function check_entry($type = '') { global $GB_UPLOAD, $GB_TMP, $GB_PG; $this->db->VARS["max_img_size"] = $this->db->VARS["max_img_size"] * 1024; if ($this->db->VARS["banned_ip"] == 1) { if ($this->db->isBannedIp($this->ip)) { return $this->db->gb_error($this->db->LANG["ErrorPost9"]); } } if ($this->db->VARS["flood_check"] == 1) { if ($this->db->FloodCheck($this->ip)) { return $this->db->gb_error($this->db->LANG["ErrorPost8"]); } } $this->name = $this->db->FormatString($this->name); $this->location = $this->db->FormatString($this->location); $this->comment = $this->db->FormatString($this->comment); $this->icq = intval($this->db->FormatString($this->icq)); $this->aim = htmlspecialchars($this->db->FormatString($this->aim)); if ($this->icq < 1000 || $this->icq > 999999999) { $this->icq = 0; } if ($this->name == "") { return $this->db->gb_error($this->db->LANG["ErrorPost1"]); } elseif (strlen($this->comment) < $this->db->VARS["min_text"] || strlen($this->comment) > $this->db->VARS["max_text"]) { return $this->db->gb_error($this->db->LANG["ErrorPost3"]); } else { $this->url = trim($this->url); $this->email = trim($this->email); if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@([0-9a-z][0-9a-z-]*[0-9a-z]\\.)+[a-z]{2,5}\$", $this->email)) { $this->email = ''; } if (!eregi("^http://[_a-z0-9-]+\\.[_a-z0-9-]+", $this->url)) { $this->url = ''; } if (htmlspecialchars($this->url) != "{$this->url}") { $this->url = ''; } } if ($this->db->VARS["censor"] == 1) { $this->name = $this->db->CensorBadWords($this->name); $this->location = $this->db->CensorBadWords($this->location); $this->comment = $this->db->CensorBadWords($this->comment); } if (!$this->db->CheckWordLength($this->name) || !$this->db->CheckWordLength($this->location)) { return $this->db->gb_error($this->db->LANG["ErrorPost4"]); } if (!$this->db->CheckWordLength($this->comment)) { return $this->db->gb_error($this->db->LANG["ErrorPost10"]); } if ($this->canUseCaptcha) { if ($this->token == '' || $this->gb_captcha == '') { return $this->db->gb_error($this->db->LANG["ErrorPost4"]); } if (get_magic_quotes_gpc()) { $this->gb_captcha = stripslashes($this->gb_captcha); } $gb_captcha = strtoupper($this->gb_captcha); $res = $this->db->query("SELECT validate_key FROM {$this->table['cap']} WHERE session_id = '" . addslashes($this->token) . "'"); $result = $this->db->fetch_array($res); if ($result == false || $result['validate_key'] == "" || $gb_captcha == "") { return $this->db->gb_error($this->db->LANG["ErrorPost4"]); } $result['validate_key'] = strtoupper($result['validate_key']); if ($result['validate_key'] != $gb_captcha) { return $this->db->gb_error($this->db->LANG["ErrorPost4"]); } } if (is_array($this->userfile) && $this->userfile["userfile"]["tmp_name"] != "none" && filesize($this->userfile["userfile"]["tmp_name"]) > 0) { $uploaded_img_file_stat = $this->is_uploaded_file_readable($this->userfile["userfile"]["tmp_name"]); } else { $uploaded_img_file_stat = -1; } if ($uploaded_img_file_stat > 0) { $extension = array("1" => 'gif', "2" => 'jpg', "3" => 'png', "4" => 'swf'); $the_time = time(); if ($this->userfile["userfile"]["size"] > $this->db->VARS["max_img_size"]) { return $this->db->gb_error($this->db->LANG["ErrorPost6"]); } else { if ($uploaded_img_file_stat == 1) { $size = @GetImageSize($this->userfile["userfile"]["tmp_name"]); $open_basedir_res = false; } else { $open_basedir_res = true; if (!eregi("WIN", PHP_OS)) { exec("cp " . $this->userfile["userfile"]["tmp_name"] . " {$this->include_path}/{$GB_TMP}/img-{$the_time}.tmp"); } else { $win_command = str_replace("/", "\\", $this->userfile["userfile"]["tmp_name"]); $win_loc = str_replace("/", "\\", "{$this->include_path}/{$GB_TMP}/img-{$the_time}.tmp"); exec("copy {$win_command} {$win_loc}"); } $size = @GetImageSize("{$this->include_path}/{$GB_TMP}/img-{$the_time}.tmp"); } if (is_array($size) && $size[2] > 0 && $size[2] < 4) { $this->image_file = "img-{$the_time}." . $extension[$size[2]]; $img = new gb_image(); $img->set_destdir("{$this->include_path}/{$GB_UPLOAD}"); $img->set_border_size($this->db->VARS["img_width"], $this->db->VARS["img_height"]); if ($type == "preview") { if (!$open_basedir_res) { move_uploaded_file($this->userfile["userfile"]["tmp_name"], "{$this->include_path}/{$GB_TMP}/{$this->image_file}"); } else { rename("{$this->include_path}/{$GB_TMP}/img-{$the_time}.tmp", "{$this->include_path}/{$GB_TMP}/{$this->image_file}"); } $new_img_size = $img->get_img_size_format($size[0], $size[1]); $GB_UPLOAD = $GB_TMP; $row['p_filename'] = $this->image_file; $row['width'] = $size[0]; $row['height'] = $size[1]; eval("\$this->tmp_image = \"" . $this->template->get_template($this->GB_TPL['image']) . "\";"); } else { if (!