$infeedtitle

. // //-------------------- // // Installation: // // 1. Save this source code as "comments.php". // 2. Place "comments.php" at your website's highest level, typically "/". // 3. Give "comments.php" permission "0755" (readable & executable by all). // 4. Create a directory called "comments" at your website's highest level. // 5. Give "comments" directory permission "0777" (readable, writable & executable by all). // 6. Add this CSS to your website design: http://www.tildehash.com/comments/comments.css // 7. Add the following HTML tags to pages that are to have comments: // // // // // Optionally, you may set the "display" URL query to the page filename to // display only a comment count, ex. state-of-firefox-4-0-on-gnu-linux.html // will display something like "6 Comments (9 counting replies)". // // You may also use the following JavaScript tag with any or all of // the following variables to change the comment system's behavior: // // // // Change Log file (please record your modifications to this code): // http://www.tildehash.com/comments/changelog.txt // // Check if the script was requested by this server if (!isset($_GET["rss"]) || empty($_GET["rss"])) { if (isset($_SERVER["HTTP_REFERER"]) && !isset($_GET["source"])) { header("Content-type: text/javascript"); $httpref = $_SERVER["HTTP_REFERER"]; if (!preg_match('/' . $_SERVER["SERVER_NAME"] . '/i', parse_url($httpref, PHP_URL_HOST))) { die("document.write('Comments: External Use Not Allowed.');"); } } else { header("Content-type: text/plain"); die(file_get_contents(basename($_SERVER["PHP_SELF"]))); } } else { $httpref = $_GET["rss"]; } $root_dir = './comments/'; // Root directory for comments $enotify = 'jacobbarkdull@gmail.com'; // E-mail for notification of new comments $pagetitle = 'yes'; // Whether page title is shown or not $short_dates = 'yes'; // Whether comment dates are shortened $icons = 'yes'; // Whether comments have avatar icons (gravatar) $icon_size = '34'; // Size of gravatar icons in pixels $name = 'GNU Knows Who'; // Nickname when one isn't given $cmtform = 'Type Comment Here...'; // "Comment" field's default text $postbutton = 'Post Comment'; // "Post Comment" button's default text $delnote = 'This comment has been deleted.'; // Notice of deleted comment $expire = time()+60*60*24*30; // Date cookies expire $header = "From: $enotify\r\nReply-To: $enotify"; // Mail headers when no email is given $domain = $_SERVER["SERVER_NAME"]; // Domain name for refer checking & notifications $refurl = parse_url($httpref); // Turn referring URL into array $refpath = ($refurl["path"] == '/') ? 'index' : str_replace(array('/', '.', '='), '-', substr($refurl["path"], 1)); // Replace "/", ".", and "=" with dashes $refpath .= (!empty($refurl["query"])) ? '-' . str_replace(array('/', '.', '='), '-', preg_replace('/(&.*?$)/', '', $refurl["query"])) : ''; // Append URL query to file path $dir = $root_dir . $refpath; // Sub-directory for comments // If the "display" query is set, change directory to its value if (isset($_GET["display"]) && isset($_GET["link"])) { if (!empty($_GET["display"]) && !empty($_GET["link"])) { if (file_exists($root_dir . $_GET["display"])) { $dir = $root_dir . $_GET["display"]; } else { die('document.write("Post Comment");'); } } } // Encryption method for reply emails include($root_dir . 