include './includes/notifs.php';
} else {
$sql = 'SELECT pseudo FROM ' . $prefixtable . 'membres WHERE id = "' . intval($_GET['id']) . '" AND valid = 1';
$req = $bdd->query($sql);
$requse++;
$numreq = $req->rowCount();
if (empty($numreq)) {
include 'includes/notifs.php';
die;
}
$data = $req->fetch();
$pseudosend = $data['pseudo'];
$req->closeCursor();
if (isset($_POST['texte'])) {
$titre = trim(strip_gpc($_POST['titre']));
$texte = trim(strip_gpc($_POST['texte']));
} else {
$titre = $texte = '';
}
$timemin = time() - $tmpfreepost;
if ($idmembre == $_GET['id']) {
display_error($lg_mps['mp1'], $lg_mps['mp2']);
} elseif (!isset($_POST['previsu']) && $tempspostlast >= $timemin && $rang != 1 && $rang != 2) {
display_error($lg_mps['mp3'], $lg_mps['mp4'] . $tmpfreepost . $lg_mps['mp5']);
} elseif (empty($titre) || empty($texte) || isset($_POST['previsu'])) {
echo '
<div class="top_infos">
<a href="' . (!$url_rewriting ? 'index.php' : 'index.html') . '">
' . $lg_mps['mp6'] . htmlentities($nomduforum) . '
</a> ->
<a href="' . (!$url_rewriting ? 'index.php?page=mp' : 'mp.html') . '">
<label for="o_sond">' . $lg_posta['p21'] . '</label>
</td>
<td class="cadre1_bas">
<input maxlength="48" id="o_sond" type="text" name="option_' . $sond . '" class="input_sondage_reponse" tabindex="150" />
<input type="submit" name="option" class="sondage_bouton_ajouter" value="' . $lg_posta['p22'] . '" tabindex="160" />
</td>
</tr>
<tr>
';
}
echo '
<td class="cadre_clair" height="30" width="160">
<label for="d_sondage">' . $lg_posta['p23'] . '</label>
</td>
<td class="cadre1_bas">
<input id="d_sondage" type="text" name="temps_sondage" class="input_sondage_jours" ' . (isset($_POST['temps_sondage']) ? ' value="' . strip_gpc($_POST['temps_sondage']) . '" ' : '') . ' tabindex="170" />
' . $lg_posta['p24'] . '
</td>
</tr>
</table>
';
}
echo '
<p align="center">
<input type="submit" name="previsu" class="bouton_previsualiser" value="' . $lg_posta['p25'] . '" tabindex="180" />
<input type="submit" name="sendage" class="bouton_envoyer" value="' . $lg_posta['p26'] . '" tabindex="190" />
</p>
</form>
';
///////////////////////////////////////////////
// Récapitulatif des messages si option active et réponse à un sujet existant
$autmodpseudo = false;
$afflistdelauto = false;
$autorisationsign = true;
$bbcodesign = true;
$ipaff = false;
$affreprapide = false;
$lmax = 150;
$hmax = 150;
$pmax = 20480;
$tmpfreepost = 15;
$membreparpage = 25;
$postparpage = 25;
$postparpageaff = 15;
$adresse = \'' . addslashes2(strip_gpc($_POST['url'])) . '\';
$lockforum = false;
$message_de_lock = \'Le forum est actuellement indisponible.
