// Block Spams
if ($_POST['comment_title'] != '' || $_POST['name'] != '' || $_POST['mail'] != '' || $_POST['address'] != '' || $_POST['comment'] != '' || $_POST['url_key'] != '') {
// echo 'Hi, Spammer! :-P';
header('Location: ' . $cd . '/forum/index.php');
exit;
}
if (isset($_POST['user_name'], $_POST['title'], $_POST['color'], $_POST['user_pass'], $_POST['refer_id'])) {
// comment field name
$comment_field_name = md5($block_spam['comment_field_name']);
$user_name = insert_safe($_POST['user_name']);
$mail = insert_safe($_POST['user_email']);
$title = insert_tag_safe($_POST['title']);
$comment = insert_tag_safe($_POST[$comment_field_name]);
$color = insert_safe($_POST['color']);
$user_pass = insert_safe($_POST['user_pass']);
$refer_id = insert_safe(intval($_POST['refer_id']));
// Unicode conversion
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], 'auto', $user_name, $title, $comment);
}
// If title is empty
$title = $title == '' ? 'Untitled' : $title;
// Block Spams
if (isset($_POST['user_uri']) && substr_count($_POST['user_uri'], "@") > 0 || substr_count($comment, "http://") >= (int) $block_spam['uri_count'] || preg_match($block_spam['tags'], $_POST[$comment_field_name]) || preg_match($block_spam['keywords'], $_POST[$comment_field_name]) || $block_spam['deny_1byteonly'] == 'yes' && !preg_match('/.*[\\x80-\\xff]/', $_POST[$comment_field_name]) || preg_match($block_spam['tags'], $_POST['title']) || check_spammer() > 0) {
// echo 'Hi, Spammer! :-p';
header('Location: ' . $cd . '/forum/index.php');
exit;
}
// Deny comment with same content
$check_sql = 'SELECT COUNT(id) as num FROM ' . $forum_table . " WHERE comment = '{$comment}'";
$check_res = mysql_query($check_sql);
session_control();
against_xss();
if ($session_status == 'on') {
if (isset($_POST['bin_title'], $_POST['binname'], $_POST['bin_category'], $_POST['bincomment'])) {
// Get the parameters posted from "update.php"
if ($_POST['bin_title'] == '') {
$contents = "<h2>Ooops.</h2>\n" . '<h3 class="warning">' . $lang['no_title'] . '</h3>' . "\n";
} elseif ($_POST['binname'] == '') {
$contents = "<h2>Ooops.</h2>\n" . '<h3 class="warning">' . $lang['no_f_name'] . '</h3>' . "\n";
} elseif ($_POST['bincomment'] == '') {
$contents = "<h2>Ooops.</h2>\n" . '<h3 class="warning">' . $lang['no_comment'] . '</h3>' . "\n";
} else {
$id = insert_safe(intval($_POST['id']));
$bin_title = insert_safe($_POST['bin_title']);
$binname = insert_safe($_POST['binname']);
$bin_category = preg_replace('/,+$/', '', insert_safe($_POST['bin_category']));
$bincomment = insert_tag_safe($_POST['bincomment']);
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], "auto", $bin_title, $binname, $bincomment, $bin_category);
}
// Update query
$sql = 'UPDATE ' . $info_table . " SET bin_title = '{$bin_title}', binname = '{$binname}', bin_category = '{$bin_category}', bincomment = '{$bincomment}'";
if (isset($_POST['no_update_mod'])) {
$bin_mod = $_POST['bin_mod'];
$sql .= ", bin_mod = '{$bin_mod}'";
} else {
$cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600);
$sql .= ", bin_mod = '{$cmod}'";
}
// Make private
if (isset($_POST['private'])) {
$bin_category = preg_replace('/,+$/', '', insert_safe($_POST['bin_category']));
$bincomment = insert_tag_safe($_POST['bincomment']);
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], "auto", $bin_title, $bincomment, $bin_category);
}
$binfile = $_FILES['binfile'];
if (isset($binfile)) {
clearstatcache();
//initialize
$bin_src = $binfile["tmp_name"];
$bin_type = $binfile["type"];
$bin_name = $binfile["name"];
$bin_size = filesize($bin_src);
//get the size of it
if (isset($_POST['bindate']) && preg_match("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", $_POST['bindate'])) {
$bin_date = insert_safe($_POST['bindate']);
$cmod = preg_replace("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", "\$1\$2\$3\$4\$5\$6", $bin_date);
} else {
$time = filemtime($bin_src);
//get the last access date of it
$bin_date = gmdate("Y-m-d H:i:s", $time + $cfg['tz'] * 3600);
//format the UNIX timestamp
$cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600);
}
if (file_exists($bin_src)) {
//if file exists...
