function comments_new($item_id, $item_type, $user_id, $comment)
{
$content_check = content_check($comment);
if ($content_check === 1) {
$insertquery = 'INSERT INTO user_comments (item_type, item_id, timestamp, user_id, comment) VALUES ("';
$insertquery .= $item_type . '", "';
$insertquery .= $item_id . '", "';
$insertquery .= time() . '", "';
$insertquery .= $user_id . '", "';
$insertquery .= $comment . '")';
$updatequery = 'UPDATE user_comments SET' . ' timestamp = "' . time() . '", ' . ' comment = "' . $comment . '",' . ' removed = 0 ' . ' WHERE item_type = "' . $item_type . '" ' . ' AND item_id = "' . $item_id . '"' . ' AND user_id = "' . $user_id . '"' . ' LIMIT 1';
log_to_file('comments', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'new_comment', $insertquery);
log_to_file('comments', LOGLEVEL_DEBUG, __FILE__, __LINE__, 'new_comment', $updatequery);
if (mysql_query($insertquery)) {
$query = 'UPDATE item_ranks SET comment_count = comment_count + 1 WHERE item_type = "' . $item_type . '" ' . ' AND item_id = "' . $item_id . '"';
} else {
mysql_query($updatequery);
}
if ($item_type == 'photos') {
$query = 'UPDATE user_photos SET unread_comments = unread_comments + 1 WHERE id = "' . $item_id . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
} else {
die('<p style="margin: 0px;">' . $content_check . '</p>');
}
}
}
$buffer = array("gid" => $data["gid"], "group" => $data["ggroup"], "desc" => $data["beschreibung"], "check" => $check, "class" => $class, "disabled" => $disabled);
if (is_array($cfg["fileed"]["su_groups"]) && in_array($data["gid"], $cfg["fileed"]["su_groups"])) {
$buffer_su[] = $buffer;
} else {
$buffer_user[] = $buffer;
}
}
$dataloop["avail_groups"] = array_merge($buffer_su, $buffer_user);
}
}
// + + + + +
// grant edit-rechte
$hidedata["references"] = array();
// wo im content wird die datei verwendet
$used_in = content_check($environment["parameter"][1]);
if (count($used_in) > 0) {
$ausgaben["reference"] = implode("<br />", $used_in);
} else {
$ausgaben["reference"] = "---";
}
// in welchen galerien wird die datei verwendet
$compilations = compilation_list($environment["parameter"][1]);
preg_match_all("/#p([0-9]+),/U", $form_values["fhit"], $match);
$intersect = array_intersect_key($compilations, array_flip($match[1]));
ksort($intersect);
$ausgaben["ref_comp"] = "";
if (count($intersect) > 0) {
foreach ($intersect as $value) {
$group_content = "";
$i = 1;
function spamcheck($sender, $text, $to = null)
{
if (strlen(trim($text)) == 0) {
return 'Dina meddelanden måste innehålla minst ett tecken';
}
if ($to == '2348') {
return 'Webmaster är ett administrationskonto som inte används av någon människa.';
}
$spam_sql = 'SELECT COUNT(*) as messages FROM traffa_guestbooks WHERE sender = ' . $sender . ' AND timestamp > UNIX_TIMESTAMP()-600';
$spam_result = mysql_query($spam_sql) or die('Ett kritiskt fel har uppstått! Felet uppstod i spamcheck().<br />Felinfo:<br />' . mysql_error());
$spam_data = mysql_fetch_assoc($spam_result) or die('Ett kritiskt fel har uppstått! Felet uppstod i spamchekc().<br />Feinfo:<br />' . mysql_error());
if ($spam_data['messages'] > 20) {
return 'Du kan max skicka 20 meddelanden på tio minuter. Håll dig till tåls en liten stund ;)';
}
/* content_check finns i shared-functions och kollar efter kåta killar, referrer-sidor och annat styggt. Returnerar 1 om meddelandet är ok, annars ett felmeddlande. */
return content_check($text);
}
function discussion_forum_post_create($post, $options)
{
$post['author'] = isset($post['author']) ? $post['author'] : $_SESSION['login']['id'];
if ($post['author'] < 1) {
die('Fatal error at line #' . __LINE__ . ', no author set');
}
if ($post['mode'] == 'new_thread' && strlen($post['title']) == 0) {
die('Fatal error at line #' . __LINE__ . ', no title set');
}
if (strlen($post['content']) <= 3) {
die('Mer än så där får du allt skriva!');
}
if (content_check($post['content']) != 1) {
die(content_check($post['content']));
}
$post['timestamp'] = isset($post['timestamp']) ? $post['timestamp'] : time();
$post['handle'] = isset($post['title']) ? discussion_forum_post_handle($post['title']) : '';
$post['forum_type'] = isset($post['forum_type']) ? $post['forum_type'] : 'public_forum';
