|
xgonin
 709 
|  Posté : 07-07-2006 01:19
Voilà le fichier replyH.php corrigé pour AntiSpamBots V2, qui permet de sécuriser les réponses à des posts sur le forum.
<?PHP
/************************************************************** **********/
/* NPDS V : Net Portal Dynamic System . & nbsp; */
/* =========================== &nbs p; ; */
/* &nb sp; &nbs p; ; & nbsp; */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* &nb sp; &nbs p; ; & nbsp; */
/* This version name NPDS Copyright (c) 2001-2004 */
/* Great mods by snipe &n bsp; &nb sp; &nbs p; */
/* &nb sp; &nbs p; ; & nbsp; */
/* ========================= & nbsp; &n bsp; */
/* Based on Parts of phpBB &n bsp; &nb sp; &nbs p; */
/* &nb sp; &nbs p; ; & nbsp; */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
br />if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}
!include!('functions.php');
// ##### ==> AntiSpamBots
!include! ("antispambots.php");
// ##### ==> AntiSpamBots
if ($SuperCache) {
$cache_obj = new cacheManager();
}
!include!('auth.php');
global $pdst; $pdst="0";
if ($cancel) {
header("Location: viewtopicH.php?topic=$topic&forum=$forum");
}
$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type,& nbsp;forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);
if (!$rowQ1)
forumerror('0001');
list(,$myrow) = each($rowQ1);
$forum_name = $myrow[forum_name];
$forum_access = $myrow[forum_access];
$forum_type=$myrow[forum_type];
$mod=$myrow[forum_moderator];
if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {
header("Location: forum.php");
}
if ($forum_access==9) {
header("Location: forum.php");
}
if (is_locked($topic)) {
forumerror('0025');
}
if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {
forumerror('0026');
}
if ($submitS) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
br /> AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
if ($message=='') $stop=1;
if (!$user) {
if ($forum_access==0) {
$userdata = a rray("uid" => 1);
!include!("header.php");
} else {
if (($username=="") or ($password=="")) {
forum error('0027');
} else {
$resu lt = mysql_query("select pass FROM users WHERE uname='$u sername'");
list( $pass) = mysql_fetch_row($result);
if&nb sp;(!$system) {
; $passwd=crypt($password,$pass);
} else {
; $passwd=$password;
}
if&nb sp;((strcmp($passwd,$pass)==0) and ($pass != "")) {
; $userdata = get_userdata($username);
; !include!("header.php");
} else {
; forumerror('0028');
}
$modo =user_is_moderator($username,$pass,$forum_access);
if&nb sp;($forum_access==2) {
; if (!$modo)
; forumerror('0027');
}
}
}
} else {
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$modo=user_is_moderator($userdata< font color="#007700">[0],$userdata[2],$forum_access);
if ($forum_access==2) {
if (!$modo)
forum error('0027');
}
$userdata = get_userdata($userd ata[1]);
!include!("header.php");
}
// Either valid user/pass, or vali d session. continue with post.
if ($stop != 1) {
$poster_ip = getip();
if ($dns_verif)
$hostname=@gethostbyadd r($poster_ip);
anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);
if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);
if ($sig && $userd ata[uid] != 1) $message .= " [addsig]";
if (($forum_type!="6") and ($forum_type!="5")) {
$message = af f_code($message);
$message = st r_replace("\n", "<br />", $message);
}
if (($allow_bbcode==1) and ;($forum_type!="6") and ($forum_type!="5")) {
$message = sm ile($message);
}
if (($forum_type!="6") and ($forum_type!="5")){
$message = ma ke_clickable($message);
$message = re moveHack($message);
}
$image_subject=removeHack($image_subject) ;
$message = addslashes($message) ;
$time = date("Y-m-d H:i:s",time()+($gmt*3600));
$sql = "INSERT INTO posts (topic_id, image, fo rum_id, poster_id, post_text, post_time, poster_ip, po ster_dns, post_idH) VALUES ('$topic', '$image_subject',&nbs p;'$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hos tname', $post)";
if (!$result = mysql_query ($sql)) {
forumerror('0020');
} else {
$IdPost=mysql_insert_id ();
}
$sql = "UPDATE forumtopics SET topic_time = '$ time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";
if (!$result = mysql_query ($sql)) {
forumerror('0020');
}
$sql = "UPDATE forum_read SET status='0' where ;topicid = '$topic' and uid <> '$userdata[uid]'";
if (!$r = mysql_query($sql )) {
forumerror('0001');
}
$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";
$result = mysql_query($sql);
