Na forum jestem nowy, więc z góry przepraszam za ewentualne wpadki.
Obsługuje portal oparty o skrypt Nuke, wersja 7,9 PL
Od jakiegos czasu zdarza sie, że wpadnie boot i zaspamuje wielką ilością komentarzy. Wpadłem na pomysł, aby zabezpieczyć sie chocby troszkę i zastosować kod zabezpieczający, aby ktoś musiał wpisać 6 podanych cyfr przed wysłaniem komentarza.
Na jednym z innych forów niejaki Jaszczur zasugerował, aby wykorzystac funkcje gfx z rejestracji.
I tak w sumie zrobiłem, jednak cos nie dziła tak jak zamierzałem. Kod jest odpowiednio i losowo generowany, jednak komentarz przechodzi dalej bez wzgledu czy sie go wpisze.
Bardzo prosze o przypatrzenie się temu zapisowi i ewentualne ukierunkowanie mnie, czego mi brakuje w nim, aby wszystko śmigało prawidłowo. Bardzo mi zalezy.
CODE
function reply($pid, $sid, $mode, $order, $thold, $random_num, $gfx_check) {
//include("config.php"); // globalized - Quake
include("header.php");
include("config.php");
global $prefix, $module_name, $user, $cookie, $datetime, $bgcolor1, $bgcolor2, $bgcolor3, $db, $anonpost, $anonymous, $admin;
cookiedecode($user);
getusrinfo($user);
$sid = intval($sid);
$pid = intval($pid);
if (!$stop)
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
if (extension_loaded("gd") AND $code != $gfx_check AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7))
if ($anonpost == 0 AND !is_user($user)) {
OpenTable();
echo "<center><font class=title><b>"._COMMENTREPLY."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
echo "<center>"._NOANONCOMMENTS."<br><br>"._GOBACK."</center>";
CloseTable();
} else {
if ($pid != 0) {
$row = $db->sql_fetchrow($db->sql_query("SELECT date, name, email, subject, comment, score FROM ".$prefix."_comments WHERE tid='$pid'"));
$date = $row['date'];
$name = filter($row['name'], "nohtml");
$email = filter($row['email'], "nohtml");
$subject = filter($row['subject'], "nohtml");
$comment = filter($row['comment']);
$score = intval($row['score']);
} else {
$row2 = $db->sql_fetchrow($db->sql_query("SELECT time, title, hometext, bodytext, informant, notes FROM ".$prefix."_stories WHERE sid='$sid'"));
$date = $row2['time'];
$subject = filter($row2['title'], "nohtml");
$temp_comment = filter($row2['hometext']);
$comment2 = filter($row2['bodytext']);
$name = filter($row2['informant'], "nohtml");
$notes = filter($row2['notes']);
}
if(empty($comment)) {
$comment = $temp_comment."<br><br>$comment2";
}
OpenTable();
echo "<center><font class=title><b>"._COMMENTREPLY."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
if (empty($name)) $name = $anonymous;
if (empty($subject)) $subject = "["._NOSUBJECT."]";
formatTimestamp($date);
echo "<b>$subject</b> <font class=\"content\">";
if (!empty($temp_comment)) echo"("._SCORE." $score)";
if (!empty($email)) {
echo "<br>"._BY." <a href=\"mailto:$email\">$name</a> <font class=\"content\"><b>($email)</b></font> "._ON." $datetime";
} else {
echo "<br>"._BY." $name "._ON." $datetime";
}
echo "<br><br>$comment<br><br>";
if ($pid == 0) {
if (!empty($notes)) {
echo "<b>"._NOTE."</b> <i>$notes</i><br><br>";
} else {
echo "";
}
}
if (!isset($pid) || !isset($sid)) { echo "Something is not right. This message is just to keep things from messing up down the road"; exit(); }
if ($pid == 0) {
$row3 = $db->sql_fetchrow($db->sql_query("SELECT title FROM ".$prefix."_stories WHERE sid='$sid'"));
$subject = filter($row3['title'], "nohtml");
} else {
$row4 = $db->sql_fetchrow($db->sql_query("SELECT subject FROM ".$prefix."_comments WHERE tid='$pid'"));
$subject = filter($row4['subject'], "nohtml");
}
CloseTable();
echo "<br>";
OpenTable();
mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
echo "<form action=\"modules.php?name=$module_name&file=comments\" method=\"post\">";
echo "<font class=option><b>"._YOURNAME.":</b></font> ";
if (is_user($user)) {
cookiedecode($user);
