xgonin
 709 
|  Posté : 07-07-2006 01:19
Voilà le fichier replyH.php corrigé pour AntiSpamBots V2, qui permet de sécuriser les réponses à des posts sur le forum.
<?PHP
/************************************************************** **********/
/* NPDS V : Net Portal Dynamic System . & nbsp; */
/* =========================== &nbs p; ; */
/* &nb sp; &nbs p; ; & nbsp; */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* &nb sp; &nbs p; ; & nbsp; */
/* This version name NPDS Copyright (c) 2001-2004 */
/* Great mods by snipe &n bsp; &nb sp; &nbs p; */
/* &nb sp; &nbs p; ; & nbsp; */
/* ========================= & nbsp; &n bsp; */
/* Based on Parts of phpBB &n bsp; &nb sp; &nbs p; */
/* &nb sp; &nbs p; ; & nbsp; */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
br />if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}
!include!('functions.php');
// ##### ==> AntiSpamBots
!include! ("antispambots.php");
// ##### ==> AntiSpamBots
if ($SuperCache) {
$cache_obj = new cacheManager();
}
!include!('auth.php');
global $pdst; $pdst="0";
if ($cancel) {
header("Location: viewtopicH.php?topic=$topic&forum=$forum");
}
$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type,& nbsp;forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);
if (!$rowQ1)
forumerror('0001');
list(,$myrow) = each($rowQ1);
$forum_name = $myrow[forum_name];
$forum_access = $myrow[forum_access];
$forum_type=$myrow[forum_type];
$mod=$myrow[forum_moderator];
if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {
header("Location: forum.php");
}
if ($forum_access==9) {
header("Location: forum.php");
}
if (is_locked($topic)) {
forumerror('0025');
}
if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {
forumerror('0026');
}
if ($submitS) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
br /> AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
if ($message=='') $stop=1;
if (!$user) {
if ($forum_access==0) {
$userdata = a rray("uid" => 1);
!include!("header.php");
} else {
if (($username=="") or ($password=="")) {
forum error('0027');
} else {
$resu lt = mysql_query("select pass FROM users WHERE uname='$u sername'");
list( $pass) = mysql_fetch_row($result);
if&nb sp;(!$system) {
; $passwd=crypt($password,$pass);
} else {
; $passwd=$password;
}
if&nb sp;((strcmp($passwd,$pass)==0) and ($pass != "")) {
; $userdata = get_userdata($username);
; !include!("header.php");
} else {
; forumerror('0028');
}
$modo =user_is_moderator($username,$pass,$forum_access);
if&nb sp;($forum_access==2) {
; if (!$modo)
; forumerror('0027');
}
}
}
} else {
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$modo=user_is_moderator($userdata< font color="#007700">[0],$userdata[2],$forum_access);
if ($forum_access==2) {
if (!$modo)
forum error('0027');
}
$userdata = get_userdata($userd ata[1]);
!include!("header.php");
}
// Either valid user/pass, or vali d session. continue with post.
if ($stop != 1) {
$poster_ip = getip();
if ($dns_verif)
$hostname=@gethostbyadd r($poster_ip);
anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);
if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);
if ($sig && $userd ata[uid] != 1) $message .= " [addsig]";
if (($forum_type!="6") and ($forum_type!="5")) {
$message = af f_code($message);
$message = st r_replace("\n", "<br />", $message);
}
if (($allow_bbcode==1) and ;($forum_type!="6") and ($forum_type!="5")) {
$message = sm ile($message);
}
if (($forum_type!="6") and ($forum_type!="5")){
$message = ma ke_clickable($message);
$message = re moveHack($message);
}
$image_subject=removeHack($image_subject) ;
$message = addslashes($message) ;
$time = date("Y-m-d H:i:s",time()+($gmt*3600));
$sql = "INSERT INTO posts (topic_id, image, fo rum_id, poster_id, post_text, post_time, poster_ip, po ster_dns, post_idH) VALUES ('$topic', '$image_subject',&nbs p;'$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hos tname', $post)";
if (!$result = mysql_query ($sql)) {
forumerror('0020');
} else {
$IdPost=mysql_insert_id ();
}
$sql = "UPDATE forumtopics SET topic_time = '$ time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";
if (!$result = mysql_query ($sql)) {
forumerror('0020');
}
$sql = "UPDATE forum_read SET status='0' where ;topicid = '$topic' and uid <> '$userdata[uid]'";
if (!$r = mysql_query($sql )) {
forumerror('0001');
}
$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";
$result = mysql_query($sql);
br /> if (!$result) {
forumerror('0029');
}
$sql = "SELECT t.topic_notify, u.email, u.uname, u. uid, u.user_langue FROM forumtopics t, users u&nb sp;WHERE t.topic_id = '$topic' AND t.topic_poster ;= u.uid";
if (!$result = mysql_query ($sql)) {
forumerror('0022');
}
$m = mysql_fetch_array($result) ;
if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {
!include!_once(< font color="#007700">"language/lang-multi.php");
$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE&n bsp;topic_id='$topic'");
list($title_topic)=mysq l_fetch_row($resultZ);
$subject = st rip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentair e a été posté.");
$message = $m [uname]."\r\n";
$message .= t ranslate_ml($m[user_langue], "Vous recevez ce Mail car vous ave z demandé à être informé lors de la pub lication d'une réponse.")."\r\n";
$message .= t ranslate_ml($m[user_langue], "Pour lire la réponse")." : ";
$message .= < /font>"$nuke_url/viewtopicH.php?topic=$topic&forum=$forum\r\n";
!include!("signat.php");
if (!$system) ;{
send_ email($m[email], $subject, $message, "", true, "text");
$sauf =$m[uid];
}
}
|
