Ejemplo n.º 1
0
function regist()
{
    global $BAD_STRING, $BAD_FILEMD5, $BAD_IPADDR, $LIMIT_SENSOR, $THUMB_SETTING;
    $PIO = PMCLibrary::getPIOInstance();
    $FileIO = PMCLibrary::getFileIOInstance();
    $PMS = PMCLibrary::getPMSInstance();
    $dest = '';
    $mes = '';
    $up_incomplete = 0;
    $is_admin = false;
    $delta_totalsize = 0;
    // 總檔案大小的更動值
    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
        error(_T('regist_notpost'));
    }
    // 非正規POST方式
    // 欄位陷阱
    $FTname = isset($_POST['name']) ? $_POST['name'] : '';
    $FTemail = isset($_POST['email']) ? $_POST['email'] : '';
    $FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
    $FTcom = isset($_POST['com']) ? $_POST['com'] : '';
    $FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
    if ($FTname != 'spammer' || $FTemail != '*****@*****.**' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') {
        error(_T('regist_nospam'));
    }
    $name = isset($_POST[FT_NAME]) ? CleanStr($_POST[FT_NAME]) : '';
    $email = isset($_POST[FT_EMAIL]) ? CleanStr($_POST[FT_EMAIL]) : '';
    $sub = isset($_POST[FT_SUBJECT]) ? CleanStr($_POST[FT_SUBJECT]) : '';
    $com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
    $category = isset($_POST['category']) ? CleanStr($_POST['category']) : '';
    $resto = isset($_POST['resto']) ? intval($_POST['resto']) : 0;
    $upfile = isset($_FILES['upfile']['tmp_name']) ? $_FILES['upfile']['tmp_name'] : '';
    $upfile_path = isset($_POST['upfile_path']) ? $_POST['upfile_path'] : '';
    $upfile_name = isset($_FILES['upfile']['name']) ? $_FILES['upfile']['name'] : false;
    $upfile_status = isset($_FILES['upfile']['error']) ? $_FILES['upfile']['error'] : 4;
    $pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
    $ip = getREMOTE_ADDR();
    $host = gethostbyaddr($ip);
    $PMS->useModuleMethods('RegistBegin', array(&$name, &$email, &$sub, &$com, array('file' => &$upfile, 'path' => &$upfile_path, 'name' => &$upfile_name, 'status' => &$upfile_status), array('ip' => $ip, 'host' => $host), $resto));
    // "RegistBegin" Hook Point
    // 封鎖:IP/Hostname/DNSBL 檢查機能
    $baninfo = '';
    if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
        error(_T('regist_ipfiltered', $baninfo));
    }
    // 封鎖:限制出現之文字
    foreach ($BAD_STRING as $value) {
        if (strpos($com, $value) !== false || strpos($sub, $value) !== false || strpos($name, $value) !== false || strpos($email, $value) !== false) {
            error(_T('regist_wordfiltered'));
        }
    }
    // 檢查是否輸入櫻花日文假名
    foreach (array($name, $email, $sub, $com) as $anti) {
        if (anti_sakura($anti)) {
            error(_T('regist_sakuradetected'));
        }
    }
    // 時間
    $time = time();
    $tim = $time . substr(microtime(), 2, 3);
    // 判斷上傳狀態
    switch ($upfile_status) {
        case 1:
            error(_T('regist_upload_exceedphp'));
            break;
        case 2:
            error(_T('regist_upload_exceedcustom'));
            break;
        case 3:
            error(_T('regist_upload_incompelete'));
            break;
        case 6:
            error(_T('regist_upload_direrror'));
            break;
        case 4:
            // 無上傳
            if (!$resto && !isset($_POST['noimg'])) {
                error(_T('regist_upload_noimg'));
            }
            break;
        case 0:
            // 上傳正常
        // 上傳正常
        default:
    }
    // 如果有上傳檔案則處理附加圖檔
    if ($upfile && (@is_uploaded_file($upfile) || @is_file($upfile))) {
        // 一‧先儲存檔案
        $dest = STORAGE_PATH . $tim . '.tmp';
        @move_uploaded_file($upfile, $dest) or @copy($upfile, $dest);
        @chmod($dest, 0666);
        if (!is_file($dest)) {
            error(_T('regist_upload_filenotfound'), $dest);
        }
        // 二‧判斷上傳附加圖檔途中是否有中斷
        $upsizeTTL = $_SERVER['CONTENT_LENGTH'];
        if (isset($_FILES['upfile'])) {
            // 有傳輸資料才需要計算,避免作白工
            $upsizeHDR = 0;
            // 檔案路徑:IE附完整路徑,故得從隱藏表單取得
            $tmp_upfile_path = $upfile_name;
            if ($upfile_path) {
                $tmp_upfile_path = get_magic_quotes_gpc() ? stripslashes($upfile_path) : $upfile_path;
            }
            list(, $boundary) = explode('=', $_SERVER['CONTENT_TYPE']);
            foreach ($_POST as $header => $value) {
                // 表單欄位傳送資料
                $upsizeHDR += strlen('--' . $boundary . "\r\n");