$post['child_count'] = $post['mode'] == 'new_thread' ? 1 : 0;
$post['anonymous'] = $post['anonymous'] == 1 ? 1 : 0;
$post['fp_module_id'] = isset($post['fp_module_id']) ? $post['fp_module_id'] : 0;
$query = 'INSERT INTO forum_posts (handle, author, timestamp, parent_post, forum_id, forum_type';
$query .= ', title, content, child_count, anonymous, fp_module_id)';
$query .= ' VALUES("' . $post['handle'] . '", "' . $post['author'] . '", "' . $post['timestamp'] . '"';
$query .= ', "' . $post['parent_post'] . '", "' . $post['forum_id'] . '", "' . $post['forum_type'] . '"';
$query .= ', "' . $post['title'] . '", "' . $post['content'] . '", "' . $post['child_count'] . '"';
$query .= ', "' . $post['anonymous'] . '", "' . $post['fp_module_id'] . '")';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$post_id = mysql_insert_id();
if ($post['parent_post'] > 0) {
$query = 'UPDATE forum_posts SET child_count = child_count + 1, last_post = "' . $post_id . '", last_post_timestamp = "' . time() . '" WHERE id = "' . $post['parent_post'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
if ($post['mode'] == 'new_thread') {
$query = 'UPDATE public_forums SET thread_count = thread_count + 1, post_count = post_count + 1, last_thread = "' . $post_id . '" WHERE id = "' . $post['forum_id'] . '"';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$query = 'UPDATE forum_posts SET last_post = "' . $post_id . '", parent_post = "' . $post_id . '", last_post_timestamp = "' . time() . '" WHERE id = "' . $post_id . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
} else {
$query = 'UPDATE public_forums SET post_count = post_count + 1, last_post = "' . $post_id . '" WHERE id = "' . $post['forum_id'] . '"';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
discussion_forum_parse_input(array('text' => $post['content'], 'post_id' => $post_id, 'author' => $post['author'], 'title' => $post['title']));
if ($post['mode'] == 'new_thread') {
forum_thread_cache_latest_threads();
} else {
forum_latest_posts_cache();
}
if ($post['mode'] == 'new_thread' && $post['forum_id'] == 82) {
forum_thread_cache_latest_open_source_threads();
}
$query = 'SELECT quality_level FROM public_forums WHERE id = "' . $post['forum_id'] . '" LIMIT 1';
$data = query_cache(array('category' => 'forum_categories', 'query' => $query, 'max_delay' => 3600));
if ($data[0]['quality_level'] == 1) {
$query = 'UPDATE userinfo SET forum_spam = forum_spam + 1 WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
} else {
$query = 'UPDATE userinfo SET forum_posts = forum_posts + 1 WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
$_SESSION['forum']['last_post_timestamp'] = time();
return $post_id;
}
$fetch_options = array();
$fetch_options['order-direction'] = 'DESC';
$fetch_options['match']['against'] = $request['freetext'];
$fetch_options['match']['in_columns'] = array('p.content');
$posts = discussion_forum_post_fetch($fetch_options);
if (count($posts) > 0) {
$output .= discussion_forum_post_list_search($posts);
} else {
$output .= '<h1>Vi hittade inget</h1>' . "\n";
$output .= '<p>Nedan har vi gjort en Google-sökning åt dig, klicka med scrollhjulet på länkarna.</p>' . "\n";
$output .= '<iframe src="http://www.google.se/search?q=site%3Awww.hamsterpaj.net%2Fdiskussionsforum%2F+' . urlencode($request['freetext']) . '" style="width: 630px; height: 1000px;"></iframe>' . "\n";
}
}
break;
case 'new_post':
$content_check = content_check($_POST['content']);
if ($content_check != 1) {
$output .= '<h2>' . $content_check . '</h2>' . "\n";
$output .= '<p>Ditt inlägg har inte sparats, eftersom vår server tror att du skickar spam.</p><ol><li>Markera och kopiera ditt inlägg nedan</li><li>Backa tillbaks webbläsaren</li><li>Klistra in ditt inlägg i skriv-rutan och plocka bort det som bryter mot våra regler</li></ol>' . "\n";
$output .= '<pre>' . $_POST['content'] . '</pre>' . "\n";
break;
}
if ($_SESSION['forum']['last_post_timestamp'] > time() - FORUM_MIN_POST_DELAY) {
$output .= '<h2>Max ett inlägg per ' . FORUM_MIN_POST_DELAY . ' sek</h2>' . "\n";
$output .= '<p>Även om du tror att du är jättesmart och kör med flera flikar, så är det <strong>fortfarande</strong> så att våra antispamregler gäller... Här ser du ditt inlägg, om du vill kan du kopiera det.</p>' . "\n";
