Esempio n. 1
0
function jal_addData($jal_user_name, $jal_user_text, $jal_user_url)
{
    global $spam_msg, $jal_user_val, $jal_user_calc, $jal_user_Control, $ip, $shout_cat, $shout_tb;
    //if the BadCalc variable is not set then it's a bot (direct access to wordspew)
    if (!isset($_SESSION['BadCalc'])) {
        AddSpam("I DON'T LIKE SPAM !!!");
        exit;
    }
    $SearchText = strtolower(trim($jal_user_text));
    $SearchURL = strtolower(trim($jal_user_url));
    //replacement of non-breaking spaces...
    $SearchName = str_replace(" ", " ", $jal_user_name);
    $SearchName = trim($SearchName);
    $SearchName = strtolower($SearchName);
    $myBolean = "";
    if ($SearchURL == "http://") {
        $SearchURL = "";
    }
    if ($SearchName == $SearchText || isset($_POST['shoutboxurl'])) {
        AddSpam($_SESSION['DLSpam']);
        exit;
    }
    $hashtext = $_SESSION['hashtext' . $shout_tb];
    $jal_user_calc = md5($jal_user_calc . $hashtext);
    if ($jal_user_calc != $jal_user_Control) {
        AddSpam($_SESSION['BadCalc']);
        exit;
    }
    if (!isset($_SESSION['Logged']) && (verifyName($SearchName) && $SearchName != $_COOKIE['jalUser_' . $_SESSION['CookieHash']])) {
        AddSpam($_SESSION['LoggedMsg']);
        exit;
    }
    if (CheckSpam($SearchText . ' ' . $SearchName, $SearchURL)) {
        $jal_user_name = mb_substr(trim($jal_user_name), 0, 18, 'UTF-8');
        setcookie("jalUserName", $jal_user_name, time() + 60 * 60 * 24 * 30 * 3, '/');
        setcookie("jalCombo", $shout_cat, time() + 60 * 60 * 24 * 30, '/');
        //the message is cut of after 500 letters
        $jal_user_text = trim(substr($jal_user_text, 0, 500));
        // mask to catch string longer than $split car.
        $pattern = '#[^ ]{' . split . ',}#u';
        $jal_user_text = preg_replace_callback($pattern, 'mySplit', $jal_user_text);
        $jal_user_text = jal_special_chars($jal_user_text);
        $jal_user_url = $jal_user_url == "http://" ? "" : jal_special_chars($jal_user_url);
        $email = "";
        if ($_SESSION['CurrentUser'] != "") {
            $email = $_SESSION['CurrentUser'];
            //keep user informations for later use (once disconnected)
            setcookie("jalEmail_" . $_SESSION['CookieHash'], strtolower($email), time() + 60 * 60 * 24 * 30, '/');
            setcookie("jalUser_" . $_SESSION['CookieHash'], strtolower($jal_user_name), time() + 60 * 60 * 24 * 30, '/');
        } else {
            if (strpos($jal_user_url, "@") != false) {
                $email = $jal_user_url;
                $jal_user_url = "mailto:" . $jal_user_url;
            } else {
                if (isset($_COOKIE['jalEmail_' . $_SESSION['CookieHash']])) {
                    $email = $_COOKIE['jalEmail_' . $_SESSION['CookieHash']];
                } elseif (isset($_COOKIE['comment_author_email_' . $_SESSION['CookieHash']])) {
                    $email = $_COOKIE['comment_author_email_' . $_SESSION['CookieHash']];
                }
            }
        }
        $jal_user_name = jal_special_chars($jal_user_name);
        $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
        mysql_select_db(DB_NAME, $conn);
        @mysql_query("SET CHARACTER SET 'utf8'", $conn);
        @mysql_query("SET NAMES utf8", $conn);
        if ($jal_user_url != "") {
            $jal_user_url = str_replace(" ", "", $jal_user_url);
            setcookie("jalUrl", str_replace("mailto:", "", $jal_user_url), time() + 60 * 60 * 24 * 30 * 3, '/');
            if ($_SESSION['useURL'] == "") {
                $myBolean = "false";
            }
        }
        if (substr($jal_user_url, 0, 3) == "www") {
            $jal_user_url = "http://" . $jal_user_url;
        }
        if ($myBolean == "") {
            if ($_SESSION['useCaptcha'] == "1") {
                setcookie("jalCaptcha", "Ok", time() + 60 * 60 * 24 * 30 * 3, '/');
            }
            $SQL = "INSERT INTO " . mysql_real_escape_string($shout_tb) . "liveshoutbox (time,name,text,url,ipaddr,email,cat) VALUES ('" . time() . "','";
            $SQL .= mysql_real_escape_string($jal_user_name) . "','" . mysql_real_escape_string($jal_user_text) . "','";
            $SQL .= mysql_real_escape_string($jal_user_url) . "', '" . mysql_real_escape_string($ip) . "','";
            $SQL .= mysql_real_escape_string(strtolower($email)) . "','" . mysql_real_escape_string($shout_cat) . "')";
            mysql_query($SQL, $conn);
            jal_deleteOld($shout_cat);
            //some database maintenance
            //take them right back where they left off
            header('location: ' . $_SERVER['HTTP_REFERER']);
        } else {
            AddSpam($_SESSION['DLSpam']);
        }
    } else {
        AddSpam($spam_msg);
    }
}
Esempio n. 2
0
function jal_addData($jal_user_name,$jal_user_text,$jal_user_url) {
global $spam_msg, $jal_table_prefix, $jal_user_val, $jal_user_calc, $jal_user_Control, $ip;