// put these info into the data-info table
$sql = 'INSERT INTO ' . $info_table . " (`bin_title`, `bintype`, `binname`, `binsize`, `bindate`, `bin_mod`, `bin_category`, `bincomment`, `draft`)" . " VALUES ('{$bin_title}', '{$bin_type}', '{$bin_name}', '{$bin_size}', " . "'{$bin_date}', '{$cmod}', '{$bin_category}', '{$bincomment}', '1')";
if (!($res = mysql_query($sql))) {
die("<h2>MySQL error</h2> " . mysql_errno() . " : " . mysql_error());
}
} else {
require_once './lang/english.inc.php';
$ex_lang = 'en';
}
// Connect to MySQL
mysql_connect($host, $user, $password) or die("<h2>MySQL Connection Error</h2>\n<h3>Why?: " . mysql_error() . "</h3>\n");
if (isset($_POST['install_type'], $_POST['root_path'], $_POST['default_lang'], $_POST['tz_offset'])) {
$install_type = insert_safe($_POST['install_type']);
$root_path = insert_safe($_POST['root_path']);
$default_lang = insert_safe($_POST['default_lang']);
if ($default_lang == 'ja') {
$mysql_internal_encode = 'EUC-JP';
} else {
$mysql_internal_encode = 'Latin1';
}
$tz_offset = insert_safe($_POST['tz_offset']);
// NOTE:
// If you post the wrong root path, you won't be able to display the preferences.
// If you post your root path as "/path/to/p_blog/", you can display it.
// This means "/path/to/p_blog/" is safer than the wrong-root-path-posting.
switch ($install_type) {
case 'upgrade':
/////////////////////////////////// UPGRADE ///////////////////////////////////
$title = $lang['upgrade'];
// Select Database
$sql = 'USE ' . $dbname;
$res = mysql_query($sql);
if ($res == FALSE) {
// If database does not exists, create DB.
$sql1 = 'CREATE DATABASE ' . $dbname;
$res1 = mysql_query($sql1);
$category = preg_replace('/,+$/', '', insert_safe($_POST['category']));
$comment = insert_tag_safe($_POST['comment']);
if ($cfg['enable_unicode'] == 'on') {
$name = mb_convert_encoding($name, $cfg['mysql_lang'], 'auto');
$category = mb_convert_encoding($category, $cfg['mysql_lang'], 'auto');
$comment = mb_convert_encoding($comment, $cfg['mysql_lang'], 'auto');
}
// First, upload the attachment files
file_upload();
// Save Trackback Ping URI
if ($cfg['trackback'] == 'on') {
if (!empty($_POST['send_ping_uri'])) {
$tb_table = ', `ping_uri`';
$senduri = insert_safe($_POST['send_ping_uri']);
$tb_table_value = ", '" . $senduri . "'";
$tb_encode = '&encode=' . insert_safe($_POST['encode']);
} else {
$tb_table = '';
$tb_table_value = '';
$tb_encode = '';
}
if (!empty($_POST['send_update_ping'])) {
switch ($_POST['send_update_ping']) {
case 'yes':
$up_ping = '&up_ping=yes';
break;
default:
$up_ping = '&up_ping=no';
break;
}
} else {
$_SERVER['REMOTE_HOST'] = @gethostbyaddr($_SERVER['REMOTE_ADDR']);
$re_host = $_SERVER['REMOTE_HOST'];
} else {
$re_host = $_SERVER['REMOTE_HOST'];
}
if (isset($_POST['user_uri'])) {
$user_uri = $_POST['user_uri'];
}
// Format the date
$fdate = gmdate('Y-m-d H:i:s', time() + $cfg['tz'] * 3600);
$cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600);
// 親ポストかレスかによってSQLを切り替える
//
// レスのとき( tid「トピックID」が指定され、ポストされる)
if (isset($_POST['tid'])) {
$tid = insert_safe(intval($_POST['tid']));
