function showcomments($ctype, $cdb, $ccol, $cid, $clink)
{
global $settings, $locale, $userdata, $aidlink;
$link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "");
$link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link);
$cpp = $settings['comments_per_page'];
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
$result = dbquery("DELETE FROM " . DB_COMMENTS . "\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'"));
}
redirect($clink . ($settings['comments_sorting'] == "ASC" ? "" : "&c_start=0"));
}
if ($settings['comments_enabled'] == "1") {
if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
if (iMEMBER) {
$comment_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
if (!isset($_POST['comment_name'])) {
redirect($link);
}
$comment_name = trim(stripinput($_POST['comment_name']));
$comment_name = preg_replace("(^[+0-9\\s]*)", "", $comment_name);
if (isnum($comment_name)) {
$comment_name = "";
}
$_CAPTCHA_IS_VALID = FALSE;
include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_check.php";
if (!isset($_POST['captcha_code']) || $_CAPTCHA_IS_VALID == FALSE) {
redirect($link);
}
}
$comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$comment_updated = FALSE;
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_name='" . $userdata['user_id'] . "'\r\n\t\t\t\t\t\tAND comment_hidden='0'")) {
if ($comment_message) {
$result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "'\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\r\n\t\t\t\t\t\t\t\t\t\t\tAND comment_name='" . $userdata['user_id'] . "'"));
$comment_updated = TRUE;
}
}
if ($comment_updated) {
if ($settings['comments_sorting'] == "ASC") {
$c_operator = "<=";
} else {
$c_operator = ">=";
}
$c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $_GET['comment_id'] . "'\r\n\t\t\t\t\t\t\t\tAND comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'");
$c_start = (ceil($c_count / $cpp) - 1) * $cpp;
}
redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
} else {
if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
redirect(BASEDIR . "index.php");
}
if ($comment_name && $comment_message) {
require_once INCLUDES . "flood_include.php";
if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
$result = dbquery("INSERT INTO " . DB_COMMENTS . " (\r\n\t\t\t\t\t\t\t\tcomment_item_id, comment_type, comment_name, comment_message, comment_datestamp,\r\n\t\t\t\t\t\t\t\tcomment_ip, comment_ip_type, comment_hidden\r\n\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t'" . $cid . "', '" . $ctype . "', '" . $comment_name . "', '" . $comment_message . "', '" . time() . "',\r\n\t\t\t\t\t\t\t\t'" . USER_IP . "', '" . USER_IP_TYPE . "', '0'\r\n\t\t\t\t\t\t\t)");
}
}
if ($settings['comments_sorting'] == "ASC") {
$c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\t\t\t\tAND comment_type='" . $ctype . "'");
$c_start = (ceil($c_count / $cpp) - 1) * $cpp;
} else {
$c_start = 0;
}
redirect($clink . "&c_start=" . $c_start);
}
}
$c_arr = array("c_con" => array(), "c_info" => array("c_makepagenav" => FALSE, "admin_link" => FALSE));
$c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "'\r\n\t\t\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'");
if (!isset($_GET['c_start']) && $c_rows > $cpp) {
$_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp;
}
if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
$_GET['c_start'] = 0;
}
$result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcm.comment_datestamp,\r\n\t\t\t\t\ttcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp " . $settings['comments_sorting'] . " LIMIT " . $_GET['c_start'] . "," . $cpp);
if (dbrows($result)) {
$i = $settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start'];
if ($c_rows > $cpp) {
$c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start");
}
while ($data = dbarray($result)) {
$c_arr['c_con'][$i]['comment_id'] = $data['comment_id'];
$c_arr['c_con'][$i]['edit_dell'] = FALSE;
$c_arr['c_con'][$i]['i'] = $i;
if ($data['user_name']) {
$c_arr['c_con'][$i]['comment_name'] = profile_link($data['comment_name'], $data['user_name'], $data['user_status']);
} else {
$c_arr['c_con'][$i]['comment_name'] = $data['comment_name'];
}
//Add user avatar in comments new feature in v7.02.04
$c_arr['c_con'][$i]['user_avatar'] = display_avatar($data, '80px');
$c_arr['c_con'][$i]['comment_datestamp'] = $locale['global_071'] . showdate("longdate", $data['comment_datestamp']);
$c_arr['c_con'][$i]['comment_message'] = "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($data['comment_message'])));
if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
$c_arr['c_con'][$i]['edit_dell'] = "<!--comment_actions-->\n";
$c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>";
$c_arr['c_con'][$i]['edit_dell'] .= $locale['c108'] . "</a> |\n";
$c_arr['c_con'][$i]['edit_dell'] .= "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "' onclick=\"return confirm('" . $locale['c110'] . "');\">";
$c_arr['c_con'][$i]['edit_dell'] .= $locale['c109'] . "</a>";
}
$settings['comments_sorting'] == "ASC" ? $i++ : $i--;
}
if (iADMIN && checkrights("C")) {
$c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n";
$c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $ctype . "&cid=" . $cid . "'>" . $locale['c106'] . "</a>";
}
}
// Render comments
echo "<a id='comments' name='comments'></a>";
render_comments($c_arr['c_con'], $c_arr['c_info']);
// Add / edit comment
opentable($locale['c102']);
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name\r\n\t\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "'\r\n\t\t\t\t\tAND comment_type='" . $ctype . "' AND comment_hidden='0'");
if (dbrows($eresult)) {
$edata = dbarray($eresult);
if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
$clink .= "&c_action=edit&comment_id=" . $edata['comment_id'];
$comment_message = $edata['comment_message'];
}
} else {
$comment_message = "";
}
} else {
$comment_message = "";
}
if (iMEMBER || $settings['guestposts'] == "1") {
require_once INCLUDES . "bbcode_include.php";
echo "<a id='edit_comment' name='edit_comment'></a>\n";
echo openform('inputform', 'inputform', 'post', $clink);
if (iGUEST) {
echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n";
echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n";
echo "</div>\n";
}
echo "<div class='row'>\n";
echo "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12'>\n";
echo form_textarea('', 'comment_message', 'comment_message', $comment_message, array('required' => 1));
echo display_bbcodes("360px", "comment_message");
if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) {
$_CAPTCHA_HIDE_INPUT = FALSE;
echo "<div style='width:360px; margin:10px auto;'>";
echo $locale['global_150'] . "<br />\n";
include INCLUDES . "captchas/" . $settings['captcha'] . "/captcha_display.php";
if (!$_CAPTCHA_HIDE_INPUT) {
echo "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>";
echo "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n";
}
