function showcomments($ctype, $cdb, $ccol, $cid, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); $cpp = $settings['comments_per_page']; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . "\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { if (!isset($_POST['comment_name'])) { redirect($link); } $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[+0-9\\s]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = FALSE; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_name='" . $userdata['user_id'] . "'\r\n\t\t\t\t\t\tAND comment_hidden='0'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "'\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\t\t\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = TRUE; } } if ($comment_updated) { if ($settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $_GET['comment_id'] . "'\r\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (\r\n\t\t\t\t\t\t\t\tcomment_item_id, comment_type, comment_name, comment_message, comment_datestamp,\r\n\t\t\t\t\t\t\t\tcomment_ip, comment_ip_type, comment_hidden\r\n\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t'" . $cid . "', '" . $ctype . "', '" . $comment_name . "', '" . $comment_message . "', '" . time() . "',\r\n\t\t\t\t\t\t\t\t'" . USER_IP . "', '" . USER_IP_TYPE . "', '0'\r\n\t\t\t\t\t\t\t)"); } } if ($settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } else { $c_start = 0; } redirect($clink . "&c_start=" . $c_start); } } $c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE)); $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\r\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp); if (dbrows($result)) { $i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } while ($data = dbarray($result)) { $c_arr['c_con'][$i]['comment_id'] = $data['comment_id']; $c_arr['c_con'][$i]['edit_dell'] = FALSE; $c_arr['c_con'][$i]['i'] = $i; if ($data['user_name']) { $c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status']); } else { $c_arr['c_con'][$i]['comment_name'] = $data['comment_name']; } //Add user avatar in comments new feature in v7.02.04 $c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '80px'); $c_arr['c_con'][$i]['comment_datestamp'] = $locale['global_071'] . showdate("longdate", $data['comment_datestamp']); $c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message']))); if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { $c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a> |\n"; $c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "' onclick=\"return confirm('" . $locale['c110'] . "');\">"; $c_arr['c_con'][$i]['edit_dell'] .= $locale['c109'] . "</a>"; } $settings['comments_sorting'] == "ASC" ? $i++ : $i--; } if (iADMIN && checkrights("C")) { $c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $ctype . "&cid=" . $cid . "'>" . $locale['c106'] . "</a>"; } } // Render comments echo "<a id='comments' name='comments'></a>"; render_comments($c_arr['c_con'], $c_arr['c_info']); // Add / edit comment opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\r\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo openform('inputform', 'inputform', 'post', $clink); if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div class='row'>\n"; echo "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12'>\n"; echo form_textarea('', 'comment_message', 'comment_message', $comment_message, array('required' => 1)); echo display_bbcodes("360px", "comment_message"); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; echo "<div style='width:360px; margin:10px auto;'>"; echo $locale['global_150'] . "<br />\n"; include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php"; if (!$_CAPTCHA_HIDE_INPUT) { echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } echo "</div>\n"; } echo form_button($comment_message ? $locale['c103'] : $locale['c102'], 'post_comment', 'post_comment', $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn btn-primary m-t-10')); echo "</div>\n</div>\n"; echo closeform(); } else { echo $locale['c105'] . "\n"; } closetable(); } }
echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_148'] . ":</td>"; echo "<td class='tbl1'><a href='mailto:" . $data['app_bill_email'] . "' title='" . $data['app_bill_email'] . "'>" . $data['app_bill_email'] . "</a></td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_146'] . ":</td>"; echo "<td class='tbl1'>" . $data['app_tech_name'] . "</td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_148'] . ":</td>"; echo "<td class='tbl1'><a href='mailto:" . $data['app_tech_email'] . "' title='" . $data['app_tech_email'] . "'>" . $data['app_tech_email'] . "</td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_153'] . ":</td>"; echo "<td class='tbl1' nowrap valign='top'>" . $license_types[$data['app_type']] . "</td>\n"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' valign='top' width='20%'>" . $locale['pla_113'] . ":</td>"; echo "<td class='quote' valign='top'>"; $text = nl2br(parseubb(censorwords($data['app_text']))); echo isset($text) ? $text : ""; echo "</td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' width='20%'>" . $locale['pla_133'] . ":</td>"; echo "<td class='tbl1' nowrap valign='top'>"; echo "<select name='app_status' class='textbox'>\n"; echo "<option value='0' " . ($app_status == 0 ? "selected" : "") . ">" . $locale['pla_110'] . "</option>\n"; echo "<option value='1' " . ($app_status == 1 ? "selected" : "") . ">" . $locale['pla_135'] . "</option>\n"; echo "<option value='2' " . ($app_status == 2 ? "selected" : "") . ">" . $locale['pla_136'] . "</option>\n"; echo "<option value='3' " . ($app_status == 3 ? "selected" : "") . ">" . $locale['pla_137'] . "</option>\n"; echo "</select>\n</td>\n"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' colspan='2'><hr /></td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' valign='top' width='20%'>" . $locale['pla_613'] . ":</td>";
