NPDS : Gestion de contenu et de communauté
Content & Community Management System (CCMS) robuste, sécurisé, complet, performant, parlant vraiment français, libre (Open-Source) et gratuit.
33 visiteur(s) et 0 membre(s) en ligne.
Autres infos
Activité du Site
Pages vues depuis 25/05/2001 : 108 409 080
- Nb. de membres 8 693
- Nb. d'articles 1 695
- Nb. de forums 26
- Nb. de sujets 8
- Nb. de critiques 92
Index du forum »» Sécurité »» [Résolu] - Correctif AntiSpamBots
[Résolu] - Correctif AntiSpamBots#20839
1Contributeur(s)
3 Modérateur(s)
xgonin
Hello à tous !
Je me suis permis de corriger le hack de Neo_machine, auquel il manquait la sécurité lors d'une réponse à un sujet existant, même en session admin, par l'appel du fichier replyH.php.
Voilà le code de ce fichier corrigé, à votre guise de l'analyser et de me dire si les corrections sont correctes ou pas (Neo est averti par MP de cette correction).
Code :
<?php
/************************************************************************/
/* NPDS V : Net Portal Dynamic System . */
/* =========================== */
/* */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* */
/* This version name NPDS Copyright (c) 2001-2004 */
/* Great mods by snipe */
/* */
/* ========================= */
/* Based on Parts of phpBB */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}
!include!('functions.php');
// ##### ==> AntiSpamBots
!include! ("antispambots.php");
// ##### ==> AntiSpamBots
if ($SuperCache) {
$cache_obj = new cacheManager();
}
!include!('auth.php');
global $pdst; $pdst="0";
if ($cancel) {
header("Location: viewtopic.php?topic=$topic&forum=$forum");
}
$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type, forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);
if (!$rowQ1)
forumerror('0001');
list(,$myrow) = each($rowQ1);
$forum_name = $myrow[forum_name];
$forum_access = $myrow[forum_access];
$forum_type=$myrow[forum_type];
$mod=$myrow[forum_moderator];
if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {
header("Location: forum.php");
}
if ($forum_access==9) {
header("Location: forum.php");
}
if (is_locked($topic)) {
forumerror('0025');
}
if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {
forumerror('0026');
}
if ($submitS) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
if ($message=='') $stop=1;
if (!$user) {
if ($forum_access==0) {
$userdata = array("uid" => 1);
!include!("header.php");
} else {
if (($username=="") or ($password=="")) {
forumerror('0027');
} else {
$result = mysql_query("select pass FROM users WHERE uname='$username'");
list($pass) = mysql_fetch_row($result);
if (!$system) {
$passwd=crypt($password,$pass);
} else {
$passwd=$password;
}
if ((strcmp($passwd,$pass)==0) and ($pass != "")) {
$userdata = get_userdata($username);
!include!("header.php");
} else {
forumerror('0028');
}
$modo=user_is_moderator($username,$pass,$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
}
}
} else {
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$modo=user_is_moderator($userdata[0],$userdata[2],$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
$userdata = get_userdata($userdata[1]);
!include!("header.php");
}
// Either valid user/pass, or valid session. continue with post.
