Ejemplo n.º 1
0
Text to help preserve UTF-8 file encoding: 汉语漢語.
*/
if (!isset($cmtx_path)) {
    die('Access Denied.');
}
if (isset($_POST['cmtx_submit']) || isset($_POST['cmtx_sub']) || isset($_POST['cmtx_preview']) || isset($_POST['cmtx_prev'])) {
    //if data submitted
    if (!cmtx_is_form_enabled(false)) {
        //if form is disabled
        return;
        //exit file
    }
    define('CMTX_PROCESSING', true);
    //define that the form was submitted
    $cmtx_ip_address = cmtx_get_ip_address();
    //get user's IP address
    cmtx_check_if_banned();
    //check if user is banned
    //initialise a few variables
    $cmtx_approve = false;
    $cmtx_approve_reason = "";
    $cmtx_error = false;
    $cmtx_error_message = "";
    $cmtx_error_total = 0;
    /* Security Key */
    if (!isset($_POST['cmtx_security_key'])) {
        //no security key submitted
        cmtx_ban(CMTX_BAN_REASON_NO_SECURITY_KEY);
        //ban user for no security key
    } else {
Ejemplo n.º 2
0
function cmtx_has_rated_form()
{
    //checks whether user has already rated
    global $cmtx_mysql_table_prefix, $cmtx_page_id;
    //globalise variables
    $ip_address = cmtx_get_ip_address();
    $rated = false;
    //initialise flag as false
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `page_id` = '{$cmtx_page_id}' AND `ip_address` = '{$ip_address}' AND `rating` != '0'")) != 0) {
        $rated = true;
    }
    return $rated;
}
Ejemplo n.º 3
0
            }
        }
    }
} else {
    if (isset($_SESSION['cmtx_username']) && isset($_SESSION['cmtx_password']) && cmtx_valid_account($_SESSION['cmtx_username'], $_SESSION['cmtx_password']) == '3') {
        //currently logged in, no action required.
        //verify user-agent
        if ($_SESSION['cmtx_user_agent'] != $_SERVER['HTTP_USER_AGENT']) {
            cmtx_log_out('exit');
        }
        //verify user-language
        if ($_SESSION['cmtx_user_lang'] != $_SERVER['HTTP_ACCEPT_LANGUAGE']) {
            cmtx_log_out('exit');
        }
        //verify ip-address
        if ($_SESSION['cmtx_ip_address'] != cmtx_get_ip_address()) {
            //cmtx_log_out('exit');
        }
    } else {
        if (isset($_SESSION['cmtx_username']) && isset($_SESSION['cmtx_password']) && cmtx_valid_account($_SESSION['cmtx_username'], $_SESSION['cmtx_password']) != '3') {
            //logged in, but shouldn't be
            cmtx_log_out('exit');
        } else {
            if (isset($_GET['page']) && $_GET['page'] == 'reset') {
                ?>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Commentics: Reset</title>
	<meta name="robots" content="noindex"/>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
Ejemplo n.º 4
0
function cmtx_unban_viewer()
{
    //unban viewer if requested
    global $cmtx_mysql_table_prefix;
    //globalise variables
    $bans = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "bans` WHERE `unban` = '1'");
    while ($ban = cmtx_db_fetch_assoc($bans)) {
        if (cmtx_get_ip_address() == $ban['ip_address']) {
            ?>
<script type="text/javascript">
			// <![CDATA[
			jQuery.removeCookie('Commentics-Ban', { path: '/' });
			// ]]>
			</script><?php 
            cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "bans` WHERE `id` = '" . $ban['id'] . "'");
        }
    }
}
Ejemplo n.º 5
0
function cmtx_user_trusted()
{
    //check if user has previously posted an approved comment
    global $cmtx_name, $cmtx_mysql_table_prefix;
    //globalise variables
    $ip_address = cmtx_get_ip_address();
    //get user's IP address
    //if the user's name and IP address match and an approved comment is found
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `name` = '{$cmtx_name}' AND `ip_address` = '{$ip_address}' AND `is_approved` = '1'"))) {
        return true;
        //user is trusted
    } else {
        return false;
        //user is not trusted
    }
}
<div style="clear: left;"></div>
<?php 
    }
}
?>

<?php 
$admin_id = cmtx_get_admin_id();
?>

<?php 
$detection = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `id` = '{$admin_id}'");
$detection = cmtx_db_fetch_assoc($detection);
$ip_address = $detection["ip_address"];
if ($ip_address != cmtx_get_ip_address() && !cmtx_setting('is_demo')) {
    cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `ip_address` = '" . cmtx_get_ip_address() . "' WHERE `id` = '{$admin_id}'");
    ?>
	<div class="info"><?php 
    echo CMTX_MSG_IP_ADDRESS_UPDATED;
    ?>
</div>
	<div style="clear: left;"></div>
	<?php 
}
?>

<?php 
if (isset($_POST['submit']) && cmtx_setting('is_demo')) {
    ?>
<div class="warning"><?php 
    echo CMTX_MSG_DEMO;
Ejemplo n.º 7
0
function cmtx_delete_attempts()
{
    //delete attempts on login page
    global $cmtx_mysql_table_prefix;
    $ip_address = cmtx_get_ip_address();
    cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "attempts` WHERE `ip_address` = '{$ip_address}'");
}