connect_errno) { die("Failed to connect to database, please, try again later."); } $mysqli->set_charset('utf8'); $VH_SQL["connection"] = $mysqli; return $mysqli; } function get_post_variable($name, $default = "") { if (isset($_POST[$name])) { return $_POST[$name]; } else { return $default; } } function comment_store_from_form($page) { $question = trim(strip_tags(get_post_variable("comment_question"))); if (($question != "12") && ($question != "twelve")) { die("Please, answer the question correctly."); } $author = trim(strip_tags(get_post_variable("comment_name"))); if ($author == "") { die("Please, specify your name when adding a comment."); } $email = trim(strip_tags(get_post_variable("comment_email"))); $text = trim(get_post_variable("comment_text")); if ($text == "") { die("Please, specify some comment text."); } $text = str_replace("\r", "", $text); $text = str_replace("#include <", "#include <", $text); $text = str_replace("
", "\n\n", $text); $purifier_config = HTMLPurifier_Config::createDefault(); $purifier_config->set('Cache.DefinitionImpl', null); $purifier_config->set('HTML.Allowed', 'p,blockquote,pre,a[href],b,i,strong,em,code'); $purifier_config->set('AutoFormat.AutoParagraph', true); $purifier = new HTMLPurifier($purifier_config); $text = $purifier->purify($text); $conn = connect_to_database(); $query = sprintf("INSERT INTO vh_comments (page, author, email, text) VALUES " . "('%s','%s','%s','%s')", $conn->real_escape_string($page), $conn->real_escape_string($author), $conn->real_escape_string($email), $conn->real_escape_string($text)); $ok = $conn->query($query); if (!$ok) { die("Failed to insert comment into the database. Please, try again later."); } Header("Location: $page"); exit(0); } function get_comments($page) { $conn = connect_to_database(); $query = sprintf("SELECT author, email, updated, text FROM vh_comments " . "WHERE page='%s' ORDER BY updated", $conn->real_escape_string($page)); return $conn->query($query); } function get_all_comments($limit) { $conn = connect_to_database(); $query = sprintf("SELECT page, author, email, updated, text FROM vh_comments " . "ORDER BY updated DESC LIMIT %d", $conn->real_escape_string($limit)); return $conn->query($query); } function format_comments_for_page($comments) { if (!$comments) { return "Ooops, there was a problem getting the comments. Try again later, please.
"; } $html = '- "; if ($page_def == null) { $page = $comment->page; } else { $page = $page_def; } $page_info = get_page_info($page); $page_title = $page_info == null ? "" : $page_info["title"]; $title = sprintf($comment_title, htmlspecialchars($comment->author), htmlspecialchars($page_title)); $rss .= sprintf("
\n"; } return $rss; } function render_full_html_page($title, $heading, $content) { ?>%s ", $title); $rss .= sprintf("%s \n", htmlspecialchars($comment->text)); $rss .= sprintf("http://vh.alisma.cz%s\n", $page); $rss .= sprintf("%s \n", date("D, d M Y H:i:s", strtotime($comment->updated))); $rss .= "version="1.0" encoding="UTF-8"?> close(); } exit(0); } if (!isset($_GET["page"])) { die("Target page not specified, nothing to do."); } $page = $_GET["page"]; $page_info = get_page_info($page); if ($page_info == null) { die("Unknown page, nothing to do."); } /* Handle new comment submission. */ if (isset($_POST["comment_text"])) { comment_store_from_form($page); exit(0); } /* Otherwise, display all the comments. */ $comments_handle = get_comments($page); if (isset($_GET["rss"])) { $comments = format_comments_for_page_as_rss($comments_handle, $page, 'Comment by %1$s'); render_rss_page($page_info["title"] ." (comments)", $comments); } else { $comments_html = format_comments_for_page($comments_handle); render_full_html_page($page_info["title"] ." (comments)", "Comments", $comments_html); } if ($comments_handle) { $comments_handle->close(); } exit(0);
%s
", htmlspecialchars($comment->author)); $html .= sprintf('%s
', date("j M Y H:i", strtotime($comment->updated))); $html .= sprintf('