function comments_new($item_id, $item_type, $user_id, $comment) { $content_check = content_check($comment); if ($content_check === 1) { $insertquery = 'INSERT INTO user_comments (item_type, item_id, timestamp, user_id, comment) VALUES ("'; $insertquery .= $item_type . '", "'; $insertquery .= $item_id . '", "'; $insertquery .= time() . '", "'; $insertquery .= $user_id . '", "'; $insertquery .= $comment . '")'; $updatequery = 'UPDATE user_comments SET' . ' timestamp = "' . time() . '", ' . ' comment = "' . $comment . '",' . ' removed = 0 ' . ' WHERE item_type = "' . $item_type . '" ' . ' AND item_id = "' . $item_id . '"' . ' AND user_id = "' . $user_id . '"' . ' LIMIT 1'; log_to_file('comments', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'new_comment', $insertquery); log_to_file('comments', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'new_comment', $updatequery); if (mysql_query($insertquery)) { $query = 'UPDATE item_ranks SET comment_count = comment_count + 1 WHERE item_type = "' . $item_type . '" ' . ' AND item_id = "' . $item_id . '"'; } else { mysql_query($updatequery); } if ($item_type == 'photos') { $query = 'UPDATE user_photos SET unread_comments = unread_comments + 1 WHERE id = "' . $item_id . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } } else { die('<p style="margin: 0px;">' . $content_check . '</p>'); } }
} $buffer = array("gid" => $data["gid"], "group" => $data["ggroup"], "desc" => $data["beschreibung"], "check" => $check, "class" => $class, "disabled" => $disabled); if (is_array($cfg["fileed"]["su_groups"]) && in_array($data["gid"], $cfg["fileed"]["su_groups"])) { $buffer_su[] = $buffer; } else { $buffer_user[] = $buffer; } } $dataloop["avail_groups"] = array_merge($buffer_su, $buffer_user); } } // + + + + + // grant edit-rechte $hidedata["references"] = array(); // wo im content wird die datei verwendet $used_in = content_check($environment["parameter"][1]); if (count($used_in) > 0) { $ausgaben["reference"] = implode("<br />", $used_in); } else { $ausgaben["reference"] = "---"; } // in welchen galerien wird die datei verwendet $compilations = compilation_list($environment["parameter"][1]); preg_match_all("/#p([0-9]+),/U", $form_values["fhit"], $match); $intersect = array_intersect_key($compilations, array_flip($match[1])); ksort($intersect); $ausgaben["ref_comp"] = ""; if (count($intersect) > 0) { foreach ($intersect as $value) { $group_content = ""; $i = 1;
function spamcheck($sender, $text, $to = null) { if (strlen(trim($text)) == 0) { return 'Dina meddelanden måste innehålla minst ett tecken'; } if ($to == '2348') { return 'Webmaster är ett administrationskonto som inte används av någon människa.'; } $spam_sql = 'SELECT COUNT(*) as messages FROM traffa_guestbooks WHERE sender = ' . $sender . ' AND timestamp > UNIX_TIMESTAMP()-600'; $spam_result = mysql_query($spam_sql) or die('Ett kritiskt fel har uppstått! Felet uppstod i spamcheck().<br />Felinfo:<br />' . mysql_error()); $spam_data = mysql_fetch_assoc($spam_result) or die('Ett kritiskt fel har uppstått! Felet uppstod i spamchekc().<br />Feinfo:<br />' . mysql_error()); if ($spam_data['messages'] > 20) { return 'Du kan max skicka 20 meddelanden på tio minuter. Håll dig till tåls en liten stund ;)'; } /* content_check finns i shared-functions och kollar efter kåta killar, referrer-sidor och annat styggt. Returnerar 1 om meddelandet är ok, annars ett felmeddlande. */ return content_check($text); }
function discussion_forum_post_create($post, $options) { $post['author'] = isset($post['author']) ? $post['author'] : $_SESSION['login']['id']; if ($post['author'] < 1) { die('Fatal error at line #' . __LINE__ . ', no author set'); } if ($post['mode'] == 'new_thread' && strlen($post['title']) == 0) { die('Fatal error at line #' . __LINE__ . ', no title set'); } if (strlen($post['content']) <= 3) { die('Mer än så där får du allt skriva!'); } if (content_check($post['content']) != 1) { die(content_check($post['content'])); } $post['timestamp'] = isset($post['timestamp']) ? $post['timestamp'] : time(); $post['handle'] = isset($post['title']) ? discussion_forum_post_handle($post['title']) : ''; $post['forum_type'] = isset($post['forum_type']) ? $post['forum_type'] : 'public_forum'; $post['child_count'] = $post['mode'] == 'new_thread' ? 