if ($stop != 1) {
$poster_ip = getip();
if ($dns_verif)
$hostname=@gethostbyaddr($poster_ip);
anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);
if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);
if ($sig && $userdata[uid] != 1) $message .= "
if (($forum_type!="6") and ($forum_type!="5")) {
$message = aff_code($message);
$message = str_replace("\n", "
", $message);
}
if (($allow_bbcode==1) and ($forum_type!="6") and ($forum_type!="5")) {
$message = smile($message);
}
if (($forum_type!="6") and ($forum_type!="5")){
$message = make_clickable($message);
$message = removeHack($message);
}
$image_subject=removeHack($image_subject);
$message = addslashes($message);
$time = date("Y-m-d H:i:s",time()+($gmt*3600));
$sql = "INSERT INTO posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '$topic', '$image_subject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hostname')";
if (!$result = mysql_query($sql)) {
forumerror('0020');
} else {
$IdPost=mysql_insert_id();
}
$sql = "UPDATE forumtopics SET topic_time = '$time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";
if (!$result = mysql_query($sql)) {
forumerror('0020');
}
$sql = "UPDATE forum_read SET status='0' where topicid = '$topic' and uid <> '$userdata[uid]'";
if (!$r = mysql_query($sql)) {
forumerror('0001');
}
$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";
$result = mysql_query($sql);
if (!$result) {
forumerror('0029');
}
$sql = "SELECT t.topic_notify, u.email, u.uname, u.uid, u.user_langue FROM forumtopics t, users u WHERE t.topic_id = '$topic' AND t.topic_poster = u.uid";
if (!$result = mysql_query($sql)) {
forumerror('0022');
}
$m = mysql_fetch_array($result);
if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {
!include!_once("language/lang-multi.php");
$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE topic_id='$topic'");
list($title_topic)=mysql_fetch_row($resultZ);
$subject = strip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentaire a été posté.");
$message = $m[uname]."\r\n";
$message .= translate_ml($m[user_langue], "Vous recevez ce Mail car vous avez demandé à être informé lors de la publication d'une réponse.")."\r\n";
$message .= translate_ml($m[user_langue], "Pour lire la réponse")." : ";
$message .= "$nuke_url/viewtopic.php?topic=$topic&forum=$forum&start=9999\r\n";
!include!("signat.php");
if (!$system) {
send_email($m[email], $subject, $message, "", true, "text");
$sauf=$m[uid];
}
}
global $subscribe;
if ($subscribe) {
if (subscribe_query($userdata[uid],"forum",$forum)) {
$sauf=$userdata[uid];
}
subscribe_mail("forum",$topic,$forum,"",$sauf);
}
if ($upload) {
!include!("modules/upload/upload_forum.php");
win_upload("forum_npds",$IdPost,$forum,$topic,"win");
redirect_!url(!"viewtopic.php?forum=$forum&topic=$topic&start=9999");
die();
}
redirect_!url(!"viewforum.php?forum=$forum");
} else {
OpenTable();
echo "
CloseTable();
}
} else {
!include!('header.php');
if ($allow_bbcode==1) {
!include!("lib/formhelp.java.php");
}
list($topic_title, $topic_status) = mysql_fetch_array(mysql_query("select topic_title, topic_status from forumtopics where topic_id='$topic'"));
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$moderator = get_moderator($mod);
$moderator=explode(" ",$moderator);
$Mmod=false;
echo "
";
echo "".translate("Post Reply in Topic:")."";
echo " ".stripslashes($forum_name)." | ";
echo "".translate("Forum Index")."\n";
echo "
";
echo "";
if ($allow_to_reply) {
echo "";
";
}
}
!include!('footer.php');
?>
Je me suis permis de corriger le hack de Neo_machine, auquel il manquait la sécurité lors d'une réponse à un sujet existant, même en session admin, par l'appel du fichier replyH.php.
Voilà le code de ce fichier corrigé, à votre guise de l'analyser et de me dire si les corrections sont correctes ou pas (Neo est averti par MP de cette correction).
Code :
<?php
/************************************************************************/
/* NPDS V : Net Portal Dynamic System . */
/* =========================== */
/* */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* */
/* This version name NPDS Copyright (c) 2001-2004 */
/* Great mods by snipe */
/* */
/* ========================= */
/* Based on Parts of phpBB */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}
!include!('functions.php');
// ##### ==> AntiSpamBots
!include! ("antispambots.php");
// ##### ==> AntiSpamBots
if ($SuperCache) {
$cache_obj = new cacheManager();
}
!include!('auth.php');
global $pdst; $pdst="0";
if ($cancel) {
header("Location: viewtopic.php?topic=$topic&forum=$forum");
}
$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type, forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);
if (!$rowQ1)
forumerror('0001');
list(,$myrow) = each($rowQ1);
$forum_name = $myrow[forum_name];
$forum_access = $myrow[forum_access];
$forum_type=$myrow[forum_type];
$mod=$myrow[forum_moderator];
if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {
header("Location: forum.php");
}
if ($forum_access==9) {
header("Location: forum.php");
}
if (is_locked($topic)) {
forumerror('0025');
}
if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {
forumerror('0026');
}
if ($submitS) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
if ($message=='') $stop=1;
if (!$user) {
if ($forum_access==0) {
$userdata = array("uid" => 1);
!include!("header.php");
} else {
if (($username=="") or ($password=="")) {
forumerror('0027');
} else {
$result = mysql_query("select pass FROM users WHERE uname='$username'");
list($pass) = mysql_fetch_row($result);
if (!$system) {
$passwd=crypt($password,$pass);
} else {
$passwd=$password;
}
if ((strcmp($passwd,$pass)==0) and ($pass != "")) {
$userdata = get_userdata($username);
!include!("header.php");
} else {
forumerror('0028');
}
$modo=user_is_moderator($username,$pass,$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
}
}
} else {
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$modo=user_is_moderator($userdata[0],$userdata[2],$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
$userdata = get_userdata($userdata[1]);
!include!("header.php");
}
// Either valid user/pass, or valid session. continue with post.