'key.php'); // Encryption Key (stored in separate file for security) function encrypt($str,$ky = '') { $str2 = str_replace('"', '"', $str); if ($ky == '') { return $str2; } else { $ky = str_replace(chr(32), '', $ky); if (strlen($ky) < 8) exit('key error'); $kl = strlen($ky) < 32 ? strlen($ky) : 32; $k = array(); for ($i2 = 0; $i2 < $kl; $i2++) { $k[$i2] = ord($ky{$i2}) & 0x1F; } $j = '0'; for ($i2 = '0'; $i2 < strlen($str2); $i2++) { $e = ord($str2{$i2}); $str2{$i2} = $e & 0xE0 ? chr($e^$k[$j]) : chr($e); $j++; $j = $j == $kl ? 0 : $j; } return $str2; } } // Variables for "read_comments" function $showcmt = ''; // Variable containing comments $cmtcount = '1'; // Comment count excluding replies $totalcount = '1'; // Comment count including replies // Read, count, and create deleted comment note function read_comments($dir,$check) { global $root_dir, $key, $cmtcount, $totalcount, $showcmt, $delnote, $httpref, $icons, $icon_size, $short_dates; if (!file_exists($dir) && !isset($_GET["display"])) { mkdir($dir, 0777); chmod($dir, 0777); } $diriter = new RecursiveDirectoryIterator($dir); $iter = new RecursiveIteratorIterator($diriter, RecursiveIteratorIterator::SELF_FIRST); $files = array(); $cmtcount = '1'; foreach ($iter as $file) { if (is_file($file)) { $files[$file->getPathname()] = $file; $totalcount++; if (!preg_match('/\//i', str_replace($dir, '', dirname($file)))) { $cmtcount++; } } } uksort($files, 'strnatcasecmp'); // Check for deleted comment, save note if (!empty($check) && $check == 'yes' || $check == 'true') { foreach ($files as $path => $file) { $nextfile = '1'; $cdir = dirname($file); $cfile = basename($file, '.txt'); $lastfile = '0'; $d = opendir($cdir); while ($f = readdir($d)) { if (basename($f, '.txt') > $lastfile) { $lastfile = basename($f, '.txt'); } } $nextfile = $cfile+1; if ($lastfile != '0' && !file_exists($cdir . '/1.txt')) { file_put_contents($cdir . '/1.txt', 'deleted', LOCK_EX); } if (is_dir($cdir . '/../') && !file_exists($cdir . '/../1.txt') && $cdir != $dir) { file_put_contents($cdir . '/../1.txt', 'deleted', LOCK_EX); } if (is_dir($cdir . '/' . $nextfile) && !file_exists($cdir . '/' . $nextfile . '.txt')) { file_put_contents($cdir . '/' . $nextfile . '.txt', 'deleted', LOCK_EX); } while ($nextfile < $lastfile) { if (!file_exists($cdir . '/' . $nextfile . '.txt')) { file_put_contents($cdir . '/' . $nextfile . '.txt', 'deleted', LOCK_EX); } $nextfile++; } // Generate permalink and calculate CSS padding for reply indentation $permalink = explode('/', $file, 4); $replydir = basename($file, '.txt'); if (substr_count($permalink[3], '/') != '0') { $indent = substr_count($permalink[3], '/') . '0'; $indent = $indent * 2; } else { $indent = '0'; } $permahref = 'c' . str_replace(array('/', '.txt'), array('r', ''), $permalink[3]); $permatext = basename($file, '.txt'); // Read comment files, and display them in HTML divs if (!isset($_GET["display"])) { $readcmt = explode("\n", file_get_contents($file)); if ($readcmt[0] != 'deleted') { $readcmt_name = preg_replace('/Name: /', '', $readcmt[0], 1); $readcmt_site = preg_replace('/Site: /', '', $readcmt[1], 1); $readcmt_date = preg_replace('/Date: /', '', $readcmt[2], 1); $readcmt_mail = preg_replace('/Mail: /', '', $readcmt[3], 1); $readcmt_pass = preg_replace('/Pass: /', '', $readcmt[4], 1); $readcmt_addr = preg_replace('/Addr: /', '', $readcmt[5], 1); $readcmt_comment = $readcmt[7]; } $replynumbers = str_replace('.txt', '', $permalink[3]); $showcmt .= "\t" . 'document.write("
\n");' . "\n"; $showcmt .= "\t" . 'document.write("

