<?php
header("refresh:5; url=index.php");
$recipientEmail = "*****@*****.**";
$emailSubject = $_POST['subject'] . "- Email sent from website contact section.";
$successMessage = "Thanks for your message! We'll be in contact shortly.";
$error = "";
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$number = $_POST['mobile'];
$email = $_POST['email'];
$message = $_POST['message'] . " " . $_POST['mobile'];
$result = checkForSpam(array($name));
if ($result) {
$error = 'You have entered invalid characters.';
} else {
if (!validEmail($email)) {
$error = '*Your email address is not valid';
$email = '';
}
}
if ($error == '') {
$priority = 3;
$php_version = phpversion();
$headers = "From: {$name} <{$email}>\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: {$priority}\n";
$headers .= "X-Mailer: PHP {$php_version}\n";
$subject = $emailSubject;
$to_email = $recipientEmail;
$isSpam = 'N';
$comment = '';
$posted = true;
$replyTo = $ui->id('replyTo', 19, 'post');
if ($ui->url('url', 'post')) {
$url = $ui->url('url', 'post');
}
if ($ui->domain('url', 'post')) {
$url = 'http://' . $ui->domain('url', 'post');
}
if (isset($spamFilter) and $spamFilter != 'Y') {
$spamArray = checkForSpam();
if (count($spamArray) > 0) {
$isSpam = 'Y';
} else {
$spamArray = checkForSpam($url);
if (count($spamArray) > 0) {
$isSpam = 'Y';
}
}
} else {
$spamArray = array();
}
$spamReason = implode(', ', $spamArray);
if (isset($commentsModerated) and $commentsModerated == 'Y' and (!isset($admin_id) and !isset($user_id))) {
$query = $sql->prepare("INSERT INTO `page_comments` (`date`,`moderateAccepted`,`pageTextID`,`replyTo`,`authorname`,`homepage`,`comment`,`ip`,`dns`,`markedSpam`,`spamReason`,`email`) VALUES (NOW(),'N',?,?,?,?,?,?,?,?,?,?)");
$query->execute(array($textID, $replyTo, $author, $url, $ui->escaped('comment', 'post'), $ui->ip('REMOTE_ADDR', 'server'), gethostbyaddr($ui->ip4('REMOTE_ADDR', 'server')), $isSpam, $spamReason, $email));
$_SESSION['toBeModerated'][] = $sql->lastInsertId();
} else {
$query = $sql->prepare("INSERT INTO `page_comments` (`date`,`moderateAccepted`,`pageTextID`,`replyTo`,`authorname`,`homepage`,`comment`,`ip`,`dns`,`markedSpam`,`spamReason`,`email`) VALUES (NOW(),'Y',?,?,?,?,?,?,?,?,?,?)");
$query->execute(array($textID, $replyTo, $author, $url, $ui->escaped('comment', 'post'), $ui->ip('REMOTE_ADDR', 'server'), gethostbyaddr($ui->ip4('REMOTE_ADDR', 'server')), $isSpam, $spamReason, $email));
die;
}
$bullshit = array('http://www.flickr.com/people/');
foreach ($_REQUEST as $request_var) {
foreach ($bullshit as $spamstring) {
if (stristr($request_var, $spamstring)) {
error_log("Stopped spammer on {$request_var}");
echo "Hey Spammer! Hope you get face cancer and die!";
die;
}
}
}
}
if (!empty($_REQUEST['youtube_url'])) {
require_once 'db/db.class.php';
checkForSpam();
// Open the DB connection
$db = new db_class();
if (!$db->connect($GLOBALS['db_hostname'], $GLOBALS['db_username'], $GLOBALS['db_password'], $GLOBALS['db_name'], true)) {
$db->print_last_error(false);
}
// Get the user info into the DB
$user_data = $stuffer->getUserData();
$sql = "SELECT id from users where username = '******'username']) . "';";
$user_id = $db->select_one($sql);
if (!$user_id) {
$user_id = $db->insert_array('users', $user_data);
}
// cram the video into the db
$youtube_url = mysql_real_escape_string($_REQUEST['youtube_url']);
$create_time = empty($create_time) ? time() : $create_time;