post_comment.php

一个全功能的国外博客商业程序

<?
include "header.php";
if(isset($_POST['task'])) { $task = $_POST['task']; } elseif(isset($_GET['task'])) { $task = $_GET['task']; } else { $task = "main"; }





// SHOW IMAGE
if($task == "image") {

if($admin_info[comment_image] != 1 OR !function_exists('gd_info')) { exit(); }

$code = $_GET['code'];
$code = strrev($code);
$code = preg_replace("([a-zA-Z])", "-", $code); 
$number = explode("-", $code);
for($c = 0; $c < 7; $c++) {
$d = $c + 5;
$mul[$c] = $number[$d];
}
for($c = 0; $c < 7; $c++) {
$d = $c - 1;
$num[$c] = $number[$d] / $mul[$c];
}
for($c = 1; $c < 7; $c++) {
if(!is_int($num[$c])) { exit(); }
}

header("Content-type: image/png"); 
$img_handle = @ImageCreate(67, 20); 
$back_color = @ImageColorAllocate($img_handle, 246, 246, 246); 

$count = 0;
while($count < 6) {
$count++;
$x_axis = -5 + ($count * 10);
$color1 = rand(001, 150);
$color2 = rand(001, 150);
$color3 = rand(001, 150);
$txt_color[$count] = @ImageColorAllocate($img_handle, $color1, $color2, $color3); 
$size = 5;
@ImageString($img_handle, $size, $x_axis, 2, "$num[$count]", $txt_color[$count]); 
}

$pixel_color = @ImageColorAllocate($img_handle, 100, 100, 100); 

$count = 0;
while($count < 20) {
$count++;
$randx = rand(1,67);
$randy = rand(1,20);
@ImageSetPixel($img_handle, $randx, $randy, $pixel_color);
}

@ImagePng($img_handle); 

exit();
}







//SET PRIVACY SETTINGS
if($is_admin_logged_in == "yes") {
$privacy = "AND (privacy='0' OR privacy='1' OR privacy='2' OR privacy='3')";
} elseif($member_info[u_id] == $user_info[u_id]) {
$privacy = "AND (privacy='0' OR privacy='1' OR privacy='2' OR privacy='3')";
} elseif($group_info[allow_members] == "1" & mysql_num_rows(mysql_query("SELECT m_id FROM bhost_members WHERE u_id='$user_info[u_id]' AND member_u_id='$member_info[u_id]'")) == "1") {
$privacy = "AND (privacy='1' OR privacy='2' OR privacy='3')";
} elseif($is_logged_in == "yes") {
$privacy = "AND (privacy='2' OR privacy='3')";
} else {
$privacy = "AND privacy='3'";
}

// IF PRIVACY FEATURE IS DISABLED BY ADMIN
if($group_info[allow_privacy] != 1) {
$privacy = "AND (privacy='0' OR privacy='1' OR privacy='2' OR privacy='3')";
}


if(isset($_POST['e_id'])) { $e_id = $_POST['e_id']; } elseif(isset($_GET['e_id'])) { $e_id = $_GET['e_id']; } else { exit(); }
if(mysql_num_rows(mysql_query("SELECT e_id FROM bhost_entries WHERE e_id='$e_id' AND u_id='$user_info[u_id]' $privacy")) != 1) { exit(); }
$entry_info = mysql_fetch_assoc(mysql_query("SELECT * from bhost_entries WHERE e_id='$e_id' AND u_id='$user_info[u_id]' $privacy"));

$is_error = "no";
$error = "";
if($group_info[allow_members] == "1" & ($user_info[who_comments] == "1" | $user_info[show_comments] == "1") & $member_info[u_id] != $user_info[u_id] & $is_admin_logged_in != "yes" & ($is_logged_in == "no" | mysql_num_rows(mysql_query("SELECT m_id FROM bhost_members WHERE u_id='$user_info[u_id]' AND member_u_id='$member_info[u_id]'")) != "1")) {
  $is_error = "yes";
  $error = "<h2>$post_comment1</h2>$post_comment2 <a href='login.php?u=$user_info[username]&e_id=$e_id&ref=2'>$post_comment3</a>";
} elseif(($user_info[who_comments] == "2" | $user_info[show_comments] == "2") & $is_logged_in == "no" & $is_admin_logged_in != "yes") {
  $is_error = "yes";
  $error = "<h2>$post_comment1</h2>$post_comment4 <a href='login.php?u=$user_info[username]&e_id=$e_id&ref=2'>$post_comment5</a>.";
} elseif($entry_info[comments] == "0") {
  $is_error = "yes";
  $error = "<h2>$post_comment6</h2>$post_comment7";
} elseif($group_info[allow_comments] == "0" | $user_info[show_comments] == "0" | $user_info[who_comments] == "0") { 
  $is_error = "yes"; 
  $error = "<h2>$post_comment6</h2>$post_comment8"; 
}

if($is_error == "yes") {
echo $head;
echo "
$error
";
echo $foot;
exit();
}






if($task == "cancel") {
$url = url("entry", "$user_info[username]", "$e_id");
header("Location: $url");
exit();
}




if($task == "dopost") {
$is_error = "no";
$error = "";

