check_captcha($_POST['captcha'], $_POST['captcha_hash']))) header("Location: ".$_POST['referer']."&error=captcha#addcomment"); else { $date=time(); safe_query("INSERT INTO ".PREFIX."comments ( parentID, type, nickname, date, comment, url, email, ip ) values( '$parentID', '$type', '".mysql_escape_string($name)."', '$date', '".mysql_escape_string($message)."', '".mysql_escape_string($url)."', '".mysql_escape_string($mail)."', '$ip' ) "); header("Location: ".$_POST['referer']); } } elseif($_POST['saveusercomment']) { include("_mysql.php"); include("_settings.php"); include("_functions.php"); if(!$userID) die('Not logged in.'); $parentID = $_POST['parentID']; $type = $_POST['type']; $message = $_POST['message']; $date=time(); safe_query("INSERT INTO ".PREFIX."comments ( parentID, type, userID, date, comment ) values( '$parentID', '$type', '$userID', '$date', '".mysql_escape_string($message)."' ) "); header("Location: ".$_POST['referer']); } elseif($_GET['delete']) { include("_mysql.php"); include("_settings.php"); include("_functions.php"); if(!isanyadmin($userID)) die('No access.'); foreach($_POST['commentID'] as $id) { safe_query("DELETE FROM ".PREFIX."comments WHERE commentID='$id'"); } header("Location: ".$_POST['referer']); } elseif($_GET['editcomment']) { $id=$_GET['id']; $referer=$_GET['ref']; if(isfeedbackadmin($userID) OR iscommentposter($userID,$id)) { if(!empty($id)) { $dt = safe_query("SELECT * FROM ".PREFIX."comments WHERE commentID='".$id."'"); if(mysql_num_rows($dt)) { $ds = mysql_fetch_array($dt); $poster=''.getnickname($ds[userID]).''; $message=getinput($ds[comment]); $message=preg_replace("#\n\[br\]\[br\]\[hr]\*\*(.+)#si", '', $message); $message=preg_replace("#\n\[br\]\[br\]\*\*(.+)#si", '', $message); eval("\$comment_edit = \"".gettemplate("comment_edit")."\";"); echo $comment_edit; } else { redirect($referer, "No database entry matching commentID - redirecting", 2); } } else { redirect($referer, "No commentID specified - redirecting", 2); } } else { redirect($referer, "Access denied.", 2); } } elseif($_POST['saveeditcomment']) { include("_mysql.php"); include("_settings.php"); include("_functions.php"); if(!isfeedbackadmin($userID) AND !iscommentposter($userID,$_POST[commentID])) die('No access'); $message=$_POST['message']; $author=$_POST['authorID']; $referer=urldecode($_POST['referer']); // check if any admin edited the post if(safe_query("UPDATE ".PREFIX."comments SET comment='".mysql_escape_string($message)."' WHERE commentID='".$_POST[commentID]."'")) { header("Location: $referer"); } } else { $page = $_GET['page']; $sort = $_GET['sort']; $sorttype = $_GET['sorttype']; if($_GET['parentID']) $parentID = $_GET['parentID']; if($_GET['type']) $type = $_GET['type']; $alle=safe_query("SELECT commentID FROM ".PREFIX."comments WHERE parentID='$parentID' AND type='$type'"); $gesamt=mysql_num_rows($alle); $pages=1; if(!isset($page)) $page = 1; if(!isset($sort)) $sort = "date"; if(!isset($sorttype)) $sorttype = "DESC"; $max=$maxfeedback; for ($n=$max; $n<=$gesamt; $n+=$max) { if($gesamt>$n) $pages++; } if($pages>1) $page_link = makepagelink("$referer&sorttype=$sorttype", $page, $pages); if ($page == "1") { $ergebnis = safe_query("SELECT * FROM ".PREFIX."comments WHERE parentID='$parentID' AND type='$type' ORDER BY date $sorttype LIMIT 0,$max"); if($sorttype=="DESC") $n=$gesamt; else $n=1; } else { $start=$page*$max-$max; $ergebnis = safe_query("SELECT * FROM ".PREFIX."comments WHERE parentID='$parentID' AND type='$type' ORDER BY date $sorttype LIMIT $start,$max"); if($sorttype=="DESC") $n = $gesamt-($page-1)*$max; else $n = ($page-1)*$max+1; } if($gesamt) { echo'

comments:

