\n"; } if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter your email!
\n"; } else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)
\n"; } if (!@$_REQUEST['comment']) { $errorsAndAlerts .= "Please enter a comment!
\n"; } if (!@$_REQUEST['recaptcha_response_field']) { $errorsAndAlerts .= "You must enter a captcha response
\n"; } elseif (@$_REQUEST['recaptcha_response_field']) { $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $errorsAndAlerts .= "Incorrect value for anti-spam validation, please try again.
"; } $captchaError = $resp->error; } // turn off strict mysql error checking for: STRICT_ALL_TABLES mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later) // add record if (!@$errorsAndAlerts) { mysql_query("INSERT INTO `{$TABLE_PREFIX}submissions` SET name = '".mysql_real_escape_string( $_REQUEST['name'] )."', email = '".mysql_real_escape_string( $_REQUEST['email'] )."', comment = '".mysql_real_escape_string( $_REQUEST['comment'] )."', uploaded_file = '".mysql_real_escape_string( $_REQUEST['uploaded_file'] )."', commentValue = '".mysql_real_escape_string( $_REQUEST['commentValue'] )."', createdDate = NOW(), updatedDate = NOW(), createdByUserNum = '0', updatedByUserNum = '0'") or die("MySQL Error Creating Record:
\n". htmlspecialchars(mysql_error()) . "\n"); $recordNumberOfNewComment = mysql_insert_id(); // send admins email notification of new post if (!$errorsAndAlerts) { $commentWithoutTags = strip_tags($_REQUEST['comment']); $from = $_REQUEST['email']; $to = $moderatorEmail; $subject = "Comment Added to ". $_SERVER['REQUEST_URI']; $message = <<<__TEXT__ Hi. Your site just recieved the following comment: Name: {$_REQUEST['name']} Comment: {$commentWithoutTags} The user who posted this comment had the following IP address: {$_SERVER['REMOTE_ADDR']}. You can edit the comment using this link: {$adminURL}?menu=comments&action=edit&num={$recordNumberOfNewComment} __TEXT__; // Note: The above line must be flush left or you'll get an error // This is a PHP heredoc. See: http://ca2.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc // send message $mailResult = @mail($to, $subject, $message, "From: $from"); if (!$mailResult) { die("Mail Error: $php_errormsg"); } ## // send all other commenters an email notifying of new comment $emails = array(); $uniqueEmails = array(); // load comments list($commentsRecords) = getRecords(array( 'tableName' => 'contact', 'allowSearch' => false, 'where' => "approved = 1 AND commentValue = '". mysql_real_escape_string( $_SERVER['REQUEST_URI']) ."'", )); foreach ($commentsRecords as $record) { $emails[] .= $record['email']; } $uniqueEmails = array_unique($emails); if ( $uniqueEmails ) { foreach ($uniqueEmails as $email) { if ( $email != $record['email'] ) { sendEmailUpdateToCommenters($email); } } } } } // clear form $_REQUEST = array(); } // load comments list($commentsRecords) = getRecords(array( 'tableName' => 'contact', 'allowSearch' => false, 'where' => "approved = 1 AND commentValue = '". mysql_real_escape_string( $_SERVER['REQUEST_URI']) ."'", )); ?>