\n");' . "\n"; if (isset($readcmt[0]) && $readcmt[0] != 'deleted') { // Get user's Gravatar icon from gravatar.com if ($icons == 'yes') { if (!empty($readcmt_mail)) { $gravatar_url = 'http://www.gravatar.com/avatar/' . md5(strtolower(trim(encrypt($readcmt_mail, $key)))) . '.png?d=mm&s=' . $icon_size . '&r=pg'; } else { $gravatar_url = 'http://www.gravatar.com/avatar/?d=mm&s=' . $icon_size . '&r=pg'; } $icon_or_text = ' $\"#'$ '; $cmtfont_style = ' vertical-align: top; position: relative; top: 8px;'; } else { $icon_or_text = '#' . $permatext . ''; $cmtfont_style = ''; } $showcmt .= "\t" . 'document.write("

\n");' . "\n"; $showcmt .= "\t" . 'document.write("' . $icon_or_text . '\n");' . "\n"; if (!empty($readcmt_site)) { $showcmt .= "\t" . 'document.write("' . $readcmt_name . ''; } else { $showcmt .= "\t" . 'document.write("' . $readcmt_name . ''; } if (!empty($readcmt_mail)) { $showcmt .= ' $\"@notices\"$ '; } $showcmt .= '\n");' . "\n"; if ($short_dates == 'yes') { $get_cmtdate = explode(" - ", $readcmt_date); $make_cmtdate = new DateTime($get_cmtdate[0]); $curdate = new DateTime(date('m/d/Y')); $interval = $make_cmtdate->diff($curdate); if ($interval->y != '') { $readcmt_date = $interval->y . ' year'; $readcmt_date .= ($interval->y != 1) ? 's ago' : ' ago'; } else if ($interval->m != '') { $readcmt_date = $interval->m . ' month'; $readcmt_date .= ($interval->m != 1) ? 's ago' : ' ago'; } else if ($interval->d != '') { $readcmt_date = $interval->d . ' day'; $readcmt_date .= ($interval->d != 1) ? 's ago' : ' ago'; } else { $readcmt_date = $get_cmtdate[1] . ' today'; } } $showcmt .= "\t" . 'document.write("

\n");' . "\n"; $showcmt .= "\t" . 'document.write("' . $readcmt_comment . '

\n");' . "\n"; } else { if ($icons == 'yes') { $icon_or_text = ' $\"#'$ '; } else { $icon_or_text = '#' . $permatext . ' '; } $showcmt .= "\t" . 'document.write("' . $icon_or_text . '");' . "\n"; $showcmt .= "\t" . 'document.write("' . $delnote . '\n");' . "\n"; } if (isset($readcmt[0]) && $readcmt[0] != 'deleted') { $showcmt .= "\t" . 'document.write("

\n");' . "\n"; $showcmt .= "\t" . 'document.write("\n' . $readcmt_date . ''; if (preg_match("/\//", $permalink[3])) { $showcmt .= ' · Thread'; } $showcmt .= '\n\n");' . "\n"; $showcmt .= "\t" . 'document.write("\n

\n");' . "\n"; } $showcmt .= "\t" . 'document.write("

