$design->header(); $tpl = new tpl('user/regist'); $tpl->set_out('regeln', bbcode($allgAr['allg_regeln']), 0); $design->footer(); break; case 2: $name = ''; $email = ''; if (!empty($_POST['nutz'])) { $name = escape($_POST['nutz'], 'string'); } if (!empty($_POST['email'])) { $email = escape($_POST['email'], 'string'); } $ch_name = false; $xname = escape_nickname($name); if (!empty($name) and $xname == $name and 0 == db_result(db_query("SELECT COUNT(*) FROM `prefix_user` WHERE `name_clean` = BINARY '" . get_lower($name) . "'"), 0)) { $ch_name = true; } $ch_email = false; $xemail = escape_for_email($email); if (!empty($email) and $xemail == $email and 0 == db_result(db_query("SELECT COUNT(*) FROM `prefix_user` WHERE `email` = BINARY '" . get_lower($email) . "'"), 0)) { $ch_email = true; } if (empty($name) or empty($email) or $name != $xname or $ch_name == false or $email != $xemail or $ch_email == false) { $title = $allgAr['title'] . ' :: Users :: Registrieren :: Step 2 von 3'; $hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">User</a><b> » </b><a class="smalfont" href="?user-regist">Registrieren</a><b> » </b>Step 2 von 3' . $extented_forum_menu_sufix; $header = array('jquery/pstrength-min.1.2.js', 'jquery/pstrength.css', 'jquery/jquery.validate.js', 'forms/regist.js'); $design = new design($title, $hmenu, 1); $design->header($header); if (empty($name) or empty($email)) {
$dppk_time = time(); $time = time(); if (!isset($_SESSION['klicktime'])) { $_SESSION['klicktime'] = 0; } $topic = ''; $txt = ''; $xnn = ''; if (isset($_POST['topic'])) { $topic = trim(escape($_POST['topic'], 'string')); } if (isset($_POST['txt'])) { $txt = trim(escape($_POST['txt'], 'textarea')); } if (isset($_POST['Gname'])) { $xnn = trim(escape_nickname($_POST['Gname'])); } if ($_SESSION['klicktime'] + 15 > $dppk_time or empty($topic) or empty($txt) or !empty($_POST['priview']) or empty($_POST['Gname']) and !loggedin() or !chk_antispam('newtopic')) { $design = new design($title, $hmenu, 1); $design->header($load); $tpl = new tpl('forum/newtopic'); $name = ''; if (!loggedin()) { $name = '<tr><td class="Cmite"0><b>' . $lang['name'] . '</b></td>'; $name .= '<td class="Cnorm"><input type="text" value="' . unescape($xnn) . '" maxlength="15" name="Gname"></td></tr>'; } if (isset($_POST['priview'])) { $tpl->set_out('txt', bbcode(unescape($txt)), 0); } $ar = array('name' => $name, 'txt' => escape_for_fields(unescape($txt)), 'topic' => escape_for_fields(unescape($topic)), 'fid' => $fid, 'SMILIES' => getsmilies(), 'antispam' => get_antispam('newtopic', 1)); $tpl->set_ar_out($ar, 1);
if (strlen($_POST['txt']) > $allgAr['Gtxtl']) { $fehler .= '· ' . sprintf($lang['gbooktexttolong'], $allgAr['Gtxtl']) . '<br/>'; } if (trim($_POST['txt']) == '') { $fehler .= '· ' . $lang['emptymessage'] . '<br/>'; } if (chk_antispam('gbook') != true) { $fehler .= '· ' . $lang['incorrectspam'] . '<br/>'; } // if ($fehler == '') { $txt = escape($_POST['txt'], 'textarea'); if ($_SESSION['authid'] == 0) { $name = escape_nickname($_POST['name'], 'string') . ' (Gast)'; } else { $name = escape_nickname($_POST['name'], 'string'); } $mail = escape($_POST['mail'], 'string'); $page = escape($_POST['page'], 'string'); db_query("INSERT INTO `prefix_gbook` (`name`,`mail`,`page`,`time`,`ip`,`txt`) VALUES ('" . $name . "', '" . $mail . "', '" . $page . "', '" . time() . "', '" . getip() . "', '" . $txt . "')"); $_SESSION['klicktime_gbook'] = $dppk_time; wd('index.php?gbook', $lang['insertsuccessful']); } else { showForm($_POST["txt"], $_POST["mail"], $_POST["page"], '<div id="formfehler">' . $fehler . '</div>'); } } else { showForm(); break; } break; case 'show':
