$c_result .= comment_tmpl($comment_tmpl . '_12', $mn_url, $c_i); $conf['comments_order'] == 'reverse' ? $c_i-- : $c_i++; } else { continue; } } } if (!empty($c_result)) { echo '<div id="mn-comments">' . encoding($c_result) . '</div>'; } else { echo '<p id="mn-comments" class="mn-comment-info">' . encoding($lang['web_msg_no_comments']) . '</p>'; } } elseif ($p['comments'] == 1) { echo '<p id="mn-comments" class="mn-comment-info">' . encoding($lang['web_msg_no_comments']) . '</p>'; } if ($p['comments'] == 1 && check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) { echo '<p class="mn-comment-info">' . encoding($lang['web_msg_banned_ip']) . '</p>'; } elseif ($p['comments'] == 1 && $conf['comments'] == '1') { $post_id = $p['id']; include MN_ROOT . 'stuff/inc/tmpl/comment-form.php'; } elseif ($p['comments'] == 1 && $conf['comments'] == '2') { if (isset($_COOKIE['mn_logged']) && isset($_COOKIE['mn_user_name']) || isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash'])) { $post_id = $p['id']; include MN_ROOT . 'stuff/inc/tmpl/comment-form.php'; } else { include MN_ROOT . 'stuff/inc/tmpl/login-form.php'; } } else { $mn_comments_id = empty($c_result) ? ' id="mn-comments"' : ''; echo '<p' . $mn_comments_id . ' class="mn-comment-info">' . encoding($lang['web_msg_comments_forbidden']) . '</p>'; }
$post = get_post_data($_POST['post_id']); $mn_redir = isset($_POST['redir']) && !empty($_POST['redir']) ? $_POST['redir'] : str_replace('&mn_msg=c_added', '', $_SERVER['HTTP_REFERER']); $conf['comments_antiflood'] = isset($conf['comments_antiflood']) && is_numeric($conf['comments_antiflood']) ? $conf['comments_antiflood'] : '30'; if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] && !check_hash()) { session_destroy(); $url_data = explode('/', $conf['admin_url']); setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); setcookie('mn_logged', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); header('location: ' . $mn_redir . '#mn-comment-form'); exit; } elseif (isset($_SESSION['mn_logged']) && !$_SESSION['mn_logged'] && isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) { permanent_login(); } elseif (in_array(@$_POST['comment_author'], $mn_users) || isset($_POST['comment_pass']) && !empty($_POST['comment_pass'])) { do_login($_POST['comment_author'], $_POST['comment_pass'], false); } if ($post['comments'] == '1' && ($conf['comments'] === true || $conf['comments'] >= 1) && !check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) { // Check for correct captcha code if ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) { require_once './stuff/inc/recaptchalib.php'; $captcha = recaptcha_check_answer('6LfnaQoAAAAAAPi1X1HiWwEWBnCmJ7jLUc5biRpE', $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); } if (isset($_POST['preview']) && isset($_POST['comment_text']) && !empty($_POST['comment_text'])) { $preview = true; } elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && in_array($_POST['comment_author'], $mn_users)) { $error_msg = $lang['comm_msg_password']; } elseif (isset($_SESSION['mn_comm_time']) && $_SESSION['mn_comm_time'] + $conf['comments_antiflood'] > time()) { $error_msg = $lang['comm_msg_flood']; } elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha'] && !$captcha->is_valid) { $error_msg = $lang['comm_msg_captcha']; } else { if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] || $_POST['robot'] === trim($conf['comments_antispam'])) {
} else { $var['hide_form'] = true; login_screen($lang['login_login'], $lang['login_msg_install_file'], 'warning'); } } elseif (file_exists('./install.php')) { if (file_exists(MN_ROOT . $file['users'])) { header('location: ./mn-login.php?install-file'); exit; } else { header('location: ./install.php'); exit; } } elseif (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged']) { header('location: ./'); exit; } elseif (check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) { $var['hide_form'] = true; login_screen($lang['login_login'], $lang['login_msg_blocked_ip'], 'warning'); } elseif (isset($_GET['action']) && $_GET['action'] == 'lost-pass') { login_screen($lang['login_send_new_pass'], $lang['login_send_new_pass'], 'main'); } elseif (isset($_GET['action']) && $_GET['action'] == 'register' && $conf['users_registration']) { login_screen($lang['login_registration'], $lang['login_registration'], 'main'); } elseif (isset($_GET['back']) && $_GET['back'] == 'regdone' && $conf['users_registration']) { login_screen($lang['login_registration'], $lang['login_msg_regdone'], 'ok'); } elseif (isset($_POST['action']) && $_POST['action'] == 'register' && $conf['users_registration']) { if (!empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['pass1']) && !empty($_POST['pass2'])) { if ($_POST['robot'] === trim($conf['comments_antispam'])) { if (mb_strlen($_POST['username']) > 1 && mb_strlen($_POST['pass1']) > 5) { if (preg_match('/^[_ a-zA-Z0-9\\.\\-]+$/', $_POST['username'])) { if (stripos($_POST['username'], 'admin') === false) { if (check_email($_POST['email'])) {