discourse-legacysite-perl/site/racecalendar/comments_add_X.php

33 lines
1.1 KiB
PHP
Raw Normal View History

2024-06-17 12:42:14 +00:00
<?PHP
// do I need to do additional security checks to make sure the script is being called appropriately?
if (!$_POST){ header('Location: https://slowtwitch.com/calendar/?error=no_post'); }
include("config.php");
// error checking
if (isset($_POST[Review_Subject]) && isset($_POST[Review_Contents])) {
if ($_SERVER['HTTP_X_FORWARD_FOR']) {
$ip = $_SERVER['HTTP_X_FORWARD_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$tsNow = time();
$uid = $_POST[uid];
$editor_id = $_POST[editor_id];
$subject = mysql_escape_string(trim($_POST[Review_Subject]));
$message = mysql_escape_string(nl2br(htmlspecialchars(substr(trim($_POST[Review_Contents]), 0, 4096))));
// build the SQL query to delete the edits that are bad
$sql = "INSERT INTO gforum_TriathlonsComment (triathlon_id_fk, comment_time, user_id_fk, comment_subject, comment_message, comment_ip, comment_valid) VALUES ($uid, '$tsNow', '$editor_id', '$subject', '$message', '$ip', 0)";
//echo $sql;
mysql_query($sql) or die(mysql_error());
}
header('Location: https://slowtwitch.com/calendar/individual.php?uid='.$uid.'&review_add=ok');
exit();
?>