Réessayez ultérieurement.\';
$upavatar = "1";
?>';
$root2 = $_SERVER['PHP_SELF'];
$root2 = str_replace("/install", "", $root2);
$root2 = str_replace("/index.php", "", $root2);
// contenu du htaccess
$insert3 = '
RewriteEngine on
############# PAGES DE GESTION
function strip_gpc($values, $type = 'g')
{
$filter = array('g' => "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)", 'p' => "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)", 'c' => "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)");
if (!isset($values)) {
return '';
}
if (is_array($values)) {
foreach ($values as $key => $val) {
$values[addslashes($key)] = strip_gpc($val, $type);
}
} else {
if (preg_match("/" . $filter[$type] . "/is", $values, $match) == 1) {
$values = '';
}
}
return $values;
}
echo '<input name="nb" type="hidden" value="' . $nb . '" />';
} else {
$nb = 0;
$arr = '$emoticonc = array(';
for ($i = 0; $i <= $_POST['nb']; $i++) {
if (isset($_POST[$i]) && $_POST[$i] == 'true' || $_POST['nb'] == $i && !empty($_POST['emote' . $i])) {
$arr .= '\'' . addslashes2(strip_gpc($_POST['emote' . $i])) . '\',';
$nb++;
}
}
$arr = substr($arr, 0, strlen($arr) - 1) . ');';
$nb = 0;
$arri = '$emoticonv = array(';
for ($i = 0; $i <= $_POST['nb']; $i++) {
if (isset($_POST[$i]) && $_POST[$i] == 'true' || $_POST['nb'] == $i && !empty($_POST['emotei' . $i])) {
$arri .= '\'' . addslashes2(strip_gpc($_POST['emotei' . $i])) . '\',';
$nb++;
}
}
$arri = substr($arri, 0, strlen($arri) - 1) . ');';
$fp = fopen('../info_emote.php', 'w+');
fseek($fp, 0);
fputs($fp, '<?php
' . $arri . '
' . $arr . '
$emoticonnb = count($emoticonv);
?>');
fclose($fp);
echo '
}
$arr_rg_mb = substr($arr_rg_mb, 0, strlen($arr_rg_mb) - 1) . ');';
$nb = 0;
$arr_rg_mb_im = '$rangimagem = array(';
for ($i = 0; $i <= $_POST['nb_2']; $i++) {
if (isset($_POST['a_' . $i]) && $_POST['a_' . $i] == 'true' || $_POST['nb_2'] == $i && !empty($_POST['rang_mb' . $i])) {
$arr_rg_mb_im .= '\'' . addslashes2(strip_gpc($_POST['i_rang_mb' . $i])) . '\',';
$nb++;
}
}
$arr_rg_mb_im = substr($arr_rg_mb_im, 0, strlen($arr_rg_mb_im) - 1) . ');';
$nb = 0;
$arr_rg_mb_val = '$rangpostmin = array(';
for ($i = 0; $i <= $_POST['nb_2']; $i++) {
if (isset($_POST['a_' . $i]) && $_POST['a_' . $i] == 'true' || $_POST['nb_2'] == $i && !empty($_POST['rang_mb' . $i])) {
$arr_rg_mb_val .= '\'' . addslashes2(strip_gpc($_POST['v_rang_mb' . $i])) . '\',';
$nb++;
}
}
$arr_rg_mb_val = substr($arr_rg_mb_val, 0, strlen($arr_rg_mb_val) - 1) . ');';
$fp = fopen('../info_options_rangs.php', 'w+');
fseek($fp, 0);
fputs($fp, '<?php
' . $arr_rg_sp . '
' . $arr_rg_sp_coul . '
' . $arr_rg_sp_im . '
' . $arr_rg_mb . '
' . $arr_rg_mb_im . '
' . $arr_rg_mb_val . '
?>');
fclose($fp);
<label for="mdpc">' . $lg_reg['r25'] . '</label>
</td>
<td class="cadre_clair reg_tdright">
<input name="mdpc" type="password" id="mdpc" size="32" maxlength="64" /> ' . $lg_reg['r26'] . '
</td>
</tr>
<tr>
<td width="30%" class="cadre_clair reg_tdleft">
<label for="mail">' . $lg_reg['r27'] . '</label>
</td>
<td class="cadre_clair reg_tdright">