$sql = 'INSERT INTO ' . "{$forum_table}(`tid`, `parent_key`, `title`, `comment`, `user_name`, `user_pass`, `user_mail`, `user_uri`, `color`, `date`, `mod`, `user_ip`, `refer_id`) " . "VALUES('" . $tid . "', '" . $parent_key . "', '" . $title . "', '" . $comment . "', '" . $user_name . "', md5('" . $user_pass . "'), '" . $mail . "', '" . $user_uri . "', '" . $color . "', '" . $fdate . "', '" . $cmod . "', '" . $re_host . "', '" . $refer_id . "')";
$res = mysql_query($sql);
if ($res) {
// update the modification date of the parent log which is the index of the thread.
$update_sql = "UPDATE `{$forum_table}` SET `mod` = '" . $cmod . "' WHERE `parent_key` = '1' AND `tid` = '" . $tid . "'";
$update_res = mysql_query($update_sql);
header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'article.php?id=' . urlencode($refer_id) . '#comments');
exit;
}
} else {
// 親ポストの場合、前のtidを取得した後、それに1を加えたものを新しいtidとし、新規に挿入。
// check the max value of thread ID in database, and then
// plus "1" to the ID of the new thread.
$get_id_sql = "SELECT MAX(`tid`) FROM `{$forum_table}`";
$max_id_res = mysql_query($get_id_sql);
// Matching a valid User password
} elseif (!preg_match('/^[0-9a-zA-Z]{4,16}$/i', $_POST['mod_user_pass'])) {
$contents = '<h2 id="account-manager">' . $lang['invalid_pass'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_pass_msg'] . '</p>';
// Matching a valid Email address
} elseif (!preg_match('/^[^@\\s]+@([-a-z0-9]+\\.)+[a-z]{2,}$/i', $_POST['mod_user_email'])) {
$contents = '<h2 id="account-manager">' . $lang['invalid_email'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_email_msg'] . '</p>';
} else {
if ($_SESSION['root_admin_login'] == '') {
$_SESSION['root_user_name'] = $mysql_user;
$_SESSION['root_user_pass'] = $mysql_pass;
$_SESSION['root_admin_login'] = TRUE;
}
$mod_user_name = insert_safe($_POST['mod_user_name']);
$mod_user_pass = insert_safe($_POST['mod_user_pass']);
$mod_user_email = insert_safe($_POST['mod_user_email']);
$user_id = insert_safe(intval($_POST['user_id']));
$sql = "UPDATE `{$user_table}` SET `user_name` = '{$mod_user_name}', `user_pass` = md5('{$mod_user_pass}'), `user_mail` = '{$mod_user_email}' WHERE `user_id` = '{$user_id}'";
if (!($result = mysql_query($sql))) {
die(mysql_error());
}
$contents = '<h2 id="account-manager">' . $lang['account_updated'] . '</h2>' . '<h3>' . $lang['account_updated_msg'] . '</h3>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>';
// Send Mail
if ($cfg['sendmail_account_id'] == 'yes') {
if ($cfg['xml_lang'] == 'ja') {
require_once './mail_mb.php';
} else {
require_once './mail.php';
}
}
}
$admin = 'yes';
require_once $cd . '/include/config.inc.php';
require_once $cd . '/include/fnc_error_msgs.inc.php';
require_once $cd . '/include/http_headers.inc.php';
require_once '../include/fnc_search.inc.php';
require_once '../include/fnc_forum.inc.php';
session_control();
against_xss();
if ($session_status == 'on') {
if (isset($_POST['user_name'], $_POST['title'], $_POST['comment'], $_POST['id'], $_POST['mod_user_pass'], $_POST['tid'], $_POST['mod_del'])) {
$user_name = insert_safe($_POST['user_name']);
$mod_user_pass = insert_safe($_POST['mod_user_pass']);
$title = insert_tag_safe($_POST['title']);
$comment = insert_tag_safe($_POST['comment']);
$id = insert_safe(intval($_POST['id']));