$from = $_POST['from'];
$nickname = $_POST['nickname'];
$title = htmlspecialchars($_POST['title'], ENT_QUOTES);
$contents = str_replace("\n", "<br>", htmlspecialchars($_POST['contents'], ENT_QUOTES));
$code = $_POST['codesent'];


// CHECK FOR VALID IMAGE CODE IF ALLOWED BY ADMIN AND GD IS ENABLED
if($admin_info[comment_image] == 1 AND function_exists('gd_info')) {
if($is_error != "yes") {
$codesent = $_POST['codesent'];
$code = $_POST['code'];
$code = strrev($code);
$code = preg_replace("([a-zA-Z])", "-", $code); 
$number = explode("-", $code);
$nums = $number[0] / $number[6];
$nums .= $number[1] / $number[7];
$nums .= $number[2] / $number[8];
$nums .= $number[3] / $number[9];
$nums.= $number[4] / $number[10];
$nums .= $number[5] / $number[11];
if($codesent != $nums) {
$is_error = "yes"; 
$error = "$post_comment24";
}}}



if(str_replace(" ", "", $title) == "") { $title = "<i>$post_comment9</i>"; }
if(str_replace(" ", "", $contents) == "") {
 $is_error = "yes";
 $error = "$post_comment10";
}

if($from == 0) {
 $username = $nickname;
 $author_u_id = 0;
} elseif($from == 1) {
 if($is_logged_in == "yes") {
  $username = $member_info[username];
  $author_u_id = $member_info[u_id];
 } else {
  $username = $nickname;
  $author_u_id = 0;
 }
}


if($is_error == "yes") {
echo $head;
echo "
<h2>$post_comment25</h2>
$error
<br><br>
<form action='post_comment.php' method='GET'>
<input type='submit' class='button' value='$post_comment26'>
<input type='hidden' name='u' value='$u'>
<input type='hidden' name='e_id' value='$e_id'>
</form>
";
echo $foot;
exit();
}

if($user_info[logip_comments] == "1") {
 $IP = $_POST['IP'];
} else {
 $IP = "";
}

$date = time();

// CENSOR BAD WORDS
$bad_words = explode(",", trim($admin_info[banned_badwords]));
$bad_words_replace = explode(",", trim($admin_info[banned_badwords_replace]));
$contents = str_replace($bad_words, $bad_words_replace, $contents);
$title = str_replace($bad_words, $bad_words_replace, $title);

mysql_query("INSERT INTO bhost_comments (u_id, e_id, author_u_id, username, IP, title, contents, date) VALUES ('$user_info[u_id]', '$e_id', '$author_u_id', '$username', '$IP', '$title', '$contents', '$date')");
$comment = mysql_fetch_assoc(mysql_query("SELECT max(c_id) AS c_id FROM bhost_comments WHERE u_id='$user_info[u_id]' AND e_id='$e_id' AND username='$username' AND title='$title' AND contents='$contents' AND date='$date' LIMIT 1"));
if($user_info[notify_comments] == "1") {
 $link = url("entry", "$user_info[username]", "$e_id", "", "", "#c$comment[c_id]");
 $subject = $admin_info[comment_subject];
 $subject = str_replace("<fname>", "$user_info[fname]", $subject);
 $subject = str_replace("<lname>", "$user_info[lname]", $subject);
 $subject = str_replace("<link>", $link, $subject);
 $subject = str_replace("<author>", "$username", $subject);
 $message = $admin_info[comment_message];
 $message = str_replace("<fname>", "$user_info[fname]", $message);
 $message = str_replace("<lname>", "$user_info[lname]", $message);
 $message = str_replace("<link>", $link, $message);
 $message = str_replace("<author>", "$username", $message);
 mail($user_info[email], $subject, $message, "From: $admin_info[email]");
}
$url = url("entry", "$user_info[username]", "$e_id", "", "", "#c$comment[c_id]");
header("Location: $url");
exit();
}








echo $head;
echo "
<script language=\"JavaScript\" type=\"text/javascript\">
<!--
function fill() {
window.document.preview.contents.value = window.document.info.contents.value;
window.document.preview.title.value = window.document.info.title.value;
 if(window.document.info.from) {
 if(window.document.info.from[0].checked) {
 window.document.preview.from.value = '0';
 window.document.preview.nickname.value = window.document.info.nickname.value;
 } else {
 window.document.preview.from.value = '1';
 }
 }
}
//-->
</script>
<h2>$post_comment11</h2>
<br>
<form action='post_comment.php' method='POST' name='info'>
<table cellpadding='0' cellspacing='0'>
<tr>
<td valign='top' align='right' style='padding-top: 2px;'>$post_comment12 &nbsp;</td>
<td>
<table cellpadding='0' cellspacing='0'>
";

if($user_info[who_comments] == 3) {

echo "
<tr>
<td><input type='radio' name='from' value='0'"; if($is_logged_in != "yes") { echo " CHECKED"; } echo "></td>
<td><input type='text' name='nickname' value='Anonymous' onfocus='javascript: window.document.info.from[0].checked = true;'> &nbsp;</td>
</tr>
<tr>
<td><input type='radio' name='from' value='1'"; if($is_logged_in != "yes") { echo " DISABLED"; } else { echo " CHECKED"; } echo "></td>
<td>
";
} else {

echo "<td>&nbsp;</td>";
if($is_logged_in == "yes") { echo "<input type='hidden' name='from' value='1'>"; }
echo "<td>";

