$_POST['send_username'] = $_POST['send_email'] = ''; } else { $_POST['userid'] = 0; } $_POST['addtime'] = time(); $_POST['send_ip'] = get_remoteaddr(); $_POST['secid'] = 'all'; $_POST['text'] = strtr(strip_tags($_POST['text']), array("\r\n" => "<br />\r\n", "\n" => "<br />\n")); //eMail-Benachrichtigung if ($set['links']['mailonnew']) { $input = array('URL' => HTTP); sendmail($set['links']['mailonnew'], 'SENDLINK', $input); } //Captcha löschen if ($set['links']['captcha'] && !$user->info['userid']) { $captcha->remove(); } $db->dinsert(PRE . '_links', 'userid,secid,send_username,send_email,send_ip,catid,title,url,text,addtime'); message($apx->lang->get('MSG_OK'), mklink('links.php', 'links.html')); } //SCRIPT BEENDEN require 'lib/_end.php'; } //////////////////////////////////////////////////////////////////////////////////////////////////////// //Kategorien auflisten require_once BASEDIR . 'lib/class.recursivetree.php'; $tree = new RecursiveTree(PRE . '_links_cat', 'id'); $data = $tree->getTree(array('title', 'open')); if (count($data)) { foreach ($data as $res) { ++$i;
function addcom() { global $db, $apx, $user; $_POST['mid'] = (int) $_POST['mid']; if (!$_POST['mid']) { die('missing mID!'); } //if ( !$apx->is_module($_POST['module']) ) die('invalid MODULE!'); $apx->lang->drop('add', 'comments'); list($spam) = $db->first("SELECT time FROM " . PRE . "_comments WHERE ( module='" . addslashes($_POST['module']) . "' AND ip='" . get_remoteaddr() . "' AND mid='" . $_POST['mid'] . "' ) ORDER BY time DESC"); //Captcha prüfen if ($this->set['captcha'] && !$user->info['userid']) { require BASEDIR . 'lib/class.captcha.php'; $captcha = new captcha(); $captchafailed = $captcha->check(); } if ($user->info['userid']) { if ($captchafailed) { message($apx->lang->get('MSG_COM_WRONGCODE'), 'javascript:history.back()'); } elseif ($this->ip_is_blocked()) { message($apx->lang->get('MSG_COM_BLOCKIP'), 'back'); } elseif (!$_POST['text'] || $this->set['req_title'] && !$_POST['title']) { message('back'); } elseif ($this->text_is_blocked()) { message($apx->lang->get('MSG_COM_BLOCKTEXT'), 'back'); } elseif ($this->set['maxlen'] && strlen($_POST['text']) > $this->set['maxlen']) { message($apx->lang->get('MSG_COM_TOOLONG'), 'back'); } elseif ($spam + $this->set['spamprot'] * 60 > time()) { message($apx->lang->get('MSG_COM_BLOCKSPAM', array('SEC' => $spam + $this->set['spamprot'] * 60 - time())), 'back'); } else { if ($this->set['mod'] && !$user->is_team_member()) { $_POST['active'] = 0; } else { $_POST['active'] = 1; } $_POST['userid'] = $user->info['userid']; $_POST['username'] = $user->info['username']; $_POST['time'] = time(); $_POST['ip'] = get_remoteaddr(); $db->dinsert(PRE . '_comments', 'module,mid,userid,username,title,text,time,notify,ip,active'); $comid = $db->insert_id(); //eMail-Benachrichtigung (Admin) if ($this->set['mailonnew']) { $text = strip_tags(dbcodes($_POST['text'])); $input = array('URL' => HTTP, 'GOTO' => HTTP_HOST . $_SERVER['REQUEST_URI'], 'TEXT' => $text); sendmail($this->set['mailonnew'], 'SENDCOM', $input); } //eMail-Benachrichtigung (User) if ($_POST['active']) { $data = $db->fetch("\n\t\t\t\t\t\tSELECT DISTINCT IF(c.userid, u.email, c.email) AS email\n\t\t\t\t\t\tFROM " . PRE . "_comments AS c\n\t\t\t\t\t\tLEFT JOIN " . PRE . "_user AS u USING(userid)\n\t\t\t\t\t\tWHERE c.module='" . addslashes($_POST['module']) . "' AND c.mid='" . addslashes($_POST['mid']) . "' AND c.notify=1 AND c.id!