4images Forum & Community
4images Modifications / Modifikationen => Mods & Plugins (Releases & Support) => Topic started by: IcEcReaM on March 23, 2006, 09:17:12 PM
-
[ Introduction ]
This Mod prevents spamming from Bots in your Guestbook and Commnts,
if you allowed guests to post there.
[ Features ]
This Mod works with an security code,
which must be validated when posting.
The security code is submitted using session system and javascript,
so users which have enabled javascript (which usually most users have),
doesn't notice anything.
users that disabled javascript have to enter the security code manually.
This is an great advantage compared to the captcha solution,
where every user have to enter this code, what is very uncomfortable in my opinion.
You can choose yourself if you use this mod only for guestbook/comments or for both.
[ Notes ]
At the moment the security code is on an very low level,
and not encrypted or anything else,
but it should anyway work.
If somebody gets anyway spam, he/she should contact me,
then i will upgrade this mod.
This mod works with 1.71 & 1.72
other versions are untested.
[ Changed Files ]
for Guestbook:
- guestbook.php
- templates/guestbook_form.html
for comments:
- details.php
- templates/comment_form.html
lang/your language/main.php
[ Installation ]
First Backup your Files.
Donwload the rar archive: Link (http://icecreamtest.ic.funpic.de/gallery/details.php?image_id=132)
Just log in as 4images/4images
Of course you can also create your own account (no email verification is needed, cause its an testboard).
Demo can be also seen there.
Step 1
Open lang/your language/main.php
Before ?> insert
//-----------------------------------------------------
//--- Anti Spam Mod -----------------------------------
//-----------------------------------------------------
$lang['enter_secure_code'] = "Please enter Security Code";
$lang['spamcode_error'] = "Security Code Validation failed";
or in German:
//-----------------------------------------------------
//--- Anti Spam Mod -----------------------------------
//-----------------------------------------------------
$lang['enter_secure_code'] = "Bitte Sicherheitscode vom Bild eingeben";
$lang['spamcode_error'] = "Sicherheitscode Überprüfung fehlgeschlagen";
For Guestbook Protection follow Step 2 & 3.
For Comment Protection follow Step 4 & 5.
Step 2
Open guestbook.php
Scroll down where you can find
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
In this part find:
$comment_mail = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_mail']));
and insert below:
$prevent_code = (isset($HTTP_POST_VARS['prevent_code'])) ? intval(trim($HTTP_POST_VARS['prevent_code'])) : 0;
in this section find:
if (!$error) {
if ($comment_site =="http://") {
insert above:
/** Anti_Spam Mod **/
if ($site_sess->get_session_var('guestbook_code')) {
$guestbook_code = stripslashes($site_sess->get_session_var('guestbook_code'));
$site_sess->drop_session_var('guestbook_code');
}
else $guestbook_code = 0;
if (!$guestbook_code || $prevent_code != $guestbook_code) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamcode_error'];
$error = 1;
}
/** Anti_Spam Mod **/
search for:
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
$comment_site = (isset($HTTP_POST_VARS['comment_site']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_site']))) : "http://";
$site_template->register_vars(array(
"bbcode" => $bbcode,
and replace with:
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
$comment_site = (isset($HTTP_POST_VARS['comment_site']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_site']))) : "http://";
/** Anti_Spam Mod **/
mt_srand((double)microtime() * 1000000);
$prevent_code = mt_rand(10000, 99999);
$site_sess->set_session_var('guestbook_code', addslashes($prevent_code));
$secure_image = '';
for ($i = 0; $i < 5; $i++) {
$secure_image .= '<img src="'.get_gallery_image("captcha".substr($prevent_code,$i,1).".gif").'" border="0" alt="" />';
}
/** Anti_Spam Mod **/
$site_template->register_vars(array(
"lang_enter_secure_code" => $lang['enter_secure_code'],
"secure_image" => $secure_image,
"prevent_code" => $prevent_code,
"bbcode" => $bbcode,
Step 3
Open templates/guestbook_form.html
search for:
<tr>
<td width="90" valign="top"> </td>
<td>{bbcode}</td>
</tr>
and insert below:
<tr>
<td width="90" valign="top"></td>
<td>
<noscript>
<table>
<tr>
<td>{secure_image} </td>
<td><input type="text" name="prevent_code" value="" size="5" /> </td>
</tr>
<tr><td colspan="2"><b>{lang_enter_secure_code}</b></td>
</tr>
</table>
</noscript>
<script type="text/javascript">
function spamcode () {
var spamy = {prevent_code};
document.getElementsByName("prevent_code")[0].value = spamy;
}
document.write('<input type="hidden" name="prevent_code" value="0" \/>');
</script>
</td>
</tr>
search for:
<input type="submit" name="postbutton" value="{lang_post_guestbook}" class="button" />
and replace with:
<input type="submit" name="postbutton" value="{lang_post_guestbook}" onclick="spamcode()" class="button" />
Step 4
open details.php
search for:
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
insert below:
$prevent_code = (isset($HTTP_POST_VARS['prevent_code'])) ? intval(trim($HTTP_POST_VARS['prevent_code'])) : 0;
search for:
if ($user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
and insert below:
/** Anti_Spam Mod **/
if ($site_sess->get_session_var('comment_code')) {
$comment_code = stripslashes($site_sess->get_session_var('comment_code'));
$site_sess->drop_session_var('comment_code');
}
else $comment_code = 0;
if (!$comment_code || $prevent_code != $comment_code) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamcode_error'];
$error = 1;
}
/** Anti_Spam Mod **/
search for (in 4images v1.71):
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_text']))) : "";
$site_template->register_vars(array(
"bbcode" => $bbcode,
and replace with:
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_text']))) : "";
/** Anti_Spam Mod **/
mt_srand((double)microtime() * 1000000);
$prevent_code = mt_rand(10000, 99999);
$site_sess->set_session_var('comment_code', addslashes($prevent_code));
$secure_image = '';
for ($i = 0; $i < 5; $i++) {
$secure_image .= '<img src="'.get_gallery_image("captcha".substr($prevent_code,$i,1).".gif").'" border="0" alt="" />';
}
/** Anti_Spam Mod **/
$site_template->register_vars(array(
"lang_enter_secure_code" => $lang['enter_secure_code'],
"secure_image" => $secure_image,
"prevent_code" => $prevent_code,
"bbcode" => $bbcode,
search for (in 4images v1.72):
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? format_text(trim(stripslashes($HTTP_POST_VARS['comment_text'])), 2) : "";
$site_template->register_vars(array(
"bbcode" => $bbcode,
and replace with:
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? format_text(trim(stripslashes($HTTP_POST_VARS['comment_text'])), 2) : "";
/** Anti_Spam Mod **/
mt_srand((double)microtime() * 1000000);
$prevent_code = mt_rand(10000, 99999);
$site_sess->set_session_var('comment_code', addslashes($prevent_code));
$secure_image = '';
for ($i = 0; $i < 5; $i++) {
$secure_image .= '<img src="'.get_gallery_image("captcha".substr($prevent_code,$i,1).".gif").'" border="0" alt="" />';
}
/** Anti_Spam Mod **/
$site_template->register_vars(array(
"lang_enter_secure_code" => $lang['enter_secure_code'],
"secure_image" => $secure_image,
"prevent_code" => $prevent_code,
"bbcode" => $bbcode,
Step 5
open templates/comment_form.html
search for:
<td>{bbcode}</td>
</tr>
and insert below:
<tr>
<td>
<noscript>
<table>
<tr>
<td>{secure_image} </td>
<td><input type="text" name="prevent_code" value="" size="5" /> </td>
</tr>
<tr><td colspan="2"><b>{lang_enter_secure_code}</b></td>
</tr>
</table>
</noscript>
<script type="text/javascript">
function spamcode () {
var spamy = {prevent_code};
document.getElementsByName("prevent_code")[0].value = spamy;
}
document.write('<input type="hidden" name="prevent_code" value="0" \/>');
</script>
</td>
</tr>
search for:
input type="submit" name="postbutton" value="{lang_post_comment}" class="button" />
and replace with:
input type="submit" name="postbutton" value="{lang_post_comment}" class="button" onclick="spamcode()" />
Step 6
unpack the archive and place the images in your /templates/your templates/images/ folder.
done.
