function checkUserPass($input)
{
$output = clean(cleanXSS($input));
$output = strip_tags($output);
if (ctype_alnum($output) === true && strlen($output) > 3 && strlen($output) < 14) {
return $output;
} else {
return null;
}
}
* @todo Replace the customized Framework with the latest uncustomized Green Framework?
*/
/**
*
*/
define('FRAMEWORK_STARTING_MICROTIME', get_microtime());
// All constants that can be defined before customizing your framework
if (!defined('DEBUG')) {
define('DEBUG', false);
}
if (!defined('CORE_ROOT')) {
define('CORE_ROOT', dirname(__FILE__));
}
// Turn on experimental XSS filtering?
if (defined('GLOBAL_XSS_FILTERING') && GLOBAL_XSS_FILTERING) {
cleanXSS();
}
if (!defined('APP_PATH')) {
define('APP_PATH', CORE_ROOT . DIRECTORY_SEPARATOR . 'app');
}
if (!defined('HELPER_PATH')) {
define('HELPER_PATH', CORE_ROOT . DIRECTORY_SEPARATOR . 'helpers');
}
if (!defined('BASE_URL')) {
define('BASE_URL', 'http://' . dirname($_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']) . '/?/');
}
if (!defined('DEFAULT_CONTROLLER')) {
define('DEFAULT_CONTROLLER', 'index');
}
if (!defined('DEFAULT_ACTION')) {
define('DEFAULT_ACTION', 'index');
function comment($freeze_status)
{
$comments_order = s('comments_order');
$category = get_id('category');
$article = get_id('article');
$commentspage = get_id('commentspage');
if (isset($_POST['commentspage'])) {
$go_to_page = $_POST['commentspage'];
}
$query = "SELECT * FROM " . s('prefix') . "articles WHERE seftitle = '{$article}'";
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
$articleid = $r['id'];
$id = $r['id'];
}
if ($commentspage == 0) {
$commentspage = 1;
}
// if (isset($_POST['comment']) AND strlen($_POST['name']) > 2 AND strlen($_POST['comment']) > 5) {
if (isset($_POST['comment']) and audit() and strlen($_POST['name']) > 2 and strlen($_POST['comment']) > 5) {
echo "<h2>" . l('comment_sent') . "</h2>";
if ($go_to_page > 1) {
echo "<p><a href='" . s('website') . $_POST['category'] . "/" . $_POST['article'] . "/" . $go_to_page . "/'>" . l('backarticle') . "</a></p>";
} else {
echo "<p><a href='" . s('website') . $_POST['category'] . "/" . $_POST['article'] . "/'>" . l('backarticle') . "</a></p>";
}
$name = $_POST['name'];
$comment = $_POST['text'];
$time = date('Y-m-d H:i:s');
$articleid = $_POST['id'];
mysql_query("INSERT INTO " . s('prefix') . "comments(articleid,name,comment,time) VALUES('{$articleid}', '{$name}', '{$comment}', '{$time}')");
} else {
if (isset($_POST['comment'])) {
echo "<h2>" . l('comment_error') . "</h2>";
echo "<p>" . l('ce_reasons') . "</p>";
echo "<p><a href='index.php?id=" . $articleid . "&commentspage=" . $commentspage . "'>" . l('back') . "</a></p>";
} else {
$results_per_page = s('results_per_page');
$pageNum = 1;
if (isset($commentspage)) {
$pageNum = $commentspage;
}
$offset = ($pageNum - 1) * $results_per_page;
$totalrows = "SELECT * FROM " . s('prefix') . "comments WHERE articleid = {$articleid} ORDER by id DESC";
$rowsresult = mysql_query($totalrows) or die(s('dberror'));
$numrows = mysql_num_rows($rowsresult);
$query = "SELECT * FROM " . s('prefix') . "comments WHERE articleid = {$articleid} ORDER by id {$comments_order} LIMIT {$offset}, {$results_per_page}";
$result = mysql_query($query) or die(s('dberror'));
while ($r = mysql_fetch_array($result)) {
echo "<div class='comments'><p>" . cleanXSS($r['comment']) . "</p>";