}

if($is_admin_logged_in == "yes") {
echo "<b>Administrator</b></td></tr>";
} else {

if($user_info[who_comments] == 3) { echo "$post_comment13 "; }

if($is_logged_in == "yes") {
echo "<b>$member_info[username]</b> 
<font class='gray'>($post_comment14 <a href='login.php?u=$user_info[username]&e_id=$e_id&ref=2'>$post_comment15</a>)</font>
</td>
</tr>
";

} else {

echo "
[ <font class='gray'><a href='login.php?u=$user_info[username]&e_id=$e_id&ref=2'>$post_comment16</a> / <a href='signup.php'>$post_comment17</a></font> ]
</td>
</tr>
";
}
}

echo "
</table></td></tr>

<tr>
<td colspan='2'>&nbsp;</td>
<tr>
<td align='right' style='padding-right: 10px;'>$post_comment18</td>
<td><input type='text' class='text' name='title' maxlength='255' size='60'></td>
</tr>
<tr>
<td align='right' valign='top' style='padding-right: 10px;'>$post_comment19</td>
<td><textarea rows='8' cols='80' name='contents'></textarea></td>
</tr>
";


// SHOW IMAGE CODE VERIFICATION ROW IF ENABLED AND GD IS INSTALLED
if($admin_info[comment_image] AND function_exists('gd_info')) {
function randLetter() {
$int = rand(0,51);
$a_z = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$rand_letter = $a_z[$int];
return $rand_letter;
}

for($c = 1; $c < 7; $c++) {
$mul[$c] = rand(20,50);
}
for($c = 1; $c < 7; $c++) {
$num[$c] = rand(2,9) * $mul[$c];
}
for($c = 1; $c < 13; $c++) {
$let[$c] = randLetter();
}

$code = strrev("$num[1]$let[1]$num[2]$let[2]$num[3]$let[3]$num[4]$let[4]$num[5]$let[5]$num[6]$let[6]$mul[1]$let[7]$mul[2]$let[8]$mul[3]$let[9]$mul[4]$let[10]$mul[5]$let[11]$mul[6]");

echo "
<tr>
<td align='right' style='padding-right: 10px;'>$post_comment23</td>
<td>
 <table cellpadding='0' cellspacing='0'>
 <tr>
 <td><input type='text' name='codesent' class='text' size='6' maxlength='10'></td>
 <td style='padding-left: 10px;'><img src='post_comment.php?task=image&u=$user_info[username]&code=$code' border='0' height='20' width='67' style='border: 1px solid #AAAAAA;'></td>
 <td style='padding-left: 1px;'>"; tip2("8"); echo "&nbsp;</td>
 </tr>
 <input type='hidden' name='code' value='$code'>
 </table>
</td>
</tr>
";
}



echo "
</table>

<br>
<table cellpadding='0' cellspacing='0'>
<tr>
<td>
<input type='submit' class='button' value='$post_comment20'>&nbsp;
<input type='hidden' name='task' value='dopost'>
<input type='hidden' name='u' value='$user_info[username]'>
<input type='hidden' name='e_id' value='$e_id'>
<input type='hidden' name='IP' value='".$_SERVER['REMOTE_ADDR']."'>
</td>
</form>
<form action='previewcomment.php#cnew' method='POST' target='_blank' name='preview'>
<td>
<input type='submit' name='submit' class='button' value='$post_comment21' onClick='fill();'>&nbsp;
<input type='hidden' name='from' value=''>
<input type='hidden' name='nickname' value=''>
<input type='hidden' name='title' value=''>
<input type='hidden' name='contents' value=''>
<input type='hidden' name='IP' value='".$_SERVER['REMOTE_ADDR']."'>
<input type='hidden' name='u' value='$user_info[username]'>
<input type='hidden' name='e_id' value='$e_id'>
<input type='hidden' name='c_id' value=''>
</td>
</form>
<form action='post_comment.php' method='POST'>
<td>
<input type='submit' class='button' value='$post_comment22'>
<input type='hidden' name='task' value='cancel'>
<input type='hidden' name='u' value='$user_info[username]'>
<input type='hidden' name='e_id' value='$e_id'>
</td>
</form>
</tr>
</table>
";




echo $foot;
?>