source: db/komentare/odeslat_komentare.php@ 118

<?php 
if (!defined('IN_CODE')){ exit; };
?>

<?php

if( isset($_POST['send']) AND !empty($_POST['usernick']) AND !empty($_POST['email']) AND $_POST['email'] != "@" AND !empty($_POST['text']) ){ 

  $klic_dotaz_id = @mysql_query("SELECT * FROM `klice`");
  $kolik_klicu = mysql_num_rows($klic_dotaz_id);
  $nahodny_id_captcha = rand("1", $kolik_klicu);
  $klic_dotaz_kod = @mysql_query("SELECT klic FROM `klice` WHERE id='".$nahodny_id_captcha."' LIMIT 4 "); 
  if( @mysql_num_rows($klic_dotaz_kod) > "0" ) { $i = "0";
    while( $result = @MySQL_Fetch_Array($klic_dotaz_kod) ){
      $kod[$i] = $result['klic']; $i++;
      };
    };
  
  $i = "1";
  while( $i <= "4" ){
    $random[$i] = strtoupper(substr(md5(rand()),0,5)); $i++;
    };
  $nahradit_nahodny = rand("1", "4");
  $random[$nahradit_nahodny] = $kod[0];
  
  if( $_POST['web'] == "http://" ){ unset($_POST['web']); };

  $usernick_captcha = htmlspecialchars($_POST['usernick']);
  $email_captcha = htmlspecialchars($_POST['email']);
  $web_captcha = strtolower(htmlspecialchars($_POST['web'])); 
  if( eregi("http:/", $web_captcha) == TRUE AND !empty($web_captcha) ){ 
    $web_captcha = str_replace("http:/", "", $web_captcha);
    $web_captcha = "http://".$web_captcha; } 
  elseif( eregi("http:///", $web_captcha) == TRUE AND !empty($web_captcha) ){ 
    $web_captcha = str_replace("http:///", "", $web_captcha);
    $web_captcha = "http://".$web_captcha; } 
  elseif( eregi("http://", $web_captcha) == FALSE AND !empty($web_captcha) ){ 
    $web_captcha = "http://".$web_captcha; };
  $text_captcha = htmlspecialchars($_POST['text']);
  $kategorie_captcha = $_POST['kategorie'];
  $id_clanku_captcha = $_POST['id_clanku'];
  $datum_captcha = time();
  $specialcode = md5($usernick_captcha.$email_captcha.$web_captcha.$text_captcha.$kategorie_captcha.$id_clanku_captcha.$datum_captcha);
  
  mysql_query("INSERT INTO `komentare` ( `specialcode` , `vlozil` , `mail` , `web` , `kdy` , `komentar` , `ceho` , `kategorie` )
                      VALUES ( '".$specialcode."', '".$usernick_captcha."', '".$email_captcha."', '".$web_captcha."', '".$datum_captcha."', '".$text_captcha."', '".$id_clanku_captcha."', '".$kategorie_captcha."' ) ");


?>

<p>Který z následujících kódů je na obrázku ? </p>
<form action="index.php?id=komentar<?php echo $SID; ?>" method="post">
  

  <div id="captcha">
    <img src="komentare/obrazek.php?obr=<?php echo $nahodny_id_captcha; ?>" alt="Captcha" />
  </div>

  <div id="radio_captcha">
    <span style="display: none;">
      <input type="hidden" name="specialcode" value="<?php echo $specialcode; ?>" />
      <input type="hidden" name="kategorie" value="<?php echo $kategorie_captcha; ?>" />
      <input type="hidden" name="id_clanku" value="<?php echo $id_clanku_captcha; ?>" />
      <input type="hidden" name="id_kodu" value="<?php echo $nahodny_id_captcha; ?>" />
    </span>

    <input type="radio" name="captcha" id="captcha1" value="<?php echo $random[1]; ?>" />
      <label for="captcha1"> <?php echo $random[1]; ?> </label><br>
    <input type="radio" name="captcha" id="captcha2" value="<?php echo $random[2]; ?>" />
      <label for="captcha2"> <?php echo $random[2]; ?> </label><br>
    <input type="radio" name="captcha" id="captcha3" value="<?php echo $random[3]; ?>" />
      <label for="captcha3"> <?php echo $random[3]; ?> </label><br>
    <input type="radio" name="captcha" id="captcha4" value="<?php echo $random[4]; ?>" />
      <label for="captcha4"> <?php echo $random[4]; ?> </label><br>
  </div><div style="clear:both;"></div>
    <input type="submit" value="Potvrdit" id="potvrdit" name="potvrdit" />

</form>

<?php
  }
elseif( isset($_POST['potvrdit']) ){ 
  
  $specialcode = $_POST['specialcode'];
  $kategorie_potvrzeni = $_POST['kategorie'];
  $id_clanku_potvrzeni = $_POST['id_clanku'];
  $id_kodu_potvrzeni = $_POST['id_kodu'];
  $captcha_potvrzeni = $_POST['captcha'];