Have Phun.
Please give me feedback.
-
Interesting solution.
But, the way you display security code (when javascript is disabled) is pretty much useless, cause you are using images with the number it represent in the filename (captcha0.gif = 0, captcha4.gif = 4)...but, using this method, it could be acomplished by pointing image location to a php script like: image.php?position=1 where "position" would represent the number/letter possition in the security code, i.e. if security code is 61249 then the image for number 2 from this code would have address image.php?possition=3 and number 9 would have image.php?possition=5.
(perhaps that what you mean by "not encrypted" ;))
Yet, this way is graphic module independent - which is very good.
Also, javascript is not my strong side, but some how I think using window.document.commentform.prevent_code.value will not work on every browser....
P.S. will wait for others replys ;)
-
Works great, thats rid of my spam problem.
Thanks IcEcReaM for your work on this mod. :D
-
Interesting solution.
But, the way you display security code (when javascript is disabled) is pretty much useless, cause you are using images with the number it represent in the filename (captcha0.gif = 0, captcha4.gif = 4)...but, using this method, it could be acomplished by pointing image location to a php script like: image.php?position=1 where "position" would represent the number/letter possition in the security code, i.e. if security code is 61249 then the image for number 2 from this code would have address image.php?possition=3 and number 9 would have image.php?possition=5.
(perhaps that what you mean by "not encrypted" ;))
Yet, this way is graphic module independent - which is very good.
Jep, that's what i meant with not encrypted.
I am tested it that way,
and there were one user had problems with spam bots,
and this solution with the images are displayed worked well.
I don't know really much about spambots, cause i never had really probelms with them,
but do they really get the code and can figure it out for themselve through grabbing the imagenames?
Also, javascript is not my strong side, but some how I think using window.document.commentform.prevent_code.value will not work on every browser....
P.S. will wait for others replys ;)
I tested it only on FF and IE, and it worked,
but i checked it again, and changed the code.
thanks for the advise.
this code:
window.document.commentform.prevent_code.value = spamy;
has be changed to:
document.getElementsByName("prevent_code")[0].value = spamy;
-
I don't know really much about spambots, cause i never had really probelms with them,
but do they really get the code and can figure it out for themselve through grabbing the imagenames?
Neither do I, but there is always a chance that behind the bot there is an "admin" who can adopt the bot to get around such restrictions...probably its a small chance, but still, its a chance ;)
-
probably its a small chance
thats why i said, that if that happens i will post an upgrade,
and more "crptyed" version,
but i think that would to much work for spam bot admins,
thats why i not implemented yet.
Does nobody else tested it yet, or nobody interested in that mod?
would be great to get more feedback from users,
who are fighting with spam bots.
-
ist ja auch sinn der sache, dass kein bild angezeigt wird.
das ist ja der vorteil gegenüber den anderen mods,
dass man eben diesen zahlencode nicht eintippen muss,
sondern das ganze automatisch per javascript gemacht wird.
da die bots kein javascript haben, fehlt natürlich bei denen dann der security spam code.
Nur wenn man javascript ausgeschaltet hat,
erscheinen die Zahlen Bilder, da man das dann per Hand machen muss.
Also Javascript ausschalten -> dann siehst du die Bilder
Javascript an -> wird automatisch ausgefüllt.
-
Before I installed this mod from icecream I run my system with this one here ->http://www.4homepages.de/forum/index.php?topic=11405.0
but today there were some problems with spam-robots and I get a mass of comments with spam!
So I uninstalled the mod from gheelho and tested icecreams mod offline :wink:
It seems to work with and without Java and I´ll upload it! - we will see what´s happen´
-
I have installed this mod. :lol:
but every time i will post a commend my site tells me that "Security Code Validation failed" "De ingevulde beveilegingscode klopt niet." :roll:
Oke i can make a mistake in a couple of number i know. :oops:
but i have tried >30 times and 30 times the site tells me "Security Code Validation failed" "De ingevulde beveilegingscode klopt niet." :mrgreen:
What do i wrong :?
4images ver 1.7.2
You can log in with user and ww: 4images on: http://wallpapers.sexy-picz.com
-
Why did you install this mod when users must register to post comments :?:
-
Becaws spam bots post commenst now too.
last week i had the permission that guests also can post commenst but i get many spam.
So i deside to make te permission to registert users.
but now a will get spam to.
so this is the only way.
I have a list of ip numbers banned but there are to many of them.
I hope you understand what i telling :oops:
-
Yes I understood :)
But, what about the login :?:
User: user
Password: 4images
:roll: I don´t get it :mrgreen:
-
no no no :oops:
user: 4images
pass: 4images
This will work now :lol:
-
Now I can login - sorry!
You shouldn´t see this secure code until javascript is activated!
Your changes in html code seems to be okay...
I think you should retry step 4 - perhaps you´ve missed something :?
-
I had already chack it and now i have chack it again but i don't see any mistakes.
My java is enabled and i see everything in the temp file.
my details.php is below
<?php
$main_template = 'details';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
include(ROOT_PATH.'encuestas.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
if (!$image_id) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$additional_sql = "";
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
$additional_sql .= ", i.".$key;
}
}
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, i.image_postcards".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email")."
FROM ".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
WHERE i.image_id = $image_id AND c.cat_id = i.cat_id";
$image_row = $site_db->query_firstrow($sql);
$cat_id = (isset($image_row['cat_id'])) ? $image_row['cat_id'] : 0;
$is_image_owner = ($image_row['user_id'] > USER_AWAITING && $user_info['user_id'] == $image_row['user_id']) ? 1 : 0;
if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !$image_row) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$random_cat_image = (defined("SHOW_RANDOM_IMAGE") && SHOW_RANDOM_IMAGE == 0) ? "" : get_random_image($cat_id);
$site_template->register_vars("random_cat_image", $random_cat_image);
unset($random_cat_image);
//--- Show Image ---
$image_allow_comments = (check_permission("auth_readcomment", $cat_id)) ? $image_row['image_allow_comments'] : 0;
$image_name = htmlspecialchars($image_row['image_name']);
/*
MOD DOWNLOAD LIMIT
BEGIN INSERT
*/
if ($msg_error = $site_sess->get_session_var("msg_error"))
{
$msg .= ((empty($msg)) ? "" : "<br />").stripslashes($msg_error);
$site_sess->drop_session_var("msg_error");
}
/*
MOD DOWNLOAD LIMIT
END INSERT
*/
show_image($image_row, $mode, 0, 1);
$in_mode = 0;
$sql = "";
if ($mode == "lightbox") {
if (!empty($user_info['lightbox_image_ids'])) {
$image_id_sql = str_replace(" ", ", ", trim($user_info['lightbox_image_ids']));
$sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_active = 1 AND image_id IN ($image_id_sql) AND (cat_id NOT IN (".get_auth_cat_sql("auth_viewimage", "NOTIN").") AND cat_id NOT IN (".get_auth_cat_sql("auth_viewcat", "NOTIN")."))
