Esempio n. 1
0
<?php

include "inc/functions.php";
checkBan('*');
if (!isset($_POST['uri'], $_POST['title'], $_POST['subtitle'], $_POST['username'], $_POST['password'])) {
    $password = base64_encode(openssl_random_pseudo_bytes(9));
    $captcha = generate_captcha($config['captcha']['extra']);
    $body = Element("8chan/create.html", array("config" => $config, "password" => $password, "captcha" => $captcha));
    echo Element("page.html", array("config" => $config, "body" => $body, "title" => _("Create your board"), "subtitle" => _("before someone else does")));
} else {
    $uri = $_POST['uri'];
    $title = $_POST['title'];
    $subtitle = $_POST['subtitle'];
    $username = $_POST['username'];
    $password = $_POST['password'];
    $email = isset($_POST['email']) ? $_POST['email'] : '';
    $resp = file_get_contents($config['captcha']['provider_check'] . "?" . http_build_query(['mode' => 'check', 'text' => $_POST['captcha_text'], 'extra' => $config['captcha']['extra'], 'cookie' => $_POST['captcha_cookie']]));
    if (!preg_match('/^[a-z0-9]{1,30}$/', $uri)) {
        error(_('Invalid URI'));
    }
    if (!(strlen($title) < 40)) {
        error(_('Invalid title'));
    }
    if (!(strlen($subtitle) < 200)) {
        error(_('Invalid subtitle'));
    }
    if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $username)) {
        error(_('Invalid username'));
    }
    if ($resp !== '1') {
        error($config['error']['captcha']);
Esempio n. 2
0
 public function action()
 {
     global $board;
     switch ($this->action) {
         case 'reject':
             error(isset($this->message) ? $this->message : 'Posting throttled by flood filter.');
         case 'ban':
             if (!isset($this->reason)) {
                 error('The ban action requires a reason.');
             }
             $reason = $this->reason;
             if (isset($this->expires)) {
                 $expires = time() + $this->expires;
             } else {
                 $expires = 0;
             }
             // Ban indefinitely
             if (isset($this->reject)) {
                 $reject = $this->reject;
             } else {
                 $reject = true;
             }
             if (isset($this->all_boards)) {
                 $all_boards = $this->all_boards;
             } else {
                 $all_boards = false;
             }
             $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)");
             $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
             $query->bindValue(':mod', -1);
             $query->bindValue(':set', time());
             if ($expires) {
                 $query->bindValue(':expires', $expires);
             } else {
                 $query->bindValue(':expires', null, PDO::PARAM_NULL);
             }
             if ($reason) {
                 $query->bindValue(':reason', $reason);
             } else {
                 $query->bindValue(':reason', null, PDO::PARAM_NULL);
             }
             if ($all_boards) {
                 $query->bindValue(':board', null, PDO::PARAM_NULL);
             } else {
                 $query->bindValue(':board', $board['uri']);
             }
             $query->execute() or error(db_error($query));
             if ($reject) {
                 if (isset($this->message)) {
                     error($message);
                 }
                 checkBan($board['uri']);
                 exit;
             }
             break;
         default:
             error('Unknown filter action: ' . $this->action);
     }
 }
Esempio n. 3
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $web = clean_url($web);
    $email = clean_url($email);
    if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
        setCookies($name, $email, $web);
    } else {
        destroyCookies();
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(strip_tags(deEntBrackets($web)));
    $email = doSlash(strip_tags(deEntBrackets($email)));
    $message = substr(trim($message), 0, 65535);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $parentid = assert_int($parentid);
            $rs = safe_insert("txp_discuss", "parentid  = {$parentid},\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '" . doSlash($ip) . "',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = " . intval($visible) . ",\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    update_lastmod();
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
                if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
                    $backpage = permlinkurl_id($parentid);
                }
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                log_hit('302');
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Esempio n. 4
0
 if (!isset($_POST['password'])) {
     $_POST['password'] = '';
 }
 if (isset($_POST['thread'])) {
     $post['op'] = false;
     $post['thread'] = round($_POST['thread']);
 } else {
     $post['op'] = true;
 }
 // The dnsbls is an optional DNS blacklist include.