echo "</div>\n";
}
echo form_button($comment_message ? $locale['c103'] : $locale['c102'], 'post_comment', 'post_comment', $comment_message ? $locale['c103'] : $locale['c102'], array('class' => 'btn btn-primary m-t-10'));
echo "</div>\n</div>\n";
echo closeform();
} else {
echo $locale['c105'] . "\n";
}
closetable();
}
}
echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_148'] . ":</td>"; echo "<td class='tbl1'><a href='mailto:" . $data['app_bill_email'] . "' title='" . $data['app_bill_email'] . "'>" . $data['app_bill_email'] . "</a></td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_146'] . ":</td>"; echo "<td class='tbl1'>" . $data['app_tech_name'] . "</td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_148'] . ":</td>"; echo "<td class='tbl1'><a href='mailto:" . $data['app_tech_email'] . "' title='" . $data['app_tech_email'] . "'>" . $data['app_tech_email'] . "</td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' width='20%'>" . $locale['pla_153'] . ":</td>"; echo "<td class='tbl1' nowrap valign='top'>" . $license_types[$data['app_type']] . "</td>\n"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' align='right' valign='top' width='20%'>" . $locale['pla_113'] . ":</td>"; echo "<td class='quote' valign='top'>"; $text = nl2br(parseubb(censorwords($data['app_text']))); echo isset($text) ? $text : ""; echo "</td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' width='20%'>" . $locale['pla_133'] . ":</td>"; echo "<td class='tbl1' nowrap valign='top'>"; echo "<select name='app_status' class='textbox'>\n"; echo "<option value='0' " . ($app_status == 0 ? "selected" : "") . ">" . $locale['pla_110'] . "</option>\n"; echo "<option value='1' " . ($app_status == 1 ? "selected" : "") . ">" . $locale['pla_135'] . "</option>\n"; echo "<option value='2' " . ($app_status == 2 ? "selected" : "") . ">" . $locale['pla_136'] . "</option>\n"; echo "<option value='3' " . ($app_status == 3 ? "selected" : "") . ">" . $locale['pla_137'] . "</option>\n"; echo "</select>\n</td>\n"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' colspan='2'><hr /></td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1' valign='top' width='20%'>" . $locale['pla_613'] . ":</td>";
function showcomments($ctype, $cdb, $ccol, $cid, $clink)
{
global $settings, $locale, $userdata, $aidlink;
$link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "");
$link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link);
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
$result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
}
redirect($clink);
}
if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
if (iMEMBER) {
$comment_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
$comment_name = trim(stripinput($_POST['comment_name']));
$comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
if (isnum($comment_name)) {
$comment_name = "";
}
include_once INCLUDES . "securimage/securimage.php";
$securimage = new Securimage();
if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) {
redirect($link);
}
}
$comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$comment_updated = false;
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
if ($comment_message) {
$result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
$comment_updated = true;
}
}
if ($comment_updated) {
$c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
}
redirect($clink . "&rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
} else {
if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
redirect(BASEDIR . "index.php");
}
if ($comment_name && $comment_message) {
require_once INCLUDES . "flood_include.php";
if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
$result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')");
}
}
$c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
redirect($clink . "&rstart=" . $c_start);
}
}
opentable($locale['c100']);
echo "<a id='comments' name='comments'></a>";
$c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'");
if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
$_GET['c_start'] = 0;
}
$result = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp ASC LIMIT " . $_GET['c_start'] . ",10");
if (dbrows($result)) {
$i = $_GET['c_start'] + 1;
if ($c_rows > 10) {
echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n";
}
while ($data = dbarray($result)) {
echo "<div class='tbl2'>\n";
if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
echo "<div style='float:right' class='comment_actions'><!--comment_actions-->\n<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n";
echo "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n";
}
echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | ";
if ($data['user_name']) {
echo "<span class='comment-name'><a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . $data['user_name'] . "</a></span>\n";
} else {
echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n";
}
echo "<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n";
echo "</div>\n<div class='tbl1 comment_message'><!--comment_message-->" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</div>\n";
$i++;
}
if (iADMIN && checkrights("C")) {
echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n";
}
if ($c_rows > 10) {
echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n";
}
} else {
echo $locale['c101'] . "\n";
}
closetable();
opentable($locale['c102']);
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'");
if (dbrows($eresult)) {
$edata = dbarray($eresult);
if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
$clink .= "&c_action=edit&comment_id=" . $edata['comment_id'];
$comment_message = $edata['comment_message'];
}
} else {
$comment_message = "";
}
} else {
$comment_message = "";
}
if (iMEMBER || $settings['guestposts'] == "1") {
require_once INCLUDES . "bbcode_include.php";
echo "<a id='edit_comment' name='edit_comment'></a>\n";
echo "<form name='inputform' method='post' action='" . $clink . "'>\n";
if (iGUEST) {
echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n";
echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n";
echo "</div>\n";
}
echo "<div align='center' class='tbl'>\n";
echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n";
echo display_bbcodes("360px", "comment_message");
if (iGUEST) {
echo $locale['global_158'] . "<br />\n";
echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n";
echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n";
echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n";
echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n";
}
echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n";
echo "</div>\n</form>\n";
} else {
echo $locale['c105'] . "\n";
}
closetable();
}
$shout_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
$shout_name = trim(stripinput($_POST['shout_name']));
$shout_name = preg_replace("(^[0-9]*)", "", $shout_name);
if (isnum($shout_name)) {
$shout_name = "";
}