ORDER BY ".$config['image_order']." ".$config['image_sort'];
$in_mode = 1;
}
}
elseif ($mode == "search") {
if (!isset($session_info['searchid']) || empty($session_info['searchid'])) {
$session_info['search_id'] = $site_sess->get_session_var("search_id");
}
if (!empty($session_info['search_id'])) {
$search_id = unserialize($session_info['search_id']);
}
$sql_where_query = "";
if (!empty($search_id['image_ids'])) {
$sql_where_query .= "AND image_id IN (".$search_id['image_ids'].") ";
}
if (!empty($search_id['user_ids'])) {
$sql_where_query .= "AND user_id IN (".$search_id['user_ids'].") ";
}
if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
$new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff'];
$sql_where_query .= "AND image_date >= $new_cutoff ";
}
if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) {
$cat_id_sql = 0;
$sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
if (check_permission("auth_viewcat", $search_id['search_cat'])) {
$cat_id_sql .= ", ".$search_id['search_cat'];
if (!empty($sub_cat_ids[$search_id['search_cat']])) {
foreach ($sub_cat_ids[$search_id['search_cat']] as $val) {
if (check_permission("auth_viewcat", $val)) {
$cat_id_sql .= ", ".$val;
}
}
}
}
}
else {
$cat_id_sql = get_auth_cat_sql("auth_viewcat");
}
if (!empty($sql_where_query)) {
$sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_active = 1
$sql_where_query
AND cat_id IN ($cat_id_sql)
ORDER BY ".$config['image_order']." ".$config['image_sort'];
$in_mode = 1;
}
}
if (!$in_mode || empty($sql)) {
$sql = "SELECT image_id, cat_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_active = 1 AND cat_id = $cat_id
ORDER BY ".$config['image_order']." ".$config['image_sort'];
}
$result = $site_db->query($sql);
$image_id_cache = array();
$next_prev_cache = array();
$break = 0;
$prev_id = 0;
while($row = $site_db->fetch_array($result)) {
$image_id_cache[] = $row['image_id'];
$next_prev_cache[$row['image_id']] = $row;
if ($break) {
break;
}
if ($prev_id == $image_id) {
$break = 1;
}
$prev_id = $row['image_id'];
}
$site_db->free_result();
if (!function_exists("array_search")) {
function array_search($needle, $haystack) {
$match = false;
foreach ($haystack as $key => $value) {
if ($value == $needle) {
$match = $key;
}
}
return $match;
}
}
$act_key = array_search($image_id, $image_id_cache);
$next_image_id = (isset($image_id_cache[$act_key + 1])) ? $image_id_cache[$act_key + 1] : 0;
$prev_image_id = (isset($image_id_cache[$act_key - 1])) ? $image_id_cache[$act_key - 1] : 0;
unset($image_id_cache);
// Get next and previous image
if (!empty($next_prev_cache[$next_image_id])) {
$next_image_name = htmlspecialchars($next_prev_cache[$next_image_id]['image_name']);
$next_image_url = $site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$next_image_id.((!empty($mode)) ? "&mode=".$mode : ""));
if (!get_file_path($next_prev_cache[$next_image_id]['image_media_file'], "media", $next_prev_cache[$next_image_id]['cat_id'], 0, 0)) {
$next_image_file = ICON_PATH."/404.gif";
}
else {
$next_image_file = get_file_path($next_prev_cache[$next_image_id]['image_media_file'], "media", $next_prev_cache[$next_image_id]['cat_id'], 0, 1);
}
if (!get_file_path($next_prev_cache[$next_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$next_image_id]['cat_id'], 0, 0)) {
$next_thumb_file = ICON_PATH."/".get_file_extension($next_prev_cache[$next_image_id]['image_media_file']).".gif";
}
else {
$next_thumb_file = get_file_path($next_prev_cache[$next_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$next_image_id]['cat_id'], 0, 1);
}
}
else {
$next_image_name = REPLACE_EMPTY;
$next_image_url = REPLACE_EMPTY;
$next_image_file = REPLACE_EMPTY;
$next_thumb_file = REPLACE_EMPTY;
}
if (!empty($next_prev_cache[$prev_image_id])) {
$prev_image_name = htmlspecialchars($next_prev_cache[$prev_image_id]['image_name']);
$prev_image_url = $site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$prev_image_id.((!empty($mode)) ? "&mode=".$mode : ""));
if (!get_file_path($next_prev_cache[$prev_image_id]['image_media_file'], "media", $next_prev_cache[$prev_image_id]['cat_id'], 0, 0)) {
$prev_image_file = ICON_PATH."/404.gif";
}
else {
$prev_image_file = get_file_path($next_prev_cache[$prev_image_id]['image_media_file'], "media", $next_prev_cache[$prev_image_id]['cat_id'], 0, 1);
}
if (!get_file_path($next_prev_cache[$prev_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$prev_image_id]['cat_id'], 0, 0)) {
$prev_thumb_file = ICON_PATH."/".get_file_extension($next_prev_cache[$prev_image_id]['image_media_file']).".gif";
}
else {
$prev_thumb_file = get_file_path($next_prev_cache[$prev_image_id]['image_thumb_file'], "thumb", $next_prev_cache[$prev_image_id]['cat_id'], 0, 1);
}
}
else {
$prev_image_name = REPLACE_EMPTY;
$prev_image_url = REPLACE_EMPTY;
$prev_image_file = REPLACE_EMPTY;
$prev_thumb_file = REPLACE_EMPTY;
}
$site_template->register_vars(array(
"next_image_id" => $next_image_id,
"next_image_name" => $next_image_name,
"next_image_url" => $next_image_url,
"next_image_file" => $next_image_file,
"next_thumb_file" => $next_thumb_file,
"prev_image_id" => $prev_image_id,
"prev_image_name" => $prev_image_name,
"prev_image_url" => $prev_image_url,
"prev_image_file" => $prev_image_file,
"prev_thumb_file" => $prev_thumb_file
));
unset($next_prev_cache);
//--- Save Comment ---
$error = 0;
if ($action == "postcomment" && isset($HTTP_POST_VARS[URL_ID])) {
$id = intval($HTTP_POST_VARS[URL_ID]);
$sql = "SELECT cat_id, image_allow_comments
FROM ".IMAGES_TABLE."
WHERE image_id = $id";
$row = $site_db->query_firstrow($sql);
if ($row['image_allow_comments'] == 0 || !check_permission("auth_postcomment", $row['cat_id']) || !$row) {
$msg = $lang['comments_deactivated'];
}
else {
$user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['user_name']));
$comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$prevent_code = (isset($HTTP_POST_VARS['prevent_code'])) ? intval(trim($HTTP_POST_VARS['prevent_code'])) : 0;
if ($id != "538"){ //added for latest news mod
$sql = "SELECT comment_ip, comment_date
FROM ".COMMENTS_TABLE."
WHERE image_id = $id
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 180;
if ($session_info['session_ip'] == $spam_row['comment_ip'] && time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "" : "").$lang['spamming'];
$error = 1;
}
}
$user_name_field = get_user_table_field("", "user_name");
if (!empty($user_name_field)) {
if ($site_db->not_empty("SELECT $user_name_field FROM ".USERS_TABLE." WHERE $user_name_field = '".strtolower($user_name)."' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
}
if ($user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
/** Anti_Spam Mod **/
if ($site_sess->get_session_var('comment_code')) {
$comment_code = stripslashes($site_sess->get_session_var('comment_code'));
$site_sess->drop_session_var('comment_code');
}
else $comment_code = 0;
if (!$comment_code || $prevent_code != $comment_code) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamcode_error'];
$error = 1;
}
/** Anti_Spam Mod **/
if ($comment_headline == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['headline_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
$sql = "INSERT INTO ".COMMENTS_TABLE."