br /> if (!$result) {
forumerror('0029');
}
$sql = "SELECT t.topic_notify, u.email, u.uname, u. uid, u.user_langue FROM forumtopics t, users u&nb sp;WHERE t.topic_id = '$topic' AND t.topic_poster ;= u.uid";
if (!$result = mysql_query ($sql)) {
forumerror('0022');
}
$m = mysql_fetch_array($result) ;
if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {
!include!_once(< font color="#007700">"language/lang-multi.php");
$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE&n bsp;topic_id='$topic'");
list($title_topic)=mysq l_fetch_row($resultZ);
$subject = st rip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentair e a été posté.");
$message = $m [uname]."\r\n";
$message .= t ranslate_ml($m[user_langue], "Vous recevez ce Mail car vous ave z demandé à être informé lors de la pub lication d'une réponse.")."\r\n";
$message .= t ranslate_ml($m[user_langue], "Pour lire la réponse")." : ";
$message .= < /font>"$nuke_url/viewtopicH.php?topic=$topic&forum=$forum\r\n";
!include!("signat.php");
if (!$system) ;{
send_ email($m[email], $subject, $message, "", true, "text");
$sauf =$m[uid];
}
}
|
 Profil  www 
|
|
xgonin
709
| Posté : 07-07-2006 01:21
Et la fin du code :
global $subscribe;
if ($subscribe) {
if (subscribe_query($userdata[uid],"forum",$forum)) {
$sauf =$userdata[uid];
}
subscribe_mail("forum", $topic,$forum,"",$sauf);
}
if ($upload) {
!include!("modules/uplo ad/upload_forum.php");
win_upload("forum_npds" ,$IdPost,$forum,$topic,"win");
}
redirect_!url(!"viewtopicH.php?forum=$for um&topic=$topic");
} else {
OpenTable();
echo "<p align=\"center\">".translate("You must type a message to post.")."<br /><br />";
echo "[ <a href=\"!javascript!:history.go(-1)\" class=\"NOIR\">".translate("Go Back")."</a> ]</p>";
CloseTable();
}
} else {
!include!('header.php');
if ($allow_bbcode==1) {
!include!("lib/formhelp.java.php");
}
list($topic_title, $stopic_status) = mysql_fetch_array(mysql_query("select topic_title, topic_status from forumtopics where topic_id='$topic'"));
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$moderator = get_moderator($mod);
$moderator=explode(" ",$moderator);
$Mmod=false;
echo "<table width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\"><tr><td class=\"HEADER\">\n";
echo "<b>".translate("Moderated By: ")."</b>";
for ($i = 0; $i < count($moderator); $i++) {
echo "<a href=user.php?op=userinfo&uname=$moderator[$i] class=\"BOX\">$moderator[$i]</a> ";
if (($userdata[1]==$moderator[$i])) { $Mmod=true;}
}
echo "</td></tr></table><br />";
echo "<b>".translate("Post Reply in Topic:")."</b>";
echo " <a href=\"viewforum.php?forum=$forum\" class=\"NOIR\">".stripslashes($forum_name)."</a> |& amp;nbsp; ";
echo "<a href=\"forum.php\" class=\"NOIR\">".translate("Forum Index")."</a>\n";
echo "<br />";
echo "<form action=\"replyH.php\" method=\"post\" name=\"coolsus\">";
echo "<table border=\"0\" cellpadding=\"1\" cellspacing=\"1\" width=\"100%\">";
echo "<tr><td class=\"HEADER\" colspan=\"2\" class=\"ONGL\">".translate("About Posting:")."</td></tr><tr>";
if ($forum_access == 0) {
echo "<td colspan=\"2\">".translate("Anonymous users can post new topics and replies in this forum.")."</td>";
} else if($forum_access == 1) {
echo "<td colspan=\"2\">".translate("All registered users can post new topics and replies to this forum.")."</td>";
} else if($forum_access == 2) {
echo "<td colspan=\"2\">".translate("Only Moderators can post new topics and replies in this forum.")."</td>";
}
echo "</tr>";
$allow_to_reply=false;
if ($forum_access==0) {
$allow_to_reply=true;
} elseif ($forum_access==1) {
if (isset($user)) {
$allow_to_reply=true;
< br /> }
} elseif ($forum_access==2) {
if (user_is_moderator($userdata[0],$userdata[2],$forum_access)) {
$allow_to_reply=true;
< br /> }
}
if ($topic_status!=0)
$allow_to_reply=false;
if ($allow_to_reply) {
if ($submitP) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
$acc = "reply";
$message=stripslashes($ message);
echo "<tr><td colspan=\"2\">";
!include! ("preview.php");
echo "</td></tr>";
} else {
$message='';
}
echo "<tr align=\"left\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Nickname: ")."<b></td>";
echo "<td class=\"LIGNB\">";
echo $userdata[1];
echo "</td></tr>";
if ($smilies) {
echo "<tr align=\"left\" valign=\"top\">
<td class=\"LIGNB\" width=\"25%\"><b>".translate("Message Icon: ")."<b></td>
<td class=\"LIGNB\">";
echo emotion_add($image_subject);
