View file comment.php

Buy Cheapest Web Domains
File size: 6.46Kb 
<?php
/********************************
* Mobile Blog v3.2 beta Script  *
* Fully modified by er.o        *
* http://errorisme.com          *
* Copyright (c) 2010            *
* Original Script created by    *
* Huteri Manza                  *
* http://huteri.net             *
********************************/
session_start();
require("header.php");
if(isset($_GET['post']) and isset($_GET['del']))
{
if(!isset($_SESSION['user']))
{
$_SESSION['errorlogin']='You must be logged in to access this page.';
header('location:'.$ur['blog_dir'].'?login&forward='.urlencode($_SERVER['REQUEST_URI']));
die();
}

$_GET['del']=trim($_GET['del']);
$_GET['post']=trim($_GET['post']);
mysql_query("delete from comment where id='{$_GET['del']}'") or die(mysql_error());
$_SESSION['statusmsg']='<font class="saved">Comment successfully deleted.</font>';
header("Location:".$_SERVER['HTTP_REFERER']);
die();
}


if(isset($_POST['submit']))
{
if($_SERVER['HTTP_USER_AGENT']=='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)' || $_SERVER['HTTP_USER_AGENT']=='Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; InfoPath.1)') die('Fuck You Spammer... Go To Hell!!!!!!!!!');

$_POST['name']=addslashes(htmlspecialchars(strip_tags(trim($_POST['name']))));
$_POST['comment']=trim(addslashes(htmlentities($_POST['comment'])));
if(!empty($_POST['adminurl']) and isset($_SESSION['user'])) $_POST['url']=$ur['blog_url'];
$_POST['url']=addslashes(htmlspecialchars(strip_tags(trim($_POST['url']))));
$_SERVER['HTTP_USER_AGENT']=addslashes(htmlentities(strip_tags(trim($_SERVER['HTTP_USER_AGENT']))));
$_SERVER['REMOTE_ADDR']=trim($_SERVER['REMOTE_ADDR']);

if(!empty($_POST['url'])) {if(!ereg("^http://", $_POST['url'])) $_POST['url']="http://{$_POST['url']}";}
else $_POST['url']="blank";

setcookie("mb_comment_name", stripslashes($_POST['name']), time()+604800);
if($_POST['url']=="blank") setcookie("mb_comment_url", '', time()+604800);
else setcookie("mb_comment_url", stripslashes($_POST['url']), time()+604800);

if(cmtonoff($_POST['blog_id'])==0)
{
$_SESSION['statusmsg']='<font class="error">Post comment to this blog curently disabled.</font>';
header('Location:'.$ur['blog_dir'].blogpermalink($_POST['url']));
die();
}
else
{
{
if(empty($_POST['name']) || empty($_POST['comment']) || empty($_POST['kode']) && !isset($_SESSION['user']))
{
$_SESSION['cmterror']='Field isn\'t complete.';
$_SESSION['cmtmessage']=html_entity_decode(stripslashes($_POST['comment']));
header('Location:'.$ur['blog_dir'].blogpermalink($_POST['blog_id']).'#commentform');
die();
}
elseif(!isset($_SESSION['user']) && preg_match("/^admin|administrator|{$ur['name']}/i",$_POST['name']))
{
$_SESSION['cmterror']='You can not use Administrator Username.';
$_SESSION['cmtmessage']=html_entity_decode(stripslashes($_POST['comment']));
header('Location:'.$ur['blog_dir'].blogpermalink($_POST['blog_id']).'#commentform');
die();
}
elseif($_POST['kode']!=$_SESSION['angka'] && !isset($_SESSION['user']))
{
$_SESSION['cmterror']='Wrong Captcha Code.';
$_SESSION['cmtmessage']=html_entity_decode(stripslashes($_POST['comment']));
header('Location:'.$ur['blog_dir'].blogpermalink($_POST['blog_id']).'#commentform');
die();
}
unset($_SESSION['angka']);

