Parašė Tarnautojas· 2007 Bal. 1 16:04:08
#1
v6.01.9 versijoje keičiasi failas includes -> comments_include
v6.01.9 versijoje jis yra toks
<?php
if (!defined("IN_FUSION")) { header("Location:../index.php"); exit; }
include LOCALE.LOCALESET."comments.php";
function showcomments($ctype,$cdb,$ccol,$cid,$clink) {
global $settings,$locale,$userdata,$aidlink;
if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
$flood = false;
if (dbrows(dbquery("SELECT $ccol FROM ".DB_PREFIX."$cdb WHERE $ccol='$cid'"))==0) {
fallback(BASEDIR."index.php");
}
if (iMEMBER) {
$comment_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
$comment_name = trim(stripinput($_POST['comment_name']));
$comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
if (isNum($comment_name)) $comment_name="";
}
$comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
$comment_smileys = isset($_POST['disable_smileys']) ? "0" : "1";
if ($comment_name != "" && $comment_message != "") {
$result = dbquery("SELECT MAX(comment_datestamp) AS last_comment FROM ".DB_PREFIX."comments WHERE comment_ip='".USER_IP."'");
if (!iSUPERADMIN || dbrows($result) > 0) {
$data = dbarray($result);
if ((time() - $data['last_comment']) < $settings['flood_interval']) {
$flood = true;
$result = dbquery("INSERT INTO ".DB_PREFIX."flood_control (flood_ip, flood_timestamp) VALUES ('".USER_IP."', '".time()."')");
if (dbcount("(flood_ip)", "flood_control", "flood_ip='".USER_IP."'") > 4) {
if (iMEMBER) $result = dbquery("UPDATE ".DB_PREFIX."users SET user_status='1' WHERE user_id='".$userdata['user_id']."'");
}
}
}
if (!$flood) $result = dbquery("INSERT INTO ".DB_PREFIX."comments (comment_item_id, comment_type, comment_name, comment_message, comment_smileys, comment_datestamp, comment_ip) VALUES ('$cid', '$ctype', '$comment_name', '$comment_message', '$comment_smileys', '".time()."', '".USER_IP."')");
}
redirect($clink);
}
tablebreak();
opentable($locale['c100']);
$result = dbquery(
"SELECT tcm.*,user_name FROM ".DB_PREFIX."comments tcm
LEFT JOIN ".DB_PREFIX."users tcu ON tcm.comment_name=tcu.user_id
WHERE comment_item_id='$cid' AND comment_type='$ctype'
ORDER BY comment_datestamp ASC"
);
if (dbrows($result) != 0) {
$i = 0;
echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n";
while ($data = dbarray($result)) {
echo "<tr>\n<td class='".($i% 2==0?"tbl1":"tbl2")."'><span class='comment-name'>\n";
if ($data['user_name']) {
echo "<a href='".BASEDIR."profile.php?lookup=".$data['comment_name']."'>".$data['user_name']."</a>";
} else {
echo $data['comment_name'];
}
if ($data['comment_smileys'] == "1") {
$comment_message = parsesmileys($data['comment_message']);
} else {
$comment_message = $data['comment_message'];
}
$comment_message = nl2br(parseubb($comment_message));
echo "</span>\n<span class='small'>".$locale['041'].showdate("longdate", $data['comment_datestamp'])."</span><br>\n";
echo $comment_message."</td>\n</tr>\n";
$i++;
}
if (checkrights("C")) echo "<tr>\n<td align='right' class='".($i% 2==0?"tbl1":"tbl2")."'><a href='".ADMIN."comments.php".$aidlink."&ctype=$ctype&cid=$cid'>".$locale['c106']."</a></td>\n</tr>\n";
echo "</table>\n";
} else {
echo $locale['c101']."\n";
}
closetable();
tablebreak();
opentable($locale['c102']);
if (iMEMBER || $settings['guestposts'] == "1") {
echo "<form name='inputform' method='post' action='$clink'>
<table align='center' cellspacing='0' cellpadding='0' class='tbl'>\n";
if (iGUEST) {
echo "<tr>
<td>".$locale['c103']."</td>
</tr>
<tr>
<td><input type='text' name='comment_name' maxlength='30' class='textbox' style='width:100%;'></td>
</tr>\n";
}
echo "<tr>
<td align='center'><textarea name='comment_message' rows='6' class='textbox' style='width:400px'></textarea><br>
<input type='button' value='b' class='button' style='font-weight:bold;width:25px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='i' class='button' style='font-style:italic;width:25px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='u' class='button' style='text-decoration:underline;width:25px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='url' class='button' style='width:30px;' onClick=\"addText('comment_message', '[url]', '[/url]');\">
<input type='button' value='mail' class='button' style='width:35px;' onClick=\"addText('comment_message', '[mail]', '[/mail]');\">
<input type='button' value='img' class='button' style='width:30px;' onClick=\"addText('comment_message', '[img]', '[/img]');\">
<input type='button' value='center' class='button' style='width:45px;' onClick=\"addText('comment_message', '', ' ');\">
<input type='button' value='small' class='button' style='width:40px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='code' class='button' style='width:40px;' onClick=\"addText('comment_message', '', '
');\">
<input type='button' value='quote' class='button' style='width:45px;' onClick=\"addText('comment_message', '', '');\">
<br><br>
".displaysmileys("comment_message")."