1 : 0; $post['anonymous'] = $post['anonymous'] == 1 ? 1 : 0; $post['fp_module_id'] = isset($post['fp_module_id']) ? $post['fp_module_id'] : 0; $query = 'INSERT INTO forum_posts (handle, author, timestamp, parent_post, forum_id, forum_type'; $query .= ', title, content, child_count, anonymous, fp_module_id)'; $query .= ' VALUES("' . $post['handle'] . '", "' . $post['author'] . '", "' . $post['timestamp'] . '"'; $query .= ', "' . $post['parent_post'] . '", "' . $post['forum_id'] . '", "' . $post['forum_type'] . '"'; $query .= ', "' . $post['title'] . '", "' . $post['content'] . '", "' . $post['child_count'] . '"'; $query .= ', "' . $post['anonymous'] . '", "' . $post['fp_module_id'] . '")'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $post_id = mysql_insert_id(); if ($post['parent_post'] > 0) { $query = 'UPDATE forum_posts SET child_count = child_count + 1, last_post = "' . $post_id . '", last_post_timestamp = "' . time() . '" WHERE id = "' . $post['parent_post'] . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } if ($post['mode'] == 'new_thread') { $query = 'UPDATE public_forums SET thread_count = thread_count + 1, post_count = post_count + 1, last_thread = "' . $post_id . '" WHERE id = "' . $post['forum_id'] . '"'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); $query = 'UPDATE forum_posts SET last_post = "' . $post_id . '", parent_post = "' . $post_id . '", last_post_timestamp = "' . time() . '" WHERE id = "' . $post_id . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } else { $query = 'UPDATE public_forums SET post_count = post_count + 1, last_post = "' . $post_id . '" WHERE id = "' . $post['forum_id'] . '"'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } discussion_forum_parse_input(array('text' => $post['content'], 'post_id' => $post_id, 'author' => $post['author'], 'title' => $post['title'])); if ($post['mode'] == 'new_thread') { forum_thread_cache_latest_threads(); } else { forum_latest_posts_cache(); } if ($post['mode'] == 'new_thread' && $post['forum_id'] == 82) { forum_thread_cache_latest_open_source_threads(); } $query = 'SELECT quality_level FROM public_forums WHERE id = "' . $post['forum_id'] . '" LIMIT 1'; $data = query_cache(array('category' => 'forum_categories', 'query' => $query, 'max_delay' => 3600)); if ($data[0]['quality_level'] == 1) { $query = 'UPDATE userinfo SET forum_spam = forum_spam + 1 WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } else { $query = 'UPDATE userinfo SET forum_posts = forum_posts + 1 WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1'; mysql_query($query) or report_sql_error($query, __FILE__, __LINE__); } $_SESSION['forum']['last_post_timestamp'] = time(); return $post_id; }
$fetch_options = array(); $fetch_options['order-direction'] = 'DESC'; $fetch_options['match']['against'] = $request['freetext']; $fetch_options['match']['in_columns'] = array('p.content'); $posts = discussion_forum_post_fetch($fetch_options); if (count($posts) > 0) { $output .= discussion_forum_post_list_search($posts); } else { $output .= '<h1>Vi hittade inget</h1>' . "\n"; $output .= '<p>Nedan har vi gjort en Google-sökning åt dig, klicka med scrollhjulet på länkarna.</p>' . "\n"; $output .= '<iframe src="http://www.google.se/search?q=site%3Awww.hamsterpaj.net%2Fdiskussionsforum%2F+' . urlencode($request['freetext']) . '" style="width: 630px; height: 1000px;"></iframe>' . "\n"; } } break; case 'new_post': $content_check = content_check($_POST['content']); if ($content_check != 1) { $output .= '<h2>' . $content_check . '</h2>' . "\n"; $output .= '<p>Ditt inlägg har inte sparats, eftersom vår server tror att du skickar spam.</p><ol><li>Markera och kopiera ditt inlägg nedan</li><li>Backa tillbaks webbläsaren</li><li>Klistra in ditt inlägg i skriv-rutan och plocka bort det som bryter mot våra regler</li></ol>' . "\n"; $output .= '<pre>' . $_POST['content'] . '</pre>' . "\n"; break; } if ($_SESSION['forum']['last_post_timestamp'] > time() - FORUM_MIN_POST_DELAY) { $output .= '<h2>Max ett inlägg per ' . FORUM_MIN_POST_DELAY . ' sek</h2>' . "\n"; $output .= '<p>Även om du tror att du är jättesmart och kör med flera flikar, så är det <strong>fortfarande</strong> så att våra antispamregler gäller... Här ser du ditt inlägg, om du vill kan du kopiera det.</p>' . "\n"; $output .= '<pre>' . $_POST['content'] . '</pre>' . "\n"; break; } if ($_POST['mode'] == 'create_thread') { $forum_security = forum_security(array('action' => 'discussion_create', 'forum_id' => $_POST['forum_id'], 'content' => $_POST['content'])); if ($forum_security !== true) {
