1|<?php
2|/**************************************************************************
3| * *
4| * 4images - A Web Based Image Gallery Management System *
5| * ---------------------------------------------------------------- *
6| * *
7| * File: details.php *
8| * Copyright: (C) 2002 Jan Sorgalla *
9| * Email: jan@4homepages.de *
10| * Web: http://www.4homepages.de *
11| * Scriptversion: 1.7.1 *
12| * *
13| * Never released without support from: Nicky (http://www.nicky.net) *
14| * *
15| **************************************************************************
16| * *
17| * Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
18| * bedingungen (Lizenz.txt) für weitere Informationen. *
19| * --------------------------------------------------------------- *
20| * This script is NOT freeware! Please read the Copyright Notice *
21| * (Licence.txt) for further information. *
22| * *
23| *************************************************************************/
24|
25|$main_template = 'details';
26|
27|define('GET_CACHES', 1);
28|define('ROOT_PATH', './');
29|include(ROOT_PATH.'global.php');
30|require(ROOT_PATH.'includes/sessions.php');
31|$user_access = get_permission();
32|include(ROOT_PATH.'includes/page_header.php');
33|
34|if (!$image_id) {
35| redirector($site_sess->url($url, "&"));
36| exit;
37|}
38|
39|$additional_sql = "";
40|if (!empty($additional_image_fields)) {
41| foreach ($additional_image_fields as $key => $val) {
42| $additional_sql .= ", i.".$key;
43| }
44|}
45|
46|$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email")."
47| FROM ".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c
48| LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
49| WHERE i.image_id = $image_id AND c.cat_id = i.cat_id";
50|$image_row = $site_db->query_firstrow($sql);
51|$cat_id = (isset($image_row['cat_id'])) ? $image_row['cat_id'] : 0;
52|$is_image_owner = ($image_row['user_id'] > USER_AWAITING && $user_info['user_id'] == $image_row['user_id']) ? 1 : 0;
53|
54|if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !$image_row) {
55| redirector($site_sess->url($url, "&"));
56| exit;
57|}
58|
59|$random_cat_image = (defined("SHOW_RANDOM_IMAGE") && SHOW_RANDOM_IMAGE == 0) ? "" : get_random_image($cat_id);
60|$site_template->register_vars("random_cat_image", $random_cat_image);
61|unset($random_cat_image);
62|
63|//-----------------------------------------------------
64|//--- Show Image --------------------------------------
65|//-----------------------------------------------------
66|$image_allow_comments = (check_permission("auth_readcomment", $cat_id)) ? $image_row['image_allow_comments'] : 0;
67|$image_name = htmlspecialchars($image_row['image_name']);
68|show_image($image_row, $mode, 0, 1);
69|
70|$in_mode = 0;
71|
72|$sql = "";
73|if ($mode == "lightbox") {
74| if (!empty($user_info['lightbox_image_ids'])) {
75| $image_id_sql = str_replace(" ", ", ", trim($user_info['lightbox_image_ids']));
76| $sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
77| FROM ".IMAGES_TABLE."
78| WHERE image_active = 1 AND image_id IN ($image_id_sql) AND (cat_id NOT IN (".get_auth_cat_sql("auth_viewimage", "NOTIN").") AND cat_id NOT IN (".get_auth_cat_sql("auth_viewcat", "NOTIN")."))
79| ORDER BY ".$config['image_order']." ".$config['image_sort'];
80| $in_mode = 1;
81| }
82|}
83|elseif ($mode == "search") {
84| if (!isset($session_info['searchid']) || empty($session_info['searchid'])) {
85| $session_info['search_id'] = $site_sess->get_session_var("search_id");
86| }
87|
88| if (!empty($session_info['search_id'])) {
89| $search_id = unserialize($session_info['search_id']);
90| }
91|
92| $sql_where_query = "";
93|
94| if (!empty($search_id['image_ids'])) {
95| $sql_where_query .= "AND image_id IN (".$search_id['image_ids'].") ";
96| }
97|
98| if (!empty($search_id['user_ids'])) {
99| $sql_where_query .= "AND user_id IN (".$search_id['user_ids'].") ";
100| }
101|
102| if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
103| $new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff'];
104| $sql_where_query .= "AND image_date >= $new_cutoff ";
105| }
106|
107| if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) {
108| $cat_id_sql = 0;
109| $sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
110| if (check_permission("auth_viewcat", $search_id['search_cat'])) {
111| $cat_id_sql .= ", ".$search_id['search_cat'];
112| if (!empty($sub_cat_ids[$search_id['search_cat']])) {
113| foreach ($sub_cat_ids[$search_id['search_cat']] as $val) {
114| if (check_permission("auth_viewcat", $val)) {
115| $cat_id_sql .= ", ".$val;
116| }
117| }
118| }
119| }
120| }
121| else {
122| $cat_id_sql = get_auth_cat_sql("auth_viewcat");
123| }
124|
125| if (!empty($sql_where_query)) {
126| $sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
127| FROM ".IMAGES_TABLE."
