forked from tbagriyanik/eOgr
/
addComment2.php
108 lines (89 loc) · 3.02 KB
/
addComment2.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?php
/*
eOgr - elearning project
Developer Site: http://yunus.sourceforge.net
Demo Site: http://yunus.sourceforge.net/eogr
Source Track: http://eogr.googlecode.com
Support: http://www.ohloh.net/p/eogr
This project is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or any later version. See the GNU
Lesser General Public License for more details.
*/
@session_start();
header("Content-Type: text/html; charset=iso-8859-9");
require "conf.php";
checkLoginLang(true,true,"addComment2.php");
/*
baglan2: parametresiz,
veritabaný baðlantýsý
*/
function baglan2()
{
global $_host;
global $_username;
global $_password;
return @mysql_connect($_host, $_username, $_password);
}
if(!baglan2())
die("<font id='hata'> Lüften, 'veritabanı' <a href=install.php>kurulumunu (installation)</a> yapınız!</font>");
$yol1 = baglan2();
if (!@mysql_select_db($_db, $yol1))
{
die("<font id='hata'>
Veritabanı <a href=install.php>ayarlarınızı</a> yapmadınız!<br/>
You need to go to <a href=install.php>installing page</a>!<br/>
</font>");
}
/*
getUserIDcomment: kullanýcý adý ve parola
kullanýcý adý ve parolasý ile kimlik bilgisi elde edilir
*/
function getUserIDcomment($usernam, $passwor)
{
global $yol1;
$usernam = substr(temizle($usernam),0,15);
$sql1 = "SELECT id, userName, userPassword FROM eo_users where userName='".temizle($usernam)."' AND userPassword='".temizle($passwor)."' limit 0,1";
$result1 = mysql_query($sql1, $yol1);
if ($result1 && mysql_numrows($result1) == 1)
{
return (mysql_result($result1, 0, "id"));
}else {
return ("");
}
}
/*
yorumGonder: kullanýcý adý,konu no ve yorum
kullanýcý adý ile belli bir konuya yorum eklenir
*/
function yorumGonder($userID, $konuID, $yorum){
global $yol1;
$datem = date("Y-n-j H:i:s");
if(!empty($yorum) && !empty($konuID) && !empty($userID)) {
$yorum = iconv( "UTF-8","ISO-8859-9",$yorum);
$uyeTur = getUserType($_SESSION["usern"]);
//üye öðretmen veya yönetici ise onay ver
if($uyeTur>=1)
$sql2 = "insert into eo_comments VALUES (NULL , '$userID', '$konuID' , '$yorum', '$datem' , 1)";
else
$sql2 = "insert into eo_comments VALUES (NULL , '$userID', '$konuID' , '$yorum', '$datem' , 0)";
$result2 = mysql_query($sql2, $yol1);
return $result2;
}
return false;
}
$yorumGel = str_replace("'", "`", $_POST['yorum']);
if (isset($_POST['yorum'])
&& !empty($_POST['yorum'])
&& getUserIDcomment($_SESSION["usern"],$_SESSION["userp"])!="") {
if (yorumGonder(getUserIDcomment($_SESSION["usern"],
$_SESSION["userp"]),
temizle($_POST['konu']),RemoveXSS($yorumGel)) )
echo iconv( "ISO-8859-9","UTF-8",$metin[293]);
else
echo "Error!";
} else {
echo "";
}
?>