if ($stop != 1) {
$poster_ip = getip();
if ($dns_verif)
$hostname=@gethostbyaddr($poster_ip);
anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);
if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);
if ($sig && $userdata[uid] != 1) $message .= "
Xav
www.xgonin.ch
";
www.xgonin.ch
if (($forum_type!="6") and ($forum_type!="5")) {
$message = aff_code($message);
$message = str_replace("\n", "
", $message);
}
if (($allow_bbcode==1) and ($forum_type!="6") and ($forum_type!="5")) {
$message = smile($message);
}
if (($forum_type!="6") and ($forum_type!="5")){
$message = make_clickable($message);
$message = removeHack($message);
}
$image_subject=removeHack($image_subject);
$message = addslashes($message);
$time = date("Y-m-d H:i:s",time()+($gmt*3600));
$sql = "INSERT INTO posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '$topic', '$image_subject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hostname')";
if (!$result = mysql_query($sql)) {
forumerror('0020');
} else {
$IdPost=mysql_insert_id();
}
$sql = "UPDATE forumtopics SET topic_time = '$time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";
if (!$result = mysql_query($sql)) {
forumerror('0020');
}
$sql = "UPDATE forum_read SET status='0' where topicid = '$topic' and uid <> '$userdata[uid]'";
if (!$r = mysql_query($sql)) {
forumerror('0001');
}
$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";
$result = mysql_query($sql);
if (!$result) {
forumerror('0029');
}
$sql = "SELECT t.topic_notify, u.email, u.uname, u.uid, u.user_langue FROM forumtopics t, users u WHERE t.topic_id = '$topic' AND t.topic_poster = u.uid";
if (!$result = mysql_query($sql)) {
forumerror('0022');
}
$m = mysql_fetch_array($result);
if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {
!include!_once("language/lang-multi.php");
$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE topic_id='$topic'");
list($title_topic)=mysql_fetch_row($resultZ);
$subject = strip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentaire a été posté.");
$message = $m[uname]."\r\n";
$message .= translate_ml($m[user_langue], "Vous recevez ce Mail car vous avez demandé à être informé lors de la publication d'une réponse.")."\r\n";
$message .= translate_ml($m[user_langue], "Pour lire la réponse")." : ";
$message .= "$nuke_url/viewtopic.php?topic=$topic&forum=$forum&start=9999\r\n";
!include!("signat.php");
if (!$system) {
send_email($m[email], $subject, $message, "", true, "text");
$sauf=$m[uid];
}
}
global $subscribe;
if ($subscribe) {
if (subscribe_query($userdata[uid],"forum",$forum)) {
$sauf=$userdata[uid];
}
subscribe_mail("forum",$topic,$forum,"",$sauf);
}
if ($upload) {
!include!("modules/upload/upload_forum.php");
win_upload("forum_npds",$IdPost,$forum,$topic,"win");
redirect_!url(!"viewtopic.php?forum=$forum&topic=$topic&start=9999");
die();
}
redirect_!url(!"viewforum.php?forum=$forum");
} else {
OpenTable();
echo "
".translate("You must type a message to post.")."