128| WHERE image_active = 1
129| $sql_where_query
130| AND cat_id IN ($cat_id_sql)
131| ORDER BY ".$config['image_order']." ".$config['image_sort'];
132| $in_mode = 1;
133| }
134|}
135|if (!$in_mode || empty($sql)) {
136| $sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
137| FROM ".IMAGES_TABLE."
138| WHERE image_active = 1 AND cat_id = $cat_id
139| ORDER BY ".$config['image_order']." ".$config['image_sort'];
140|}
141|$result = $site_db->query($sql);
142|
143|$image_id_cache = array();
144|$next_prev_cache = array();
145|$break = 0;
146|$prev_id = 0;
147|while($row = $site_db->fetch_array($result)) {
148| $image_id_cache[] = $row['image_id'];
149| $next_prev_cache[$row['image_id']] = $row;
150| if ($break) {
151| break;
152| }
153| if ($prev_id == $image_id) {
154| $break = 1;
155| }
156| $prev_id = $row['image_id'];
157|}
158|$site_db->free_result();
159|
160|if (!function_exists("array_search")) {
161| function array_search($needle, $haystack) {
162| $match = false;
163| foreach ($haystack as $key => $value) {
164| if ($value == $needle) {
165| $match = $key;
166| }
167| }
168| return $match;
169| }
170|}
171|
172|$act_key = array_search($image_id, $image_id_cache);
173|$next_image_id = (isset($image_id_cache[$act_key + 1])) ? $image_id_cache[$act_key + 1] : 0;
174|$prev_image_id = (isset($image_id_cache[$act_key - 1])) ? $image_id_cache[$act_key - 1] : 0;
175|unset($image_id_cache);
176|
177|// Get next and previous image
178|if (!empty($next_prev_cache[$next_image_id])) {
179| $next_image_name = htmlspecialchars($next_prev_cache[$next_image_id]['image_name']);
180| $next_image_url = $site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$next_image_id.((!empty($mode)) ? "&mode=".$mode : ""));
181| if (!get_file_path($next_prev_cache[$next_image_id]['image_media_file'], "media", $next_prev_cache[$next_image_id]['cat_id'], 0, 0)) {
182| $next_image_file = ICON_PATH."/404.gif";
183| }
184| else {
185| $next_image_file = get_file_path($next_prev_cache[$next_image_id]['image_media_file'], "media", $next_prev_cache[$next_image_id]['cat_id'], 0, 1);
186| }
187| if (!get_file_path($next_prev_cache[$next_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$next_image_id]['cat_id'], 0, 0)) {
188| $next_thumb_file = ICON_PATH."/".get_file_extension($next_prev_cache[$next_image_id]['image_media_file']).".gif";
189| }
190| else {
191| $next_thumb_file = get_file_path($next_prev_cache[$next_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$next_image_id]['cat_id'], 0, 1);
192| }
193|}
194|else {
195| $next_image_name = REPLACE_EMPTY;
196| $next_image_url = REPLACE_EMPTY;
197| $next_image_file = REPLACE_EMPTY;
198| $next_thumb_file = REPLACE_EMPTY;
199|}
200|
201|if (!empty($next_prev_cache[$prev_image_id])) {
202| $prev_image_name = htmlspecialchars($next_prev_cache[$prev_image_id]['image_name']);
203| $prev_image_url = $site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$prev_image_id.((!empty($mode)) ? "&mode=".$mode : ""));
204| if (!get_file_path($next_prev_cache[$prev_image_id]['image_media_file'], "media", $next_prev_cache[$prev_image_id]['cat_id'], 0, 0)) {
205| $prev_image_file = ICON_PATH."/404.gif";
206| }
207| else {
208| $prev_image_file = get_file_path($next_prev_cache[$prev_image_id]['image_media_file'], "media", $next_prev_cache[$prev_image_id]['cat_id'], 0, 1);
209| }