function showcomments($ctype, $cdb, $ccol, $cid, $clink) { global $settings, $locale, $userdata, $aidlink; $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink); } if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } include_once INCLUDES . "securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; } redirect($clink . "&rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; redirect($clink . "&rstart=" . $c_start); } } opentable($locale['c100']); echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'"); if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp ASC LIMIT " . $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } while ($data = dbarray($result)) { echo "<div class='tbl2'>\n"; if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<div style='float:right' class='comment_actions'><!--comment_actions-->\n<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | "; if ($data['user_name']) { echo "<span class='comment-name'><a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . $data['user_name'] . "</a></span>\n"; } else { echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n"; } echo "<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n"; echo "</div>\n<div class='tbl1 comment_message'><!--comment_message-->" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</div>\n"; $i++; } if (iADMIN && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } } else { echo $locale['c101'] . "\n"; } closetable(); opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . $clink . "'>\n"; if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div align='center' class='tbl'>\n"; echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n"; echo display_bbcodes("360px", "comment_message"); if (iGUEST) { echo $locale['global_158'] . "<br />\n"; echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n"; echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n"; echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n"; echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n"; } echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n"; echo "</div>\n</form>\n"; } else { echo $locale['c105'] . "\n"; } closetable(); }
$shout_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $shout_name = trim(stripinput($_POST['shout_name'])); $shout_name = preg_replace("(^[0-9]*)", "", $shout_name); if (isnum($shout_name)) { $shout_name = ""; } include_once INCLUDES . "securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['sb_captcha_code']) || $securimage->check($_POST['sb_captcha_code']) == false) { redirect($link); } } $shout_message = str_replace("\n", " ", $_POST['shout_message']); $shout_message = preg_replace("/^(.{255}).*\$/", "\$1", $shout_message); $shout_message = trim(stripinput(censorwords($shout_message))); if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) { $comment_updated = false; if ((iMODERATOR || iADMIN) && checkrights("S") || iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='" . (int) $_GET['shout_id'] . "' AND shout_name='" . $userdata['user_id'] . "'")) { if ($shout_message) { $result = dbquery("UPDATE " . DB_SHOUTBOX . " SET shout_message='{$shout_message}' WHERE shout_id='" . (int) $_GET['shout_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND shout_name='" . $userdata['user_id'] . "'")); } } redirect($link); } elseif ($shout_name && $shout_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_SHOUTBOX . " (shout_name, shout_message, shout_datestamp, shout_ip, shout_hidden, shout_language) VALUES ('{$shout_name}', '{$shout_message}', '" . time() . "', '" . USER_IP . "', '0', '" . $settings['locale'] . "')"); } } redirect($link);
function showcomments($ctype, $cdb, $ccol, $cid, $clink, $ingroup) { global $settings, $locale, $userdata, $aidlink; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER && $ingroup) { add_to_head("<script type='text/javascript'>window.onload=setTimeout(\"hideall()\", 250);\n\t\tfunction hideall(){\n\t\t\tdocument.getElementById('bbcode').style.display='none';\n\t\t}\n\t\tfunction showhide(msg_id) {\n\t\t document.getElementById(msg_id).style.display = document.getElementById(msg_id).style.display == 'none' ? 'block' : 'none';\n\t\t}</script>\n"); require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . $clink . "'>\n"; echo "<div align='center'>\n"; echo "<textarea name='comment_message' rows='2' class='textbox' style='width:90%'>" . $comment_message . "</textarea><br />\n"; echo "<input type='submit' name='post_comment' value='" . $locale['uc283'] . "' class='button' /> :: <a onClick='showhide(\"bbcode\")'>" . $locale['uc285'] . "</a>\n"; echo "<div id='bbcode'><br />" . display_bbcodes("360px", "comment_message") . "</div>\n"; echo "</div>\n</form>\n"; } else { echo "<div align='center'>" . $locale['uc289'] . "</div>\n"; } echo "</td>\n</tr>\n"; echo "<tr>\n<td class='tbl1' style='padding:6px;'>\n"; if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); } redirect($clink); } if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; } redirect($clink . "&rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10; redirect($clink . "&rstart=" . $c_start); } } echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'"); if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.*,tcu.* FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp DESC LIMIT " . $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } echo "<table width='100%' cellspacing='1' cellpadding='0'>\n"; while ($data = dbarray($result)) { echo "<tr><td class='tbl2' rowspan='2' width='1'>\n"; if ($data['user_avatar']) { list($width, $height) = getimagesize(IMAGES . "avatars/" . $data['user_avatar']); $new_width = 70; $new_height = $height * ($new_width / $height); echo "<img src='" . IMAGES . "avatars/" . $data['user_avatar'] . "' alt='' style='width:" . $new_width . "px;height:" . $new_height . "px'>\n"; } else { echo "<img src='" . IMAGES . "noav.gif' alt='' style='width:70px;height:70px'>\n"; } echo "</td>\n<td class='tbl2' style='height:30px;'>"; if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<div style='float:right'>\n<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | "; echo "<a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . showLabel($data['comment_name']) . "</a>\n"; echo "<span class='small'>" . timepassed($data['comment_datestamp']) . "</span></td></tr>\n<tr><td class='tbl1' style='vertical-align:top;'>\n"; echo nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td></tr>\n"; $i++; } echo "</table>"; if (iADMIN && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n"; } } else { echo $locale['uc284'] . "\n"; } }
fallback("download.php"); } $href = "../download.php?did=" . $download->id; $errors = 0; $do_calc_avg = false; $do_calc_comments = false; $do_calc_subscribers = false; if (isset($_POST['do_vote']) && iUSER >= $pdp->settings['bewertungen']) { $do_calc_avg = true; $ok = dbquery("INSERT INTO " . DB_PDP_VOTES . "\n\t\tSET\n\t\tdownload_id='" . $download->id . "',\n\t\tuser_id='" . $userdata['user_id'] . "',\n\t\tvote_opt='" . intval($_POST['vote']) . "'"); } elseif (isset($_POST['del_vote']) && iUSER >= $pdp->settings['bewertungen']) { $do_calc_avg = true; $ok = dbquery("DELETE FROM " . DB_PDP_VOTES . "\n\t\tWHERE download_id='" . $download->id . "'\n\t\t\tAND user_id='" . $userdata['user_id'] . "'"); } elseif (isset($_POST['add_comment']) && iUSER >= $pdp->settings['kommentare']) { $do_calc_comments = true; $c_text = trim(stripinput(censorwords($_POST['comm_text']))); if (empty($c_text)) { $download->fallback_download(); } $c_smileys = isset($_POST['disable_smileys']) ? "0" : "1"; if (iMEMBER) { $c_user = $userdata['user_id']; $c_name = $userdata['user_name']; } else { $c_user = "******"; $c_name = trim(stripinput($_POST['comment_name'])); if (!pdp_check_captcha()) { fallback($href . "&comm_user="******"&comm_text=" . urlencode($c_text) . "&comm_smileys=" . $c_smileys . '&wrong_captcha=1' . '#new_comment'); } } $ok = dbquery("INSERT INTO " . DB_PDP_COMMENTS . "\n\t\tSET\n\t\tdownload_id='" . $download->id . "',\n\t\tuser_id='" . $c_user . "',\n\t\tcomment_user_name='" . $c_name . "',\n\t\tcomment_text='" . $c_text . "',\n\t\tcomment_timestamp='" . time() . "',\n\t\tcomment_ip='" . USER_IP . "',\n\t\tcomment_smileys='" . $c_smileys . "'");
echo $locale['m4n_022']; ?> </p> </div> <?php $result = dbquery("\r\n\tSELECT a.m4n_id, a.m4n_user, a.m4n_text, u.user_id, u.user_name, u.user_status \r\n\tFROM " . DB_CONDOLENCES . " a \r\n\tLEFT JOIN " . DB_USERS . " u ON u.user_id=a.m4n_user \r\n\tWHERE a.m4n_status = '1' \r\n\tORDER BY m4n_datestamp \r\n\tDESC LIMIT {$rowstart},{$limit}\r\n"); opentable($locale['m4n_001']); if (dbrows($result)) { ?> <div class="grid_12 tbl-border alpha"> <?php while ($data = dbarray($result)) { ?> <?php $text = nl2br(censorwords($data['m4n_text'])); ?> <blockquote style="margin:40px"> <p><?php echo preg_replace('/\\[\\/?[a-z(=|#)?0-9]+\\]/si', '', $text); ?> </p> <cite>– <?php echo profile_link($data['user_id'], $data['user_name'], $data['user_status']); ?> </cite> </blockquote> <?php } ?> <?php
if ($reply_count > $posts_per_page) { $_GET['rowstart'] = (ceil($reply_count / $posts_per_page) - 1) * $posts_per_page; } } $caption = $fdata['forum_cat_name'] . " :: <a href='viewforum.php?forum_id=" . $fdata['forum_id'] . "'>" . $fdata['forum_name'] . "</a>"; if (iMEMBER && isset($_POST['cast_vote']) && (isset($_POST['poll_option']) && isnum($_POST['poll_option']))) { $result = dbquery("SELECT * FROM " . DB_FORUM_POLL_VOTERS . " WHERE forum_vote_user_id='" . $userdata['user_id'] . "' AND thread_id='" . $_GET['thread_id'] . "'"); if (!dbrows($result)) { $result = dbquery("UPDATE " . DB_FORUM_POLL_OPTIONS . " SET forum_poll_option_votes=forum_poll_option_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "' AND forum_poll_option_id='" . $_POST['poll_option'] . "'"); $result = dbquery("UPDATE " . DB_FORUM_POLLS . " SET forum_poll_votes=forum_poll_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "'"); $result = dbquery("INSERT INTO " . DB_FORUM_POLL_VOTERS . " (thread_id, forum_vote_user_id, forum_vote_user_ip) VALUES ('" . $_GET['thread_id'] . "', '" . $userdata['user_id'] . "', '" . USER_IP . "')"); } redirect(FUSION_SELF . "?thread_id=" . $_GET['thread_id']); } if (iMEMBER && $can_reply && !$fdata['thread_locked'] && isset($_POST['postquickreply'])) { $message = stripinput(censorwords($_POST['message'])); if ($message != "") { require_once INCLUDES . "flood_include.php"; if (!flood_control("post_datestamp", DB_POSTS, "post_author='" . $userdata['user_id'] . "'")) { $sig = $userdata['user_sig'] ? '1' : '0'; $smileys = isset($_POST['disable_smileys']) || preg_match("#\\[code\\](.*?)