";
echo "[ ".translate("Go Back")." ]
CloseTable();
}
} else {
!include!('header.php');
if ($allow_bbcode==1) {
!include!("lib/formhelp.java.php");
}
list($topic_title, $topic_status) = mysql_fetch_array(mysql_query("select topic_title, topic_status from forumtopics where topic_id='$topic'"));
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$moderator = get_moderator($mod);
$moderator=explode(" ",$moderator);
$Mmod=false;
echo "
| \n";
echo "".translate("Moderated By: ").""; for ($i = 0; $i < count($moderator); $i++) { echo "$moderator[$i] "; if (($userdata[1]==$moderator[$i])) { $Mmod=true;} } echo " |
";
echo "".translate("Post Reply in Topic:")."";
echo " ".stripslashes($forum_name)." | ";
echo "".translate("Forum Index")."\n";
echo "
";
echo "";
if ($allow_to_reply) {
echo "
| ".translate("Topic Review")." | |
| ";
if ($posterdata[uname]!=$anonymous) { echo "$posterdata[uname]"; } else { echo $posterdata[uname]; } echo " "; $posts = $posterdata[posts]; echo member_qualif($posterdata[uname], $posts, $posterdata[rank]); echo " "; if ($smilies) { if ($posterdata[user_avatar] != '') { if (stristr($posterdata[user_avatar],"users_private")) { $imgtmp=$posterdata[user_avatar]; } else { if ($ibid=theme_image("forum/avatar/$posterdata[user_avatar]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/avatar/$posterdata[user_avatar]";} } echo " } } echo " | ";
echo " echo " |
}
}
!include!('footer.php');
?>
Message édité par : xgonin / 07-07-2006 00:50
xgonin
Oubliez le premier post, c'est le bordel intégral !
J'arrive même pas à le ré-éditer.
Voilà le bon code :
J'arrive même pas à le ré-éditer.
Voilà le bon code :
xgonin
<?PHP
/************************************************************************/
/* NPDS V : Net Portal Dynamic System . */
/* =========================== */
/* */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* */
/* This version name NPDS Copyright (c) 2001-2004 */
/* Great mods by snipe */
/* */
/* ========================= */
/* Based on Parts of phpBB */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}
!include!('functions.php');
// ##### ==> AntiSpamBots
!include! ("antispambots.php");
// ##### ==> AntiSpamBots
if ($SuperCache) {
$cache_obj = new cacheManager();
}
!include!('auth.php');
global $pdst; $pdst="0";
if ($cancel) {
header("Location: viewtopic.php?topic=$topic&forum=$forum");
}
$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type, forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);
if (!$rowQ1)
forumerror('0001');
list(,$myrow) = each($rowQ1);
$forum_name = $myrow[forum_name];
$forum_access = $myrow[forum_access];
$forum_type=$myrow[forum_type];
$mod=$myrow[forum_moderator];
if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {
header("Location: forum.php");
}
if ($forum_access==9) {
header("Location: forum.php");
}
if (is_locked($topic)) {
forumerror('0025');
}
if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {
forumerror('0026');
}
if ($submitS) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
if ($message=='') $stop=1;
if (!$user) {
if ($forum_access==0) {
$userdata = array("uid" => 1);
!include!("header.php");
} else {
if (($username=="") or ($password=="")) {
forumerror('0027');
} else {
$result = mysql_query("select pass FROM users WHERE uname='$username'");
list($pass) = mysql_fetch_row($result);
if (!$system) {
$passwd=crypt($password,$pass);
} else {
$passwd=$password;
}
if ((strcmp($passwd,$pass)==0) and ($pass != "")) {
$userdata = get_userdata($username);
!include!("header.php");
} else {
forumerror('0028');
}
$modo=user_is_moderator($username,$pass,$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
}
}
} else {
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$modo=user_is_moderator($userdata[0],$userdata[2],$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
$userdata = get_userdata($userdata[1]);
!include!("header.php");
}
// Either valid user/pass, or valid session. continue with post.
