function add_quote($method) { global $CONFIG, $TEMPLATE, $CAPTCHA, $db; $innerhtml = ''; $quotxt = ''; if ($method == 'submit') { $quotxt = htmlspecialchars(trim($_POST["rash_quote"])); if (strlen($quotxt) < $CONFIG['min_quote_length']) { $TEMPLATE->add_message(lang('add_quote_short')); } else { if (isset($_POST['preview'])) { $innerhtml = $TEMPLATE->add_quote_preview(mangle_quote_text($quotxt)); } else { $innerhtml = handle_captcha('add_quote', 'add_quote_do_inner'); $added = 1; } } } print $TEMPLATE->add_quote_page($quotxt, $innerhtml, $added); }
/** * handle_captcha * * @param string $mode The mode, build or check, to either build the captcha/confirm box, or to check if the user entered the correct confirm_code * * @return Returns * - True if the captcha code is correct and $mode is check or they do not need to view the captcha (permissions) * - False if the captcha code is incorrect, or not given and $mode is check */ function handle_captcha($mode) { global $db, $template, $phpbb_root_path, $phpEx, $user, $config, $s_hidden_fields; if ($user->data['user_id'] != ANONYMOUS || !$config['user_blog_guest_captcha']) { return true; } blog_plugins::plugin_do_arg('function_handle_captcha', $mode); if (file_exists($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx)) { if (!class_exists('phpbb_captcha_factory')) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; } $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_POST); if ($mode == 'check') { $captcha->validate(); // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code if (strpos($s_hidden_fields, 'confirm_id') === false) { $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); } return $captcha->is_solved(); } else { if ($mode == 'build' && !$captcha->solved) { // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code if (strpos($s_hidden_fields, 'confirm_id') === false) { $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); } $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); $template->set_filenames(array('new_captcha' => 'blog/new_captcha.html')); $template->assign_display('new_captcha', 'CAPTCHA', false); return; } } } if ($mode == 'check') { $confirm_id = request_var('confirm_id', ''); $confirm_code = request_var('confirm_code', ''); if ($confirm_id == '' || $confirm_code == '') { return false; } $sql = 'SELECT code FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'\n\t\t\t\tAND session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST; $result = $db->sql_query($sql); $confirm_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0) { return false; } // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code if (strpos($s_hidden_fields, 'confirm_id') === false) { $s_hidden_fields .= build_hidden_fields(array('confirm_id' => $confirm_id, 'confirm_code' => $confirm_code)); } return true; } else { if ($mode == 'build' && !handle_captcha('check')) { // Show confirm image $sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST; $db->sql_query($sql); // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); $seed = hexdec(substr(unique_id(), 4, 10)); // compute $seed % 0x7fffffff $seed -= 0x7fffffff * floor($seed / 0x7fffffff); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, 'code' => (string) $code, 'seed' => (int) $seed)); $db->sql_query($sql); $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />', 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'))); $template->set_filenames(array('old_captcha' => 'blog/old_captcha.html')); $template->assign_var('CAPTCHA', $template->display('old_captcha')); } } }
function import_quotes($method) { global $CONFIG, $TEMPLATE, $CAPTCHA, $db; $innerhtml = ''; $added = 0; $qpost = ''; $regex = NULL; if ($method == 'submit') { $sep = html_entity_decode($_POST['separator_regex']); $quotes = preg_split("/" . $sep . "/m", html_entity_decode(trim($_POST['rash_quote']))); $nquotes = count($quotes); if ($nquotes < 2) { $TEMPLATE->add_message(lang('import_quote_check_separator')); $qpost = $_POST['rash_quote']; $regex = $_POST['separator_regex']; } else { $ret = handle_captcha('import_quotes', 'import_quotes_do_inner'); if (is_string($ret)) { $TEMPLATE->add_message($ret); } $added++; } } print $TEMPLATE->import_data_page($qpost, $regex, $innerhtml, $added); }