\\[/code\\]#si", $message) ? "0" : "1"; $result = dbquery("INSERT INTO " . DB_POSTS . " (forum_id, thread_id, post_message, post_showsig, post_smileys, post_author, post_datestamp, post_ip, post_edituser, post_edittime) VALUES ('" . $fdata['forum_id'] . "', '" . $_GET['thread_id'] . "', '{$message}', '{$sig}', '{$smileys}', '" . $userdata['user_id'] . "', '" . time() . "', '" . USER_IP . "', '0', '0')"); $newpost_id = mysql_insert_id(); $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastuser='******'user_id'] . "' WHERE forum_id='" . $fdata['forum_id'] . "'"); $result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $newpost_id . "', thread_postcount=thread_postcount+1, thread_lastuser='******'user_id'] . "' WHERE thread_id='" . $_GET['thread_id'] . "'"); $result = dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $userdata['user_id'] . "'"); redirect("postify.php?post=reply&error=0&forum_id=" . $fdata['forum_id'] . "&thread_id=" . $_GET['thread_id'] . "&post_id={$newpost_id}"); } else { redirect("viewthread.php?thread_id=" . $_GET['thread_id']); } }
} if (isset($_POST['action']) && $_POST['action'] == "add") { $comment_message = trim(stripinput(censorwords(iconv("UTF-8", $locale['charset'], $_POST['message'])))); $comment_name = trim(stripinput(censorwords($_POST['name']))); $comment_itemid = $_POST['cid']; $comment_type = $_POST['ctype']; $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_name, comment_message, comment_datestamp, comment_item_id, comment_type) VALUES ('" . $comment_name . "', '" . $comment_message . "', '" . time() . "', '" . $comment_itemid . "', '" . $comment_type . "')"); $result = array('cid' => $comment_itemid, 'ctype' => $comment_type); print json_encode($result); } if (isset($_POST['action']) && $_POST['action'] == "delete") { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_POST['commentid'] . "' AND comment_name='" . $userdata['user_id'] . "'")) { $info = dbarray(dbquery("SELECT comment_item_id, comment_type FROM " . DB_COMMENTS . " WHERE comment_id='" . $_POST['commentid'] . "'")); $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_POST['commentid'] . "'"); $result = array('cid' => $info['comment_item_id'], 'ctype' => $info['comment_type']); print json_encode($result); } } if (isset($_POST['action']) && $_POST['action'] == "get_edit" && isset($_POST['commentid']) && isnum($_POST['commentid'])) { $data = dbarray(dbquery("SELECT comment_id, comment_message FROM " . DB_COMMENTS . " WHERE comment_id='" . $_POST['commentid'] . "'")); $result = array('comment_id' => $data['comment_id'], 'comment_message' => iconv($locale['charset'], "UTF-8", $data['comment_message'])); print json_encode($result); } if (isset($_POST['action']) && $_POST['action'] == "save_edit" && isset($_POST['commentid']) && isnum($_POST['commentid'])) { $comment_message = trim(stripinput(censorwords(iconv("UTF-8", $locale['charset'], $_POST['message'])))); $comment_itemid = $_POST['cid']; $comment_type = $_POST['ctype']; $update = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "' WHERE comment_id='" . $_POST['commentid'] . "'"); $result = array('cid' => $comment_itemid, 'ctype' => $comment_type); print json_encode($result); }
<?php } ?> </div> </div> <div id="testimonials" class="grid_8 omega"> <?php $result = dbquery("\r\n\tSELECT user_id, user_name, user_status, user_testimonial \r\n\tFROM " . DB_USERS . " \r\n\tWHERE user_status = '0' \r\n\tAND user_testimonial !='' \r\n\tAND user_approve !='1'\r\n\tORDER BY RAND() LIMIT 10\r\n"); ?> <h2>Testimonials</h2> <?php while ($data = dbarray($result)) { ?> <?php $text = nl2br(censorwords($data['user_testimonial'])); ?> <blockquote> <p><?php echo trimlink($text, 44); ?> </p> <cite>– <?php echo profile_link($data['user_id'], $data['user_name'], $data['user_status']); ?> </cite> </blockquote> <?php } ?> </div> <?php
+--------------------------------------------------------*/ if (!defined("IN_FUSION")) { die("Access Denied"); } if ($profile_method == "input") { add_to_head("<style type='text/css'>\r\n.countx {\r\n\tcolor: red;\r\n}\r\n.exceed{\r\n\tpadding: 2px;\r\n\tbackground-color: #ffefef;\r\n\tcolor: #400;\r\n\twidth: 295px;\r\n\tborder: 1px solid #faa;\r\n}\r\n</style>"); echo "<tr>\n"; echo "<td valign='top' class='tbl'>" . $locale['uf_testimonial'] . "<br /><br /><span class='small'><i>" . $locale['uf_testimonial_005'] . "</i></span></td>\n"; echo "<td class='tbl'>\r\n\t<div class='small'>" . $locale['uf_testimonial_002'] . "<strong>120</strong></div>\r\n <div class='small'>" . $locale['uf_testimonial_003'] . "<strong id='counter'>0</strong></div>\r\n\t<textarea id='testim' name='user_testimonial' onkeyup='maxlength(120);' onfocus='maxlength(120);' cols='60' rows='3' style='width:295px'>" . (isset($user_data['user_testimonial']) ? $user_data['user_testimonial'] : "") . "</textarea>\r\n\t<div id='exceed' style='display: none' class='exceed'>" . $locale['uf_testimonial_004'] . "</div>\n"; echo "</td>\n"; echo "</tr>\n"; } elseif ($profile_method == "display") { // Not shown in profile } elseif ($profile_method == "validate_insert") { $db_fields .= ", user_testimonial"; $db_values .= ", '" . (isset($_POST['user_testimonial']) ? stripinput(trim(censorwords($_POST['user_testimonial']))) : "") . "'"; } elseif ($profile_method == "validate_update") { $db_values .= ", user_testimonial='" . (isset($_POST['user_testimonial']) ? stripinput(trim($_POST['user_testimonial'])) : "") . "'"; } ?> <script type='text/javascript'> function maxlength(input) { var length = parseInt(input); if (length) { tmplen = document.inputform.testim.value.length; document.getElementById("counter").innerHTML = tmplen; if (length < tmplen) { if (document.layers) { document.layers["counter"].className = 'countx';