if ($stop != 1) {
$poster_ip = getip();
if ($dns_verif)
$hostname=@gethostbyaddr($poster_ip);
anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);
if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);
if ($sig && $userdata[uid] != 1) $message .= " [addsig]";
if (($forum_type!="6") and ($forum_type!="5")) {
$message = aff_code($message);
$message = str_replace("\n", "<br />", $message);
}
if (($allow_bbcode==1) and ($forum_type!="6") and ($forum_type!="5")) {
$message = smile($message);
}
if (($forum_type!="6") and ($forum_type!="5")){
$message = make_clickable($message);
$message = removeHack($message);
}
$image_subject=removeHack($image_subject);
$message = addslashes($message);
$time = date("Y-m-d H:i:s",time()+($gmt*3600));
$sql = "INSERT INTO posts (post_idH, topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns) VALUES ('0', '$topic', '$image_subject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hostname')";
if (!$result = mysql_query($sql)) {
forumerror('0020');
} else {
$IdPost=mysql_insert_id();
}
$sql = "UPDATE forumtopics SET topic_time = '$time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";
if (!$result = mysql_query($sql)) {
forumerror('0020');
}
$sql = "UPDATE forum_read SET status='0' where topicid = '$topic' and uid <> '$userdata[uid]'";
if (!$r = mysql_query($sql)) {
forumerror('0001');
}
$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";
$result = mysql_query($sql);
if (!$result) {
forumerror('0029');
}
$sql = "SELECT t.topic_notify, u.email, u.uname, u.uid, u.user_langue FROM forumtopics t, users u WHERE t.topic_id = '$topic' AND t.topic_poster = u.uid";
if (!$result = mysql_query($sql)) {
forumerror('0022');
}
$m = mysql_fetch_array($result);
if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {
!include!_once("language/lang-multi.php");
$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE topic_id='$topic'");
list($title_topic)=mysql_fetch_row($resultZ);
$subject = strip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentaire a été posté.");
$message = $m[uname]."\r\n";
$message .= translate_ml($m[user_langue], "Vous recevez ce Mail car vous avez demandé à être informé lors de la publication d'une réponse.")."\r\n";
$message .= translate_ml($m[user_langue], "Pour lire la réponse")." : ";
$message .= "$nuke_url/viewtopic.php?topic=$topic&forum=$forum&start=9999\r\n";
!include!("signat.php");
if (!$system) {
send_email($m[email], $subject, $message, "", true, "text");
$sauf=$m[uid];
}
}
global $subscribe;
if ($subscribe) {
if (subscribe_query($userdata[uid],"forum",$forum)) {
$sauf=$userdata[uid];
}
subscribe_mail("forum",$topic,$forum,"",$sauf);
}
if ($upload) {
!include!("modules/upload/upload_forum.php");
win_upload("forum_npds",$IdPost,$forum,$topic,"win");
redirect_!url(!"viewtopic.php?forum=$forum&topic=$topic&start=9999");
die();
}
redirect_!url(!"viewforum.php?forum=$forum");
} else {
OpenTable();
echo "<p align=\"center\">".translate("You must type a message to post.")."<br /><br />";
echo "[ <a href=\"!javascript!:history.go(-1)\" class=\"NOIR\">".translate("Go Back")."</a> ]</p>";
CloseTable();
}
} else {
!include!('header.php');
if ($allow_bbcode==1) {
!include!("lib/formhelp.java.php");
}
list($topic_title, $topic_status) = mysql_fetch_array(mysql_query("select topic_title, topic_status from forumtopics where topic_id='$topic'"));
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$moderator = get_moderator($mod);
$moderator=explode(" ",$moderator);
$Mmod=false;
echo "<table width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\"><tr><td class=\"HEADER\">\n";
echo "<b>".translate("Moderated By: ")."</b>";
for ($i = 0; $i < count($moderator); $i++) {
echo "<a href=user.php?op=userinfo&uname=$moderator[$i] class=\"BOX\">$moderator[$i]</a> ";
if (($userdata[1]==$moderator[$i])) { $Mmod=true;}
}
echo "</td></tr></table><br />";
echo "<b>".translate("Post Reply in Topic:")."</b>";
echo " <a href=\"viewforum.php?forum=$forum\" class=\"NOIR\">".stripslashes($forum_name)."</a> | ";
echo "<a href=\"forum.php\" class=\"NOIR\">".translate("Forum Index")."</a>\n";
echo "<br />";
echo "<form action=\"reply.php\" method=\"post\" name=\"coolsus\">";
echo "<table border=\"0\" cellpadding=\"1\" cellspacing=\"1\" width=\"100%\">";
echo "<tr><td class=\"HEADER\" colspan=\"2\" class=\"ONGL\">".translate("About Posting:")."</td></tr><tr>";
if ($forum_access == 0) {
echo "<td colspan=\"2\">".translate("Anonymous users can post new topics and replies in this forum.")."</td>";
} else if($forum_access == 1) {
echo "<td colspan=\"2\">".translate("All registered users can post new topics and replies to this forum.")."</td>";
} else if($forum_access == 2) {
echo "<td colspan=\"2\">".translate("Only Moderators can post new topics and replies in this forum.")."</td>";
}
echo "</tr>";
$allow_to_reply=false;
if ($forum_access==0) {
$allow_to_reply=true;
} elseif ($forum_access==1) {
if (isset($user)) {
$allow_to_reply=true;
}
} elseif ($forum_access==2) {
if (user_is_moderator($userdata[0],$userdata[2],$forum_access)) {
$allow_to_reply=true;
}
}
Et la suite...