$open_basedir_res) { move_uploaded_file($this->userfile["userfile"]["tmp_name"], "{$this->include_path}/{$GB_UPLOAD}/{$this->image_file}"); } else { rename("{$this->include_path}/{$GB_TMP}/img-{$the_time}.tmp", "{$this->include_path}/{$GB_UPLOAD}/{$this->image_file}"); } if ($this->db->VARS["thumbnail"] == 1) { $min_size = 1024 * $this->db->VARS["thumb_min_fsize"]; $img->set_min_filesize($min_size); $img->set_prefix("t_"); $img->create_thumbnail("{$this->include_path}/{$GB_UPLOAD}/{$this->image_file}", "{$this->image_file}"); } } } else { return $this->db->gb_error($this->db->LANG["ErrorPost7"]); } } } if (!empty($this->user_img)) { $this->image_file = trim($this->user_img); } return 1; }
function check_entry($type = '') { global $GB_PG; $the_max_img_size = $this->db->VARS['max_img_size'] * 1024; $the_time = time(); if (get_magic_quotes_gpc()) { $this->strip_all_slashes(); } $this->name = htmlspecialchars($this->db->FormatString($this->name)); $this->email = htmlspecialchars($this->db->FormatString($this->email)); $this->location = htmlspecialchars($this->db->FormatString($this->location)); $this->comment = htmlspecialchars($this->db->FormatString($this->comment)); $this->icq = intval($this->db->FormatString($this->icq)); $this->aim = htmlspecialchars($this->db->FormatString($this->aim)); $this->msn = htmlspecialchars($this->db->FormatString($this->msn)); $this->yahoo = htmlspecialchars($this->db->FormatString($this->yahoo)); $this->skype = htmlspecialchars($this->db->FormatString($this->skype)); // Are we checking for the honeypot? if ($this->db->VARS['honeypot'] == 1) { if ($this->honeypot == 1) { //sleep(20); return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost10'], 1), 0, 1); } } // Check if a timehash has been sent otherwise submitted data has been manipulated if ($this->timehash == '') { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost4'] . ' (4)', 5), 0, 1); } // Are we running a bot test and if so is the answer empty? if (($this->db->VARS['antibottest'] == 1 || $this->db->VARS['antibottest'] == 2) && empty($this->bottest)) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost13'], 3), 0, 1); } // Just usual adding of slashes for protection if (!get_magic_quotes_gpc()) { $this->bottest = addslashes($this->bottest); $this->db->VARS['bottestanswer'] = addslashes($this->db->VARS['bottestanswer']); $this->timehash = addslashes($this->timehash); } /* * We are using a bot test so lets check their answer * 1 - built in captcha or question and answer * 2 - Using third party captcha of Solve Media */ if ($this->db->VARS['antibottest'] == 1 && strtolower($this->bottest) != strtolower($this->db->VARS['bottestanswer'])) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost14'], 4), 0, 1); } elseif ($this->db->VARS['antibottest'] == 2) { if ($this->db->VARS['solve_media'] == 0 && !$this->db->captcha_test($this->bottest, $this->timehash)) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost14'], 4), 0, 1); } elseif ($this->db->VARS['solve_media'] == 1) { require_once LAZ_INCLUDE_PATH . '/solvemedialib.php'; $privkey = 'IgTCJw84R-0k.RO.6NVgCAiaaDp5qzNW'; $hashkey = 'YBb1ktjDEKcxkdb6fmgnjo.ODYvf0nbj'; $adcopy_challenge = !get_magic_quotes_gpc() ? addslashes($_POST['adcopy_challenge']) : $_POST['adcopy_challenge']; $solvemedia_response = solvemedia_check_answer($privkey, $this->ip, $adcopy_challenge, $this->bottest, $hashkey); if (!$solvemedia_response->is_valid) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost14'], 4), 0, 1); } } } // Make the timehash in to something we can use $decodedhash = $this->db->generate_timehash($this->timehash); // Now check if they have posted to fast if ($the_time < $decodedhash + $this->db->VARS['post_time_min'] && $this->db->VARS['post_time_min'] != 0) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost15']), 0, 1); } // Or possibly they took to long to post if ($the_time > $decodedhash + $this->db->VARS['post_time_max'] && $this->db->VARS['post_time_max'] != 0) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost16']), 1, 1); } /* * Do we want to check the headers? If so then do it * If they fail the check the error message will end with the number 5 followed by a . * with the next number indicating which header they failed on */ if ($this->db->VARS['check_headers'] == 1) { if (($failedHeader = $this->db->check_headers(1, $this->ip)) != 0) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost4'] . ' (5.' . $failedHeader . ')', 6), 0, 1); } } // I have set a limit of 50 characters for the email address. Probably should increase that if (strlen($this->email) > 50) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost4'])); } // Lets check that the email is valid by RFC specs if (!