146 lines
5.1 KiB
PHP
146 lines
5.1 KiB
PHP
|
<?php
|
|||
|
@session_start();
|
|||
|
@error_reporting( 7 );
|
|||
|
@ini_set( 'display_errors', true );
|
|||
|
@ini_set( 'html_errors', false );
|
|||
|
|
|||
|
define( 'DATALIFEENGINE', true );
|
|||
|
define( 'ROOT_DIR', substr( dirname( __FILE__ ), 0, -12 ) );
|
|||
|
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );
|
|||
|
|
|||
|
include SYSTEM_DIR . '/data/config.php';
|
|||
|
require_once SYSTEM_DIR . '/classes/mysql.php';
|
|||
|
require_once SYSTEM_DIR . '/data/dbconfig.php';
|
|||
|
|
|||
|
if( $_COOKIE['dle_skin'] ) {
|
|||
|
if( @is_dir( ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'] ) ) {
|
|||
|
$config['skin'] = $_COOKIE['dle_skin'];
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
|
|||
|
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
|
|||
|
|
|||
|
require_once SYSTEM_DIR . '/modules/functions.php';
|
|||
|
require_once SYSTEM_DIR . '/classes/parse.class.php';
|
|||
|
require_once SYSTEM_DIR . '/modules/sitelogin.php';
|
|||
|
|
|||
|
|
|||
|
$area = totranslit($_REQUEST['area'], true, false);
|
|||
|
if ( !$area) $area = "news";
|
|||
|
|
|||
|
$allowed_areas = array(
|
|||
|
'news' => array (
|
|||
|
'comments_table' => 'comments',
|
|||
|
),
|
|||
|
'ajax' => array (
|
|||
|
'comments_table' => 'comments',
|
|||
|
),
|
|||
|
'lastcomments' => array (
|
|||
|
'comments_table' => 'comments',
|
|||
|
),
|
|||
|
);
|
|||
|
if (! is_array($allowed_areas[$area]) ) die( "error" );
|
|||
|
|
|||
|
$parse = new ParseFilter( );
|
|||
|
$parse->safe_mode = true;
|
|||
|
|
|||
|
if( ! $is_logged ) die( "error" );
|
|||
|
$id = intval( $_REQUEST['id'] );
|
|||
|
if( ! $id ) die( "error" );
|
|||
|
|
|||
|
$user_group = $cache->get( "usergroup" );
|
|||
|
if( ! $user_group ) {$user_group = array ();
|
|||
|
$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
|
|||
|
while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();
|
|||
|
foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}
|
|||
|
}
|
|||
|
$cache->set( "usergroup", $user_group );
|
|||
|
$db->free();
|
|||
|
}
|
|||
|
|
|||
|
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
|
|||
|
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
|
|||
|
|
|||
|
if( $_REQUEST['action'] == "edit" ) {
|
|||
|
$row = $db->super_query( "SELECT id, text, is_register, autor FROM " . PREFIX . "_{$allowed_areas[$area]['comments_table']} where id = '$id'" );
|
|||
|
if( $id != $row['id'] ) die( "error" );
|
|||
|
|
|||
|
$have_perm = 0;
|
|||
|
|
|||
|
if( $is_logged and (($member_id['name'] == $row['autor'] and $row['is_register'] and $user_group[$member_id['user_group']]['allow_editc']) or $user_group[$member_id['user_group']]['edit_allc']) ) {
|
|||
|
$have_perm = 1;
|
|||
|
}
|
|||
|
|
|||
|
if( ! $have_perm ) die( "error" );
|
|||
|
|
|||
|
include_once SYSTEM_DIR . '/ajax/bbcode.php';
|
|||
|
$comm_txt = $parse->decodeBBCodes( $row['text'], false );
|
|||
|
|
|||
|
$buffer = <<<HTML
|
|||
|