function comments($ctype, $cdb, $ccol, $cid, $clink) { global $db_prefix, $userdata, $rowstart, $locale; if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (dbrows(dbquery("SELECT {$ccol} FROM " . DB_PREFIX . "{$cdb} WHERE {$ccol}='{$cid}'")) == 0) { header("Location:" . BASEDIR . "index.php"); } if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isNum($comment_name)) { $comment_name = ""; } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); $comment_smileys = isset($_POST['disable_smileys']) ? "0" : "1"; if ($comment_name != "" && $comment_message != "") { $result = dbquery("INSERT INTO " . DB_PREFIX . "comments VALUES('', '{$cid}', '{$ctype}', '{$comment_name}','{$comment_message}','1', '" . time() . "', '" . USER_IP . "')"); } redirect($clink); } opentable($locale['KOM100']); $result = dbquery("SELECT * FROM " . $db_prefix . "comments WHERE comment_type='G' AND comment_item_id='{$cid}' ORDER BY comment_datestamp DESC"); if (dbrows($result) != 0) { $i = 0; echo "<table cellpadding='0' cellspacing='1' width='98%' class='tbl-border'>\n"; while ($data = dbarray($result)) { echo "<tr>\n<td class='" . ($i % 2 == 0 ? "tbl1" : "tbl2") . "'><span class='comment-name'>\n"; $avatar = dbquery("SELECT * FROM " . $db_prefix . "users WHERE user_id='{$data['comment_name']}'"); $avatar1 = dbarray($avatar); echo ' <script> function profile() { opener.location.href="' . BASEDIR . 'profile.php?lookup=' . $data['comment_name'] . '"; window.close(); } </script> '; if ($avatar1['user_avatar'] != "") { echo '<a href="#" onClick="profile()"><img height="50" width="50" border ="0" src="' . IMAGES . 'avatars/' . $avatar1['user_avatar'] . '"></a>'; } else { echo '<a href="#" onClick="profile()"><img height="50" width="50" border="0" src="' . INFUSIONS . 'varcade/img/noav.gif"></a>'; } if ($data['comment_name']) { echo '<a href="#" onClick="profile()">' . $avatar1['user_name'] . '</a><br>'; } else { echo '<a href="#" onClick="profile()">' . $data['comment_name'] . '</a><br>'; } echo "</span><span class='small'>" . showdate("longdate", $data['comment_datestamp']) . ""; if (iADMIN) { echo "<br><a href='" . FUSION_SELF . "?deletemsg=" . $data['comment_id'] . "&&hideout=" . $data['comment_item_id'] . "'>" . $locale['KOM101'] . "</a>"; } echo "</span><br><HR>\n" . parsesmileys(parseubb($data['comment_message'])) . " </td>\n"; echo "</tr>\n"; $i++; } echo "</table>\n"; echo "<div align='center' style='margin-top:5px;'>\n</div>\n"; } else { echo "'" . $locale['KOM102'] . "'\n"; } if (iMEMBER || $settings['guestposts'] == "1") { echo $locale['KOM103']; echo "<form name='inputform' method='post' action='{$clink}'>\n<table align='center' cellspacing='0' cellpadding='0' width='98%' class='tbl2'>\n"; if (iGUEST) { echo "<tr><td>" . $locale['KOM104'] . "</td>\n</tr>\n<tr>\n<td><input type='text' name='comment_name' maxlength='30' class='textbox' style='width:100%;'></td>\n</tr>\n"; } echo "<tr>\n<td align='center'><textarea name='comment_message' rows='6' class='textbox' style='width:400px'></textarea><br>\n<input type='button' value='b' class='button' style='font-weight:bold;width:25px;' onClick=\"addText('comment_message', '[b]', '[/b]');\">\n<input type='button' value='i' class='button' style='font-style:italic;width:25px;' onClick=\"addText('comment_message', '[i]', '[/i]');\">\n<input type='button' value='u' class='button' style='text-decoration:underline;width:25px;' onClick=\"addText('comment_message', '[u]', '[/u]');\">\n<input type='button' value='url' class='button' style='width:30px;' onClick=\"addText('comment_message', '[url]', '[/url]');\">\n<input type='button' value='mail' class='button' style='width:35px;' onClick=\"addText('comment_message', '[mail]', '[/mail]');\">\n<input type='button' value='img' class='button' style='width:30px;' onClick=\"addText('comment_message', '[img]', '[/img]');\">\n<input type='button' value='center' class='button' style='width:45px;' onClick=\"addText('comment_message', '[center]', '[/center]');\">\n<input type='button' value='small' class='button' style='width:40px;' onClick=\"addText('comment_message', '[small]', '[/small]');\">\n<input type='button' value='code' class='button' style='width:40px;' onClick=\"addText('comment_message', '[code]', '[/code]');\">\n<input type='button' value='quote' class='button' style='width:45px;' onClick=\"addText('comment_message', '[quote]', '[/quote]');\">\n<br><br>\n" . displaysmileys("comment_message") . "\n</tr>\n<tr>\n<td><br><br><center>\n<input type='submit' name='post_comment' value='" . $locale['KOM105'] . "' class='button'></td>\n</center>\n</tr>\n</table>\n</form>\n"; } else { echo $locale['KOM106'] . "\n"; } closetable(); }
$sicherheit = 1; if (iGUEST && $settings['display_validation'] == "1") { $securimage = new Securimage(); if (!isset($_POST['captcha_code']) || $securimage->check($_POST['captcha_code']) == false) { $sicherheit = 0; } } $name = isset($_POST['name']) ? stripinput($_POST['name']) : 0; $ort = isset($_POST['ort']) ? stripinput($_POST['ort']) : 0; $interpreter = isset($_POST['interpreter']) ? stripinput($_POST['interpreter']) : ""; $title = isset($_POST['title']) ? stripinput($_POST['title']) : ""; if (isset($_POST['gruss'])) { $gruss = str_replace("\n", " ", $_POST['gruss']); $gruss = preg_replace("/^(.{255}).*\$/", "\$1", $gruss); $gruss = preg_replace("/([^\\s]{25})/", "\$1\n", $gruss); $gruss = trim(stripinput(censorwords($gruss))); $gruss = str_replace("\n", "<br />", $gruss); } else { $gruss = 0; } if ($sicherheit && $name && $ort && $gruss) { $result = dbquery("INSERT INTO " . DB_GR_RADIOSTATUS_GRUSSBOX . " (rsgb_userip, rsgb_username, rsgb_ort, rsgb_title, rsgb_interpreter, rsgb_gruss, rsgb_time, rsgb_status, rsgb_stream) VALUES('" . USER_IP . "', '" . $name . "', '" . $ort . "', '" . $title . "', '" . $interpreter . "', '" . $gruss . "', '" . time() . "', '1', '" . $_GET['id'] . "')"); redirect(FUSION_SELF . "?id=" . $_GET['id'] . "&error=0"); } else { redirect(FUSION_SELF . "?id=" . $_GET['id'] . "&error=1"); } } else { opentable($data['rs_name'] . $locale['grrs_41']); if (checkgroup($data['rs_gaccess'])) { echo "<a href='" . FUSION_SELF . "?id=" . $_GET['id'] . "&admin'>Admin</a><br />"; }