                $upsizeHDR += strlen('Content-Disposition: form-data; name="' . $header . '"' . "\r\n\r\n" . (get_magic_quotes_gpc() ? stripslashes($value) : $value) . "\r\n");
            }
            // 附加圖檔欄位傳送資料
            $upsizeHDR += strlen('--' . $boundary . "\r\n");
            $upsizeHDR += strlen('Content-Disposition: form-data; name="upfile"; filename="' . $tmp_upfile_path . "\"\r\n" . 'Content-Type: ' . $_FILES['upfile']['type'] . "\r\n\r\n");
            $upsizeHDR += strlen("\r\n--" . $boundary . "--\r\n");
            $upsizeHDR += $_FILES['upfile']['size'];
            // 傳送附加圖檔資料量
            // 上傳位元組差值超過 HTTP_UPLOAD_DIFF:上傳附加圖檔不完全
            if ($upsizeTTL - $upsizeHDR > HTTP_UPLOAD_DIFF) {
                if (KILL_INCOMPLETE_UPLOAD) {
                    unlink($dest);
                    die(_T('regist_upload_killincomp'));
                    // 給瀏覽器的提示,假如使用者還看的到的話才不會納悶
                } else {
                    $up_incomplete = 1;
                }
            }
        }
        // 三‧檢查是否為可接受的檔案
        $size = @getimagesize($dest);
        if (!is_array($size)) {
            error(_T('regist_upload_notimage'), $dest);
        }
        // $size不為陣列就不是圖檔
        $imgsize = @filesize($dest);
        // 檔案大小
        $imgsize = $imgsize >= 1024 ? (int) ($imgsize / 1024) . ' KB' : $imgsize . ' B';
        // KB和B的判別
        switch ($size[2]) {
            // 判斷上傳附加圖檔之格式
            case 1:
                $ext = ".gif";
                break;
            case 2:
                $ext = ".jpg";
                break;
            case 3:
                $ext = ".png";
                break;
            case 4:
                $ext = ".swf";
                break;
            case 5:
                $ext = ".psd";
                break;
            case 6:
                $ext = ".bmp";
                break;
            case 13:
                $ext = ".swf";
                break;
            default:
                $ext = ".xxx";
                error(_T('regist_upload_notsupport'), $dest);
        }
        $allow_exts = explode('|', strtolower(ALLOW_UPLOAD_EXT));
        // 接受之附加圖檔副檔名
        if (array_search(substr($ext, 1), $allow_exts) === false) {
            error(_T('regist_upload_notsupport'), $dest);
        }
        // 並無在接受副檔名之列
        // 封鎖設定:限制上傳附加圖檔之MD5檢查碼
        $md5chksum = md5_file($dest);
        // 檔案MD5
        if (array_search($md5chksum, $BAD_FILEMD5) !== FALSE) {
            error(_T('regist_upload_blocked'), $dest);
        }
        // 在封鎖設定內則阻擋
        // 四‧計算附加圖檔圖檔縮圖顯示尺寸
        $W = $imgW = $size[0];
        $H = $imgH = $size[1];
        $MAXW = $resto ? MAX_RW : MAX_W;
        $MAXH = $resto ? MAX_RH : MAX_H;
        if ($W > $MAXW || $H > $MAXH) {
            $W2 = $MAXW / $W;
            $H2 = $MAXH / $H;
            $key = $W2 < $H2 ? $W2 : $H2;
            $W = ceil($W * $key);
            $H = ceil($H * $key);
        }
        $mes = _T('regist_uploaded', CleanStr($upfile_name));
    }
    // 檢查表單欄位內容並修整
    if (strlenUnicode($name) > INPUT_MAX) {
        error(_T('regist_nametoolong'), $dest);
    }
    if (strlenUnicode($email) > INPUT_MAX) {
        error(_T('regist_emailtoolong'), $dest);
    }
    if (strlenUnicode($sub) > INPUT_MAX) {
        error(_T('regist_topictoolong'), $dest);
    }
    if (strlenUnicode($resto) > INPUT_MAX) {
        error(_T('regist_longthreadnum'), $dest);
    }
    // E-mail / 標題修整
    $email = str_replace("\r\n", '', $email);
    $sub = str_replace("\r\n", '', $sub);
    // 名稱修整
    $name = str_replace(_T('trip_pre'), _T('trip_pre_fake'), $name);
    // 防止トリップ偽造
    $name = str_replace(CAP_SUFFIX, _T('cap_char_fake'), $name);
    // 防止管理員キャップ偽造
    $name = str_replace("\r\n", '', $name);
    $nameOri = $name;
    // 名稱
    if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
        // トリップ(Trip)機能
        $name = $nameOri = $regs[1];
        $cap = strtr($regs[2], array('&amp;' => '&'));
        $salt = preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2));
        $salt = strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
        $name = $name . _T('trip_pre') . substr(crypt($cap, $salt), -10);
    }
    if (CAP_ENABLE && preg_match('/(.*?)[##](.*)/', $email, $aregs)) {
        // 管理員キャップ(Cap)機能
        $acap_name = $nameOri;
        $acap_pwd = strtr($aregs[2], array('&amp;' => '&'));
        if ($acap_name == CAP_NAME && $acap_pwd == CAP_PASS) {
            $name = '<span class="admin_cap">' . $name . CAP_SUFFIX . '</span>';
            $is_admin = true;
