function Add($title, $url, $name, $cat, $description, $email, $topicL, $asb_question, $asb_reponse) { global $ModPath, $ModStart, $links_DB, $troll_limit, $anonymous, $user, $admin; if (!$user and !$admin) { //anti_spambot if (!R_spambot($asb_question, $asb_reponse, "")) { Ecr_Log("security", "Links Anti-Spam : url=" . $url, ""); redirect_url("index.php"); die; } } $result = sql_query("SELECT lid FROM " . $links_DB . "links_newlink"); $numrows = sql_num_rows($result); if ($numrows >= $troll_limit) { error_head("alert-danger"); echo translate("ERROR: This URL is already listed in the Database!") . "<br />"; error_foot(); exit; } global $user; if (isset($user)) { global $cookie; $submitter = $cookie[1]; } else { $submitter = $anonymous; } if ($title == '') { error_head("alert-danger"); echo translate("ERROR: You need to type a TITLE for your URL!") . "<br />"; error_foot(); exit; } if ($email == '') { error_head("alert-danger"); echo translate("ERROR: Invalid email") . "<br />"; error_foot(); exit; } global $links_url; if ($url == '' and $links_url == 1) { error_head("alert-danger"); echo translate("ERROR: You need to type a URL for your URL!") . "<br />"; error_foot(); exit; } if ($description == '') { error_head("alert-danger"); echo translate("ERROR: You need to type a DESCRIPTION for your URL!") . "<br />"; error_foot(); exit; } $cat = explode('-', $cat); if (!array_key_exists(1, $cat)) { $cat[1] = 0; } $title = removeHack(stripslashes(FixQuotes($title))); $url = removeHack(stripslashes(FixQuotes($url))); $description = removeHack(stripslashes(FixQuotes($description))); $name = removeHack(stripslashes(FixQuotes($name))); $email = removeHack(stripslashes(FixQuotes($email))); sql_query("INSERT INTO " . $links_DB . "links_newlink VALUES (NULL, '{$cat['0']}', '{$cat['1']}', '{$title}', '{$url}', '{$description}', '{$name}', '{$email}', '{$submitter}', '{$topicL}')"); error_head("alert-success"); echo translate("We received your Link submission. Thanks!") . "<br />"; echo translate("You'll receive and E-mail when it's approved.") . "<br />"; error_foot(); }
function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $asb_question, $asb_reponse) { global $admin, $user, $NPDS_Prefix; include 'header.php'; $date = reversedate($date); $title = stripslashes(FixQuotes(strip_tags($title))); $text = stripslashes(Fixquotes(urldecode(removeHack($text)))); if (!$user and !$admin) { //anti_spambot if (!R_spambot($asb_question, $asb_reponse, $text)) { Ecr_Log('security', 'Review Anti-Spam : title=' . $title, ''); redirect_url("index.php"); die; } } echo ' <h2>' . translate("Write a Review") . '</h2> <br /><p class="lead text-danger">' . translate("Thanks for submitting this review") . ''; if ($id != 0) { echo " " . translate("modification") . ""; } else { echo ", {$reviewer}"; } echo '<br /><br />'; if ($admin && $id == 0) { sql_query("INSERT INTO " . $NPDS_Prefix . "reviews VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$cover}', '{$url}', '{$url_title}', '1')"); echo translate("It is now available in the reviews database."); } else { if ($admin && $id != 0) { sql_query("UPDATE " . $NPDS_Prefix . "reviews SET date='{$date}', title='{$title}', text='{$text}', reviewer='{$reviewer}', email='{$email}', score='{$score}', cover='{$cover}', url='{$url}', url_title='{$url_title}', hits='{$hits}' WHERE id='{$id}'"); echo translate("It is now available in the reviews database."); } else { sql_query("INSERT INTO " . $NPDS_Prefix . "reviews_add VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$url}', '{$url_title}')"); echo translate("The editors will look at your submission. It should be available soon!"); } } echo '</p><a class="btn btn-default" role="button" href="reviews.php" title="' . translate("Back to Reviews Index") . '"><i class="fa fa-lg fa-undo"></i> </a>'; include "footer.php"; }
$userdata = get_userdata($userdata[1]); include "header.php"; } // Either valid user/pass, or valid session. continue with post. if ($stop != 1) { $poster_ip = getip(); if ($dns_verif) { $hostname = @gethostbyaddr($poster_ip); } else { $hostname = $poster_ip; } // anti flood anti_flood($Mmod, $anti_flood, $poster_ip, $userdata, $gmt); //anti_spambot if (isset($asb_question) and isset($asb_reponse)) { if (!R_spambot($asb_question, $asb_reponse, $message)) { Ecr_Log("security", "Forum Anti-Spam : forum=" . $forum . " / topic=" . $topic, ""); redirect_url("{$url_ret}"); die; } } if ($formulaire != '') { include "modules/comments/comments_extender.php"; } if ($allow_html == 0 || isset($html)) { $message = htmlspecialchars($message, ENT_COMPAT | ENT_HTML401, cur_charset); } if (isset($sig) && $userdata['uid'] != 1) { $message .= ' [addsig]'; } $message = aff_code($message);