210| if (!get_file_path($next_prev_cache[$prev_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$prev_image_id]['cat_id'], 0, 0)) {
211| $prev_thumb_file = ICON_PATH."/".get_file_extension($next_prev_cache[$prev_image_id]['image_media_file']).".gif";
212| }
213| else {
214| $prev_thumb_file = get_file_path($next_prev_cache[$prev_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$prev_image_id]['cat_id'], 0, 1);
215| }
216|}
217|else {
218| $prev_image_name = REPLACE_EMPTY;
219| $prev_image_url = REPLACE_EMPTY;
220| $prev_image_file = REPLACE_EMPTY;
221| $prev_thumb_file = REPLACE_EMPTY;
222|}
223|
224|$site_template->register_vars(array(
225| "next_image_id" => $next_image_id,
226| "next_image_name" => $next_image_name,
227| "next_image_url" => $next_image_url,
228| "next_image_file" => $next_image_file,
229| "next_thumb_file" => $next_thumb_file,
230| "prev_image_id" => $prev_image_id,
231| "prev_image_name" => $prev_image_name,
232| "prev_image_url" => $prev_image_url,
233| "prev_image_file" => $prev_image_file,
234| "prev_thumb_file" => $prev_thumb_file
235|));
236|unset($next_prev_cache);
237|
238|//-----------------------------------------------------
239|//--- Save Comment ------------------------------------
240|//-----------------------------------------------------
241|$error = 0;
242|if ($action == "postcomment" && isset($HTTP_POST_VARS[URL_ID])) {
243| $id = intval($HTTP_POST_VARS[URL_ID]);
244| $sql = "SELECT cat_id, image_allow_comments
245| FROM ".IMAGES_TABLE."
246| WHERE image_id = $id";
247| $row = $site_db->query_firstrow($sql);
248|
249| if ($row['image_allow_comments'] == 0 || !check_permission("auth_postcomment", $row['cat_id']) || !$row) {
250| $msg = $lang['comments_deactivated'];
251| }
252| else {
253| $user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['user_name']));
254| $comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
255| $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
256|
257| // Flood Check
258| $sql = "SELECT comment_ip, comment_date
259| FROM ".COMMENTS_TABLE."
260| WHERE image_id = $id
261| ORDER BY comment_date DESC
262| LIMIT 1";
263| $spam_row = $site_db->query_firstrow($sql);
264| $spamtime = $spam_row['comment_date'] + 180;
265|
266| if ($session_info['session_ip'] == $spam_row['comment_ip'] && time() <= $spamtime && $user_info['user_level'] != ADMIN) {
267| $msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
268| $error = 1;
269| }
270|
271| // check for hashcash here
272| hashcash_check_hidden_tag($comment_headline."
".$comment_text);
273|
274| $user_name_field = get_user_table_field("", "user_name");
275| if (!empty($user_name_field)) {
276| if ($site_db->not_empty("SELECT $user_name_field FROM ".USERS_TABLE." WHERE $user_name_field = '".strtolower($user_name)."' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
277| $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
278| $error = 1;
279| }
280| }
281| if ($user_name == "") {
282| $msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
283| $error = 1;
284| }
285| if ($comment_headline == "") {
286| $msg .= (($msg != "") ? "<br />" : "").$lang['headline_required'];
287| $error = 1;
288| }
289| if ($comment_text == "") {
290| $msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
291| $error = 1;
292| }
293|
294| if (!$error) {
295| $sql = "INSERT INTO ".COMMENTS_TABLE."