include_once INCLUDES . "securimage/securimage.php";
$securimage = new Securimage();
if (!isset($_POST['sb_captcha_code']) || $securimage->check($_POST['sb_captcha_code']) == false) {
redirect($link);
}
}
$shout_message = str_replace("\n", " ", $_POST['shout_message']);
$shout_message = preg_replace("/^(.{255}).*\$/", "\$1", $shout_message);
$shout_message = trim(stripinput(censorwords($shout_message)));
if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
$comment_updated = false;
if ((iMODERATOR || iADMIN) && checkrights("S") || iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='" . (int) $_GET['shout_id'] . "' AND shout_name='" . $userdata['user_id'] . "'")) {
if ($shout_message) {
$result = dbquery("UPDATE " . DB_SHOUTBOX . " SET shout_message='{$shout_message}' WHERE shout_id='" . (int) $_GET['shout_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND shout_name='" . $userdata['user_id'] . "'"));
}
}
redirect($link);
} elseif ($shout_name && $shout_message) {
require_once INCLUDES . "flood_include.php";
if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='" . USER_IP . "'")) {
$result = dbquery("INSERT INTO " . DB_SHOUTBOX . " (shout_name, shout_message, shout_datestamp, shout_ip, shout_hidden, shout_language) VALUES ('{$shout_name}', '{$shout_message}', '" . time() . "', '" . USER_IP . "', '0', '" . $settings['locale'] . "')");
}
}
redirect($link);
function showcomments($ctype, $cdb, $ccol, $cid, $clink, $ingroup)
{
global $settings, $locale, $userdata, $aidlink;
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$eresult = dbquery("SELECT tcm.*,user_name FROM " . DB_COMMENTS . " tcm\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'");
if (dbrows($eresult)) {
$edata = dbarray($eresult);
if (iADMIN && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
$clink .= "&c_action=edit&comment_id=" . $edata['comment_id'];
$comment_message = $edata['comment_message'];
}
} else {
$comment_message = "";
}
} else {
$comment_message = "";
}
if (iMEMBER && $ingroup) {
add_to_head("<script type='text/javascript'>window.onload=setTimeout(\"hideall()\", 250);\n\t\tfunction hideall(){\n\t\t\tdocument.getElementById('bbcode').style.display='none';\n\t\t}\n\t\tfunction showhide(msg_id) {\n\t\t document.getElementById(msg_id).style.display = document.getElementById(msg_id).style.display == 'none' ? 'block' : 'none';\n\t\t}</script>\n");
require_once INCLUDES . "bbcode_include.php";
echo "<a id='edit_comment' name='edit_comment'></a>\n";
echo "<form name='inputform' method='post' action='" . $clink . "'>\n";
echo "<div align='center'>\n";
echo "<textarea name='comment_message' rows='2' class='textbox' style='width:90%'>" . $comment_message . "</textarea><br />\n";
echo "<input type='submit' name='post_comment' value='" . $locale['uc283'] . "' class='button' /> :: <a onClick='showhide(\"bbcode\")'>" . $locale['uc285'] . "</a>\n";
echo "<div id='bbcode'><br />" . display_bbcodes("360px", "comment_message") . "</div>\n";
echo "</div>\n</form>\n";
} else {
echo "<div align='center'>" . $locale['uc289'] . "</div>\n";
}
echo "</td>\n</tr>\n";
echo "<tr>\n<td class='tbl1' style='padding:6px;'>\n";
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
$result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
}
redirect($clink);
}
if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
if (iMEMBER) {
$comment_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
$comment_name = trim(stripinput($_POST['comment_name']));
$comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
if (isnum($comment_name)) {
$comment_name = "";
}
}
$comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$comment_updated = false;
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
if ($comment_message) {
$result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='{$comment_message}' WHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : " AND comment_name='" . $userdata['user_id'] . "'"));
$comment_updated = true;
}
}
if ($comment_updated) {
$c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
}
redirect($clink . "&rstart=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
} else {
if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
redirect(BASEDIR . "index.php");
}
if ($comment_name && $comment_message) {
require_once INCLUDES . "flood_include.php";
if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
$result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip) VALUES ('{$cid}', '{$ctype}', '{$comment_name}', '{$comment_message}', '" . time() . "', '" . USER_IP . "')");
}
}
$c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "'") / 10) - 1) * 10;
redirect($clink . "&rstart=" . $c_start);
}
}
echo "<a id='comments' name='comments'></a>";
$c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='{$cid}' AND comment_type='{$ctype}'");
if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
$_GET['c_start'] = 0;
}
$result = dbquery("SELECT tcm.*,tcu.* FROM " . DB_COMMENTS . " tcm\n\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n\t\tWHERE comment_item_id='{$cid}' AND comment_type='{$ctype}'\n\t\tORDER BY comment_datestamp DESC LIMIT " . $_GET['c_start'] . ",10");
if (dbrows($result)) {
$i = $_GET['c_start'] + 1;
if ($c_rows > 10) {
echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n";
}
echo "<table width='100%' cellspacing='1' cellpadding='0'>\n";
while ($data = dbarray($result)) {
echo "<tr><td class='tbl2' rowspan='2' width='1'>\n";
if ($data['user_avatar']) {
list($width, $height) = getimagesize(IMAGES . "avatars/" . $data['user_avatar']);
$new_width = 70;
$new_height = $height * ($new_width / $height);
echo "<img src='" . IMAGES . "avatars/" . $data['user_avatar'] . "' alt='' style='width:" . $new_width . "px;height:" . $new_height . "px'>\n";
} else {
echo "<img src='" . IMAGES . "noav.gif' alt='' style='width:70px;height:70px'>\n";
}
echo "</td>\n<td class='tbl2' style='height:30px;'>";
if (iADMIN && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
echo "<div style='float:right'>\n<a href='" . FUSION_REQUEST . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n";
echo "<a href='" . FUSION_REQUEST . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a>\n</div>\n";
}
echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a> | ";
echo "<a href='" . BASEDIR . "profile.php?lookup=" . $data['comment_name'] . "'>" . showLabel($data['comment_name']) . "</a>\n";
echo "<span class='small'>" . timepassed($data['comment_datestamp']) . "</span></td></tr>\n<tr><td class='tbl1' style='vertical-align:top;'>\n";
echo nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td></tr>\n";
$i++;
}
echo "</table>";
if (iADMIN && checkrights("C")) {
echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n";
}
if ($c_rows > 10) {
echo "<div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&") . "</div>\n";
}
} else {
echo $locale['uc284'] . "\n";
}
}
fallback("download.php");
}
$href = "../download.php?did=" . $download->id;