\n");' . "\n\n"; } } } return $cmtcount; return $totalcount; return $showcmt; } // Function for displaying comment count function display_count() { global $cmtcount, $totalcount; $cmtcount--; $totalcount--; if ($cmtcount == $totalcount) { echo $cmtcount . ' Comment'; echo ($cmtcount != '1') ? 's' : ''; } else { echo $cmtcount . ' Comment'; echo ($cmtcount != '1') ? 's' : ''; echo ' (' . $totalcount . ' counting repl'; echo ($totalcount != '2') ? 'ies)' : 'y)'; } } function rss_feed() { global $dir, $cmtcount, $totalcount, $showcmt, $httpref; header('Content-Type: application/xhtml+xml'); read_comments($dir,'no'); $rssfeed = ''; if (isset($_GET["title"]) && !empty($_GET["title"])) { $title = $_GET["title"]; } else { $title = 'Article Comments'; } if (isset($_GET["rss"]) && !empty($_GET["rss"])) { function rglob($pattern = '*', $flags = 0, $path = '') { $paths = glob($path . '*', GLOB_MARK | GLOB_ONLYDIR | GLOB_NOSORT); $files = glob($path . $pattern, $flags); foreach ($paths as $path) { $files = array_merge($files, rglob($pattern, $flags, $path)); } return $files; } function newest($a, $b) { return(filemtime($a) > filemtime($b)) ? -1 : 1; } $files = rglob('*.txt', 0, $dir); uasort($files, 'newest'); foreach($files as $file) { $rsscmt = explode("\n", file_get_contents($file)); $datasearch = array('&', '
\n', '\n', '\r', ' '); $datareplace = array('&', ' ', ' ', ' ', ' '); if ($rsscmt[0] != 'deleted') { $rsscmt_name = preg_replace('/Name: /', '', $rsscmt[0], 1); $rsscmt_date = preg_replace('/Date: /', '', $rsscmt[2], 1); $rsscmt_comment = strip_tags(str_replace($datasearch, $datareplace, $rsscmt[7])); if (isset($_GET["title"]) && !empty($_GET["title"])) { $title = $_GET["title"]; $infeedtitle = 'Re: ' . $_GET["title"]; } else { $title = 'Article Comments'; $infeedtitle = $rsscmt_name; } $permalink = explode('/', $file, 4); $rssfeed .= "\t\t\n"; $rssfeed .= "\t\t\t$infeedtitle\n"; $rssfeed .= "\t\t\t$rsscmt_comment\n"; $rssfeed .= "\t\t\t" . str_replace(array("- ", "am", "pm"), array('', " AM", " PM"), $rsscmt_date) . "\n"; $rssfeed .= "\t\t\t" . $_GET["rss"] . "#c" . str_replace(array('/', '.txt'), array('r', ''), $permalink[3]) . "\n"; $rssfeed .= "\t\t\t" . $_GET["rss"] . "#c" . str_replace(array('/', '.txt'), array('r', ''), $permalink[3]) . "\n"; $rssfeed .= "\t\t\n"; } } echo '' . "\n"; echo '' . "\n"; echo "\t" . '' . "\n"; echo "\t\t" . '' . $title . '' . "\n"; echo "\t\t" . '' . $_GET["rss"] . '' . "\n"; echo "\t\t" . 'Displaying '; display_count(); echo '' . "\n"; echo "\t\t" . '' . "\n"; echo "\t\t" . 'en-us' . "\n"; echo "\t\t" . '40' . "\n"; echo $rssfeed; echo "\t" . '' . "\n"; die('' . "\n"); } } if (!isset($_GET["rss"])) { read_comments($dir,'yes'); } else { rss_feed(); } // If the "display" query is set, just echo the comment count if (isset($_GET["display"]) && isset($_GET["link"])) { if (!empty($_GET["display"]) && !empty($_GET["link"])) { echo 'document.write("'; display_count(); die('");'); } } // Characters to be removed from name, email, and website fields $search = array('<', '>', "\n", "\r", '[', ']', '(', ')',' ', '<', '>', '"', "'"); // Clean up name, set name cookie if (isset($_POST["name"])) { if (preg_match('/[a-zA-Z0-9]/i', $_POST["name"])) { $name2 = '|%-^' . ucwords(strtolower(str_replace($search, '', stripslashes($_POST["name"])))); $name = substr($name2, strrpos($name2, '|%-^')+4, 29); setcookie('name', $name, $expire); } else { setcookie('name', '', $expire); } } // Set password cookie if (isset($_POST["password"])) { setcookie("password", str_replace($search, '', stripslashes($_POST["password"])), $expire); } // Clean up email, set email cookie if (isset($_POST["email"])) { $toandfrom = str_replace($search, '', stripslashes($_POST["email"])); if (preg_match('/[a-zA-Z0-9]/i', $toandfrom)) { $header = "From: $toandfrom\r\nReply-To: $toandfrom"; } setcookie('email', $toandfrom, $expire); } // Clean up web address, set website cookie if (isset($_POST["website"])) { if (!empty($_POST["website"])) { if (!preg_match('/http:\/\//i', stripslashes($_POST["website"])) && !preg_match('/https:\/\//i', stripslashes($_POST["website"]))) { $http = 'http://'; } else { $http = ''; } $website = $http . str_replace($search, '', stripslashes($_POST["website"])); } setcookie('website', str_replace($search, '', stripslashes($_POST["website"])), $expire); } function sanitize($query) { $value = str_replace('../', '', $query); return $value; } // Check if a comment has been entered, clean comment, replace HTML, create hyperlinks if (isset($_POST["go"])) { if (isset($_POST["comment"]) && preg_match('/[a-zA-Z0-9]/i', $_POST["comment"]) && !preg_match('/Type Comment Here.../i', $_POST["comment"]) && !preg_match('/Type Reply Here.../i', $_POST["comment"])) { $datasearch = array('"', '<', '>', "\n\r", "\n", "\r", ' '); $datareplace = array('"', '<', '>', '
\n', '\n', '
', ' '); $tagsearch = array('', '', '', '', '', '', '<s>', '</s>', '<pre>', '</pre>', '<code>', '</code>', '<ul>', '</ul>', '<ol>', '</ol>', '<li>', '</li>', '<blockquote>', '</blockquote>'); $tagreplace = array('', '', '', '', '', '', '~~', '~~', '

', '

', '', '', '

', '', '

', '

', '

'); $cleandata = str_ireplace($tagsearch, $tagreplace, str_ireplace($datasearch, $datareplace, stripslashes($_POST["comment"]))); $cleancode = preg_replace('/(((f|ht){1}tp:\/\/)[-a-zA-Z0-9@:%_\+.~#?&\/\/=]+)/i', '\\1', $cleandata); // Check if all allowed HTML tags have been closed, if not add them at the end function cleantags() { global $cleancode; $tags = array('code', 'b', 'i', 'u', 's', 'li', 'pre', 'blockquote', 'ul', 'ol'); $checktags = array('li', 'pre', 'blockquote', 'ul', 'ol'); $tc = '0'; while ($tc != count($tags)) { $opentags = substr_count(strtolower($cleancode), "<$tags[$tc]>"); $closetags = substr_count(strtolower($cleancode), ""); if (in_array($tags[$tc], $checktags)) { $cleancode = str_ireplace("
\\n<$tags[$tc]>", "\\n<$tags[$tc]>", str_ireplace("
\\n", "\\n", $cleancode)); $cleancode = str_ireplace("

