NPDS : Gestion de contenu et de communauté
Content & Community Management System (CCMS) robuste, sécurisé, complet, performant, parlant vraiment français, libre (Open-Source) et gratuit.
32 visiteur(s) et 0 membre(s) en ligne.
Autres infos
Activité du Site
Pages vues depuis 25/05/2001 : 108 409 080
- Nb. de membres 8 693
- Nb. d'articles 1 695
- Nb. de forums 26
- Nb. de sujets 8
- Nb. de critiques 92
Index du forum »» Sécurité »» [Résolu] - Correctif AntiSpamBots
[Résolu] - Correctif AntiSpamBots#20840
5Contributeur(s)
3 Modérateur(s)
xgonin
Voilà le fichier replyH.php corrigé pour AntiSpamBots V2, qui permet de sécuriser les réponses à des posts sur le forum.
<?PHP
/************************************************************************/
/* NPDS V : Net Portal Dynamic System . */
/* =========================== */
/* */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* */
/* This version name NPDS Copyright (c) 2001-2004 */
/* Great mods by snipe */
/* */
/* ========================= */
/* Based on Parts of phpBB */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
if (!function_exists("Mysql_Connexion")) {!include! ("mainfile.php");}
!include!('functions.php');
// ##### ==> AntiSpamBots
!include! ("antispambots.php");
// ##### ==> AntiSpamBots
if ($SuperCache) {
$cache_obj = new cacheManager();
}
!include!('auth.php');
global $pdst; $pdst="0";
if ($cancel) {
header("Location: viewtopicH.php?topic=$topic&forum=$forum");
}
$rowQ1=Q_Select ("SELECT forum_name, forum_moderator, forum_type, forum_pass, forum_access, arbre FROM forums WHERE forum_id = '$forum'", 3600);
if (!$rowQ1)
forumerror('0001');
list(,$myrow) = each($rowQ1);
$forum_name = $myrow[forum_name];
$forum_access = $myrow[forum_access];
$forum_type=$myrow[forum_type];
$mod=$myrow[forum_moderator];
if ( ($forum_type == 1) and ($Forum_passwd != $myrow[forum_pass]) ) {
header("Location: forum.php");
}
if ($forum_access==9) {
header("Location: forum.php");
}
if (is_locked($topic)) {
forumerror('0025');
}
if (!does_exists($forum, "forum") || !does_exists($topic, "topic")) {
forumerror('0026');
}
if ($submitS) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
if ($message=='') $stop=1;
if (!$user) {
if ($forum_access==0) {
$userdata = array("uid" => 1);
!include!("header.php");
} else {
if (($username=="") or ($password=="")) {
forumerror('0027');
} else {
$result = mysql_query("select pass FROM users WHERE uname='$username'");
list($pass) = mysql_fetch_row($result);
if (!$system) {
$passwd=crypt($password,$pass);
} else {
$passwd=$password;
}
if ((strcmp($passwd,$pass)==0) and ($pass != "")) {
$userdata = get_userdata($username);
!include!("header.php");
} else {
forumerror('0028');
}
$modo=user_is_moderator($username,$pass,$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
}
}
} else {
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$modo=user_is_moderator($userdata[0],$userdata[2],$forum_access);
if ($forum_access==2) {
if (!$modo)
forumerror('0027');
}
$userdata = get_userdata($userdata[1]);
!include!("header.php");
}
// Either valid user/pass, or valid session. continue with post.