	$SearchText=strtolower(trim($jal_user_text));
	$SearchURL=strtolower(trim($jal_user_url));
	//replacement of non-breaking spaces...
	$SearchName=str_replace(" "," ",$jal_user_name);
	$SearchName=trim($SearchName);
	$SearchName=strtolower($SearchName);
	$myBolean="";

	//if the BadCalc variable is not set then it's a bot (direct access to wordspew)
	if(!isset($_SESSION['BadCalc'])) {
		AddSpam("I DON'T LIKE SPAM !!!");
		exit;
	}

	if($SearchURL == "http://") $SearchURL="";

	if($SearchName==$SearchText || isset($_POST['shoutboxurl'])) {
		AddSpam($_SESSION['DLSpam']);
		exit;
	}

	$hashtext = $_SESSION['hashtext'];
	$jal_user_calc=md5($jal_user_calc.$hashtext);
	if($jal_user_calc!=$jal_user_Control) {
		AddSpam($_SESSION['BadCalc']);
		exit;
	}

	if(!isset($_SESSION['Logged']) && verifyName($SearchName)) {
		AddSpam($_SESSION['LoggedMsg']);
		exit;
	}

	if(CheckSpam($SearchText.' '.$SearchName, $SearchURL)) {
		setcookie("jalUserName",$jal_user_name,time()+60*60*24*30*3,'/');
		//the message is cut of after 500 letters
		$jal_user_text = trim(substr($jal_user_text,0,500));

		// masque pour capturer toute chaîne de plus de $split car.
		$pattern = '#[^ ]{'.split.',}#u';
		// appel à une fonction callback de remplacement (*beaucoup* plus rapide que preg_replace() option e)
		$jal_user_text = preg_replace_callback($pattern, 'mySplit', $jal_user_text);

		$jal_user_text=jal_special_chars($jal_user_text);
		$jal_user_name = substr(trim($jal_user_name), 0,18);
		$jal_user_name=jal_special_chars($jal_user_name);
		$jal_user_url = ($jal_user_url == "http://") ? "" : jal_special_chars($jal_user_url);
		
		if (substr($jal_user_url,0,3)=="www") $jal_user_url ="http://".$jal_user_url;
		if (strpos($jal_user_url,"@")!=false) $jal_user_url ="mailto:".$jal_user_url;

		$conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
		mysql_select_db(DB_NAME, $conn);
		@mysql_query("SET CHARACTER SET 'utf8'", $conn);
		@mysql_query("SET NAMES utf8", $conn);
		if($jal_user_url!="") {
			setcookie("jalUrl",str_replace("mailto:","",$jal_user_url),time()+60*60*24*30*3,'/');
			if($_SESSION['useURL']=="") $myBolean="false";
		}

		if($myBolean=="") {
			if($_SESSION['useCaptcha']=="1") setcookie("jalCaptcha","Ok",time()+60*60*24*30*3,'/');
			mysql_query("INSERT INTO ".$jal_table_prefix."liveshoutbox (time,name,text,url,ipaddr) VALUES ('".time()."','".mysql_real_escape_string($jal_user_name)."','".mysql_real_escape_string($jal_user_text)."','".mysql_real_escape_string($jal_user_url)."', '".mysql_real_escape_string($ip)."')", $conn);
			jal_deleteOld(); //some database maintenance
			//take them right back where they left off
			header('location: '.$_SERVER['HTTP_REFERER']);
			}
		else {
			AddSpam($_SESSION['DLSpam']);
		}
	}
	else AddSpam($spam_msg);
}