='" . $comid . "' AND c.userid!=" . $user->info['userid'] . "\n\t\t\t\t\t"); if (count($data)) { foreach ($data as $res) { $input = array('URL' => HTTP, 'GOTO' => HTTP_HOST . $_SERVER['REQUEST_URI']); sendmail($res['email'], 'NOTIFYCOM', $input); } } //Notify zurücksetzen $db->query("UPDATE " . PRE . "_comments SET notify=0 WHERE module='" . addslashes($_POST['module']) . "' AND mid='" . addslashes($_POST['mid']) . "' AND id!='" . $comid . "'"); } //Captcha löschen if ($this->set['captcha'] && !$user->info['userid']) { $captcha->remove(); } message($apx->lang->get('MSG_COM_OK'), str_replace('&', '&', $_SERVER['REQUEST_URI'])); } } elseif ($this->set['pub']) { if (!checkmail($_POST['email'])) { if ($this->set['req_email']) { $emailnotvalid = true; } else { $_POST['email'] = ''; } } if ($captchafailed) { message($apx->lang->get('MSG_COM_WRONGCODE'), 'javascript:history.back()'); } elseif ($this->ip_is_blocked()) { message($apx->lang->get('MSG_COM_BLOCKIP'), 'back'); } elseif (!$_POST['username'] || !$_POST['text'] || $this->set['req_email'] && !$_POST['email'] || $this->set['req_homepage'] && !$_POST['homepage'] || $this->set['req_title'] && !$_POST['title']) { message('back'); } elseif ($_POST['notify'] && !$_POST['email']) { message($apx->lang->get('MSG_COM_MAILNEEDED'), 'back'); } elseif ($this->text_is_blocked()) { message($apx->lang->get('MSG_COM_BLOCKTEXT'), 'back'); } elseif ($this->set['entrymaxlen'] && strlen($_POST['text']) > $this->set['entrymaxlen']) { message($apx->lang->get('MSG_COM_TOOLONG'), 'back'); } elseif ($emailnotvalid) { message($apx->lang->get('MSG_COM_EMAILNOTVALID'), 'back'); } elseif ($spam + $this->set['spamprot'] * 60 > time()) { message($apx->lang->get('MSG_COM_BLOCKSPAM', array('SEC' => $spam + $this->set['spamprot'] * 60 - time())), 'back'); } else { if (substr($_POST['homepage'], 0, 4) == 'www.') { $_POST['homepage'] = 'http://' . $_POST['homepage']; } if ($this->set['mod']) { $_POST['active'] = 0; } else { $_POST['active'] = 1; } $_POST['time'] = time(); $_POST['ip'] = get_remoteaddr(); $db->dinsert(PRE . '_comments', 'module,mid,userid,username,email,homepage,title,text,time,notify,ip,active'); //eMail-Benachrichtigung (Admin) if ($this->set['mailonnew']) { $text = strip_tags(dbcodes($_POST['text'])); $input = array('URL' => HTTP, 'GOTO' => HTTP_HOST . $_SERVER['REQUEST_URI'], 'TEXT' => $text); sendmail($this->set['mailonnew'], 'SENDCOM', $input); } //eMail-Benachrichtigung (User) if ($_POST['active']) { $data = $db->fetch("\n\t\t\t\t\t\tSELECT DISTINCT IF(c.userid, u.email, c.email) AS email\n\t\t\t\t\t\tFROM " . PRE . "_comments AS c\n\t\t\t\t\t\tLEFT JOIN " . PRE . "_user AS u USING(userid)\n\t\t\t\t\t\tWHERE c.module='" . addslashes($_POST['module']) . "' AND c.mid='" . addslashes($_POST['mid']) . "' AND c.notify=1 AND c.id!='" . $comid . "'\n\t\t\t\t\t"); if (count($data)) { foreach ($data as $res) { $input = array('URL' => HTTP, 'GOTO' => HTTP_HOST . $_SERVER['REQUEST_URI']); sendmail($res['email'], 'NOTIFYCOM', $input); } } //Notify zurücksetzen $db->query("UPDATE " . PRE . "_comments SET notify=0 WHERE module='" . addslashes($_POST['module']) . "' AND mid='" . addslashes($_POST['mid']) . "' AND id!='" . $comid . "'"); } //Captcha löschen if ($this->set['captcha'] && !$user->info['userid']) { $captcha->remove(); } message($apx->lang->get('MSG_COM_OK'), str_replace('&', '&', $_SERVER['REQUEST_URI'])); } } }