if ($stop != 1) {
$poster_ip = getip();
if ($dns_verif)
$hostname=@gethostbyaddr($poster_ip);
anti_flood ($modo, $anti_flood, $poster_ip, $userdata, $gmt);
if ($allow_html == 0 || isset($html)) $message = htmlspecialchars($message);
if ($sig && $userdata[uid] != 1) $message .= " [addsig]";
if (($forum_type!="6") and ($forum_type!="5")) {
$message = aff_code($message);
$message = str_replace("\n", "<br />", $message);
}
if (($allow_bbcode==1) and ($forum_type!="6") and ($forum_type!="5")) {
$message = smile($message);
}
if (($forum_type!="6") and ($forum_type!="5")){
$message = make_clickable($message);
$message = removeHack($message);
}
$image_subject=removeHack($image_subject);
$message = addslashes($message);
$time = date("Y-m-d H:i:s",time()+($gmt*3600));
$sql = "INSERT INTO posts (topic_id, image, forum_id, poster_id, post_text, post_time, poster_ip, poster_dns, post_idH) VALUES ('$topic', '$image_subject', '$forum', '$userdata[uid]', '$message', '$time', '$poster_ip', '$hostname', $post)";
if (!$result = mysql_query($sql)) {
forumerror('0020');
} else {
$IdPost=mysql_insert_id();
}
$sql = "UPDATE forumtopics SET topic_time = '$time', current_poster = '$userdata[uid]' WHERE topic_id = '$topic'";
if (!$result = mysql_query($sql)) {
forumerror('0020');
}
$sql = "UPDATE forum_read SET status='0' where topicid = '$topic' and uid <> '$userdata[uid]'";
if (!$r = mysql_query($sql)) {
forumerror('0001');
}
$sql = "UPDATE users_status SET posts=posts+1 WHERE (uid = '$userdata[uid]')";
$result = mysql_query($sql);
if (!$result) {
forumerror('0029');
}
$sql = "SELECT t.topic_notify, u.email, u.uname, u.uid, u.user_langue FROM forumtopics t, users u WHERE t.topic_id = '$topic' AND t.topic_poster = u.uid";
if (!$result = mysql_query($sql)) {
forumerror('0022');
}
$m = mysql_fetch_array($result);
if ( ($m[topic_notify] == 1) && ($m[uname] != $userdata[uname]) ) {
!include!_once("language/lang-multi.php");
$resultZ=mysql_query("SELECT topic_title FROM forumtopics WHERE topic_id='$topic'");
list($title_topic)=mysql_fetch_row($resultZ);
$subject = strip_tags($forum_name)."/".$title_topic." : ".translate_ml($m[user_langue], "Une réponse à votre dernier Commentaire a été posté.");
$message = $m[uname]."\r\n";
$message .= translate_ml($m[user_langue], "Vous recevez ce Mail car vous avez demandé à être informé lors de la publication d'une réponse.")."\r\n";
$message .= translate_ml($m[user_langue], "Pour lire la réponse")." : ";
$message .= "$nuke_url/viewtopicH.php?topic=$topic&forum=$forum\r\n";
!include!("signat.php");
if (!$system) {
send_email($m[email], $subject, $message, "", true, "text");
$sauf=$m[uid];
}
}
Et la fin du code :
global $subscribe;
if ($subscribe) {
if (subscribe_query($userdata[uid],"forum",$forum)) {
$sauf=$userdata[uid];
}
subscribe_mail("forum",$topic,$forum,"",$sauf);
}
if ($upload) {
!include!("modules/upload/upload_forum.php");
win_upload("forum_npds",$IdPost,$forum,$topic,"win");
}
redirect_!url(!"viewtopicH.php?forum=$forum&topic=$topic");
} else {
OpenTable();
echo "<p align=\"center\">".translate("You must type a message to post.")."<br /><br />";
echo "[ <a href=\"!javascript!:history.go(-1)\" class=\"NOIR\">".translate("Go Back")."</a> ]</p>";
CloseTable();
}
} else {
!include!('header.php');
if ($allow_bbcode==1) {
!include!("lib/formhelp.java.php");
}
list($topic_title, $stopic_status) = mysql_fetch_array(mysql_query("select topic_title, topic_status from forumtopics where topic_id='$topic'"));
