<?php
include "inc/functions.php";
checkBan('*');
if (!isset($_POST['uri'], $_POST['title'], $_POST['subtitle'], $_POST['username'], $_POST['password'])) {
$password = base64_encode(openssl_random_pseudo_bytes(9));
$captcha = generate_captcha($config['captcha']['extra']);
$body = Element("8chan/create.html", array("config" => $config, "password" => $password, "captcha" => $captcha));
echo Element("page.html", array("config" => $config, "body" => $body, "title" => _("Create your board"), "subtitle" => _("before someone else does")));
} else {
$uri = $_POST['uri'];
$title = $_POST['title'];
$subtitle = $_POST['subtitle'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = isset($_POST['email']) ? $_POST['email'] : '';
$resp = file_get_contents($config['captcha']['provider_check'] . "?" . http_build_query(['mode' => 'check', 'text' => $_POST['captcha_text'], 'extra' => $config['captcha']['extra'], 'cookie' => $_POST['captcha_cookie']]));
if (!preg_match('/^[a-z0-9]{1,30}$/', $uri)) {
error(_('Invalid URI'));
}
if (!(strlen($title) < 40)) {
error(_('Invalid title'));
}
if (!(strlen($subtitle) < 200)) {
error(_('Invalid subtitle'));
}
if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $username)) {
error(_('Invalid username'));
}
if ($resp !== '1') {
error($config['error']['captcha']);
public function action()
{
global $board;
switch ($this->action) {
case 'reject':
error(isset($this->message) ? $this->message : 'Posting throttled by flood filter.');
case 'ban':
if (!isset($this->reason)) {
error('The ban action requires a reason.');
}
$reason = $this->reason;
if (isset($this->expires)) {
$expires = time() + $this->expires;
} else {
$expires = 0;
}
// Ban indefinitely
if (isset($this->reject)) {
$reject = $this->reject;
} else {
$reject = true;
}
if (isset($this->all_boards)) {
$all_boards = $this->all_boards;
} else {
$all_boards = false;
}
$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':mod', -1);
$query->bindValue(':set', time());
if ($expires) {
$query->bindValue(':expires', $expires);
} else {
$query->bindValue(':expires', null, PDO::PARAM_NULL);
}
if ($reason) {
$query->bindValue(':reason', $reason);
} else {
$query->bindValue(':reason', null, PDO::PARAM_NULL);
}
if ($all_boards) {
$query->bindValue(':board', null, PDO::PARAM_NULL);
} else {
$query->bindValue(':board', $board['uri']);
}
$query->execute() or error(db_error($query));
if ($reject) {
if (isset($this->message)) {
error($message);
}
checkBan($board['uri']);
exit;
}
break;
default:
error('Unknown filter action: ' . $this->action);
}
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
if (!isset($_POST['password'])) {
$_POST['password'] = '';
}
if (isset($_POST['thread'])) {
$post['op'] = false;
$post['thread'] = round($_POST['thread']);
} else {
$post['op'] = true;
}
// The dnsbls is an optional DNS blacklist include.
// Squelch warnings if it doesn't exist.
if (!$config['captcha']['enabled'] && !($post['op'] && $config['new_thread_capt'])) {
@(include "./inc/dnsbls.php");
}
// Check if banned
checkBan($board['uri']);
// Check for CAPTCHA right after opening the board so the "return" link is in there
if ($config['recaptcha']) {
if (!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field'])) {
error($config['error']['bot']);
}
// Check what reCAPTCHA has to say...