$errors = 0;
$do_calc_avg = false;
$do_calc_comments = false;
$do_calc_subscribers = false;
if (isset($_POST['do_vote']) && iUSER >= $pdp->settings['bewertungen']) {
$do_calc_avg = true;
$ok = dbquery("INSERT INTO " . DB_PDP_VOTES . "\n\t\tSET\n\t\tdownload_id='" . $download->id . "',\n\t\tuser_id='" . $userdata['user_id'] . "',\n\t\tvote_opt='" . intval($_POST['vote']) . "'");
} elseif (isset($_POST['del_vote']) && iUSER >= $pdp->settings['bewertungen']) {
$do_calc_avg = true;
$ok = dbquery("DELETE FROM " . DB_PDP_VOTES . "\n\t\tWHERE download_id='" . $download->id . "'\n\t\t\tAND user_id='" . $userdata['user_id'] . "'");
} elseif (isset($_POST['add_comment']) && iUSER >= $pdp->settings['kommentare']) {
$do_calc_comments = true;
$c_text = trim(stripinput(censorwords($_POST['comm_text'])));
if (empty($c_text)) {
$download->fallback_download();
}
$c_smileys = isset($_POST['disable_smileys']) ? "0" : "1";
if (iMEMBER) {
$c_user = $userdata['user_id'];
$c_name = $userdata['user_name'];
} else {
$c_user = "******";
$c_name = trim(stripinput($_POST['comment_name']));
if (!pdp_check_captcha()) {
fallback($href . "&comm_user="******"&comm_text=" . urlencode($c_text) . "&comm_smileys=" . $c_smileys . '&wrong_captcha=1' . '#new_comment');
}
}
$ok = dbquery("INSERT INTO " . DB_PDP_COMMENTS . "\n\t\tSET\n\t\tdownload_id='" . $download->id . "',\n\t\tuser_id='" . $c_user . "',\n\t\tcomment_user_name='" . $c_name . "',\n\t\tcomment_text='" . $c_text . "',\n\t\tcomment_timestamp='" . time() . "',\n\t\tcomment_ip='" . USER_IP . "',\n\t\tcomment_smileys='" . $c_smileys . "'");
echo $locale['m4n_022'];
?>
</p>
</div>
<?php
$result = dbquery("\r\n\tSELECT a.m4n_id, a.m4n_user, a.m4n_text, u.user_id, u.user_name, u.user_status \r\n\tFROM " . DB_CONDOLENCES . " a \r\n\tLEFT JOIN " . DB_USERS . " u ON u.user_id=a.m4n_user \r\n\tWHERE a.m4n_status = '1' \r\n\tORDER BY m4n_datestamp \r\n\tDESC LIMIT {$rowstart},{$limit}\r\n");
opentable($locale['m4n_001']);
if (dbrows($result)) {
?>
<div class="grid_12 tbl-border alpha">
<?php
while ($data = dbarray($result)) {
?>
<?php
$text = nl2br(censorwords($data['m4n_text']));
?>
<blockquote style="margin:40px">
<p><?php
echo preg_replace('/\\[\\/?[a-z(=|#)?0-9]+\\]/si', '', $text);
?>
</p>
<cite>– <?php
echo profile_link($data['user_id'], $data['user_name'], $data['user_status']);
?>
</cite>
</blockquote>
<?php
}
?>
<?php
if ($reply_count > $posts_per_page) {
$_GET['rowstart'] = (ceil($reply_count / $posts_per_page) - 1) * $posts_per_page;
}
}
$caption = $fdata['forum_cat_name'] . " :: <a href='viewforum.php?forum_id=" . $fdata['forum_id'] . "'>" . $fdata['forum_name'] . "</a>";
if (iMEMBER && isset($_POST['cast_vote']) && (isset($_POST['poll_option']) && isnum($_POST['poll_option']))) {
$result = dbquery("SELECT * FROM " . DB_FORUM_POLL_VOTERS . " WHERE forum_vote_user_id='" . $userdata['user_id'] . "' AND thread_id='" . $_GET['thread_id'] . "'");
if (!dbrows($result)) {
$result = dbquery("UPDATE " . DB_FORUM_POLL_OPTIONS . " SET forum_poll_option_votes=forum_poll_option_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "' AND forum_poll_option_id='" . $_POST['poll_option'] . "'");
$result = dbquery("UPDATE " . DB_FORUM_POLLS . " SET forum_poll_votes=forum_poll_votes+1 WHERE thread_id='" . $_GET['thread_id'] . "'");
$result = dbquery("INSERT INTO " . DB_FORUM_POLL_VOTERS . " (thread_id, forum_vote_user_id, forum_vote_user_ip) VALUES ('" . $_GET['thread_id'] . "', '" . $userdata['user_id'] . "', '" . USER_IP . "')");
}
redirect(FUSION_SELF . "?thread_id=" . $_GET['thread_id']);
}
if (iMEMBER && $can_reply && !$fdata['thread_locked'] && isset($_POST['postquickreply'])) {
$message = stripinput(censorwords($_POST['message']));
if ($message != "") {
require_once INCLUDES . "flood_include.php";
if (!flood_control("post_datestamp", DB_POSTS, "post_author='" . $userdata['user_id'] . "'")) {
$sig = $userdata['user_sig'] ? '1' : '0';
$smileys = isset($_POST['disable_smileys']) || preg_match("#\\[code\\](.*?)\\[/code\\]#si", $message) ? "0" : "1";
$result = dbquery("INSERT INTO " . DB_POSTS . " (forum_id, thread_id, post_message, post_showsig, post_smileys, post_author, post_datestamp, post_ip, post_edituser, post_edittime) VALUES ('" . $fdata['forum_id'] . "', '" . $_GET['thread_id'] . "', '{$message}', '{$sig}', '{$smileys}', '" . $userdata['user_id'] . "', '" . time() . "', '" . USER_IP . "', '0', '0')");
$newpost_id = mysql_insert_id();
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastuser='******'user_id'] . "' WHERE forum_id='" . $fdata['forum_id'] . "'");
$result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $newpost_id . "', thread_postcount=thread_postcount+1, thread_lastuser='******'user_id'] . "' WHERE thread_id='" . $_GET['thread_id'] . "'");
$result = dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $userdata['user_id'] . "'");
redirect("postify.php?post=reply&error=0&forum_id=" . $fdata['forum_id'] . "&thread_id=" . $_GET['thread_id'] . "&post_id={$newpost_id}");
} else {
redirect("viewthread.php?thread_id=" . $_GET['thread_id']);
}
}
}
if (isset($_POST['action']) && $_POST['action'] == "add") {
$comment_message = trim(stripinput(censorwords(iconv("UTF-8", $locale['charset'], $_POST['message']))));
$comment_name = trim(stripinput(censorwords($_POST['name'])));
$comment_itemid = $_POST['cid'];
$comment_type = $_POST['ctype'];
$result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_name, comment_message, comment_datestamp, comment_item_id, comment_type) VALUES ('" . $comment_name . "', '" . $comment_message . "', '" . time() . "', '" . $comment_itemid . "', '" . $comment_type . "')");
$result = array('cid' => $comment_itemid, 'ctype' => $comment_type);
print json_encode($result);
}
if (isset($_POST['action']) && $_POST['action'] == "delete") {
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_POST['commentid'] . "' AND comment_name='" . $userdata['user_id'] . "'")) {
$info = dbarray(dbquery("SELECT comment_item_id, comment_type FROM " . DB_COMMENTS . " WHERE comment_id='" . $_POST['commentid'] . "'"));
$result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . $_POST['commentid'] . "'");
$result = array('cid' => $info['comment_item_id'], 'ctype' => $info['comment_type']);
print json_encode($result);
}
}
if (isset($_POST['action']) && $_POST['action'] == "get_edit" && isset($_POST['commentid']) && isnum($_POST['commentid'])) {
$data = dbarray(dbquery("SELECT comment_id, comment_message FROM " . DB_COMMENTS . " WHERE comment_id='" . $_POST['commentid'] . "'"));
$result = array('comment_id' => $data['comment_id'], 'comment_message' => iconv($locale['charset'], "UTF-8", $data['comment_message']));
print json_encode($result);
}
if (isset($_POST['action']) && $_POST['action'] == "save_edit" && isset($_POST['commentid']) && isnum($_POST['commentid'])) {
$comment_message = trim(stripinput(censorwords(iconv("UTF-8", $locale['charset'], $_POST['message']))));