if (iMEMBER) { if ($subject != "" && $message != "") { require_once INCLUDES . "flood_include.php"; if (!flood_control("post_datestamp", DB_POSTS, "post_author='" . $userdata['user_id'] . "'")) { $result = dbquery("INSERT INTO " . DB_THREADS . " (forum_id, thread_subject, thread_author, thread_views, thread_lastpost, thread_lastpostid, thread_lastuser, thread_postcount, thread_poll, thread_sticky, thread_locked) VALUES('" . $_GET['forum_id'] . "', '{$subject}', '" . $userdata['user_id'] . "', '0', '" . time() . "', '0', '" . $userdata['user_id'] . "', '1', '" . $thread_poll . "', '" . $sticky_thread . "', '" . $lock_thread . "')"); $thread_id = mysql_insert_id(); $result = dbquery("INSERT INTO " . DB_POSTS . " (forum_id, thread_id, post_message, post_showsig, post_smileys, post_author, post_datestamp, post_ip, post_edituser, post_edittime) VALUES ('" . $_GET['forum_id'] . "', '" . $thread_id . "', '" . $message . "', '" . $sig . "', '" . $smileys . "', '" . $userdata['user_id'] . "', '" . time() . "', '" . USER_IP . "', '0', '0')"); $post_id = mysql_insert_id(); $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastuser='******'user_id'] . "' WHERE forum_id='" . $_GET['forum_id'] . "'"); $result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpostid='" . $post_id . "' WHERE thread_id='" . $thread_id . "'"); $result = dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $userdata['user_id'] . "'"); if ($settings['thread_notify'] && isset($_POST['notify_me'])) { $result = dbquery("INSERT INTO " . DB_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $thread_id . "', '" . time() . "', '" . $userdata['user_id'] . "', '1')"); } if ($fdata['forum_poll'] && checkgroup($fdata['forum_poll']) && $thread_poll) { $poll_title = trim(stripinput(censorwords($_POST['poll_title']))); if ($poll_title && (isset($poll_opts) && is_array($poll_opts))) { $result = dbquery("INSERT INTO " . DB_FORUM_POLLS . " (thread_id, forum_poll_title, forum_poll_start, forum_poll_length, forum_poll_votes) VALUES('" . $thread_id . "', '" . $poll_title . "', '" . time() . "', '0', '0')"); $forum_poll_id = mysql_insert_id(); $i = 1; foreach ($poll_opts as $poll_option) { $result = dbquery("INSERT INTO " . DB_FORUM_POLL_OPTIONS . " (thread_id, forum_poll_option_id, forum_poll_option_text, forum_poll_option_votes) VALUES('" . $thread_id . "', '" . $i . "', '" . $poll_option . "', '0')"); $i++; } } } if ($fdata['forum_attach'] && checkgroup($fdata['forum_attach'])) { $attach = $_FILES['attach']; if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) { $attachname = substr($attach['name'], 0, strrpos($attach['name'], ".")); $attachext = strtolower(strrchr($attach['name'], "."));
$post_edit_time = 0; $reason = ""; } elseif ($settings['forum_editpost_to_lastpost']) { $post_edit_time = time(); $reason = trim(stripinput(censorwords($_POST['edit_reason']))); $lastPost = dbcount("(thread_id)", DB_THREADS, "thread_lastpostid='" . $_GET['post_id'] . "'"); if ($lastPost > 0) { $result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpost='" . $post_edit_time . "' WHERE thread_id='" . $_GET['thread_id'] . "'"); } $forum_lastpost = dbarray(dbquery("SELECT post_id FROM " . DB_POSTS . " WHERE forum_id='" . $_GET['forum_id'] . "' ORDER BY post_id DESC LIMIT 1")); if ($forum_lastpost['post_id'] == $_GET['post_id']) { $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . $post_edit_time . "' WHERE forum_id='" . $_GET['forum_id'] . "'"); } } else { $post_edit_time = time(); $reason = trim(stripinput(censorwords($_POST['edit_reason']))); } } $result = dbquery("UPDATE " . DB_POSTS . " SET\n\t\t\t\t\t\tpost_message='" . $message . "',\n\t\t\t\t\t\tpost_showsig='" . $updateSig . "',\n\t\t\t\t\t\tpost_smileys='" . $smileys . "',\n\t\t\t\t\t\tpost_edituser='******'user_id'] . "',\n\t\t\t\t\t\tpost_edittime='" . $post_edit_time . "',\n\t\t\t\t\t\tpost_editreason='" . $reason . "',\n\t\t\t\t\t\tpost_locked='" . $post_locked . "'\n\t\t\t\t\tWHERE post_id='" . $_GET['post_id'] . "'"); if ($pdata['first_post'] == $_GET['post_id'] && $subject != "") { $result = dbquery("UPDATE " . DB_THREADS . " SET thread_subject='" . $subject . "' WHERE thread_id='" . $_GET['thread_id'] . "'"); } foreach ($_POST as $key => $value) { if (!strstr($key, "delete_attach")) { continue; } $key = str_replace("delete_attach_", "", $key); $result = dbquery("SELECT * FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . $_GET['post_id'] . "' AND attach_id='" . (isnum($key) ? $key : 0) . "'"); if (dbrows($result) != 0 && $value) { $adata = dbarray($result); unlink(FORUM . "attachments/" . $adata['attach_name']);