if (isset($_POST['Gname'])) { $xnn = trim(escape_nickname($_POST['Gname'])); } if ($_SESSION['klicktime'] + 15 > $dppk_time or empty($txt) or !empty($_POST['priview']) or empty($_POST['Gname']) and !loggedin() or !chk_antispam('newpost')) { $design = new design($title, $hmenu, 1); $design->header(); $name = ''; if (!loggedin()) { $name = '<tr><td class="Cmite"0><b>' . $lang['name'] . '</b></td>'; $name .= '<td class="Cnorm"><input type="text" value="' . unescape($xnn) . '" maxlength="15" name="Gname"></td></tr>'; } $tpl = new tpl('forum/newpost'); $xtext = ''; if ($menu->getA(3) == 'z') { $row = db_fetch_object(db_query("SELECT txt,erst FROM prefix_posts WHERE id = " . $menu->getE(3))); $xtext = '[quote=' . escape_nickname($row->erst) . ']' . "\n" . $row->txt . "\n[/quote]"; } if ($menu->getA(3) == 'f') { $r = db_fetch_assoc(db_query("SELECT id,text,title FROM prefix_faqs WHERE id = " . $menu->getE(3))); $xtext = 'FAQ Artikel: [url=index.php?faqs-s' . $r['id'] . '#FAQ' . $r['id'] . ']' . $r['title'] . '[/url]' . "\n" . unescape($r['text']); } if (isset($_POST['priview'])) { $tpl->set_out('txt', bbcode(unescape($txt)), 0); } if (empty($txt)) { $txt = $xtext; } $tpl = new tpl('forum/newpost'); $ar = array('txt' => escape_for_fields(unescape($txt)), 'tid' => $tid, 'name' => $name, 'SMILIES' => getsmilies(), 'antispam' => get_antispam('newpost', 1)); $tpl->set_ar_out($ar, 1); $erg = db_query('SELECT erst, txt FROM `prefix_posts` WHERE tid = "' . $tid . '" ORDER BY time DESC LIMIT 0,5');
function user_login_check() { if (isset($_POST['user_login_sub']) and isset($_POST['name']) and isset($_POST['pass'])) { debug('posts vorhanden'); $name = escape_nickname($_POST['name']); if ($name != $_POST['name'] or strlen($_POST['name']) > 15) { return false; } $erg = db_query("SELECT name,id,recht,pass,llogin FROM prefix_user WHERE name = BINARY '" . $name . "'"); if (db_num_rows($erg) == 1) { debug('user gefunden'); $row = db_fetch_assoc($erg); if (user_pw_check($_POST['pass'], $row['pass'], $row['id'])) { debug('passwort stimmt ... ' . $row['name']); $_SESSION['authname'] = $row['name']; $_SESSION['authid'] = $row['id']; $_SESSION['authright'] = $row['recht']; $_SESSION['lastlogin'] = $row['llogin']; $_SESSION['authsess'] = session_und_cookie_name(); db_query("UPDATE prefix_online SET uid = " . $_SESSION['authid'] . " WHERE sid = '" . session_id() . "'"); user_set_cookie($row['id'], $row['pass']); user_set_grps_and_modules(); return true; } } global $menu; $menu->set_url(0, 'user'); $menu->set_url(1, 'login'); } return false; }
$s .= '<img style="border: 0px; padding: 5px;" src="include/images/smiles/' . $row->url . '" title="' . $row->emo . '"></a>'; $i++; if ($i % $zeilen == 0 and $i != 0) { $s .= '<br /><br />'; } } $tpl->set_out('smilies', $s, 4); } if (!isset($_SESSION['last_shoutbox'])) { $_SESSION['last_shoutbox'] = ''; } if (has_right($allgAr['sb_recht'])) { //Formular if (!empty($_POST['shoutbox_submit']) and chk_antispam('shoutbox')) { if ($_SESSION['authid'] == 0) { $shoutbox_nickname = substr(escape_nickname($_POST['shoutbox_nickname']), 0, 8) . ' (Gast)'; } else { $shoutbox_nickname = substr($_SESSION['authname'], 0, 15); } $shoutbox_textarea = escape($_POST['shoutbox_textarea'], 'textarea'); $shoutbox_textarea = preg_replace("/\\[.?(url|b|i|u|img|code|quote)[^\\]]*?\\]/i", "", $shoutbox_textarea); $shoutbox_textarea = strip_tags($shoutbox_textarea); if (!empty($shoutbox_textarea) and $_SESSION['last_shoutbox'] != $shoutbox_textarea) { $_SESSION['last_shoutbox'] = $shoutbox_textarea; db_query('INSERT INTO `prefix_shoutbox` (`uid`,`nickname`,`textarea`,`time`) VALUES (' . $_SESSION['authid'] . ', "' . $shoutbox_nickname . '" , "' . $shoutbox_textarea . '", "' . date('Y-m-d H:i:s') . '" ) '); } } $antispam = get_antispam('shoutbox', 0); if (!empty($antispam)) { $antispam .= '<br />'; }