$resp = recaptcha_check_answer($config['recaptcha_private'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
if (!$resp->is_valid) {
error($config['error']['captcha']);
}
}
// Same, but now with our custom captcha provider
//if ($config['captcha']['enabled']) {
//New thread captcha
if ($config['captcha']['enabled'] || $post['op'] && $config['new_thread_capt']) {
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
extract($in);
if (!checkCommentsAllowed($parentid)) {
exit(graf(gTxt('comments_closed')));
}
if ($prefs['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($prefs['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = serverset('REMOTE_ADDR');
$message = trim($message);
$blacklisted = is_blacklisted($ip);
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if ($blacklisted == false) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
$updated = update_comments_count($parentid);
ob_start();
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
}
}
// end check nonce
}
// end check dup
} else {
exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
}
// end check blacklist
} else {
exit(gTxt('you_have_been_banned'));
}
// end check site ban
}
public function action()
{
global $board;
$this->add_note = isset($this->add_note) ? $this->add_note : false;
if ($this->add_note) {
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':mod', -1);
$query->bindValue(':time', time());
$query->bindValue(':body', "Autoban message: " . $this->post['body']);
$query->execute() or error(db_error($query));
}
if (isset($this->action)) {
switch ($this->action) {
case 'reject':
error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
case 'ban':
if (!isset($this->reason)) {
error('The ban action requires a reason.');
}
$this->expires = isset($this->expires) ? $this->expires : false;
$this->reject = isset($this->reject) ? $this->reject : true;
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
if ($this->reject) {
if (isset($this->message)) {
error($message);
}
checkBan($board['uri']);
exit;
}
break;
default:
error('Unknown filter action: ' . $this->action);
}
}
}
public function action()
{
global $board;
switch ($this->action) {
case 'reject':
error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
case 'ban':
if (!isset($this->reason)) {
error('The ban action requires a reason.');
}
$this->expires = isset($this->expires) ? $this->expires : false;
$this->reject = isset($this->reject) ? $this->reject : true;
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
if ($this->reject) {
if (isset($this->message)) {
error($message);
}
checkBan($board['uri']);
exit;
}
break;
default:
error('Unknown filter action: ' . $this->action);
}
}
function comments_form($atts)
{
global $thisarticle, $has_comments_preview;
extract(lAtts(array('class' => __FUNCTION__, 'form' => 'comment_form', 'isize' => '25', 'msgcols' => '25', 'msgrows' => '5', 'msgstyle' => '', 'show_preview' => empty($has_comments_preview), 'wraptag' => '', 'previewlabel' => gTxt('preview'), 'submitlabel' => gTxt('submit'), 'rememberlabel' => gTxt('remember'), 'forgetlabel' => gTxt('forget')), $atts));
assert_article();
extract($thisarticle);
$out = '';
$ip = serverset('REMOTE_ADDR');
$blacklisted = is_blacklisted($ip);
if (!checkCommentsAllowed($thisid)) {
$out = graf(gTxt("comments_closed"), ' id="comments_closed"');
} elseif (!checkBan($ip)) {
$out = graf(gTxt('you_have_been_banned'), ' id="comments_banned"');
} elseif ($blacklisted) {
$out = graf(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), ' id="comments_blacklisted"');
} elseif (gps('commented') !== '') {
$out = gTxt("comment_posted");
if (gps('commented') === '0') {
$out .= " " . gTxt("comment_moderated");
}
$out = graf($out, ' id="txpCommentInputForm"');
} else {
# display a comment preview if required
if (ps('preview') and $show_preview) {
$out = comments_preview(array());
}
$out .= commentForm($thisid, $atts);
}
return !$wraptag ? $out : doTag($out, $wraptag, $class);
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message = trim($message);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
if ($prefs['logging'] == 'refer') {
logit('refer');
} elseif ($prefs['logging'] == 'all') {
logit();
}
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function auth()
{
// Globals
global $DB;
global $TIMEMARK;
global $IGB;
// Handle possible logouts, activations et all.
include_once './functions/login/preAuth.php';
// Trust, INC.
$alert = getConfig("trustSetting");
if ($IGB && $alert == 2) {
// So we are an IGB call and we want passwordless logins.
// Check for a previous "Login"
$MySelf = authKeyIsValid();
// Now we check if MySelf is "true" if it is, we have a valid login.
if ($MySelf == false) {
/*
* Okay here we want passwordless logins. We also have no previous active login.
* This means we now have to search the database for a matching username.
*/
global $EVE_Charname;
$MySelf = authVerify(sanitize($EVE_Charname), false, true);
/*
* If we were successfull $MySelf does now contain a userrecord, or is false on failure.