$date = date(s('comment_dt_format'), strtotime($r['time']));
echo "<p><img src='" . s('website') . "images/commentname.gif' alt='>' /> <b>" . cleanXSS($r['name']) . "</b>";
if (date("Y", strtotime($r['time'])) == 1999 or s('display_comment_time') == "NO") {
$date = "";
} else {
echo " <img src='" . s('website') . "images/arrow.gif' alt='|' /> ";
echo $date;
}
if (isset($_SESSION['Logged_In'])) {
echo " <img src='" . s('website') . "images/arrow.gif' alt='|' /> ";
?>
<a href="<?php
echo s('website');
?>
index.php?action=process&action=editcomment&commentid=<?php
echo $r['id'];
?>
"><?php
echo l('edit');
?>
</a> <img src="<?php
echo s('website');
?>
images/arrow.gif" alt="|" /> <a href="<?php
echo s('website');
?>
index.php?action=process&task=deletecomment&articleid=<?php
echo $articleid;
?>
&commentid=<?php
echo $r['id'];
?>
"<?php
if_javascript_on(" onclick='return confirm(\"" . l('warning_delete') . "\");'");
?>
"><?php
echo l('delete_comment');
?>
</a> <?php
}
echo "</p></div>";
}
$maxPage = ceil($numrows / $results_per_page);
$back_to_page = ceil(($numrows + 1) / $results_per_page);
$self = $_SERVER['PHP_SELF'];
if ($pageNum > 1) {
$page = $pageNum - 1;
if ($page == 1) {
$prev = " <a href='" . s('website') . $category . "/" . $article . "/'>< " . l('previous_page') . "</a> ";
} else {
$prev = " <a href='" . s('website') . $category . "/" . $article . "/" . $page . "/'>< " . l('previous_page') . "</a> ";
}
$first = " <a href='" . s('website') . $category . "/" . $article . "/'><< " . l('first_page') . "</a>";
} else {
$prev = "< " . l('previous_page');
$first = "<< " . l('first_page');
}
if ($pageNum < $maxPage) {
$page = $pageNum + 1;
$next = " <a href='" . s('website') . $category . "/" . $article . "/" . $page . "/'>" . l('next_page') . " ></a> ";
$last = " <a href='" . s('website') . $category . "/" . $article . "/" . $maxPage . "/'>" . l('last_page') . " >></a> ";
} else {
$next = l('next_page') . " > ";
$last = l('last_page') . " >>";
}
if ($maxPage > 1) {
echo "<div class='date'>" . $first . " " . $prev . " <strong> [{$pageNum}</strong> / <strong>{$maxPage}] </strong> " . $next . " " . $last . "</div>";
}
if ($freeze_status != "freezed") {
?>
<div class="commentsbox">
<h2><?php
echo l('addcomment');
?>
</h2>
<form method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<p><?php
echo l('comment');
?>
</p>
<p><textarea name="text" class="text" rows="5" cols="5"></textarea></p>
<p><?php
echo l('name');
?>
</p>
<p><input name="name" type="text" class="field" id="name" /></p>
<!-- Mod commets validation by bramsyuur -->
<p><?php
echo l('code_validation');
?>
</p>
<p><img width="120" height="30" src="core/button.php" alt="" /></p>
<p><?php
echo l('enter_validation_code');
?>
</p>
<p><input maxlength="5" size="5" name="userdigit" type="text" class="field" value="" /></p>
<!-- End comments validation by bramsyuur-->
<p><input name="category" id="category" type="hidden" value="<?php
echo get_id('category');
?>
" />
<input name="id" id="id" type="hidden" value="<?php
echo $articleid;
?>
" />
<input name="article" id="article" type="hidden" value="<?php
echo get_id('article');
?>
" />
<input name="commentspage" id="commentspage" type="hidden" value="<?php
echo $back_to_page;
?>
" /></p>
<p><input name="comment" type="submit" class="<?php
echo s('button');
?>
" value="<?php
echo l('sendcomment');
?>
" /></p>
</form>
</div><?php
}
}
}
}