echo "<a href=\"modules.php?name=Your_Account\">$cookie[1]</a> <font class=\"content\">[ <a href=\"modules.php?name=Your_Account&op=logout\">"._LOGOUT."</a> ]</font><br><br>";
} else {
echo "<font class=\"content\">$anonymous";
echo " [ <a href=\"modules.php?name=Your_Account\">"._NEWUSER."</a> ]<br><br>";
}
echo "<font class=\"option\"><b>"._SUBJECT.":</b></font><br>";
if (!stripos_clone($subject,"Re:")) $subject = "Re: ".substr($subject,0,81)."";
echo "<input type=\"text\" name=\"subject\" size=\"50\" maxlength=\"85\" value=\"$subject\"><br><br>";
echo "<font class=\"option\"><b>"._UCOMMENT.":</b></font><br>"
."<textarea wrap=\"virtual\" cols=\"70\" rows=\"15\" name=\"comment\"></textarea><br>";
if ($nuke_editor == 0) {
echo "<font class=\"content\">"._ALLOWEDHTML."<br>";
while (list($key,) = each($AllowableHTML)) echo " <".$key.">";
echo "</font><br><br>";
} else {
echo ""._HTMLNOTALLOWED."</font><br><br>";
}
if (is_user($user) AND ($anonpost == 1)) { echo "<input type=\"checkbox\" name=\"xanonpost\"> "._POSTANON."<br>"; }
if (extension_loaded("gd") AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7)) {
echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='?gfx=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n"
."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>\n"
."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";
}
if (!isset($mode) OR empty($mode)) {
if(isset($userinfo['umode'])) {
$mode = $userinfo['umode'];
} else {
$mode = "thread";
}
}
if (!isset($order) OR empty($order)) {
if(isset($userinfo['uorder'])) {
$order = $userinfo['uorder'];
} else {
$order = 0;
}
}
if (!isset($thold) OR empty($thold)) {
if(isset($userinfo['thold'])) {
$thold = $userinfo['thold'];
} else {
$thold = 0;
}
}
echo "<input type=\"hidden\" name=\"pid\" value=\"$pid\">\n"
."<input type=\"hidden\" name=\"sid\" value=\"$sid\">\n"
."<input type=\"hidden\" name=\"mode\" value=\"$mode\">\n"
."<input type=\"hidden\" name=\"order\" value=\"$order\">\n"
."<input type=\"hidden\" name=\"thold\" value=\"$thold\">\n"
."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">"
."<input type=\"hidden\" name=\"gfx_check\" value=\"$gfx_check\">"
."<input type=\"submit\" name=\"op\" value=\""._PREVIEW."\">\n"
."<input type=\"submit\" name=\"op\" value=\""._OK."\"> "._GOBACK."\n"
."</font></form>\n";
CloseTable();
}
include("footer.php");
}
//include("config.php"); // globalized - Quake
include("header.php");
include("config.php");
global $prefix, $module_name, $user, $cookie, $datetime, $bgcolor1, $bgcolor2, $bgcolor3, $db, $anonpost, $anonymous, $admin;
cookiedecode($user);
getusrinfo($user);
$sid = intval($sid);
$pid = intval($pid);
if (!$stop)
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
if (extension_loaded("gd") AND $code != $gfx_check AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7))
if ($anonpost == 0 AND !is_user($user)) {
OpenTable();
echo "<center><font class=title><b>"._COMMENTREPLY."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
echo "<center>"._NOANONCOMMENTS."<br><br>"._GOBACK."</center>";
CloseTable();
} else {
if ($pid != 0) {
$row = $db->sql_fetchrow($db->sql_query("SELECT date, name, email, subject, comment, score FROM ".$prefix."_comments WHERE tid='$pid'"));
$date = $row['date'];
$name = filter($row['name'], "nohtml");
$email = filter($row['email'], "nohtml");
$subject = filter($row['subject'], "nohtml");
$comment = filter($row['comment']);
$score = intval($row['score']);
} else {
$row2 = $db->sql_fetchrow($db->sql_query("SELECT time, title, hometext, bodytext, informant, notes FROM ".$prefix."_stories WHERE sid='$sid'"));
$date = $row2['time'];
$subject = filter($row2['title'], "nohtml");
$temp_comment = filter($row2['hometext']);
$comment2 = filter($row2['bodytext']);
$name = filter($row2['informant'], "nohtml");
$notes = filter($row2['notes']);
}
if(empty($comment)) {
$comment = $temp_comment."<br><br>$comment2";
}
OpenTable();
echo "<center><font class=title><b>"._COMMENTREPLY."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