 // Squelch warnings if it doesn't exist.
 if (!$config['captcha']['enabled'] && !($post['op'] && $config['new_thread_capt'])) {
     @(include "./inc/dnsbls.php");
 }
 // Check if banned
 checkBan($board['uri']);
 // Check for CAPTCHA right after opening the board so the "return" link is in there
 if ($config['recaptcha']) {
     if (!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field'])) {
         error($config['error']['bot']);
     }
     // Check what reCAPTCHA has to say...
     $resp = recaptcha_check_answer($config['recaptcha_private'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
     if (!$resp->is_valid) {
         error($config['error']['captcha']);
     }
 }
 // Same, but now with our custom captcha provider
 //if ($config['captcha']['enabled']) {
 //New thread captcha
 if ($config['captcha']['enabled'] || $post['op'] && $config['new_thread_capt']) {
Esempio n. 5
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        exit(graf(gTxt('comments_closed')));
    }
    if ($prefs['comments_require_name']) {
        if (!trim($name)) {
            exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if ($prefs['comments_require_email']) {
        if (!trim($email)) {
            exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if (!trim($message)) {
        exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
    }
    $ip = serverset('REMOTE_ADDR');
    $message = trim($message);
    $blacklisted = is_blacklisted($ip);
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if (checkBan($ip)) {
        if ($blacklisted == false) {
            if (!$isdup) {
                if (checkNonce($nonce)) {
                    $visible = $comments_moderate ? 0 : 1;
                    $rs = safe_insert("txp_discuss", "parentid  = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t\t\t posted\t  = now()");
                    if ($rs) {
                        safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
                        if ($prefs['comment_means_site_updated']) {
                            safe_update("txp_prefs", "val=now()", "name='lastmod'");
                        }
                        if ($comments_sendmail) {
                            mail_comment($message, $name, $email, $web, $parentid);
                        }
                        $updated = update_comments_count($parentid);
                        ob_start();
                        $backpage = substr($backpage, 0, $prefs['max_url_len']);
                        $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                        $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
                        if ($comments_moderate) {
                            header('Location: ' . $backpage . '#txpCommentInputForm');
                        } else {
                            header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                        }
                    }
                }
                // end check nonce
            }
            // end check dup
        } else {
            exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
        }
        // end check blacklist
    } else {
        exit(gTxt('you_have_been_banned'));
    }
    // end check site ban
}
Esempio n. 6
0
 public function action()
 {
     global $board;
     $this->add_note = isset($this->add_note) ? $this->add_note : false;
     if ($this->add_note) {
         $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
         $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
         $query->bindValue(':mod', -1);
         $query->bindValue(':time', time());
         $query->bindValue(':body', "Autoban message: " . $this->post['body']);
         $query->execute() or error(db_error($query));
     }
     if (isset($this->action)) {
         switch ($this->action) {
             case 'reject':
                 error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
             case 'ban':
                 if (!isset($this->reason)) {
                     error('The ban action requires a reason.');
                 }
                 $this->expires = isset($this->expires) ? $this->expires : false;
                 $this->reject = isset($this->reject) ? $this->reject : true;
                 $this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
                 Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
                 if ($this->reject) {
                     if (isset($this->message)) {
                         error($message);
                     }
                     checkBan($board['uri']);
                     exit;
                 }
                 break;
             default:
                 error('Unknown filter action: ' . $this->action);
         }
     }
 }
Esempio n. 7
0
 public function action()
 {
     global $board;
     switch ($this->action) {
         case 'reject':
             error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
         case 'ban':
             if (!isset($this->reason)) {
                 error('The ban action requires a reason.');
             }
             $this->expires = isset($this->expires) ? $this->expires : false;
             $this->reject = isset($this->reject) ? $this->reject : true;
             $this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
             Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
             if ($this->reject) {
                 if (isset($this->message)) {
                     error($message);
