// Block Spams if ($_POST['comment_title'] != '' || $_POST['name'] != '' || $_POST['mail'] != '' || $_POST['address'] != '' || $_POST['comment'] != '' || $_POST['url_key'] != '') { // echo 'Hi, Spammer! :-P'; header('Location: ' . $cd . '/forum/index.php'); exit; } if (isset($_POST['user_name'], $_POST['title'], $_POST['color'], $_POST['user_pass'], $_POST['refer_id'])) { // comment field name $comment_field_name = md5($block_spam['comment_field_name']); $user_name = insert_safe($_POST['user_name']); $mail = insert_safe($_POST['user_email']); $title = insert_tag_safe($_POST['title']); $comment = insert_tag_safe($_POST[$comment_field_name]); $color = insert_safe($_POST['color']); $user_pass = insert_safe($_POST['user_pass']); $refer_id = insert_safe(intval($_POST['refer_id'])); // Unicode conversion if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], 'auto', $user_name, $title, $comment); } // If title is empty $title = $title == '' ? 'Untitled' : $title; // Block Spams if (isset($_POST['user_uri']) && substr_count($_POST['user_uri'], "@") > 0 || substr_count($comment, "http://") >= (int) $block_spam['uri_count'] || preg_match($block_spam['tags'], $_POST[$comment_field_name]) || preg_match($block_spam['keywords'], $_POST[$comment_field_name]) || $block_spam['deny_1byteonly'] == 'yes' && !preg_match('/.*[\\x80-\\xff]/', $_POST[$comment_field_name]) || preg_match($block_spam['tags'], $_POST['title']) || check_spammer() > 0) { // echo 'Hi, Spammer! :-p'; header('Location: ' . $cd . '/forum/index.php'); exit; } // Deny comment with same content $check_sql = 'SELECT COUNT(id) as num FROM ' . $forum_table . " WHERE comment = '{$comment}'"; $check_res = mysql_query($check_sql);
session_control(); against_xss(); if ($session_status == 'on') { if (isset($_POST['bin_title'], $_POST['binname'], $_POST['bin_category'], $_POST['bincomment'])) { // Get the parameters posted from "update.php" if ($_POST['bin_title'] == '') { $contents = "<h2>Ooops.</h2>\n" . '<h3 class="warning">' . $lang['no_title'] . '</h3>' . "\n"; } elseif ($_POST['binname'] == '') { $contents = "<h2>Ooops.</h2>\n" . '<h3 class="warning">' . $lang['no_f_name'] . '</h3>' . "\n"; } elseif ($_POST['bincomment'] == '') { $contents = "<h2>Ooops.</h2>\n" . '<h3 class="warning">' . $lang['no_comment'] . '</h3>' . "\n"; } else { $id = insert_safe(intval($_POST['id'])); $bin_title = insert_safe($_POST['bin_title']); $binname = insert_safe($_POST['binname']); $bin_category = preg_replace('/,+$/', '', insert_safe($_POST['bin_category'])); $bincomment = insert_tag_safe($_POST['bincomment']); if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], "auto", $bin_title, $binname, $bincomment, $bin_category); } // Update query $sql = 'UPDATE ' . $info_table . " SET bin_title = '{$bin_title}', binname = '{$binname}', bin_category = '{$bin_category}', bincomment = '{$bincomment}'"; if (isset($_POST['no_update_mod'])) { $bin_mod = $_POST['bin_mod']; $sql .= ", bin_mod = '{$bin_mod}'"; } else { $cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600); $sql .= ", bin_mod = '{$cmod}'"; } // Make private if (isset($_POST['private'])) {