$archive_shout_name = $userdata['user_id']; } elseif ($shout_settings['guest_shouts'] == "1") { $archive_shout_name = trim(stripinput($_POST['archive_shout_name'])); $archive_shout_name = preg_replace("(^[+0-9\\s]*)", "", $archive_shout_name); if (isnum($archive_shout_name)) { $archive_shout_name = ""; } include_once INCLUDES . "captchas/securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['captcha_code']) || $securimage->check($_POST['captcha_code']) == false) { redirect($link); } } $archive_shout_message = str_replace("\n", " ", $_POST['archive_shout_message']); $archive_shout_message = preg_replace("/^(.{255}).*\$/", "\$1", $archive_shout_message); $archive_shout_message = trim(stripinput(censorwords($archive_shout_message))); if (iMEMBER && (isset($_GET['action']) && $_GET['action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) { $comment_updated = false; if (iADMIN && checkrights("S") || iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='" . $_GET['shout_id'] . "' AND shout_name='" . $userdata['user_id'] . "' AND shout_hidden='0'")) { if ($archive_shout_message) { $result = dbquery("UPDATE " . DB_SHOUTBOX . " SET shout_message='{$archive_shout_message}' WHERE shout_id='" . $_GET['shout_id'] . "'" . (iADMIN ? "" : " AND shout_name='" . $userdata['user_id'] . "'")); } } redirect(FUSION_SELF); } elseif ($archive_shout_name && $archive_shout_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_SHOUTBOX . " (shout_name, shout_message, shout_datestamp, shout_ip, shout_ip_type, shout_hidden" . (multilang_table("SB") ? ", shout_language)" : ")") . " VALUES ('{$archive_shout_name}', '{$archive_shout_message}', '" . time() . "', '" . USER_IP . "', '" . USER_IP_TYPE . "', '0'" . (multilang_table("SB") ? ", '" . LANGUAGE . "')" : ")")); } redirect(FUSION_SELF); }
function showcomments_avatar($ctype, $cdb, $ccol, $cid, $clink, $seo_root_link = "", $a = "-", $seo_catid = "", $b = "-page-", $rowstart = "", $c = "-", $seo_subject = "") { // Pimped global $settings, $locale, $userdata, $aidlink; if (URL_REWRITE && $seo_root_link != "") { $seo_link = $seo_root_link . $a . $seo_catid . $c . clean_subject_urlrewrite($seo_subject) . ".html"; } // Pimped $link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : ""); $link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_name='" . (int) $userdata['user_id'] . "'")) { $result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'")); } redirect($clink); } if ($settings['comments_enabled'] == "1") { if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) { if (iMEMBER) { $comment_name = $userdata['user_id']; } elseif ($settings['guestposts'] == "1") { $comment_name = trim(stripinput($_POST['comment_name'])); $comment_name = preg_replace("(^[0-9]*)", "", $comment_name); if (isnum($comment_name)) { $comment_name = ""; } include_once INCLUDES . "securimage/securimage.php"; $securimage = new Securimage(); if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) { redirect($link); } } $comment_message = trim(stripinput(censorwords($_POST['comment_message']))); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $comment_updated = false; if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_name='" . (int) $userdata['user_id'] . "' AND comment_hidden='0'")) { if ($comment_message) { $result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message=" . _db($comment_message) . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'")); $comment_updated = true; } } if ($comment_updated) { $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10; } redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } else { if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) { redirect(BASEDIR . "index.php"); } if ($comment_name && $comment_message) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { $result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip, comment_hidden) VALUES (" . _db($cid) . ", " . _db($ctype) . ", " . _db($comment_name) . ", " . _db($comment_message) . ", '" . time() . "', '" . USER_IP . "', '0')"); } } $c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . (int) $cid . "' AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10; redirect($clink . "&c_start=" . $c_start); } } opentable($locale['c100']); echo "<a id='comments' name='comments'></a>"; $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > 10) { $_GET['c_start'] = (ceil($c_rows / 10) - 1) * 10; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_datestamp, tcm.comment_message,\r\n\t\t\ttcu.user_name, tcu.user_avatar, tcu.user_id, tcu.user_level, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp ASC LIMIT " . (int) $_GET['c_start'] . ",10"); if (dbrows($result)) { $i = $_GET['c_start'] + 1; if ($c_rows > 10) { echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n"; } echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n"; while ($data = dbarray($result)) { echo "<tr><td class='tbl2' width='10%' align='center'>\n"; if ($data['user_name']) { echo "<span class='comment-name'>" . profile_link($data['comment_name'], $data['user_name'], $data['user_status']) . "</span>\n"; } else { echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n"; } echo "</td>\n"; echo "<td class='tbl2'>\n<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n"; echo "<div style='float:right' class='comment_actions'>"; if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) { echo "<!