function area_comments($content) { //only parse this area if comment stuff is to be shown global $settings; global $currentid; global $postings; global $tempfilename; $tempfilename = ""; $return = ""; $freshfile = false; //before we show stuff, we have to handle data from post or save things in database and so on... //check if there is a new uploadad file and make a shorter meta data variable if (isset($_FILES['commentfile']) and $_FILES['commentfile']['error'] == "0") { $freshfile = $_FILES['commentfile']; } //We are only previewing? if (isset($_POST['commentpreview'])) { //add http:// to previewed urls if (substr($_POST['commentweb'], 0, 4) != "http") { $_POST['commentweb'] = "http://" . $_POST['commentweb']; } //a new posted file has the highest priority if ($freshfile != false and checksuffix($freshfile['name']) and $freshfile['size'] <= $postings[$currentid]['comment_size']) { $tempfilename = freshaudioname(strrchr($freshfile['name'], "."), "temp"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $tempfilename) or die("<p>Error!</p>"); } else { //put previously uploaded file through to another preview if (isset($_POST['filethrough'])) { $tempfilename = $_POST['filethrough']; } } } //oh, we are submitting? It's getting serious! if (isset($_POST['commentsubmit'])) { //in dubio contra audio $audioexists = false; //do a lot of things, if we have got a new uploaded file if ($freshfile != false and checksuffix($freshfile['file'])) { $filename = freshaudioname(strrchr($freshfile['name'], "."), "comment"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; //but we can take the previewed audio file, too... } else { if (isset($_POST['filethrough'])) { //rename audio file and get audio meta data $tempfilename = $_POST['filethrough']; $filename = freshaudioname(strrchr($tempfilename, "."), "comment"); rename($GLOBALS['audiopath'] . $tempfilename, $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; } } //there is an audio file? if ($audioexists) { //get metadata from getid3-class $id3 = getid3data($GLOBALS['audiopath'] . $filename, "front"); } else { //make empty values for audio data (cause we dont have audio data) $filename = ""; $id3['duration'] = "0:00"; $id3['size'] = 0; } //prepare non-audio data if ($_POST['commentname'] == "") { $name = "Anonymous"; } else { $name = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8"); } $mail = strip_tags($_POST['commentmail']); $web = strip_tags($_POST['commentweb']); $ip = $_SERVER['REMOTE_ADDR']; $message_input = htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8"); $message_html = makehtml(strip_tags($_POST['commentmessage'])); //write data into database (doesn't matter, with or without audio) $dosql = "INSERT INTO {$GLOBALS['prefix']}lb_comments\n (posting_id, posted, name, mail, web, ip, message_input, message_html,\n audio_file, audio_type, audio_length, audio_size)\n VALUES\n (\n '" . $currentid . "',\n '" . date('Y-m-d H:i:s') . "',\n '" . $name . "', '" . $mail . "', '" . $web . "', '" . $ip . "', \n '" . $message_input . "', '" . $message_html . "',\n '" . $filename . "',\n '" . type_suffix($filename) . "',\n '" . getseconds($id3['duration']) . "',\n '" . $id3['size'] . "'\n );"; $result = mysql_query($dosql) or die(mysql_error()); } //submitting actions are finished. thank you for your attention. //do we show comments at all? if (isset($_GET['id']) and $postings[$currentid]['comment_on'] == 1) { $return .= "<div id=\"comments\">\n"; $return .= fullparse(stripcontainer($content)); $return .= "\n</div>"; } else { $return = ""; } return $return; }