(image_id, user_id, user_name, comment_headline, comment_text, comment_ip, comment_date)
VALUES
($id, ".$user_info['user_id'].", '$user_name', '$comment_headline', '$comment_text', '".$session_info['session_ip']."', ".time().")";
$site_db->query($sql);
$commentid = $site_db->get_insert_id();
update_comment_count($id, $user_info['user_id']);
}
}
unset($row);
unset($spam_row);
}
//--- Show Comments ---
if ($image_allow_comments == 1) {
$sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date".get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_email").get_user_table_field(", u.", "user_showemail").get_user_table_field(", u.", "user_invisible").get_user_table_field(", u.", "user_joindate").get_user_table_field(", u.", "user_lastaction").get_user_table_field(", u.", "user_comments").get_user_table_field(", u.", "user_homepage").get_user_table_field(", u.", "user_icq").", u.userpic
FROM ".COMMENTS_TABLE." c
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.image_id = $image_id
ORDER BY c.comment_date ASC";
$result = $site_db->query($sql);
$comment_row = array();
while ($row = $site_db->fetch_array($result)) {
$comment_row[] = $row;
}
$site_db->free_result($result);
$num_comments = sizeof($comment_row);
if (!$num_comments) {
$comments = "<tr><td class=\"commentrow1\" colspan=\"2\">".$lang['no_comments']."</td></tr>";
}
else {
$comments = "";
$bgcounter = 0;
for ($i = 0; $i < $num_comments; $i++) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$comment_user_email = "";
$comment_user_email_save = "";
$comment_user_mailform_link = "";
$comment_user_email_button = "";
$comment_user_homepage_button = "";
$comment_user_icq_button = "";
$comment_user_profile_button = "";
$comment_user_status_img = REPLACE_EMPTY;
$comment_user_name = htmlspecialchars($comment_row[$i]['comment_user_name']);
$comment_user_info = $lang['userlevel_guest'];
$comment_user_id = $comment_row[$i]['user_id'];
$user_row_comment = get_user_info($comment_user_id);
if (isset($comment_row[$i][$user_table_fields['user_name']]) && $comment_user_id != GUEST) {
$comment_user_name = htmlspecialchars($comment_row[$i][$user_table_fields['user_name']]);
$comment_user_profile_link = !empty($url_show_profile) ? $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_show_profile)) : $site_sess->url(ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$comment_user_id);
$comment_user_profile_button = "<a href=\"".$comment_user_profile_link."\"><img src=\"".get_gallery_image("profile.gif")."\" border=\"0\" alt=\"".$comment_user_name."\" /></a>";
$comment_user_status_img = ($comment_row[$i][$user_table_fields['user_lastaction']] >= (time() - 300) && ((isset($comment_row[$i][$user_table_fields['user_invisible']]) && $comment_row[$i][$user_table_fields['user_invisible']] == 0) || $user_info['user_level'] == ADMIN)) ? "<img src=\"".get_gallery_image("user_online.gif")."\" border=\"0\" alt=\"Online\" />" : "<img src=\"".get_gallery_image("user_offline.gif")."\" border=\"0\" alt=\"Offline\" />";
$comment_user_homepage = (isset($comment_row[$i][$user_table_fields['user_homepage']])) ? format_url($comment_row[$i][$user_table_fields['user_homepage']]) : "";
if (!empty($comment_user_homepage)) {
$comment_user_homepage_button = "<a href=\"".$comment_user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$comment_user_homepage."\" /></a>";
}
$comment_user_icq = (isset($comment_row[$i][$user_table_fields['user_icq']])) ? $comment_row[$i][$user_table_fields['user_icq']] : "";
if (!empty($comment_user_icq)) {
$comment_user_icq_button = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=".$comment_user_icq."\" target=\"_blank\"><img src=\"http://web.icq.com/whitepages/online?icq=".$comment_user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$comment_user_icq."\" /></a>";
}
if (!empty($comment_row[$i][$user_table_fields['user_email']]) && (!isset($comment_row[$i][$user_table_fields['user_showemail']]) || (isset($comment_row[$i][$user_table_fields['user_showemail']]) && $comment_row[$i][$user_table_fields['user_showemail']] == 1))) {
$comment_user_email = $comment_row[$i][$user_table_fields['user_email']];
$comment_user_email_save = str_replace("@", " at ", $comment_row[$i][$user_table_fields['user_email']]);
if (!empty($url_mailform)) {
$comment_user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $comment_user_id, $url_mailform));
}
else {
$comment_user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$comment_user_id);
}
$comment_user_email_button = "<a href=\"".$comment_user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$comment_user_email_save."\" /></a>";
}
if (!isset($comment_row[$i][$user_table_fields['user_level']]) || (isset($comment_row[$i][$user_table_fields['user_level']]) && $comment_row[$i][$user_table_fields['user_level']] == USER)) {
$comment_user_info = $lang['userlevel_user'];
}
elseif ($comment_row[$i][$user_table_fields['user_level']] == ADMIN) {
$comment_user_info = $lang['userlevel_admin'];
}
$comment_user_info .= "<br />";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_joindate']])) ? "<br />".$lang['join_date']." ".format_date($config['date_format'], $comment_row[$i][$user_table_fields['user_joindate']]) : "";
$comment_user_info .= (isset($comment_row[$i][$user_table_fields['user_comments']])) ? "<br />".$lang['comments']." ".$comment_row[$i][$user_table_fields['user_comments']] : "";
}
$comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("comments.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id']))."\" target=\"_blank\">".$lang['delete']."</a>";
}
elseif ($is_image_owner) {
$admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
}
$site_template->register_vars(array(
"comment_id" => $comment_row[$i]['comment_id'],
"user_avatar_current" => ($config['avatar_use']) ? "<img src=\"".TEMPLATE_PATH."/avatars/".(($user_row_comment['user_avatar'] == "") ? "blank.gif" : $user_row_comment['user_avatar'])."\" name=\"icons\" border=\"0\" hspace=\"15\" alt=\"\">" : "",
"comment_user_id" => $comment_user_id,
"comment_user_status_img" => $comment_user_status_img,
"comment_user_name" => $comment_user_name,
"comment_user_info" => $comment_user_info,
"comment_user_profile_button" => $comment_user_profile_button,
"comment_user_email" => $comment_user_email,
"comment_user_email_save" => $comment_user_email_save,
"comment_user_mailform_link" => $comment_user_mailform_link,
"comment_user_email_button" => $comment_user_email_button,
"comment_user_homepage_button" => $comment_user_homepage_button,
"comment_user_icq_button" => $comment_user_icq_button,
"comment_user_ip" => $comment_user_ip,
"comment_userpic" => ($config['userpic'] && $comment_row[$i]['userpic']) ? ROOT_PATH."data/userpic/".$comment_row[$i]['userpic'] : "",
"comment_headline" => format_text($comment_row[$i]['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
"row_bg_number" => $row_bg_number,
"admin_links" => $admin_links
));
$comments .= $site_template->parse_template("comment_bit");
} // end while
} //end else
$site_template->register_vars("comments", $comments);
unset($comments);
//--- BBCode & Form ---
$allow_posting = check_permission("auth_postcomment", $cat_id);
$bbcode = "";
if ($config['bb_comments'] == 1 && $allow_posting) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
if (!$allow_posting) {
$comment_form = "";
}
else {
$user_name = (isset($HTTP_POST_VARS['user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
$comment_headline = (isset($HTTP_POST_VARS['comment_headline']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']))) : "";
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_text']))) : "";
/** Anti_Spam Mod **/
mt_srand((double)microtime() * 1000000);
$prevent_code = mt_rand(10000, 99999);
$site_sess->set_session_var('comment_code', addslashes($prevent_code));
$secure_image = '';
for ($i = 0; $i < 5; $i++) {
$secure_image .= '<img src="'.get_gallery_image("captcha".substr($prevent_code,$i,1).".gif").'" border="0" alt="" />';
}
/** Anti_Spam Mod **/
$site_template->register_vars(array(
"lang_enter_secure_code" => $lang['enter_secure_code'],
"secure_image" => $secure_image,
"prevent_code" => $prevent_code,
"bbcode" => $bbcode,
"user_name" => $user_name,
"comment_headline" => $comment_headline,
"comment_text" => $comment_text,
"lang_post_comment" => $lang['post_comment'],
"lang_name" => $lang['name'],
"lang_headline" => $lang['headline'],
"lang_comment" => $lang['comment']
));
$comment_form = $site_template->parse_template("comment_form");
}
$site_template->register_vars("comment_form", $comment_form);
unset($comment_form);
} // end if allow_comments
// Admin Links
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=editimage&image_id=".$image_id))."\" target=\"_blank\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."admin/index.php?goto=".urlencode("images.php?action=removeimage&image_id=".$image_id))."\" target=\"_blank\">".$lang['delete']."</a>";
}
elseif ($is_image_owner) {
$admin_links .= ($config['user_edit_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editimage&".URL_IMAGE_ID."=".$image_id)."\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_image'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removeimage&".URL_IMAGE_ID."=".$image_id)."\">".$lang['delete']."</a>";
}
$site_template->register_vars("admin_links", $admin_links);
// Update Hits
if ($user_info['user_level'] != ADMIN) {
$sql = "UPDATE ".IMAGES_TABLE."