if (empty($name)) $name = $anonymous;
if (empty($subject)) $subject = "["._NOSUBJECT."]";
formatTimestamp($date);
echo "<b>$subject</b> <font class=\"content\">";
if (!empty($temp_comment)) echo"("._SCORE." $score)";
if (!empty($email)) {
echo "<br>"._BY." <a href=\"mailto:$email\">$name</a> <font class=\"content\"><b>($email)</b></font> "._ON." $datetime";
} else {
echo "<br>"._BY." $name "._ON." $datetime";
}
echo "<br><br>$comment<br><br>";
if ($pid == 0) {
if (!empty($notes)) {
echo "<b>"._NOTE."</b> <i>$notes</i><br><br>";
} else {
echo "";
}
}
if (!isset($pid) || !isset($sid)) { echo "Something is not right. This message is just to keep things from messing up down the road"; exit(); }
if ($pid == 0) {
$row3 = $db->sql_fetchrow($db->sql_query("SELECT title FROM ".$prefix."_stories WHERE sid='$sid'"));
$subject = filter($row3['title'], "nohtml");
} else {
$row4 = $db->sql_fetchrow($db->sql_query("SELECT subject FROM ".$prefix."_comments WHERE tid='$pid'"));
$subject = filter($row4['subject'], "nohtml");
}
CloseTable();
echo "<br>";
OpenTable();
mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
echo "<form action=\"modules.php?name=$module_name&file=comments\" method=\"post\">";
echo "<font class=option><b>"._YOURNAME.":</b></font> ";
if (is_user($user)) {
cookiedecode($user);
echo "<a href=\"modules.php?name=Your_Account\">$cookie[1]</a> <font class=\"content\">[ <a href=\"modules.php?name=Your_Account&op=logout\">"._LOGOUT."</a> ]</font><br><br>";
} else {
echo "<font class=\"content\">$anonymous";
echo " [ <a href=\"modules.php?name=Your_Account\">"._NEWUSER."</a> ]<br><br>";
}
echo "<font class=\"option\"><b>"._SUBJECT.":</b></font><br>";
if (!stripos_clone($subject,"Re:")) $subject = "Re: ".substr($subject,0,81)."";
echo "<input type=\"text\" name=\"subject\" size=\"50\" maxlength=\"85\" value=\"$subject\"><br><br>";
echo "<font class=\"option\"><b>"._UCOMMENT.":</b></font><br>"
."<textarea wrap=\"virtual\" cols=\"70\" rows=\"15\" name=\"comment\"></textarea><br>";
if ($nuke_editor == 0) {
echo "<font class=\"content\">"._ALLOWEDHTML."<br>";
while (list($key,) = each($AllowableHTML)) echo " <".$key.">";
echo "</font><br><br>";
} else {
echo ""._HTMLNOTALLOWED."</font><br><br>";
}
if (is_user($user) AND ($anonpost == 1)) { echo "<input type=\"checkbox\" name=\"xanonpost\"> "._POSTANON."<br>"; }
if (extension_loaded("gd") AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7)) {
echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='?gfx=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n"
."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>\n"
."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";
}
if (!isset($mode) OR empty($mode)) {
if(isset($userinfo['umode'])) {
$mode = $userinfo['umode'];
} else {
$mode = "thread";
}
}
if (!isset($order) OR empty($order)) {
if(isset($userinfo['uorder'])) {
$order = $userinfo['uorder'];
} else {
$order = 0;
}
}
if (!isset($thold) OR empty($thold)) {
if(isset($userinfo['thold'])) {
$thold = $userinfo['thold'];
} else {
$thold = 0;
}
}
echo "<input type=\"hidden\" name=\"pid\" value=\"$pid\">\n"
."<input type=\"hidden\" name=\"sid\" value=\"$sid\">\n"
."<input type=\"hidden\" name=\"mode\" value=\"$mode\">\n"
."<input type=\"hidden\" name=\"order\" value=\"$order\">\n"
."<input type=\"hidden\" name=\"thold\" value=\"$thold\">\n"
."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">"
."<input type=\"hidden\" name=\"gfx_check\" value=\"$gfx_check\">"
."<input type=\"submit\" name=\"op\" value=\""._PREVIEW."\">\n"
."<input type=\"submit\" name=\"op\" value=\""._OK."\"> "._GOBACK."\n"
."</font></form>\n";
CloseTable();
}
include("footer.php");
}
Podobnie zrobilem z funkcją replyPreview.
Dołożyłem na końcu
CODE
case "gfx":
gfx($random_num);
break;
gfx($random_num);
break;
Umieściłem w case replu i preview wpisy $random_num, $gfx_check.