add, edit comment -> edit, delete comment -> del, * show ip -> showip, display -> leave empty * ) * * all you have to do now, is to include this file: * include("includes/functions_comments.php"); * */ // beware of cross-site-scripting attacks if (VWAR_COMMON_INCLUDED != 1) { die("
Hacking attempt!
\n"); } ## -------------------------------------------------------------------------------------------------------------- ## // prepare the params... foreach ($comments AS $name => $val) { $$name = (!empty($val)) ? $val : ""; } if (empty($allowadd)) $allowadd = 1; // prepare query string $searcharray = array( "/(&|&)?page=[^&]*/" , "/(&|&)?s=[^&]*/" , "/(&|&)?quote=[^&]*/" ); if (($GPC['cmd'] != "del" && $command != "del") || isset($GPC['delete'])) { $searcharray[] = "/(&|&)?cmd=[^&]*/"; $searcharray[] = "/(&|&)?cid=[^&]*/"; } $GPC['QUERY_STRING'] = preg_replace($searcharray,"",$GPC['QUERY_STRING']); if(substr($GPC['QUERY_STRING'],0,1) == "&") { $GPC['QUERY_STRING'] = substr_replace($GPC['QUERY_STRING'],"",0,1); } ## -------------------------------------------------------------------------------------------------------------- ## function getCommentPermission ($permissionarea="canmanagecomments") { global $vwardb,$n,$GPC; $admin = $vwardb->query_first(" SELECT ".$permissionarea." FROM vwar".$n."_accessgroup,vwar".$n."_member WHERE memberid = '".$GPC['vwarid']."' AND vwar".$n."_accessgroup.accessgroupid = vwar".$n."_member.accessgroupid "); if ($admin['canmanagecomments'] == 1) { return true; } else { return false; } } ## -------------------------------------------------------------------------------------------------------------- ## function getShortMemberProfile ($memberid) { global $vwardb,$n,$membercache,$vwar_root; if (!count($membercache[$memberid])) { $getmember = $vwardb->query_first(" SELECT memberid,name,email,homepage,icq,aim,yim,msn,statusname,signature FROM vwar".$n."_member,vwar".$n."_memberstatus,vwar".$n."_accessgroup WHERE memberid = '".$memberid."' AND vwar".$n."_member.status = vwar".$n."_memberstatus.statusid "); $membercache[$memberid] = $getmember; } return $membercache[$memberid]; } ## -------------------------------------------------------------------------------------------------------------- ## // ##################### add ############################ if ($GPC['cmd'] == "add" || $command == "add") { if ($allowadd != 1) { header ("Location: ".$GPC['PHP_SELF']."?".$GPC['QUERY_STRING']); } if ($guestcomments == 0 && !checkCookie()) { // guestcomments not allowed $vwartpl->cache("message_error_nopermission"); include ( $vwar_root . "includes/get_header.php" ); eval("\$vwartpl->output(\"".$vwartpl->get("message_error_nopermission")."\");"); include ( $vwar_root . "includes/get_footer.php" ); exit(); } if($GPC['add']) { // check for wrong or registered data if( ( !checkCookie() && ( empty($GPC['guestname']) || empty($GPC['guestemail']) || !( $registered = checkRegistered($GPC['guestname'], $GPC['guestemail']) ) ) ) || empty($GPC['comment']) ) { if (!$registered && isset($registered)) { eval("\$registered = \"".$vwartpl->get("message_error_registered")."\";"); } $vwartpl->cache ( "message_error_commentadd" ); include ( $vwar_root . "includes/get_header.php" ); eval ("\$vwartpl->output(\"" . $vwartpl->get("message_error_commentadd") . "\");"); include ( $vwar_root . "includes/get_footer.php" ); exit(); } $ip = getenv("REMOTE_ADDR"); // guest adds comment if (!checkCookie()) { $vwardb->query(" INSERT INTO vwar".$n."