SET image_hits = image_hits + 1
WHERE image_id = $image_id";
$site_db->query($sql);
}
//---Clickstream---
$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'];
$page_title = $config['category_separator'].$lang['home'].$config['category_separator']; // MOD:
if ($mode == "lightbox" && $in_mode) {
$page_url = "";
if (preg_match("/".URL_PAGE."=([0-9]+)/", $url, $regs)) {
if (!empty($regs[1]) && $regs[1] != 1) {
$page_url = "?".URL_PAGE."=".$regs[1];
}
}
$clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."lightbox.php".$page_url)."\" class=\"clickstream\">".$lang['lightbox']."</a>".$config['category_separator'];
$page_title = $config['category_separator'].$lang['lightbox'].$config['category_separator']; // MOD: Dynamic page title
}
elseif ($mode == "search" && $in_mode) {
$page_url = "";
if (preg_match("/".URL_PAGE."=([0-9]+)/", $url, $regs)) {
if (!empty($regs[1]) && $regs[1] != 1) {
$page_url = "&".URL_PAGE."=".$regs[1];
}
}
$clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."search.php?show_result=1".$page_url)."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'];
$page_title = $config['category_separator'].$lang['search'].$config['category_separator']; // MOD: Dynamic page title
}
else {
$clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
$page_title = $config['category_separator'].get_category_path_nohtml($cat_id).$config['category_separator']; // MOD: Dynamic page title
}
$clickstream .= $image_name."</span>";
$page_title .= $image_name; // MOD: Dynamic page title
//--- Print Out ---
$site_template->register_vars(array(
"msg" => $msg,
"clickstream" => $clickstream,
"page_title" => $page_title, // MOD: Dynamic page title
"lang_category" => $lang['category'],
"lang_added_by" => $lang['added_by'],
"lang_description" => $lang['description'],
"lang_keywords" => $lang['keywords'],
"lang_date" => $lang['date'],
"lang_hits" => $lang['hits'],
"lang_downloads" => $lang['downloads'],
"lang_rating" => $lang['rating'],
"lang_votes" => $lang['votes'],
"lang_author" => $lang['author'],
"lang_comment" => $lang['comment'],
"lang_postcards" => $lang['postcards'],
"lang_prev_image" => $lang['prev_image'],
"lang_next_image" => $lang['next_image'],
"lang_file_size" => $lang['file_size']
));
// MOD: Dynamic page title BLOCK BEGIN
//-----------------------------------------------------
//--- Parse Header & Footer ---------------------------
//-----------------------------------------------------
if (isset($main_template) && $main_template) {
$header = $site_template->parse_template("header");
$footer = $site_template->parse_template("footer");
$site_template->register_vars(array(
"header" => $header,
"footer" => $footer
));
unset($header);
unset($footer);
}
// MOD: Dynamic page title BLOCK END
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>
-
this is my comment_form.html below
i have "<noscript>"
and "</noscript>" deleted otherwise a saw nothing about the securety code :oops: i hope it's not bad :D
<table width="100%" border="0" cellspacing="0" cellpadding="1" align="center">
<tr>
<td valign="top" class="head1">
<table width="100%" border="0" cellpadding="3" cellspacing="0">
<tr>
<td valign="top" class="head1">{lang_post_comment}</td>
</tr>
<tr>
<td valign="top" class="row1">
<form name="commentform" action="{self}" method="post" onsubmit="postbutton.disabled=true;">
<table cellpadding="4" cellspacing="0" border="0">
<tr>
<td width="90"><b>{lang_name}</b></td>
<td>
<input type="text" name="user_name" size="30" value="{user_name}" class="commentinput" />
</td>
</tr>
<tr>
<td width="90"><b>{lang_headline}</b></td>
<td>
<input type="text" name="comment_headline" size="30" value="{comment_headline}" class="commentinput" />
</td>
</tr>
<tr>
<td width="140" valign="top"><b>{lang_comment}</b></td>
<td>
<textarea name="comment_text" cols="35" rows="10" class="commenttextarea">{comment_text}</textarea>
</td>
</tr>
<tr>
<td width="90" valign="top"> </td>
<td>{bbcode}</td>
</tr>
<tr>
<td width="90" valign="top"> </td>
<td>
<table>
<tr>
<td>{secure_image} </td>
<td><input type="text" name="prevent_code" value="" size="5" /> </td>
</tr>
<tr><td colspan="2"><b>{lang_enter_secure_code}</b></td>
</tr>
</table>
<script type="text/javascript">
function spamcode () {
var spamy = {prevent_code};
window.document.commentform.prevent_code.value = spamy;
}
document.write('<input type="hidden" name="prevent_code" value="0" \/>');
</script>
</td>
</tr>
<tr>
<td width="90" valign="top"> </td>
<td>
<input type="hidden" name="action" value="postcomment" />
<input type="hidden" name="id" value="{image_id}" />
<input type="submit" name="postbutton" value="{lang_post_comment}" class="button" onclick="spamcode()" />
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
-
You´re kidding me!
You don´t have to delete these tags :o
They are necessary!
This MOD is created so that users with javascript don´t have to enter the security-code!
That´s the trick!
Okay, I have tested your details.php - there´s no mistake - it works fine :wink:
-
Thanks Flo2005
I have make the changes with the "<noscript>" and the "</noscript>" :D
i can post without enter the code and i will wait for spam attacks :evil:
many thanks for the fast replays :lol:
-
Now you can do a test!
Deactivate javascript on your Browser and now you should see the secure-code otherwise the secure-code is not printed on the screen and will process by javascript!
Good luck :wink:
-
it works perfect :D
thanks for your patient Flo2005. :lol:
It's all my fould, but it's a tricky mod :P
-
Hallo zusammen
Irgendwie finde ich in meiner Guestbook.php nicht diese Stelle
$comment_mail = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_mail']));
Hat jemand eine Idee warum diese nicht vorhanden ist?
Dirk
-
Can someone help me please.
When I am trying to change the code I cannot find these lines in details.php.
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_text']))) : "";
$site_template->register_vars(array(
"bbcode" => $bbcode,
The only thing close to this that I find is on line 447:
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? format_text(trim(stripslashes($HTTP_POST_VARS['comment_text'])), 2) : "";
Is this the correct lines to replace? They are very similar, but not exact, but I'm assuming it is anyway. Thanks!
-
i guess, you are using 1.72?
then it should be the correct place.
$comment_text = (isset($HTTP_POST_VARS['comment_text']) && $error) ? format_text(trim(stripslashes($HTTP_POST_VARS['comment_text'])), 2) : "";
$site_template->register_vars(array(
"bbcode" => $bbcode,
this is what you should search for then
-
Yes, 1.72, and thank you!! I'll let you know how it goes for me when I get a chance to do it later.
-
I am having all sorts of problems getting this to work. I am using 1.7.2. Does this change things?
-
i will test it in the next days with 1.72,
but i think that no big modifiactions are needed to make this work.
Only some phrases could be different where to put the modified code,
but i will post it then.
-
Thank you! These bots are killing me, so I really needa get something working so they can't post. I hate to make registered users only, because a lot of my family memebers don't have computer knowledge enough to create and remember their info.
-
i looked at the code and only in step 4 is only one thing different between 1.71 and 1.72.
I modified my first post.
-
I only did the Guestbook part of the mod, but for some reason i don't get to see the "security code" to enter before posting. I see the field in wich you enter the code.
I've done everything up to the details.php point (thinking that's only for comments?!) and extracted the images in /templates/my template/images/.
what am i doing wrong?
-
the field to enter the security code ONLY appears if javascript has been disabled in the browser,
thats the trick of this mod.
otherwise the security field will be field out automaticlly.
P.S.: You can test it, if you disable js in your browser.
-
the field to enter the security code ONLY appears if javascript has been disabled in the browser,
thats the trick of this mod.
otherwise the security field will be field out automaticlly.
P.S.: You can test it, if you disable js in your browser.
I see the field nomather what the status of java scripting is in both IE and Firefox? Fixed that with the <noscript> part.
Now i'm allowed to post, but nothing gets added to the guestbook anymore? If i try to reload the page, i get a "page contains post data" message...
(En- and dis-abeling the java script does show or hide the security code box. But even with the box, and still no pictures of the code, i cannot post)
-
I made the changes, and now there isn't even an option to leave a comment.
All it shows is:
Author: Comment:
Previous Image: Next Image
A 157
There is nothing to click on now to leave a comment. What is going on?
-
After re-uploading the origionals and doing the whole mod again, all seems to be well! (don't ask, i'm an idiot :oops:)
Thanks!
