Example #1
0
		//Lurk more?
		if($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_REPLY)
		{
			add_error('Lurk for at least ' . REQUIRED_LURK_TIME_REPLY . ' seconds before posting your first reply.');
		}
		
		// Flood control.
		$too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_REPLY;
		$res=DB::Execute(sprintf('SELECT 1 FROM {P}PMs WHERE pmFrom = \'%s\' AND pmDateSent > %d',$_SERVER['REMOTE_ADDR'], $too_early));

		if($res->RecordCount() > 0)
		{
			add_error('Wait at least ' . FLOOD_CONTROL_REPLY . ' seconds between each reply. ');
		}
		//Check inputs
		list($_POST['title'],$_POST['body'])=Check4Filtered($_POST['title'],$_POST['body']);
		$reply=new PM();
		$reply->To	= $_POST['to'];
		$reply->Thread	= intval($_POST['thread']);
		$reply->From	=$User->ID;
		$reply->Title	= $_POST['title'];
		$reply->Body	= $_POST['body'];
		$reply->Save();
		$_SESSION['notice']='PM sent.';
		break;
}

switch(Path::FetchIndex(0))
{
	default:
	case 'list':
Example #2
0
            $page_title .= ':  <a href="/topic/' . $_GET['edit'] . '">' . htmlspecialchars(Post::GetEString('headline')) . '</a>';
        }
    }
}
//var_dump($_POST);
if ($_POST['form_sent']) {
    // Trimming.
    $headline = super_trim(Post::GetEString('headline', true));
    $body = super_trim($_POST['body']);
    $authorname = super_trim(Post::GetEString('name', true));
    if (!empty($authorname)) {
        $_SESSION['PostName'] = $authorname;
    }
    // Parse for mass quote tag ([quote]). I'm not sure about create_function, it seems kind of slow.
    $body = preg_replace_callback('/\\[quote\\](.+?)\\[\\/quote\\]/s', create_function('$matches', 'return preg_replace(\'/.*[^\\s]$/m\', \'> $0\', $matches[1]);'), $body);
    list($headline, $body) = Check4Filtered($headline, $body);
    if ($_POST['post']) {
        // Check for poorly made bots.
        if (!$editing && $_SERVER['REQUEST_TIME'] - Post::GetInt('start_time') < 3) {
            add_error('Wait a few seconds between starting to compose a post and actually submitting it.');
        }
        if (!empty($_POST['e-mail'])) {
            add_error('Bot detected.');
        }
        if (!is_array($_SESSION['random_posting_hashes'])) {
            add_error('Session error (no hash values stored). Try again.');
        } else {
            foreach ($_SESSION['random_posting_hashes'] as $name => $value) {
                if (!isset($_POST[$name]) || $_POST[$name] != $value) {
                    add_error('Session error (wrong hash value sent). Try again.');
                    break;