protected void SendComment(object sender, EventArgs e) { String comment = Page.Request.Form["commentarea"]; MembershipUser currentUser = Membership.GetUser(); anm_Utility ut = new anm_Utility(); string idn = ""; if (HttpContext.Current.Request.QueryString["news"] != null) { idn = HttpContext.Current.Request.QueryString["news"]; } else { idn = ut.GetIdNewsByComment(Request.QueryString["comment"]); } string titlenews = ut.GetTitleNews(idn); string url = Page.Request.Url.AbsolutePath.ToString() + "?p=articles&news=" + idn; if (currentUser == null && (ut.GetSetting("Anonymous") == "False" || ut.GetSetting("Anonymous") == "")) { Response.Redirect(url + "&err=5#response"); } else if (comment.Length == 0) { Response.Redirect(url + "&err=1#response"); } else if (comment.Length > 2000) { Response.Redirect(url + "&err=4#response"); } else { if (ut.GetSetting("CaptchaComments") == "True") { if (txtcaptcha.Text.ToString() != Request.Cookies["Captcha"]["value"]) { Response.Redirect(url + "&err=3#response"); } } Boolean bbcode; String commento; try { bbcode = Convert.ToBoolean(ut.GetSetting("BBcode")); } catch { bbcode = false; } if (bbcode) { commento = ut.ConvertBBCodeToHTML(comment); } else { Regex exp; exp = new Regex(@"\<blockquote\>(.+?)\</blockquote\>"); commento = exp.Replace(comment, ""); exp = new Regex(@"\[QUOTE\=(.+?)\](.+?)\[/QUOTE\]"); commento = exp.Replace(commento, "<blockquote><strong>$1 wrote</strong>:<br/>$2</blockquote>"); exp = new Regex(@"\[QUOTE\](.+?)\[/QUOTE\]"); commento = exp.Replace(commento, "<blockquote>$1</blockquote>"); commento = commento.Replace("<br />", "\n"); commento = commento.Replace("\r\n", "<br />"); commento = commento.Replace("\n", "<br />"); commento = commento.Replace("</blockquote><br />", "</blockquote>"); } Boolean approve; try { approve = Convert.ToBoolean(ut.GetSetting("ApproveComments")); } catch { approve = true; } string ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"]; string idnews = idn.ToString(); int nc = ut.GetCommentsNews(idnews); try { string strConn = ConfigurationManager.ConnectionStrings["anmcs"].ToString(); SqlConnection conn = new SqlConnection(strConn); SqlCommand command = new SqlCommand("anm_InsertComment", conn); command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("@idnews", SqlDbType.Int).Value = idnews; if (currentUser == null) { command.Parameters.Add("@commentator", SqlDbType.NVarChar).Value = "Anonymous"; } else { command.Parameters.Add("@commentator", SqlDbType.NVarChar).Value = currentUser.UserName.ToString(); } command.Parameters.Add("@comment", SqlDbType.NText).Value = commento; command.Parameters.Add("@ip", SqlDbType.NVarChar).Value = ip; command.Parameters.Add("@approved", SqlDbType.NVarChar).Value = !approve; conn.Open(); int rows = command.ExecuteNonQuery(); conn.Close(); } catch (Exception ex) { lblerror.Text = ex.Message; lblerror.Visible = true; } if (approve) { Response.Redirect(Page.Request.Url.AbsolutePath.ToString() + "?p=confirm&mes=" + GetGlobalResourceObject("language", "CommentSent") + "&link=" + idnews); } else { ut.IcreaseComments(idnews, nc + 1); Response.Redirect(apath + "/articles/" + idn + "/" + ut.RemoveNonAlfaNumeric(titlenews) + ".aspx#comments"); } } }