$bin_category = preg_replace('/,+$/', '', insert_safe($_POST['bin_category'])); $bincomment = insert_tag_safe($_POST['bincomment']); if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], "auto", $bin_title, $bincomment, $bin_category); } $binfile = $_FILES['binfile']; if (isset($binfile)) { clearstatcache(); //initialize $bin_src = $binfile["tmp_name"]; $bin_type = $binfile["type"]; $bin_name = $binfile["name"]; $bin_size = filesize($bin_src); //get the size of it if (isset($_POST['bindate']) && preg_match("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", $_POST['bindate'])) { $bin_date = insert_safe($_POST['bindate']); $cmod = preg_replace("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", "\$1\$2\$3\$4\$5\$6", $bin_date); } else { $time = filemtime($bin_src); //get the last access date of it $bin_date = gmdate("Y-m-d H:i:s", $time + $cfg['tz'] * 3600); //format the UNIX timestamp $cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600); } if (file_exists($bin_src)) { //if file exists... // put these info into the data-info table $sql = 'INSERT INTO ' . $info_table . " (`bin_title`, `bintype`, `binname`, `binsize`, `bindate`, `bin_mod`, `bin_category`, `bincomment`, `draft`)" . " VALUES ('{$bin_title}', '{$bin_type}', '{$bin_name}', '{$bin_size}', " . "'{$bin_date}', '{$cmod}', '{$bin_category}', '{$bincomment}', '1')"; if (!($res = mysql_query($sql))) { die("<h2>MySQL error</h2> " . mysql_errno() . " : " . mysql_error()); }
} else { require_once './lang/english.inc.php'; $ex_lang = 'en'; } // Connect to MySQL mysql_connect($host, $user, $password) or die("<h2>MySQL Connection Error</h2>\n<h3>Why?: " . mysql_error() . "</h3>\n"); if (isset($_POST['install_type'], $_POST['root_path'], $_POST['default_lang'], $_POST['tz_offset'])) { $install_type = insert_safe($_POST['install_type']); $root_path = insert_safe($_POST['root_path']); $default_lang = insert_safe($_POST['default_lang']); if ($default_lang == 'ja') { $mysql_internal_encode = 'EUC-JP'; } else { $mysql_internal_encode = 'Latin1'; } $tz_offset = insert_safe($_POST['tz_offset']); // NOTE: // If you post the wrong root path, you won't be able to display the preferences. // If you post your root path as "/path/to/p_blog/", you can display it. // This means "/path/to/p_blog/" is safer than the wrong-root-path-posting. switch ($install_type) { case 'upgrade': /////////////////////////////////// UPGRADE /////////////////////////////////// $title = $lang['upgrade']; // Select Database $sql = 'USE ' . $dbname; $res = mysql_query($sql); if ($res == FALSE) { // If database does not exists, create DB. $sql1 = 'CREATE DATABASE ' . $dbname; $res1 = mysql_query($sql1);
$category = preg_replace('/,+$/', '', insert_safe($_POST['category'])); $comment = insert_tag_safe($_POST['comment']); if ($cfg['enable_unicode'] == 'on') { $name = mb_convert_encoding($name, $cfg['mysql_lang'], 'auto'); $category = mb_convert_encoding($category, $cfg['mysql_lang'], 'auto'); $comment = mb_convert_encoding($comment, $cfg['mysql_lang'], 'auto'); } // First, upload the attachment files file_upload(); // Save Trackback Ping URI if ($cfg['trackback'] == 'on') { if (!empty($_POST['send_ping_uri'])) { $tb_table = ', `ping_uri`'; $senduri = insert_safe($_POST['send_ping_uri']); $tb_table_value = ", '" . $senduri . "'"; $tb_encode = '&encode=' . insert_safe($_POST['encode']); } else { $tb_table = ''; $tb_table_value = ''; $tb_encode = ''; } if (!empty($_POST['send_update_ping'])) { switch ($_POST['send_update_ping']) { case 'yes': $up_ping = '&up_ping=yes'; break; default: $up_ping = '&up_ping=no'; break; } } else {