", "
", $cleancode); } if ($opentags != $closetags) { while ($opentags > $closetags) { $cleancode .= ""; $closetags++; } while ($closetags > $opentags) { $cleancode = preg_replace('/' . str_replace('/', "\/", "") . '/i', '', $cleancode, 1); $closetags--; } } if ($tags[$tc] == 'code') { $cleancode = str_ireplace(" ", "
", preg_replace('/(

)(.*)(<\/code>)/i e', "'\\1' . htmlentities(preg_replace('/<\\/?a(\\s+.*?>|>)/', '',  '\\2')) . '\\3'", $cleancode));
					$cleancode = str_ireplace("
\\n

", "\\n", $cleancode); } if ($tags[$tc] == 'pre') { $cleancode = preg_replace('/(

)(.*?)(<\/pre>)/i e', "'\\1' . str_ireplace(\"
\", \"\", str_replace('\\\"', '\"', '\\2')) . '\\3'", $cleancode);
				}
				$tc++;
			}
			return $cleancode;
		}
		$cleancode = cleantags();

		// Edit comment
		if (isset($_POST["cmtpass"]) && isset($_POST["cmtfile"]) && !isset($_POST["delsub"])) {
			if(file_exists($dir . '/' . $_POST["cmtfile"])){
				$getpass = explode("\n", file_get_contents($dir . '/' . sanitize($_POST["cmtfile"])));
				$edit_name = preg_replace('/Name: /', '', $getpass[0], 1);
				$edit_site = preg_replace('/Site: /', '', $getpass[1], 1);
				$edit_date = preg_replace('/Date: /', '', $getpass[2], 1);
				$edit_mail = preg_replace('/Mail: /', '', $getpass[3], 1);
				$edit_pass = preg_replace('/Pass: /', '', $getpass[4], 1);
				$edit_addr = preg_replace('/Addr: /', '', $getpass[5], 1);

				// Check if password matches the one in the file
				if (md5(encrypt(stripslashes($_POST["cmtpass"]), $key)) == $edit_pass) {
					// Write edited comment to file
					$edit_data = "Name: $edit_name\n";
					$edit_data .= "Site: $edit_site\n";
					$edit_data .= "Date: $edit_date\n";
					$edit_data .= "Mail: $edit_mail\n";
					$edit_data .= "Pass: $edit_pass\n";
					$edit_data .= "Addr: $edit_addr\n\n";
					$edit_data .= $cleancode;

					file_put_contents($dir . '/' . $_POST["cmtfile"], $edit_data, LOCK_EX);
					setcookie('password', str_replace($search, '', stripslashes($_POST["cmtpass"])), $expire);
				}
			}
			// Kick visitor back to comment
			$kickback = explode('/', $dir . '/' . $_POST["cmtfile"], 4);
			header('Location: ' . $httpref . '#c' . str_replace(array('/', '.txt'), array('r', ''), $kickback[3]));
			die();
		}

		// Write comment to file
		$data = "Name: $name\n";
		$data .= "Site: $website\n";
		$data .= "Date: " . date('m/d/Y - g:ia') . "\n";
		$data .= "Mail: " . str_replace('"', '"', encrypt(str_replace($search, '', stripslashes($_POST["email"])), $key)) . "\n";
		if (isset($_POST["password"]) && !empty($_POST["password"])) {
			$data .= 'Pass: ' . md5(encrypt(str_replace($search, '', stripslashes($_POST["password"])), $key)) . "\n";
		} else {
			$data .= "Pass: \n";
		}
		$data .= 'Addr: ' . $_SERVER["REMOTE_ADDR"] . "\n\n";
		$data .= $cleancode;

		$reply_to = '';
		if (isset($_POST["reply_to"]) && !empty($_POST["reply_to"])) {
			if (!preg_match('/[a-zA-Z]/i', $_POST["reply_to"]) && file_exists($dir . '/' . $_POST["reply_to"] . ".txt")) {
				// Set reply directory information & "cookie" for successful reply
				$dir .= '/' . sanitize(stripslashes($_POST["reply_to"]));
				$reply_to = sanitize(stripslashes($_POST["reply_to"])) . '/';
				$cmtcount = read_comments($dir,'no');
				setcookie('replied', $_POST["reply_to"], $expire);
			}
		}