296| (image_id, user_id, user_name, comment_headline, comment_text, comment_ip, comment_date)
297| VALUES
298| ($id, ".$user_info['user_id'].", '$user_name', '$comment_headline', '$comment_text', '".$session_info['session_ip']."', ".time().")";
299| $site_db->query($sql);
300| $commentid = $site_db->get_insert_id();
301| update_comment_count($id, $user_info['user_id']);
302| }
303| }
304| unset($row);
305| unset($spam_row);
306|}
307|
308|//-----------------------------------------------------
309|//--- Show Comments -----------------------------------
310|//-----------------------------------------------------
311|if ($image_allow_comments == 1) {
312| $sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date".get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email").get_user_table_field(", u.", "user_showemail").get_user_table_field(", u.", "user_invisible").get_user_table_field(", u.", "user_joindate").get_user_table_field(", u.", "user_lastaction").get_user_table_field(", u.", "user_comments").get_user_table_field(", u.", "user_homepage").get_user_table_field(", u.", "user_icq")."
313| FROM ".COMMENTS_TABLE." c
314| LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
315| WHERE c.image_id = $image_id
316| ORDER BY c.comment_date ASC";
317| $result = $site_db->query($sql);
318|
319| $comment_row = array();
320| while ($row = $site_db->fetch_array($result)) {
321| $comment_row[] = $row;
322| }
323| $site_db->free_result($result);
324| $num_comments = sizeof($comment_row);
325|
326| if (!$num_comments) {
327| $comments = "<tr><td class=\"commentrow1\" colspan=\"2\">".$lang['no_comments']."</td></tr>";
328| }
329| else {
330| $comments = "";
331| $bgcounter = 0;
332| for ($i = 0; $i < $num_comments; $i++) {
333| $row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
334|
335| $comment_user_email = "";
336| $comment_user_email_save = "";
337| $comment_user_mailform_link = "";
338| $comment_user_email_button = "";
339| $comment_user_homepage_button = "";
340| $comment_user_icq_button = "";
341| $comment_user_profile_button = "";
342| $comment_user_status_img = REPLACE_EMPTY;
343| $comment_user_name = htmlspecialchars($comment_row[$i]['comment_user_name']);
344| $comment_user_info = $lang['userlevel_guest'];
345|
346| $comment_user_id = $comment_row[$i]['user_id'];
347|
348| if (isset($comment_row[$i][$user_table_fields['user_name']]) && $comment_user_id != GUEST) {
349| $comment_user_name = htmlspecialchars($comment_row[$i][$user_table_fields['user_name']]);
350|
351| $comment_user_profile_link = !empty($url_show_profile) ? $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_show_profile)) : $site_sess->url(ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$comment_user_id);
352| $comment_user_profile_button = "<a href=\"".$comment_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$comment_user_name."\" /></a>";
353|
354| $comment_user_status_img = ($comment_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($comment_row[$i][$user_table_fields['user_invisible']]) && $comment_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";
355|
356| $comment_user_homepage = (isset($comment_row[$i][$user_table_fields['user_homepage']])) ? format_url($comment_row[$i][$user_table_fields['user_homepage']]) : "";
357| if (!empty($comment_user_homepage)) {
358| $comment_user_homepage_button = "<a href=\"".$comment_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$comment_user_homepage."\" /></a>";
359| }
360|
361| $comment_user_icq = (isset($comment_row[$i][$user_table_fields['user_icq']])) ? $comment_row[$i][$user_table_fields['user_icq']] : "";
362| if (!empty($comment_user_icq)) {
363| $comment_user_icq_button = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=".$comment_user_icq."\" target=\"_blank\"><img src=\"http://web.icq.com/whitepages/online?icq=".$comment_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$comment_user_icq."\" /></a>";
364| }
365|
366| if (!empty($comment_row[$i][$user_table_fields['user_email']]) && (!isset($comment_row[$i][$user_table_fields['user_showemail']]) || (isset($comment_row[$i][$user_table_fields['user_showemail']]) && $comment_row[$i][$user_table_fields['user_showemail']] == 1))) {
367| $comment_user_email = $comment_row[$i][$user_table_fields['user_email']];
368| $comment_user_email_save = str_replace("@", " at ", $comment_row[$i][$user_table_fields['user_email']]);
369| if (!empty($url_mailform)) {
370| $comment_user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_mailform));
371| }
372| else {
373| $comment_user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$comment_user_id);
374| }
375| $comment_user_email_button = "<a href=\"".$comment_user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$comment_user_email_save."\" /></a>";
376| }
377|
378| if (!isset($comment_row[$i][$user_table_fields['user_level']]) || (isset($comment_row[$i][$user_table_fields['user_level']]) && $comment_row[$i][$user_table_fields['user_level']] == USER)) {
379| $comment_user_info = $lang['userlevel_user'];
380| }
381| elseif ($comment_row[$i][$user_table_fields['user_level']] == ADMIN) {