*/
if ($MySelf == false) {
/*
* No such user found. To avoid a login loop we will now break the cycle and
* present the user with the request account form.
*/
makeNotice("You do not belong here. Leave at once!", "warning", "ACCESS DENIED");
die;
global $page;
$page = makeRequestAccountPage(true) . makeFooter();
print $page;
} else {
/*
* Here we found a matching user. What we do now is to create an auth key
* for this user, drop other logins from the database and store the login time.
*/
createAuthKey($MySelf);
$DB->query("update users set lastlogin = '******' where username = '******'");
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION[betawarning] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
}
}
}
} else {
/*
* Lets see wether there is a login request, this has priority over
* anything else. We dont want to create a login loop.
*/
if (isset($_POST['login'])) {
/*
* So we have a login post. We will now check the username and
* password combination against the database. Lets see if it is
* a legit user or a fraud^wtypo.
*/
// The dynamical banning module.
checkBan();
$SUPPLIED_USERNAME = strtolower(sanitize($_POST['username']));
// Check for validity.
if (!ctypeAlnum($SUPPLIED_USERNAME)) {
makeNotice("Invalid username. Only characters a-z, A-Z and 0-9 are allowed.", "error", "Invalid Username");
}
if (!isset($_SESSION['testauth'])) {
$SUPPLIED_PASSWORD = sha1($_POST['password']);
// Lets check the password.
$MySelf = authVerify($SUPPLIED_USERNAME, $SUPPLIED_PASSWORD);
} else {
$MySelf = authVerify($SUPPLIED_USERNAME, false);
}
if ($MySelf == false) {
// Lets try again, shall we?
makeLoginPage($SUPPLIED_USERNAME);
} else {
if ($MySelf->isValid()) {
// storing the new login time.
$DB->query("update users set lastlogin = '******' where username = '******'");
// Create the auth-key.
createAuthKey($MySelf);
}
}
// We are done here.
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION['betawarning'] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
} else {
header("Location: index.php?{$_SERVER['QUERY_STRING']}");
die;
}
}
/*
* This is to check wether the user still has a valid login ticket.
*/
$MySelf = authKeyIsValid();
if ($MySelf == false) {
$_SESSION['lastModDisplay'] = false;
session_destroy();
makeLoginPage();
die;
}
}
/*
* Print motd. (Only on login) - and only if set.
*/
$MOTD = getTemplate("motd", "announce");
if (!$_SESSION['seenMotd'] && !empty($MOTD)) {
$_SESSION['seenMotd'] = true;
makeNotice(nl2br(stripslashes($MOTD)), "notice", "Announcement");
}
return $MySelf;
}
<?php
require 'inc/functions.php';
require 'inc/display.php';
require 'inc/template.php';
require 'inc/database.php';
require 'inc/user.php';
// Check if banned
checkBan();
require 'inc/mod.php';
if (get_magic_quotes_gpc()) {
function strip_array($var)
{
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
// If not logged in
if (!$mod) {
if (isset($_POST['login'])) {
// Check if inputs are set and not empty
if (!isset($_POST['username']) || !isset($_POST['password']) || empty($_POST['username']) || empty($_POST['password'])) {
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
}
if (!login($_POST['username'], $_POST['password'])) {
if ($config['syslog']) {
_syslog(LOG_WARNING, 'Unauthorized login attempt!');
}
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $txpac;
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$im = !empty($comments_disallow_images) ? 1 : '';
$textile = new Textile();
$ref = serverset('HTTP_REFERRER');
extract(psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember')));
if ($txpac['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($txpac['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = @getHostByAddr(serverset('REMOTE_ADDR'));
$message = strip_tags(trim($message));
$message2db = addslashes(nl2br($textile->textileThis($message, 1, '', $im)));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t name = '{$name}',\n\t\t\t\t\t\t email = '{$email}',\n\t\t\t\t\t\t web = '{$web}',\n\t\t\t\t\t\t ip = '{$ip}',\n\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t posted = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
if ($txpac['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
ob_start();
header('location: ' . $backpage);
}
}
// end check nonce
}
// end check dup
} else {
exit(gTxt('you_have_been_banned'));
}
}