		$reply_to .= $cmtcount;
		file_put_contents($dir . '/' . $cmtcount . '.txt', $data, LOCK_EX);
		chmod($dir . '/' . $cmtcount . '.txt', 0775);

		// Send notification e-mails
		$permaplode = explode('/', $dir . '/' . $cmtcount, 4);
		$permalink = 'c' . str_replace(array('/', '.txt'), array('r', ''), $permaplode[3]);

		$inline_reply = '';
		if (isset($_POST["reply_to"]) && !empty($_POST["reply_to"])) {
			if (!preg_match('/[a-zA-Z]/i', $_POST["reply_to"]) && file_exists($dir . '/' . $_POST["reply_to"] . ".txt")) {
				$getcmt = explode("\n", file_get_contents($dir . '/' . sanitize($_POST["cmtfile"])));
				$clean_name = preg_replace('/Name: /', '', $getcmt[0], 1);
				$clean_date = preg_replace('/Date: /', '', $getcmt[2], 1);
				$clean_mail = preg_replace('/Mail: /', '', $getcmt[3], 1);
				$clean_comment = $getcmt[7];

				$reverse_datasearch = array('"', '<', '>', '
\n', '\n', '
', ' ');
				$reverse_datareplace = array('"', '<', '>', "\n", "\n", "\r", '  ');
				$to_commenter = "\nIn reply to:\n\n\t" . str_replace($reverse_datasearch, $reverse_datareplace, $clean_comment) . "\n\n";
				$to_webmaster = "\nIn reply to $clean_name:\n\n\t" . str_replace($reverse_datasearch, $reverse_datareplace, $clean_comment) . "\n\n";

				$decryto = encrypt($clean_mail, $key);
				if (!empty($clean_mail) && $decryto != $enotify && $decryto != $_POST["email"]) {
					mail($decryto, 'TildeHash: New Reply', "From $name:\n\n\t" . stripslashes($_POST["comment"]) . "\n\n$to_commenter----\nPermalink: $httpref" . '#' . $permalink . "\nPage: $httpref", $header);
				}
			}
		}
		if (isset($_POST["email"])) {
			if ($_POST["email"] != $enotify) {
				mail("$enotify", 'New Comment', "From $name:\n\n\t" . stripslashes($_POST["comment"]) . "\n\n$to_webmaster----\nPermalink: $httpref" . '#' . $permalink . "\nPage: $httpref", $header);
			}
		}
		// Set blank cookie for successful comment, kick visitor back to comment
		setcookie('replied', '', $expire);
		header('Location: ' . $httpref . '#' . $permalink);
		die();

	} else if (isset($_POST["go"])) {
		// Set failed comment cookie, kick visitor back to comment form
		if (isset($_POST["reply_to"]) && !empty($_POST["reply_to"])) {
			setcookie('replied', $_POST["reply_to"], $expire);
		}
		setcookie('success', 'no', $expire);
		header('Location: ' . $httpref . '#comments');
		die();
	}
}

// "Delete" comment
if (isset($_POST["cmtpass"]) && isset($_POST["delsub"]) && !isset($_POST["editsub"])) {
	if(file_exists($dir . '/' . $_POST["cmtfile"])){
		$getpass = explode("\n", file_get_contents($dir . '/' . sanitize($_POST["cmtfile"])));
		$cleanpass = preg_replace('/Pass: /', '', $getpass[4], 1);

		// Check if password matches the one in the file
		if (md5(encrypt(stripslashes($_POST["cmtpass"]), $key)) == $cleanpass) {
			// "Delete" the comment
			file_put_contents($dir . '/' . sanitize($_POST["cmtfile"]), 'deleted', LOCK_EX);
			chmod($dir . '/' . sanitize($_POST["cmtfile"]), 0644);
			setcookie('password', str_replace($search, '', stripslashes($_POST["cmtpass"])), $expire);
		}
	}
	// Kick visitor back to comment
	$kickback = explode('/', $dir . '/' . $_POST["cmtfile"], 4);
	header('Location: ' . $httpref . '#c' . str_replace(array('/', '.txt'), array('r', ''), $kickback[3]));
	die();
}

// JavaScript output and comment form
?>
// Copyright (C) 2012 Jacob Barkdull, Jeremiah Stoddard
//
//	This program is free software: you can redistribute it and/or modify
//	it under the terms of the GNU Affero General Public License as
//	published by the Free Software Foundation, either version 3 of the
//	License, or (at your option) any later version.
//
//	This program is distributed in the hope that it will be useful,
//	but WITHOUT ANY WARRANTY; without even the implied warranty of
//	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//	GNU Affero General Public License for more details.
//
//	You should have received a copy of the GNU Affero General Public License
//	along with this program.  If not, see .
//
//--------------------
//
// Source Code and Installation Instructions:
//	http://
//