_comments (frompage,sourceid,guestname,guesticq,guesthomepage,guestemail,ip,title,comment,iconid,dateline,guestyim, guestaim,guestmsn) VALUES ( '$frompage' , '$sourceid' , '".$GPC['guestname']."' , '".$GPC['guesticq']."' , '".$GPC['guesthomepage']."' , '".$GPC['guestemail']."' , '$ip' , '".$GPC['title']."' , '".$GPC['comment']."' , '".$GPC['iconid']."' , '".time()."' , '".$GPC['guestyim']."' , '".$GPC['guestaim']."' , '".$GPC['guestmsn']."' ) "); } // member adds comment else { $vwardb->query(" INSERT INTO vwar".$n."_comments (frompage,sourceid,memberid,comment,title,iconid,dateline,ip) VALUES ( '$frompage' , '$sourceid' , '".$GPC['vwarid']."' , '".$GPC['comment']."' , '".$GPC['title']."' , '".$GPC['iconid']."' , '".time()."' , '$ip' ) "); } // save guest data and redirect $fields = array( "guestname" => "guestname","guestemail" => "guestemail","guesthomepage" => "guesthomepage", "guesticq" => "guesticq","guestaim" => "guestaim","guestmsn" => "guestmsn", "guestyim" => "guestyim"); guestData($GPC,$fields,1); header("Location: ".$GPC['PHP_SELF']."?".$GPC['QUERY_STRING']); } // template-cache, standard-templates will be added by script: $vwartpllist = "smiliesoff,smilieson,htmlcodeon,htmlcodeoff,bbcodeon,bbcodeoff,bbcode_language,bbcode_javascript,"; $vwartpllist .= "bbcode,comment_display_commtitle,comment_preview,comment_add_quote,comment_add_quote_title,"; $vwartpllist .= "comment_add_guest,comment_add_member"; $vwartpl->cache($vwartpllist); include ( $vwar_root . "includes/get_header.php" ); getTextRestrictions("vwarform","comment","{firstaltcolor}",1); $clickable_icons = getIcons($GPC['iconid']); // preview if($GPC['preview']) { if($GPC['title']) { $commtitle = $GPC['title']; eval("\$comment_display_commtitle = \"".$vwartpl->get("comment_display_commtitle")."\";"); } else { $comment_display_commtitle = ""; } $previewcomment = $GPC['comment']; $previewcomment = parseText(dbSelect($previewcomment, 1), $GPC['vwarid']); eval("\$comment_preview = \"".$vwartpl->get("comment_preview")."\";"); } // quote if(!$GPC['preview'] && is_numeric($GPC['quote'])) { $quote = $vwardb->query_first(" SELECT guestname,comment,title,dateline,memberid FROM vwar".$n."_comments WHERE commentid = '".$GPC['quote']."' "); if($quote) { if($quote['memberid']) { $member = $vwardb->query_first(" SELECT name FROM vwar".$n."_member WHERE memberid = '".$quote['memberid']."' "); } $postername = ($quote['memberid']) ? $member['name'] : $quote['guestname']; $quote['dateline'] = formatdatetime($quote['dateline'],$longdateformat); eval("\$comment_add_quote = \"".$vwartpl->get("comment_add_quote")."\";"); } } dbSelectForm($GPC, 1); if(!checkCookie()) { $fields = array( "guestname" => "guestname","guestemail" => "guestemail","guesthomepage" => "guesthomepage", "guesticq" => "guesticq","guestaim" => "guestaim","guestmsn" => "guestmsn", "guestyim" => "guestyim"); guestData($GPC,$fields,0); eval("\$vwartpl->output(\"".$vwartpl->get("comment_add_guest")."\");"); } else { $row = $vwardb->query_first(" SELECT name FROM vwar".$n."_member WHERE memberid = '".$GPC['vwarid']."' "); $row['member'] = dbSelect($row['member']); eval("\$vwartpl->output(\"".$vwartpl->get("comment_add_member")."\");"); } $vwardb->free_result($result); } ## -------------------------------------------------------------------------------------------------------------- ## // ##################### edit ##################### elseif($GPC['cmd'] == "edit" || $command == "edit") { if(!getCommentPermission()) { $vwartpl->cache("message_error_nopermission"); include ( $vwar_root . "includes/get_header.php" ); eval("\$vwartpl->output(\"".