$COM_CONF['full_path'] = dirname(__FILE__);
include("{$COM_CONF['full_path']}/config.php");
if (! $COM_CONF['dbhost']) {
echo 'It seems that something is not right with your database';
}
require("{$COM_CONF['full_path']}/lang/lang_{$COM_CONF['lang']}.php");
$panel_db_link = mysql_connect($COM_CONF['dbhost'],$COM_CONF['dbuser'],$COM_CONF['dbpassword']);
mysql_select_db($COM_CONF['dbname'], $panel_db_link);
// ----------------------------------------------------------------------------------------------------------------------
//2013-04-26 - SC - call this like a static class
// ----------------------------------------------------------------------------------------------------------------------
//smcom_main();
function smcom_main()
{
if ($_REQUEST['action'] == 'add'){
smcom_add();
}
elseif ($_REQUEST['action'] == 'unsub'){
smcom_unsub();
}
elseif (1) {
smcom_view();
}
}
// ----------------------------------------------------------------------------------------------------------------------
function smcom_check_for_errors() {
global $panel_db_link, $COM_CONF, $COM_LANG;
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$result = mysql_query("SELECT ip FROM {$COM_CONF['dbbannedipstable']} WHERE ip='$ip'", $panel_db_link);
if (mysql_num_rows($result)>0) {
$error_message.=$COM_LANG['not_allowed'] . "
";
}
if ($_REQUEST['child_name'] == '') {
$error_message.="Child Name is required" . "
";
}
if ($_REQUEST['child_age'] == '') {
$error_message.="Child Age is required" . "
";
}
if ($_REQUEST['email'] == '') {
$error_message.="Parent Email is required" . "
";
}
if ($_REQUEST['story_content'] == '') {
$error_message.="Story Content is required" . "
";
}
if ($_REQUEST['email'] != '') {
if (!smcom_is_email($_REQUEST['email'])) {
$error_message.="Invalid parent email address" . "
";
}
}
return $error_message;
}
// ----------------------------------------------------------------------------------------------------------------------
function smcom_flood_protection($INPUT) {
global $panel_db_link, $COM_CONF, $COM_LANG;
// Check for multiple posts from an ip in a timeframe
$result = mysql_query("select time from {$COM_CONF['dbmaintable']} where ip='{$_SERVER['REMOTE_ADDR']}' AND (UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP( time )) < {$COM_CONF['anti_flood_pause']}", $panel_db_link);
if (mysql_num_rows($result)>0) {
$error_message="Possible email flood detected.";
return $error_message;
}
// Check for duplicate emails
//$result = mysql_query("select ID from {$COM_CONF['dbmaintable']} where email='{$INPUT['email']}'", $panel_db_link);
//if (mysql_num_rows($result)>0) {
// $error_message="This email has already been used to sign up.";
// return $error_message;
//}
// Check for Duplicate names
//$result = mysql_query("select ID from {$COM_CONF['dbmaintable']} where first_name='{$INPUT['first_name']}' AND last_name='{$INPUT['last_name']}' AND href='{$INPUT['href']}'", $panel_db_link);
//if (mysql_num_rows($result)>0) {
// $error_message="Flood detected";
// return $error_message;
//}
return "";
}
// ----------------------------------------------------------------------------------------------------------------------
function smcom_add()
{
global $panel_db_link, $COM_CONF, $COM_LANG;
foreach ($_REQUEST as $key => $value) {
$_REQUEST[$key] = str_replace('<', '<', $_REQUEST[$key]);
$_REQUEST[$key] = str_replace('>', '>', $_REQUEST[$key]);
if (get_magic_quotes_gpc()) {
$_REQUEST[$key] = stripslashes($_REQUEST[$key]);
}
$_REQUEST[$key] = mysql_escape_string($_REQUEST[$key]);
}
$error_message = smcom_check_for_errors();
$error_message .= smcom_flood_protection($_REQUEST);
if ($error_message) {
//print $error_message;
//return 0;
return $error_message;
//header("HTTP/1.1 302");
//header("Location: {$COM_CONF['site_url']}{$_REQUEST['href']}?err={$error_message}");
//exit;
} else {
mysql_query("INSERT INTO {$COM_CONF['dbmaintable']} VALUES (NULL, NOW(), '{$_REQUEST['child_name']}', '{$_REQUEST['child_age']}', '{$_REQUEST['parent_email']}', '{$_REQUEST['story_content']}', '{$_SERVER['REMOTE_ADDR']}')", $panel_db_link);
//smcom_notify_users($_REQUEST['href'], $_REQUEST['first_name'], $_REQUEST['last_name'], $_REQUEST['email']);
}
//echo ("add...5
");
//header("HTTP/1.1 302");
//header("Location: {$COM_CONF['site_url']}{$_REQUEST['href']}?sub=true");
//exit;
return "";
}
// ----------------------------------------------------------------------------------------------------------------------
// Not setup correctly yet
function smcom_notify_users($href, $name, $email_from)
{
global $panel_db_link, $COM_CONF, $COM_LANG;
$headers = "From: Comments <{$COM_CONF['email_from']}>\n";
$result=mysql_query("select email from {$COM_CONF['dbmaintable']} where href='$href'", $panel_db_link);
while (list($email, $hash) = mysql_fetch_row($result)) {
if ($email != $email_from) {
$text_of_message="
{$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href
{$COM_LANG['email_from']}: $name
{$COM_LANG['email_to_unsubscribe']}
{$COM_CONF['site_url']}{$COM_CONF['script_url']}?action=unsub&page=$href&id=$hash
";
mail($email, "{$COM_LANG['email_new_comment']} $href",$text_of_message, $headers);
}
}
}
// ----------------------------------------------------------------------------------------------------------------------
// Not setup correctly yet
function smcom_unsub()
{
global $panel_db_link, $COM_CONF, $COM_LANG;
$id=mysql_escape_string($_REQUEST['id']);
$href=mysql_escape_string($_REQUEST['page']);
mysql_query("delete from {$COM_CONF['dbmaintable']} where href='$href' AND hash='$id'", $panel_db_link);
if (mysql_affected_rows() > 0) {
print "{$COM_LANG['unsubscribed']}";
}
else {
print "{$COM_LANG['not_unsubscribed']}";
}
}
// ----------------------------------------------------------------------------------------------------------------------
function smcom_view()
{
global $COM_CONF, $COM_LANG;
//2013-04-26 - SC - no longer use. The form is now a part of the
//parent page so we can seamlessly have a captcha code in the form
// require("{$COM_CONF['full_path']}/templates/{$COM_CONF['template']}.php");
}
// ----------------------------------------------------------------------------------------------------------------------
function smcom_format_date($date)
{
global $COM_LANG;
$year = substr($date, 0, 4);
$month = intval(substr($date, 5, 2)) - 1;
$day = substr($date, 8, 2);
$hour = substr($date, 11, 2);
$min = substr($date, 14, 2);
return "$day {$COM_LANG['months'][$month]} $year, $hour:$min";
}
// ----------------------------------------------------------------------------------------------------------------------
function smcom_is_email($Addr)
{
$p = '/^[a-z0-9!#$%&*+-=?^_`{|}~]+(\.[a-z0-9!#$%&*+-=?^_`{|}~]+)*';
$p.= '@([-a-z0-9]+\.)+([a-z]{2,3}';
$p.= '|info|arpa|aero|coop|name|museum)$/ix';
return preg_match($p, $Addr);
}
?>