$this->db->check_emailaddress($this->email)) { $this->email = ''; } // if their ICQ number is to low or to high then make it 0 if ($this->icq < 1000 || $this->icq > 999999999) { $this->icq = 0; } /* * This section is just some bog standard checks such as * Check they gave us their name, * that the message isn't to short or to long. * do we require an email address and if so have they provided one, * any submitted URL is valid otherwise remove it. * For example (5.6) means that their hostname indicates they are on a banned host */ if ($this->name == '') { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost1'])); } elseif (strlen($this->comment) < $this->db->VARS['min_text']) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost3'])); } elseif (strlen($this->comment) > $this->db->VARS['max_text']) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost17'])); } elseif (($this->db->VARS['require_email'] == 1 || $this->db->VARS['require_email'] == 4) && $this->email == '') { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost12'])); } else { $this->url = trim($this->url); //if (($this->url, 0, 7) !== 'http://') if (!preg_match('/^http(s)?\\:\\/\\//i', $this->url)) { $this->url = 'http://' . $this->url; } //if (!preg_match('/^http(s)?\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_=]*)?$/i', $this->url)) if (!preg_match('/^https?:\\/\\/[\\w\\#$%&~\\/.\\-;:=,?@\\[\\]+]+$/uis', $this->url)) { $this->url = ''; } if (htmlspecialchars($this->url) != $this->url) { $this->url = ''; } } // Check if their IP is banned if ($this->db->VARS['banned_ip'] == 1 || $this->db->VARS['sfs_confidence'] > 0) { $banned = $this->db->isBannedIp($this->ip, $this->db->VARS['banned_ip'], $this->db->VARS['sfs_confidence']); if ($banned == 1) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost9'], 2), 0, 1); } elseif ($banned == 2) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost9'], 9), 0, 1); } } // Check if enough time has passed since their last post if ($this->db->VARS['flood_check'] == 1) { if ($this->db->FloodCheck($this->ip)) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost8']), 0, 1); } } // Check no part of the post contains any banned words if ($this->db->BlockBadWords($this->name) || $this->db->BlockBadWords($this->email) || $this->db->BlockBadWords($this->location) || $this->db->BlockBadWords($this->comment) || $this->db->BlockBadWords($this->url)) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost10'], 7)); } // Check that neither name nor location are to long if (!$this->db->CheckWordLength($this->name) || !$this->db->CheckWordLength($this->location)) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost4'] . ' (3)')); } // Check their entry is not longer than allowed if (!$this->db->CheckWordLength($this->comment)) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost10'])); } // Have they posted to many URLs? if ($this->db->VARS['max_url'] < 99) { if ($this->db->urlCounter($this->comment) > $this->db->VARS['max_url']) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost10'], 8)); } } // If we want to check them againt the SFS database then lets do so if ($this->db->VARS['sfs_confidence'] > 0) { $sfsCheck = $this->db->SFSCheck($this->ip, $this->email); if ($sfsCheck != 0) { if ($sfsCheck == 3) { $this->accepted = 0; } else { $errorMessage = $sfsCheck == 1 ? $this->db->LANG['ErrorPost9'] : $this->db->LANG['ErrorPost4']; return $this->form_addguest($this->db->gb_error($errorMessage . ' (sfs)', 9), 0, 1); } } } // Have they submitted an image, if so deal with it if (is_array($this->userfile) && $this->db->VARS['allow_img'] == 1 && $this->userfile['userfile']['tmp_name'] != 'none' && strpos($this->userfile['userfile']['type'], 'image') === 0) { $extension = array('1' => 'gif', '2' => 'jpg', '3' => 'png', '6' => 'bmp'); if ($this->userfile['userfile']['size'] > $the_max_img_size) { return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost6'])); } else { move_uploaded_file($this->userfile['userfile']['tmp_name'], $this->include_path . '/tmp/img-' . $the_time . '.tmp'); $size = GetImageSize($this->include_path . '/tmp/img-' . $the_time . '.tmp'); if ($size !