<td><span class="TableMessage"> <br />Sorry the referering url dose not match our host name.<br /> </span> </td> </tr> <?php } } $_POST['EventName'] = stripcslashes(htmlspecialchars($_POST['EventName'], ENT_QUOTES, $Settings['charset'])); //$_POST['EventName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['EventName']); $_POST['EventName'] = remove_spaces($_POST['EventName']); $_POST['GuestName'] = stripcslashes(htmlspecialchars($_POST['GuestName'], ENT_QUOTES, $Settings['charset'])); //$_POST['GuestName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['GuestName']); $_POST['GuestName'] = remove_spaces($_POST['GuestName']); $_POST['EventText'] = stripcslashes(htmlspecialchars($_POST['EventText'], ENT_QUOTES, $Settings['charset'])); //$_POST['EventText'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['EventText']); $_POST['EventText'] = remove_bad_entities($_POST['EventText']); //$_POST['EventText'] = remove_spaces($_POST['EventText']); if ($_SESSION['UserGroup'] == $Settings['GuestGroup']) { if (isset($_POST['GuestName']) && $_POST['GuestName'] != null) { if ($cookieDomain == null) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir); } if ($cookieDomain != null) { if ($cookieSecure === true) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir, $cookieDomain, 1); } if ($cookieSecure === false) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir, $cookieDomain); } } $_SESSION['GuestName'] = $_POST['GuestName'];
</div></form></td> </tr> <tr id="ProfileEnd" class="TableMenuRow4"> <td class="TableMenuColumn4"> </td> </tr> </table> </div> <?php sql_free_result($result); } if ($_POST['update'] == "now") { if ($_POST['act'] == "signature" && $_SESSION['UserGroup'] != $Settings['GuestGroup']) { $_POST['Signature'] = stripcslashes(htmlspecialchars($_POST['Signature'], ENT_QUOTES)); //$_POST['Signature'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['Signature']); //$_POST['Signature'] = remove_spaces($_POST['Signature']); $_POST['Signature'] = remove_bad_entities($_POST['Signature']); /* <_< iWordFilter >_> by Kazuki Przyborowski - Cool Dude 2k */ $katarzynaqy = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "wordfilter\"", array(null)); $katarzynart = sql_query($katarzynaqy, $SQLStat); $katarzynanm = sql_num_rows($katarzynart); $katarzynas = 0; while ($katarzynas < $katarzynanm) { $Filter = sql_result($katarzynart, $katarzynas, "FilterWord"); $Replace = sql_result($katarzynart, $katarzynas, "Replacement"); $CaseInsensitive = sql_result($katarzynart, $katarzynas, "CaseInsensitive"); if ($CaseInsensitive == "on") { $CaseInsensitive = "yes"; } if ($CaseInsensitive == "off") { $CaseInsensitive = "no";
</tr> <?php } } $_POST['TopicName'] = stripcslashes(htmlspecialchars($_POST['TopicName'], ENT_QUOTES, $Settings['charset'])); //$_POST['TopicName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['TopicName']); $_POST['TopicName'] = remove_spaces($_POST['TopicName']); $_POST['TopicDesc'] = stripcslashes(htmlspecialchars($_POST['TopicDesc'], ENT_QUOTES, $Settings['charset'])); //$_POST['TopicDesc'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['TopicDesc']); $_POST['TopicDesc'] = remove_spaces($_POST['TopicDesc']); $_POST['GuestName'] = stripcslashes(htmlspecialchars($_POST['GuestName'], ENT_QUOTES, $Settings['charset'])); //$_POST['GuestName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['GuestName']); $_POST['GuestName'] = remove_spaces($_POST['GuestName']); $_POST['TopicPost'] = stripcslashes(htmlspecialchars($_POST['TopicPost'], ENT_QUOTES, $Settings['charset'])); //$_POST['TopicPost'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['TopicPost']); $_POST['TopicPost'] = remove_bad_entities($_POST['TopicPost']); //$_POST['TopicPost'] = remove_spaces($_POST['TopicPost']); if ($_SESSION['UserGroup'] == $Settings['GuestGroup']) { if (isset($_POST['GuestName']) && $_POST['GuestName'] != null) { if ($cookieDomain == null) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir); } if ($cookieDomain != null) { if ($cookieSecure === true) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir, $cookieDomain, 1); } if ($cookieSecure === false) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir, $cookieDomain); } } $_SESSION['GuestName'] = $_POST['GuestName'];
$_POST['MessageName'] = stripcslashes(htmlspecialchars($_POST['MessageName'], ENT_QUOTES, $Settings['charset'])); //$_POST['MessageName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['MessageName']); $_POST['MessageName'] = remove_spaces($_POST['MessageName']); $_POST['MessageDesc'] = stripcslashes(htmlspecialchars($_POST['MessageDesc'], ENT_QUOTES, $Settings['charset'])); //$_POST['MessageDesc'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['MessageDesc']); $_POST['MessageDesc'] = remove_spaces($_POST['MessageDesc']); $_POST['SendMessageTo'] = stripcslashes(htmlspecialchars($_POST['SendMessageTo'], ENT_QUOTES, $Settings['charset'])); //$_POST['SendMessageTo'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['SendMessageTo']); $_POST['SendMessageTo'] = remove_spaces($_POST['SendMessageTo']); $_POST['GuestName'] = stripcslashes(htmlspecialchars($_POST['GuestName'], ENT_QUOTES, $Settings['charset'])); //$_POST['GuestName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['GuestName']); $_POST['GuestName'] = remove_spaces($_POST['GuestName']); $_POST['Message'] = stripcslashes(htmlspecialchars($_POST['Message'], ENT_QUOTES, $Settings['charset'])); //$_POST['Message'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['Message']); //$_POST['Message'] = remove_spaces($_POST['Message']); $_POST['Message'] = remove_bad_entities($_POST['Message']); if ($_SESSION['UserGroup'] == $Settings['GuestGroup']) { if (isset($_POST['GuestName']) && $_POST['GuestName'] != null) { if ($cookieDomain == null) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir); } if ($cookieDomain != null) { if ($cookieSecure === true) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir, $cookieDomain, 1); } if ($cookieSecure === false) { setcookie("GuestName", $_POST['GuestName'], time() + 7 * 86400, $cbasedir, $cookieDomain); } } $_SESSION['GuestName'] = $_POST['GuestName']; }
<td><span class="TableMessage"> <br />Sorry the referering url dose not match our host name.<br /> </span> </td> </tr> <?php } } $_POST['ReplyDesc'] = stripcslashes(htmlspecialchars($_POST['ReplyDesc'], ENT_QUOTES, $Settings['charset'])); //$_POST['ReplyDesc'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['ReplyDesc']); $_POST['ReplyDesc'] = remove_spaces($_POST['ReplyDesc']); $_POST['GuestName'] = stripcslashes(htmlspecialchars($_POST['GuestName'], ENT_QUOTES, $Settings['charset'])); //$_POST['GuestName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['GuestName']); $_POST['GuestName'] = remove_spaces($_POST['GuestName']); $_POST['ReplyPost'] = stripcslashes(htmlspecialchars($_POST['ReplyPost'], ENT_QUOTES, $Settings['charset'])); //$_POST['ReplyPost'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['ReplyPost']); $_POST['ReplyPost'] = remove_bad_entities($_POST['ReplyPost']); if ($ShowEditTopic === true) { $_POST['TopicName'] = stripcslashes(htmlspecialchars($_POST['TopicName'], ENT_QUOTES, $Settings['charset'])); //$_POST['TopicName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['TopicName']); $_POST['TopicName'] = remove_spaces($_POST['TopicName']); } /* <_< iWordFilter >_> by Kazuki Przyborowski - Cool Dude 2k */ $katarzynaqy = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "wordfilter\"", array(null)); $katarzynart = sql_query($katarzynaqy, $SQLStat); $katarzynanm = sql_num_rows($katarzynart); $katarzynas = 0; while ($katarzynas < $katarzynanm) { $Filter = sql_result($katarzynart, $katarzynas, "FilterWord"); $Replace = sql_result($katarzynart, $katarzynas, "Replacement"); $CaseInsensitive = sql_result($katarzynart, $katarzynas, "CaseInsensitive");
if ($Settings['use_hashtype'] == "gost") { $iDBHash = "iDBHGOST"; $NewPassword = b64e_hmac($_POST['Password'], $_POST['Joined'], $HashSalt, "gost"); } if ($Settings['use_hashtype'] == "joaat") { $iDBHash = "iDBHJOAAT"; $NewPassword = b64e_hmac($_POST['Password'], $_POST['Joined'], $NewHashSalt, "joaat"); } $_GET['YourPost'] = $_POST['Signature']; //require( './'.$SettDir['misc'].'HTMLTags.php'); $_GET['YourPost'] = htmlspecialchars($_GET['YourPost'], ENT_QUOTES, $Settings['charset']); //$_GET['YourPost'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_GET['YourPost']); $NewSignature = $_GET['YourPost']; $_GET['YourPost'] = preg_replace("/\t+/", " ", $_GET['YourPost']); $_GET['YourPost'] = preg_replace("/\\s\\s+/", " ", $_GET['YourPost']); $_GET['YourPost'] = remove_bad_entities($_GET['YourPost']); $Avatar = stripcslashes(htmlspecialchars($_POST['Avatar'], ENT_QUOTES, $Settings['charset'])); //$Avatar = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $Avatar); $Avatar = remove_spaces($Avatar); $Website = stripcslashes(htmlspecialchars($_POST['Website'], ENT_QUOTES, $Settings['charset'])); //$Website = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $Website); $Website = remove_spaces($Website); $gquerys = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"Name\"='%s' LIMIT 1", array($yourgroup)); $gresults = sql_query($gquerys, $SQLStat); $yourgroup = sql_result($gresults, 0, "id"); $PreUserPer['CanViewBoard'] = sql_result($gresults, 0, "CanViewBoard"); $PreUserPer['CanViewOffLine'] = sql_result($gresults, 0, "CanViewOffLine"); $PreUserPer['CanEditProfile'] = sql_result($gresults, 0, "CanEditProfile"); $PreUserPer['CanAddEvents'] = sql_result($gresults, 0, "CanAddEvents"); $PreUserPer['CanPM'] = sql_result($gresults, 0, "CanPM"); $PreUserPer['CanSearch'] = sql_result($gresults, 0, "CanSearch");
function remove_spaces($Text) { $Text = preg_replace("/(^\t+|\t+\$)/", "", $Text); $Text = preg_replace("/(^\n+|\n+\$)/", "", $Text); $Text = preg_replace("/(^\r+|\r+\$)/", "", $Text); $Text = preg_replace("/(\r|\n|\t)+/", " ", $Text); $Text = preg_replace("/\\s\\s+/", " ", $Text); $Text = preg_replace("/(^\\s+|\\s+\$)/", "", $Text); $Text = trim($Text, ".."); $Text = remove_bad_entities($Text); return $Text; }