function add_quote($method)
{
global $CONFIG, $TEMPLATE, $CAPTCHA, $db;
$innerhtml = '';
$quotxt = '';
if ($method == 'submit') {
$quotxt = htmlspecialchars(trim($_POST["rash_quote"]));
if (strlen($quotxt) < $CONFIG['min_quote_length']) {
$TEMPLATE->add_message(lang('add_quote_short'));
} else {
if (isset($_POST['preview'])) {
$innerhtml = $TEMPLATE->add_quote_preview(mangle_quote_text($quotxt));
} else {
$innerhtml = handle_captcha('add_quote', 'add_quote_do_inner');
$added = 1;
}
}
}
print $TEMPLATE->add_quote_page($quotxt, $innerhtml, $added);
}
/**
* handle_captcha
*
* @param string $mode The mode, build or check, to either build the captcha/confirm box, or to check if the user entered the correct confirm_code
*
* @return Returns
* - True if the captcha code is correct and $mode is check or they do not need to view the captcha (permissions)
* - False if the captcha code is incorrect, or not given and $mode is check
*/
function handle_captcha($mode)
{
global $db, $template, $phpbb_root_path, $phpEx, $user, $config, $s_hidden_fields;
if ($user->data['user_id'] != ANONYMOUS || !$config['user_blog_guest_captcha']) {
return true;
}
blog_plugins::plugin_do_arg('function_handle_captcha', $mode);
if (file_exists($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx)) {
if (!class_exists('phpbb_captcha_factory')) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_POST);
if ($mode == 'check') {
$captcha->validate();
// add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
if (strpos($s_hidden_fields, 'confirm_id') === false) {
$s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
}
return $captcha->is_solved();
} else {
if ($mode == 'build' && !$captcha->solved) {
// add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
if (strpos($s_hidden_fields, 'confirm_id') === false) {
$s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
}
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
$template->set_filenames(array('new_captcha' => 'blog/new_captcha.html'));
$template->assign_display('new_captcha', 'CAPTCHA', false);
return;
}
}
}
if ($mode == 'check') {
$confirm_id = request_var('confirm_id', '');
$confirm_code = request_var('confirm_code', '');
if ($confirm_id == '' || $confirm_code == '') {
return false;
}
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'\n\t\t\t\tAND session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST;
$result = $db->sql_query($sql);
$confirm_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0) {
return false;
}
// add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
if (strpos($s_hidden_fields, 'confirm_id') === false) {
$s_hidden_fields .= build_hidden_fields(array('confirm_id' => $confirm_id, 'confirm_code' => $confirm_code));
}
return true;
} else {
if ($mode == 'build' && !handle_captcha('check')) {
// Show confirm image
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST;
$db->sql_query($sql);
// Generate code
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));
// compute $seed % 0x7fffffff
$seed -= 0x7fffffff * floor($seed / 0x7fffffff);
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, 'code' => (string) $code, 'seed' => (int) $seed));
$db->sql_query($sql);
$template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />', 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')));
$template->set_filenames(array('old_captcha' => 'blog/old_captcha.html'));
$template->assign_var('CAPTCHA', $template->display('old_captcha'));
}
}
}
function import_quotes($method)
{
global $CONFIG, $TEMPLATE, $CAPTCHA, $db;
$innerhtml = '';
$added = 0;
$qpost = '';
$regex = NULL;
if ($method == 'submit') {
$sep = html_entity_decode($_POST['separator_regex']);
$quotes = preg_split("/" . $sep . "/m", html_entity_decode(trim($_POST['rash_quote'])));
$nquotes = count($quotes);
if ($nquotes < 2) {
$TEMPLATE->add_message(lang('import_quote_check_separator'));
$qpost = $_POST['rash_quote'];
$regex = $_POST['separator_regex'];
} else {
$ret = handle_captcha('import_quotes', 'import_quotes_do_inner');
if (is_string($ret)) {
$TEMPLATE->add_message($ret);
}
$added++;
}
}
print $TEMPLATE->import_data_page($qpost, $regex, $innerhtml, $added);
}