== false && ($size[2] > 0 && $size[2] < 4 || $size[2] == 6)) { $this->image_file = 'img-' . $the_time . '.' . $extension[$size[2]]; $img = new gb_image(); $img->set_destdir($this->include_path . '/public'); $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']); if ($type == 'preview') { rename($this->include_path . '/tmp/img-' . $the_time . '.tmp', $this->include_path . '/tmp/' . $this->image_file); chmod($this->include_path . '/tmp/' . $this->image_file, 0755); $new_img_size = $img->get_img_size_format($size[0], $size[1]); $GB_UPLOAD = 'tmp'; $row['p_filename'] = $this->image_file; $row['p_filename2'] = $this->image_file; $row['width'] = $size[0]; $row['height'] = $size[1]; $id = '1'; eval("\$this->tmp_image = \"" . $this->template->get_template('user_pic') . "\";"); } else { rename($this->include_path . '/tmp/img-' . $the_time . '.tmp', $this->include_path . '/public/' . $this->image_file); chmod($this->include_path . '/public/' . $this->image_file, 0755); if ($this->db->VARS['thumbnail'] == 1) { $min_size = 1024 * $this->db->VARS['thumb_min_fsize']; $img->set_min_filesize($min_size); $img->set_prefix('t_'); $img->create_thumbnail($this->include_path . '/public/' . $this->image_file, "{$this->image_file}"); } } } else { @unlink($this->include_path . '/tmp/img-' . $the_time . '.tmp'); return $this->form_addguest($this->db->gb_error($this->db->LANG['ErrorPost7'])); } } } if (!empty($this->user_img)) { $illegalChars = array('?' => '', "\\" => '', ':' => '', '*' => '', '"' => '', '<' => '', '>' => '', '|' => '', '../' => '', './' => '', "\n" => '', "\r" => '', "\t" => ''); $this->image_file = trim(strtr($this->user_img, $illegalChars)); $this->image_file = file_exists($this->include_path . '/tmp/' . $this->image_file) ? $this->image_file : ''; if (!empty($this->image_file)) { $img = new gb_image(); $img->set_destdir($this->include_path . '/public'); $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']); if ($type == 'preview') { $size = getimagesize($this->include_path . '/tmp/' . $this->image_file); $new_img_size = $img->get_img_size_format($size[0], $size[1]); $GB_UPLOAD = 'tmp'; $row['p_filename'] = $this->image_file; $row['p_filename2'] = $this->image_file; $row['width'] = $size[0]; $row['height'] = $size[1]; $id = '1'; eval("\$this->tmp_image = \"" . $this->template->get_template('user_pic') . "\";"); } else { rename($this->include_path . '/tmp/' . $this->image_file, $this->include_path . '/public/' . $this->image_file); chmod($this->include_path . '/public/' . $this->image_file, 0755); if ($this->db->VARS['thumbnail'] == 1) { $min_size = 1024 * $this->db->VARS['thumb_min_fsize']; $img->set_min_filesize($min_size); $img->set_prefix('t_'); $img->create_thumbnail($this->include_path . '/public/' . $this->image_file, "{$this->image_file}"); } } } } return 1; }
function get_entries($entry, $last_entry) { global $GB_UPLOAD, $GB_PG; $VARS =& $this->db->VARS; $last_entry = intval($last_entry); $img = new gb_image(); $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']); $LANG =& $this->db->LANG; $id = isset($_GET['permalink']) ? 1 : $this->total - $entry; $HOST = ''; $COMMENT = ''; $GB_ENTRIES = ''; $i = 0; $template['entry'] = $this->template->get_template('entry'); $template['location'] = $this->template->get_template('location'); $template['com'] = $this->template->get_template('com'); $template['url'] = $this->template->get_template('url'); $template['icq'] = $this->template->get_template('icq'); $template['aim'] = $this->template->get_template('aim'); $template['msn'] = $this->template->get_template('msn'); $template['yahoo'] = $this->template->get_template('yahoo'); $template['skype'] = $this->template->get_template('skype'); $template['email'] = $this->template->get_template('email'); $template['image'] = $this->template->get_template('user_pic'); $template['male'] = $this->template->get_template('img_male'); $template['female'] = $this->template->get_template('img_female'); $template['com_link'] = $this->template->get_template('com_link'); $template['com_email'] = $this->template->get_template('com_email'); // Here we create our query dependant upon the admins options. if (isset($_GET['permalink'])) { $this->searchquery2 = ' AND x.id = ' . $entry; $entry = 0; $last_entry = 1; } if ($this->db->VARS['allow_img'] && $this->db->VARS['disablecomments'] != 1) { $result = $this->db->query("SELECT x.