$email = $_POST['email'];
$website = $_POST['website'];
$town = $_POST['town'];
$country = $_POST['cmtx_country'];
$rating = $_POST['cmtx_rating'];
$comment = $_POST['comment'];
$reply = $_POST['reply'];
$page_id = $_POST['page_id'];
$reply_to = $_POST['reply_to'];
$is_approved = $_POST['is_approved'];
$is_sticky = $_POST['is_sticky'];
$is_locked = $_POST['is_locked'];
$id_san = cmtx_sanitize($id);
$name_san = cmtx_sanitize($name);
$email_san = cmtx_sanitize($email);
$website_san = cmtx_url_encode_spaces($website);
$website_san = cmtx_sanitize($website_san);
$town_san = cmtx_sanitize($town);
$country_san = cmtx_sanitize($country);
$rating_san = cmtx_sanitize($rating);
$comment_san = cmtx_sanitize($comment, false, true);
$reply_san = cmtx_sanitize($reply, false, true);
$page_id_san = cmtx_sanitize($page_id);
$reply_to_san = cmtx_sanitize($reply_to);
$is_approved_san = cmtx_sanitize($is_approved);
$is_sticky_san = cmtx_sanitize($is_sticky);
$is_locked_san = cmtx_sanitize($is_locked);
if (!$is_approved) {
cmtx_unapprove_replies($id);
}
if (isset($_POST['send']) && $_POST['send'] == "1") {
function cmtx_clean_form_defaults()
{
//clean default form field values
global $cmtx_default_name, $cmtx_default_email, $cmtx_default_website, $cmtx_default_town, $cmtx_default_country, $cmtx_default_rating, $cmtx_default_comment;
//globalise variables
//remove " character
$cmtx_default_name = str_replace('"', '', $cmtx_default_name);
$cmtx_default_email = str_replace('"', '', $cmtx_default_email);
$cmtx_default_website = str_replace('"', '', $cmtx_default_website);
$cmtx_default_town = str_replace('"', '', $cmtx_default_town);
$cmtx_default_country = str_replace('"', '', $cmtx_default_country);
$cmtx_default_rating = str_replace('"', '', $cmtx_default_rating);
//remove invalid characters
$cmtx_default_name = preg_replace('/[^\\p{L}&\\-\'. 0-9]/u', '', $cmtx_default_name);
// \p{L} (any kind of letter from any language)
$cmtx_default_email = filter_var($cmtx_default_email, FILTER_SANITIZE_EMAIL);
$cmtx_default_website = cmtx_url_encode_spaces($cmtx_default_website);
$cmtx_default_website = filter_var($cmtx_default_website, FILTER_SANITIZE_URL);
$cmtx_default_town = preg_replace('/[^\\p{L}&\\-\'. ]/u', '', $cmtx_default_town);
$cmtx_default_country = preg_replace('/[^\\p{L}&\\-\'. ]/u', '', $cmtx_default_country);
$cmtx_default_rating = preg_replace('/[^1-5]/', '', $cmtx_default_rating);
//convert to HTML entities
$cmtx_default_name = cmtx_sanitize($cmtx_default_name, true, false);
$cmtx_default_email = cmtx_sanitize($cmtx_default_email, true, false);
$cmtx_default_website = cmtx_sanitize($cmtx_default_website, true, false);
$cmtx_default_town = cmtx_sanitize($cmtx_default_town, true, false);
$cmtx_default_country = cmtx_sanitize($cmtx_default_country, true, false);
$cmtx_default_rating = cmtx_sanitize($cmtx_default_rating, true, false);
$cmtx_default_comment = cmtx_sanitize($cmtx_default_comment, true, false);
}
echo '<span class="negative">' . CMTX_RESET_LIMIT . '</span><p />';
} else {
$resets++;
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `resets` = '{$resets}' WHERE `email` = '{$email}'");
$username = $admin_result['username'];
$password = cmtx_get_random_key(10);
if (file_exists($cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt')) {
$reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt';
//build path to custom reset password email file
} else {
$reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/reset_password.txt';
//build path to reset password email file
}
$body = file_get_contents($reset_password_email_file);
