ACC SHELL

Path : /srv/www/vhosts/bubbagump/
File Upload :
Current File : /srv/www/vhosts/bubbagump/novykomentar.php

<?php
//error_reporting(15);
?>
<?php if (!isset($kontrol)):?>
<script src="scripty/blog.js" type="text/javascript"></script>
<div class="blognavigace"><h5>Nový komentář</h5><br /></div>
<form action="index.php?menu=<?php echo $menu."&idclankublog=$idclanku&komentare=novy"; ?>" onsubmit="return runCommentControl();" method="post" class="koment">
<input type="hidden" name="idclankublogu" value="<?php echo $idclanku; ?>" />
<?php
  if (!isset($reakce)) $reakce = 0;
  $num1 = floor(rand(2,9));
  $num2 = floor(rand(2,9));
  $num3 = floor(rand(10,49));
  $konkod = "Kontrolní kód je součet čísel $num1 a $num2, za který napíšete číslo $num3.";
  $num1 = $num1*2+55;
  $num2 = $num2*2+77;
  $num3 = $num3*2-9;
?>
<input type="hidden" name="reakcena" value="<?php echo $reakce; ?>" />
<input type="hidden" name="kontrol" value="<?php $x11 = Time();echo $x11; ?>" />
<input type="hidden" name="kontrol2" value="<?php $x11 = (Time()+256)*9;echo $x11; ?>" />
<input type="hidden" name="kontrol3" value="<?php echo $num1; ?>" />
<input type="hidden" name="kontrol4" value="<?php echo $num2; ?>" />
<input type="hidden" name="kontrol5" value="<?php echo $num3; ?>" />
<span>Jméno: </span><input type="text" name="autorkomentare" id="autorkomentare" size="30" /><br />
<span>Email: </span><input type="text" name="komentaremail" id="komentaremail" size="30" /><br />
<span>Nadpis: </span><input type="text" name="nadpiskomentare" id="nadpiskomentare" size="30" /><br />
<span>Komentář: </span><br />
<textarea name="textkomentare" id="textkomentare" cols="40" rows="6"></textarea><br /><br />
<?php echo "$konkod<br />"; ?>
<br /><span>Kontrolní kód: </span><input type="text" name="kontrolnikod" id="kontrolnikod" size="10" /><br /><br />
<input type="submit" name="vlozitkomentar" value="Odeslat" />
<input type="button" name="zpet" value="Zpět" onclick="history.back();" />
</form>

<?php else: ?>
<?php
require "pripojenidb.php";
$autorizovano = 1;
if ($autorkomentare != "" && $komentaremail != "" && $nadpiskomentare != "" && $textkomentare != "") {
$numero = (int)(((($kontrol3-55)/2)+(($kontrol4-77)/2)).(($kontrol5+9)/2));
if ($numero != $kontrolnikod) {$autorizovano = 0;$chybicka = "Špatný kontrolní kód";$badcode = 1;}
else {
 $tabulka9 = $NAZEV_PROJEKTU."blogkomentare".$_SESSION[$NAZEV_PROJEKTU."lang"];
 @$vysledek9 = MySQL_Query("SELECT Nadpis FROM $tabulka9 WHERE Id_spam = $kontrol");
 if (mysql_num_rows($vysledek9) != 0) {
      $autorizovano = 0;$chybicka = "Komentář byl již uložen";
 } else {
 if ($reakcena != 0) {
 $tabulka9 = $NAZEV_PROJEKTU."blogkomentare".$_SESSION[$NAZEV_PROJEKTU."lang"];
 @$vysledek9 = MySQL_Query("SELECT Nadpis FROM $tabulka9 WHERE Id = '$reakcena'");
 if (mysql_num_rows($vysledek9) == 0) {$autorizovano = 0;$chybicka = "Reakce na komentar, ktery neexituje";}
 }
}

}
}
if ($autorizovano == 1) {

$tabulka9 = $NAZEV_PROJEKTU."blogkomentare".$_SESSION[$NAZEV_PROJEKTU."lang"];

$vysledek9 = MySQL_Query("INSERT INTO $tabulka9 (Id_clanku,Id_reakce,Id_spam,Jmeno,Email,Nadpis,Komentar,Ip_adresa) VALUES ($idclankublog,$reakcena,$kontrol,'$autorkomentare','$komentaremail','$nadpiskomentare','$textkomentare','".$_SERVER["REMOTE_ADDR"]."')");

        $tabulka9 = $NAZEV_PROJEKTU."blogkomentare".$_SESSION[$NAZEV_PROJEKTU."lang"];

        @$vysledek9 = MySQL_Query("SELECT Nadpis FROM $tabulka9 WHERE ID_clanku = '$idsablony'");
header("Location: ./index.php?menu=$menu&idclankublog=$idclankublog&komentare=vse&kpridan=1");     
}
else {echo $chybicka;
header("Location: ./index.php?menu=$menu&idclankublog=$idclankublog&komentare=vse&kpridan=0&duvod=$chybicka");
}
  
?>

<?php endif; ?>

ACC SHELL 2018