This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - scofield

Pages: [1]
1
Web Oriented Coding / modification - anti-spam-captcha
« on: September 08, 2012, 02:13:25 PM »
hi,
can one help me to insert here an anti-spam-captcha, like reCaptcha (http://www.google.com/recaptcha/whyrecaptcha) or an simple math-field (e.g. 5+5 -> 10)?

Code: [Select]
<?php
// Hier werden die Kommentare gespeichert

    if (!function_exists("postComment")) {
    function postComment() {

        global $extension,
               $news_id,
               $options,
               $success,
               $failure,
               $REMOTE_ADDR;
               
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem $_GET[$elem]; } else { $$elem ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem $_POST[$elem]; } if(!isset($$elem)) { $$elem ""; } }

        require("config.inc".$extension);
        require("corebb".$extension);
        
        $dbconn = new Coresql($db_server$db_database$db_account$db_password);
        $result $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id");
        if ($result['id'] != "") {
            $ipcheck $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC");
            if (($ipcheck['time'] + $options['flood_control']) <= time()) {
                if (($author != "") && (($options['force_email'] == || ($email != "") && ($options['force_email'] == 1))) && ($title != "") && ($comment != "")) {
                    $author str_replace("'""\""htmlspecialchars($author));
                    $email str_replace("'""\""htmlspecialchars($email));
                    $title str_replace("'""\""htmlspecialchars($title));
                    switch ($options['html_bb_allow']) {
                        case 0$comment2 htmlspecialchars($comment);                  break;
                        case 1$comment2 corebb(htmlspecialchars($comment), "toHTM"); break;
                        case 2$comment2 $comment;                                    break;
                        case 3$comment2 corebb($comment"toHTM");                   break;
                    }
                    $comment2 str_replace("\r\n""<br />"$comment2);
                    $comment2 stripslashes($comment2);
                    $comment2 str_replace("'""\""$comment2);
                    $time time();
                    $dbconn = new Coresql($db_server$db_database$db_account$db_password);
                    $query $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')");
                    if ($query) {
                        $success "Kommentar <font color=\"#00BF00\">erfolgreich</font> eingetragen!";
                    } else {
                        $failure "Kommentar konnte nicht eingetragen werden!";
                    }    
                } elseif ((isset($author)) && ($author == "")) { $failure "Bitte gib deinen Namen ein!";
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure "Bitte gib deine E-Mail ein!";
                } elseif ((isset($title)) && ($title == "")) { $failure "Bitte gib einen Titel für den Kommentar ein!";
                } elseif ((isset($comment)) && ($comment == "")) { $failure "Bitte gib ein Kommentar ein!";
                }
            } else {
                if ($options['flood_control'] <= 60) {
                    $wait $options['flood_control']." Sekunden";
                } else {
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten";
                }
                $failure "Du musst $wait warten, bis du einen neuen Kommentar absenden darfst!";
            }    
        $close $dbconn->close();
        }
    }}

// Hier werden die Kommentare ausgegeben

    if (!function_exists("showComments")) {
    function showComments() {

        global $extension,
               $news_id,
               $options,
               $failure,
               $success,
               $styledata;
               
        require("config.inc".$extension);

        print "<div align=\"center\" class=\"comments\"><br /><h1>Kommentare:</h1></div><br />\r\n";
        $dbconn = new Coresql($db_server$db_database$db_account$db_password);
        $commentdata $dbconn->fetchMultiple("SELECT * FROM $commentstable WHERE news_id = $news_id ORDER BY id ASC");
        $close $dbconn->close();
        $comm1_tpl $styledata['tpl_comm1'];
        if ($commentdata != "") {
            foreach ($commentdata as $key=>$elem) {
                if (($options['show_comm_email']) && ($elem['email'] != "")) {
                    $author "<a class=\"comments\" href=\"mailto:$elem[email]\"><b>$elem[author]</b></a>";
                } else {
                $author $elem['author'];
            }
                $comment $elem['comment']; 
                $comment str_replace("<a ""<a class=\"comments\" "$comment);
                $dbconn = new Coresql($db_server$db_database$db_account$db_password);
                $rows $dbconn->countRows("SELECT * FROM $smilietable");
                if ($options['comment_smilies'] > 0) {
                    for($smilie_id 1$smilie_id <= $rows$smilie_id ++) {
                        $correctdata 0;
                        while($correctdata 1) {
                            $data $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_id");
                            if ($data['id'] == "") { $smilie_id ++; $rows ++; } else { $correctdata 1; }
                        }
                        $comment_repl "<img src=\"$options[smilie_dir]$data[name]\" border=\"0\" alt=\"$data[title]\" />";
                        $comment str_replace($data['code'], $comment_repl$comment);
                    }
                }
                $close $dbconn->close(); 
                $comm1_template $comm1_tpl;
                $comm1_template str_replace("{title}"$elem['title'], $comm1_template);
                $comm1_template str_replace("{author}"$author$comm1_template);
                $comm1_template str_replace("{time}"date("G:i"$elem['time']), $comm1_template);
                $comm1_template str_replace("{date}"date("j. n. Y"$elem['time']), $comm1_template);
                $comm1_template str_replace("{comment}"$comment$comm1_template);
                if ($options['php_allowed']) {
                    $comm1_template str_replace('"''\"'$comm1_template);
                    $comm1_template str_replace('?>', 'print "', $comm1_template);
                    $comm1_template = str_replace('<?php', '"; ', $comm1_template);
                    $comm1_template = 'print "'.$comm1_template.'";';
                    $comm1_template = eval($comm1_template);
                }
                print $comm1_template;
            }
        } else { print "<div align=\"center\" class=\"comments\">Noch keine Kommentare vorhanden!</div><br /><br />\r\n"; }
        if(isset($failure)) { print "<br /><div align=\"center\" class=\"comments\"><b><font color=\"#BF0000\">Fehler:</font> $failure</b></div><br /><br />\r\n"; }
        if(isset($success)) { print "<br /><div align=\"center\" class=\"comments\"><b>$success</b></div><br /><br />\r\n"; }
    }}