$comment_itemid = $_POST['cid'];
$comment_type = $_POST['ctype'];
$update = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message='" . $comment_message . "' WHERE comment_id='" . $_POST['commentid'] . "'");
$result = array('cid' => $comment_itemid, 'ctype' => $comment_type);
print json_encode($result);
}
<?php
}
?>
</div>
</div>
<div id="testimonials" class="grid_8 omega">
<?php
$result = dbquery("\r\n\tSELECT user_id, user_name, user_status, user_testimonial \r\n\tFROM " . DB_USERS . " \r\n\tWHERE user_status = '0' \r\n\tAND user_testimonial !='' \r\n\tAND user_approve !='1'\r\n\tORDER BY RAND() LIMIT 10\r\n");
?>
<h2>Testimonials</h2>
<?php
while ($data = dbarray($result)) {
?>
<?php
$text = nl2br(censorwords($data['user_testimonial']));
?>
<blockquote>
<p><?php
echo trimlink($text, 44);
?>
</p>
<cite>– <?php
echo profile_link($data['user_id'], $data['user_name'], $data['user_status']);
?>
</cite> </blockquote>
<?php
}
?>
</div>
<?php
+--------------------------------------------------------*/
if (!defined("IN_FUSION")) {
die("Access Denied");
}
if ($profile_method == "input") {
add_to_head("<style type='text/css'>\r\n.countx {\r\n\tcolor: red;\r\n}\r\n.exceed{\r\n\tpadding: 2px;\r\n\tbackground-color: #ffefef;\r\n\tcolor: #400;\r\n\twidth: 295px;\r\n\tborder: 1px solid #faa;\r\n}\r\n</style>");
echo "<tr>\n";
echo "<td valign='top' class='tbl'>" . $locale['uf_testimonial'] . "<br /><br /><span class='small'><i>" . $locale['uf_testimonial_005'] . "</i></span></td>\n";
echo "<td class='tbl'>\r\n\t<div class='small'>" . $locale['uf_testimonial_002'] . "<strong>120</strong></div>\r\n <div class='small'>" . $locale['uf_testimonial_003'] . "<strong id='counter'>0</strong></div>\r\n\t<textarea id='testim' name='user_testimonial' onkeyup='maxlength(120);' onfocus='maxlength(120);' cols='60' rows='3' style='width:295px'>" . (isset($user_data['user_testimonial']) ? $user_data['user_testimonial'] : "") . "</textarea>\r\n\t<div id='exceed' style='display: none' class='exceed'>" . $locale['uf_testimonial_004'] . "</div>\n";
echo "</td>\n";
echo "</tr>\n";
} elseif ($profile_method == "display") {
// Not shown in profile
} elseif ($profile_method == "validate_insert") {
$db_fields .= ", user_testimonial";
$db_values .= ", '" . (isset($_POST['user_testimonial']) ? stripinput(trim(censorwords($_POST['user_testimonial']))) : "") . "'";
} elseif ($profile_method == "validate_update") {
$db_values .= ", user_testimonial='" . (isset($_POST['user_testimonial']) ? stripinput(trim($_POST['user_testimonial'])) : "") . "'";
}
?>
<script type='text/javascript'>
function maxlength(input) {
var length = parseInt(input);
if (length) {
tmplen = document.inputform.testim.value.length;
document.getElementById("counter").innerHTML = tmplen;
if (length < tmplen) {
if (document.layers) {
document.layers["counter"].className = 'countx';
function comments($ctype, $cdb, $ccol, $cid, $clink)
{
global $db_prefix, $userdata, $rowstart, $locale;
if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
if (dbrows(dbquery("SELECT {$ccol} FROM " . DB_PREFIX . "{$cdb} WHERE {$ccol}='{$cid}'")) == 0) {
header("Location:" . BASEDIR . "index.php");
}
if (iMEMBER) {
$comment_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
$comment_name = trim(stripinput($_POST['comment_name']));
$comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
if (isNum($comment_name)) {
$comment_name = "";
}
}
$comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
$comment_smileys = isset($_POST['disable_smileys']) ? "0" : "1";
if ($comment_name != "" && $comment_message != "") {
$result = dbquery("INSERT INTO " . DB_PREFIX . "comments VALUES('', '{$cid}', '{$ctype}', '{$comment_name}','{$comment_message}','1', '" . time() . "', '" . USER_IP . "')");
}
redirect($clink);
}
opentable($locale['KOM100']);
$result = dbquery("SELECT * FROM " . $db_prefix . "comments WHERE comment_type='G' AND comment_item_id='{$cid}' ORDER BY comment_datestamp DESC");
if (dbrows($result) != 0) {
$i = 0;
echo "<table cellpadding='0' cellspacing='1' width='98%' class='tbl-border'>\n";
while ($data = dbarray($result)) {
echo "<tr>\n<td class='" . ($i % 2 == 0 ? "tbl1" : "tbl2") . "'><span class='comment-name'>\n";
$avatar = dbquery("SELECT * FROM " . $db_prefix . "users WHERE user_id='{$data['comment_name']}'");
$avatar1 = dbarray($avatar);
echo '
<script>
function profile() {
opener.location.href="' . BASEDIR . 'profile.php?lookup=' . $data['comment_name'] . '";
window.close();
}
</script> ';
if ($avatar1['user_avatar'] != "") {
echo '<a href="#" onClick="profile()"><img height="50" width="50" border ="0" src="' . IMAGES . 'avatars/' . $avatar1['user_avatar'] . '"></a>';
} else {
echo '<a href="#" onClick="profile()"><img height="50" width="50" border="0" src="' . INFUSIONS . 'varcade/img/noav.gif"></a>';
}
if ($data['comment_name']) {
echo '<a href="#" onClick="profile()">' . $avatar1['user_name'] . '</a><br>';
} else {
echo '<a href="#" onClick="profile()">' . $data['comment_name'] . '</a><br>';
}
echo "</span><span class='small'>" . showdate("longdate", $data['comment_datestamp']) . "";
if (iADMIN) {
echo "<br><a href='" . FUSION_SELF . "?deletemsg=" . $data['comment_id'] . "&&hideout=" . $data['comment_item_id'] . "'>" . $locale['KOM101'] . "</a>";
}
echo "</span><br><HR>\n" . parsesmileys(parseubb($data['comment_message'])) . " </td>\n";
echo "</tr>\n";
$i++;
}
echo "</table>\n";
echo "<div align='center' style='margin-top:5px;'>\n</div>\n";
} else {
echo "'" . $locale['KOM102'] . "'\n";
}
if (iMEMBER || $settings['guestposts'] == "1") {
echo $locale['KOM103'];
echo "<form name='inputform' method='post' action='{$clink}'>\n<table align='center' cellspacing='0' cellpadding='0' width='98%' class='tbl2'>\n";
if (iGUEST) {
echo "<tr><td>" . $locale['KOM104'] . "</td>\n</tr>\n<tr>\n<td><input type='text' name='comment_name' maxlength='30' class='textbox' style='width:100%;'></td>\n</tr>\n";
}
echo "<tr>\n<td align='center'><textarea name='comment_message' rows='6' class='textbox' style='width:400px'></textarea><br>\n<input type='button' value='b' class='button' style='font-weight:bold;width:25px;' onClick=\"addText('comment_message', '[b]', '[/b]');\">\n<input type='button' value='i' class='button' style='font-style:italic;width:25px;' onClick=\"addText('comment_message', '[i]', '[/i]');\">\n<input type='button' value='u' class='button' style='text-decoration:underline;width:25px;' onClick=\"addText('comment_message', '[u]', '[/u]');\">\n<input type='button' value='url' class='button' style='width:30px;' onClick=\"addText('comment_message', '[url]', '[/url]');\">\n<input type='button' value='mail' class='button' style='width:35px;' onClick=\"addText('comment_message', '[mail]', '[/mail]');\">\n<input type='button' value='img' class='button' style='width:30px;' onClick=\"addText('comment_message', '[img]', '[/img]');\">\n<input type='button' value='center' class='button' style='width:45px;' onClick=\"addText('comment_message', '[center]', '[/center]');\">\n<input type='button' value='small' class='button' style='width:40px;' onClick=\"addText('comment_message', '[small]', '[/small]');\">\n<input type='button' value='code' class='button' style='width:40px;' onClick=\"addText('comment_message', '[code]', '[/code]');\">\n<input type='button' value='quote' class='button' style='width:45px;' onClick=\"addText('comment_message', '[quote]', '[/quote]');\">\n<br><br>\n" . displaysmileys("comment_message") . "\n</tr>\n<tr>\n<td><br><br><center>\n<input type='submit' name='post_comment' value='" . $locale['KOM105'] . "' class='button'></td>\n</center>\n</tr>\n</table>\n</form>\n";
