?> " type="hidden"/> <?php } else { ?> <?php if (stristr($field->column_comment, 'multiselect')) { $comment = $field->column_comment; $field->column_comment = ' '; } ?> <?php echo @call_user_func('form_' . convertDataType($field->data_type), $field_structure); ?> <br/><span class="help_text"><?php echo clean_comment($field->column_comment); echo $field->is_nullable == 'YES' ? '' : '<span class="red"> (required)</span>'; ?> </span> <?php /** check to see if there should be a multiselect between 2 tables **/ ?> <?php if (isset($comment)) { /* setting up multi-select: * add to the comment of a field: * multiselect|table to select from|table to save to|column to save(id)|column to display|main column from relational table| second column from relation table */ $multi_options = explode('|', $comment); $multi_table = $this->db->query("SELECT " . $multi_options[3] . ", " . $multi_options[4] . " FROM " . $multi_options[1])->result(); // setup array
// ##########################################################################################// // EMAIL NOTE ON COMMENTS // ##########################################################################################// $comment_image_id = intval($_POST['parent_id']); $link_to_comment = $cfgrow['siteurl'] . "index.php?showimage={$comment_image_id}"; if ($cfgrow['commentemail'] == "yes" && $email_flag == 1) { $admin_email = $cfgrow['email']; $comment_name = clean_comment($_POST['name']); $comment_url = clean_comment($_POST['url']); if (strpos($comment_url, 'https://') === false && strpos($comment_url, 'http://') === false && strlen($comment_url) > 0) { $comment_url = "http://" . $comment_url; } $comment_message = clean_comment($_POST['message']); $comment_message = stripslashes($comment_message); $comment_email = clean_comment($_POST['email']); $comment_image_name = clean_comment($_POST['parent_name']); $link_to_img_thumb_cmmnt = "Thumbnail Link:" . $cfgrow['siteurl'] . ltrim($cfgrow['thumbnailpath'], "./") . "thumb_" . $comment_image_name; $img_thumb_cmmnt = "<img src='" . $cfgrow['siteurl'] . ltrim($cfgrow['thumbnailpath'], "./") . "thumb_" . $comment_image_name . "' >"; $subject = "{$pixelpost_site_title} - {$lang_email_notification_subject}"; $sent_date = gmdate("Y-m-d", time() + 3600 * $cfgrow['timezone']); $sent_time = gmdate("H:i", time() + 3600 * $cfgrow['timezone']); if ($cfgrow['htmlemailnote'] != 'yes') { // Plain text note email $body = "{$lang_email_notificationplain_pt1} : {$link_to_comment}\n\n{$lang_email_notificationplain_pt2}\n\n{$comment_message}\n\n{$lang_email_notificationplain_pt3}: {$comment_name}"; if ($comment_email != "") { $body .= "- {$comment_email}"; } $body .= "\n\n{$lang_email_notificationplain_pt4}"; $headers = "Content-type: text/plain; charset=UTF-8\n"; $headers .= "Content-Transfer-Encoding: 8bit\n"; if ($comment_email != "") {
die("Try another day!!"); } // view=comments if (isset($_GET['view']) and $_GET['view'] == "comments") { // delete a comment if (isset($_GET['action']) and $_GET['action'] == "delete") { $delid = (int) $_GET['delid']; $query = sql_query("DELETE FROM " . $pixelpost_db_prefix . "comments WHERE id='" . (int) $delid . "'"); echo "<div class='jcaption'>{$admin_lang_cmnt_deleted} </div>"; } // edit a comment if (isset($_GET['action']) and $_GET['action'] == "edit") { $editid = (int) $_GET['editid']; $message = $_POST['message' . $editid]; // added by schonhose to escape characters $message = nl2br(clean_comment($message)); $query = "update " . $pixelpost_db_prefix . "comments set message='{$message}' where id='" . (int) $editid . "'"; $query = sql_query($query); echo "<div class='jcaption'>{$admin_lang_cmnt_edited} </div>"; } // Mass delete comments if (isset($_GET['action']) and $_GET['action'] == "massdelete") { $idz = $_POST['moderate_commnts_boxes']; $query = "DELETE FROM " . $pixelpost_db_prefix . "comments "; $where = "WHERE"; for ($i = 0; $i < count($idz) - 1; $i++) { $where .= " id = '" . (int) $idz[$i] . "' or "; } $lastid = $idz[count($idz) - 1]; $where .= " id = '{$lastid}' "; $query .= $where;
protected function saveComment($photo_pid, $f_url, $f_commentdate, $f_name, $f_comment) { global $pixelpost_db_prefix; /* Clean the name */ $f_name = clean_comment($f_name); $f_name = nl2br($f_name); /* Clean the message */ $f_comment = clean_comment($f_comment); $f_comment = preg_replace("/((\r\n){3,}|[\n]{3,}|[\r]{3,})/", "\n\n", $f_comment); $f_comment = preg_replace("/(\n){2,}\$/mis", "\n", $f_comment); $f_comment = nl2br($f_comment); $query = "INSERT INTO " . $pixelpost_db_prefix . "comments (`parent_id`, `datetime`, `message`, `name`, `url`, `email`, `publish`)\n\t\tVALUES ('{$photo_pid}', '{$f_commentdate}', '{$f_comment}', '{$f_name}', '{$f_url}', '{$email}', 'yes')"; return mysql_query($query); }