--comment_actions-->\n<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n"; echo "<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a> |\n"; } echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a></div>\n"; echo "</td>\n"; echo "</tr>\n<tr>\n"; $avatar = $data['user_avatar'] != "" && file_exists(IMAGES_AVA . $data['user_avatar']) ? IMAGES_AVA . $data['user_avatar'] : IMAGES_AVA . "noavatar.jpg"; echo "<td class='tbl1' width='15%'>\n"; echo "<div style='text-align:center;'><img src='" . $avatar . "' width='50' height='50' alt='' /></div><br />\n"; if ($settings['warning_system_comments'] && $data['user_name']) { $points = show_warning_points($data['user_id']); echo "<div class='commentswarnings'>"; echo "<span class='small'><a style='cursor:help;' onclick=\"warning_info();\">" . $locale['WARN200'] . "</a></span> "; echo warning_profile_link("1", $data['user_id'], $points); echo "</div>"; } echo "<span class='small2'>" . $locale['c110'] . number_format(dbcount("(comment_id)", DB_COMMENTS, "comment_name='" . (int) $data['user_id'] . "'")) . "<br />"; echo $locale['c111'] . getuserlevel($data['user_level']) . "</span><br />"; echo "</td>\n"; echo "<td class='tbl2' valign='top'>\n" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td>\n</tr>"; $i++; } echo "\n</table>\n"; if ((iMODERATOR || iADMIN) && checkrights("C")) { echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n"; } if ($c_rows > 10) { echo "<br /><div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n"; } } else { echo $locale['c101'] . "\n"; } closetable(); opentable($locale['c102']); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { $eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name FROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'"); if (dbrows($eresult)) { $edata = dbarray($eresult); if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) { $clink .= "&c_action=edit&comment_id=" . $edata['comment_id']; $comment_message = $edata['comment_message']; } } else { $comment_message = ""; } } else { $comment_message = ""; } if (iMEMBER || $settings['guestposts'] == "1") { require_once INCLUDES . "bbcode_include.php"; echo "<a id='edit_comment' name='edit_comment'></a>\n"; echo "<form name='inputform' method='post' action='" . (URL_REWRITE && $seo_root_link != "" ? $seo_link : $clink) . "'>\n"; // Pimped if (iGUEST) { echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n"; echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n"; echo "</div>\n"; } echo "<div align='center' class='tbl'>\n"; echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n"; echo display_bbcodes("360px", "comment_message"); if (iGUEST) { echo $locale['global_158'] . "<br />\n"; echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n"; echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n"; echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n"; echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n"; } echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n"; echo "</div>\n</form>\n"; } else { echo $locale['c105'] . "\n"; } closetable(); } }
/** * validate and sanitize a text * accepts only 50 characters + @ + 4 characters * returns str the sanitized input or bool FALSE * if safemode is set and the check fails */ protected function verify_text() { if (is_array($this->field_value)) { $vars = array(); foreach ($this->field_value as $val) { $vars[] = stripinput(trim(preg_replace("/ +/i", " ", censorwords($val)))); } // set options for checking on delimiter, and default is pipe (json,serialized val) $delimiter = !empty($this->field_config['delimiter']) ? $this->field_config['delimiter'] : "|"; $value = implode($delimiter, $vars); } else { $value = stripinput(trim(preg_replace("/ +/i", " ", censorwords($this->field_value)))); // very strong sanitization. } if ($this->field_config['required'] && !$value) { self::setInputError($this->field_name); } if ($this->field_config['safemode'] && !preg_check("/^[-0-9A-Z_@\\s]+\$/i", $value)) { return FALSE; } else { return $value; } }
opentable($locale['m4n_020']); $result = dbquery("SELECT a.m4n_id, a.m4n_user, a.m4n_status, a.m4n_admin, a.m4n_text, a.m4n_datestamp, u.user_id, u.user_name, u.user_status\r\n\t\t\tFROM " . DB_CONDOLENCES . " a\r\n\t\t\tLEFT JOIN " . DB_USERS . " u ON u.user_id=a.m4n_user \r\n\t\t\tWHERE a.m4n_status = '2'\r\n\t\t\tORDER BY m4n_datestamp\r\n\t\t\tDESC LIMIT 0,{$limit}\r\n\t\t"); echo "<table border='0' width='100%' class='tbl-border'>\n<tr>\n"; echo "<th class='forum-caption' colspan='5'>" . $locale['m4n_020'] . "</th>\n"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1'>" . $locale['m4n_016'] . "</td>\n"; echo "<td class='tbl1'>" . $locale['m4n_017'] . "</td>\n"; echo "<td class='tbl1'>" . $locale['m4n_018'] . "</td>\n"; echo "<td class='tbl1'>" . $locale['m4n_013'] . "</td>\n"; echo "<td class='tbl1'>" . $locale['m4n_027'] . "</td>\n"; echo "</tr>\n"; if (dbrows($result)) { while ($datab = dbarray($result)) { echo "<tr>\n<td class='tbl2' valign='top'>" . profile_link($datab['user_id'], $datab['user_name'], $datab['user_status']) . "</td>\n"; echo "<td class='tbl2'>"; $text = nl2br(parseubb(censorwords($datab['m4n_text']))); echo isset($text) ? $text : ""; echo "</td>\n"; echo "<td class='tbl2' valign='top'>" . showdate("%d/%m/%Y", $datab['m4n_datestamp']) . "</td>\n"; $get_admin = dbarray(dbquery("SELECT user_id, user_name, user_status FROM " . DB_USERS . " WHERE user_id = '" . $datab['m4n_admin'] . "'")); echo "<td class='tbl2' valign='top'>" . profile_link($get_admin['user_id'], $get_admin['user_name'], $get_admin['user_status']) . "</td>\n"; echo "<td class='tbl2' valign='top'><a href='" . FUSION_SELF . $aidlink . "&action=1&action_id=" . $datab['m4n_id'] . "'>" . $locale['m4n_028'] . "</a></td>\n"; echo "</tr>\n"; } } else { echo "<tr>\n<td class='tbl1' colspan='5' align='center'>" . $locale['m4n_021'] . "</td>\n</tr>\n"; } echo "</table>\n"; closetable(); if ($counter > $limit) { echo "<div align='center' style='margin-top:5px;'>\n" . makePageNav($rowstart, $limit, $counter, 3, FUSION_SELF . $aidlink . "&") . "</div>";