*, y.p_filename, y.width, y.height, COUNT(z.com_id) as comments FROM " . LAZ_TABLE_PREFIX . "_data x LEFT JOIN " . LAZ_TABLE_PREFIX . "_pics y ON (x.id=y.msg_id and y.book_id=2) LEFT JOIN " . LAZ_TABLE_PREFIX . "_com z ON (x.id=z.id) WHERE x.accepted='1'" . $this->searchquery2 . " GROUP BY x.id ORDER BY x.id DESC LIMIT {$entry}, {$last_entry}"); } elseif ($this->db->VARS['allow_img'] && $this->db->VARS['disablecomments'] == 1) { $result = $this->db->query("SELECT x.*, y.p_filename, y.width, y.height FROM " . LAZ_TABLE_PREFIX . "_data x LEFT JOIN " . LAZ_TABLE_PREFIX . "_pics y ON (x.id=y.msg_id and y.book_id=2) WHERE x.accepted='1'" . $this->searchquery2 . " GROUP BY x.id ORDER BY x.id DESC LIMIT {$entry}, {$last_entry}"); } elseif (!$this->db->VARS['allow_img'] && $this->db->VARS['disablecomments'] != 1) { $result = $this->db->query("SELECT x.*, COUNT(z.com_id) as comments FROM " . LAZ_TABLE_PREFIX . "_data x LEFT JOIN " . LAZ_TABLE_PREFIX . "_com z ON (x.id=z.id) WHERE x.accepted='1'" . $this->searchquery2 . " GROUP BY x.id ORDER BY x.id DESC LIMIT {$entry}, {$last_entry}"); } else { $result = $this->db->query("SELECT * FROM " . LAZ_TABLE_PREFIX . "_data WHERE accepted='1'" . str_replace('x.', '', $this->searchquery2) . " ORDER BY id DESC LIMIT {$entry}, {$last_entry}"); } while ($row = $this->db->fetch_array($result)) { // Check if they want to show their ad code or not. if ($this->db->VARS['ad_pos'] > 0 && $this->db->VARS['ad_code'] != '' && $this->db->VARS['ad_pos'] == $i + 1) { $GB_ENTRIES .= '<tr bgcolor="'; $GB_ENTRIES .= $i % 2 ? $this->db->VARS['tb_color_2'] : $this->db->VARS['tb_color_1']; $GB_ENTRIES .= '"><td colspan="2" align="center" class="font1">' . $this->db->VARS['ad_code'] . '</td></tr>'; $i++; } $DATE = $this->db->DateFormat($row['date']); // Format the date according to their language $MESSAGE = nl2br($row['comment']); // Add <br /> where needed if (!empty($row['p_filename']) && preg_match('/^img-/', $row['p_filename'])) { $row['p_filename2'] = $row['p_filename']; if (file_exists($this->path . '/public/t_' . $row['p_filename'])) { $row['p_filename2'] = 't_' . $row['p_filename2']; } $new_img_size = $img->get_img_size_format($row['width'], $row['height']); $GB_UPLOAD = 'public'; eval("\$USER_PIC = \"" . $template['image'] . "\";"); } else { $USER_PIC = ''; } $row['name'] = $this->db->CensorBadWords($row['name']); $MESSAGE = $this->db->CensorBadWords($MESSAGE); if ($this->db->VARS['smilies'] == 1) { $MESSAGE = $this->db->emotion($MESSAGE); } /* if (!$row['location']) { $row['location'] = '-'; }*/ $bgcolor = $i % 2 ? $this->db->VARS['tb_color_2'] : $this->db->VARS['tb_color_1']; $i++; if ($row['url'] && $this->db->VARS['allow_url'] == 1) { $row['url'] = $this->db->CensorBadWords($row['url']); eval("\$URL = \"" . $template['url'] . "\";"); } else { $URL = ''; } if ($row['location'] && $this->db->VARS['allow_loc'] == 1) { $row['location'] = $this->db->CensorBadWords($row['location']); $THEIRLOC = urlencode($row['location']); eval("\$LOCATION = \"" . $template['location'] . "\";"); } else { $LOCATION = ''; } if ($row['icq'] && $this->db->VARS['allow_icq'] == 1 && $row['icq'] != 0) { eval("\$ICQ = \"" . $template['icq'] . "\";"); } else { $ICQ = ''; } if ($row['aim'] && $this->db->VARS['allow_aim'] == 1) { eval("\$AIM = \"" . $template['aim'] . "\";"); } else { $AIM = ''; } if ($row['msn'] && $this->db->VARS['allow_msn'] == 1) { eval("\$MSN = \"" . $template['msn'] . "\";"); } else { $MSN = ''; } if ($row['yahoo'] && $this->db->VARS['allow_yahoo'] == 1) { eval("\$YAHOO = \"" . $template['yahoo'] . "\";"); } else { $YAHOO = ''; } if ($row['skype'] && $this->db->VARS['allow_skype'] == 1) { eval("\$SKYPE = \"" . $template['skype'] . "\";"); } else { $SKYPE = ''; } if ($row['email']) { $GRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? ' background: transparent url(http://www.gravatar.com/avatar/' . md5($row['email']) . '?s=24&d=wavatar&r=G) no-repeat right;' : ''; if ($this->db->VARS['require_email'] < 2) { $row['email'] = $this->db->CensorBadWords($row['email']); if ($this->db->VARS['encrypt_email'] == 1) { $MAILTO = $this->db->html_encode('mailto:' . $row['email']); } else { $MAILTO = 'mailto:' . $row['email']; } eval("\$EMAIL = \"" . $template['email'] . "\";"); } else { $EMAIL = ''; } } else { $GRAVATAR = ''; $EMAIL = ''; } if ($this->db->VARS['allow_gender'] == 1) { if ($row['gender'] == 'f') { eval("\$GENDER = \"" . $template['female'] . "\";"); } elseif ($row['gender'] == 'm') { eval("\$GENDER = \"" . $template['male'] . "\";"); } else { $GENDER = ''; } } else { $GENDER = ''; } $PERMALINK = ''; if ($this->db->VARS['permalinks'] == 1) { $PERMALINK = preg_match('/\\?