$tid = insert_safe(intval($_POST['tid']));
$mod_del = insert_safe(intval($_POST['mod_del']));
$contents = <<<EOD
<ul class="flip-menu">
<li><a href="../index.php">{$lang['topic_list']}</a></li>
<li><a href="../topic.php?tid={$tid}&p=0">{$lang['back_to_topic']}</a></li>
</ul>
EOD;
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], "auto", $user_name, $title, $comment);
}
switch ($mod_del) {
case '1':
$sql = "DELETE FROM `{$forum_table}` WHERE `id` = '{$id}'";
$res = mysql_query($sql);
if ($res) {
} else {
$fdate = gmdate('Y-m-d H:i:s', time() + $cfg['tz'] * 3600);
$cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600);
// set current time (GMT + Offset) in SQL
$new_date = "`date` = '{$fdate}'";
// sync "date" and "mod"
$new_mod = ", `mod` = '{$cmod}'";
}
$name = insert_safe($_POST['name']);
$href = insert_safe($_POST['href']);
// if posted category value were ended with ",(comma)", remove it.
$category = preg_replace('/,+$/', '', insert_safe($_POST['category']));
$comment = insert_tag_safe($_POST['comment']);
// Update Trackback Ping URI
if ($_POST['send_ping_uri']) {
$mod_ping_uri = insert_safe($_POST['send_ping_uri']);
$new_ping_uri = ", `ping_uri` = '{$mod_ping_uri}'";
} else {
$new_ping_uri = '';
}
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], "auto", $name, $category, $comment);
}
// Submit query
$sql = 'UPDATE ' . $log_table . " SET `name` = '{$name}', `href` = '{$href}', `category` = '{$category}', `comment` = '{$comment}', " . $new_date . $new_mod . $new_ping_uri . " WHERE `id` = '{$id}'";
mysql_query($sql) or die("<h2>MySQL error</h2> " . mysql_errno() . " : " . mysql_error());
if ($cfg['trackback'] == 'on') {
if (isset($_POST['encode'])) {
$tb_encode = $_POST['encode'];
$selected = ' selected="selected"';
switch ($tb_encode) {
$contents = '<h2 id="account-manager">' . $lang['invalid_name'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_name_msg'] . '</p>';
// Matching a valid User password
} elseif (!preg_match('/^[0-9a-zA-Z]{4,16}$/i', $_POST['new_pass'])) {
$contents = '<h2 id="account-manager">' . $lang['invalid_pass'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_pass_msg'] . '</p>';
// Matching a valid Email address
} elseif (!preg_match('/^[^@\\s]+@([-a-z0-9]+\\.)+[a-z]{2,}$/i', $_POST['new_email'])) {
$contents = '<h2 id="account-manager">' . $lang['invalid_email'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_email_msg'] . '</p>';
} else {
if ($_SESSION['root_admin_login'] == '') {
$_SESSION['root_user_name'] = $mysql_user;
$_SESSION['root_user_pass'] = $mysql_pass;
$_SESSION['root_admin_login'] = TRUE;
}
$new_user = insert_safe($_POST['new_user']);
$new_pass = insert_safe($_POST['new_pass']);
$new_email = insert_safe($_POST['new_email']);
$sql = "INSERT INTO `{$user_table}` VALUES ('', '{$new_user}', md5('{$new_pass}'), '{$new_email}', CURRENT_TIMESTAMP())";
if (!($result = mysql_query($sql))) {
die(mysql_error());
}
$contents = '<h2 id="account-manager">' . $lang['new_user_created'] . "</h2>\n" . '<p>' . $lang['new_user_created_success'] . "</p>\n" . '<p class="ref"><a href="./user_list.php">' . $lang['user_list'] . "</a></p>\n" . '<p class="ref"><a href="./user_regist.php">' . $lang['create_accounts'] . "</a></p>\n";