-
@caminator:
try to restore your backups and start again building in this mod.
i think you must have done a mistake during installation.
-
Hi IcEcReaM
Danke für den MOD.
Ich habe ihn eingebaut und werde die Tage mal abwarten ob die Spameinträge ausbleiben. Ich hoffe das hilft.
Gruß Steffen
-
Hab den MOD auch erfolgreich gestern eingebaut.
Heute hatte ich allerdings den ersten Spam drin.
Kann ich auch irgendwie das ganze so gestalten, dass man immer den Code eingeben muss?
-
Hab den MOD auch erfolgreich gestern eingebaut.
Heute hatte ich allerdings den ersten Spam drin.
Ich hatte leider das gleiche Problem. Die Spameinträge sind bei mir auch nicht weiniger geworden. Es scheint nicht die richtige Lösung zu sein.
-
Da gibts bestimmt ne einfache Lösung für. Nur muss der Ersteller hier mal reingucken.
-
Bzw. habt ihr mal ausprobiert den Sicherheitscode falsch einzugeben? Es steht dann zwar dar, dass der Code falsch eingegeben wurde, aber der Post im GB ist trotzdem drin.
-
Bitte den Einbau dann nochmal überprüfen.
Wenn der Sicherheitscode falsch eingegeben wurde,
darf gar kein Post gesendet/gespeichert werden.
Zum Testen, ob es funktioniert, einfach mal JS im Browser ausschalten.
-
Ist denn dieser Teil in der guestbook.php richtig?
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$error = 0;
if ($action == "postcomment" && $config['guestbook_post'] == 1) {
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
$comment_mail = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_mail']));
$prevent_code = (isset($HTTP_POST_VARS['prevent_code'])) ? intval(trim($HTTP_POST_VARS['prevent_code'])) : 0;
// Flood Check
$sql = "SELECT comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
WHERE comment_ip = '".$session_info['session_ip']."'
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 360;
if (time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
$error = 1;
}
if ($comment_user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
if ($comment_site =="http://") {
/** Anti_Spam Mod **/
if ($site_sess->get_session_var('guestbook_code')) {
$guestbook_code = stripslashes($site_sess->get_session_var('guestbook_code'));
$site_sess->drop_session_var('guestbook_code');
}
else $guestbook_code = 0;
if (!$guestbook_code || $prevent_code != $guestbook_code) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamcode_error'];
$error = 1;
}
/** Anti_Spam Mod **/
$comment_site = "";
}
-
nein.
Dieser Teil:
/** Anti_Spam Mod **/
if ($site_sess->get_session_var('guestbook_code')) {
$guestbook_code = stripslashes($site_sess->get_session_var('guestbook_code'));
$site_sess->drop_session_var('guestbook_code');
}
else $guestbook_code = 0;
if (!$guestbook_code || $prevent_code != $guestbook_code) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamcode_error'];
$error = 1;
}
/** Anti_Spam Mod **/
$comment_site = "";
}
muss so wie in der anleitung beschrieben, VOR dem Teil hier stehen:
if (!$error) {
if ($comment_site =="http://") {
-
OK, danke.
Jetzt gehts. Hatte das mir falsch übersetzt.
-
Hallo,
besteht die Möglichkeit diesen Mod auch dafür zu verwenden
http://www.4homepages.de/forum/index.php?topic=11470.0
Und wenn ja wie muss ich was ändern?
Habe eben schon ein wenig probiert aber irgendwie gelingt es mir nicht... :(
-
Habe es bei mir fürs Gästebuch auch installiert - scheint zu funktionieren! Wenn ich bis morgen kein Spam habe: Hut ab!
Falls ich es für die Comments auch benötigen würde, hat es jemand schon mit Version 1.7 versucht?
M
F
G
Sopur
-
Tnx for this nice mod.
Implemented it in comments on version 1.7
Hopefully it will stop the spams.
(http://www.megapixeln.net/4images/signature.php) (http://www.megapixeln.net/4images/signature.php?go=1)
-
Hallo,
besteht die Möglichkeit diesen Mod auch dafür zu verwenden
http://www.4homepages.de/forum/index.php?topic=11470.0
Und wenn ja wie muss ich was ändern?
Habe eben schon ein wenig probiert aber irgendwie gelingt es mir nicht... :(
Keiner kann helfen :( Habe heute 91 Spam Mails bekommen über diese Funktion....Shit Spammer...!!!
-
it is possible to implement this mod for downloads ?.
If a user has not introduced the correct code he cannot download the image.
Thanks.
-
Hallo, bin mir nicht sicher ob ich den Code richtig geändert habe, da ich diese Zeile nicht finden konnte:
$comment_mail = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_mail']));
Mein Code an dieser Stelle sieht nun so aus:
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$error = 0;
if ($action == "postcomment" && $config['guestbook_post'] == 1) {
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$prevent_code = (isset($HTTP_POST_VARS['prevent_code'])) ? intval(trim($HTTP_POST_VARS['prevent_code'])) : 0;
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
// Flood Check
$sql = "SELECT comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
WHERE comment_ip = '".$session_info['session_ip']."'
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 360;
if (time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
$error = 1;
}
Ich hab halso die einzufügende Zeile einfach unter die "comment_text"-Zeile gemacht, ist das in Ordnung???
Ich bekomme immer noch Spam.... :twisted:
Vielen Dank
PS: Ich verwende Version 1.71
-
funktioniert es auch mit 1.7 :?
habe seit ein paar tagen spam im briefkasten :(
-
Ob es auch mit 1.7 funktioniert,
kann ich nicht sagen, da ich die 1.7 Version nie getestet bzw gesehen hab,
weiss ich nicht, was alles an Code in den späteren Versionen geändert wurde.
@Olphi:
Bitte mal Link zu deiner Gallery posten oder per PM schicken,
und deine guestbook.php anhängen.
-
funktioniert es auch mit 1.7 :?
habe seit ein paar tagen spam im briefkasten :(
JA!
-
can someone provide me with the RAR file I can't download it!
thanks :mrgreen:
-
ASAP please! :roll:
-
Press "Save" button instead of "Open" at download prompt - works like charm.
-
I tried the page is blocked for me!
can spmebody put it for me as attachment
the spam start to kill me :|
-
Habe es gerade installiert...aber jetzt ist die frage wie lösche ich denn all die spams die schon da sind. irgendwie gehts nicht mehr mit einmal klicken auf comment wo automatisch bis unten angeklickt wird. seltsam. ich habe jetzt schon über 6000 spams :(
hier ist ein beispiel http://weinandy.net/details.php?image_id=109
danke :)
-
Danke Ivan, aber genau das habe ich gemacht und musste einzeln anklicken. Davor konnte ich einfah auf comment kästchen ganz oben klicken und dann wurde automatisch alle kästchen angeklickt und dann nach unten scrollen und delete drucken, jetzt gehts nicht mehr muss einzeln anklicken. Ich weiss nicht ob ich es richtig beschrieben habe, aber hoffentlich verstehst Du was ich meine. Es gibt bestimmt eine einfache lösung als über 6000 kästchen eintzzeln anklicken zu müssen, oder?
-
Sorry, mein Fehler...hatte vorhin Java Script ausgeschaltet da ich die sicherheitscode sehen wollte und vergessen habe sie wieder einzuschalten. Gute Nacht :)
-
can somebody give me the files plzzzzzzzzzzz ASAP :|
-
8O
-
@nnjj
... look carefully on the first side ... or take this (http://icecreamtest.ic.funpic.de/gallery/categories.php?cat_id=21) ... :wink:
-
the whole website is blocked at my country!!!
I can't view it at all
-
I hope somebody can understaned my problem with the website!
-
@Olphi:
Bitte mal Link zu deiner Gallery posten oder per PM schicken,
und deine guestbook.php anhängen.
Hallo IcEcReaM!
ich habe das gleiche Problem wie http://www.4homepages.de/forum/index.php?topic=12268.msg69275#msg69275 !
ich hänge meine guestbook und detail.php mal an!
PS: wenn ich java script ausschalte, sehe ich keinen code! :(
-
why no body wants to support me in this issue!!
all what I ask is the files only to applay the patch! :x
-
Ok, here it is (I'll remove it as soon as you downloaded it)
P.S. Ever heard of such thing as PROXY? try google it you might find it very helpfull in this kind of situations.