if ($topic_status!=0)
$allow_to_reply=false;
if ($allow_to_reply) {
if ($submitP) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
$acc = "reply";
$message=stripslashes($message);
echo "<tr><td colspan=\"2\">";
!include! ("preview.php");
echo "</td></tr>";
} else {
$message='';
}
echo "<tr align=\"left\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Nickname: ")."<b></td>";
echo "<td class=\"LIGNB\">";
echo $userdata[1];
echo "</td></tr>";
if ($smilies) {
echo "<tr align=\"left\" valign=\"top\">
<td class=\"LIGNB\" width=\"25%\"><b>".translate("Message Icon: ")."<b></td>
<td class=\"LIGNB\">";
echo emotion_add($image_subject);
echo "</td></tr>";
}
echo "<tr align=\"left\" valign=\"top\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Message: ")."</b><br /><br />";
echo "<span style=\"font-size: 10px;\">";
echo "HTML : ";
if ($allow_html==1) {
echo translate("On")."<br />";
echo HTML_Add($allow_forum_hide);
} else
echo translate("Off")."<br />";
if ($citation && !$submitP) {
$sql = "SELECT p.post_text, p.post_time, u.uname FROM posts p, users u WHERE post_id = '$post' AND p.poster_id = u.uid";
if ($r = mysql_query($sql)) {
$m = mysql_fetch_array($r);
$text = $m[post_text];
if (($forum_type!="6") and ($forum_type!="5")) {
$text = smile($text);
$text = str_replace("<br />", "\n", $text);
} else {
$text = htmlspecialchars($text);
}
$text = stripslashes($text);
if ($m[post_time]!="" && $m[uname]!="") {
$reply = "<div class=\"QUOTE\">".translate("Quote")." : <b>$m[uname]</b> \n\n$text \n</div>";
} else {
$reply = $text."\n";
}
$reply = preg_replace("#\[hide\](.*?)\[\/hide\]#si","",$reply);
} else {
$reply = translate("Error Connecting to DB")."\n";
}
}
if (!$reply) {$reply=$message;}
echo "</span></td>";
if ($allow_bbcode==1)
$xJava = 'name="message" onSelect="storeCaret(this);" !onclick!="storeCaret(this);" !onkey!up="storeCaret(this);" !onfocus!="storeForm(this)"';
echo "<td class=\"LIGNB\"><textarea class=\"textbox\" $xJava name=\"message\" rows=\"10\" cols=\"80\" wrap=\"virtual\">$reply</textarea><br />";
if ($allow_bbcode == 1)
putitems();
echo "</td></tr><tr align=\"left\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Options: ")."</b></td>";
echo "<td class=\"LIGNB\">";
if (($allow_html == 1) and ($forum_type!="6") and ($forum_type!="5")) {
if ($html == "on") {
$sethtml = "checked";
}
echo "<input type=\"checkbox\" name=\"html\" ".$sethtml.">".translate("Disable HTML on this Post")."<br />";
}
if ($user) {
if ($allow_sig == 1||$sig == "on") {
$asig = mysql_query("select attachsig from users_status where uid='$cookie[0]'");
list($attachsig) = mysql_fetch_row($asig);
if ($attachsig == 1) {
$s = "checked";
}
if (($forum_type!="6") and ($forum_type!="5")) {
echo "<input type=\"checkbox\" name=\"sig\" $s>".translate("Show signature")." <span style=\"font-size: 10px;\">(".translate("This can be altered or added in your profile").")</span><br />";
}
}
if ($allow_upload_forum) {
if ($upload == "on") {
$up = "checked";
}
echo "<input type=\"checkbox\" name=\"upload\" $up>".translate("Upload file after send accepted")."<br />";
}
}
echo "</td></tr><tr>";
echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">";
echo "<input type=\"hidden\" name=\"forum\" value=$forum>";
echo "<input type=\"hidden\" name=\"topic\" value=\"$topic\">";
// ##### ==> AntiSpamBots
AntiSpamBots::question();
AntiSpamBots::field();
// ##### ==> AntiSpamBots