            $email = $aregs[1];
            // 去除 #xx 密碼
        }
    }
    if (!$is_admin) {
        // 非管理員
        $name = str_replace(_T('admin'), '"' . _T('admin') . '"', $name);
        $name = str_replace(_T('deletor'), '"' . _T('deletor') . '"', $name);
    }
    $name = str_replace('&' . _T('trip_pre'), '&amp;' . _T('trip_pre'), $name);
    // 避免 &#xxxx; 後面被視為 Trip 留下 & 造成解析錯誤
    // 內文修整
    if (strlenUnicode($com) > COMM_MAX && !$is_admin) {
        error(_T('regist_commenttoolong'), $dest);
    }
    $com = CleanStr($com, $is_admin);
    // 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
    if (!$com && $upfile_status == 4) {
        error(_T('regist_withoutcomment'));
    }
    $com = str_replace(array("\r\n", "\r"), "\n", $com);
    $com = preg_replace("/\n(( | )*\n){3,}/", "\n", $com);
    if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
        $com = nl2br($com);
    }
    // 換行字元用<br />代替
    $com = str_replace("\n", '', $com);
    // 若還有\n換行字元則取消換行
    // 預設的內容
    if (!$name || preg_match("/^[ | |]*\$/", $name)) {
        if (ALLOW_NONAME) {
            $name = DEFAULT_NONAME;
        } else {
            error(_T('regist_withoutname'), $dest);
        }
    }
    if (!$sub || preg_match("/^[ | |]*\$/", $sub)) {
        $sub = DEFAULT_NOTITLE;
    }
    if (!$com || preg_match("/^[ | |\t]*\$/", $com)) {
        $com = DEFAULT_NOCOMMENT;
    }
    // 修整標籤樣式
    if ($category && USE_CATEGORY) {
        $category = explode(',', $category);
        // 把標籤拆成陣列
        $category = ',' . implode(',', array_map('trim', $category)) . ',';
        // 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
    } else {
        $category = '';
    }
    if ($up_incomplete) {
        $com .= '<br /><br /><span class="warn_txt">' . _T('notice_incompletefile') . '</span>';
    }
    // 上傳附加圖檔不完全的提示
    // 密碼和時間的樣式
    if ($pwd == '') {
        $pwd = $pwdc == '' ? substr(rand(), 0, 8) : $pwdc;
    }
    $pass = $pwd ? substr(md5($pwd), 2, 8) : '*';
    // 生成真正儲存判斷用的密碼
    $youbi = array(_T('sun'), _T('mon'), _T('tue'), _T('wed'), _T('thu'), _T('fri'), _T('sat'));
    $yd = $youbi[gmdate('w', $time + TIME_ZONE * 60 * 60)];
    $now = gmdate('y/m/d', $time + TIME_ZONE * 60 * 60) . '(' . (string) $yd . ')' . gmdate('H:i', $time + TIME_ZONE * 60 * 60);
    if (DISP_ID) {
        // 顯示ID
        if ($email && DISP_ID == 1) {
            $now .= ' ID:???';
        } else {
            $now .= ' ID:' . substr(crypt(md5(getREMOTE_ADDR() . IDSEED . gmdate('Ymd', $time + TIME_ZONE * 60 * 60)), 'id'), -8);
        }
    }
    // 連續投稿 / 相同附加圖檔檢查
    $checkcount = 50;
    // 預設檢查50筆資料
    $pwdc = substr(md5($pwdc), 2, 8);
    // Cookies密碼
    if ($PIO->isSuccessivePost($checkcount, $com, $time, $pass, $pwdc, $host, $upfile_name)) {
        error(_T('regist_successivepost'), $dest);
    }
    // 連續投稿檢查
    if ($dest) {
        if ($PIO->isDuplicateAttachment($checkcount, $md5chksum)) {
            error(_T('regist_duplicatefile'), $dest);
        }
    }
    // 相同附加圖檔檢查
    if ($resto) {
        $ThreadExistsBefore = $PIO->isThread($resto);
    }
    // 舊文章刪除處理
    if (PIOSensor::check('delete', $LIMIT_SENSOR)) {
        $delarr = PIOSensor::listee('delete', $LIMIT_SENSOR);
        if (count($delarr)) {
            deleteCache($delarr);
            $PMS->useModuleMethods('PostOnDeletion', array($delarr, 'recycle'));
            // "PostOnDeletion" Hook Point
            $files = $PIO->removePosts($delarr);
            if (count($files)) {
                $delta_totalsize -= $FileIO->deleteImage($files);
            }
            // 更新 delta 值
        }
    }
    // 附加圖檔容量限制功能啟動:刪除過大檔
    if (STORAGE_LIMIT && STORAGE_MAX > 0) {
        $tmp_total_size = $FileIO->getCurrentStorageSize();
        // 取得目前附加圖檔使用量
        if ($tmp_total_size > STORAGE_MAX) {
            $files = $PIO->delOldAttachments($tmp_total_size, STORAGE_MAX, false);
            $delta_totalsize -= $FileIO->deleteImage($files);
        }
    }
    // 判斷欲回應的文章是不是剛剛被刪掉了
    if ($resto) {
        if ($ThreadExistsBefore) {
            // 欲回應的討論串是否存在
            if (!$PIO->isThread($resto)) {
                // 被回應的討論串存在但已被刪
                // 提前更新資料來源,此筆新增亦不紀錄
                $PIO->dbCommit();
                updatelog();
                error(_T('regist_threaddeleted'), $dest);
            } else {
                // 檢查是否討論串被設為禁止回應 (順便取出原討論串的貼文時間)
                $post = $PIO->fetchPosts($resto);
                // [特殊] 取單篇文章內容,但是回傳的$post同樣靠[$i]切換文章!