</tr>
<tr>
<td align='center'><input type='checkbox' name='disable_smileys' value='1'>".$locale['c107']."<br><br>
<input type='submit' name='post_comment' value='".$locale['c102']."' class='button'></td>
</tr>
</table>
</form>\n";
} else {
echo $locale['c105']."\n";
}
closetable();
}
?>
O pas save aš naudoju su apsauga nuo spamo, kuris atrodo taip.
<?php
if (!defined("IN_FUSION")) { header("Location:../index.php"); exit; }
include LOCALE.LOCALESET."comments.php";
function showcomments($ctype,$cdb,$ccol,$cid,$clink) {
global $settings,$locale,$userdata,$aidlink;
$error = "";
if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
$flood = false;
if (dbrows(dbquery("SELECT $ccol FROM ".DB_PREFIX."$cdb WHERE $ccol='$cid'"))==0) {
fallback(BASEDIR."index.php");
}
if (iMEMBER) {
$comment_name = $userdata['user_id'];
} elseif ($settings['guestposts'] == "1") {
if ($settings['display_validation'] == "1") {
$user_code = stripinput($_POST['user_code']);
$result = dbquery("SELECT * FROM ".DB_PREFIX."vcode WHERE vcode_1='$user_code'");
if (dbrows($result) == 0) {
$error = "<center>Klaidingas patvirtinimo kodas:</center><br>\n";
} else {
$result = dbquery("DELETE FROM ".DB_PREFIX."vcode WHERE vcode_1='$user_code'");
}
}
$comment_name = trim(stripinput($_POST['comment_name']));
$comment_name = preg_replace("(^[0-9]*)", "", $comment_name);
if (isNum($comment_name)) $comment_name="";
}
$comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
$comment_smileys = isset($_POST['disable_smileys']) ? "0" : "1";
if ($comment_name != "" && $comment_message != "" && $error == "") {
$result = dbquery("SELECT MAX(comment_datestamp) AS last_comment FROM ".DB_PREFIX."comments WHERE comment_ip='".USER_IP."'");
if (!iSUPERADMIN || dbrows($result) > 0) {
$data = dbarray($result);
if ((time() - $data['last_comment']) < $settings['flood_interval']) {
$flood = true;
$result = dbquery("INSERT INTO ".DB_PREFIX."flood_control (flood_ip, flood_timestamp) VALUES ('".USER_IP."', '".time()."')");
if (dbcount("(flood_ip)", "flood_control", "flood_ip='".USER_IP."'") > 4) {
if (iMEMBER) $result = dbquery("UPDATE ".DB_PREFIX."users SET user_status='1' WHERE user_id='".$userdata['user_id']."'");
}
}
}
if (!$flood) $result = dbquery("INSERT INTO ".DB_PREFIX."comments (comment_item_id, comment_type, comment_name, comment_message, comment_smileys, comment_datestamp, comment_ip) VALUES ('$cid', '$ctype', '$comment_name', '$comment_message', '$comment_smileys', '".time()."', '".USER_IP."')");
}
if ($error == "") redirect($clink);
}
tablebreak();
opentable($locale['c100']);
$result = dbquery(
"SELECT tcm.*,user_name FROM ".DB_PREFIX."comments tcm
LEFT JOIN ".DB_PREFIX."users tcu ON tcm.comment_name=tcu.user_id
WHERE comment_item_id='$cid' AND comment_type='$ctype'
ORDER BY comment_datestamp ASC"
);
if (dbrows($result) != 0) {
$i = 0;
echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n";
while ($data = dbarray($result)) {
echo "<tr>\n<td class='".($i% 2==0?"tbl1":"tbl2")."'><span class='comment-name'>\n";
if ($data['user_name']) {
echo "<a href='".BASEDIR."profile.php?lookup=".$data['comment_name']."'>".$data['user_name']."</a>";
} else {
echo $data['comment_name'];
}
if ($data['comment_smileys'] == "1") {
$comment_message = parsesmileys($data['comment_message']);
} else {
$comment_message = $data['comment_message'];
