", $row['body']);
$row['body'] = str_replace("\n", "
", $row['body']);
$row['body'] = stripslashes($row['body']);
//Function to get links
$row[body] = preg_replace('#(http://)([^\s]*)#', '\\1\\2', $row[body]);
//User Logged In?
if ($_SESSION[username]) {
$user_query = "SELECT * FROM user WHERE username='$_SESSION[username]' ";
$user_results = mysql_query($user_query);
$user_row = mysql_fetch_array($user_results);
$log_href = 'logout.php';
$log_txt = 'Logout';
}
elseif (!$_SESSION[username]) {
$username = 'Guest';
$user_query = "SELECT * FROM user WHERE username='$username' ";
$user_results = mysql_query($user_query);
$user_row = mysql_fetch_array($user_results);
}
if($send) {
$date = date("Y-m-d");
//If user is logged in
if($_SESSION[username]) {
if(!$security or !$comment) {
$msg = "fields";
header("Location: index.php?msg=$msg");
exit(0);
}
if($security != 14) {
$msg = "security";
header("Location: index.php?msg=$msg");
exit(0);
}
$comment = addslashes($comment);
$insert_query = "INSERT INTO blog_comments (blog_id,user_id,date,body)";
$insert_query .= "VALUES ($row[id],$user_row[id],'$date','$comment')";
mysql_query($insert_query);
$msg = "success";
header("Location: index.php?msg=$msg");
exit(0);
//User is not logged in but user has an account
}else if(!$_SESSION[username] && $password) {
if(!$name or !$comment or !$security) {
$msg = "fields";
header("Location: index.php?msg=$msg");
exit(0);
}
if($security != 14) {
$msg = "security";
header("Location: index.php?msg=$msg");
exit(0);
}
$chk_user_query = "SELECT * FROM user WHERE username='$name' AND password= MD5('$password') AND status='enabled'";
$chk_user_result = mysql_query($chk_user_query);
if(mysql_num_rows($chk_user_result)) {
//There is an account
$chk_user_row = mysql_fetch_array($chk_user_result);
$comment = addslashes($comment);
$insert_query = "INSERT INTO blog_comments (blog_id,user_id,date,body) ";
$insert_query .= "VALUES ($row[id],$chk_user_row[id],'$date','$comment')";
mysql_query($insert_query);
$msg = "success";
session_start();
$_SESSION[username] = $name;
$_SESSION[password] = $password;
header("Location: index.php?msg=$msg");
exit(0);
}else {
$msg = "user";
header("Location: index.php?msg=$msg");
exit(0);
}
//User is not logged in and has no account
}else {
if(!$name or !$email or !$comment or !$security) {
$msg = "fields";
header("Location: index.php?msg=$msg");
exit(0);
}
if($security != 14) {
$msg = "security";
header("Location: index.php?msg=$msg");
exit(0);
}
if(!eregi("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$",stripslashes(trim($email)))) {
$msg = "invalidemail";
header("Location: index.php?msg=$msg");
exit(0);
}
$new_user_query = "INSERT INTO user (username,email,avatar,signature) ";
$new_user_query .= "VALUES ('$name','$email','images/users/guest.jpg','$signature')";
mysql_query($new_user_query);
//Last user who was placed into db
$new_sel_query = "SELECT * FROM user ORDER BY id DESC LIMIT 1";
$new_sel_result = mysql_query($new_sel_query);
//if this fails use the mysql_num_rows
$new_sel_row = mysql_fetch_array($new_sel_result);
$comment = addslashes($comment);
$insert_query = "INSERT INTO blog_comments (blog_id,user_id,date,body) ";
$insert_query .= "VALUES ($row[id],$new_sel_row[id],'$date','$comment')";
mysql_query($insert_query);
$msg = "success";
header("Location: index.php?msg=$msg");
exit(0);
}
}
?>
Justin Herrera - The14thGOD - Home