//get the file's contents
$admin_link = cmtx_url_encode_spaces(cmtx_setting('commentics_url') . cmtx_setting('admin_folder')) . '/';
//build admin panel link
//convert email variables with actual variables
$body = str_ireplace('[username]', $username, $body);
$body = str_ireplace('[password]', $password, $body);
$body = str_ireplace('[admin link]', $admin_link, $body);
$body = str_ireplace('[signature]', cmtx_setting('signature'), $body);
//send email
cmtx_email($email, null, cmtx_setting('admin_reset_password_subject'), $body, cmtx_setting('admin_reset_password_from_email'), cmtx_setting('admin_reset_password_from_name'), cmtx_setting('admin_reset_password_reply_to'));
$password = md5($password);
$password = cmtx_sanitize($password);
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `password` = '{$password}' WHERE `email` = '{$email}'");
echo '<span class="positive">' . CMTX_RESET_SENT . '</span>';
}
} else {
echo '<span class="negative">' . CMTX_RESET_ADDR . '</span>';
//set it with login website
}
if (cmtx_setting('enabled_website')) {
//if website field is enabled
$cmtx_website = trim($_POST['cmtx_website']);
//remove any space at beginning and end
if (cmtx_setting('required_website') && (empty($cmtx_website) || $cmtx_website == "http://")) {
//if field is required but value is empty
cmtx_error(CMTX_ERROR_MESSAGE_NO_WEBSITE);
//reject user for entering no website address
} else {
if (!empty($cmtx_website) && $cmtx_website != "http://") {
//if a website address is entered
cmtx_is_injected($cmtx_website);
//check for injection attempt
$cmtx_website = cmtx_url_encode_spaces($cmtx_website);
//encode spaces
cmtx_validate_website($cmtx_website);
//validate website
if (cmtx_setting('approve_websites')) {
//if entering a website address requires approval
cmtx_approve(CMTX_APPROVE_REASON_WEBSITE_ENTERED);
//approve user for entering website
}
if (cmtx_setting('reserved_websites_enabled') && !$cmtx_is_admin) {
$cmtx_website = cmtx_check_for_word("reserved_websites", false, $cmtx_website, cmtx_setting('reserved_websites_action'), CMTX_APPROVE_REASON_RESERVED_WEBSITE, CMTX_ERROR_MESSAGE_RESERVED_WEBSITE, CMTX_BAN_REASON_RESERVED_WEBSITE);
}
if (cmtx_setting('dummy_websites_enabled')) {
$cmtx_website = cmtx_check_for_word("dummy_websites", false, $cmtx_website, cmtx_setting('dummy_websites_action'), CMTX_APPROVE_REASON_DUMMY_WEBSITE, CMTX_ERROR_MESSAGE_DUMMY_WEBSITE, CMTX_BAN_REASON_DUMMY_WEBSITE);
}
if (cmtx_setting('banned_websites_as_website_enabled')) {
function cmtx_get_page_details()
{
//get page details
global $cmtx_identifier, $cmtx_reference, $cmtx_url, $cmtx_parameters;
//globalise variables
//get URL
$url = cmtx_url_decode(cmtx_current_page());
//remove URL parameters if configured
if (isset($cmtx_parameters)) {
if (empty($cmtx_parameters) || $cmtx_parameters == 'none') {
$url = strtok($url, '?');
} else {
$queries = explode(',', $cmtx_parameters);
$query_string = '';
foreach ($queries as $query) {
if (isset($_GET[$query])) {
$query_string .= $query . '=' . $_GET[$query] . '&';
} else {
die;
}
}
if (preg_match('/[&$]/i', $query_string)) {
//if query ends in &
$query_string = substr($query_string, 0, -1);
//remove &
}
$url = strtok($url, '?');
$url .= '?' . $query_string;
}
}
//ensure reference is set
if (!isset($cmtx_reference)) {
$cmtx_reference = '';
}
//get title/heading
if (stristr($cmtx_identifier, 'cmtx_title') || stristr($cmtx_reference, 'cmtx_title') || stristr($cmtx_identifier, 'cmtx_h1') || stristr($cmtx_reference, 'cmtx_h1')) {
@ini_set('user_agent', 'Commentics');
//set user-agent