                list($chkstatus, $chktime) = array($post[0]['status'], $post[0]['tim']);
                $chktime = substr($chktime, 0, -3);
                // 拿掉微秒 (後面三個字元)
                $flgh = $PIO->getPostStatus($chkstatus);
                if ($flgh->exists('TS')) {
                    error(_T('regist_threadlocked'), $dest);
                }
            }
        } else {
            error(_T('thread_not_found'), $dest);
        }
        // 不存在
    }
    // 計算某些欄位值
    $no = $PIO->getLastPostNo('beforeCommit') + 1;
    isset($ext) ? 0 : ($ext = '');
    isset($imgW) ? 0 : ($imgW = 0);
    isset($imgH) ? 0 : ($imgH = 0);
    isset($imgsize) ? 0 : ($imgsize = '');
    isset($W) ? 0 : ($W = 0);
    isset($H) ? 0 : ($H = 0);
    isset($md5chksum) ? 0 : ($md5chksum = '');
    $age = false;
    $status = '';
    if ($resto) {
        if (!stristr($email, 'sage') && ($PIO->postCount($resto) <= MAX_RES || MAX_RES == 0)) {
            if (!MAX_AGE_TIME || $time - $chktime < MAX_AGE_TIME * 60 * 60) {
                $age = true;
            }
            // 討論串並無過期,推文
        }
    }
    $PMS->useModuleMethods('RegistBeforeCommit', array(&$name, &$email, &$sub, &$com, &$category, &$age, $dest, $resto, array($W, $H, $imgW, $imgH), &$status));
    // "RegistBeforeCommit" Hook Point
    // 正式寫入儲存
    $PIO->addPost($no, $resto, $md5chksum, $category, $tim, $ext, $imgW, $imgH, $imgsize, $W, $H, $pass, $now, $name, $email, $sub, $com, $host, $age, $status);
    $PIO->dbCommit();
    $lastno = $PIO->getLastPostNo('afterCommit');
    // 取得此新文章編號
    $PMS->useModuleMethods('RegistAfterCommit', array($lastno, $resto, $name, $email, $sub, $com));
    // "RegistAfterCommit" Hook Point
    // Cookies儲存:密碼與E-mail部分,期限是一週
    setcookie('pwdc', $pwd, time() + 7 * 24 * 3600);
    setcookie('emailc', $email, time() + 7 * 24 * 3600);
    if ($dest && is_file($dest)) {
        $destFile = IMG_DIR . $tim . $ext;
        // 圖檔儲存位置
        $thumbFile = THUMB_DIR . $tim . 's.' . $THUMB_SETTING['Format'];
        // 預覽圖儲存位置
        if (USE_THUMB !== 0) {
            // 生成預覽圖
            $thumbType = USE_THUMB;
            if (USE_THUMB == 1) {
                $thumbType = 'gd';
            }
            // 與舊設定相容
            require ROOTPATH . 'lib/thumb/thumb.' . $thumbType . '.php';
            $thObj = new ThumbWrapper($dest, $imgW, $imgH);
            $thObj->setThumbnailConfig($W, $H, $THUMB_SETTING);
            $thObj->makeThumbnailtoFile($thumbFile);
            @chmod($thumbFile, 0666);
            unset($thObj);
        }
        rename($dest, $destFile);
        if (file_exists($destFile)) {
            $FileIO->uploadImage($tim . $ext, $destFile, filesize($destFile));
            $delta_totalsize += filesize($destFile);
        }
        if (file_exists($thumbFile)) {
            $FileIO->uploadImage($tim . 's.' . $THUMB_SETTING['Format'], $thumbFile, filesize($thumbFile));
            $delta_totalsize += filesize($thumbFile);
        }
    }
    // delta != 0 表示總檔案大小有更動,須更新快取
    if ($delta_totalsize != 0) {
        $FileIO->updateStorageSize($delta_totalsize);
    }
    updatelog();
    // 引導使用者至新頁面
    $RedirURL = PHP_SELF2 . '?' . $tim;
    // 定義儲存資料後轉址目標
    if (isset($_POST['up_series'])) {
        // 勾選連貼機能
        if ($resto) {
            $RedirURL = PHP_SELF . '?res=' . $resto . '&amp;upseries=1';
        } else {
            $RedirURL = PHP_SELF . '?res=' . $lastno . '&amp;upseries=1';
            // 新增主題後繼續轉到此主題下
        }
    }
    $RedirforJS = strtr($RedirURL, array("&amp;" => "&"));
    // JavaScript用轉址目標
    echo <<<_REDIR_
<!DOCTYPE html>
<html lang="zh-TW">
<head>
<meta charset="utf-8">
<title></title>
<meta http-equiv="Refresh" content="1;URL={$RedirURL}" />
<script type="text/javascript">
// Redirection (use JS)
// <![CDATA[
function redir(){
\tlocation.href = "{$RedirforJS}";
}
setTimeout("redir()", 1000);
// ]]>
</script>
</head>
<body>
<div>
_REDIR_;
    echo _T('regist_redirect', $mes, $RedirURL) . '</div>
</body>
</html>';
}
Ejemplo n.º 2
0
 function ModulePage()
 {
     global $PIO, $PTE, $language;
     $sqlerr = '';
     $nodb = false;
     if (!file_exists($this->rankDB)) {
         $nodb = true;
     }
     $this->conn = sqlite_popen($this->rankDB, 0666, $sqlerr);
     if ($nodb) {
         $str = "CREATE TABLE [eggpoll_votes] (\r\n[no] INTEGER  PRIMARY KEY NOT NULL,\r\n[up] INTEGER DEFAULT '0' NOT NULL,\r\n[down] INTEGER DEFAULT '0' NOT NULL\r\n);\r\nCREATE TABLE [eggpoll_detail] (\r\n[no] INTEGER NOT NULL,\r\n[option] INTEGER DEFAULT '0' NOT NULL,\r\n[ip] TEXT NOT NULL,\r\n[date] TEXT  NOT NULL\r\n);\r\nCREATE INDEX eggpoll_detail_index_ip_date ON eggpoll_detail(ip,date);";
         sqlite_exec($this->conn, $str, $sqlerr);
         if ($sqlerr) {
             echo $sqlerr;
         }
     }
     if (isset($_GET['get'])) {