$a=mysql_query("select message from comment order by id desc limit 1") or die(mysql_error());
$e=mysql_fetch_row($a);
if($_POST['comment']==$e[0])
{
$_SESSION['cmterror']='Anti flood control.';
header('Location:'.$ur['blog_dir'].blogpermalink($_POST['blog_id']).'#commentform');
die();
}
if(strlen($_POST['comment']) < 4)
{
$_SESSION['cmterror']='Minimum 4 characters allowed.';
$_SESSION['cmtmessage']=html_entity_decode(stripslashes($_POST['comment']));
header('Location:'.$ur['blog_dir'].blogpermalink($_POST['blog_id']).'#commentform');
die();
}
mysql_query("insert into comment (name, message, time, blog_id, url, ip, browser) values ('{$_POST['name']}','{$_POST['comment']}', now(), '{$_POST['blog_id']}', '{$_POST['url']}', '{$_SERVER['REMOTE_ADDR']}', '{$_SERVER['HTTP_USER_AGENT']}')") or die(mysql_error());

$_SESSION['cmtmsg']='<font class="saved">Thank you. Your comment was successfully added.</font>';
header('location:'.blogpermalink($_POST['blog_id']).'#comment');
die();
}
}
}

elseif(isset($_GET['blog']))
{
if(!is_numeric($_GET['blog']))
die("<b>Error</b>: Invalid char detected");

header("location:{$ur['blog_dir']}".permalink("blog",$_GET['blog'])."/comment/");
die();
}

elseif(isset($_GET['post'])and isset($_GET['cat']))
{
$p = $_GET['p'];
if(empty($_GET['p'])) $p=1;
if($p > 1) $hal=' Page #'.$p;
$title=str_replace($ur['idx_updatenot'],"",blogtitle($_GET['post']));
$ur['title']="View Commment$hal on $title | ".$ur['blog_name'];
$ur['meta_robots']="all,index.follow";
pageheader($ur);
echo '<div class="heading1"><h1><a href="'.$ur['blog_dir'].$_GET['cat'].'/'.$_GET['post'].'">View Comment'.$hal.' on '.$title.'</a></h1></div>
<div class="text">';
$blogid=bloglinkid($_GET['post']);
$show=$ur['cmt_komenperpage'];
$total=jmlkomen($blogid);
if($total=="0")
{
echo "No comment inside<br>
";
}
else
{
$pg=ceil($total/$show);
if($p>$pg && $p!=1)
$p=$pg;
if($p<1)
$p=1;
$j = ($p-1) * $show;
$a=mysql_query("select id, name, message, date_format(time, '%d %b %Y %H:%i') as 'time', blog_id, url, ip, browser from comment where blog_id='$blogid' order by id desc limit $j, $show");
while($d=mysql_fetch_array($a))
{
commentlist($ur,$d);
}
echo '</div><div class="paging">';
$sc=$ur['cmt_linkperpage'];
$st=floor($p/$sc)*$sc;
$en=$st+$sc;
$g=$st;
if($g<"2") print("");
else
if($g>"0") {if($g-1 == 1) {$page="../comment/";} else{$page='../'.($g-1).'/';}
print('<a href="'.$page.'">[&laquo;]</a> ');}
else
print("");

for($g;($g<$en);$g++)
{
if($g=="1" and $g!=$p)
	{
print("<a href=\"../\">1</a> ");
	}
elseif($g=="1" and $g==$p)
	{
print("[<b>1</b>] ");
	}
elseif($g==$p)
{
print(" [<b>".$g."</b>] ");
}
elseif($g<=$pg)
{
if($g>"0") {if($p!="1") {$xx="../$g";} else{$xx=$g;}
print('<a href="'.$xx.'/">'.$g.'</a> ');}
}
else
{
print(" ");
}
}

if($g<=$pg) {if(empty($_GET['p'])) {$xx=$g;} else{$xx='../'.$g;}
print('<a href="'.$xx.'/">[&raquo;]</a>');}
else
print("");
}
echo "</div>
";

}
else 
{
$ur['title']="Error | ".$ur['blog_name'];
$ur['meta_robots']="noindex,nofollow";
pageheader($ur);
headerclose($ur);
die("<div class=\"blog\">Hei.. You enter here without use a bridge -strike-</div><div class=\"footer\">{$ur['footer']}</div>");
}
require("footer.php");
?>