-
thankx buddy @ end
I did what in file but nothing happen a lso nothing ask for scuer no!
-
STRANGE! even with this pluggin, the spam not stopping!
what shall I do! everything is done correctly! :cry:
-
who is spamming? guests? or members? if members - you know what to do...
are they from the same IP?
-
no its guests!!
he drive me crazy! :cry:
-
Well, then I guess I was right in my first replys to this thread...since the code does not use any "encryption", its pretty much useless mod...
-
What you can try to do is replace
$secure_image .= '<img src="'.get_gallery_image("captcha".substr($prevent_code,$i,1).".gif").'" border="0" alt="" />';
with: $secure_image .= '<img src="'.$site_sess->url(ROOT_PATH."securecode.php?id=".($i+1)."&".time()).'" border="0" alt="" />';
(look in the original tutorial to find that line)
Then create a new file securecode.php in your 4images root with this code inside:<?php
$nozip = $fast = 1;
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$file = get_gallery_image("spacer.gif");//image which will be used if something went wrong.
if ($id > 0 && $id < 7 && $comment_code = stripslashes($site_sess->get_session_var('comment_code')))
{
$file = get_gallery_image("captcha".substr($comment_code,$id-1,1).".gif");
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // turn off caching
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: pre-check=0, post-check=0, max-age=0"); // HTTP/1.1
header("Cache-Control: no-cache, must-revalidate");
header("Content-Transfer-Encoding: none");
header("Content-Type: image/gif");
header("Content-Length: ".filesize($file));
readfile($file);
?>
And finaly, in guestbook_form.html and comment_form.html templates replace <noscript>
<table>
<tr>
<td>{secure_image} </td>
<td><input type="text" name="prevent_code" value="" size="5" /> </td>
</tr>
<tr><td colspan="2"><b>{lang_enter_secure_code}</b></td>
</tr>
</table>
</noscript>
<script type="text/javascript">
function spamcode () {
var spamy = {prevent_code};
document.getElementsByName("prevent_code")[0].value = spamy;
}
document.write('<input type="hidden" name="prevent_code" value="0" \/>');
</script>
With: <table>
<tr>
<td>{secure_image} </td>
<td><input type="text" name="prevent_code" value="" size="5" /> </td>
</tr>
<tr><td colspan="2"><b>{lang_enter_secure_code}</b></td>
</tr>
</table>
<script type="text/javascript">
function spamcode () {
}
</script>
I suspect is because of that javascript code the bots "learned" how to go around the security code.
I havent tested it, so be first ;)
-
this error comes up
Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/jenanart/public_html/gallery/details.php on line 458
and line 458 was the following
$secure_image .= '<img src="'.$site_sess->url(ROOT_PATH."securecode.php?id=".$i+1."&".rand(999999999)).'" border="0" alt="" />';
-
any ideas? 8O
-
one of my buddies advice me to do the foloowing
$secure_image .= '<img src="'. $site_sess->url(ROOT_PATH ."securecode.php?id=". $i+1 ."&". rand(999999999)) .'" border="0" alt="" />';
rand has 2 Parmeters (min,max) one of them is mssing here
-
first and second parameters in rand() are both optional....
$i+1 must be: ($i+1) that's all.
I've updated the post above yesterday if you havent noticed it yet..
-
ok,
now this error appear
Warning: rand() expects exactly 2 parameters, 1 given in /home/jenanart/public_html/gallery/details.php on line 458
Warning: rand() expects exactly 2 parameters, 1 given in /home/jenanart/public_html/gallery/details.php on line 458
Warning: rand() expects exactly 2 parameters, 1 given in /home/jenanart/public_html/gallery/details.php on line 458
Warning: rand() expects exactly 2 parameters, 1 given in /home/jenanart/public_html/gallery/details.php on line 458
Warning: rand() expects exactly 2 parameters, 1 given in /home/jenanart/public_html/gallery/details.php on line 458
also images of the code is broken
-
yes, you are right, 2 parameters needed
I've updated the post above
-
great now the error disappear but still the secure images not appear!
http://www.jenanart.com/gallery/details.php?image_id=172
-
well, that what I get for not testing the code :oops:
in securecode.php replace " . " at the end with " ; ":[qcode] $file = get_gallery_image("captcha".substr($comment_code,$id-1,1).".gif").[/qcode]
-
yessssssssssssssssssssss thanks a lot its working great now :) :mrgreen:
thanks a lot :D
-
after all this struggle!
this patch DID NO stop the SPAM! :cry: :cry: :cry:
-
Then there is a human behind the spam, not a bot...just ban him
-
:P
Hallo
Danke an die Programmierer, wow Funktioniert auf Anhieb.
Versuche mich laufend in diese vielen Mods einzuarbeiten... manche kann man einfach installieren und andere nicht so.
Eine Herausforderung.
Werde Sicher nicht das letzte mal hier sein um mich zu bedanken oder um Rat zu holen.....
Bin daher immer dankbar für jede Hilfe, bin ein absoluter anfänger was php betrifft.
Deshalb nochmals danke an alle welche hier so tolle Mods schreiben.
Hans-Ruedi
www.webandart.ch/4images
-
how I can?
I am allowing visitors to add comments witthout regisration because if I did request for regisration alot of users are lazy to do so then?
can I ban vistors?
-
mod "ban"
-
just installed we will see if this gone to stop the SPAM :cry:
-
Hi @ all
I have a strange problem, i can't see the image in the guestbook form, but in the comment form everything is ok. Further I can post without insert the secure code (only in guestbook)...???
Please help me, I have no idea at the moment!??
Thanks a lot
PS: I've done all steps of V@no's tip!
-
so any ideas to stop the SPAM really?
-
Hey has anyone who have version 1.7.3 tried this mod? and does it work?
-
@ eshpro
... in version 1.7.3 do you have the captcha option for guestbook, comments, registration a.s.o. ...
... so you don't use this mod for version 1.7.3 ...
-
Thanks mawenzi.
-
@ eshpro
... in version 1.7.3 do you have the captcha option for guestbook, comments, registration a.s.o. ...
... so you don't use this mod for version 1.7.3 ...
vor guestbook mods? where? how can i use captcha with guestbook? :?:
THX
-
look 5 answeres highter @Olphi
guestbook.txt as: guestbook.php in Root
guestbook_form.txt as guestbook_form.html in templates/default (or yout template)
comment_form.txt as comment_form.html in templates/default (or yout template)
securecode.txt
-
Hey guys... good to be back to 4images....no way I got the time to upgrade to 1.74 :(.... anyways all the links to the rar are dead here and it seems I have over 30,000 spam messages to deal with.....
Can some one give me a link where I can download this rar?
-
Actually I used the wrong log in.. please reply to me at this post...
i really want to kill this spam.
Thanks-
Robert
-
is possible add anti-spam for shoutbox mod??? please.. my shoutbox has a lot of spam T_T
-
i have tried updating the gallery with these recommendations to stop spamming in the comments, using even the newest changes to the mod. however, i am still unable to view the security image.
i have looked at the comment form source code, and this is what i get for the image source:
<img src="./securecode.php?id=6&1179174609" border="0" alt="" />
how can i fix this? the link to the image is here:
http://www.sculptedmodels.com/forimages/details.php?image_id=36
I am attaching my details.php, securecode.php, and comment_form.html files.
any help with this would be greatly appreciated.
sincerely,
alvin
-
@ alvin
... why you don't update your gallery to version 1.7.4 ...
... in version 1.7.4 is the feature "captcha" for anti-spam already standard ...
-
excellent suggestion!
just finished my upgrade. it wasn't too bad, i was reluctant because i had done so much modifying to my implementation of 4images, i didn't want to have to redo all that work.
i just bit the nail, and dove in. it took about three hours, but now everything seems to be working smoothly again with the security image in tact.
however, there is one small problem. if someone clicks on the security image to generate a new one, it returns a javascript error. what could be causing this?
thanks again.
-
Great mod! It works perfectly on my guestbook. I use the 1.7.4 version.