         $this->_getPollValues($_GET['get']);
     } else {
         if (isset($_GET['no']) && isset($_GET['rank'])) {
             $ip = getREMOTE_ADDR();
             $tim = time() + TIME_ZONE * 60 * 60;
             $datestr = gmdate('Ymd', $tim);
             $deldate = gmdate('Ymd', strtotime('-' . $this->daysThreshold . ' days', $tim));
             $no = intval($_GET['no']);
             $rank = intval($_GET['rank']);
             // 查IP
             $baninfo = '';
             $host = gethostbyaddr($ip);
             if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
                 die(_T('regist_ipfiltered', $baninfo));
             }
             $post = $PIO->fetchPosts($no);
             if (!count($post)) {
                 die('[Error] Post does not exist.');
             }
             // 被評之文章不存在
             // 檢查是否已經投票
             $qry = 'SELECT no,ip,date FROM eggpoll_detail WHERE ip = "' . $ip . '" AND date = "' . $datestr . '" AND no ="' . $no . '"';
             $rs = sqlite_query($this->conn, $qry);
             if (sqlite_num_rows($rs)) {
                 die('[Error] Already voted.');
             }
             // 刐除舊詳細評價
             $qry = 'SELECT date FROM eggpoll_detail WHERE date < "' . $deldate . '" LIMIT 1';
             $rs = sqlite_query($this->conn, $qry);
             if (sqlite_num_rows($rs)) {
                 $str = 'DELETE FROM eggpoll_detail WHERE date < "' . $deldate . '"';
                 sqlite_exec($this->conn, $str, $sqlerr);
                 sqlite_exec($this->conn, 'VACUUM', $sqlerr);
             }
             $str = 'INSERT INTO eggpoll_detail (no,option,ip,date) VALUES (' . $no . ',' . $rank . ',"' . $ip . '","' . $datestr . '")';
             sqlite_exec($this->conn, $str, $sqlerr);
             if ($sqlerr) {
                 echo $sqlerr;
             }
             $qry = 'SELECT * FROM eggpoll_votes WHERE no =' . $no;
             $rs = sqlite_query($this->conn, $qry);
             if (!sqlite_num_rows($rs)) {
                 $str = 'INSERT INTO eggpoll_votes (no,up,down) VALUES (' . $no . ($rank ? ',1,0)' : ',0,1)');
             } else {
                 if ($rank) {
                     $str = 'UPDATE eggpoll_votes SET up = up+1 WHERE no=' . $no;
                 } else {
                     $str = 'UPDATE eggpoll_votes SET down = down+1 WHERE no=' . $no;
                 }
             }
             sqlite_exec($this->conn, $str, $sqlerr);
             if ($sqlerr) {
                 echo $sqlerr;
             }
             echo '+OK ';
             $this->_getPollValues($no);
         }
     }
 }
Ejemplo n.º 3
0
 function ModulePage()
 {
     global $PIO, $FileIO, $PMS, $language, $BAD_STRING, $BAD_FILEMD5, $BAD_IPADDR, $LIMIT_SENSOR;
     if (!isset($_GET['no'])) {
         die('[Error] not enough parameter.');
     }
     if (!isset($_POST['mode'])) {
         // 顯示表單
         if (!$this->shown_in_page && !adminAuthenticate('check')) {
             die('[Error] Access Denied.');
         }
         $post = $PIO->fetchPosts($_GET['no']);
         if (!count($post)) {
             die('[Error] Post does not exist.');
         }
         extract($post[0]);
         $PMS->loadModules('mod_bbcode');
         //嘗試載入mod_bbcode
         if ($bbcode = $PMS->getModuleInstance('mod_bbcode')) {
             $bbcode->_html2bb($com);
         }
         $name = preg_replace('|<span.*?>(.*?)</span>|', '\\1', $name);
         $dat = '';
         head($dat);
         $PMS->hookModuleMethod('PostInfo', array($this, '_EditPostInfo'));
         form($dat, $resto, false, $this->mypage . '&amp;no=' . $_GET['no'], $name, $email, $sub, str_replace('<br />', "\n", $com), substr(str_replace('&#44;', ',', $category), 1, -1), 'edit');
         foot($dat);
         echo $dat;
     } else {
         // 儲存
         if ($_SERVER['REQUEST_METHOD'] != 'POST') {
             error(_T('regist_notpost'));
         }
         // 非正規POST方式
         $post = $PIO->fetchPosts($_GET['no']);
         $newValues = array();
         if (!count($post)) {
             die('[Error] Post does not exist.');
         }
         $name = isset($_POST[FT_NAME]) ? $_POST[FT_NAME] : '';
         $email = isset($_POST[FT_EMAIL]) ? $_POST[FT_EMAIL] : '';
         $sub = isset($_POST[FT_SUBJECT]) ? $_POST[FT_SUBJECT] : '';
         $com = isset($_POST[FT_COMMENT]) ? $_POST[FT_COMMENT] : '';
         $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
         $category = isset($_POST['category']) ? $_POST['category'] : '';
         $resto = isset($_POST['resto']) ? $_POST['resto'] : 0;
         $upfile = '';
         $upfile_path = '';
         $upfile_name = false;
         $upfile_status = 4;
         $pwdc = isset($_COOKIE['pwdc']) ? $_COOKIE['pwdc'] : '';
         if ($resto && !$PIO->isThread($resto)) {
             die('[Error] Thread was deleted.');
         }