/', $GB_PG['index']) ? $GB_PG['index'] . '&permalink=true&entry=' . $row['id'] : $GB_PG['index'] . '?permalink=true&entry=' . $row['id']; $PERMALINK = '<a href="' . $PERMALINK . '"><img src="' . $GB_PG['base_url'] . '/img/permalink.gif" width="14" height="14" alt="Permalink" title="Permalink" style="border:0;" /></a>'; } $GB_COMMENT = (IS_MODULE || IS_INCLUDE) && preg_match('/\\?/', $GB_PG['comment']) ? $GB_PG['comment'] . '&gb_id=' . $row['id'] : $GB_PG['comment'] . '?gb_id=' . $row['id']; if ($this->db->VARS['disablecomments'] == 0) { eval("\$COMMENTLINK = \"" . $template['com_link'] . "\";"); } else { $COMMENTLINK = ''; } if ($this->db->VARS['show_ip'] == 1) { $hostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $row['host']) ? 'IP' : 'Host'; $HOST = '<em style="font-weight: normal;">' . $hostname . ': ' . $row['host'] . "</em>\n"; } if (!empty($row['comments'])) { $foo = $this->db->query("SELECT * FROM " . LAZ_TABLE_PREFIX . "_com WHERE id='{$row['id']}' AND comaccepted='1' order by com_id asc"); $comment_count = 0; while ($com = $this->db->fetch_array($foo)) { $comment_count++; $COMDATE = $this->db->DateFormat($com['timestamp']); $comhostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $com['host']) ? 'IP' : 'Host'; $comhost = $this->db->VARS['show_ip'] == 1 ? '<em>' . $comhostname . ': ' . $com['host'] . "</em><br />\n" : ''; $com['comments'] = $this->db->VARS['smilies'] == 1 ? nl2br($this->db->emotion($com['comments'])) : nl2br($com['comments']); $com['name'] = $this->db->CensorBadWords($com['name']); $com['comments'] = $this->db->CensorBadWords($com['comments']); $COMGRAVATAR = ''; $COMEMAIL = ''; if (!empty($com['email'])) { $COMGRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? 'padding-left:26px;background: url(http://www.gravatar.com/avatar/' . md5($com['email']) . '?s=24&d=wavatar&r=G) no-repeat;' : ''; if ($this->db->VARS['require_email'] < 2) { $com['email'] = $this->db->CensorBadWords($com['email']); if ($this->db->VARS['encrypt_email'] == 1) { $COMMAILTO = $this->db->html_encode('mailto:' . $com['email']); } else { $COMMAILTO = 'mailto:' . $com['email']; } eval("\$COMEMAIL = \"" . $template['com_email'] . "\";"); } else { $COMEMAIL = ''; } } eval("\$COMMENT .= \"" . $template['com'] . "\";"); } unset($com); if ($this->db->VARS['hide_comments'] == 1 && $comment_count > 0) { $COMMENTDIV = "<br style=\"clear:both;\" /><a href=\"javascript: ;\" onclick=\"toggleSlide('" . $row['id'] . "', " . $comment_count . ");\" style=\"clear:both;display:none;\" id=\"comtext_" . $row['id'] . "\" class=\"comHide\">" . $LANG['BookMess12'] . " (" . $comment_count . ")</a>"; $COMMENTDIV .= "<div id=\"com" . $row['id'] . "_open\" style=\"position:relative;\" class=\"comDiv\">"; $COMMENTDIV .= $COMMENT; $COMMENTDIV .= '</div>'; $COMMENT = $COMMENTDIV; unset($COMMENTDIV); } } $theirbrowser = $this->db->browser_detect($row['browser']); eval("\$GB_ENTRIES .= \"" . $template['entry'] . "\";"); $COMMENT = ''; $id--; if ($this->db->VARS['ad_pos'] > $last_entry && $this->db->VARS['ad_code'] != '' && $i == $last_entry) { $GB_ENTRIES .= '<tr bgcolor="'; $GB_ENTRIES .= $i % 2 ? $this->db->VARS['tb_color_2'] : $this->db->VARS['tb_color_1']; $GB_ENTRIES .= '"><td colspan="2" align="center" class="font1">' . $this->db->VARS['ad_code'] . '</td></tr>'; $i++; } } $TPL['GB_ENTRIES'] = $GB_ENTRIES; return $TPL; }
function comment_form($extra_html = '') { global $GB_PG, $gbsession, $rid, $uid, $included; //, $include_path; if ($this->db->VARS['disablecomments'] != 1 && (!empty($_GET['gbsession']) && !empty($_GET['uid']))) { $GB_PG['comment'] = $GB_PG['comment'] . '?gbsession=' . $gbsession . '&rid=' . $rid . '&uid=' . $uid . '&included=' . $included; } $this->db->query("SELECT x.