0) { $error_message.=$COM_LANG['not_allowed'] . "
"; } if ($_REQUEST['first_name'] == '') { $error_message.=$COM_LANG['err_fname'] . "
"; } if ($_REQUEST['last_name'] == '') { $error_message.=$COM_LANG['err_lname'] . "
"; } if ($_REQUEST['email'] == '') { $error_message.=$COM_LANG['err_email'] . "
"; } if ($_REQUEST['email'] != '') { if (!smcom_is_email($_REQUEST['email'])) { $error_message.="Invalid email address" . "
"; } } return $error_message; } // ---------------------------------------------------------------------------------------------------------------------- function smcom_flood_protection($INPUT) { global $panel_db_link, $COM_CONF, $COM_LANG; // Check for multiple posts from an ip in a timeframe $result = mysql_query("select time from {$COM_CONF['dbmaintable']} where ip='{$_SERVER['REMOTE_ADDR']}' AND (UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP( time )) < {$COM_CONF['anti_flood_pause']}", $panel_db_link); if (mysql_num_rows($result)>0) { $error_message="Possible email flood detected."; return $error_message; } // Check for duplicate emails $result = mysql_query("select ID from {$COM_CONF['dbmaintable']} where email='{$INPUT['email']}'", $panel_db_link); if (mysql_num_rows($result)>0) { $error_message="This email has already been used to sign up."; return $error_message; } // Check for Duplicate names //$result = mysql_query("select ID from {$COM_CONF['dbmaintable']} where first_name='{$INPUT['first_name']}' AND last_name='{$INPUT['last_name']}' AND href='{$INPUT['href']}'", $panel_db_link); //if (mysql_num_rows($result)>0) { // $error_message="Flood detected"; // return $error_message; //} return ""; } // ---------------------------------------------------------------------------------------------------------------------- function smcom_add() { global $panel_db_link, $COM_CONF, $COM_LANG; /* foreach ($_REQUEST as $key => $value) { $_REQUEST[$key] = str_replace('<', '<', $_REQUEST[$key]); $_REQUEST[$key] = str_replace('>', '>', $_REQUEST[$key]); if (get_magic_quotes_gpc()) { $_REQUEST[$key] = stripslashes($_REQUEST[$key]); } $_REQUEST[$key] = mysql_escape_string($_REQUEST[$key]); } $error_message = smcom_check_for_errors(); $error_message .= smcom_flood_protection($_REQUEST); */ if ($error_message) { //print $error_message; //return 0; return $error_message; //header("HTTP/1.1 302"); //header("Location: {$COM_CONF['site_url']}{$_REQUEST['href']}?err={$error_message}"); //exit; } else { mysql_query("INSERT INTO {$COM_CONF['dbmaintable']} VALUES (NULL, NOW(), '{$_REQUEST['first_name']}', '{$_REQUEST['last_name']}', '{$_REQUEST['email']}', '{$_SERVER['REMOTE_ADDR']}')", $panel_db_link); //smcom_notify_users($_REQUEST['href'], $_REQUEST['first_name'], $_REQUEST['last_name'], $_REQUEST['email']); } //echo ("INSERT INTO {$COM_CONF['dbmaintable']} VALUES (NULL, NOW(), '{$_REQUEST['first_name']}', '{$_REQUEST['last_name']}', '{$_REQUEST['email']}', '{$_SERVER['REMOTE_ADDR']}')"."
"); //echo ("add...5
"); //header("HTTP/1.1 302"); //header("Location: {$COM_CONF['site_url']}{$_REQUEST['href']}?sub=true"); //exit; return ""; } // ---------------------------------------------------------------------------------------------------------------------- // Not setup correctly yet function smcom_notify_users($href, $name, $email_from) { global $panel_db_link, $COM_CONF, $COM_LANG; $headers = "From: Comments <{$COM_CONF['email_from']}>\n"; $result=mysql_query("select email from {$COM_CONF['dbmaintable']} where href='$href'", $panel_db_link); while (list($email, $hash) = mysql_fetch_row($result)) { if ($email != $email_from) { $text_of_message=" {$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href {$COM_LANG['email_from']}: $name {$COM_LANG['email_to_unsubscribe']} {$COM_CONF['site_url']}{$COM_CONF['script_url']}?action=unsub&page=$href&id=$hash "; mail($email, "{$COM_LANG['email_new_comment']} $href",$text_of_message, $headers); } } } // ---------------------------------------------------------------------------------------------------------------------- // Not setup correctly yet function smcom_unsub() { global $panel_db_link, $COM_CONF, $COM_LANG; $id=mysql_escape_string($_REQUEST['id']); $href=mysql_escape_string($_REQUEST['page']); mysql_query("delete from {$COM_CONF['dbmaintable']} where href='$href' AND hash='$id'", $panel_db_link); if (mysql_affected_rows() > 0) { print "{$COM_LANG['unsubscribed']}"; } else { print "{$COM_LANG['not_unsubscribed']}"; } } // ---------------------------------------------------------------------------------------------------------------------- function smcom_view() { global $COM_CONF, $COM_LANG; //2013-04-26 - SC - no longer use. The form is now a part of the //parent page so we can seamlessly have a captcha code in the form // require("{$COM_CONF['full_path']}/templates/{$COM_CONF['template']}.php"); } // ---------------------------------------------------------------------------------------------------------------------- function smcom_format_date($date) { global $COM_LANG; $year = substr($date, 0, 4); $month = intval(substr($date, 5, 2)) - 1; $day = substr($date, 8, 2); $hour = substr($date, 11, 2); $min = substr($date, 14, 2); return "$day {$COM_LANG['months'][$month]} $year, $hour:$min"; } // ---------------------------------------------------------------------------------------------------------------------- function smcom_is_email($Addr) { $p = '/^[a-z0-9!#$%&*+-=?^_`{|}~]+(\.[a-z0-9!#$%&*+-=?^_`{|}~]+)*'; $p.= '@([-a-z0-9]+\.)+([a-z]{2,3}'; $p.= '|info|arpa|aero|coop|name|museum)$/ix'; return preg_match($p, $Addr); } ?>