require("header.php"); $admin=$_COOKIE['cciad']; set_magic_quotes_runtime(0); echo '
'; include ('connect.inc.php'); // anti robots if(empty($_POST['comment'])) { $testrobot="ok"; } else { $testrobot="nok"; } //// $numid=$_GET['numid']; $action=$_GET['action']; $Localite=$_GET['localite']; $pays=$_GET['pays']; $dept=$_GET['dept']; //$commentaires=htmlentities($_POST['commentaires'], ENT_QUOTES); $commentaires=addslashes($_POST['commentaires']); echo '"; echo " | ";
if ($langue)
{
}
else
{
$langue='F';
}
//_______________________________________________
//recherche IP
function get_ip()
{
if($_SERVER)
{
if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
elseif($_SERVER['HTTP_CLIENT_IP'])
$ip = $_SERVER['HTTP_CLIENT_IP'];
else
$ip = $_SERVER['REMOTE_ADDR'];
}
else {
if(getenv('HTTP_X_FORWARDED_FOR'))
$ip = getenv('HTTP_X_FORWARDED_FOR');
elseif(getenv('HTTP_CLIENT_IP'))
$ip = getenv('HTTP_CLIENT_IP');
else
$ip = getenv('REMOTE_ADDR');
}
return $ip;
}
//______________________________________________________
//controle email
function checkmail($email)
{
if(eregi('^[_A-Za-z0-9.-]+@[A-Za-z0-9.-]{2,}[.][a-z]{2,3}$',$email)) return 'True';
return 'false';
}
//enregistrement commentaire dans la bas de données
if ($action=='maj')
{
if (($email=="")|| ($testrobot<>"ok"))
{
?>
die('');
}
$controle=checkmail($email);
if ($controle=='false')
{
?>
die("");
}
else // si email valide
{
if ($commentaires=='' )
{
echo " Saisie annulée. "; echo " | ";
}
else //si commentaire non vide
{
$ip = get_ip();
//vérif doublons
$Tablecom=mysql($database,"SELECT numid,date_saisie FROM comaire WHERE numid='$numid' and IP='$ip' and email='$email' and affiche='N'" );
$nomb=mysql_NumRows($Tablecom);
//echo $nomb;
if ($nomb>0)
{
$i=0;
while($i<$nomb)
{
$date_crea=strtotime(mysql_result($Tablecom, $i, "date_saisie"));
$date_jour = strtotime(Date ("Y-m-d"));
$ecart=$date_jour-$date_crea;
if ($ecart<259200)
{
?>
die("");
}
$i++;
}
}
// $commentaires=htmlentities($commentaires,ENT_QUOTES);
//$commentaires=str_replace("’","'",$commentaires);
$instruction="INSERT INTO comaire VALUES ( '','$date_saisie', '$numid', '$commentaires', '$expediteur', '$email', '$lang','$affiche', '$ip')";
$instruction=str_replace('¤','€',$instruction);
$instruction=str_replace("’","\'",$instruction);
$instruction=str_replace("½","œ",$instruction);
/*
$instruction=str_replace('¤','€',$instruction);
$instruction=str_replace("’","'",$instruction);
$instruction=str_replace("","'",$instruction);
$instruction=str_replace("'","'",$instruction);
$instruction=str_replace("é","é",$instruction);
$instruction=str_replace("è","è",$instruction);
*/
$res=mysql($database, $instruction);
$num_enreg= mysql_insert_id();
$action='ok';
//echo "
"; echo " |