$host = $aSet['websitehost']; ini_set('SMTP', $smtp); ini_set('smtp_port', $port); ini_set('sendmail_from', $email_send); // Filtering $_GET et $_POST variables $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); $cat = filter_input(INPUT_GET, 'cat', FILTER_SANITIZE_NUMBER_INT); $new = filter_input(INPUT_GET, 'new', FILTER_SANITIZE_STRING); $rep = filter_input(INPUT_GET, 'rep', FILTER_SANITIZE_STRING); // $_POST variables $nom = filter_input(INPUT_POST, 'nom', FILTER_SANITIZE_STRING); $mail = filter_input(INPUT_POST, 'mail', FILTER_SANITIZE_URL); $siteweb = filter_input(INPUT_POST, 'siteweb', FILTER_SANITIZE_URL); $contenu = filter_input(INPUT_POST, 'contenu', FILTER_SANITIZE_STRING); $oMetaArt = new Articles(); $oUtil = new Utilitaires(); // Meta-data if (isset($id)) { $aMetaData = $oMetaArt->ReadMetaData($_GET['id']); $oUtil->DisplayPageMetaData($aMetaData['titre_art'], $aMetaData['resum_art'], $aMetaData['keywords_art']); unset($oMetaArt); unset($oUtil); } elseif (!isset($_GET['id'])) { $oUtil->DisplayPageMetaData('Présentation des articles', 'Description de la page', 'php, html, css, Mysql'); } ?> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
/** * Recording a comment or response (a new message or a reply to a comment) * Insert into 'blog_comments' or 'blog_reply' * * @param string $nom name commentator * @param string $mail email * @param string $siteweb * @param string $contents The contents * @param int $id The id of the article (for comment) OR the id of the comment (for reply to a comment) * @param string $type_comm 'new'=>comment case ; 'rep'=>answer case **/ public function RecordNewComm($nom, $mail, $siteweb, $contents, $id, $type_comm, $aMsg, $host) { //Filtering data type $_POST $aPost = array('nom' => $nom, 'mail' => $mail, 'web' => $siteweb, 'contenu' => $contents, 'id' => $id); $sFiltres = array('nom' => FILTER_SANITIZE_STRING, 'mail' => FILTER_VALIDATE_EMAIL, 'web' => FILTER_SANITIZE_STRING, 'contenu' => FILTER_SANITIZE_STRING, 'id' => FILTER_VALIDATE_INT); $aDataclean = filter_var_array($aPost, $sFiltres); $nom = $aDataclean['nom']; $mail = $aDataclean['mail']; $siteweb = $aDataclean['web']; $contents = $aDataclean['contenu']; $id = $aDataclean['id']; $id_art = (int) $_GET['id']; //end filtering //Checking if comments are controlled $result = SPDO::getInstance()->query('select * from blog_config'); $aConfig = $result->fetch(PDO::FETCH_ASSOC); $ctr_comm = $aConfig['control_comm']; date_default_timezone_set('Europe/Paris'); $dDateJour = date('Y-m-d H:i:s'); $iValid = 0; // By default, the comment is validated. $sNomInputImg = 'imagefichier'; if ($_FILES['imagefichier']['name'] != '') { $max_width = 50; $max_height = 50; $oImg = new Images(); $image = $oImg->Redim($sNomInputImg, $max_width, $max_height); $typeimg = $image['type_image']; $img = $image['ressource_img']; } else { $img = null; $typeimg = null; } // Construction of the insert query based on whether it is a new message or reply. if ($type_comm == 'new') { $sReq = "INSERT INTO blog_comments (date_com, nom_com, email_com, siteweb_com, texte_com, valid_com, id_art, photo_com, photo_type, ctrl_aff) "; $sReq .