// Default form settings
if (power	== undefined) { var power	=  'yes'; }
if (commentform	== undefined) { var commentform	=  'top'; }
if (boxheight	== undefined) { var boxheight	=  '8';   }
if (name_on	== undefined) { var name_on	=  'yes'; }
if (email_on	== undefined) { var email_on	=  'yes'; }
if (sites_on	== undefined) { var sites_on	=  'yes'; }
if (passwd_on	== undefined) { var passwd_on	=  'yes'; }

// Displays comment form, count, and comments
if (power == 'yes') {
	// Function to display comments and comment form
	function showcomments() {
		if (document.title != '') {
			var pagetitle = ' on \"'+document.title+'\"';
		} else {
			var pagetitle = '';
		}
		document.write("
\n");
		document.write("Post a Comment\n");' . "\n";

		// Check if either a comment or reply failed to post
		if (isset($_COOKIE["success"]) && $_COOKIE["success"] == "no") {
			if (!isset($_COOKIE["replied"]) && empty($_COOKIE["replied"])) {
				echo "\t\t" . 'document.write("A Comment Is Required!

\n");' . "\n";
				$cmtform = "Type Comment Here...";
				$postbutton = "Post Comment";
				setcookie("success", '', $expire);
			} else {
				echo "\t\t" . 'document.write("A Reply Is Required!

\n");' . "\n";
				$cmtform = "Type Reply Here...";
				$postbutton = "Post Reply";
				setcookie("replied", '', $expire);
				setcookie("success", '', $expire);
			}
		}
		?>
		document.write("\" method=\"post\">\n");
		document.write("\n");
		document.write("\n\n");

		// Display name input tag if told to
		if (name_on == 'yes') {
			document.write("\n");
		}

		// Display password input tag if told to
		if (passwd_on == 'yes') {
			document.write("\n"); 
		}

		// Display email input tag if told to
		if (email_on == 'yes') {
			document.write("\n");
		}

		// Display website input tag if told to
		if (sites_on == 'yes') {
			document.write("\n");
		}
		document.write("\n\n\n");
			document.write("Nickname:
\n");
			document.write("\" style=\"width: 97%;\">\n");
			document.write(" \n");
			document.write("Password \(Optional\):
\n");
			document.write("\n");
			document.write(" \n");
			document.write("E-mail Address:
\n");
			document.write("\" style=\"width: 97%;\">\n");
			document.write(" \n");
			document.write("Website:
\n");
			document.write("\" style=\"width: 97%;\">\n");
			document.write("\n");
		document.write("\n");
		document.write("') ? '' : this.value;\" onblur=\"this.value=(this.value=='') ? '<?php echo $cmtform; ?>' : this.value;\" style=\"width: 99%;<?php if (isset($_COOKIE["success"]) && $_COOKIE["success"] == "no") { echo ' border: 2px solid #FF0000 !important; -moz-border-radius: 5px; border-radius: 5px;'; }?>\"><?php echo $cmtform; ?>\n");
		document.write("\" style=\"width: 99.3%;\" onclick=\"return noemail\(\);\" onsubmit=\"return noemail\(\);\">
\n");
		document.write("HTML accepted (<b>, <u>, <i>, <s>, <pre>, <ul>, <ol>, <li>, <blockquote>, URLs automagically become links, use <code> to escape HTML.)
\n");\n");' . "\n" : '' . "\n"; ?>
		document.write("
\n\n");
	}

	if (commentform == 'top') {
		showcomments();
	}
	Showing ';
	if ($cmtcount == "1") {
		echo '0 Comments:\n");' . "\n";
		echo "\t" . 'document.write("
Be the first to comment!\n");' . "\n";
	} else {
		display_count();
		echo ':\n");' . "\n";
	}
	// Display comments
	echo $showcmt;
	?>
	if (commentform == 'bottom') {
		document.write("
\n");
		showcomments();
	}
	document.write("
\n");
	document.write("Powered by HashOver ·\n");
	document.write(""+document.title+"\" target=\"_blank\">RSS Feed ·\n");
	document.write("?source\" target=\"_blank\">Source Code ·\n");
	document.write("\" target=\"_blank\">JavaScript ·\n");
	document.write("ChangeLog\n");
	document.write("\n\n");
}