$vwartpl->get("message_error_nopermission")."\");"); include ( $vwar_root . "includes/get_footer.php" ); exit(); } if($GPC['add']) { // check for wrong or registered data if (( !isset($GPC['memberid']) && ( empty($GPC['guestname']) || empty($GPC['guestemail']) || !($registered = checkRegistered($GPC['guestname'], $GPC['guestemail'])) )) || empty($GPC['comment'])) { $str["NEWCOMMENT"] = $str['EDITCOMMENT']; if (!$registered && isset($registered)) { eval("\$registered = \"".$vwartpl->get("message_error_registered")."\";"); } $vwartpl->cache ( "message_error_commentadd" ); include ( $vwar_root . "includes/get_header.php" ); eval ("\$vwartpl->output(\"" . $vwartpl->get("message_error_commentadd") . "\");"); include ( $vwar_root . "includes/get_footer.php" ); exit(); } // update guest comment if (!isset($GPC['memberid'])) { $vwardb->query(" UPDATE vwar".$n."_comments SET guestname = '".$GPC['guestname']."', guestemail = '".$GPC['guestemail']."', guesthomepage = '".$GPC['guesthomepage']."', guesticq = '".$GPC['guesticq']."', guestyim = '".$GPC['guestyim']."', guestaim = '".$GPC['guestaim']."', guestmsn = '".$GPC['guestmsn']."', iconid = '".$GPC['iconid']."', title = '".$GPC['title']."', comment = '".$GPC['comment']."', editdateline = '".time()."', editmemberid = '".$GPC["vwarid"]."' WHERE commentid = '".$GPC['cid']."' "); } // update member comment else { $vwardb->query(" UPDATE vwar".$n."_comments SET comment = '".$GPC['comment']."', title = '".$GPC['title']."', iconid = '".$GPC['iconid']."', editdateline = '".time()."', editmemberid = '".$GPC["vwarid"]."' WHERE commentid = '".$GPC['cid']."' "); } header("Location: ".$GPC['PHP_SELF']."?".$GPC['QUERY_STRING']); } // template-cache, standard-templates will be added by script: $vwartpllist = "smiliesoff,smilieson,htmlcodeon,htmlcodeoff,bbcodeon,bbcodeoff,bbcode_language,bbcode_javascript,"; $vwartpllist .= "bbcode,comment_display_commtitle,comment_preview,comment_edit_guest,comment_edit_member"; $vwartpl->cache($vwartpllist); include ( $vwar_root . "includes/get_header.php" ); getTextRestrictions("vwarform","comment","{firstaltcolor}",1); // preview if($GPC['preview']) { if($GPC['title']) { $title = $GPC['title']; eval("\$comment_display_commtitle = \"".$vwartpl->get("comment_display_commtitle")."\";"); } $previewcomment = $GPC['comment']; $previewcomment = parseText(dbSelect($previewcomment, 1), $GPC['vwarid']); eval("\$comment_preview = \"".$vwartpl->get("comment_preview")."\";"); // change other vars if (!$GPC['memberid']) { while (list($key, $val) = each($GPC)) { $row[$key] = dbSelectForm ($GPC[$key], 1); } } else { $row['comment'] = dbSelectForm($GPC['comment'], 1); $row['title'] = dbSelectForm($GPC['title'], 1); $row['iconid'] = $GPC['iconid']; } } else { $row = $vwardb->query_first(" SELECT * FROM vwar".$n."_comments WHERE commentid = '".$GPC['cid']."' "); dbSelectForm($row); } $clickable_icons = getIcons($row['iconid']); //guest if (!$row['memberid'] && !$GPC['memberid']) { if ($row['guesticq'] == 0) { $row['guesticq'] = ""; } eval("\$vwartpl->output(\"".$vwartpl->get("comment_edit_guest")."\");"); } //member else { $memberid = (isset($GPC['memberid'])) ? $GPC['memberid'] : $row['memberid']; $member = $vwardb->query_first(" SELECT name FROM vwar".$n."_member WHERE memberid = '".$memberid."' "); dbSelect($member['name']); eval("\$vwartpl->output(\"".$vwartpl->get("comment_edit_member")."