} else {
echo $locale['KOM106'] . "\n";
}
closetable();
}
$sicherheit = 1;
if (iGUEST && $settings['display_validation'] == "1") {
$securimage = new Securimage();
if (!isset($_POST['captcha_code']) || $securimage->check($_POST['captcha_code']) == false) {
$sicherheit = 0;
}
}
$name = isset($_POST['name']) ? stripinput($_POST['name']) : 0;
$ort = isset($_POST['ort']) ? stripinput($_POST['ort']) : 0;
$interpreter = isset($_POST['interpreter']) ? stripinput($_POST['interpreter']) : "";
$title = isset($_POST['title']) ? stripinput($_POST['title']) : "";
if (isset($_POST['gruss'])) {
$gruss = str_replace("\n", " ", $_POST['gruss']);
$gruss = preg_replace("/^(.{255}).*\$/", "\$1", $gruss);
$gruss = preg_replace("/([^\\s]{25})/", "\$1\n", $gruss);
$gruss = trim(stripinput(censorwords($gruss)));
$gruss = str_replace("\n", "<br />", $gruss);
} else {
$gruss = 0;
}
if ($sicherheit && $name && $ort && $gruss) {
$result = dbquery("INSERT INTO " . DB_GR_RADIOSTATUS_GRUSSBOX . " (rsgb_userip, rsgb_username, rsgb_ort, rsgb_title, rsgb_interpreter, rsgb_gruss, rsgb_time, rsgb_status, rsgb_stream) VALUES('" . USER_IP . "', '" . $name . "', '" . $ort . "', '" . $title . "', '" . $interpreter . "', '" . $gruss . "', '" . time() . "', '1', '" . $_GET['id'] . "')");
redirect(FUSION_SELF . "?id=" . $_GET['id'] . "&error=0");
} else {
redirect(FUSION_SELF . "?id=" . $_GET['id'] . "&error=1");
}
} else {
opentable($data['rs_name'] . $locale['grrs_41']);
if (checkgroup($data['rs_gaccess'])) {
echo "<a href='" . FUSION_SELF . "?id=" . $_GET['id'] . "&admin'>Admin</a><br />";
}
if (iMEMBER) {
if ($subject != "" && $message != "") {
require_once INCLUDES . "flood_include.php";
if (!flood_control("post_datestamp", DB_POSTS, "post_author='" . $userdata['user_id'] . "'")) {
$result = dbquery("INSERT INTO " . DB_THREADS . " (forum_id, thread_subject, thread_author, thread_views, thread_lastpost, thread_lastpostid, thread_lastuser, thread_postcount, thread_poll, thread_sticky, thread_locked) VALUES('" . $_GET['forum_id'] . "', '{$subject}', '" . $userdata['user_id'] . "', '0', '" . time() . "', '0', '" . $userdata['user_id'] . "', '1', '" . $thread_poll . "', '" . $sticky_thread . "', '" . $lock_thread . "')");
$thread_id = mysql_insert_id();
$result = dbquery("INSERT INTO " . DB_POSTS . " (forum_id, thread_id, post_message, post_showsig, post_smileys, post_author, post_datestamp, post_ip, post_edituser, post_edittime) VALUES ('" . $_GET['forum_id'] . "', '" . $thread_id . "', '" . $message . "', '" . $sig . "', '" . $smileys . "', '" . $userdata['user_id'] . "', '" . time() . "', '" . USER_IP . "', '0', '0')");
$post_id = mysql_insert_id();
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastuser='******'user_id'] . "' WHERE forum_id='" . $_GET['forum_id'] . "'");
$result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpostid='" . $post_id . "' WHERE thread_id='" . $thread_id . "'");
$result = dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $userdata['user_id'] . "'");
if ($settings['thread_notify'] && isset($_POST['notify_me'])) {
$result = dbquery("INSERT INTO " . DB_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $thread_id . "', '" . time() . "', '" . $userdata['user_id'] . "', '1')");
}
if ($fdata['forum_poll'] && checkgroup($fdata['forum_poll']) && $thread_poll) {
$poll_title = trim(stripinput(censorwords($_POST['poll_title'])));
if ($poll_title && (isset($poll_opts) && is_array($poll_opts))) {
$result = dbquery("INSERT INTO " . DB_FORUM_POLLS . " (thread_id, forum_poll_title, forum_poll_start, forum_poll_length, forum_poll_votes) VALUES('" . $thread_id . "', '" . $poll_title . "', '" . time() . "', '0', '0')");
$forum_poll_id = mysql_insert_id();
$i = 1;
foreach ($poll_opts as $poll_option) {
$result = dbquery("INSERT INTO " . DB_FORUM_POLL_OPTIONS . " (thread_id, forum_poll_option_id, forum_poll_option_text, forum_poll_option_votes) VALUES('" . $thread_id . "', '" . $i . "', '" . $poll_option . "', '0')");
$i++;
}
}
}
if ($fdata['forum_attach'] && checkgroup($fdata['forum_attach'])) {
$attach = $_FILES['attach'];
if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) {
$attachname = substr($attach['name'], 0, strrpos($attach['name'], "."));
$attachext = strtolower(strrchr($attach['name'], "."));
$post_edit_time = 0;
$reason = "";
} elseif ($settings['forum_editpost_to_lastpost']) {
$post_edit_time = time();
$reason = trim(stripinput(censorwords($_POST['edit_reason'])));
$lastPost = dbcount("(thread_id)", DB_THREADS, "thread_lastpostid='" . $_GET['post_id'] . "'");
if ($lastPost > 0) {
$result = dbquery("UPDATE " . DB_THREADS . " SET thread_lastpost='" . $post_edit_time . "' WHERE thread_id='" . $_GET['thread_id'] . "'");
}
$forum_lastpost = dbarray(dbquery("SELECT post_id FROM " . DB_POSTS . " WHERE forum_id='" . $_GET['forum_id'] . "' ORDER BY post_id DESC LIMIT 1"));
if ($forum_lastpost['post_id'] == $_GET['post_id']) {
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . $post_edit_time . "' WHERE forum_id='" . $_GET['forum_id'] . "'");
}
} else {
$post_edit_time = time();
$reason = trim(stripinput(censorwords($_POST['edit_reason'])));
}
}
$result = dbquery("UPDATE " . DB_POSTS . " SET\n\t\t\t\t\t\tpost_message='" . $message . "',\n\t\t\t\t\t\tpost_showsig='" . $updateSig . "',\n\t\t\t\t\t\tpost_smileys='" . $smileys . "',\n\t\t\t\t\t\tpost_edituser='******'user_id'] . "',\n\t\t\t\t\t\tpost_edittime='" . $post_edit_time . "',\n\t\t\t\t\t\tpost_editreason='" . $reason . "',\n\t\t\t\t\t\tpost_locked='" . $post_locked . "'\n\t\t\t\t\tWHERE post_id='" . $_GET['post_id'] . "'");
if ($pdata['first_post'] == $_GET['post_id'] && $subject != "") {
$result = dbquery("UPDATE " . DB_THREADS . " SET thread_subject='" . $subject . "' WHERE thread_id='" . $_GET['thread_id'] . "'");
}
foreach ($_POST as $key => $value) {
if (!strstr($key, "delete_attach")) {
continue;
}
$key = str_replace("delete_attach_", "", $key);
$result = dbquery("SELECT * FROM " . DB_FORUM_ATTACHMENTS . " WHERE post_id='" . $_GET['post_id'] . "' AND attach_id='" . (isnum($key) ? $key : 0) . "'");
if (dbrows($result) != 0 && $value) {
$adata = dbarray($result);
unlink(FORUM . "attachments/" . $adata['attach_name']);
$archive_shout_name = $userdata['user_id'];
