summary refs log tree commit diff stats
path: root/pages/post.php
blob: fd826a5ceaee92cc2850750374fe88e5915514c9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/*
       444444444  
      4::::::::4  
     4:::::::::4  
    4::::44::::4  
   4::::4 4::::4   Four Island
  4::::4  4::::4  
 4::::4   4::::4   Written and maintained by Starla Insigna
4::::444444::::444
4::::::::::::::::4  pages/post.php
4444444444:::::444
          4::::4   Please do not use, reproduce or steal the
          4::::4   contents of this file without explicit
          4::::4   permission from Hatkirby.
        44::::::44
        4::::::::4
        4444444444
*/

if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}

require('headerproc.php');
require('includes/securimage/securimage.php');

if (!isset($_POST['id']))
{
	generateError('404');
} else {
	if ($_POST['comment'] == "")
	{
		die('I\'m sorry, but you didn\'t enter a comment!');
	} else {
		if (!isLoggedIn())
		{
			if ($_POST['username'] == "")
			{
				die('You forgot to enter a username.');
			} else {
				if (preg_match('/^[A-Za-z0-9!#$&\'*+-\/=?^_`{|}~]+@[-A-Za-z0-9]+(\.[-A-Za-z0-9]+)+[A-Za-z]$/', $_POST['email']))
				{
					$img = new Securimage;
					
					if ($img->check($_POST['code']) == false)
					{
						die('The CAPTCHA wasn\'t entered correctly. Go back and try it again.');
					} else {
						$getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $_POST['username'] . "\"";
						$getanon2 = mysql_query($getanon);
						$getanon3 = mysql_fetch_array($getanon2);

						if ($getanon3['username'] == $_POST['username'])
						{
							if ($getanon3['email'] == $_POST['email'])
							{
								$setcomment = "INSERT INTO comments SET page_id = \"" . $_POST['id'] . "\", user_id = " . $getanon3['id'] . ", comment = \"" . $_POST['comment'] . "\", is_anon = 1";
								$setcomment2 = mysql_query($setcomment);
								$cid = mysql_insert_id();

								$page_id = $_POST['id'];
								$comType = substr($page_id,0,strpos($page_id,'-'));
								$comID = substr($page_id,strpos($page_id,'-')+1);
								if ($comType == 'updates')
								{
									recalcPop($comID);
								}

								$template = new FITemplate('new-comment');
								$template->add('ID', $cid);
								$template->add('CODEDEMAIL', md5(strtolower($getanon3['email'])));
								$template->add('TEXT', stripslashes($_POST['comment']));
								$template->add('USERNAME', $getanon3['username']);
								$template->add('DATE', date("F jS Y \a\\t g:i:s a"));
								$template->display();

								exit;
							} else {
								die('I\'m sorry, but this anonymous username is already in use. If this is in fact you, please verify that you have entered the same email address that you entered the first time you commented here.');
							}
						} else {
							$setcomment = "INSERT INTO moderation SET page_id = \"" . $_POST['id'] . "\", author = \"" . $_POST['username'] . "\", email = \"" . $_POST['email'] . "\", comment = \"" . $_POST['comment'] . "\", website = \"" . $_POST['website'] . "\"";
							$setcomment2 = mysql_query($setcomment);

							die('Thank you for posting your valuable comment!<br />However, as you aren\'t logged in, your comment will have to be verified by a moderator before it appears. Sorry!');
						}
					}
				} else {
					die('I\'m sorry, but you\'ve entered an invalid email address.');
				}
			}
		} else {
			$setcomment = "INSERT INTO comments SET page_id = \"" . $_POST['id'] . "\", user_id = " . getSessionUserID() . ", comment = \"" . $_POST['comment'] . "\", is_anon = 0";
			$setcomment2 = mysql_query($setcomment);
			$cid = mysql_insert_id();

			$page_id = $_POST['id'];
			$comType = substr($page_id,0,strpos($page_id,'-'));
			$comID = substr($page_id,strpos($page_id,'-')+1);
			if ($comType == 'updates')
			{
				recalcPop($comID);
			}

			$getuser = "SELECT * FROM phpbb_users WHERE user_id = " . getSessionUserID();
			$getuser2 = mysql_query($getuser);
			$getuser3 = mysql_fetch_array($getuser2);

			$template = new FITemplate('new-comment');
			$template->add('ID', $cid);
			$template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email'])));
			$template->add('TEXT', stripslashes($_POST['comment']));
			$template->add('USERNAME', getSessionUsername());
			$template->add('DATE', date("F jS Y \a\\t g:i:s a"));
			$template->display();

			exit;
		}
	}
}

?>