*, y.p_filename, y.width, y.height, z.comments from " . LAZ_TABLE_PREFIX . "_data x left join " . LAZ_TABLE_PREFIX . "_pics y on (x.id=y.msg_id and y.book_id=2) left join " . LAZ_TABLE_PREFIX . "_com z on (x.id=z.id) WHERE (x.accepted='1' AND x.id=" . $this->id . ") LIMIT 1"); $row = $this->db->fetch_array($this->db->result); $LANG =& $this->db->LANG; $VARS =& $this->db->VARS; if (isset($_COOKIE['lang']) && !empty($_COOKIE['lang']) && file_exists(LAZ_INCLUDE_PATH . '/lang/codes-' . $_COOKIE['lang'] . '.php')) { $LANG_CODES = $GB_PG['base_url'] . '/lang/codes-' . $_COOKIE['lang'] . '.php'; } elseif (file_exists(LAZ_INCLUDE_PATH . '/lang/codes-' . $VARS['lang'] . '.php')) { $LANG_CODES = $GB_PG['base_url'] . '/lang/codes-' . $VARS['lang'] . '.php'; } else { $LANG_CODES = $GB_PG['base_url'] . '/lang/codes-english.php'; } $antispam = $this->db->VARS['antispam_word']; $HTML_CODE = $this->db->VARS['allow_html'] == 1 ? $this->db->LANG['BookMess2'] : $this->db->LANG['BookMess1']; $AG_CODE = $this->db->VARS['agcode'] == 1 ? '<a href="' . $LANG_CODES . '?show=agcode" onclick="openCentered(\'' . $LANG_CODES . '?show=agcode\',\'_codes\',640,450,\'scrollbars=yes\')" target="_codes">' . $this->db->LANG['FormMess3'] . '</a>' : $this->db->LANG['FormMess6']; $SMILE_CODE = $this->db->VARS['smilies'] == 1 ? $this->db->LANG['FormMess2'] : $this->db->LANG['FormMess7']; $DATE = $this->db->DateFormat($row['date']); $MESSAGE = nl2br($row['comment']); $id = $this->id; $bgcolor = $this->db->VARS['tb_color_1']; $COMMENT = ''; if ($row['p_filename'] && preg_match('/^img-/', $row['p_filename'])) { $img = new gb_image(); $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']); $new_img_size = $img->get_img_size_format($row['width'], $row['height']); $row['p_filename2'] = $row['p_filename']; $GB_UPLOAD = 'public'; if (file_exists($this->path . '/public/t_' . $row['p_filename'])) { $row['p_filename2'] = 't_' . $row['p_filename2']; } eval("\$USER_PIC = \"" . $this->template->get_template('user_pic') . "\";"); } else { $USER_PIC = ''; } $row['name'] = $this->db->CensorBadWords($row['name']); $MESSAGE = $this->db->CensorBadWords($MESSAGE); if ($this->db->VARS['smilies'] == 1) { $MESSAGE = $this->db->emotion($MESSAGE); $LAZSMILEYS = $this->db->generate_smilies(); } else { $LAZSMILEYS = ''; } if ($row['url'] && $this->db->VARS['allow_url'] == 1) { $row['url'] = $this->db->CensorBadWords($row['url']); eval("\$URL = \"" . $this->template->get_template('url') . "\";"); } else { $URL = ''; } if ($row['location'] && $this->db->VARS['allow_loc'] == 1) { $row['location'] = $this->db->CensorBadWords($row['location']); $THEIRLOC = urlencode($row['location']); eval("\$LOCATION = \"" . $this->template->get_template('location') . "\";"); } else { $LOCATION = ''; } if ($row['icq'] && $this->db->VARS['allow_icq'] == 1 && $row['icq'] != 0) { eval("\$ICQ = \"" . $this->template->get_template('icq') . "\";"); } else { $ICQ = ''; } if ($row['aim'] && $this->db->VARS['allow_aim'] == 1) { eval("\$AIM = \"" . $this->template->get_template('aim') . "\";"); } else { $AIM = ''; } if ($row['msn'] && $this->db->VARS['allow_msn'] == 1) { eval("\$MSN = \"" . $this->template->get_template('msn') . "\";"); } else { $MSN = ''; } if ($row['yahoo'] && $this->db->VARS['allow_yahoo'] == 1) { eval("\$YAHOO = \"" . $this->template->get_template('yahoo') . "\";"); } else { $YAHOO = ''; } if ($row['skype'] && $this->db->VARS['allow_skype'] == 1) { eval("\$SKYPE = \"" . $this->template->get_template('skype') . "\";"); } else { $SKYPE = ''; } if ($row['email']) { $GRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? ' background: transparent url(http://www.gravatar.com/avatar/' . md5($row['email']) . '?s=24&d=wavatar&r=G) no-repeat right;' : ''; if ($this->db->VARS['require_email'] < 2) { $row['email'] = $this->db->CensorBadWords($row['email']); if ($this->db->VARS['encrypt_email'] == 1) { $MAILTO = $this->db->html_encode('mailto:' . $row['email']); } else { $MAILTO = 'mailto:' . $row['email']; } eval("\$EMAIL = \"" . $this->template->get_template('email') . "\";"); } else { $EMAIL = ''; } } else { $GRAVATAR = ''; $EMAIL = ''; } if ($this->db->VARS['allow_gender'] == 1) { if ($row['gender'] == 'f') { eval("\$GENDER = \"" . $this->template->get_template('img_female') . "\";"); } elseif ($row['gender'] == 'm') { eval("\$GENDER = \"" . $this->template->get_template('img_male') . "\";"); } else { $GENDER = ''; } } else { $GENDER = ''; } if ($this->db->VARS['show_ip'] == 1) { $hostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $row['host']) ? 'IP' : 'Host'; $HOST = '<em style="font-weight: normal;">' . $hostname . ': ' . $row['host'] . "</em>\n"; } else { $HOST = ''; } $TIMEHASH = $this->db->generate_timehash(); $TimehashTag = '<input type="hidden" name="gb_timehash" value="' . $TIMEHASH . '" />'; $EXTRAJS = ''; $OPTIONS[] = ''; $EMAILREQ = ''; $EMAILDISPLAYED = $this->db->VARS['require_email'] > 2 ? $LANG['FormEmailDisplay'] : ''; if ($this->db->VARS['require_email'] == 1 || $this->db->VARS['require_email'] == 4) { $EXTRAJS .