<input name="mail" type="text"';
if (isset($_POST['mail']) && $m == 0) {
echo 'value="' . $_POST['mail'] . '"';
} elseif (isset($_POST['mail'])) {
echo 'value="' . strip_gpc(htmlentities($_POST['mail'])) . '" class="boutonb"';
} else {
echo 'class="bouton"';
}
echo 'id="mail" size="32" maxlength="64" />
</td>
</tr>
<tr>
<td class="cadre_clair reg_tdrules" colspan="2">
<p>' . $lg_reg['r28'] . '</p>
<textarea class="tcond" readonly="readonly">' . $lg_reg['r30'] . '
</textarea>
<p>
<input name="condok" id="condok" type="checkbox" value="true" ' . ($cond ? ' checked="checked" ' : '') . '>
<label for="condok" class="label_cond_ok">' . $lg_reg['r31'] . '</label>
</p>
// données et enregistrement bdd
$displayForm = false;
// on n'affiche pas le formulaire dans ce cas seulement
$mdpt = genere_passwd();
$mdpc = md5($mdpt);
// on désactive toutes les autres demandes
//$sql = 'DELETE FROM '.$prefixtable.'oubli WHERE pseudo = "'.add_gpc($pseudo2).'"';
//$bdd->exec($sql) or die('Erreur SQL !<br />'.print_r($bdd->errorInfo()));
$sql = 'INSERT INTO ' . $prefixtable . 'oubli (pseudo, mail, mdp, date)
VALUES("' . add_gpc($pseudo2) . '","' . add_gpc($mail) . '", "' . $mdpc . '", "' . time() . '")';
$bdd->exec($sql) or die('Erreur SQL !<br />' . print_r($bdd->errorInfo()));
$bdd = null;
// envoi email
$mess = $langue_forgot['forgot7'] . ' : ' . $adresse . '
' . $langue_forgot['forgot5'] . ' : ' . strip_gpc($pseudo2) . '
' . $langue_forgot['forgot8'] . ' : ' . strip_gpc($mdpt) . '
' . $langue_forgot['forgot9'] . '
' . $adresse . 'confirm_mdp.php?pseudo=' . $pseudo2 . '&psw=' . $mdpc . '
' . $langue_forgot['forgot10'];
if (!empty($smtp)) {
ini_set("SMTP", "{$smtp}");
}
$headers = "To: {$pseudo2} <{$mail}>\r\n";
$headers .= "From: {$nomduforum} <{$mailadmin}>\r\n";
mail($mail, $langue_forgot['forgot11'] . ' - ' . $nomduforum, $mess, $headers);
echo $langue_forgot['forgot12'];
}
}
// Affichage du formulaire
if ($displayForm) {
?>
$afflistdelauto = ' . $_POST['afflistdelauto'] . ';
$autorisationsign = ' . $_POST['autorisationsign'] . ';
$bbcodesign = ' . $_POST['bbcodesign'] . ';
$ipaff = ' . $_POST['ipaff'] . ';
$affreprapide = ' . $_POST['affreprapide'] . ';
$lmax = ' . intval($_POST['lmax']) . ';
$hmax = ' . intval($_POST['hmax']) . ';
$pmax = ' . intval($_POST['pmax']) . ';
$tmpfreepost = ' . intval($_POST['tmpfreepost']) . ';
$membreparpage = ' . intval($_POST['membreparpage']) . ';
$postparpage = ' . intval($_POST['postparpage']) . ';
$postparpageaff = ' . intval($_POST['postparpageaff']) . ';
$adresse = \'' . addslashes2(strip_gpc($_POST['url'])) . '\';
$lockforum = ' . $_POST['lockforum'] . ';
$message_de_lock = \'' . addslashes2(strip_gpc($_POST['message_de_lock'])) . '\';
$upavatar = "1";
?>';
$fp = fopen('../info_options.php', 'w+');
fseek($fp, 0);
fputs($fp, $insert);
fclose($fp);
echo '<p>' . $lg_saveOpt['so1'] . '</p>';
} else {
echo '<h1>' . $lg_saveOpt['so2'] . '</h1>
<p>' . $lg_saveOpt['so3'] . '</p>';
}
echo '<p><a href="index.php?page=gest_opt">' . $lg_saveOpt['so4'] . '</a></p>';