// Send Mail
if ($cfg['sendmail_account_id'] == 'yes') {
if ($cfg['xml_lang'] == 'ja') {
require_once './mail_mb.php';
} else {
require_once './mail.php';
}
}
}
} else {
}
// Deny when required values are empty
$root_dir = $cfg['root_path'];
$root_dir = str_replace('/', '\\/', $root_dir);
$root_dir = str_replace('.', '\\.', $root_dir);
if (empty($url) or empty($title) or empty($excerpt) or empty($name) or $url == 'http://') {
$error = 1;
$message = 'Bad Request.';
header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'article.php?id=' . urlencode($id));
} else {
mb_convert_variables($cfg['mysql_lang'], "UTF-8,EUC-JP,Shift_JIS,ASCII", $title, $excerpt, $url, $name);
$blog_id = insert_safe(intval($_GET['id']));
$title = insert_safe($title);
$excerpt = insert_safe($excerpt);
$url = insert_safe($url);
$name = insert_safe($name);
// Block Spam
if (substr_count($url, "/") < 3 || substr_count($url, "/") == 3 && substr($url, -1) == "/" || preg_match($block_spam['keywords'], $title) || preg_match($block_spam['keywords'], $excerpt) || preg_match($block_spam['keywords'], $url) || preg_match($block_spam['keywords'], $name) || $block_spam['deny_1byteonly'] == 'yes' && !preg_match('/.*[\\x80-\\xff]/', $excerpt)) {
//echo 'You Are A Spammer!';
header('Location: ' . $cd . '/article.php?id=' . $blog_id);
exit;
}
if (file_exists($cd . '/include/user_include/plugins/plg_trackback_spam_blocker.inc.php')) {
include_once $cd . '/include/user_include/plugins/plg_trackback_spam_blocker.inc.php';
if (class_exists('P_BLOG_TrackbackSpamBlocker')) {
$tbBlock = new P_BLOG_TrackbackSpamBlocker();
$tbBlock->denyTrackbackWithoutRef($blog_id);
}
}
// Deny Ping from the same page
$check_sql = 'SELECT COUNT(id) as num FROM ' . $trackback_table . " WHERE (blog_id = '{$blog_id}') AND (url = '{$url}')";
*/
$cd = '..';
require_once $cd . '/include/config.inc.php';
require_once $cd . '/include/fnc_error_msgs.inc.php';
require_once $cd . '/include/http_headers.inc.php';
require_once './include/fnc_search.inc.php';
require_once './include/fnc_forum.inc.php';
if (isset($_POST['user_name'], $_POST['user_pass'], $_POST['title'], $_POST['comment'], $_POST['color'], $_POST['id'], $_POST['tid'])) {
$user_name = insert_safe($_POST['user_name']);
$user_pass = insert_safe(md5($_POST['user_pass']));
$title = insert_tag_safe($_POST['title']);
$comment = insert_tag_safe($_POST['comment']);
$color = insert_safe(intval($_POST['color']));
$id = insert_safe(intval($_POST['id']));
$tid = insert_safe(intval($_POST['tid']));
$mod_del = insert_safe($_POST['mod_del']);
$contents = <<<EOD
<ul class="flip-menu">
<a href="./index.php" accesskey="i">{$lang['topic_list']}</a>
<a href="./add.php" accesskey="n">{$lang['new_topic']}</a>
<a href="./topic.php?tid={$tid}" accesskey="b">{$lang['back_to_topic']}</a>
</ul>
EOD;
$check_sql = 'SELECT `user_pass` FROM `' . $forum_table . '` WHERE id = ' . $id;
$check_res = mysql_query($check_sql);
$check_row = mysql_fetch_array($check_res);
if ($check_row['user_pass'] == $user_pass) {
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], "auto", $user_name, $title, $comment);
}
if (isset($_POST['user_uri'])) {