= "VALUES (:datej, :nom, :mail, :web, :txt, :valid, :id, :photo, :type_photo, :ctrl_aff)"; } elseif ($type_comm == 'rep') { // Determination of "ref_rep" (itself a response to an initial comment or reply to another answer) if (isset($_POST['ref_rep'])) { // Answers already given a reply $ref = $_POST['ref_rep']; //sarch ref_rep tu use for a new answer. for ($i = 1; $i < 100; $i++) { $reqCount = 'select count(id_rep) from blog_reply where id_commentaire=' . $id . ' and ref_rep=' . $ref . $i; $pRes = SPDO::getInstance()->query($reqCount); $iNum = $pRes->fetchAll(); $iNum = $iNum[0][0]; if ($iNum == 0) { $ref_rep = (int) $ref . $i; break; } } } else { //Answer to a initial comment. So "ref_rep" is next id //$id is id_com $iNbrRep = SPDO::getInstance()->query('select count(id_rep) from blog_reply where id_commentaire=' . $id); $ref_rep = $iNbrRep->fetchAll(); $ref_rep = (int) $ref_rep[0][0]; } $sReq = "INSERT INTO blog_reply (date_rep, nom_rep, email_rep, siteweb_rep, texte_rep, valid_rep, id_commentaire, ref_rep, photo_rep, photo_type, ctrl_aff) "; $sReq .= "VALUES (:datej, :nom, :mail, :web, :txt, :valid, :id, :ref_rep, :photo, :type_photo, :ctrl_aff)"; } // Insert query execution $notype = PDO::PARAM_STR; $aBindVar = array(array('type' => $notype, ':datej' => $dDateJour), array('type' => $notype, ':nom' => $nom), array('type' => $notype, ':mail' => $mail), array('type' => $notype, ':web' => $siteweb), array('type' => $notype, ':txt' => $contents), array('type' => $notype, ':valid' => $iValid), array('type' => $notype, ':id' => $id), array('type' => PDO::PARAM_LOB, ':photo' => $img), array('type' => $notype, ':type_photo' => $typeimg), array('type' => $notype, ':ctrl_aff' => $ctr_comm)); if ($type_comm == 'rep') { array_push($aBindVar, array('type' => $notype, ':ref_rep' => $ref_rep)); } $resultOK = $this->executeDbQuery($sReq, $aBindVar, '', '', false); unset($oImg); // Message according comments control if ($resultOK) { if ($ctr_comm == 1) { //If comment control => send an email $MsgAlert = $aMsg[Admin::$lang]['msg_comments_ctrl']; $this->DisplayAlert('success', $aMsg[Admin::$lang]['msg_confirm'], $MsgAlert, "blog.php?id={$id_art}"); $this->ReadBlogConfig(); $obj = $this->mail_obj; $from_name = $this->name_exp; $from_adr = $this->mail_exp; $replay_name = ''; $replay_adr = ''; // Insert token into mail date_default_timezone_set('Europe/Paris'); $sJeton = md5(uniqid(rand(), true)) . date('YmdHis'); if ($type_comm == 'new') { // Determination of id_com (newly created) $query = SPDO::getInstance()->query('select max(id_com) as id_com from blog_comments'); $result = $query->fetchAll(); $id = $result[0]['id_com']; $sLien = "{$host}/valid_comm.php?com={$id}&t={$sJeton}"; } elseif ($type_comm == 'rep') { // Determination of id_rep (newly created) $query = SPDO::getInstance()->query('select max(id_rep) as id_rep from blog_reply'); $result = $query->fetchAll(); $id = $result[0]['id_rep']; $sLien = "{$host}/valid_comm.php?rep={$id}&t={$sJeton}"; } // Content Construction : Replacement 'VALID' into link $sLink = "<a href='{$sLien}'>" . $aMsg[Admin::$lang]['msg_publish_confirm'] . '</a>'; $mail_txt = $this->mail_txt; $pos = strpos($mail_txt, 'VALID'); $mail_exp = str_replace('VALID', $sLink, $mail_txt); // Token register if ($type_comm == 'new') { $this->RecordTokenComment($id, 'com', $sJeton); } elseif ($type_comm == 'rep') { $this->RecordTokenComment($id, 'rep', $sJeton); } // Send email $oUtil = new Utilitaires(); $bSendOK = $oUtil->sendEmail($mail, $obj, nl2br($mail_exp), $from_name, $from_adr, $replay_name, $replay_adr); //echo "mail : $mail / from_name : $from_name / from_adr : $from_adr"; if (!$bSendOK) { $this->DisplayAlert('danger', $aMsg[Admin::$lang]['msg_conf_not_send'], '', "blog.php?id={$id_art}"); } } elseif ($ctr_comm == 0) { $this->DisplayAlert('success', $aMsg[Admin::$lang]['msg_thank_comment'], '', "blog.php?id={$id_art}"); } } }