                 }
                 checkBan($board['uri']);
                 exit;
             }
             break;
         default:
             error('Unknown filter action: ' . $this->action);
     }
 }
Esempio n. 8
0
function comments_form($atts)
{
    global $thisarticle, $has_comments_preview;
    extract(lAtts(array('class' => __FUNCTION__, 'form' => 'comment_form', 'isize' => '25', 'msgcols' => '25', 'msgrows' => '5', 'msgstyle' => '', 'show_preview' => empty($has_comments_preview), 'wraptag' => '', 'previewlabel' => gTxt('preview'), 'submitlabel' => gTxt('submit'), 'rememberlabel' => gTxt('remember'), 'forgetlabel' => gTxt('forget')), $atts));
    assert_article();
    extract($thisarticle);
    $out = '';
    $ip = serverset('REMOTE_ADDR');
    $blacklisted = is_blacklisted($ip);
    if (!checkCommentsAllowed($thisid)) {
        $out = graf(gTxt("comments_closed"), ' id="comments_closed"');
    } elseif (!checkBan($ip)) {
        $out = graf(gTxt('you_have_been_banned'), ' id="comments_banned"');
    } elseif ($blacklisted) {
        $out = graf(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), ' id="comments_blacklisted"');
    } elseif (gps('commented') !== '') {
        $out = gTxt("comment_posted");
        if (gps('commented') === '0') {
            $out .= " " . gTxt("comment_moderated");
        }
        $out = graf($out, ' id="txpCommentInputForm"');
    } else {
        # display a comment preview if required
        if (ps('preview') and $show_preview) {
            $out = comments_preview(array());
        }
        $out .= commentForm($thisid, $atts);
    }
    return !$wraptag ? $out : doTag($out, $wraptag, $class);
}
Esempio n. 9
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message = trim($message);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $rs = safe_insert("txp_discuss", "parentid  = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    safe_update("txp_prefs", "val=now()", "name='lastmod'");
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                if ($prefs['logging'] == 'refer') {
                    logit('refer');
                } elseif ($prefs['logging'] == 'all') {
                    logit();
                }
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Esempio n. 10
0
function auth()
{
    // Globals
    global $DB;
    global $TIMEMARK;
    global $IGB;
    // Handle possible logouts, activations et all.
    include_once './functions/login/preAuth.php';
    // Trust, INC.
    $alert = getConfig("trustSetting");
    if ($IGB && $alert == 2) {
        // So we are an IGB call and we want passwordless logins.
        // Check for a previous "Login"
        $MySelf = authKeyIsValid();
        // Now we check if MySelf is "true" if it is, we have a valid login.
        if ($MySelf == false) {
            /*
             * Okay here we want passwordless logins. We also have no previous active login.
             * This means we now have to search the database for a matching username.
             */
            global $EVE_Charname;
            $MySelf = authVerify(sanitize($EVE_Charname), false, true);
            /*
             * If we were successfull $MySelf does now contain a userrecord, or is false on failure.
             */
            if ($MySelf == false) {
                /*
                 * No such user found. To avoid a login loop we will now break the cycle and
                 * present the user with the request account form.
                 */
                makeNotice("You do not belong here. Leave at once!", "warning", "ACCESS DENIED");
                die;
                global $page;
                $page = makeRequestAccountPage(true) . makeFooter();
                print $page;
            } else {
                /*
                 * Here we found a matching user. What we do now is to create an auth key
                 * for this user, drop other logins from the database and store the login time.
                 */
                createAuthKey($MySelf);
                $DB->query("update users set lastlogin = '******' where username = '******'");
                $_SESSION['MySelf'] = base64_encode(serialize($MySelf));
                // Beta Warning.
                global $IS_BETA;
                if ($IS_BETA && $_SESSION[betawarning] != $MySelf->getLastlogin()) {
                    $_SESSION[betawarning] = $MySelf->getLastlogin();
                    makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
                }
            }
        }
    } else {
        /*
         * Lets see wether there is a login request, this has priority over
         * anything else. We dont want to create a login loop.
         */
        if (isset($_POST['login'])) {
            /*
             * So we have a login post. We will now check the username and
             * password combination against the database. Lets see if it is
             * a legit user or a fraud^wtypo.
             */
            // The dynamical banning module.
            checkBan();
            $SUPPLIED_USERNAME = strtolower(sanitize($_POST['username']));
            // Check for validity.
            if (!ctypeAlnum($SUPPLIED_USERNAME)) {
                makeNotice("Invalid username. Only characters a-z, A-Z and 0-9 are allowed.", "error", "Invalid Username");
            }
            if (!isset($_SESSION['testauth'])) {
                $SUPPLIED_PASSWORD = sha1($_POST['password']);
                // Lets check the password.