$_SERVER['REMOTE_HOST'] = @gethostbyaddr($_SERVER['REMOTE_ADDR']); $re_host = $_SERVER['REMOTE_HOST']; } else { $re_host = $_SERVER['REMOTE_HOST']; } if (isset($_POST['user_uri'])) { $user_uri = $_POST['user_uri']; } // Format the date $fdate = gmdate('Y-m-d H:i:s', time() + $cfg['tz'] * 3600); $cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600); // 親ポストかレスかによってSQLを切り替える // // レスのとき( tid「トピックID」が指定され、ポストされる) if (isset($_POST['tid'])) { $tid = insert_safe(intval($_POST['tid'])); $sql = 'INSERT INTO ' . "{$forum_table}(`tid`, `parent_key`, `title`, `comment`, `user_name`, `user_pass`, `user_mail`, `user_uri`, `color`, `date`, `mod`, `user_ip`, `refer_id`) " . "VALUES('" . $tid . "', '" . $parent_key . "', '" . $title . "', '" . $comment . "', '" . $user_name . "', md5('" . $user_pass . "'), '" . $mail . "', '" . $user_uri . "', '" . $color . "', '" . $fdate . "', '" . $cmod . "', '" . $re_host . "', '" . $refer_id . "')"; $res = mysql_query($sql); if ($res) { // update the modification date of the parent log which is the index of the thread. $update_sql = "UPDATE `{$forum_table}` SET `mod` = '" . $cmod . "' WHERE `parent_key` = '1' AND `tid` = '" . $tid . "'"; $update_res = mysql_query($update_sql); header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'article.php?id=' . urlencode($refer_id) . '#comments'); exit; } } else { // 親ポストの場合、前のtidを取得した後、それに1を加えたものを新しいtidとし、新規に挿入。 // check the max value of thread ID in database, and then // plus "1" to the ID of the new thread. $get_id_sql = "SELECT MAX(`tid`) FROM `{$forum_table}`"; $max_id_res = mysql_query($get_id_sql);
// Matching a valid User password } elseif (!preg_match('/^[0-9a-zA-Z]{4,16}$/i', $_POST['mod_user_pass'])) { $contents = '<h2 id="account-manager">' . $lang['invalid_pass'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_pass_msg'] . '</p>'; // Matching a valid Email address } elseif (!preg_match('/^[^@\\s]+@([-a-z0-9]+\\.)+[a-z]{2,}$/i', $_POST['mod_user_email'])) { $contents = '<h2 id="account-manager">' . $lang['invalid_email'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_email_msg'] . '</p>'; } else { if ($_SESSION['root_admin_login'] == '') { $_SESSION['root_user_name'] = $mysql_user; $_SESSION['root_user_pass'] = $mysql_pass; $_SESSION['root_admin_login'] = TRUE; } $mod_user_name = insert_safe($_POST['mod_user_name']); $mod_user_pass = insert_safe($_POST['mod_user_pass']); $mod_user_email = insert_safe($_POST['mod_user_email']); $user_id = insert_safe(intval($_POST['user_id'])); $sql = "UPDATE `{$user_table}` SET `user_name` = '{$mod_user_name}', `user_pass` = md5('{$mod_user_pass}'), `user_mail` = '{$mod_user_email}' WHERE `user_id` = '{$user_id}'"; if (!($result = mysql_query($sql))) { die(mysql_error()); } $contents = '<h2 id="account-manager">' . $lang['account_updated'] . '</h2>' . '<h3>' . $lang['account_updated_msg'] . '</h3>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>'; // Send Mail if ($cfg['sendmail_account_id'] == 'yes') { if ($cfg['xml_lang'] == 'ja') { require_once './mail_mb.php'; } else { require_once './mail.php'; } } } $admin = 'yes';
