?>
" type="hidden"/>
<?php
} else {
?>
<?php
if (stristr($field->column_comment, 'multiselect')) {
$comment = $field->column_comment;
$field->column_comment = ' ';
}
?>
<?php
echo @call_user_func('form_' . convertDataType($field->data_type), $field_structure);
?>
<br/><span class="help_text"><?php
echo clean_comment($field->column_comment);
echo $field->is_nullable == 'YES' ? '' : '<span class="red"> (required)</span>';
?>
</span>
<?php
/** check to see if there should be a multiselect between 2 tables **/
?>
<?php
if (isset($comment)) {
/* setting up multi-select:
* add to the comment of a field:
* multiselect|table to select from|table to save to|column to save(id)|column to display|main column from relational table| second column from relation table
*/
$multi_options = explode('|', $comment);
$multi_table = $this->db->query("SELECT " . $multi_options[3] . ", " . $multi_options[4] . " FROM " . $multi_options[1])->result();
// setup array
// ##########################################################################################//
// EMAIL NOTE ON COMMENTS
// ##########################################################################################//
$comment_image_id = intval($_POST['parent_id']);
$link_to_comment = $cfgrow['siteurl'] . "index.php?showimage={$comment_image_id}";
if ($cfgrow['commentemail'] == "yes" && $email_flag == 1) {
$admin_email = $cfgrow['email'];
$comment_name = clean_comment($_POST['name']);
$comment_url = clean_comment($_POST['url']);
if (strpos($comment_url, 'https://') === false && strpos($comment_url, 'http://') === false && strlen($comment_url) > 0) {
$comment_url = "http://" . $comment_url;
}
$comment_message = clean_comment($_POST['message']);
$comment_message = stripslashes($comment_message);
$comment_email = clean_comment($_POST['email']);
$comment_image_name = clean_comment($_POST['parent_name']);
$link_to_img_thumb_cmmnt = "Thumbnail Link:" . $cfgrow['siteurl'] . ltrim($cfgrow['thumbnailpath'], "./") . "thumb_" . $comment_image_name;
$img_thumb_cmmnt = "<img src='" . $cfgrow['siteurl'] . ltrim($cfgrow['thumbnailpath'], "./") . "thumb_" . $comment_image_name . "' >";
$subject = "{$pixelpost_site_title} - {$lang_email_notification_subject}";
$sent_date = gmdate("Y-m-d", time() + 3600 * $cfgrow['timezone']);
$sent_time = gmdate("H:i", time() + 3600 * $cfgrow['timezone']);
if ($cfgrow['htmlemailnote'] != 'yes') {
// Plain text note email
$body = "{$lang_email_notificationplain_pt1} : {$link_to_comment}\n\n{$lang_email_notificationplain_pt2}\n\n{$comment_message}\n\n{$lang_email_notificationplain_pt3}: {$comment_name}";
if ($comment_email != "") {
$body .= "- {$comment_email}";
}
$body .= "\n\n{$lang_email_notificationplain_pt4}";
$headers = "Content-type: text/plain; charset=UTF-8\n";
$headers .= "Content-Transfer-Encoding: 8bit\n";
if ($comment_email != "") {
die("Try another day!!");
}
// view=comments
if (isset($_GET['view']) and $_GET['view'] == "comments") {
// delete a comment
if (isset($_GET['action']) and $_GET['action'] == "delete") {
$delid = (int) $_GET['delid'];
$query = sql_query("DELETE FROM " . $pixelpost_db_prefix . "comments WHERE id='" . (int) $delid . "'");
echo "<div class='jcaption'>{$admin_lang_cmnt_deleted} </div>";
}
// edit a comment
if (isset($_GET['action']) and $_GET['action'] == "edit") {
$editid = (int) $_GET['editid'];
$message = $_POST['message' . $editid];
// added by schonhose to escape characters
$message = nl2br(clean_comment($message));
$query = "update " . $pixelpost_db_prefix . "comments set message='{$message}' where id='" . (int) $editid . "'";
$query = sql_query($query);
echo "<div class='jcaption'>{$admin_lang_cmnt_edited} </div>";
}
// Mass delete comments
if (isset($_GET['action']) and $_GET['action'] == "massdelete") {
$idz = $_POST['moderate_commnts_boxes'];
$query = "DELETE FROM " . $pixelpost_db_prefix . "comments ";
$where = "WHERE";
for ($i = 0; $i < count($idz) - 1; $i++) {
$where .= " id = '" . (int) $idz[$i] . "' or ";
}
$lastid = $idz[count($idz) - 1];
$where .= " id = '{$lastid}' ";
$query .= $where;
protected function saveComment($photo_pid, $f_url, $f_commentdate, $f_name, $f_comment)
{
global $pixelpost_db_prefix;
/* Clean the name */
$f_name = clean_comment($f_name);
$f_name = nl2br($f_name);
/* Clean the message */
$f_comment = clean_comment($f_comment);
$f_comment = preg_replace("/((\r\n){3,}|[\n]{3,}|[\r]{3,})/", "\n\n", $f_comment);
$f_comment = preg_replace("/(\n){2,}\$/mis", "\n", $f_comment);
$f_comment = nl2br($f_comment);
$query = "INSERT INTO " . $pixelpost_db_prefix . "comments (`parent_id`, `datetime`, `message`, `name`, `url`, `email`, `publish`)\n\t\tVALUES ('{$photo_pid}', '{$f_commentdate}', '{$f_comment}', '{$f_name}', '{$f_url}', '{$email}', 'yes')";
return mysql_query($query);
}
