" ? "<br />" : "") . $lang['comment_required']; $error = 1; } if ($captcha_enable_comments && !captcha_validate($captcha)) { $msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required']; $error = 1; } if (!$error) { $sql = "INSERT INTO " . COMMENTS_TABLE . "\n (image_id, user_id, user_name, comment_headline, comment_text, comment_ip, comment_date)\n VALUES\n ({$id}, " . $user_info['user_id'] . ", '{$user_name}', '{$comment_headline}', '{$comment_text}', '" . $session_info['session_ip'] . "', " . time() . ")"; $site_db->query($sql); $commentid = $site_db->get_insert_id(); update_comment_count($id, $user_info['user_id']); $msg = $lang['comment_success']; $site_sess->set_session_var("msgdetails", $msg); redirect(ROOT_PATH . "details.php?" . URL_IMAGE_ID . "=" . $image_id . (!empty($mode) ? "&mode=" . $mode : "") . ($page > 1 ? "&page=" . $page : "")); } } unset($row); unset($spam_row);
if ($user_email != "") { if (check_email($user_email)) { $sql = "SELECT " . get_user_table_field("", "user_email") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_email") . " = '" . strtolower($user_email) . "'"; if ($site_db->not_empty($sql)) { $msg .= ($msg != "" ? "<br />" : "") . $lang['email_exists']; $error = 1; } } else { $msg .= ($msg != "" ? "<br />" : "") . $lang['invalid_email_format']; $error = 1; } } else { $msg .= ($msg != "" ? "<br />" : "") . ($field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $lang['email']), $lang['field_required'])); $error = 1; } if ($captcha_enable_registration && !captcha_validate($captcha)) { $msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required']; $error = 1; } if (!empty($additional_user_fields)) { foreach ($additional_user_fields as $key => $val) { if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") { $error = 1; $field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $val[0]), $lang['field_required']); $msg .= ($msg != "" ? "<br />" : "") . $field_error; } } } } else { $error = 1; }
$uploaderror = 0; if ($cat_id == 0) { $error = 1; $field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $lang['category']), $lang['field_required']); $msg .= ($msg != "" ? "<br />" : "") . $field_error; } if ((empty($HTTP_POST_FILES['media_file']['tmp_name']) || $HTTP_POST_FILES['media_file']['tmp_name'] == "none") && ($remote_media_file == "" || !check_remote_media($remote_media_file))) { $error = 1; $msg .= ($msg != "" ? "<br />" : "") . $lang['image_file_required']; } if ($image_name == "") { $error = 1; $field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']); $msg .= ($msg != "" ? "<br />" : "") . $field_error; } if ($captcha_enable_upload && !captcha_validate($captcha)) { $msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required']; $error = 1; } if (!empty($additional_image_fields)) { foreach ($additional_image_fields as $key => $val) { if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") { $error = 1; $field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $val[0]), $lang['field_required']); $msg .= ($msg != "" ? "<br />" : "") . $field_error; } } } if (!$error) { // Start Upload include ROOT_PATH . 'includes/upload.php';
$bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color'])); $border_color = un_htmlspecialchars(trim($HTTP_POST_VARS['border_color'])); $font_color = un_htmlspecialchars(trim($HTTP_POST_VARS['font_color'])); $font_face = un_htmlspecialchars(trim($HTTP_POST_VARS['font_face'])); $sender_name = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_name'])); $sender_email = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_email'])); $recipient_name = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_name'])); $recipient_email = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_email'])); $headline = un_htmlspecialchars(trim($HTTP_POST_VARS['headline'])); $message = un_htmlspecialchars(trim($HTTP_POST_VARS['message'])); $message = strip_tags($message); $captcha = isset($HTTP_POST_VARS['captcha']) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : ""; $back_url = !empty($HTTP_POST_VARS['back_url']) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['back_url']))) : $site_sess->url(ROOT_PATH . "index.php", "&"); $postcard_id = get_random_key(POSTCARDS_TABLE, "postcard_id"); $current_time = time(); if ($captcha_enable_postcards && !captcha_validate($captcha)) { $msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required']; $action = "previewcard"; $main_template = "postcard_preview"; } else { $sql = "INSERT INTO " . POSTCARDS_TABLE . "\n (postcard_id, image_id, postcard_date, postcard_bg_color, postcard_border_color, postcard_font_color, postcard_font_face, postcard_sender_name, postcard_sender_email, postcard_recipient_name, postcard_recipient_email, postcard_headline, postcard_message)\n VALUES\n ('{$postcard_id}', {$image_id}, {$current_time}, '{$bg_color}', '{$border_color}', '{$font_color}', '{$font_face}', '{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$headline}', '{$message}')"; $result = $site_db->query($sql); if ($result) { $postcard_url = $script_url . "/postcards.php?" . URL_POSTCARD_ID . "=" . $postcard_id; include ROOT_PATH . 'includes/email.php'; $site_email = new Email(); $site_email->set_to(stripslashes($recipient_email)); $site_email->set_from(stripslashes($sender_email), stripslashes($sender_name)); $site_email->set_subject($lang['send_postcard_emailsubject']); $site_email->register_vars(array("sender_name" => stripslashes($sender_name), "sender_email" => stripslashes($sender_email), "recipient_name" => stripslashes($recipient_name), "postcard_url" => stripslashes($postcard_url), "postcard_send_date" => format_date($config['date_format'] . " " . $config['time_format'], $current_time), "site_name" => $config['site_name'])); $site_email->set_body("postcard_message", $config['language_dir']);