382| $comment_user_info = $lang['userlevel_admin'];
383| }
384|
385| $comment_user_info .= "<br />";
386| $comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_joindate']])) ? "<br />".$lang['join_date']." ".format_date($config['date_format'], $comment_row[$i][$user_table_fields['user_joindate']]) : "";
387| $comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_comments']])) ? "<br />".$lang['comments']." ".$comment_row[$i][$user_table_fields['user_comments']] : "";
388| }
389|
390| $comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
391|
392| $admin_links = "";
393| if ($user_info['user_level'] == ADMIN) {
394| $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a> ";
395| $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
396| }
397| elseif ($is_image_owner) {
398| $admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a> ";
399| $admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
400| }
401|
402| $site_template->register_vars(array(
403| "comment_id" => $comment_row[$i]['comment_id'],
404| "comment_user_id" => $comment_user_id,
405| "comment_user_status_img" => $comment_user_status_img,
406| "comment_user_name" => $comment_user_name,
407| "comment_user_info" => $comment_user_info,
408| "comment_user_profile_button" => $comment_user_profile_button,
409| "comment_user_email" => $comment_user_email,
410| "comment_user_email_save" => $comment_user_email_save,
411| "comment_user_mailform_link" => $comment_user_mailform_link,
412| "comment_user_email_button" => $comment_user_email_button,
413| "comment_user_homepage_button" => $comment_user_homepage_button,
414| "comment_user_icq_button" => $comment_user_icq_button,
415| "comment_user_ip" => $comment_user_ip,
416| "comment_headline" => format_text($comment_row[$i]['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
417| "comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
418| "comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
419| "row_bg_number" => $row_bg_number,
420| "admin_links" => $admin_links
421| ));
422| $comments .= $site_template->parse_template("comment_bit");
423| } // end while
424| } //end else
425| $site_template->register_vars("comments", $comments);
426| unset($comments);
427|
428| //-----------------------------------------------------
429| //--- BBCode & Form -----------------------------------
430| //-----------------------------------------------------
431| $allow_posting = check_permission("auth_postcomment", $cat_id);
432| $bbcode = "";
433| if ($config['bb_comments'] == 1 && $allow_posting) {
434| $site_template->register_vars(array(
435| "lang_bbcode" => $lang['bbcode'],
436| "lang_tag_prompt" => $lang['tag_prompt'],
437| "lang_link_text_prompt" => $lang['link_text_prompt'],
438| "lang_link_url_prompt" => $lang['link_url_prompt'],
439| "lang_link_email_prompt" => $lang['link_email_prompt'],
440| "lang_list_type_prompt" => $lang['list_type_prompt'],
441| "lang_list_item_prompt" => $lang['list_item_prompt']
442| ));
443| $bbcode = $site_template->parse_template("bbcode");
444| }
445|
446| if (!$allow_posting) {
447| $comment_form = "";
448| }
449| else {
450| $user_name = (isset($HTTP_POST_VARS['user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
451| $comment_headline = (isset($HTTP_POST_VARS['comment_headline']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']))) : "";
452| $comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_text']))) : "";
453|
454| $site_template->register_vars(array(
455| "bbcode" => $bbcode,
456| "user_name" => $user_name,
457| "comment_headline" => $comment_headline,
458| "comment_text" => $comment_text,
459| "lang_post_comment" => $lang['post_comment'],
460| "lang_name" => $lang['name'],
461| "lang_headline" => $lang['headline'],
462| "lang_comment" => $lang['comment']
463| ));
464| $comment_form = $site_template->parse_template("comment_form");
465|
466| // search $comment_form for stuff to insert hashcash to catch comment spam in here
467| // parse the $comment_form to insert the hashcash stuff
468|
469| $comment_form=hashcash_add_hidden_tag($comment_form);
470|
471| }
472| $site_template->register_vars("comment_form", $comment_form);
473| unset($comment_form);
474|} // end if allow_comments
475|
476|// Admin Links
477|$admin_links = "";
478|if ($user_info['user_level'] == ADMIN) {
479| $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=editimage&image_id=".$image_id))."\" target=\"_blank\">".$lang['edit']."</a> ";
480| $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=removeimage&image_id=".$image_id))."\" target=\"_blank\">".$lang['delete']."</a>";
481|}
482|elseif ($is_image_owner) {
483| $admin_links .= ($config['user_edit_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editimage&".URL_IMAGE_ID."=".$image_id)."\">".$lang['edit']."</a> ";
484| $admin_links .= ($config['user_delete_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removeimage&".URL_IMAGE_ID."=".$image_id)."\">".$lang['delete']."</a>";
485|}
486|$site_template->register_vars("admin_links", $admin_links);
487|
488|// Update Hits
489|if ($user_info['user_level'] != ADMIN) {
490| $sql = "UPDATE ".IMAGES_TABLE."