         $is_admin = $haveperm = $pwd == ADMIN_PASS || adminAuthenticate('check');
         $PMS->useModuleMethods('Authenticate', array($pwd, 'useredit', &$haveperm));
         if ($pwd == '' && $pwdc != '') {
             $pwd = $pwdc;
         }
         $pwd_md5 = substr(md5($pwd), 2, 8);
         $host = gethostbyaddr(getREMOTE_ADDR());
         if (!($pwd_md5 == $post[0]['pwd'] || $host == $post[0]['host'] || $haveperm)) {
             die('[Error] Access denied.');
         }
         // 欄位陷阱
         $FTname = isset($_POST['name']) ? $_POST['name'] : '';
         $FTemail = isset($_POST['email']) ? $_POST['email'] : '';
         $FTsub = isset($_POST['sub']) ? $_POST['sub'] : '';
         $FTcom = isset($_POST['com']) ? $_POST['com'] : '';
         $FTreply = isset($_POST['reply']) ? $_POST['reply'] : '';
         if ($FTname != 'spammer' || $FTemail != '*****@*****.**' || $FTsub != 'DO NOT FIX THIS' || $FTcom != 'EID OG SMAPS' || $FTreply != '') {
             error(_T('regist_nospam'));
         }
         // 封鎖:IP/Hostname/DNSBL 檢查機能
         $ip = getREMOTE_ADDR();
         $host = gethostbyaddr($ip);
         $baninfo = '';
         if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
             error(_T('regist_ipfiltered', $baninfo));
         }
         // 封鎖:限制出現之文字
         foreach ($BAD_STRING as $value) {
             if (strpos($com, $value) !== false || strpos($sub, $value) !== false || strpos($name, $value) !== false || strpos($email, $value) !== false) {
                 error(_T('regist_wordfiltered'));
             }
         }
         $PMS->useModuleMethods('RegistBegin', array(&$name, &$email, &$sub, &$com, array('file' => &$upfile, 'path' => &$upfile_path, 'name' => &$upfile_name, 'status' => &$upfile_status), array('ip' => $ip, 'host' => $host)));
         // "RegistBegin" Hook Point
         // 檢查是否輸入櫻花日文假名
         $chkanti = array($name, $email, $sub, $com);
         foreach ($chkanti as $anti) {
             if (anti_sakura($anti)) {
                 error(_T('regist_sakuradetected'));
             }
         }
         // 檢查表單欄位內容並修整
         if (strlen($name) > 100) {
             error(_T('regist_nametoolong'));
         }
         if (strlen($email) > 100) {
             error(_T('regist_emailtoolong'));
         }
         if (strlen($sub) > 100) {
             error(_T('regist_topictoolong'));
         }
         if (strlen($resto) > 10) {
             error(_T('regist_longthreadnum'));
         }
         $email = CleanStr($email);
         $email = str_replace("\r\n", '', $email);
         $sub = CleanStr($sub);
         $sub = str_replace("\r\n", '', $sub);
         $resto = CleanStr($resto);
         $resto = str_replace("\r\n", '', $resto);
         // 名稱修整
         $name = CleanStr($name);
         $name = str_replace(_T('trip_pre'), _T('trip_pre_fake'), $name);
         // 防止トリップ偽造
         $name = str_replace(CAP_SUFFIX, _T('cap_char_fake'), $name);
         // 防止管理員キャップ偽造
         $name = str_replace("\r\n", '', $name);
         $nameOri = $name;
         // 名稱
         if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
             // トリップ(Trip)機能
             $name = $nameOri = $regs[1];
             $cap = strtr($regs[2], array('&amp;' => '&'));
             $salt = preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2));
             $salt = strtr($salt, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
             $name = $name . _T('trip_pre') . substr(crypt($cap, $salt), -10);
         }
         if (CAP_ENABLE && preg_match('/(.*?)[##](.*)/', $email, $aregs)) {
             // 管理員キャップ(Cap)機能
             $acap_name = $nameOri;
             $acap_pwd = strtr($aregs[2], array('&amp;' => '&'));
             if ($acap_name == CAP_NAME && $acap_pwd == CAP_PASS) {
                 $name = '<span class="admin_cap">' . $name . CAP_SUFFIX . '</span>';
                 $is_admin = true;
                 $email = $aregs[1];
                 // 去除 #xx 密碼
             }
         }
         if (!$is_admin) {
             // 非管理員
             $name = str_replace(_T('admin'), '"' . _T('admin') . '"', $name);
             $name = str_replace(_T('deletor'), '"' . _T('deletor') . '"', $name);
         }
         $name = str_replace('&◆', '&amp;◆', $name);
         // 避免 &#xxxx; 後面被視為 Trip 留下 & 造成解析錯誤
         // 內文修整
         if (strlen($com) > COMM_MAX && !$is_admin) {
             error(_T('regist_commenttoolong'));
         }
         $com = CleanStr($com, $is_admin);
         // 引入$is_admin參數是因為當管理員キャップ啟動時,允許管理員依config設定是否使用HTML
         $com = str_replace("\r\n", "\n", $com);
         $com = str_replace("\r", "\n", $com);
         $com = ereg_replace("\n(( | )*\n){3,}", "\n", $com);
         if (!BR_CHECK || substr_count($com, "\n") < BR_CHECK) {
             $com = nl2br($com);
         }