$path = cmtx_url_encode($url);
if (extension_loaded('curl')) {
//if cURL is available
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Commentics');
curl_setopt($ch, CURLOPT_URL, $path);
$file = curl_exec($ch);
curl_close($ch);
} else {
if ((bool) ini_get('allow_url_fopen')) {
//if allow_url_fopen is available
$file = file_get_contents($path);
}
}
if (isset($file) && !empty($file)) {
if (stristr($cmtx_identifier, 'cmtx_title') || stristr($cmtx_reference, 'cmtx_title')) {
if (preg_match('/<title>(.+?)<\\/title>/i', $file, $match)) {
$cmtx_identifier = str_ireplace('cmtx_title', $match[1], $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_title', $match[1], $cmtx_reference);
} else {
$cmtx_identifier = str_ireplace('cmtx_title', 'Title tag not found', $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_title', 'Title tag not found', $cmtx_reference);
}
}
if (stristr($cmtx_identifier, 'cmtx_h1') || stristr($cmtx_reference, 'cmtx_h1')) {
if (preg_match('/<h1>(.+?)<\\/h1>/i', $file, $match)) {
$cmtx_identifier = str_ireplace('cmtx_h1', $match[1], $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_h1', $match[1], $cmtx_reference);
} else {
$cmtx_identifier = str_ireplace('cmtx_h1', 'H1 tag not found', $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_h1', 'H1 tag not found', $cmtx_reference);
}
}
} else {
$cmtx_identifier = str_ireplace('cmtx_title', 'Server incapable', $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_title', 'Server incapable', $cmtx_reference);
$cmtx_identifier = str_ireplace('cmtx_h1', 'Server incapable', $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_h1', 'Server incapable', $cmtx_reference);
}
}
//get page filename
if (stristr($cmtx_identifier, 'cmtx_filename') || stristr($cmtx_reference, 'cmtx_filename')) {
if (isset($_SERVER['SCRIPT_NAME'])) {
$cmtx_identifier = str_ireplace('cmtx_filename', $_SERVER['SCRIPT_NAME'], $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_filename', basename($_SERVER['SCRIPT_NAME']), $cmtx_reference);
} else {
$cmtx_identifier = str_ireplace('cmtx_filename', 'Server incapable', $cmtx_identifier);
$cmtx_reference = str_ireplace('cmtx_filename', 'Server incapable', $cmtx_reference);
}
}
//set identifier as reference
if (stristr($cmtx_identifier, 'cmtx_reference')) {
$cmtx_identifier = str_ireplace('cmtx_reference', $cmtx_reference, $cmtx_identifier);
}
//set reference as identifier
if (stristr($cmtx_reference, 'cmtx_identifier')) {
$cmtx_reference = str_ireplace('cmtx_identifier', $cmtx_identifier, $cmtx_reference);
}
//set reference as URL
if (stristr($cmtx_reference, 'cmtx_url')) {
$cmtx_reference = str_ireplace('cmtx_url', $cmtx_url, $cmtx_reference);
}
//set identifier as URL
if (stristr($cmtx_identifier, 'cmtx_url')) {
$cmtx_temp = $url;
$cmtx_temp = str_ireplace('www.', '', $cmtx_temp);
//remove 'www.' if there
$cmtx_temp = str_ireplace('index.php', '', $cmtx_temp);
//remove 'index.php' if there
$cmtx_temp = str_ireplace('index.htm', '', $cmtx_temp);
//remove 'index.htm' if there
$cmtx_temp = str_ireplace('index.html', '', $cmtx_temp);
//remove 'index.html' if there
$cmtx_temp = str_ireplace('index.shtml', '', $cmtx_temp);
//remove 'index.shtml' if there
$cmtx_temp = str_ireplace('https://', 'http://', $cmtx_temp);
//remove SSL if there
$cmtx_temp = preg_replace('/&cmtx_page=[0-9]*/', '', $cmtx_temp);
//remove cmtx_page=x if there (1)
$cmtx_temp = preg_replace('/cmtx_page=[0-9]*&/', '', $cmtx_temp);
//remove cmtx_page=x if there (2)
$cmtx_temp = preg_replace('/cmtx_page=[0-9]*/', '', $cmtx_temp);
//remove cmtx_page=x if there (3)