  $klic_sql_kod = @mysql_query("SELECT klic FROM `klice` WHERE id='".$id_kodu_potvrzeni."' LIMIT 1 "); 
  if( @mysql_num_rows($klic_sql_kod) > "0" ) { $i = "0";
    while( $result = @MySQL_Fetch_Array($klic_sql_kod) ){ 
      $kod[$i] = $result['klic']; $i++;
      };
    };
  
  if( $kod[0] == $captcha_potvrzeni ){ 
 
    mysql_query("UPDATE `komentare` SET `spam` = '0', `specialcode` = '0' WHERE `specialcode` ='".$specialcode."' LIMIT 1 ");
    echo "<p>Příspěvek byl odeslán a uložen.</p>";
    echo "<p><a href=\"index.php?".$kategorie_potvrzeni."=".$id_clanku_potvrzeni."#komentare\">Návrat k příspěvku</a></p>";
    } 
  else{ 

      $klic_dotaz_id = @mysql_query("SELECT * FROM `klice`");
      $kolik_klicu = mysql_num_rows($klic_dotaz_id);
      $nahodny_id_captcha = rand("1", $kolik_klicu);
      $klic_dotaz_kod = @mysql_query("SELECT klic FROM `klice` WHERE id='".$nahodny_id_captcha."' LIMIT 4 "); 
      if( @mysql_num_rows($klic_dotaz_kod) > "0" ) { $i = "0";
        while( $result = @MySQL_Fetch_Array($klic_dotaz_kod) ){
          $kod[$i] = $result['klic']; $i++;
          };
        };
      
      $i = "1";
      while( $i <= "4" ){
        $random[$i] = strtoupper(substr(md5(rand()),0,5)); $i++;
        };
      $nahradit_nahodny = rand("1", "4");
      $random[$nahradit_nahodny] = $kod[0];

?>

<p>Špatná volba zkuste to znovu.</p>
<p>Který z následujících kódů je na obrázku ? </p>
<form action="index.php?id=komentar<?php echo $SID; ?>" method="post">
  

  <div id="captcha">
    <img src="komentare/obrazek.php?obr=<?php echo $nahodny_id_captcha; ?>" alt="Captcha" />
  </div>

  <div id="radio_captcha">
    <span style="display: none;">
      <input type="hidden" name="specialcode" value="<?php echo $specialcode; ?>" />
      <input type="hidden" name="kategorie" value="<?php echo $kategorie_potvrzeni; ?>" />
      <input type="hidden" name="id_clanku" value="<?php echo $id_clanku_potvrzeni; ?>" />
      <input type="hidden" name="id_kodu" value="<?php echo $nahodny_id_captcha; ?>" />
    </span>

    <input type="radio" name="captcha" id="captcha1" value="<?php echo $random[1]; ?>" />
      <label for="captcha1"> <?php echo $random[1]; ?> </label><br>
    <input type="radio" name="captcha" id="captcha2" value="<?php echo $random[2]; ?>" />
      <label for="captcha2"> <?php echo $random[2]; ?> </label><br>
    <input type="radio" name="captcha" id="captcha3" value="<?php echo $random[3]; ?>" />
      <label for="captcha3"> <?php echo $random[3]; ?> </label><br>
    <input type="radio" name="captcha" id="captcha4" value="<?php echo $random[4]; ?>" />
      <label for="captcha4"> <?php echo $random[4]; ?> </label><br>
  </div><div style="clear:both;"></div>
    <input type="submit" value="Potvrdit" id="potvrdit" name="potvrdit" />

</form>

<?php
    };
  } else { 
?>
<p>Chybí některé údaje !</p>
<p>Je nutné vyplnit Nick, E-mail a Text.</p>
<p>Hodnoty co jste zadali se po kliknutí na Návrat dosadí znovu do formuláře 
a budete moct doplnit ty chybějící.</p>
<form action="index.php?<?php echo $_POST['kategorie']; ?>=<?php echo $_POST['id_clanku']; ?><?php echo $SID; ?>" 
        method="post" onSubmit="return zkontroluj_formular(this);">
  <span style="display: none;">
    <input type="hidden" name="usernick" value="<?php echo htmlspecialchars($_POST['usernick']); ?>" />
    <input type="hidden" name="email" value="<?php echo htmlspecialchars($_POST['email']); ?>" />
    <input type="hidden" name="web" value="<?php echo htmlspecialchars($_POST['web']); ?>" />
    <input type="hidden" name="text" value="<?php echo htmlspecialchars($_POST['text']); ?>" />
    <input type="hidden" name="kategorie" value="<?php echo $_POST['kategorie']; ?>" />
    <input type="hidden" name="id_clanku" value="<?php echo $_POST['id_clanku']; ?>" />
    <input type="hidden" name="id_kodu" value="<?php echo $nahodny_id_captcha; ?>" />
  </span><input type="submit" value="Návrat" name="potvrdit" style="margin-top: 8px;" />
</form>
<?php
  };
?>