<form name="ajaxcomments{$id}" id="ajaxcomments{$id}" metod="post" action="">
|
|||
|
<div class="editor">
|
|||
|
{$bb_code}
|
|||
|
<textarea name="dleeditcomments{$id}" id="dleeditcomments{$id}" onclick="setNewField(this.name, document.ajaxcomments{$id})" style="width:99%; height:150px; border:1px solid #E0E0E0">{$comm_txt}</textarea><br>
|
|||
|
<div align="right" style="width:99%;padding-top:5px;"><input class=bbcodes title="$lang[bb_t_apply]" type=button onclick="ajax_save_comm_edit('{$id}', '{$area}'); return false;" value="$lang[bb_b_apply]">
|
|||
|
<input class=bbcodes title="$lang[bb_t_cancel]" type=button onclick="ajax_cancel_comm_edit('{$id}'); return false;" value="$lang[bb_b_cancel]">
|
|||
|
</div></div>
|
|||
|
</form>
|
|||
|
HTML;
|
|||
|
} elseif( $_REQUEST['action'] == "save" ) {
|
|||
|
$row = $db->super_query( "SELECT id, post_id, text, is_register, autor FROM " . PREFIX . "_{$allowed_areas[$area]['comments_table']} where id = '$id'" );
|
|||
|
|
|||
|
if( $id != $row['id'] ) die( "error" );
|
|||
|
|
|||
|
$have_perm = 0;
|
|||
|
|
|||
|
if( $is_logged AND (($member_id['name'] == $row['autor'] AND $row['is_register'] AND $user_group[$member_id['user_group']]['allow_editc']) OR $user_group[$member_id['user_group']]['edit_allc']) ) {
|
|||
|
$have_perm = 1;
|
|||
|
}
|
|||
|
|
|||
|
if( ! $have_perm ) die( "error" );
|
|||
|
|
|||
|
$use_html = false;
|
|||
|
|
|||
|
$comm_txt = trim( $parse->BB_Parse( $parse->process( convert_unicode( $_POST['comm_txt'], $config['charset'] ) ), $use_html ) );
|
|||
|
|
|||
|
if( $parse->not_allowed_tags ) {die( "error" );}
|
|||
|
if( $parse->not_allowed_text ) {die( "error" );}
|
|||
|
if( strlen( $comm_txt ) > $config['comments_maxlen'] ) {die( "error" );}
|
|||
|
if( $comm_txt == "" ) {die( "error" );}
|
|||
|
|
|||
|
//* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
if( intval( $config['auto_wrap'] ) ) {
|
|||
|
|
|||
|
$comm_txt = preg_split( '((>)|(<))', $comm_txt, - 1, PREG_SPLIT_DELIM_CAPTURE );
|
|||
|
$n = count( $comm_txt );
|
|||
|
|
|||
|
for($i = 0; $i < $n; $i ++) {
|
|||
|
if( $comm_txt[$i] == "<" ) {
|
|||
|
$i ++;
|
|||
|
continue;
|
|||
|
}
|
|||
|
$comm_txt[$i] = preg_replace( "#([^\s\n\r]{" . intval( $config['auto_wrap'] ) . "})#i", "\\1<br />", $comm_txt[$i] );
|
|||
|
}
|
|||
|
$comm_txt = join( "", $comm_txt );
|
|||
|
}
|
|||
|
|
|||
|
$comm_update = $db->safesql( $comm_txt );
|
|||
|
|
|||
|
$db->query( "UPDATE " . PREFIX . "_{$allowed_areas[$area]['comments_table']} set text='$comm_update' where id = '$id'" );
|
|||
|
|
|||
|
$comm_txt = preg_replace( "'\[hide\](.*?)\[/hide\]'si", "\\1", $comm_txt );
|
|||
|
$comm_txt = preg_replace ( "'\[hide=(.*?)\](.*?)\[/hide\]'sie",'comm_hide($1,"\\2")',$comm_txt);
|
|||
|
|
|||
|
$buffer = stripslashes( $comm_txt );
|
|||
|
|
|||
|
$cache->clear( 'comm_'.$row['post_id'] );
|
|||
|
|
|||
|
} else
|
|||
|
die( "error" );
|
|||
|
|
|||
|
$db->close();
|
|||
|
|
|||
|
@header( "Content-type: text/html; charset=" . $config['charset'] );
|
|||
|
echo $buffer;
|
|||
|
?>
|