Auteur
xgonin
xgonin
Forum » » Sécurité » » [Résolu] - Correctif AntiSpamBots
Posté : 7 juil. 2006 à 01:19 
<?PHP
/************************************************************************/
/* NPDS V : Net Portal Dynamic System . */
/* =========================== */
/* */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* */
/* This version name NPDS Copyright (c) 2001-2004 */
/* Great mods by snipe */
/* */
/* ========================= */
/* Based on Parts of phpBB */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}
!include!('functions.php');
// ##### ==> AntiSpamBots
!include! ("antispambots.php");
// ##### ==> AntiSpamBots
if ($SuperCache) {
$cache_obj = new cacheManager();
}
!include!('auth.php');
global $pdst; $pdst="0";
if ($cancel) {
header("Location: viewtopicH.php?topic=$topic&forum=$forum");
}
$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type, forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);
if (!$rowQ1)
forumerror('0001');
list(,$myrow) = each($rowQ1);
$forum_name = $myrow[forum_name];
$forum_access = $myrow[forum_access];
$forum_type=$myrow[forum_type];
$mod=$myrow[forum_moderator];
if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {
header("Location: forum.php");
}
if ($forum_access==9) {
header("Location: forum.php");
}
if (is_locked($topic)) {
forumerror('0025');
}
if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {
forumerror('0026');
}
if ($submitS) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
if ($message=='') $stop=1;
if (!$user) {
if ($forum_access==0) {
$userdata = array("uid" => 1);
!include!("header.php");
} else {
if (($username=="") or ($password=="")) {
forumerror('0027');
} else {
$result = mysql_query("select pass FROM users WHERE uname='$username'");
list($pass) = mysql_fetch_row($result);
if (!$system) {
$passwd=crypt($password,$pass);
} else {
$passwd=$password;
}
if ((strcmp($passwd,$pass)==0) and ($pass != "")) {
$userdata = get_userdata($username);
!include!("header.php");
} else {
forumerror('0028');
}
$modo=user_is_moderator($username,$pass,$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
}
}
} else {
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$modo=user_is_moderator($userdata[0],$userdata[2],$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
$userdata = get_userdata($userdata[1]);
!include!("header.php");
}
// Either valid user/pass, or valid session. continue with post.
if ($stop != 1) {
$poster_ip = getip();
if ($dns_verif)
$hostname=@gethostbyaddr($poster_ip);
anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);
if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);
if ($sig && $userdata[uid] != 1) $message .= " [addsig]";
if (($forum_type!="6") and ($forum_type!="5")) {
$message = aff_code($message);
$message = str_replace("\n", "<br />", $message);
}
if (($allow_bbcode==1) and ($forum_type!="6") and ($forum_type!="5")) {
$message = smile($message);
}
if (($forum_type!="6") and ($forum_type!="5")){
$message = make_clickable($message);
$message = removeHack($message);
}
$image_subject=removeHack($image_subject);
$message = addslashes($message);
$time = date("Y-m-d H:i:s",time()+($gmt*3600));
$sql = "INSERT INTO posts (topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns, post_idH) VALUES ('$topic', '$image_subject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hostname', $post)";
if (!$result = mysql_query($sql)) {
forumerror('0020');
} else {
$IdPost=mysql_insert_id();
}
$sql = "UPDATE forumtopics SET topic_time = '$time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";
if (!$result = mysql_query($sql)) {
forumerror('0020');
}
$sql = "UPDATE forum_read SET status='0' where topicid = '$topic' and uid <> '$userdata[uid]'";
if (!$r = mysql_query($sql)) {
forumerror('0001');
}
$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";
$result = mysql_query($sql);
if (!$result) {
forumerror('0029');
}
$sql = "SELECT t.topic_notify, u.email, u.uname, u.uid, u.user_langue FROM forumtopics t, users u WHERE t.topic_id = '$topic' AND t.topic_poster = u.uid";
if (!$result = mysql_query($sql)) {
forumerror('0022');
}
$m = mysql_fetch_array($result);
if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {
!include!_once("language/lang-multi.php");
$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE topic_id='$topic'");
list($title_topic)=mysql_fetch_row($resultZ);
$subject = strip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentaire a été posté.");
$message = $m[uname]."\r\n";
$message .= translate_ml($m[user_langue], "Vous recevez ce Mail car vous avez demandé à être informé lors de la publication d'une réponse.")."\r\n";
$message .= translate_ml($m[user_langue], "Pour lire la réponse")." : ";
$message .= "$nuke_url/viewtopicH.php?topic=$topic&forum=$forum\r\n";
!include!("signat.php");
if (!$system) {
send_email($m[email], $subject, $message, "", true, "text");
$sauf=$m[uid];
}
}
Cet article provient de NPDS
https://www.npds.org/viewtopic.php?topic=20840&forum=12