} elseif ($shout_settings['guest_shouts'] == "1") {
$archive_shout_name = trim(stripinput($_POST['archive_shout_name']));
$archive_shout_name = preg_replace("(^[+0-9\\s]*)", "", $archive_shout_name);
if (isnum($archive_shout_name)) {
$archive_shout_name = "";
}
include_once INCLUDES . "captchas/securimage/securimage.php";
$securimage = new Securimage();
if (!isset($_POST['captcha_code']) || $securimage->check($_POST['captcha_code']) == false) {
redirect($link);
}
}
$archive_shout_message = str_replace("\n", " ", $_POST['archive_shout_message']);
$archive_shout_message = preg_replace("/^(.{255}).*\$/", "\$1", $archive_shout_message);
$archive_shout_message = trim(stripinput(censorwords($archive_shout_message)));
if (iMEMBER && (isset($_GET['action']) && $_GET['action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
$comment_updated = false;
if (iADMIN && checkrights("S") || iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='" . $_GET['shout_id'] . "' AND shout_name='" . $userdata['user_id'] . "' AND shout_hidden='0'")) {
if ($archive_shout_message) {
$result = dbquery("UPDATE " . DB_SHOUTBOX . " SET shout_message='{$archive_shout_message}' WHERE shout_id='" . $_GET['shout_id'] . "'" . (iADMIN ? "" : " AND shout_name='" . $userdata['user_id'] . "'"));
}
}
redirect(FUSION_SELF);
} elseif ($archive_shout_name && $archive_shout_message) {
require_once INCLUDES . "flood_include.php";
if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='" . USER_IP . "'")) {
$result = dbquery("INSERT INTO " . DB_SHOUTBOX . " (shout_name, shout_message, shout_datestamp, shout_ip, shout_ip_type, shout_hidden" . (multilang_table("SB") ? ", shout_language)" : ")") . " VALUES ('{$archive_shout_name}', '{$archive_shout_message}', '" . time() . "', '" . USER_IP . "', '" . USER_IP_TYPE . "', '0'" . (multilang_table("SB") ? ", '" . LANGUAGE . "')" : ")"));
}
redirect(FUSION_SELF);
}
function showcomments_avatar($ctype, $cdb, $ccol, $cid, $clink, $seo_root_link = "", $a = "-", $seo_catid = "", $b = "-page-", $rowstart = "", $c = "-", $seo_subject = "")
{
// Pimped
global $settings, $locale, $userdata, $aidlink;
if (URL_REWRITE && $seo_root_link != "") {
$seo_link = $seo_root_link . $a . $seo_catid . $c . clean_subject_urlrewrite($seo_subject) . ".html";
}
// Pimped
$link = FUSION_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "");
$link = preg_replace("^(&|\\?)c_action=(edit|delete)&comment_id=\\d*^", "", $link);
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_name='" . (int) $userdata['user_id'] . "'")) {
$result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'"));
}
redirect($clink);
}
if ($settings['comments_enabled'] == "1") {
if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
if (iMEMBER) {
$comment_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
$comment_name = trim(stripinput($_POST['comment_name']));
$comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
if (isnum($comment_name)) {
$comment_name = "";
}
include_once INCLUDES . "securimage/securimage.php";
$securimage = new Securimage();
if (!isset($_POST['com_captcha_code']) || $securimage->check($_POST['com_captcha_code']) == false) {
redirect($link);
}
}
$comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$comment_updated = false;
if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id='" . $cid . "' AND comment_type='" . $ctype . "' AND comment_name='" . (int) $userdata['user_id'] . "' AND comment_hidden='0'")) {
if ($comment_message) {
$result = dbquery("UPDATE " . DB_COMMENTS . " SET comment_message=" . _db($comment_message) . " WHERE comment_id='" . (int) $_GET['comment_id'] . "'" . (iMODERATOR || iADMIN ? "" : " AND comment_name='" . (int) $userdata['user_id'] . "'"));
$comment_updated = true;
}
}
if ($comment_updated) {
$c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_id<='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10;
}
redirect($clink . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
} else {
if (!dbcount("(" . $ccol . ")", $cdb, $ccol . "='" . $cid . "'")) {
redirect(BASEDIR . "index.php");
}
if ($comment_name && $comment_message) {
require_once INCLUDES . "flood_include.php";
if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
$result = dbquery("INSERT INTO " . DB_COMMENTS . " (comment_item_id, comment_type, comment_name, comment_message, comment_datestamp, comment_ip, comment_hidden) VALUES (" . _db($cid) . ", " . _db($ctype) . ", " . _db($comment_name) . ", " . _db($comment_message) . ", '" . time() . "', '" . USER_IP . "', '0')");
}
}
$c_start = (ceil(dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . (int) $cid . "' AND comment_type=" . _db($ctype) . "") / 10) - 1) * 10;
redirect($clink . "&c_start=" . $c_start);
}
}
opentable($locale['c100']);
echo "<a id='comments' name='comments'></a>";
$c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'");
if (!isset($_GET['c_start']) && $c_rows > 10) {
$_GET['c_start'] = (ceil($c_rows / 10) - 1) * 10;
}
if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
$_GET['c_start'] = 0;
}
$result = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_datestamp, tcm.comment_message,\r\n\t\t\ttcu.user_name, tcu.user_avatar, tcu.user_id, tcu.user_level, tcu.user_status\r\n\t\t\tFROM " . DB_COMMENTS . " tcm\r\n\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\tWHERE comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'\r\n\t\t\tORDER BY comment_datestamp ASC LIMIT " . (int) $_GET['c_start'] . ",10");
if (dbrows($result)) {
$i = $_GET['c_start'] + 1;
if ($c_rows > 10) {
echo "<div style='text-align:center;margin-bottom:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n";
}
echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n";
while ($data = dbarray($result)) {
echo "<tr><td class='tbl2' width='10%' align='center'>\n";
if ($data['user_name']) {
echo "<span class='comment-name'>" . profile_link($data['comment_name'], $data['user_name'], $data['user_status']) . "</span>\n";
} else {
echo "<span class='comment-name'>" . $data['comment_name'] . "</span>\n";
}
echo "</td>\n";
echo "<td class='tbl2'>\n<span class='small'>" . $locale['global_071'] . showdate("longdate", $data['comment_datestamp']) . "</span>\n";
echo "<div style='float:right' class='comment_actions'>";
if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $data['comment_name'] == $userdata['user_id'] && isset($data['user_name'])) {
echo "<!--comment_actions-->\n<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=edit&comment_id=" . $data['comment_id'] . "#edit_comment'>" . $locale['c108'] . "</a> |\n";
echo "<a href='" . FUSION_SELF . "?" . FUSION_QUERY . "&c_action=delete&comment_id=" . $data['comment_id'] . "'>" . $locale['c109'] . "</a> |\n";
}
echo "<a href='" . FUSION_REQUEST . "#c" . $data['comment_id'] . "' id='c" . $data['comment_id'] . "' name='c" . $data['comment_id'] . "'>#" . $i . "</a></div>\n";
echo "</td>\n";
echo "</tr>\n<tr>\n";