$userX = base_64_decode($user);
$userdata = explode(":", $userX);
$moderator = get_moderator($mod);
$moderator=explode(" ",$moderator);
$Mmod=false;
echo "<table width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\"><tr><td class=\"HEADER\">\n";
echo "<b>".translate("Moderated By: ")."</b>";
for ($i = 0; $i < count($moderator); $i++) {
echo "<a href=user.php?op=userinfo&uname=$moderator[$i] class=\"BOX\">$moderator[$i]</a> ";
if (($userdata[1]==$moderator[$i])) { $Mmod=true;}
}
echo "</td></tr></table><br />";
echo "<b>".translate("Post Reply in Topic:")."</b>";
echo " <a href=\"viewforum.php?forum=$forum\" class=\"NOIR\">".stripslashes($forum_name)."</a> | ";
echo "<a href=\"forum.php\" class=\"NOIR\">".translate("Forum Index")."</a>\n";
echo "<br />";
echo "<form action=\"replyH.php\" method=\"post\" name=\"coolsus\">";
echo "<table border=\"0\" cellpadding=\"1\" cellspacing=\"1\" width=\"100%\">";
echo "<tr><td class=\"HEADER\" colspan=\"2\" class=\"ONGL\">".translate("About Posting:")."</td></tr><tr>";
if ($forum_access == 0) {
echo "<td colspan=\"2\">".translate("Anonymous users can post new topics and replies in this forum.")."</td>";
} else if($forum_access == 1) {
echo "<td colspan=\"2\">".translate("All registered users can post new topics and replies to this forum.")."</td>";
} else if($forum_access == 2) {
echo "<td colspan=\"2\">".translate("Only Moderators can post new topics and replies in this forum.")."</td>";
}
echo "</tr>";
$allow_to_reply=false;
if ($forum_access==0) {
$allow_to_reply=true;
} elseif ($forum_access==1) {
if (isset($user)) {
$allow_to_reply=true;
}
} elseif ($forum_access==2) {
if (user_is_moderator($userdata[0],$userdata[2],$forum_access)) {
$allow_to_reply=true;
}
}
if ($topic_status!=0)
$allow_to_reply=false;
if ($allow_to_reply) {
if ($submitP) {
// ##### ==> AntiSpamBots
global $question, $anti_spam_bots, $redir;
AntiSpamBots::reponse($question, $anti_spam_bots);
// ##### ==> AntiSpamBots
$acc = "reply";
$message=stripslashes($message);
echo "<tr><td colspan=\"2\">";
!include! ("preview.php");
echo "</td></tr>";
} else {
$message='';
}
echo "<tr align=\"left\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Nickname: ")."<b></td>";
echo "<td class=\"LIGNB\">";
echo $userdata[1];
echo "</td></tr>";
if ($smilies) {
echo "<tr align=\"left\" valign=\"top\">
<td class=\"LIGNB\" width=\"25%\"><b>".translate("Message Icon: ")."<b></td>
<td class=\"LIGNB\">";
echo emotion_add($image_subject);
echo "</td></tr>";
}
echo "<tr align=\"left\" valign=\"top\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Message: ")."</b><br /><br />";
echo "<span style=\"font-size: 10px;\">";
echo "HTML : ";
if ($allow_html==1) {
echo translate("On")."<br />";
echo HTML_Add($allow_forum_hide);
} else
echo translate("Off")."<br />";
if ($citation && !$submitP) {
$sql = "SELECT p.post_text, p.post_time, u.uname FROM posts p, users u WHERE post_id = '$post' AND p.poster_id = u.uid";
if ($r = mysql_query($sql)) {
$m = mysql_fetch_array($r);
$text = $m[post_text];
if (($forum_type!="6") and ($forum_type!="5")) {
$text = smile($text);
$text = str_replace("<br />", "\n", $text);
} else {
$text = htmlspecialchars($text);
}
$text = stripslashes($text);
if ($m[post_time]!="" && $m[uname]!="") {
$reply = "<div class=\"QUOTE\">".translate("Quote")." : <b>$m[uname]</b> \n\n$text \n</div>";
} else {
$reply = "$text\n";