require_once $cd . '/include/config.inc.php'; require_once $cd . '/include/fnc_error_msgs.inc.php'; require_once $cd . '/include/http_headers.inc.php'; require_once '../include/fnc_search.inc.php'; require_once '../include/fnc_forum.inc.php'; session_control(); against_xss(); if ($session_status == 'on') { if (isset($_POST['user_name'], $_POST['title'], $_POST['comment'], $_POST['id'], $_POST['mod_user_pass'], $_POST['tid'], $_POST['mod_del'])) { $user_name = insert_safe($_POST['user_name']); $mod_user_pass = insert_safe($_POST['mod_user_pass']); $title = insert_tag_safe($_POST['title']); $comment = insert_tag_safe($_POST['comment']); $id = insert_safe(intval($_POST['id'])); $tid = insert_safe(intval($_POST['tid'])); $mod_del = insert_safe(intval($_POST['mod_del'])); $contents = <<<EOD <ul class="flip-menu"> <li><a href="../index.php">{$lang['topic_list']}</a></li> <li><a href="../topic.php?tid={$tid}&p=0">{$lang['back_to_topic']}</a></li> </ul> EOD; if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], "auto", $user_name, $title, $comment); } switch ($mod_del) { case '1': $sql = "DELETE FROM `{$forum_table}` WHERE `id` = '{$id}'"; $res = mysql_query($sql); if ($res) {
} else { $fdate = gmdate('Y-m-d H:i:s', time() + $cfg['tz'] * 3600); $cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600); // set current time (GMT + Offset) in SQL $new_date = "`date` = '{$fdate}'"; // sync "date" and "mod" $new_mod = ", `mod` = '{$cmod}'"; } $name = insert_safe($_POST['name']); $href = insert_safe($_POST['href']); // if posted category value were ended with ",(comma)", remove it. $category = preg_replace('/,+$/', '', insert_safe($_POST['category'])); $comment = insert_tag_safe($_POST['comment']); // Update Trackback Ping URI if ($_POST['send_ping_uri']) { $mod_ping_uri = insert_safe($_POST['send_ping_uri']); $new_ping_uri = ", `ping_uri` = '{$mod_ping_uri}'"; } else { $new_ping_uri = ''; } if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], "auto", $name, $category, $comment); } // Submit query $sql = 'UPDATE ' . $log_table . " SET `name` = '{$name}', `href` = '{$href}', `category` = '{$category}', `comment` = '{$comment}', " . $new_date . $new_mod . $new_ping_uri . " WHERE `id` = '{$id}'"; mysql_query($sql) or die("<h2>MySQL error</h2> " . mysql_errno() . " : " . mysql_error()); if ($cfg['trackback'] == 'on') { if (isset($_POST['encode'])) { $tb_encode = $_POST['encode']; $selected = ' selected="selected"'; switch ($tb_encode) {
$contents = '<h2 id="account-manager">' . $lang['invalid_name'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_name_msg'] . '</p>'; // Matching a valid User password } elseif (!preg_match('/^[0-9a-zA-Z]{4,16}$/i', $_POST['new_pass'])) { $contents = '<h2 id="account-manager">' . $lang['invalid_pass'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_pass_msg'] . '</p>'; // Matching a valid Email address } elseif (!preg_match('/^[^@\\s]+@([-a-z0-9]+\\.)+[a-z]{2,}$/i', $_POST['new_email'])) { $contents = '<h2 id="account-manager">' . $lang['invalid_email'] . '</h2>' . '<p><span class="stronger">»</span> <a href="./user_list.php">' . $lang['user_list'] . '</a> | <a href="./user_regist.php">' . $lang['create_accounts'] . '</a></p>' . '<p class="warning">' . $lang['invalid_email_msg'] . '</p>'; } else { if ($_SESSION['root_admin_login'] == '') { $_SESSION['root_user_name'] = $mysql_user; $_SESSION['root_user_pass'] = $mysql_pass; $_SESSION['root_admin_login'] = TRUE; } $new_user = insert_safe($_POST['new_user']); $new_pass = insert_safe($_POST['new_pass']); $new_email = insert_safe($_POST['new_email']); $sql = "INSERT INTO `{$user_table}` VALUES ('', '{$new_user}', md5('{$new_pass}'), '{$new_email}', CURRENT_TIMESTAMP())"; if (!($result = mysql_query($sql))) { die(mysql_error()); } $contents = '<h2 id="account-manager">' . $lang['new_user_created'] . "</h2>\n" . '<p>' . $lang['new_user_created_success'] . "</p>\n" . '<p class="ref"><a href="./user_list.php">' . $lang['user_list'] . "</a></p>\n" . '<p class="ref"><a href="./user_regist.php">' . $lang['create_accounts'] . "</a></p>\n"; // Send Mail if ($cfg['sendmail_account_id'] == 'yes') { if ($cfg['xml_lang'] == 'ja') { require_once './mail_mb.php'; } else { require_once './mail.php'; } } } } else {
