Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //form per aggiungere un commento
- if(@$_GET['action'] == 'comment') {
- $code = NULL;
- for ($i = 0; $i < 3; $i++)
- $code .= chr (rand (65,90));
- for ($i = 0; $i < 4; $i++)
- $code .= rand (0,9);
- $_SESSION['captcha'] = $code;
- $hash = md5 (rand (0,9999999));
- $_SESSION['hash'] = $hash;
- print "\n<br />"
- . "\n<form name=\"addcomment\" action=\"viewpost.php?id=".$this->id."&action=send_comment\" method=\"POST\" onSubmit=\"return check();\">"
- . "\n<b>".$lang['name'].":</b><br /><input type=\"text\" name=\"name\" /><br /><br />"
- . "\n<b>".$lang['commit'].":</b><br /><textarea name=\"comment\" cols=\"30\" rows=\"2\"></textarea><br /><br />"
- . "\n<span id=\"captcha\"><img src=\"lib/captcha.php?hash=".$hash."&rnd=".rand(0,9999)."\" /></span> - <a href=\"javascript:reload_captcha('".$hash."');\">Reload Captcha</a><br /><br />"
- . "\n".$lang['add_captcha_code'].":<br />"
- . "\n<input type=\"text\" name=\"captcha\" id=\"captcha\"><br /><br />"
- . "\n<input type=\"submit\" value=\"".$lang['send']."\" />"
- . "\n</form>";
- }elseif(@$_GET['action'] == 'send_comment') {//aggiunta reale del commento
- $key_generate = strtoupper($_SESSION['captcha']);
- $captcha = strtoupper($_POST['captcha']);
- if($captcha != $key_generate)
- die( "<script>alert(\"".$lang['no_match_captcha']."\"); window.location=\"viewpost.php?id=".$this->id."&action=comment\";</script>");
- if(empty($_POST['name']) || empty($_POST['comment'])) //Controllo se i campi sono riempiti oppure no
- die( "<script>alert(\"".$lang['fill_camp']."\");</script>");
- if (strlen($_POST['comment']) > 500)
- die( "<script>alert(\"".$lang['long_comment']."\");</script>");
- $commento = $this->VarProtect( $_POST['comment'] );
- $name = $this->VarProtect( $_POST['name'] );
- $ip = $_SERVER['REMOTE_ADDR'];
- //eseguo query di isnerimento
- $this->sql->sendQuery("INSERT INTO ".__PREFIX__."comments (blog_id, name, comment, ip) VALUES ('".$this->id."', '{$name}', '{$commento}', '{$ip}')");
- header("Location: viewpost.php?id=".$this->id);
- }
- $this->comments = $this->sql->sendQuery("SELECT * FROM ".__PREFIX__."comments WHERE blog_id = '{$id}'");
- //cascata di commenti per il post
- if(mysql_num_rows($this->comments) < 0) {
- echo "\n<br /><br />\n<em>".$lang['no_comment']."</em><br />\n";
- }else{
- while($row = mysql_fetch_array($this->comments)) {
- echo "\n<br /><b>".$lang['name'].":</b>".$row['name']."<br />"
- ."\n<b> ".$lang['commit'].": </b>".$row['comment']."<br /><br />";
- }
- }
- print "\n</div>\n</div>\n";
Add Comment
Please, Sign In to add comment