491| SET image_hits = image_hits + 1
492| WHERE image_id = $image_id";
493| $site_db->query($sql);
494|}
495|
496|//-----------------------------------------------------
497|//---Clickstream---------------------------------------
498|//-----------------------------------------------------
499|$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'];
500|
501|if ($mode == "lightbox" && $in_mode) {
502| $page_url = "";
503| if (preg_match("/".URL_PAGE."=([0-9]+)/", $url, $regs)) {
504| if (!empty($regs[1]) && $regs[1] != 1) {
505| $page_url = "?".URL_PAGE."=".$regs[1];
506| }
507| }
508| $clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."lightbox.php".$page_url)."\" class=\"clickstream\">".$lang['lightbox']."</a>".$config['category_separator'];
509|}
510|elseif ($mode == "search" && $in_mode) {
511| $page_url = "";
512| if (preg_match("/".URL_PAGE."=([0-9]+)/", $url, $regs)) {
513| if (!empty($regs[1]) && $regs[1] != 1) {
514| $page_url = "&".URL_PAGE."=".$regs[1];
515| }
516| }
517| $clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."search.php?show_result=1".$page_url)."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'];
518|}
519|else {
520| $clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
521|}
522|$clickstream .= $image_name."</span>";
523|
524|//-----------------------------------------------------
525|//--- Print Out ---------------------------------------
526|//-----------------------------------------------------
527|$site_template->register_vars(array(
528| "msg" => $msg,
529| "clickstream" => $clickstream,
530| "lang_category" => $lang['category'],
531| "lang_added_by" => $lang['added_by'],
532| "lang_description" => $lang['description'],
533| "lang_keywords" => $lang['keywords'],
534| "lang_date" => $lang['date'],
535| "lang_hits" => $lang['hits'],
536| "lang_downloads" => $lang['downloads'],
537| "lang_rating" => $lang['rating'],
538| "lang_votes" => $lang['votes'],
539| "lang_author" => $lang['author'],
540| "lang_comment" => $lang['comment'],
541| "lang_prev_image" => $lang['prev_image'],
542| "lang_next_image" => $lang['next_image'],
543| "lang_file_size" => $lang['file_size']
544|));
545|
546|$site_template->print_template($site_template->parse_template($main_template));
547|include(ROOT_PATH.'includes/page_footer.php');
548|
549|
550|// create hash cash stuff by Toby
551|/*
552|Plugin Name: 4images Hashcash, based on a WordPress plugin
553|Plugin URI: http://dev.wp-plugins.org/wiki/wp-hashcash
554|Description: Comment submitters compute a special code using javascript before their comment is submitted. Very effective at blocking spambots and not noticable for commenters. XHTML 1.1 compliant.