$avatar = $data['user_avatar'] != "" && file_exists(IMAGES_AVA . $data['user_avatar']) ? IMAGES_AVA . $data['user_avatar'] : IMAGES_AVA . "noavatar.jpg";
echo "<td class='tbl1' width='15%'>\n";
echo "<div style='text-align:center;'><img src='" . $avatar . "' width='50' height='50' alt='' /></div><br />\n";
if ($settings['warning_system_comments'] && $data['user_name']) {
$points = show_warning_points($data['user_id']);
echo "<div class='commentswarnings'>";
echo "<span class='small'><a style='cursor:help;' onclick=\"warning_info();\">" . $locale['WARN200'] . "</a></span> ";
echo warning_profile_link("1", $data['user_id'], $points);
echo "</div>";
}
echo "<span class='small2'>" . $locale['c110'] . number_format(dbcount("(comment_id)", DB_COMMENTS, "comment_name='" . (int) $data['user_id'] . "'")) . "<br />";
echo $locale['c111'] . getuserlevel($data['user_level']) . "</span><br />";
echo "</td>\n";
echo "<td class='tbl2' valign='top'>\n" . nl2br(parseubb(parsesmileys($data['comment_message']))) . "</td>\n</tr>";
$i++;
}
echo "\n</table>\n";
if ((iMODERATOR || iADMIN) && checkrights("C")) {
echo "<div align='right' class='tbl2'><a href='" . ADMIN . "comments.php" . $aidlink . "&ctype={$ctype}&cid={$cid}'>" . $locale['c106'] . "</a></div>\n";
}
if ($c_rows > 10) {
echo "<br /><div style='text-align:center;margin-top:5px;'>" . makecommentnav($_GET['c_start'], 10, $c_rows, 3, $clink . "&", $seo_root_link, $a, $seo_catid, $b, $rowstart, "-cstart-", $c, $seo_subject) . "</div>\n";
}
} else {
echo $locale['c101'] . "\n";
}
closetable();
opentable($locale['c102']);
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
$eresult = dbquery("SELECT tcm.comment_id, tcm.comment_name, tcm.comment_message, tcu.user_name FROM " . DB_COMMENTS . " tcm\r\n\t\t\t\tLEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\r\n\t\t\t\tWHERE comment_id='" . (int) $_GET['comment_id'] . "' AND comment_item_id=" . _db($cid) . " AND comment_type=" . _db($ctype) . " AND comment_hidden='0'");
if (dbrows($eresult)) {
$edata = dbarray($eresult);
if ((iMODERATOR || iADMIN) && checkrights("C") || iMEMBER && $edata['comment_name'] == $userdata['user_id'] && isset($edata['user_name'])) {
$clink .= "&c_action=edit&comment_id=" . $edata['comment_id'];
$comment_message = $edata['comment_message'];
}
} else {
$comment_message = "";
}
} else {
$comment_message = "";
}
if (iMEMBER || $settings['guestposts'] == "1") {
require_once INCLUDES . "bbcode_include.php";
echo "<a id='edit_comment' name='edit_comment'></a>\n";
echo "<form name='inputform' method='post' action='" . (URL_REWRITE && $seo_root_link != "" ? $seo_link : $clink) . "'>\n";
// Pimped
if (iGUEST) {
echo "<div align='center' class='tbl'>\n" . $locale['c104'] . "<br />\n";
echo "<input type='text' name='comment_name' maxlength='30' class='textbox' style='width:360px' />\n";
echo "</div>\n";
}
echo "<div align='center' class='tbl'>\n";
echo "<textarea name='comment_message' cols='70' rows='6' class='textbox' style='width:360px'>" . $comment_message . "</textarea><br />\n";
echo display_bbcodes("360px", "comment_message");
if (iGUEST) {
echo $locale['global_158'] . "<br />\n";
echo "<img id='com_captcha' src='" . INCLUDES . "securimage/securimage_show.php' alt='' /><br />\n";
echo "<a href='" . INCLUDES . "securimage/securimage_play.php'><img src='" . INCLUDES . "securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n";
echo "<a href='#' onclick=\"document.getElementById('com_captcha').src = '" . INCLUDES . "securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='" . INCLUDES . "securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n";
echo $locale['global_159'] . "<br />\n<input type='text' name='com_captcha_code' class='textbox' style='width:100px' />\n";
}
echo "<br />\n<input type='submit' name='post_comment' value='" . ($comment_message ? $locale['c103'] : $locale['c102']) . "' class='button' />\n";
echo "</div>\n</form>\n";
} else {
echo $locale['c105'] . "\n";
}
closetable();
}
}
/**
* validate and sanitize a text
* accepts only 50 characters + @ + 4 characters
* returns str the sanitized input or bool FALSE
* if safemode is set and the check fails
*/
protected function verify_text()
{
if (is_array($this->field_value)) {
$vars = array();
foreach ($this->field_value as $val) {
$vars[] = stripinput(trim(preg_replace("/ +/i", " ", censorwords($val))));
}
// set options for checking on delimiter, and default is pipe (json,serialized val)
$delimiter = !empty($this->field_config['delimiter']) ? $this->field_config['delimiter'] : "|";
$value = implode($delimiter, $vars);
} else {
$value = stripinput(trim(preg_replace("/ +/i", " ", censorwords($this->field_value))));
// very strong sanitization.
}
if ($this->field_config['required'] && !$value) {
self::setInputError($this->field_name);
}
if ($this->field_config['safemode'] && !preg_check("/^[-0-9A-Z_@\\s]+\$/i", $value)) {
return FALSE;
} else {
return $value;
}
}
opentable($locale['m4n_020']);
$result = dbquery("SELECT a.m4n_id, a.m4n_user, a.m4n_status, a.m4n_admin, a.m4n_text, a.m4n_datestamp, u.user_id, u.user_name, u.user_status\r\n\t\t\tFROM " . DB_CONDOLENCES . " a\r\n\t\t\tLEFT JOIN " . DB_USERS . " u ON u.user_id=a.m4n_user \r\n\t\t\tWHERE a.m4n_status = '2'\r\n\t\t\tORDER BY m4n_datestamp\r\n\t\t\tDESC LIMIT 0,{$limit}\r\n\t\t");
echo "<table border='0' width='100%' class='tbl-border'>\n<tr>\n";
echo "<th class='forum-caption' colspan='5'>" . $locale['m4n_020'] . "</th>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl1'>" . $locale['m4n_016'] . "</td>\n";
echo "<td class='tbl1'>" . $locale['m4n_017'] . "</td>\n";
echo "<td class='tbl1'>" . $locale['m4n_018'] . "</td>\n";
echo "<td class='tbl1'>" . $locale['m4n_013'] . "</td>\n";
echo "<td class='tbl1'>" . $locale['m4n_027'] . "</td>\n";
echo "</tr>\n";
if (dbrows($result)) {
while ($datab = dbarray($result)) {
echo "<tr>\n<td class='tbl2' valign='top'>" . profile_link($datab['user_id'], $datab['user_name'], $datab['user_status']) . "</td>\n";
echo "<td class='tbl2'>";
$text = nl2br(parseubb(censorwords($datab['m4n_text'])));
echo isset($text) ? $text : "";
echo "</td>\n";
echo "<td class='tbl2' valign='top'>" . showdate("%d/%m/%Y", $datab['m4n_datestamp']) . "</td>\n";
$get_admin = dbarray(dbquery("SELECT user_id, user_name, user_status FROM " . DB_USERS . " WHERE user_id = '" . $datab['m4n_admin'] . "'"));
echo "<td class='tbl2' valign='top'>" . profile_link($get_admin['user_id'], $get_admin['user_name'], $get_admin['user_status']) . "</td>\n";
echo "<td class='tbl2' valign='top'><a href='" . FUSION_SELF . $aidlink . "&action=1&action_id=" . $datab['m4n_id'] . "'>" . $locale['m4n_028'] . "</a></td>\n";
echo "</tr>\n";
}
} else {
echo "<tr>\n<td class='tbl1' colspan='5' align='center'>" . $locale['m4n_021'] . "</td>\n</tr>\n";
}
echo "</table>\n";
closetable();
if ($counter > $limit) {
echo "<div align='center' style='margin-top:5px;'>\n" . makePageNav($rowstart, $limit, $counter, 3, FUSION_SELF . $aidlink . "&") . "</div>";