echo "<br /><input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitS\" value=\"".translate("Submit")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitP\" value=\"".translate("Preview")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"reset\" value=\"".translate("Clear")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"cancel\" value=\"".translate("Cancel Post")."\"><br /><br />";
echo "</td></tr>";
} else {
echo "<tr>";
echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">".translate("You are not allowed to reply in this forum")."</td>";
echo "</tr>";
}
echo "</table></form>";
if ($allow_to_reply) {
echo "<table border=\"0\" cellpadding=\"1\" cellspacing=\"1\" width=\"100%\">";
echo "<tr><td class=\"HEADER\" colspan=\"2\" class=\"ONGL\" align=\"center\">".translate("Topic Review")."</td></tr>";
if ($Mmod) {
$post_aff="";
} else {
$post_aff=" and post_aff='1' ";
}
$sql = "SELECT * FROM posts WHERE topic_id='$topic'".$post_aff."ORDER BY post_id DESC limit 0,10";
if (!$result = mysql_query($sql))
forumerror('0001');
$myrow = mysql_fetch_array($result);
$count=0;
do {
$rowcolor=tablos();
$posterdata = get_userdata_from_id($myrow[poster_id]);
echo "<tr $rowcolor align=\"left\">";
echo "<td valign=\"top\" width=\"15%\">";
if ($posterdata[uname]!=$anonymous) {
echo "<a href=\"powerpack.php?op=instant_message&to_userid=$posterdata[uname]\" class=\"NOIR\">$posterdata[uname]</a>";
} else {
echo $posterdata[uname];
}
echo "<br />";
$posts = $posterdata[posts];
echo member_qualif($posterdata[uname], $posts, $posterdata[rank]);
echo "<br /><br />";
if ($smilies) {
if ($posterdata[user_avatar] != '') {
if (stristr($posterdata[user_avatar],"users_private")) {
$imgtmp=$posterdata[user_avatar];
} else {
if ($ibid=theme_image("forum/avatar/$posterdata[user_avatar]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/avatar/$posterdata[user_avatar]";}
}
echo "<div class=\"avatar_cadre\"><img src=\"".$imgtmp."\" alt=\"".$posterdata[uname]."\" border=\"0\" /></div>";
}
}
echo "</td><td wrap valign=\"top\">";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" height=\"100%\">";
echo "<tr><td wrap valign=\"top\" width=\"100%\" height=\"100%\">";
if ($myrow[image] != "") {
if ($ibid=theme_image("forum/subject/$myrow[image]")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/subject/$myrow[image]";}
echo "<img src=\"$imgtmp\" alt=\"\">";
} else {
if ($ibid=theme_image("forum/subject/icons/posticon.gif")) {$imgtmp=$ibid;} else {$imgtmp="images/forum/icons/posticon.gif";}
echo "<img src=\"$imgtmp\" border=\"0\" alt=\"\" />";
}
echo " ".translate("Posted: ").convertdate($myrow[post_time]);
echo "<hr noshade size=\"1\" class=\"ONGL\">";
$message = stripslashes($myrow[post_text]);
if ($allow_bbcode==1) {
$message = Smilie($message);
}
if ($allow_forum_hide) {
$show_hide = false;
if ($Mmod!=true) {
$sqlH = "Select count(*) from posts where topic_id = $topic and poster_id = $userdata[0]";
$resultH = @mysql_result(@mysql_query($sqlH),0,0);
if ($resultH>0) {
$show_hide = true;
}
} else {
$show_hide = true;
}
$message = control_hide_post($message,$show_hide);
}
// <A href in the message
if (stristr($message,"<a href")) {
$message=eregi_replace("_blank\"", "_blank\" class=\"NOIR\"", $message);
}
$message=split_string_without_space($message, 80);
if (($forum_type=="6") or ($forum_type=="5")) {
highlight_string(stripslashes($myrow[post_text]))."<br /><br />";
} else {
$message = str_replace("Xav
www.xgonin.ch", "<br /><br />" . nl2br($posterdata[user_sig]), $message);
echo $message."<br />";
}
echo "</td></tr></table>";
echo "</td></tr>";
$count++;
} while($myrow = mysql_fetch_array($result));
echo "</table>";
}
}
!include!('footer.php');
?>