function area_comments($content) { //only parse this area if comment stuff is to be shown global $settings; global $currentid; global $postings; global $tempfilename; $tempfilename = ""; $return = ""; $freshfile = false; //before we show stuff, we have to handle data from post or save things in database and so on... //check if there is a new uploadad file and make a shorter meta data variable if (isset($_FILES['commentfile']) and $_FILES['commentfile']['error'] == "0") { $freshfile = $_FILES['commentfile']; } //We are only previewing? if (isset($_POST['commentpreview'])) { //add http:// to previewed urls if (substr($_POST['commentweb'], 0, 4) != "http") { $_POST['commentweb'] = "http://" . $_POST['commentweb']; } //a new posted file has the highest priority if ($freshfile != false and checksuffix($freshfile['name']) and $freshfile['size'] <= $postings[$currentid]['comment_size']) { $tempfilename = freshaudioname(strrchr($freshfile['name'], "."), "temp"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $tempfilename) or die("<p>Error!</p>"); //change the chmod chmod($GLOBALS['audiopath'] . $tempfilename, 0777); } else { //put previously uploaded file through to another preview if (isset($_POST['filethrough'])) { $tempfilename = $_POST['filethrough']; } if ($freshfile['size'] > $postings[$currentid]['comment_size']) { die("<p>Sorry! The file size of your audio comment is too big.<p>"); } } } //oh, we are submitting? It's getting serious! if (isset($_POST['commentsubmit'])) { //in dubio contra audio $audioexists = false; //do a lot of things, if we have got a new uploaded file if ($freshfile != false and checksuffix($freshfile['name'])) { $filename = freshaudioname(strrchr($freshfile['name'], "."), "comment"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; //but we can take the previewed audio file, too... } else { if (isset($_POST['filethrough'])) { //rename audio file and get audio meta data $tempfilename = $_POST['filethrough']; $filename = freshaudioname(strrchr($tempfilename, "."), "comment"); rename($GLOBALS['audiopath'] . $tempfilename, $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; } } //there is an audio file? if ($audioexists) { //get metadata from getid3-class $id3 = getid3data($GLOBALS['audiopath'] . $filename, "front"); } else { //make empty values for audio data (cause we dont have audio data) $filename = ""; $id3['duration'] = "0:00"; $id3['size'] = 0; } //prepare non-audio data if ($_POST['commentname'] == "") { $name = "Anonymous"; } else { $name = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8"); } $mail = strip_tags($_POST['commentmail']); $web = strip_tags($_POST['commentweb']); $ip = $_SERVER['REMOTE_ADDR']; $message_input = change_entities($_POST['commentmessage']); $message_html = trim(no_amp(makehtml(htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8")))); //write data into database (doesn't matter, with or without audio) $dosql = "INSERT INTO {$GLOBALS['prefix']}lb_comments\n (posting_id, posted, name, mail, web, ip, message_input, message_html,\n audio_file, audio_type, audio_length, audio_size)\n VALUES\n (\n '" . $currentid . "',\n '" . date('Y-m-d H:i:s') . "',\n '" . $name . "', '" . $mail . "', '" . $web . "', '" . $ip . "',\n '" . $message_input . "', '" . $message_html . "',\n '" . $filename . "',\n '" . type_suffix($filename) . "',\n '" . getseconds($id3['duration']) . "',\n '" . $id3['size'] . "'\n );"; //last controls before we put the data into the database $commentingokay = true; if ($settings['preventspam'] == "1") { if (isset($_POST['commentspam'])) { $givenanswer = trim(strtolower($_POST['commentspam'])); $rightanswer = trim(strtolower($settings['spamanswer'])); if ($givenanswer != $rightanswer) { $commentingokay = false; echo "<p style=\"font-size: 20px;\">Possible spam attack! Don't do this again!</p>\n"; } } else { $commentingokay = false; echo "<p style=\"font-size: 20px;\">Possible spam attack! (The administrator of this podcast has to deactivate anti spam or add an appropriate input field to the template.)</p>\n"; } } if ($settings['acceptcomments'] == "0") { $commentingokay = false; } if ($commentingokay) { //finally!! $GLOBALS['lbdata']->Execute($dosql); //sending an email to author of the posting notify($postings[$currentid], $name, $mail, $web, $message_html); //looking for orphaned comments deleteorphans(); } } //submitting actions are finished. thank you for your attention. //do we show comments at all? if (isset($_GET['id']) and $postings[$currentid]['comment_on'] == 1) { $return .= "<div id=\"comments\">\n"; $return .= fullparse(stripcontainer($content)); $return .= "\n</div>"; } else { $return = ""; } return $return; }