sibtracker/system/ajax/addcomments.php

75 lines
3.3 KiB
PHP
Raw Permalink Normal View History

2019-05-18 13:46:03 +08:00
<?php
@error_reporting( 7 );
@ini_set( 'display_errors', true );
@ini_set( 'html_errors', false );
@session_start();
define( 'DATALIFEENGINE', true );
define( 'ROOT_DIR', substr( dirname( __FILE__ ), 0, -12 ) );
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );
include SYSTEM_DIR . '/data/config.php';
require_once SYSTEM_DIR . '/classes/mysql.php';
require_once SYSTEM_DIR . '/data/dbconfig.php';
require_once SYSTEM_DIR . '/modules/functions.php';
require_once SYSTEM_DIR . '/classes/templates.class.php';
$_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false);
if( ! @is_dir( ROOT_DIR . '/templates/' . $_REQUEST['skin'] ) ) {die( "Hacking attempt!" );}
$user_group = $cache->get( "usergroup" );
if( ! $user_group ) {
$user_group = array ();
$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();
foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}
}
$cache->set( "usergroup", $user_group );
$db->free();
}
@include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
require_once SYSTEM_DIR . '/modules/sitelogin.php';
$tpl = new dle_template( );
$tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin'];
define( 'TEMPLATE_DIR', $tpl->dir );
$ajax_adds = true;
$_POST['name'] = convert_unicode( $_POST['name'], $config['charset'] );
$_POST['mail'] = convert_unicode( $_POST['mail'], $config['charset'] );
$_POST['comments'] = convert_unicode( $_POST['comments'], $config['charset'] );
require_once SYSTEM_DIR . '/modules/addcomments.php';
if( $CN_HALT != TRUE ) {
include_once SYSTEM_DIR . '/classes/comments.class.php';
$comments = new Comments( $db, 1, 1 );
$comments->query = "SELECT " . PREFIX . "_comments.id, post_id, " . PREFIX . "_comments.user_id, date, autor as gast_name, " . PREFIX . "_comments.email as gast_email, text, ip, is_register, name, rating, " . USERPREFIX . "_users.email, news_num, comm_num, user_group, signature, foto, repa, repa_mod, repa_off FROM " . PREFIX . "_comments LEFT JOIN " . USERPREFIX . "_users ON " . PREFIX . "_comments.user_id=" . USERPREFIX . "_users.user_id WHERE " . PREFIX . "_comments.post_id = '$post_id' order by id DESC";
$comments->build_comments('ajax');
} $clear_value = "form.comments.value = '';";
if( $CN_HALT ) {
$stop = implode( '<br /><br />', $stop );
$tpl->result['content'] = "<script language=\"JavaScript\" type=\"text/javascript\">\nvar form = document.getElementById('dle-comments-form');\n";
if( ! $where_approve ) $tpl->result['content'] .= "{$clear_value}";
$tpl->result['content'] .= "\n alert ('" . $stop . "');\n var timeval = new Date().getTime();\n
\n </script>";
} else {
$tpl->result['content'] = "<div id=\"blind-animation\" style=\"display:none\">".$tpl->result['content']."<div>";
$tpl->result['content'] .= <<<HTML
<script language='JavaScript' type="text/javascript">
var timeval = new Date().getTime();
var form = document.getElementById('dle-comments-form');
{$clear_value}
</script>
HTML;
}
$tpl->result['content'] = str_replace( '{THEME}', $config['http_home_url'] . 'templates/' . $_REQUEST['skin'], $tpl->result['content'] );
@header( "Content-type: text/html; charset=" . $config['charset'] );
echo $tpl->result['content'];
?>