= 'document.getElementById(\'gb_email\').value = trim(document.getElementById(\'gb_email\').value); if(document.getElementById(\'gb_email\').value == "") { errorStyling(\'gb_email\'); errorMessages[errorNum++] = "' . $LANG['ErrorPost12'] . '"; }'; $EMAILREQ = '*'; } $footerJS = ''; if ($this->db->VARS['require_email'] != 2) { eval("\$OPTIONS['email'] = \"" . $this->template->get_template('form_email') . "\";"); } if ($this->db->VARS['honeypot'] == 1) { $honeypot = '<br /><span id="gb_username"><input type="checkbox" name="gb_username" value="1" /> Spammer?</span><br />'; $footerJS .= "document.getElementById('gb_username').style.display = 'none';\n"; } else { $honeypot = ''; } if ($this->db->VARS['need_pass'] == 1) { $com_question = ''; if ($this->db->VARS['com_question'] != '') { $com_question = $this->db->VARS['com_question'] . "<br />\n"; // This is a bit of a hack but means only editing this file and ot the template as well $LANG['FormPass'] = $LANG['FormBot']; } $EXTRAJS .= 'document.getElementById(\'gb_bottest\').value = trim(document.getElementById(\'gb_bottest\').value); if(document.getElementById(\'gb_bottest\').value == "") { errorStyling(\'gb_bottest\'); errorMessages[errorNum++] = "' . $LANG['ErrorPost13'] . '"; }'; eval("\$OPTIONS['antibot'] = \"" . $this->template->get_template('com_pass') . "\";"); } elseif ($this->db->VARS['need_pass'] == 2) { if ($this->db->VARS['solve_media'] == 1) { $EXTRAJS .= 'document.getElementById(\'adcopy_response\').value = trim(document.getElementById(\'adcopy_response\').value); if(document.getElementById(\'adcopy_response\').value == "") { errorStyling(\'adcopy_response\'); errorMessages[errorNum++] = "' . $LANG['ErrorPost13'] . '"; }'; require_once LAZ_INCLUDE_PATH . '/solvemedialib.php'; //include the Solve Media library $SolveMedia = solvemedia_get_html('G8vem0b2VDBXju20c9OwHO7makkjC9-o'); //outputs the widget eval("\$OPTIONS['antibot'] = \"" . $this->template->get_template('form_captcha2') . "\";"); } else { $EXTRAJS .= 'document.getElementById(\'gb_bottest\').value = trim(document.getElementById(\'gb_bottest\').value); if(document.getElementById(\'gb_bottest\').value == "") { errorStyling(\'gb_bottest\'); errorMessages[errorNum++] = "' . $LANG['ErrorPost13'] . '"; }'; $footerJS .= "document.getElementById('captchaReload').style.display = 'block';\nreloadCaptcha();"; eval("\$OPTIONS['antibot'] = \"" . $this->template->get_template('form_captcha') . "\";"); } } $OPTIONAL = implode("\n", $OPTIONS); $GB_COMMENT = '#'; $GB_ENTRY = ''; $display_tags = $this->db->create_buttons($LANG_CODES); if ($row['comments']) { $coms = $this->db->query("SELECT * FROM " . LAZ_TABLE_PREFIX . "_com WHERE id='" . $this->id . "' AND comaccepted='1' order by com_id asc"); while ($com = $this->db->fetch_array($coms)) { $COMDATE = $this->db->DateFormat($com['timestamp']); $comhostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $com['host']) ? 'IP' : 'Host'; $comhost = $this->db->VARS['show_ip'] == 1 ? '<i>' . $comhostname . ': ' . $com['host'] . "</i><br />\n" : ''; $com['comments'] = $this->db->VARS['smilies'] == 1 ? nl2br($this->db->emotion($com['comments'])) : nl2br($com['comments']); $com['name'] = $this->db->CensorBadWords($com['name']); $com['comments'] = $this->db->CensorBadWords($com['comments']); $COMEMAIL = ''; $COMGRAVATAR = ''; $template['com_email'] = $this->template->get_template('com_email'); if (!empty($com['email'])) { $COMGRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? 'padding-left:26px;background: url(http://www.gravatar.com/avatar/' . md5($com['email']) . '?s=24&d=wavatar&r=G) no-repeat;' : ''; if ($this->db->VARS['require_email'] < 2) { $template['com_email'] = $this->template->get_template('com_email'); $com['email'] = $this->db->CensorBadWords($com['email']); if ($this->db->VARS['encrypt_email'] == 1) { $COMMAILTO = $this->db->html_encode('mailto:' . $com['email']); } else { $COMMAILTO = 'mailto:' . $com['email']; } eval("\$COMEMAIL = \"" . $template['com_email'] . "\";"); } else { $COMEMAIL = ''; } } eval("\$COMMENT .= \"" . $this->template->get_template('com') . "\";"); } } $theirbrowser = $this->db->browser_detect($row['browser']); $comment_html = ''; $COMMENTLINK = ''; $PERMALINK = ''; eval("\$GB_ENTRY = \"" . $this->template->get_template('entry') . "\";"); $GB_ENTRY .= $TimehashTag; eval("\$comment_html = \"" . $this->template->get_template('header') . "\";"); eval("\$comment_html .= \"" . $this->template->get_template('comment') . "\";"); eval("\$comment_html .= \"" . $this->template->get_template('footer') . "\";"); return $comment_html; }