} error_reporting($old_err_level); if (isset($id) && $a_cert[$id]) { $a_cert[$id] = $cert; } else { $a_cert[] = $cert; } if (isset($a_user) && isset($userid)) { $a_user[$userid]['cert'][] = $cert['refid']; } } if (!$input_errors) { write_config(); } if ($userid) { post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid)); exit; } } } if ($_POST['save'] == gettext("Update")) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "descr cert"); $reqdfieldsn = array(gettext("Descriptive name"), gettext("Final Certificate data")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[\\?\\>\\<\\&\\/\\\"\\']/", $_POST['descr'])) { array_push($input_errors, "The field 'Descriptive Name' contains invalid characters."); } // old way
$_POST['message'] = str_replace(">", ">", $_POST['message']); while (ereg('>>[0-9]+', $_POST['message'], $quote)) { $_POST['message'] = str_replace($quote[0], '<a href="../test/read.php?thread=' . $_POST['key'] . '&read=' . substr($quote[0], 8) . '">>>' . substr($quote[0], 8) . '</a>', $_POST['message']); } $_POST['message'] = str_replace("\r\n", "<br />", $_POST['message']); $_POST['message'] = mysql_real_escape_string($_POST['message']); $_POST['message'] = str_replace("\\r<br />", "<br />\n", $_POST['message']); $_POST['message'] = stripslashes($_POST['message']); $ip = md5(md5(getenv('REMOTE_ADDR') . mhash(MHASH_CRC32, getenv('REMOTE_ADDR'))) . mhash(MHASH_CRC32, getenv('REMOTE_ADDR') . crypt(getenv('REMOTE_ADDR'), getenv('REMOTE_ADDR') . md5(getenv('REMOTE_ADDR'))))); $ip = stripslashes($ip); $ip = mysql_real_escape_string($ip); if (mysql_query("INSERT INTO " . $db_prefix . "messages (`key`,bbs,`from`,tripcode,mail,message,`datetime`,ip) VALUES ('" . $_POST['key'] . "','" . $bbs['id'] . "','" . $_POST['from'] . "','" . $tripcode . "','" . $_POST['mail'] . "','" . $_POST['message'] . "',NOW(),'" . $ip . "')")) { if (!$thread and $_POST['mail'] != 'sage') { mysql_query("UPDATE " . $db_prefix . "threads SET last=NOW() WHERE id=" . $_POST['key']); } echo post_redirect($bbs['bbs']); } else { echo "Your message has not been posted successfully."; exit; } if ($thread) { $m = mysql_fetch_array(mysql_query("SELECT id FROM " . $db_prefix . "messages WHERE `key`=" . $thread['id'])); mysql_query("UPDATE " . $db_prefix . "threads SET id_first=" . $m['id'] . " WHERE id=" . $thread['id']); } $fp = fopen("../" . $bbs['bbs'] . "/index.html", 'w'); fwrite($fp, head($bbs_name, $bbs['title'])); fwrite($fp, index_display($bbs_name, $bbs['title'], $bbs['display'])); fwrite($fp, index_menu($bbs['id'], $db_prefix, $menu_n, $index_n)); fwrite($fp, index($bbs['id'], $db_prefix, $index_posts_n, $index_n, $bbs['postname'], $bbs['show_id'])); fwrite($fp, form($bbs['bbs'])); fwrite($fp, $foot);