         // 換行字元用<br />代替
         $com = str_replace("\n", '', $com);
         // 若還有\n換行字元則取消換行
         if ($category && USE_CATEGORY) {
             // 修整標籤樣式
             $category = explode(',', $category);
             // 把標籤拆成陣列
             $category = '&#44;' . implode('&#44;', array_map('trim', $category)) . '&#44;';
             // 去空白再合併為單一字串 (左右含,便可以直接以,XX,形式搜尋)
         } else {
             $category = '';
         }
         $age = false;
         $dest = '';
         $W = $post[0]['tw'];
         $H = $post[0]['th'];
         $imgW = $post[0]['imgw'];
         $imgH = $post[0]['imgh'];
         $status = $post[0]['status'];
         $PMS->useModuleMethods('RegistBeforeCommit', array(&$name, &$email, &$sub, &$com, &$category, &$age, $dest, $resto, array($W, $H, $imgW, $imgH), &$status));
         // "RegistBeforeCommit" Hook Point
         if ($name != $post[0]['name'] && $_POST[FT_NAME]) {
             $newValues['name'] = $name;
         }
         if ($email != $post[0]['email'] && $_POST[FT_EMAIL]) {
             $newValues['email'] = $email;
         }
         if ($sub != $post[0]['sub'] && $_POST[FT_SUBJECT]) {
             $newValues['sub'] = $sub;
         }
         if ($com != $post[0]['com'] && $_POST[FT_COMMENT]) {
             $newValues['com'] = $com;
         }
         if ($category != $post[0]['category'] && $_POST['category']) {
             $newValues['category'] = $category;
         }
         $PIO->updatePost($_GET['no'], $newValues);
         $PIO->dbCommit();
         $parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
         $threads = array_flip($PIO->fetchThreadList());
         $threadPage = floor($threads[$parentNo] / PAGE_DEF);
         if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
             updatelog(0, $threadPage, true);
         }
         // 僅更新討論串出現那頁
         deleteCache(array($parentNo));
         // 刪除討論串舊快取
         header('HTTP/1.1 302 Moved Temporarily');
         header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
     }
 }
Ejemplo n.º 4
0
 public function ModulePage()
 {
     $PIO = PMCLibrary::getPIOInstance();
     if (!isset($_GET['no'])) {
         die('[Error] not enough parameter.');
     }
     if (isset($_GET['action'])) {
         if (adminAuthenticate('check')) {
             $pushcount = '';
             $puststart = 0;
             $post = $PIO->fetchPosts($_GET['no']);
             if (!count($post)) {
                 die('[Error] Post does not exist.');
             }
             // 被推之文章不存在
             extract($post[0]);
             if ($status != '') {
                 $f = $PIO->getPostStatus($status);
                 $pushcount = $f->value('mppCnt');
                 // 被推次數
             }
             if (($puststart = strpos($com, $this->PUSHPOST_SEPARATOR . '<br />')) === false) {
                 die('[Error] No pushpost.');
             }
             $ocom = substr($com, 0, $puststart);
             $pushpost = explode('<br />', substr($com, $puststart + strlen($this->PUSHPOST_SEPARATOR . '<br />')));
             $com = $ocom;
             if ($_GET['action'] == 'del') {
                 // list
                 $p_count = 1;
                 $com .= '<div class="pushpost">';
                 foreach ($pushpost as $p) {
                     $com .= '<input type="checkbox" name="' . $p_count++ . '" value="delete" />' . $p . '<br />';
                 }
                 $com .= '</div>';
                 $dat = '';
                 head($dat);
                 $dat .= '<div class="bar_reply">' . $this->_T('deletepush') . '</div>';
                 $dat .= '<form action="' . $this->getModulePageURL(array('action' => 'delpush', 'no' => $_GET['no'])) . '" method="post">';
                 $dat .= PMCLibrary::getPTEInstance()->ParseBlock('SEARCHRESULT', array('{$NO}' => $no, '{$SUB}' => $sub, '{$NAME}' => $name, '{$NOW}' => $now, '{$COM}' => $com, '{$CATEGORY}' => $category, '{$NAME_TEXT}' => _T('post_name'), '{$CATEGORY_TEXT}' => _T('post_category')));
                 echo $dat, '<input type="submit" value="' . _T('del_btn') . '" /></form></body></html>';
                 return;
             } else {
                 if ($_GET['action'] == 'delpush') {
                     // delete
                     $delno = array();
                     reset($_POST);
                     while ($item = each($_POST)) {
                         if ($item[1] == 'delete' && $item[0] != 'func') {
                             array_push($delno, $item[0]);
                         }
                     }
                     if (count($delno)) {
                         foreach ($delno as $d) {
                             if (isset($pushpost[$d - 1])) {
                                 unset($pushpost[$d - 1]);
                             }
                         }