function SendSite($yname, $ymail, $fname, $fmail, $asb_question, $asb_reponse) { global $user; if (!$user) { //anti_spambot if (!R_spambot($asb_question, $asb_reponse, "")) { Ecr_Log('security', "Friend Anti-Spam : name=" . $yname . " / mail=" . $ymail, ''); redirect_url("index.php"); die; } } global $sitename, $nuke_url; $subject = translate("Interesting Site:") . " {$sitename}"; $fname = removeHack($fname); $message = translate("Hello") . " {$fname} :\n\n" . translate("Your Friend") . " {$yname} " . translate("considered our site") . " {$sitename} " . translate("interesting and wanted to send it to you.") . "\n\n{$sitename} : <a href=\"{$nuke_url}\">{$nuke_url}</a>\n\n"; include "signat.php"; $fmail = removeHack($fmail); $subject = removeHack($subject); $message = removeHack($message); $yname = removeHack($yname); $ymail = removeHack($ymail); $stop = false; if (!$fmail || $fmail == '' || !preg_match('#^[_\\.0-9a-z-]+@[0-9a-z-\\.]+\\.+[a-z]{2,4}$#i', $fmail)) { $stop = true; } if (!$ymail || $ymail == '' || !preg_match('#^[_\\.0-9a-z-]+@[0-9a-z-\\.]+\\.+[a-z]{2,4}$#i', $ymail)) { $stop = true; } if (!$stop) { send_email($fmail, $subject, $message, $ymail, false, 'html'); } else { $fname = ''; } Header("Location: friend.php?op=SiteSent&fname={$fname}"); }
} else { include "header.php"; $stop = translate("This account or IP has been temporarily disabled. This means that either this IP, or user account has been moderated down more than x times in the last few hours. If you think this is unfair, you should contact the admin.") . "<br />"; error_handler($stop); include "footer.php"; } } else { redirect_url("index.php"); } } else { redirect_url("index.php"); } } settype($op, 'string'); switch ($op) { case "subscribe": subscribe($email); break; case "subscribeOK": //anti_spambot if (!R_spambot($asb_question, $asb_reponse, "")) { Ecr_Log("security", "LNL Anti-Spam : email=" . $email, ""); redirect_url("index.php"); die; } subscribe_ok($email); break; case "unsubscribe": unsubscribe($email); break; }
function submitStory($subject, $story, $bodytext, $topic, $date_debval, $date_finval, $epur, $asb_question, $asb_reponse) { global $user, $EditedMessage, $anonymous, $notify, $NPDS_Prefix; if ($user) { global $cookie; $uid = $cookie[0]; $name = $cookie[1]; } else { $uid = -1; $name = $anonymous; //anti_spambot if (!R_spambot($asb_question, $asb_reponse, "")) { Ecr_Log("security", "Submit Anti-Spam : name=" . $yname . " / mail=" . $ymail, ""); redirect_url("index.php"); die; } } $subject = removeHack(stripslashes(FixQuotes(str_replace("\"", """, strip_tags($subject))))); $story = removeHack(stripslashes(FixQuotes($story))); $bodytext = removeHack(stripslashes(FixQuotes($bodytext))); $result = sql_query("INSERT INTO " . $NPDS_Prefix . "queue VALUES (NULL, '{$uid}', '{$name}', '{$subject}', '{$story}', '{$bodytext}', now(), '{$topic}','{$date_debval}','{$date_finval}','{$epur}')"); if (sql_last_id()) { if ($notify) { global $notify_email, $notify_subject, $notify_message, $notify_from; send_email($notify_email, $notify_subject, $notify_message, $notify_from, false, "text"); } include 'header.php'; echo '<h2>' . translate("Submit News") . '</h2>'; echo '<p class="lead text-info">' . translate("Thanks for your submission.") . '</p>'; include 'footer.php'; } else { include 'header.php'; echo sql_error(); include 'footer.php'; } }
function PostComment($gal_id, $pos, $pic_id, $comm) { global $NPDS_Prefix, $ThisRedo, $gmt, $user, $anonymous, $nuke_url; //anti_spambot - begin global $asb_question, $asb_reponse; if (!R_spambot($asb_question, $asb_reponse)) { Ecr_Log("security", "Module Anti-Spam : module=td-galerie / url=" . $url, ""); redirect_url($nuke_url . "/modules.php?ModPath=td-galerie&ModStart=gal"); die; } //anti_spambot - end $host = getip(); settype($gal_id, "integer"); settype($pos, "integer"); settype($pic_id, "integer"); $cookie = cookiedecode($user); $name = $cookie[1]; if ($name == "") { $name = $anonymous; } $comment = removeHack($comm); $qverif = sql_query("SELECT id FROM " . $NPDS_Prefix . "tdgal_com WHERE pic_id='{$pic_id}' AND user='******' AND comhostname='{$host}'"); if (sql_num_rows($qverif) == 0) { $stamp = time() + $gmt * 3600; sql_query("INSERT INTO " . $NPDS_Prefix . "tdgal_com VALUES('',{$pic_id},'{$name}','{$comment}','{$host}','{$stamp}')"); redirect_url($ThisRedo . "&op=img&galid={$gal_id}&pos={$pos}"); } else { echo '<p class="lead text-danger">' . gal_trans("Erreur"); echo '<br />'; echo '' . gal_trans("Vous avez déjà commenté cette photo") . '</p>'; echo "<script type=\"text/javascript\">\n"; echo "//<![CDATA[\n"; echo "function redirect() {"; echo " window.location=\"" . $ThisRedo . "&op=img&galid={$gal_id}&pos={$pos}\""; echo "}"; echo "setTimeout(\"redirect()\",4000);"; echo "//]]>\n"; echo "</script>"; } }