$page_name="News";
include $_SERVER['DOCUMENT_ROOT']."/inc/header.php";
$parentID=empty($_POST['parentID'])?'':$_POST['parentID'];
$productsID=empty($_POST['productsID'])?'':$_POST['productsID'];
$productsID_forum=empty($_REQUEST['productsID_forum'])?'':$_REQUEST['productsID_forum'];
$category_forum=empty($_REQUEST['category_forum'])?'':$_REQUEST['category_forum'];
$category_forum_view=empty($_REQUEST['category_forum_view'])?'':$_REQUEST['category_forum_view'];
$_SESSION['productsID_forum_sess']=empty($_SESSION['productsID_forum_sess'])?'':$_SESSION['productsID_forum_sess'];
$_SESSION['category_forum_view_sess']=empty($_SESSION['category_forum_view_sess'])?'':$_SESSION['category_forum_view_sess'];
if(!empty($productsID_forum) || !empty($_POST['productsID_forum_submit'])){$_SESSION['productsID_forum_sess']=$productsID_forum;}
if(!empty($category_forum_view) || !empty($_POST['productsID_forum_submit'])){$_SESSION['category_forum_view_sess']=$category_forum_view;}
if(!empty($_POST["formSubmit"]) && $_POST["formSubmit"]=="submited")
{
if($_SESSION["secureNumber"]==$_POST["secretNumber"])
{
if($_POST["formSubmit"]=="submited"){
if(!empty($parentID)){
$sSQL="SELECT * FROM blog WHERE blogID='".toSQL($parentID)."'";
$result=mysql_query($sSQL) or die ("MySQL err: ".mysql_error()."
".$sSQL);
while($row = mysql_fetch_assoc($result)){$category_forum=$row['category_forum'];}
}
$sSQL="INSERT INTO blog (dateCreated, fname, email, comment,
productsID, category_forum,
parentID, main_parentID, approved) VALUES
(NOW(), '".toSQL($_POST['fname'])."', '".toSQL($_POST['email'])."', '".toSQL($_POST['comment'])."',
'".toSQL($_POST['productsID'])."', '".toSQL($category_forum)."',
'".toSQL($parentID)."', '".toSQL($parentID)."', '1')";
mysql_query($sSQL) or die("err: " . mysql_error().$sSQL);
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: ".stripslashes($_POST['fname'])." <".stripslashes($_POST['email'])."> \n";
$mailbody="
";
if(!empty($parentID)){$mailbody.="Reply to Post # | ".$parentID." |
";}
$mailbody.="Name | ".stripslashes($_POST['fname'])." |
";
$mailbody.="Email: | ".stripslashes($_POST['email'])." |
";
$mailbody.="Product: | ".stripslashes($_POST['email'])." |
";
$mailbody.="Category: | ".stripslashes($arr_category_forum[$category_forum])." |
";
$mailbody.="Message: | ".stripslashes(nl2br($_POST['comment']))." |
";
$mailbody.="
";
$sSubject="Message from KimTech Web";
mail("admin@kimtech.ca", $sSubject, $mailbody, $headers);
mail("info@kimtech.ca", $sSubject, $mailbody, $headers);
$_POST['fname']="";
$_POST['comment']="";
$_POST['email']="";
$parentID="";
$productsID="";
//print $mailbody."
".$headers;
//exit();
/* ?>
Email has been sent successfullyclose x
*/
$mess="Message has been sent successfully
";
}
$_SESSION["secureNumber"]=0;
}
else{$mess="Wrong number
";}
}
?>
$sSQL="SELECT p.*, m.title m_title FROM products p LEFT JOIN manufacturer m USING(manufacturerID) ORDER BY title ";
$result=mysql_query($sSQL) or die ("MySQL err: ".mysql_error()." ".$sSQL);
$arr_product=array();
while($row = mysql_fetch_assoc($result)){
$arr_product[$row['productsID']]=$row['title']." - ".$row['m_title'];}
$sSQL="SELECT blogID, dateCreated, fname, email, comment, productsID, parentID, category_forum FROM blog WHERE approved='1' AND parentID=0 ";
if(!empty($_SESSION['productsID_forum_sess'])){ $sSQL.=" AND productsID='".toSQL($_SESSION['productsID_forum_sess'])."'";}
if(!empty($_SESSION['category_forum_view_sess'])){ $sSQL.=" AND category_forum='".toSQL($_SESSION['category_forum_view_sess'])."'";}
$sSQL.=" ORDER BY dateCreated DESC";
$result = mysql_query($sSQL) or die("err: " . mysql_error().$sSQL);
$pageItems=20; $pageNum=empty($_REQUEST['pageNum'])?'1':$_REQUEST['pageNum'];
$total=mysql_num_rows($result);
if($pageItems*($pageNum-1)>$total)$pageNum=0;
if($total>0)$rr=mysql_data_seek($result, $pageItems*($pageNum-1));
$s_blogID="";
$ii=0;
while($row = mysql_fetch_assoc($result)){$ii++;
if($ii>$pageItems)break;
$s_blogID.=$row['blogID'].",";
}
$arr_replays=array();
if(!empty($s_blogID)){
$s_blogID=substr($s_blogID, 0, -1);
$sSQL="SELECT * FROM blog WHERE parentID IN ($s_blogID)";
$result1 = mysql_query($sSQL) or die("err: " . mysql_error().$sSQL);
while($row1 = mysql_fetch_assoc($result1)){
$arr_replays[$row1['parentID']][$row1['blogID']]['fname']=$row1['fname'];
$arr_replays[$row1['parentID']][$row1['blogID']]['email']=$row1['email'];
$arr_replays[$row1['parentID']][$row1['blogID']]['dateCreated']=$row1['dateCreated'];
$arr_replays[$row1['parentID']][$row1['blogID']]['comment']=$row1['comment'];
$arr_replays[$row1['parentID']][$row1['blogID']]['productsID']=$row1['productsID'];
}
}
if($pageItems*($pageNum-1)>$total)$pageNum=0;
if($total>0)$rr=mysql_data_seek($result, $pageItems*($pageNum-1));
?> | |