}
$comment_message = nl2br(parseubb($comment_message));
echo "</span>\n<span class='small'>".$locale['041'].showdate("longdate", $data['comment_datestamp'])."</span><br>\n";
echo $comment_message."</td>\n</tr>\n";
$i++;
}
if (checkrights("C")) echo "<tr>\n<td align='right' class='".($i% 2==0?"tbl1":"tbl2")."'><a href='".ADMIN."comments.php".$aidlink."&ctype=$ctype&cid=$cid'>".$locale['c106']."</a></td>\n</tr>\n";
echo "</table>\n";
} else {
echo $locale['c101']."\n";
}
closetable();
tablebreak();
opentable($locale['c102']);
if (iMEMBER || $settings['guestposts'] == "1") {
echo "<form name='inputform' method='post' action='$clink'>
<table align='center' cellspacing='0' cellpadding='0' class='tbl'>\n";
if (iGUEST) {
echo "<tr>
<td>".$locale['c103']."</td>
</tr>
<tr>
<td><input type='text' name='comment_name' maxlength='30' class='textbox' style='width:100%;'></td>
</tr>\n";
if ($settings['display_validation'] == "1") {
srand((double)microtime()*1000000);
$temp_num = md5(rand(0,9999));
$vcode_1 = substr($temp_num, 17, 5);
$vcode_2 = md5($vcode_1);
unset($temp_num);
$result = dbquery("INSERT INTO ".DB_PREFIX."vcode VALUES('".time()."', '$vcode_1', '$vcode_2')");
echo "<tr>\n<td class='tbl'>".$error." Patvirtinimo kodas:\n ";
if ($settings['validation_method'] == "image") {
echo "<img src='register.php?vimage=$vcode_2'>\n";
} else {
echo "<b>$vcode_1</b>\n";
}
unset($vcode_1,$vcode_2);
echo " <br><br><span style='color:#ff0000'>Patvirtinimo kodą įrašome čia --> </span> <input type='text' name='user_code' class='textbox' style='width:100px'></td>
</tr>\n";
}
}
echo "<tr>
<td align='center'><textarea name='comment_message' rows='6' class='textbox' style='width:400px'></textarea><br>
<input type='button' value='b' class='button' style='font-weight:bold;width:25px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='i' class='button' style='font-style:italic;width:25px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='u' class='button' style='text-decoration:underline;width:25px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='url' class='button' style='width:30px;' onClick=\"addText('comment_message', '[url]', '[/url]');\">
<input type='button' value='mail' class='button' style='width:35px;' onClick=\"addText('comment_message', '[mail]', '[/mail]');\">
<input type='button' value='img' class='button' style='width:30px;' onClick=\"addText('comment_message', '[img]', '[/img]');\">
<input type='button' value='center' class='button' style='width:45px;' onClick=\"addText('comment_message', '', ' ');\">
<input type='button' value='small' class='button' style='width:40px;' onClick=\"addText('comment_message', '', '');\">
<input type='button' value='code' class='button' style='width:40px;' onClick=\"addText('comment_message', '', '
');\">
<input type='button' value='quote' class='button' style='width:45px;' onClick=\"addText('comment_message', '', '');\">
<br><br>
".displaysmileys("comment_message")."
</tr>
<tr>
<td align='center'><input type='checkbox' name='disable_smileys' value='1'>".$locale['c107']."<br><br>
<input type='submit' name='post_comment' value='".$locale['c102']."' class='button'></td>
</tr>
</table>
</form>\n";
} else {
echo $locale['c105']."\n";
}
closetable();
}
?>
Klausimas butu toks:
Kaip jos abu suderinti?
Redagavo Tarnautojas· 2007 Bal. 1 17:04:25