-
I have got a lot of spam users in my gallery with a lot of spam comments and ecards. 1.7.1 and I really don;t want to update, because I have many mods and I don't have alot of time. How can I add image verification on registering, posting comments and sending ecards? I tried to install this mod but this is only for gueasts.
-
I do not have this line of code in the guestbook mod I downloaded from the forum:
$comment_mail = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_mail']));
My code looks like this:
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: details.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) f?r weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
$main_template = 'guestbook';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
if ($config['guestbook_view'] != 1) {
header("Location: ".$site_sess->url(ROOT_PATH."index.php"));
exit;
}
if ($action == "") {
$action = "showcomments";
}
if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) {
$comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]);
}
else {
$comment_id = 0;
}
if ($action == "deletecomment") {
if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_delete'];
$sql = "DELETE FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}
if ($action == "removecomment") {
if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = $lang['comment_delete'];
$comment_user_name = $comment_row['comment_user_name'];
$site_template->register_vars(array(
"comment_id" => $comment_id,
"comment_user_name" => htmlspecialchars($comment_user_name),
"comment_site" => format_text($comment_row['comment_site'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"lang_delete_comment" => $lang['comment_delete'],
"lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$contents = $site_template->parse_template("guestbook_deletecomment");
}
if ($action == "updatecomment") {
if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_edit'];
$error = 0;
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
if ($comment_user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
if ($comment_site =="http://") {
$comment_site = "";
}
$sql = "UPDATE ".GUESTBOOK_TABLE."
SET comment_site = '$comment_site', comment_text = '$comment_text', user_name= '$comment_user_name'
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
} else {
$action = "editcomment";
$sendprocess = 1;
}
}
if ($action == "editcomment") {
if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_edit'];
$comment_site = (isset($HTTP_POST_VARS['comment_site'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_site']))) : (empty($comment_row['comment_site']) ? "http://" : $comment_row['comment_site']);
$comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_user_name']))) : $comment_row['comment_user_name'];
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_id" => $comment_id,
"comment_user_name" => htmlspecialchars($comment_user_name),
"comment_site" => htmlspecialchars($comment_site),
"comment_text" => htmlspecialchars($comment_text),
"lang_edit_comment" => $lang['comment_edit'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no'],
));
$contents = $site_template->parse_template("guestbook_editcomment");
}
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$error = 0;
if ($action == "postcomment" && $config['guestbook_post'] == 1) {
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
// Flood Check
$sql = "SELECT comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
WHERE comment_ip = '".$session_info['session_ip']."'
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 360;
if (time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
$error = 1;
}
if ($comment_user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
if ($comment_site =="http://") {
$comment_site = "";
}
$sql = "INSERT INTO ".GUESTBOOK_TABLE."
(user_name, comment_site, comment_text, comment_ip, comment_date)
VALUES
('$comment_user_name', '$comment_site', '$comment_text', '".$session_info['session_ip']."', ".time().")";
$site_db->query($sql);
}
unset($spam_row);
}
//-----------------------------------------------------
//---Show Guestbook Comments---------------------------
//-----------------------------------------------------
if (($action == "showcomments" || $action == "postcomment" ) && $config['guestbook_view'] == 1) {
if (isset($HTTP_POST_VARS['commentsetperpage']) || isset($HTTP_GET_VARS['commentsetperpage'])) {
$commentsetperpage = (intval($HTTP_POST_VARS['commentsetperpage']) ) ? intval($HTTP_POST_VARS['commentsetperpage']) : intval($HTTP_GET_VARS['commentsetperpage']);
if ($commentsetperpage) {
$site_sess->set_session_var("commentperpage", $commentsetperpage);
$session_info['commentperpage'] = $commentsetperpage;
}
}
if (isset($session_info['commentperpage'])) {
$commentperpage = $session_info['commentperpage'];
} else {
$commentperpage = 8;
}
$sql = "SELECT COUNT(user_name) AS comments
FROM ".GUESTBOOK_TABLE;
$result = $site_db->query_firstrow($sql);
$num_comments = $result['comments'];
$site_db->free_result();
$num_rows_all = (isset($num_comments)) ? $num_comments : 0;
$link_arg = $site_sess->url(ROOT_PATH."guestbook.php");
include_once(ROOT_PATH.'includes/paging.php');
$getpaging = new Paging($page, $commentperpage, $num_rows_all, $link_arg);
$offset = $getpaging->get_offset();
$site_template->register_vars(array(
"paging" => $getpaging->get_paging(),
"paging_stats" => $getpaging->get_paging_stats()
));
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
ORDER BY comment_date DESC
LIMIT $offset, $commentperpage";
$result = $site_db->query($sql);
$comment_row = array();
while ($row = $site_db->fetch_array($result)) {
$comment_row[] = $row;
}
$site_db->free_result($result);
$num_comments = sizeof($comment_row);
$comments = "";
$site_template->register_vars(array(
"lang_guest_from" => $lang['guest_from'],
"lang_guest_site" => $lang['guest_site']
));
if ($num_comments) {
$bgcounter = 0;
for ($i = 0; $i < $num_comments; $i++) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$comment_user_name = htmlspecialchars($comment_row[$i]['comment_user_name']);
$comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".
$site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&comment_id=".
$comment_row[$i]['comment_id']).
"\" target=\"admin_edit\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>";
} elseif ($comment_row[$i]['comment_ip'] == $session_info['session_ip']) { // if ip equals, permit to edit
$admin_links .= ($config['user_edit_guestbook'] != 1) ? "" :
"<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_guestbook'] != 1) ? "" :
"<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>";
}
if (!class_exists("GeoIP"))
{
include(ROOT_PATH."includes/geoip.inc");
}
$gi = geoip_open(ROOT_PATH."includes/GeoIP.dat",GEOIP_STANDARD);
$countries = array();
$cid = geoip_country_code_by_addr($gi, $comment_row[$i]['comment_ip']);
if (empty($cid)) $cid = "lan";
$countries[$cid] = isset($countries[$cid]) ? $countries[$cid]+1 : 1;
$comment_user_flag = "<img src=\"".ROOT_PATH."flags/".strtolower($cid).".gif"."\" alt=\"".(($cid != "lan") ? $gi->GEOIP_COUNTRY_NAMES[$gi->GEOIP_COUNTRY_CODE_TO_NUMBER[$cid]] : "Unknown or LAN")."\" border=0>";
$site_template->register_vars(array(
"comment_id" => $comment_row[$i]['comment_id'],
"comment_user_flag" => $comment_user_flag,
"comment_user_name" => $comment_user_name,
"comment_user_ip" => $comment_user_ip,
"comment_site" => format_text($comment_row[$i]['comment_site'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
"row_bg_number" => $row_bg_number,
"admin_links" => $admin_links,
));
$comments .= $site_template->parse_template("guestbook_comment_bit");
} // end for
} else {
$comments = $lang['be_the_first'];
}
//---End Show Guestbook Comments----
//-----------------------------------------------------
//--- BBCode & Form -----------------------------------
//-----------------------------------------------------
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
if ($config['guestbook_post'] != 1) {
$comment_form = "";
} else {
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
$comment_site = (isset($HTTP_POST_VARS['comment_site']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_site']))) : "http://";
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_user_name" => $comment_user_name,
"comment_site" => $comment_site,
"comment_text" => $comment_text,
"lang_post_guestbook" => $lang['post_guestbook'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment']
));
$comment_form = $site_template->parse_template("guestbook_form");
$site_template->register_vars("guestbook_form", $comment_form);
$contents = $site_template->parse_template("guestbook_showcomments");
unset($comment_form);
} // end if allow_comments
$txt_clickstream = $lang['post_guestbook'];
}
//-----------------------------------------------------
//---Clickstream---------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator']
."<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=showcomments")."\">".$lang['guestbook']."</a>".$config['category_separator'].$txt_clickstream."</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"contents" => $contents,
"guestbook_comments" => $comments,
"lang_sign_my_guestbook" => $lang['sign_my_guestbook'],
"msg" => $msg,
"clickstream" => $clickstream
));
unset($contents);
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>
And, is this the bes spam mod for the guestbook using 1.7.6
-
Actually I found the spam mod on lik epage 15 of the guestbook mod to work great.