include "config.php";
if ($submit AND $site AND $REQUEST_METHOD == "POST" AND $use_review == 1) {
// $review = trim($review);
// $review = preg_replace('/[^a-zA-Z ]/', '', $review);
// $review = htmlspecialchars($review);
$name = trim($name);
$name = preg_replace('/[^a-zA-Z ]/', '', $name);
$name = htmlspecialchars($name);
$check_email = check_email_addr($email);
$err = "";
if (!$name) $err.="Inserisci il tuo Nome.
";
if (!$email) $err.="Inserici la tua Email.
";
if (!$review) $err.="Scrivi il tuo Commento.
";
if ($check_email == 0) $err.="Per favore specifica il tuo vero indirizzo email.
";
if ($anti_review[$site] == 1) $err.="Mi dispiace, non puoi inserire pi� di un commento al giorno.
";
if (!$err) {
$cdate = date ("Ymd");
$query = mysql_db_query ($dbname,"select postip from top_review where sid='$site' AND postdate='$cdate' AND postip='$REMOTE_ADDR'",$db) or die (mysql_error());
if (mysql_num_rows($query) > 0) {
$perr=1;
}
else {
mysql_db_query ($dbname,"insert into top_review (postip,rating,sid,review,name,email) values ('$REMOTE_ADDR','$rating','$site','$review','$name','$email')",$db) or die (mysql_error());
setcookie ("anti_review[$site]", "1",time()+86400);
}
}
}
include "header.php";
if ($site) {
if (!$from OR $from < 0 OR $from < $review_step) $from = 0;
$query = mysql_db_query ($dbname,"select *,DATE_FORMAT(postdate, '%d/%M/%Y') as post_date from top_review where sid='$site' ORDER BY rid DESC LIMIT $from,$review_step",$db) or die (mysql_error());
$tquery = mysql_db_query ($dbname,"select count(rid) as rtotal from top_review where sid='$site'",$db) or die (mysql_error());
$squery = mysql_db_query ($dbname,"select title from top_user where sid='$site' ",$db) or die (mysql_error());
$srows = mysql_fetch_array($squery);
if ($err) echo "