} // Deny when required values are empty $root_dir = $cfg['root_path']; $root_dir = str_replace('/', '\\/', $root_dir); $root_dir = str_replace('.', '\\.', $root_dir); if (empty($url) or empty($title) or empty($excerpt) or empty($name) or $url == 'http://') { $error = 1; $message = 'Bad Request.'; header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'article.php?id=' . urlencode($id)); } else { mb_convert_variables($cfg['mysql_lang'], "UTF-8,EUC-JP,Shift_JIS,ASCII", $title, $excerpt, $url, $name); $blog_id = insert_safe(intval($_GET['id'])); $title = insert_safe($title); $excerpt = insert_safe($excerpt); $url = insert_safe($url); $name = insert_safe($name); // Block Spam if (substr_count($url, "/") < 3 || substr_count($url, "/") == 3 && substr($url, -1) == "/" || preg_match($block_spam['keywords'], $title) || preg_match($block_spam['keywords'], $excerpt) || preg_match($block_spam['keywords'], $url) || preg_match($block_spam['keywords'], $name) || $block_spam['deny_1byteonly'] == 'yes' && !preg_match('/.*[\\x80-\\xff]/', $excerpt)) { //echo 'You Are A Spammer!'; header('Location: ' . $cd . '/article.php?id=' . $blog_id); exit; } if (file_exists($cd . '/include/user_include/plugins/plg_trackback_spam_blocker.inc.php')) { include_once $cd . '/include/user_include/plugins/plg_trackback_spam_blocker.inc.php'; if (class_exists('P_BLOG_TrackbackSpamBlocker')) { $tbBlock = new P_BLOG_TrackbackSpamBlocker(); $tbBlock->denyTrackbackWithoutRef($blog_id); } } // Deny Ping from the same page $check_sql = 'SELECT COUNT(id) as num FROM ' . $trackback_table . " WHERE (blog_id = '{$blog_id}') AND (url = '{$url}')";
*/ $cd = '..'; require_once $cd . '/include/config.inc.php'; require_once $cd . '/include/fnc_error_msgs.inc.php'; require_once $cd . '/include/http_headers.inc.php'; require_once './include/fnc_search.inc.php'; require_once './include/fnc_forum.inc.php'; if (isset($_POST['user_name'], $_POST['user_pass'], $_POST['title'], $_POST['comment'], $_POST['color'], $_POST['id'], $_POST['tid'])) { $user_name = insert_safe($_POST['user_name']); $user_pass = insert_safe(md5($_POST['user_pass'])); $title = insert_tag_safe($_POST['title']); $comment = insert_tag_safe($_POST['comment']); $color = insert_safe(intval($_POST['color'])); $id = insert_safe(intval($_POST['id'])); $tid = insert_safe(intval($_POST['tid'])); $mod_del = insert_safe($_POST['mod_del']); $contents = <<<EOD <ul class="flip-menu"> <a href="./index.php" accesskey="i">{$lang['topic_list']}</a> <a href="./add.php" accesskey="n">{$lang['new_topic']}</a> <a href="./topic.php?tid={$tid}" accesskey="b">{$lang['back_to_topic']}</a> </ul> EOD; $check_sql = 'SELECT `user_pass` FROM `' . $forum_table . '` WHERE id = ' . $id; $check_res = mysql_query($check_sql); $check_row = mysql_fetch_array($check_res); if ($check_row['user_pass'] == $user_pass) { if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], "auto", $user_name, $title, $comment); } if (isset($_POST['user_uri'])) {