echo "</td></tr>";
}
echo "<tr align=\"left\" valign=\"top\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Message: ")."</b><br /><br />";
echo "<span style=\"font-size: 10px;\">";
echo "HTML : ";
if ($allow_html==1) {
echo translate("On")."<br />";
echo HTML_Add($allow_forum_hide);
} else
echo translate("Off")."<br />";
if ($citation && !$submitP) {
$sql = "SELECT p.post_text, p.post_time, u.uname FROM posts p, users u WHERE post_id = '$post' AND p.poster_id = u.uid";
if ($r = mysql_query($sql)) {
$m = mysql_fetch_array($r);
$text = $m[post_text];
if (($forum_type!="6") and ($forum_type!="5")) {
; $text = smile($text);
; $text = str_replace("<br />", "\n", $text);
} else {
; $text = htmlspecialchars($text);
}
$text = stripslashes($text);
if ($m[post_time]!="" && $m[uname]!="") {
; $reply = "<div class=\"QUOTE\">".translate("Quote")." : <b>$m[uname]</b> \n\n$text \n</div>";
} else {
; $reply = "$text\n";
}
$reply = preg_replace("#\[hide\](.*?)\[\/hide\]#si","",$reply);
} else {
$reply = translate("Error Connecting to DB")."\n";
}
$message = $reply;
}
echo "</span></td>";
if ($allow_bbcode==1)
$xJava = 'name="message" onSelect="storeCaret(this);" !onclick!="storeCaret(this);" !onkey!up="storeCaret(this);" !onfocus!="storeForm(this)"';
echo "<td class=\"LIGNB\"><textarea class=\"textbox\" $xJava name=\"message\" rows=\"10\" cols=\"80\" wrap=\"virtual\">$message</textarea><br />";
if ($allow_bbcode == 1)
putitems();
echo "</td></tr><tr align=\"left\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Options: ")."</b></td>";
echo "<td class=\"LIGNB\">";
if (($allow_html == 1) and ($forum_type!="6") and ($forum_type!="5")) {
if ($html == "on") {
$seth tml = "checked";
}
echo "<input type=\"checkbox\" name=\"html\" ".$sethtml.">".translate("Disable HTML on this Post")."<br />";
}
if ($user) {
if ($allow_sig == 1) {
$asig = mysql_query("select attachsig from users_status where uid='$cookie[0]'");
list( $attachsig) = mysql_fetch_row($asig);
if ($attachsig == 1||$sig == "on") {
; $s = "checked";
}
if (($forum_type!="6") and ($forum_type!="5")) {
; echo "<input type=\"checkbox\" name=\"sig\" $s>".translate("Show signature")." <span style=\"font-size: 10px;\">(".translate("This can be altered or added in your profile").")</span><br />";
}
}
if ($allow_upload_forum) {
if ($upload == "on") {
; $up = "checked";
}
echo "<input type=\"checkbox\" name=\"upload\" $up>".translate("Upload file after send accepted")."<br />";
}
}
echo "</td></tr><tr>";
echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">";
echo "<input type=\"hidden\" name=\"forum\" value=\"$forum\">";
echo "<input type=\"hidden\" name=\"topic\" value=\"$topic\">";
echo "<input type=\"hidden\" name=\"post\" value=\"$post\">";
// ##### ==> AntiSpamBots
AntiSpamBots::question();
AntiSpamBots::field();
// ##### ==> AntiSpamBots
echo "<br /><input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitS\" value=\"".translate("Submit")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitP\" value=\"".translate("Preview")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"reset\" value=\"".translate("Clear")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"cancel\" value=\"".translate("Cancel Post")."\"><br /><br />";
echo "</td></tr>";
} else {
echo "<tr>";
echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">".translate("You are not allowed to reply in this forum")."</td>";
echo "</tr>";
}
echo "</table></form>";
}
!include!('footer.php');
?>
|
Profil www
|
|
xgonin
709
| Posté : 07-07-2006 01:23
Dites-ce que vous en pensez, étant pas forcément un génie en prog...
Amicalement |
Profil www
|
|
xgonin
709
| |
aidadomicil
3011
| Posté : 13-07-2006 11:25
bjr, c'est normal ça : ok dude , quand on essaie de télécharger le fichier ? |
Profil www
|
|
Anonyme
19853
| |
Cats
75
| Posté : 14-07-2006 04:52
Bonjour,
Idem pour moi  |
Profil www
|
|
GiamDoc
7063
| Posté : 14-07-2006 08:04
Comme cela c'est sûr que le spam y passera pas  |
Profil  E-mail www
|
|
xgonin
709
| Posté : 17-07-2006 19:46
oups, de retour de vacances avec une mauvaise surprise...
Je vais régler cela au plus vite, désolé !! |
Profil www
|
|
xgonin
709
| Posté : 17-07-2006 19:51
Voilà c'est fait !!! 
Désolé du contre-temps, mais mon serveur à m... pdt mes vacances... |
Profil www
|
|
Dev 
|
Charte|
Nous contacter|CNIL : 873057|Logiciel sous licence GNU/GPL|
.:Page >> Super-Cache:.