$cmtx_temp = preg_replace('/&cmtx_sort=[0-9]*/', '', $cmtx_temp);
//remove cmtx_sort=x if there (1)
$cmtx_temp = preg_replace('/cmtx_sort=[0-9]*&/', '', $cmtx_temp);
//remove cmtx_sort=x if there (2)
$cmtx_temp = preg_replace('/cmtx_sort=[0-9]*/', '', $cmtx_temp);
//remove cmtx_sort=x if there (3)
$cmtx_temp = preg_replace('/&cmtx_perm=[0-9]*/', '', $cmtx_temp);
//remove cmtx_perm=x if there (1)
$cmtx_temp = preg_replace('/cmtx_perm=[0-9]*&/', '', $cmtx_temp);
//remove cmtx_perm=x if there (2)
$cmtx_temp = preg_replace('/cmtx_perm=[0-9]*/', '', $cmtx_temp);
//remove cmtx_perm=x if there (3)
$cmtx_temp = strtolower($cmtx_temp);
//convert to lowercase
$cmtx_identifier = str_ireplace('cmtx_url', $cmtx_temp, $cmtx_identifier);
}
//get URL
$cmtx_url = cmtx_url_decode(cmtx_current_page());
if (cmtx_setting('lower_pages')) {
$cmtx_url = strtolower($cmtx_url);
}
$cmtx_url = cmtx_url_encode_spaces($cmtx_url);
//encode spaces
}
function cmtx_image_1(array $matches)
{
$image_styling = 'max-width:508px; height:auto;';
$matches[1] = cmtx_url_encode_spaces($matches[1]);
if (filter_var($matches[1], FILTER_VALIDATE_URL)) {
return '<img src="' . $matches[1] . '" style="' . $image_styling . '"/>';
} else {
cmtx_error(CMTX_ERROR_MESSAGE_BB_INVALID_IMAGE);
return;
}
}
} else {
echo $cmtx_average_rating . '/5 (' . cmtx_number_of_ratings() . ')</span>';
}
}
echo '</div>';
/* *** Pagination (Top) *** */
echo '<div class="cmtx_pagination_block_top">';
if (cmtx_setting('enabled_pagination') && cmtx_setting('show_pagination_top') && $cmtx_total_pages > 1) {
cmtx_paginate($cmtx_current_page, cmtx_setting('range_of_pages'), $cmtx_total_pages);
}
echo '</div>';
/* *** Social *** */
echo '<div class="cmtx_social_block">';
if (cmtx_setting('show_social')) {
$cmtx_social_url = cmtx_url_encode_spaces(cmtx_get_page_url());
$cmtx_social_title = cmtx_url_encode_spaces(cmtx_get_page_reference());
$cmtx_social_url = str_ireplace('&', '%26', $cmtx_social_url);
//convert & to %26
$cmtx_social_title = str_ireplace('&', '%26', $cmtx_social_title);
//convert & to %26
$cmtx_social_attribute = '';
//initialize variable
if (cmtx_setting('social_new_window')) {
$cmtx_social_attribute = ' target="_blank"';
}
echo '<div class="cmtx_social_images">';
if (cmtx_setting('show_social_facebook')) {
echo '<a href="http://www.facebook.com/sharer.php?u=' . $cmtx_social_url . '&t=' . $cmtx_social_title . '" rel="nofollow"' . $cmtx_social_attribute . '><img src="' . cmtx_commentics_url() . 'images/social/facebook.png" class="cmtx_social_image" title="Facebook" alt="Facebook"/></a>';
}
if (cmtx_setting('show_social_delicious')) {
echo '<a href="http://delicious.com/post?url=' . $cmtx_social_url . '&title=' . $cmtx_social_title . '" rel="nofollow"' . $cmtx_social_attribute . '><img src="' . cmtx_commentics_url() . 'images/social/delicious.png" class="cmtx_social_image" title="del.icio.us" alt="del.icio.us"/></a>';
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
if (isset($_POST['submit'])) {
cmtx_check_csrf_form_key();
$id = $_GET['id'];
$identifier = $_POST['identifier'];
$reference = $_POST['reference'];
$url = $_POST['url'];
$form_enabled = $_POST['form_enabled'];
$id_san = cmtx_sanitize($id);
$identifier_san = cmtx_sanitize($identifier);
$reference_san = cmtx_sanitize($reference);
$url_san = cmtx_url_encode_spaces($url);
$url_san = cmtx_sanitize($url_san);
$form_enabled_san = cmtx_sanitize($form_enabled);
if (!empty($identifier) && cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` WHERE `identifier` = '{$identifier_san}' AND `id` != '{$id_san}'"))) {
?>
<div class="error"><?php