                $MySelf = authVerify($SUPPLIED_USERNAME, $SUPPLIED_PASSWORD);
            } else {
                $MySelf = authVerify($SUPPLIED_USERNAME, false);
            }
            if ($MySelf == false) {
                // Lets try again, shall we?
                makeLoginPage($SUPPLIED_USERNAME);
            } else {
                if ($MySelf->isValid()) {
                    // storing the new login time.
                    $DB->query("update users set lastlogin = '******' where username = '******'");
                    // Create the auth-key.
                    createAuthKey($MySelf);
                }
            }
            // We are done here.
            $_SESSION['MySelf'] = base64_encode(serialize($MySelf));
            // Beta Warning.
            global $IS_BETA;
            if ($IS_BETA && $_SESSION['betawarning'] != $MySelf->getLastlogin()) {
                $_SESSION[betawarning] = $MySelf->getLastlogin();
                makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
            } else {
                header("Location: index.php?{$_SERVER['QUERY_STRING']}");
                die;
            }
        }
        /*
         * This is to check wether the user still has a valid login ticket.
         */
        $MySelf = authKeyIsValid();
        if ($MySelf == false) {
            $_SESSION['lastModDisplay'] = false;
            session_destroy();
            makeLoginPage();
            die;
        }
    }
    /*
     * Print motd. (Only on login) - and only if set.
     */
    $MOTD = getTemplate("motd", "announce");
    if (!$_SESSION['seenMotd'] && !empty($MOTD)) {
        $_SESSION['seenMotd'] = true;
        makeNotice(nl2br(stripslashes($MOTD)), "notice", "Announcement");
    }
    return $MySelf;
}
Esempio n. 11
0
<?php

require 'inc/functions.php';
require 'inc/display.php';
require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php';
// Check if banned
checkBan();
require 'inc/mod.php';
if (get_magic_quotes_gpc()) {
    function strip_array($var)
    {
        return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
    }
    $_GET = strip_array($_GET);
    $_POST = strip_array($_POST);
}
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
// If not logged in
if (!$mod) {
    if (isset($_POST['login'])) {
        // Check if inputs are set and not empty
        if (!isset($_POST['username']) || !isset($_POST['password']) || empty($_POST['username']) || empty($_POST['password'])) {
            loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
        }
        if (!login($_POST['username'], $_POST['password'])) {
            if ($config['syslog']) {
                _syslog(LOG_WARNING, 'Unauthorized login attempt!');
            }
            loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
Esempio n. 12
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $txpac;
    include_once $txpcfg['txpath'] . '/lib/classTextile.php';
    $im = !empty($comments_disallow_images) ? 1 : '';
    $textile = new Textile();
    $ref = serverset('HTTP_REFERRER');
    extract(psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember')));
    if ($txpac['comments_require_name']) {
        if (!trim($name)) {
            exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if ($txpac['comments_require_email']) {
        if (!trim($email)) {
            exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if (!trim($message)) {
        exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
    }
    $ip = @getHostByAddr(serverset('REMOTE_ADDR'));
    $message = strip_tags(trim($message));
    $message2db = addslashes(nl2br($textile->textileThis($message, 1, '', $im)));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if (checkBan($ip)) {
        if (!$isdup) {
            if (checkNonce($nonce)) {
                $visible = $comments_moderate ? 0 : 1;
                $rs = safe_insert("txp_discuss", "parentid  = '{$parentid}',\n\t\t\t\t\t\t name      = '{$name}',\n\t\t\t\t\t\t email     = '{$email}',\n\t\t\t\t\t\t web       = '{$web}',\n\t\t\t\t\t\t ip        = '{$ip}',\n\t\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t\t posted    = now()");
                if ($rs) {
                    safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
                    if ($txpac['comment_means_site_updated']) {
                        safe_update("txp_prefs", "val=now()", "name='lastmod'");
                    }
                    if ($comments_sendmail) {
                        mail_comment($message, $name, $email, $web, $parentid);
                    }
                    ob_start();
                    header('location: ' . $backpage);
                }
            }
            // end check nonce
        }
        // end check dup
    } else {
        exit(gTxt('you_have_been_banned'));
    }
}