// Displays reply form
function reply(r) {
	var reply_form_open = "\n\n\
	\n\
	\n\n\n\
	\n\
	

\n\
	Reply To Comment\n\
	 id=\"options"+r+"\" align=\"center\">\n\
	\n\n\n\n\n";

	if (name_on == 'yes') {
		var reply_name = "\n";
	} else {
		var reply_name = '';
	}
	if (passwd_on == 'yes') {
		var reply_passwd = "\n";
	} else {
		var reply_passwd = '';
	}
	if (email_on == 'yes') {
		var reply_email = "\n";
	} else {
		var reply_email = '';
	}
	if (sites_on == 'yes') {
		var reply_sites = "\n";
	} else {
		var reply_sites = '';
	}

	var reply_form_close = "\n\
	\n
Nickname:
\" style=\"width: 97%;\"> Password \(Optional\):
\" style=\"width: 97%;\"> E-mail Address:
\" style=\"width: 97%;\"> Website:
\" style=\"width: 97%;\">\n\
	\n\
	Type Reply Here...
\n\
	\n\
	\n\
	\n\n";

	document.getElementById("reply"+r).innerHTML = ""+reply_form_open+""+reply_name+""+reply_passwd+""+reply_email+""+reply_sites+""+reply_form_close+"";

	if (document.getElementById("editcmt"+r) != null) {
		document.getElementById("editcmt"+r).innerHTML = '';
	}
	if (document.getElementById("options"+r).style.display != 'none') {
		document.getElementById("optslink"+r).style.display = 'none';
	}
	return false;
}

// Function to cancel reply
function cancelreply(r) {
	if (document.getElementById("editcmt"+r) != null) {
		document.getElementById("editcmt"+r).innerHTML = "";
	}
	document.getElementById("reply"+r).innerHTML = "";
	return false;
}

// Displays edit form
function editcmt(e) {
	var cmtdata = document.getElementById("cmtdata"+e).innerHTML.replace(/
/gi, '').replace(/<\/?a(\s+.*?>|>)/gi, '');
	document.getElementById("editcmt"+e).innerHTML = '\n\n\
	\n\
	\n\
	\n\
	

\n\
	Edit Comment \n\
	\n\
	· Password: \">\n\
	\n\
	\n\
	'+cmtdata+'
\n\
	\n\
	\n';
	
	document.getElementById("reply"+e).innerHTML = '';
	return false
}

// Function to cancel comment edit
function canceledit(e) {
	document.getElementById("editcmt"+e).innerHTML = "";
	document.getElementById("reply"+e).innerHTML = "";
	return false;
}

// Displays options table
function options(r) {
	if (name_on == 'yes' || email_on == 'yes' || passwd_on == 'yes' || sites_on == 'yes') {
		document.getElementById("options"+r).style.display = '';
		document.getElementById("optslink"+r).style.display = 'none';
	} else {
		document.getElementById("options"+r).style.display = '';
		document.getElementById("optslink"+r).innerHTML = 'All Options Are Disabled ·';
	}
	return false;
}

// Displays a "blank email address" warning
function noemail() {
	if (document.comment_form.email.value == '' && email_on == "yes") {
		var answer = confirm('You will not receive notification of replies to your comment without supplying an e-mail.');
		if (answer == false) {
			document.comment_form.email.focus();
			return false;
		}
	}
}

// Displays a "blank email address" warning when replying
function noemailreply(f) {
	if (document.getElementById("reply_form"+f).email.value == '' && email_on == "yes") {
		var answer = confirm('You will not receive notification of replies to your comment without supplying an e-mail.');
		if (answer == false) {
			document.getElementById("options"+f).style.display = '';
			document.getElementById("optslink"+f).style.display = 'none';
			document.getElementById("reply_form"+f).email.focus();
			return false;
		}
	}
}

// Displays confirmation dialog for deletion
function delwarn() {
	var answer = confirm('Are you sure you want to delete this comment?');
	if (answer == false) {
		return false;
	}
}

// Displays notice that a commenter will receive notifications of replies
function chkmk(n) {
	alert(n+' has supplied an e-mail address and will be notified of replies.');
}

// Displays information about passwords
function passwordinfo(c) {
	alert('Enter a password if you want to be able to edit or delete your '+c+' later.');
}


Nickname: \" style=\"width: 97%;\">	Password \(Optional\): \" style=\"width: 97%;\">	E-mail Address: \" style=\"width: 97%;\">	Website: \" style=\"width: 97%;\">