Файл: adultscript-2.0.3-pro/files/mobile/templates/default/extend/ajax/comment_user.plugin.php
Строк: 109
<?php
defined('_VALID') or die('Restricted Access!');
function ajax_plugin_comment_user()
{
$data = array('status' => 0, 'code' => '', 'msg' => '', 'debug' => '');
if (isset($_POST['user_id']) && isset($_POST['comment'])) {
$spam = false;
$time = time();
if (isset($_SESSION['comment_user_added'])) {
$expire = (int) ($_SESSION['comment_user_added']+30);
if ($time < $expire) {
$data['msg'] = 'Please dont spam!';
return json_encode($data);
}
}
VLanguage::load('profile.profile');
if (!VAuth::loggedin()) {
$data['msg'] = __('comment-login', array('<a href="'.BASE_URL.'/user/login/">'.__('login').'</a>'));
return json_encode($data);
}
$user_id = (int) trim($_POST['user_id']);
$poster_id = (int) $_SESSION['user_id'];
$comment = VF::factory('filter')->get('comment');
$comment = str_replace(array("rn", "r"), "n", $comment);
if ($comment == '') {
$data['msg'] = __('comment-empty');
} elseif (strlen($comment) > 500) {
$data['msg'] = __('comment-length');
}
if ($data['msg'] != '') {
return json_encode($data);
}
$db = VF::factory('database');
$db->query("SELECT up.allow_comments, u.username
FROM #__user_preferences AS up
LEFT JOIN #__user AS u ON (up.user_id = u.user_id)
WHERE up.user_id = ".$user_id."
LIMIT 1");
if ($db->affected_rows()) {
$username = $db->fetch_field('username');
$allow_comments = $db->fetch_field('allow_comments');
if ($allow_comments == 'no') {
$data['msg'] = 'User does not allow comment posting!';
}
if ($allow_comments == 'friends') {
$db->query("SELECT request_id
FROM #__user_friends
WHERE user_id = ".$user_id."
AND friend_id = ".$poster_id."
AND status = 'approved'
LIMIT 1");
if (!$db->affected_rows()) {
$data['msg'] = __('comment-friend', array('<strong>'.$username.'</strong>'));
}
}
if ($data['msg'] != '') {
return json_encode($data);
} else {
$status = ($allow_comments == 'approve') ? 0 : 1;
$add_date = date('Y-m-d h:i:s');
$db->query("INSERT INTO #__user_comments
SET user_id = ".$user_id.",
poster_id = ".$poster_id.",
ip = ".VServer::ip(true).",
comment = '".$db->escape($comment)."',
add_date = '".$add_date."',
status = '".$status."'");
if ($db->affected_rows()) {
$comment_id = $db->get_last_insert_id('#__user_comments');
if ($status === 0) {
$data['msg'] = __('comment-approve');
} else {
$username = htmlspecialchars($_SESSION['username'], ENT_QUOTES, 'UTF-8');
$avatar = 'nopic-'.$_SESSION['gender'].'.gif';
if ($_SESSION['avatar'] != '') {
$avatar = $poster_id.'.'.$_SESSION['avatar'];
}
$code = array();
$code[] = '<li id="comment-'.$comment_id.'">';
$code[] = '<img src="'.MEDIA_URL.'/users/'.$avatar.'" width="70" alt="'.$username.' avatar" />';
$code[] = '<p class="comment">'.nl2br($comment).'</p>';
$code[] = '<p class="cfooter">By <strong>'.$username.'</strong> '.__('now').'</p>';
$code[] = '<p>';
$code[] = '<button id="comment-report-'.$comment_id.'" data-role="none" class="btnsmall">'.__('spam').'</button>';
$code[] = '<button id="comment-delete-'.$comment_id.'" data-role="none" class="btnsmall">'.__('delete').'</button>';
$code[] = '</p></li>';
$data['msg'] = __('comment-success');
$data['code'] = implode("n", $code);
}
$data['status'] = 1;
} else {
$data['msg'] = 'Application error!? Failed to add comment!';
}
}
} else {
$data['msg'] = 'Invalid user! Are you sure this user exists!?';
}
} else {
$data['msg'] = 'Invalid ajax request!';
}
return json_encode($data);
}
?>