'; if($sorttype=="ASC") { echo'Sort:    '; } else { echo'Sort:    '; } if($pages>1) echo $page_link; echo'

'; while($ds=mysql_fetch_array($ergebnis)) { $n%2 ? $bg1=BG_1 : $bg1=BG_3; $date=date("d.m.Y - H:i", $ds[date]); if($ds[userID]) { $ip=''; $poster=''.getnickname($ds[userID]).''; if(isclanmember($ds[userID])) $member=' Clanmember'; $quotemessage = str_replace("'", "`", $ds[comment]); $quotemessage = str_replace('"', '', $quotemessage); $quote='quote'; $country='[flag]'.getcountry($ds[userID]).'[/flag]'; $country=flags($country); if (getemail($ds[userID])) $email = 'email'; if (gethomepage($ds[userID]) != "" && gethomepage($ds[userID]) != "http://" && gethomepage($ds[userID]) != "http:///" && gethomepage($ds[userID]) != "n/a") $hp = 'homepage'; if(isonline($ds[userID])=="offline") $statuspic='offline'; else $statuspic='online'; if(getavatar($ds[userID])) $avatar=''; if($loggedin && $ds[userID] != $userID) { $pm='messenger'; if(isignored($userID, $ds[userID])) $buddy='back to buddy-list'; elseif(isbuddy($userID, $ds[userID])) $buddy='ignore user'; elseif($userID==$ds[userID]) $buddy=''; else $buddy='add to buddylist'; } } else { $ds[nickname] = strip_tags($ds[nickname]); $ds[nickname] = htmlspecialchars($ds[nickname]); $poster = $ds[nickname]; $ds[email] = strip_tags($ds[email]); $ds[email] = htmlspecialchars($ds[email]); if($ds[email]) $email = 'email'; $ds[url] = strip_tags($ds[url]); $ds[url] = htmlspecialchars($ds[url]); if($ds[url]!="http://" && $ds[url]!="") $hp = 'homepage'; $ip = 'IP: '; if(isfeedbackadmin($userID)) $ip.=$ds[ip]; else $ip.='saved'; $quotemessage = str_replace("'", "`", $ds[comment]); $quotemessage = str_replace('"', '', $quotemessage); $quote='quote'; } $content = cleartext($ds[comment]); $content = toggle($content, $ds[commentID]); if(isfeedbackadmin($userID) OR iscommentposter($userID,$ds[commentID])) { $edit = ''; } if(isfeedbackadmin($userID)) $actions=''; eval ("\$comments = \"".gettemplate("comments")."\";"); echo $comments; unset($member); unset($quote); unset($country); unset($email); unset($hp); unset($avatar); unset($pm); unset($buddy); unset($ip); unset($edit); if(isfeedbackadmin($userID)) $submit=' select all '; if($sorttype=="DESC") $n--; else $n++; } echo'
'.$page_link.' '.$submit.'
'; } if($comments_allowed) { if($loggedin) { eval ("\$comments_add_user = \"".gettemplate("comments_add_user")."\";"); echo $comments_add_user; } elseif($comments_allowed == 2) { $ip = getenv(REMOTE_ADDR); if (isset($visitor_info)) { $visitor = explode("--||--", $visitor_info); $name = $visitor[0]; $mail = $visitor[1]; $url = $visitor[2]; } else $url = "http://"; if($_GET['error']=="nickname") $error = 'YOU ARE NOT ALLOWED TO USE THIS NICKNAME'; elseif($_GET['error']=="captcha") $error = 'The security code is wrong!'; $CAPCLASS = new Captcha; $captcha = $CAPCLASS->create_captcha(); $hash = $CAPCLASS->get_hash(); $CAPCLASS->clear_oldcaptcha(); eval ("\$comments_add_visitor = \"".gettemplate("comments_add_visitor")."\";"); echo $comments_add_visitor; } else echo'

To add your comment you have to be registered and logged in!

register now
log in'; } else echo'

comments disabled.'; } ?>