\");"); } $vwardb->free_result($result); } ## -------------------------------------------------------------------------------------------------------------- ## // ##################### delete ##################### elseif($GPC['cmd'] == "del" || $command == "del") { if($GPC['delete'] && getCommentPermission()) { $vwardb->query(" DELETE FROM vwar".$n."_comments WHERE commentid='".$GPC['cid']."' "); header("Location: ".$GPC['PHP_SELF']."?".$GPC['QUERY_STRING']); } else { // template-cache, standard-templates will be added by script: $vwartpllist="message_delete,message_error_nopermission"; $vwartpl->cache($vwartpllist); include ( $vwar_root . "includes/get_header.php" ); if(getCommentPermission()) { eval("\$vwartpl->output(\"".$vwartpl->get("message_delete")."\");"); } else { eval("\$vwartpl->output(\"".$vwartpl->get("message_error_nopermission")."\");"); } } } ## -------------------------------------------------------------------------------------------------------------- ## // ##################### show ip ##################### else if($GPC['cmd'] == "showip" || $command == "showip") { // get ip $result = $vwardb->query_first(" SELECT ip FROM vwar".$n."_comments WHERE commentid = '".$GPC['cid']."' "); if(getCommentPermission()) { $vwartpl->cache("comment_display_showip"); include ( $vwar_root . "includes/get_header.php" ); $ip = $result['ip']; eval("\$vwartpl->output(\"".$vwartpl->get("comment_display_showip")."\");"); include ( $vwar_root . "includes/get_footer.php" ); } else { $vwartpl->cache("message_error_nopermission"); include ( $vwar_root . "includes/get_header.php" ); eval("\$vwartpl->output(\"".$vwartpl->get("message_error_nopermission")."\");"); include ( $vwar_root . "includes/get_footer.php" ); exit(); } } ## -------------------------------------------------------------------------------------------------------------- ## // ##################### display ##################### else { // template-cache, standard-templates will be added by script: $vwartpllist = "comment_display_toplink,comment_display_commtitle,member_homepagebit2,"; $vwartpllist .= "comment_display_admin,comment_display_bit,comment_display,comment_display_icon,"; $vwartpllist .= "member_mailbit,member_icqbit2,member_aimbit2,member_msnbit2,member_yimbit2,"; $vwartpllist .= "comment_edited,signature"; $vwartpl->cache($vwartpllist); include ( $vwar_root . "includes/get_header.php" ); $commentpermission = getCommentPermission(); // get comments $result = $vwardb->query_first(" SELECT COUNT(commentid) AS numcomments FROM vwar".$n."_comments WHERE sourceid = '$sourceid' AND frompage = '$frompage' "); $numcomments = $result['numcomments']; // is adding comments allowed? if ($allowadd == 1) { eval("\$comment_display_addcomment = \"".$vwartpl->get("comment_display_addcomment")."\";"); } $limit = getSortClauses (); $commcount = $numcomments-$s; if ($numcomments > 0) { $pagelinks = makepagelinks($numcomments,$perpage,$GPC['QUERY_STRING']); } if (!$pagelinks) { $noentry = $str['NOENTRY']; } $result = $vwardb->query(" SELECT * FROM vwar".$n."_comments WHERE sourceid = '$sourceid' AND frompage = '$frompage' ORDER BY dateline DESC " . $limit["limit"] ); while ($row = $vwardb->fetch_array($result)) { switchColors(); // convert vars - ugly ... if ($row['memberid']) { $member = getShortMemberProfile ($row['memberid']); $row['email'] = $member['email']; $row['aim'] = $member['aim']; $row['yim'] = $member['yim']; $row['msn'] = $member['msn']; $row['icq'] = $member['icq']; $homepage = $member['homepage']; $postertitle = $member['statusname']; if(!empty($member["name"])) { $namelink = makelink($vwar_root . "member.php?action=profile&memberid=" . $member['memberid'], dbSelect($member['name'])); $name = dbSelect($member['name']); } else { $name = "[".