echo CMTX_MSG_IDENTIFIER_EXISTS;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `identifier` = '{$identifier_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `reference` = '{$reference_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `url` = '{$url_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `is_form_enabled` = '{$form_enabled_san}' WHERE `id` = '{$id_san}'");
function cmtx_notify_subscribers_admin($poster, $comment, $page_id, $comment_id)
{
//notify subscribers of admin comment
global $cmtx_mysql_table_prefix, $cmtx_parent_emails;
//globalise variables
$page_id = cmtx_sanitize($page_id);
$comment_id = cmtx_sanitize($comment_id);
//select confirmed subscribers from database
$subscribers = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `page_id` = '{$page_id}' AND `is_confirmed` = '1'");
$page_query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` WHERE `id` = '{$page_id}'");
$page_result = cmtx_db_fetch_assoc($page_query);
$page_reference = cmtx_decode($page_result['reference']);
$page_url = cmtx_decode($page_result['url']);
$comment_url = cmtx_decode(cmtx_get_permalink($comment_id, $page_result['url']));
//get the permalink of the comment
if (file_exists('../includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_notification_admin.txt')) {
$subscriber_notification_admin_email_file = '../includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_notification_admin.txt';
//build path to custom subscriber notification admin email file
} else {
$subscriber_notification_admin_email_file = '../includes/emails/' . cmtx_setting('language_frontend') . '/user/subscriber_notification_admin.txt';
//build path to subscriber notification admin email file
}
$poster = cmtx_prepare_name_for_email($poster);
//prepare name for email
$comment = cmtx_prepare_comment_for_email($comment);
//prepare comment for email
$count = 0;
//count how many emails are sent
while ($subscriber = cmtx_db_fetch_assoc($subscribers)) {
//while there are subscribers
if (!in_array($subscriber['email'], $cmtx_parent_emails)) {
$body = file_get_contents($subscriber_notification_admin_email_file);
//get the file's contents
$email = $subscriber['email'];
$name = cmtx_prepare_name_for_email($subscriber['name']);
//prepare name for email
$token = $subscriber['token'];
$subscription_link = cmtx_url_encode_spaces(cmtx_setting('commentics_url')) . 'subscribers.php' . '?id=' . $token;
//build subscription link
//convert email variables with actual variables
$body = str_ireplace('[name]', $name, $body);
$body = str_ireplace('[page reference]', $page_reference, $body);
$body = str_ireplace('[page url]', $page_url, $body);
$body = str_ireplace('[comment url]', $comment_url, $body);
$body = str_ireplace('[poster]', $poster, $body);
$body = str_ireplace('[comment]', $comment, $body);
$body = str_ireplace('[signature]', cmtx_setting('signature'), $body);
$body = str_ireplace('[subscription link]', $subscription_link, $body);
//send email
cmtx_email($email, $name, cmtx_setting('subscriber_notification_admin_subject'), $body, cmtx_setting('subscriber_notification_admin_from_email'), cmtx_setting('subscriber_notification_admin_from_name'), cmtx_setting('subscriber_notification_admin_reply_to'));
$count++;
//increment email counter
}
}
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "comments` SET `is_sent` = '1' WHERE `id` = '{$comment_id}'");
//mark comment as sent
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "comments` SET `sent_to` = `sent_to` + '{$count}' WHERE `id` = '{$comment_id}'");
//set how many were sent (if any)
}