}
$reply = preg_replace("#\[hide\](.*?)\[\/hide\]#si","",$reply);
} else {
$reply = translate("Error Connecting to DB")."\n";
}
$message = $reply;
}
echo "</span></td>";
if ($allow_bbcode==1)
$xJava = 'name="message" onSelect="storeCaret(this);" !onclick!="storeCaret(this);" !onkey!up="storeCaret(this);" !onfocus!="storeForm(this)"';
echo "<td class=\"LIGNB\"><textarea class=\"textbox\" $xJava name=\"message\" rows=\"10\" cols=\"80\" wrap=\"virtual\">$message</textarea><br />";
if ($allow_bbcode == 1)
putitems();
echo "</td></tr><tr align=\"left\">";
echo "<td class=\"LIGNB\" width=\"25%\"><b>".translate("Options: ")."</b></td>";
echo "<td class=\"LIGNB\">";
if (($allow_html == 1) and ($forum_type!="6") and ($forum_type!="5")) {
if ($html == "on") {
$sethtml = "checked";
}
echo "<input type=\"checkbox\" name=\"html\" ".$sethtml.">".translate("Disable HTML on this Post")."<br />";
}
if ($user) {
if ($allow_sig == 1) {
$asig = mysql_query("select attachsig from users_status where uid='$cookie[0]'");
list($attachsig) = mysql_fetch_row($asig);
if ($attachsig == 1||$sig == "on") {
$s = "checked";
}
if (($forum_type!="6") and ($forum_type!="5")) {
echo "<input type=\"checkbox\" name=\"sig\" $s>".translate("Show signature")." <span style=\"font-size: 10px;\">(".translate("This can be altered or added in your profile").")</span><br />";
}
}
if ($allow_upload_forum) {
if ($upload == "on") {
$up = "checked";
}
echo "<input type=\"checkbox\" name=\"upload\" $up>".translate("Upload file after send accepted")."<br />";
}
}
echo "</td></tr><tr>";
echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">";
echo "<input type=\"hidden\" name=\"forum\" value=\"$forum\">";
echo "<input type=\"hidden\" name=\"topic\" value=\"$topic\">";
echo "<input type=\"hidden\" name=\"post\" value=\"$post\">";
// ##### ==> AntiSpamBots
AntiSpamBots::question();
AntiSpamBots::field();
// ##### ==> AntiSpamBots
echo "<br /><input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitS\" value=\"".translate("Submit")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"submitP\" value=\"".translate("Preview")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"reset\" value=\"".translate("Clear")."\"> ";
echo " <input class=\"BOUTON_STANDARD\" type=\"submit\" name=\"cancel\" value=\"".translate("Cancel Post")."\"><br /><br />";
echo "</td></tr>";
} else {
echo "<tr>";
echo "<td class=\"LIGNA\" colspan=\"2\" align=\"center\">".translate("You are not allowed to reply in this forum")."</td>";
echo "</tr>";
}
echo "</table></form>";
}
!include!('footer.php');
?>
Une archive Zip est téléchargeable sur Xgonin.cH, contenant le fichier modifié pour la version Sable de NPDS.
C'est ici http://www.xgonin.ch/download.php?dcategory=NPDS&sortby=
C'est ici http://www.xgonin.ch/download.php?dcategory=NPDS&sortby=
Anonyme
Attention, lors du telechargement du fichier ReplyH pour AntiSpamBots V2
sur la page: http://www.xgonin.ch/download/replyH.php.zip j'ai comme réponse: ok dude
Une solution ?
sur la page: http://www.xgonin.ch/download/replyH.php.zip j'ai comme réponse: ok dude
Une solution ?
xgonin
oups, de retour de vacances avec une mauvaise surprise...
Je vais régler cela au plus vite, désolé !!
Je vais régler cela au plus vite, désolé !!
xgonin
Voilà c'est fait !!! :=! :=!
Désolé du contre-temps, mais mon serveur à m... pdt mes vacances...
Désolé du contre-temps, mais mon serveur à m... pdt mes vacances...