$row["memberid"].":missingdata]"; $namelink = $name; $postertitle = $str["GUEST"]; } } else { $namelink = dbSelect($row['guestname']); $name = dbSelect($row['guestname']); $row['email'] = $row['guestemail']; $homepage = $row['guesthomepage']; $row['icq'] = $row['guesticq']; $row['aim'] = $row['guestaim']; $row['yim'] = $row['guestyim']; $row['msn'] = $row['guestmsn']; $postertitle = $str['GUEST']; } if ($row['email'] && checkMail($row['email'])) { eval("\$comment_display_emailbit = encodeMail(\"".$vwartpl->get("member_mailbit")."\");"); } else { $comment_display_emailbit = ""; } if ($row['icq']) { eval("\$comment_display_icqbit = \"".$vwartpl->get("member_icqbit2")."\";"); } else { $comment_display_icqbit = ""; } if ($row['aim']) { eval("\$comment_display_aimbit = \"".$vwartpl->get("member_aimbit2")."\";"); } else { $comment_display_aimbit = ""; } if ($row['yim']) { eval("\$comment_display_yimbit = \"".$vwartpl->get("member_yimbit2")."\";"); } else { $comment_display_yimbit = ""; } if ($row['msn']) { eval("\$comment_display_msnbit = \"".$vwartpl->get("member_msnbit2")."\";"); } else { $comment_display_msnbit = ""; } if ($homepage) { $homepage = checkUrlFormat($homepage); eval("\$comment_display_homepagebit = \"".$vwartpl->get("member_homepagebit2")."\";"); } else { $comment_display_homepagebit = ""; } if ($row['iconid']) { $smilie = $vwardb->query_first(" SELECT filename, title FROM vwar".$n."_smilie WHERE smilieid = '".$row['iconid']."' "); if ($smilie && @file_exists($vwar_root . "images/smilies".$row['filename'])) { eval("\$comment_display_icon = \"".$vwartpl->get("comment_display_icon")."\";"); } } else { $comment_display_icon = ""; } if ($row['title']) { $row['title'] = dbSelect($row['title']); eval("\$comment_display_commtitle = \"".$vwartpl->get("comment_display_commtitle")."\";"); } else { $comment_display_commtitle = ""; } if ($commentpermission == true) { eval("\$comment_display_admin = \"".$vwartpl->get("comment_display_admin")."\";"); } $commentdate = formatdatetime($row['dateline'],$longdateformat); $row['comment'] = parseText(dbSelect($row['comment']),$row['memberid']); if (!empty($row["editdateline"])) { if (empty($memcache)) { $tmp = $vwardb->query("SELECT memberid, name FROM vwar".$n."_member"); while ($data = $vwardb->fetch_array($tmp)) { $memcache[$data["memberid"]] = $data["name"]; } unset($data); } unset($editname); unset($edittime); if (empty($memcache[$row["editmemberid"]])) { $editname = "[" . $row["editmemberid"] . ":missingdata]"; } else { $editname = $memcache[$row["editmemberid"]]; } $edittime = formatdatetime($row['editdateline'], $longdateformat); eval("\$row[\"comment\"] .= \"".$vwartpl->get("comment_edited")."\";"); } if (trim($member["signature"]) != "" && $showsignature == 1) { $signature = parseText(dbSelect($member["signature"]),$row['memberid']); eval("\$row[\"comment\"] .= \"".$vwartpl->get("signature")."\";"); } else { $signature = ""; } eval("\$comment_display_bit .= \"".$vwartpl->get("comment_display_bit")."\";"); $commcount--; // unset member vars unset($member); } $vwardb->free_result($result); eval("\$comment_display_toplink = \"".$vwartpl->get("comment_display_toplink")."\";"); eval("\$vwartpl->output(\"".$vwartpl->get("comment_display")."\");"); } ?>