$output .= '<pre>' . $_POST['content'] . '</pre>' . "\n";
break;
}
if ($_POST['mode'] == 'create_thread') {
$forum_security = forum_security(array('action' => 'discussion_create', 'forum_id' => $_POST['forum_id'], 'content' => $_POST['content']));
if ($forum_security !== true) {
function spamFilter($message, $ip, $nick)
{
//Returnerar TRUE om testet klarades, annars skriver funktionen ut felmeddelande
$message = strtolower($message);
if ($_SESSION['login']['userlevel'] >= 5) {
//Ingen spamcheck för userlevel 3+
return TRUE;
}
if (strlen($message) < 2) {
jscript_alert('Lite mer än sådär får du allt skriva...');
return FALSE;
}
$content_check_retval = content_check($message);
if ($content_check_retval != 1) {
jscript_alert($content_check_retval);
return FALSE;
}
if (strlen($message) > 4000) {
jscript_alert('Försök fatta dig lite kortare, det är trots allt ett klotterplank. Använd forumet om du vill diskutera!');
return FALSE;
}
$query = 'SELECT COUNT(id) AS total FROM klotterplank WHERE userid = ' . $_SESSION['userid'] . ' AND timestamp > UNIX_TIMESTAMP() - 60';
$result = mysql_query($query);
$data = mysql_fetch_assoc($result);
if ($data['total'] > 0) {
jscript_alert('Max ett inlägg per minut, ge dig till tåls litegranna');
return FALSE;
}
return TRUE;
}
function messages_can_send($sender, $recipient, $title, $message)
{
$return = null;
if ($recipient == 2348) {
$return .= 'Webmaster är ett administrationskonto som inte används av någon människa.';
$return .= 'Använd forumet eller hamsterpaj -> Support för att ställa en fråga om siten.' . "\n";
}
if (strlen($title) < MESSAGES_MIN_TITLE_STRLEN) {
$return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n";
}
if (strlen($title) > MESSAGES_MAX_TITLE_STRLEN) {
$return .= 'Titeln får inte vara mer än ' . MESSAGES_MAX_TITLE_STRLEN . ' tecken lång.' . "\n";
}
if (trim($title) == '') {
$return .= 'Titeln måste vara minst ' . MESSAGES_MIN_TITLE_STRLEN . ' tecken lång.' . "\n";
}
if (!is_numeric($recipient)) {
$return .= 'Det verkar som om mottagare har angivits felaktigt. Detta är ett internt serverfel och bör aldrig kunna inträffa. Kontakta administratör.' . "\n";
}
if (strlen($message) < MESSAGES_MIN_MESSAGE_STRLEN) {
$return .= 'Du måste skriva minst ' . MESSAGES_MIN_MESSAGE_STRLEN . ' tecken i ditt meddelande.' . "\n";
}
$message_check = content_check($message);
if ($message_check != 1) {
$return .= $message_check . "\n";
}
$title_check = content_check($title);
if ($title_check != 1) {
$return .= $title_check . "\n";
}
if (userblock_check($recipient, $sender) == 1) {
$return .= 'Mottagaren har blockerat dig och meddelandet kan därför inte levereras.' . "\n";
}
if (strlen($return) > 1) {
return $return;
}
return true;
}
$result = $db->query($sql);
$forbidden = array();
while ($data = $db->fetch_array($result, 1)) {
if ($cfg["file"]["filetyp"][$data["ffart"]] == "img") {
$link = $cfg["fileed"]["basis"] . "/delete/view,o," . $data["fid"] . ".html";
} else {
$link = $cfg["file"]["base"]["webdir"] . $data["ffart"] . "/" . $data["fid"] . "/" . $data["ffname"];
}
// berechtigte gruppen rausfinden
$group_permit = group_permit($data[$cfg["fileed"]["db"]["file"]["grant_grp"]]);
// berechtigter personenkreis
if ($_SESSION["uid"] != $data["fuid"] && count($group_permit["intersect_groups"]) == 0) {
$dataloop["list"][$data["fid"]] = array("id" => $data["fid"], "item" => $data["ffname"], "link" => $link, "reason" => "#(user_error)");
$forbidden[$data["fid"]] = $data["fid"];
} else {
$pages = content_check($data["fid"]);
if (count($pages) > 0) {
foreach ($pages as $value) {
$dataloop["list"][$data["fid"]] = array("id" => $data["fid"], "item" => $data["ffname"], "link" => $link, "reason" => "#(content_error)" . $value);
}
$forbidden[$data["fid"]] = $data["fid"];
}
// selection-check
if (strstr($data["fhit"], "#p")) {
preg_match_all("/#p([0-9]*)[,0-9]*#/i", $data["fhit"], $match);
foreach ($match[1] as $value) {
$view_link = "<a href=\"" . $cfg["fileed"]["basis"] . "/delete/view,o," . $data["fid"] . "," . $value . ".html\">Gruppe #" . $value . "</a>";
$dataloop["list"][] = array("id" => $data["fid"], "item" => $data["ffname"], "link" => $link, "reason" => "#(group_error)" . $view_link);
$forbidden["sel_db" . $value] = $data["fid"];
}
}