                     }
                     $pushcount = count($pushpost);
                     if ($pushcount) {
                         $f->update('mppCnt', $pushcount);
                         // 更新推文次數
                         $com = $ocom . $this->PUSHPOST_SEPARATOR . '<br />' . implode('<br />', $pushpost);
                     } else {
                         $f->remove('mppCnt');
                         // 刪除推文次數
                         $com = $ocom;
                     }
                     $PIO->updatePost($_GET['no'], array('com' => $com, 'status' => $f->toString()));
                     // 更新推文
                     $PIO->dbCommit();
                     header('HTTP/1.1 302 Moved Temporarily');
                     header('Location: ' . fullURL() . PHP_SELF . '?page_num=0');
                     return;
                 } else {
                     die('[Error] unknown action.');
                 }
             }
         } else {
             die('[Error] unauthenticated action.');
         }
     }
     // 非 AJAX 推文,產出表單供填寫
     if (!isset($_POST['comm'])) {
         echo $this->printStaticForm(intval($_GET['no']));
     } else {
         // 處理推文
         // 傳送方法不正確
         if ($_SERVER['REQUEST_METHOD'] != 'POST') {
             die(_T('regist_notpost'));
         }
         // 查IP
         $baninfo = '';
         $ip = getREMOTE_ADDR();
         $host = gethostbyaddr($ip);
         if (BanIPHostDNSBLCheck($ip, $host, $baninfo)) {
             die(_T('regist_ipfiltered', $baninfo));
         }
         $name = CleanStr($_POST['name']);
         $comm = CleanStr($_POST['comm']);
         if (strlen($name) > 30) {
             die($this->_T('maxlength'));
         }
         // 名稱太長
         if (strlen($comm) > 160) {
             die($this->_T('maxlength'));
         }
         // 太多字
         if (strlen($comm) == 0) {
             die($this->_T('nocomment'));
         }
         // 沒打字
         $name = str_replace(array(_T('trip_pre'), _T('admin'), _T('deletor')), array(_T('trip_pre_fake'), '"' . _T('admin') . '"', '"' . _T('deletor') . '"'), $name);
         // 生成ID, Trip 等識別資訊
         $pushID = $this->getID();
         $pushtime = gmdate('y/m/d H:i', time() + intval(TIME_ZONE) * 3600);
         if (preg_match('/(.*?)[##](.*)/u', $name, $regs)) {
             $cap = strtr($regs[2], array('&amp;' => '&'));
             $salt = strtr(preg_replace('/[^\\.-z]/', '.', substr($cap . 'H.', 1, 2)), ':;<=>?@[\\]^_`', 'ABCDEFGabcdef');
             $name = $regs[1] . _T('trip_pre') . substr(crypt($cap, $salt), -10);
         }
         if (!$name || preg_match("/^[ | |]*\$/", $name)) {
             if (ALLOW_NONAME) {
                 $name = DEFAULT_NONAME;
             } else {
                 die(_T('regist_withoutname'));
             }
             // 不接受匿名
         }
         if (ALLOW_NONAME == 2) {
             // 強制砍名
             $name = preg_match('/(\\' . _T('trip_pre') . '.{10})/', $name, $matches) ? $matches[1] . ':' : DEFAULT_NONAME . ':';
         } else {
             $name .= ':';
         }
         $pushpost = "{$name} {$comm} ({$pushID} {$pushtime})";
         // 推文主體
         $post = $PIO->fetchPosts($_GET['no']);
         if (!count($post)) {
             die('[Error] Post does not exist.');
         }
         // 被推之文章不存在
         $parentNo = $post[0]['resto'] ? $post[0]['resto'] : $post[0]['no'];
         $threads = array_flip($PIO->fetchThreadList());
         $threadPage = floor($threads[$parentNo] / PAGE_DEF);
         $p = $parentNo == $post[0]['no'] ? $post : $PIO->fetchPosts($parentNo);
         // 取出首篇
         $flgh = $PIO->getPostStatus($p[0]['status']);
         if ($flgh->exists('TS')) {
             die('[Error] ' . _T('regist_threadlocked'));
         }
         // 首篇禁止回應/同時表示禁止推文
         $post[0]['com'] .= (strpos($post[0]['com'], $this->PUSHPOST_SEPARATOR . '<br />') === false ? '<br />' . $this->PUSHPOST_SEPARATOR : '') . '<br /> ' . $pushpost;
         $flgh2 = $PIO->getPostStatus($post[0]['status']);
         $flgh2->plus('mppCnt');
         // 推文次數+1
         $PIO->updatePost($_GET['no'], array('com' => $post[0]['com'], 'status' => $flgh2->toString()));
         // 更新推文
         $PIO->dbCommit();
         // mod_audit logcat
         $this->callCHP('mod_audit_logcat', array(sprintf('[%s] No.%d %s (%s)', __CLASS__, $_GET['no'], $comm, $pushID)));
         if (STATIC_HTML_UNTIL == -1 || $threadPage <= STATIC_HTML_UNTIL) {
             // 僅更新討論串出現那頁
             updatelog(0, $threadPage, true);
         }
         deleteCache(array($parentNo));
         // 刪除討論串舊快取
         if (isset($_POST['ajaxmode'])) {
             echo '+OK ', $pushpost;
         } else {
             header('HTTP/1.1 302 Moved Temporarily');
             header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
         }
     }
 }