function spamFilter($message, $ip, $nick) { //Returnerar TRUE om testet klarades, annars skriver funktionen ut felmeddelande $message = strtolower($message); if ($_SESSION['login']['userlevel'] >= 5) { //Ingen spamcheck för userlevel 3+ return TRUE; } if (strlen($message) < 2) { jscript_alert('Lite mer än sådär får du allt skriva...'); return FALSE; } $content_check_retval = content_check($message); if ($content_check_retval != 1) { jscript_alert($content_check_retval); return FALSE; } if (strlen($message) > 4000) { jscript_alert('Försök fatta dig lite kortare, det är trots allt ett klotterplank. Använd forumet om du vill diskutera!'); return FALSE; } $query = 'SELECT COUNT(id) AS total FROM klotterplank WHERE userid = ' . $_SESSION['userid'] . ' AND timestamp > UNIX_TIMESTAMP() - 60'; $result = mysql_query($query); $data = mysql_fetch_assoc($result); if ($data['total'] > 0) { jscript_alert('Max ett inlägg per minut, ge dig till tåls litegranna'); return FALSE; } return TRUE; }
function messages_can_send($sender, $recipient, $title, $message) { $return = null; if ($recipient == 2348) { $return .= 'Webmaster är ett administrationskonto som inte används av någon människa.'; $return .= 'Använd forumet eller hamsterpaj -> Support för att ställa en fråga om siten.' . "\n"; } if (strlen($title) < MESSAGES_MIN_TITLE_STRLEN) { $return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n"; } if (strlen($title) > MESSAGES_MAX_TITLE_STRLEN) { $return .= 'Titeln får inte vara mer än ' . MESSAGES_MAX_TITLE_STRLEN . ' tecken lång.' . "\n"; } if (trim($title) == '') { $return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n"; } if (!is_numeric($recipient)) { $return .= 'Det verkar som om mottagare har angivits felaktigt. Detta är ett internt serverfel och bör aldrig kunna inträffa. Kontakta administratör.' . "\n"; } if (strlen($message) < MESSAGES_MIN_MESSAGE_STRLEN) { $return .= 'Du måste skriva minst ' . MESSAGES_MIN_MESSAGE_STRLEN . ' tecken i ditt meddelande.' . "\n"; } $message_check = content_check($message); if ($message_check != 1) { $return .= $message_check . "\n"; } $title_check = content_check($title); if ($title_check != 1) { $return .= $title_check . "\n"; } if (userblock_check($recipient, $sender) == 1) { $return .= 'Mottagaren har blockerat dig och meddelandet kan därför inte levereras.' . "\n"; } if (strlen($return) > 1) { return $return; } return true; }
$result = $db->query($sql); $forbidden = array(); while ($data = $db->fetch_array($result, 1)) { if ($cfg["file"]["filetyp"][$data["ffart"]] == "img") { $link = $cfg["fileed"]["basis"] . "/delete/view,o," . $data["fid"] . ".html"; } else { $link = $cfg["file"]["base"]["webdir"] . $data["ffart"] . "/" . $data["fid"] . "/" . $data["ffname"]; } // berechtigte gruppen rausfinden $group_permit = group_permit($data[$cfg["fileed"]["db"]["file"]["grant_grp"]]); // berechtigter personenkreis if ($_SESSION["uid"] != $data["fuid"] && count($group_permit["intersect_groups"]) == 0) { $dataloop["list"][$data["fid"]] = array("id" => $data["fid"], "item" => $data["ffname"], "link" => $link, "reason" => "#(user_error)"); $forbidden[$data["fid"]] = $data["fid"]; } else { $pages = content_check($data["fid"]); if (count($pages) > 0) { foreach ($pages as $value) { $dataloop["list"][$data["fid"]] = array("id" => $data["fid"], "item" => $data["ffname"], "link" => $link, "reason" => "#(content_error)" . $value); } $forbidden[$data["fid"]] = $data["fid"]; } // selection-check if (strstr($data["fhit"], "#p")) { preg_match_all("/#p([0-9]*)[,0-9]*#/i", $data["fhit"], $match); foreach ($match[1] as $value) { $view_link = "<a href=\"" . $cfg["fileed"]["basis"] . "/delete/view,o," . $data["fid"] . "," . $value . ".html\">Gruppe #" . $value . "</a>"; $dataloop["list"][] = array("id" => $data["fid"], "item" => $data["ffname"], "link" => $link, "reason" => "#(group_error)" . $view_link); $forbidden["sel_db" . $value] = $data["fid"]; } }