// Hier wird das Kommentar schreiben Feld erstellt

    if (!function_exists("showPostComment")) {
    function showPostComment() {

        global $extension,
               $options,
               $styledata,
               $news_id,
               $QUERY_STRING,
               $PHP_SELF;
                
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);

        $comm2_template = $styledata['tpl_comm2'];
        $formheight = ""; $formwidth = "";
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />";
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />";
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />";
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />";
        if (!$options['force_email']) {+
            $force_mail = " (freiwillig)";
        } else {
            $force_mail = "";
        }
        print "<a name=\"newcomment\"></a>\r\n";
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n"; 
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template);
        $comm2_template = str_replace("{author}", $form_author, $comm2_template);
        $comm2_template = str_replace("{email}", $form_email, $comm2_template);
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template);
        $comm2_template = str_replace("{title}", $form_title, $comm2_template);
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template);
        if ($options['comment_smilies'] > 0) {
            $form_smilies = commentSmilies();
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template);
        } else {
            $comm2_template = str_replace("{smilies}", "", $comm2_template);
        }
        if ($options['php_allowed']) {
            $comm2_template = str_replace('"', '\"', $comm2_template);
            $comm2_template = str_replace('?>', 'print "', $comm2_template);
            $comm2_template = str_replace('<?php', '"; ', $comm2_template);
            $comm2_template = 'print "'.$comm2_template.'";';
            $comm2_template = eval($comm2_template);
        }
        print $comm2_template;
        print "</form>\r\n";   
    }}
    
// Helper für "showPostComment", der die Smilies erzeugt

    if (!function_exists("commentSmilies")) {
    function commentSmilies() {

        global $extension,
               $options,
               $styledata;
                
        require("config.inc".$extension);
        $num_smilies = $options['comment_smilies'];
        $form_smilies = "";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        for($smilie_id = 1; $smilie_id <= $num_smilies; $smilie_id ++) {
            $smilie_desc = $dbconn->fetchArray("SELECT * FROM $csmilietable WHERE id = $smilie_id");
            $smilie_data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_desc[smilie_id]");
            $form_smilies = $form_smilies."    <td class=\"cncomments\">\r\n";
            $form_smilies = $form_smilies."      <a href=\"javascript:document.newcomment.comment.value = document.newcomment.comment.value + ' $smilie_data[code]'; document.newcomment.comment.focus();\"\r\n";
            $form_smilies = $form_smilies."\t  onmouseover=\"status='$smilie_data[title]';return true;\"  onmouseout=\"status='';return true;\">\r\n";
            $form_smilies = $form_smilies."    <img src=\"$options[smilie_dir]$smilie_data[name]\" border=\"0\" alt=\"$smilie_data[title]\" /></a>\r\n";
            $form_smilies = $form_smilies."    </td>\r\n";
            if ($smilie_id == ($num_smilies / 2)) {
                $form_smilies = $form_smilies."  </tr>\r\n  <tr>\r\n";
            }    
        }
        $close = $dbconn->close(); 
        $form_smilies = "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\">\r\n  <tr>\r\n$form_smilies  </tr>\r\n</table>";
        return $form_smilies;
    }}
?>

2
Web Oriented Coding / Re: [php] HELP me with "include($_GET['site']);"
« on: January 06, 2012, 07:46:59 PM »
hm... okay, i must create an list for my content-files (*.php), but i have many content-files and the list where a long-long-list... is there an other way to include secure?

btw: my url-link are at the moment so: http://xxxxx.com/?site=demo.php ... Can I maintain the left path so?

3
Web Oriented Coding / Re: [php] HELP me with "include($_GET['site']);"
« on: January 02, 2012, 06:25:05 PM »
the first line include the news-script (shownews.php), the other lines are normal php-files (content)

hm....... can i have an exemple?

sry i'm a noob in this... a ananymous guy tell me this

4
Web Oriented Coding / [php] HELP me with "include($_GET['site']);"
« on: January 02, 2012, 06:14:16 PM »
Hey everyone!
Can one help me to make the code secure?


Code: [Select]
<?php
               if($_GET['site'] == "")
               {
                  chdir("news");
                  $show "main";
                  include("shownews.php");
                  chdir("..");
               }
               else
               {
                  if(file_exists($_GET['site']))
                  {
                     if(strstr($_GET['site'], "http://"))
                     {
                        echo "External files cannot be integrated.";
                     }
                     else
                     {
                        include($_GET['site']);
                     }
                  }
                  else
                  {
                     echo "FILE NOT FOUND";
                  }
               }
            ?>

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.