Файл: adultscript-2.0.3-pro/files/mobile/templates/default/extend/ajax/comment.plugin.php
Строк: 113
<?php
defined('_VALID') or die('Restricted Access!');
function ajax_plugin_comment()
{
$data = array('status' => 0, 'code' => '', 'msg' => '', 'debug' => '');
if (isset($_POST['video_id']) && isset($_POST['comment'])) {
VLanguage::load('frontend.mobile');
$spam = false;
$time = time();
if (isset($_SESSION['comment_added'])) {
$expire = (int) ($_SESSION['comment_added']+30);
if ($time < $expire) {
$data['msg'] = __('dont-spam');
return json_encode($data);
}
}
$mcfg = VF::cfg('module.mobile');
if (!$mcfg['allow_comment']) {
$data['msg'] = __('comments-disabled');
return json_encode($data);
}
if ($mcfg['allow_comment'] == '1' && !VAuth::loggedin()) {
$data['msg'] = __('comments-login', array('<a href="'.BASE_URL.'/user/login/">', '</a>'));
return json_encode($data);
}
$filter = VF::factory('filter');
$video_id = (int) trim($_POST['video_id']);
$user_id = (VAuth::loggedin()) ? (int) $_SESSION['user_id'] : 0;
$nickname = (isset($_POST['nickname']) && $_POST['nickname'] != '')
? $filter->get('nickname') : 'Anonymous';
$comment = $filter->get('comment');
$comment = str_replace(array("rn", "r"), "n", $comment);
if ($comment == '') {
$data['msg'] = __('comment-empty');
} elseif (strlen($comment) > 500) {
$data['msg'] = __('comment-length');
}
if ($data['msg'] != '') {
return json_encode($data);
}
$db = VF::factory('database');
$db->query("SELECT v.user_id, v.title, v.slug, v.allow_comment, u.username, u.email, un.video_comment
FROM #__video AS v
LEFT JOIN #__user AS u ON (u.user_id = v.user_id)
LEFT JOIN #__user_notifications AS un ON (un.user_id = v.user_id)
WHERE v.video_id = ".$video_id."
LIMIT 1");
if ($db->affected_rows()) {
$video = $db->fetch_assoc();
if ($video['allow_comment'] == '0') {
$data['msg'] = __('comment-allow-no');
return json_encode($data);
}
$add_date = date('Y-m-d h:i:s');
$status = ($mcfg['approve_comments']) ? 0 : 1;
$db->query("INSERT INTO #__video_comments
SET video_id = ".$video_id.",
user_id = ".$user_id.",
ip = ".VServer::ip(true).",
comment = '".$db->escape($comment)."',
nickname = '".$db->escape($nickname)."',
add_date = '".$add_date."',
status = '".$status."'");
$comment_id = $db->get_last_insert_id('#__video_comments');
$db->query("UPDATE #__video
SET total_comments = total_comments+1
WHERE video_id = ".$video_id."
LIMIT 1");
if ($user_id !== 0) {
$db->query("UPDATE #__user_activity
SET total_video_comments = total_video_comments+1
WHERE user_id = ".$user_id."
LIMIT 1");
}
$username = ($user_id !== 0) ? htmlspecialchars($_SESSION['username'], ENT_QUOTES, 'UTF-8') : $nickname;
if ($status === 0) {
$data['msg'] = __('comment-approve');
} else {
$data['msg'] = __('comment-success');
$output = array();
$output[] = '<li id="comment-'.$comment_id.'">';
if ($user_id !== 0) {
$avatar = 'nopic-'.$_SESSION['gender'].'.gif';
if ($_SESSION['avatar'] != '') {
$avatar = $user_id.'.'.$_SESSION['avatar'];
}
$output[] = '<img src="'.USER_URL.'/'.$avatar.'" alt="'.$username.' avatar" />';
} else {
$output[] = '<img src="'.MEDIA_URL.'/users/nopic-hidden.gif" alt="" />';
}
$output[] = '<p>'.nl2br(htmlspecialchars(wordwrap($comment, 500, "n"), ENT_QUOTES, 'UTF-8')).'</p>';
$output[] = '<p class="cfooter">'.__('by').' <strong>'.$username.'</strong> '.__('now').'</p>';
$output[] = '</li>';
$data['code'] = implode("n", $output);
}
$data['status'] = 1;
$_SESSION['comment_added'] = $time;
} else {
$data['msg'] = 'Failed to fetch video data!';
}
} else {
$data['msg'] = 'Invalid ajax request!';
}
return json_encode($data);
}
?>