555|Author: Toby Simmons, Matt Mullenweg, Elliott Back
556|Author URI: http://www.simmonsconsulting.com, http://photomatt.net/, http://elliottback.com
557|Version: 1.7
558|Hat tips: C.S. - http://www.cimmanon.org/
559| Gene Shepherd - http://www.imporium.org/
560| John F. - http://www.stonegauge.com/
561| Magenson - http://blog.magenson.de/
562| Matt Mullenweg - http://photomatt.net/
563| Matt Warden - http://www.mattwarden.com/
564| Paul Andrew Johnston - http://pajhome.org.uk/crypt/md5/
565|*/
566|
567|define('HASHCASH_DEBUG', true);
568|define('HASHCASH_LOG_SIZE', 64000);
569|
570|/* Generate a random string of length l */
571|function hashcash_random_string($l) {
572| srand((double) microtime() * 1000000);
573|
574| $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
575| $chars = preg_split('//', $alphabet, -1, PREG_SPLIT_NO_EMPTY);
576| $len = count($chars) - 1;
577|
578| $str = '';
579| while(strlen($str) < $l){
580| $str .= $chars[rand(0, $len)];
581| }
582|
583| return $str;
584|}
585|
586|/* Use sessions if session is started / supported */
587|function hashcash_special_code(){
588| $key = $session_info['session_ip'];
589|
590| if(!$key){
591| $key = $_SERVER['REMOTE_ADDR'];
592| }
593|
594| return md5($key . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
595|}
596|
597|function hashcash_field_value(){
598|// global $posts;
599|// return $posts[0]->ID * strlen(ABSPATH);
600| global $image_id;
601|
602| return $image_id * strlen(ABSPATH);
603|
604|}
605|
606|/* This adds a random hidden field to the form */
607|function hashcash_add_hidden_tag($page) {
608|
609| $field_id = hashcash_random_string(rand(6,18));
610| $field_name = hashcash_random_string(rand(6,18));
611| $form_action = hashcash_random_string(rand(6,18));
612|
613| // Write in hidden field
614| $page = str_replace('<input type="hidden" name="id"', '<input type="hidden" id="' . $field_id . '" name="' . $field_name . '" value="' . hashcash_field_value() . '" /> <input type="hidden" name="id"', $page);
615|
616| // The form action
617| $page = str_replace('<form', '<form onsubmit="' . $form_action . '(\'' . hashcash_special_code() . '\');" ', $page);
618|
619| // The jscript
620| $page = str_replace('<form', '<script src="' . './md5.js" type="text/javascript"></script><script type="text/javascript"> function ' . $form_action . '(in_str){ eElement = document.getElementById("' . $field_id . '"); if(!eElement){ return false; } else{ eElement.name = hex_md5(in_str); return true; } }</script><form', $page);
621|
622| return $page;
623|}
624|
625|function write_comment_log($comment){
626|
627|
628| /* Information to write to log */
629| $user = array();
630| $user[] = "Tech date: ".date("Y-m-d H:i:s");
631| $user[] = "Date: ".date("F j, Y, g:i a");
632| $user[] = "Remote Address: ".$_SERVER['REMOTE_ADDR'];
633| $user[] = "Remote DNS: ".gethostbyaddr($_SERVER['REMOTE_ADDR']);
634| $user[] = "User agent: ".$_SERVER['HTTP_USER_AGENT'];
635| $user[] = "Referrer: ".$_SERVER['HTTP_REFERER'];
636| $user[] = "Author: ".$_POST['author'];
637| $user[] = "E-mail: ".$_POST['email'];
638| $user[] = "URL: ".$_POST['url'];
639| $user[] = "Comment:
----------
".$comment."
----------";
640| $user[] = "Image ID: ".$_POST['id']."
==========
";
641|
642| $lines = join($user, "
");
643|
644| $fp = fopen("spamlog.txt", "a");
645| fwrite($fp, $lines);
646| fclose($fp);
647|
648| echo "<pre>".$lines."</pre>";
649|
650|}
651|
652|function hashcash_check_hidden_tag($comment) {
653| // Our special codes, fixed to check the previous hour
654| $special = array();
655| $special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
656| $special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));
657| $special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
658| $special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));
659|
660| foreach($special as $val){
661| if($_POST[md5($val)] == ($_POST['id'] * strlen(ABSPATH) )){
662| return $comment;
663| }
664| }
665|
666| if( HASHCASH_DEBUG )
667| write_comment_log($comment);
668|
669| die();
670|}
671|
672|?>
