Location: PHPKode > scripts > Ja2BU > post.php
<?php session_start();
/**********************************************************************
*  Copyright notice Ja2BU 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
*  All rights reserved
*
*  This script is part of the Ja2BU project. 
*  The Ja2BU project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
************************************************************************/
include ('settings.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if(!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
	header('Location: signin.php');
	die();
}
if(!$_SESSION['inecsess']) {
	die();
}
include('session.php');
$smarty->display('submit.php');
$shouter = @$_SESSION['INC_USER_ID'];
$drecordSet = &$conn->Execute('SELECT * FROM users WHERE usid = ? LIMIT 1',array($shouter));
if(!$drecordSet)
	print $conn->ErrorMsg();
else
	while(!$drecordSet->EOF) {
		$priv = $drecordSet->fields['privilege'];
		$kori = $drecordSet->fields['usid'];
		$usercc = $drecordSet->fields['username'];
		$thumbs = $drecordSet->fields['thumbs'];
		if($priv == 1) {
			echo "<div id=\"error\">".$lang['MUSTPR']."&nbsp;".$lang['MUSTCO']."&nbsp;<a href=\"mailto:".$sitemail."\">".
				$lang['MUSTWE']."</a>&nbsp".$lang['MUSTSI']."</div></div>";
			$smarty->display('footer.php');
			die();
		}
		$drecordSet->MoveNext();
	}
if(isset($_POST['query'])) {
	$cuniver = $_POST['bname'];
	if(get_magic_quotes_gpc()) {
		$type = stripslashes($_POST['type']);
		$univer = stripslashes($_POST['univer']);
		$bname = stripslashes($_POST['bname']);
		$amess = stripslashes($_POST['amess']);
		$amess = htmlspecialchars($amess);
		$hashtags = stripslashes($_POST['hashtags']);
	} else {
		$type = $_POST['type'];
		$univer = $_POST['univer'];
		$bname = $_POST['bname'];
		$amess = $_POST['amess'];
		$amess = htmlspecialchars($amess);
		$hashtags = $_POST['hashtags'];
	}
	if(preg_match("/</",$bname)) {
		echo "<div id='errorpost'>$lang[INVALIDCHAR] '<' </div>";
		$error1 = "color:#cc0000";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/]/",$bname)) {
		echo "<div id='errorpost'>$lang[INVALIDCHAR] '[' </div>";
		include ('form.php');
		$error1 = "color:#cc0000";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/</",$hashtags)) {
		echo "<div id='errorpost'>$lang[INVALIDCHAR] '<' </div>";
		$error12 = "color:#cc0000";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/]/",$hashtags)) {
		echo "<div id='errorpost'>$lang[INVALIDCHAR] '[' </div>";
		include ('form.php');
		$error12 = "color:#cc0000";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/;/",$hashtags)) {
		echo "<div id='errorpost'>$lang[INVALIDCHAR] ';' </div>";
		include ('form.php');
		$error12 = "color:#cc0000";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($bname) < 3) {
		echo "<div id='errorpost'>$lang[POSTERR1] </div>";
		$error1 = "color:#cc0000";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	if(strlen($bname) > 250) {
		echo "$<div id='errorpost'>lang[POSTERR2] </div>";
		$error1 = "color:#cc0000";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	if(@$_SESSION["reloadse"] == $cuniver) {
		echo "<div id='errorpost'>$lang[BOOKERR9].</div>";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	if(strlen($amess) < 10) {
		echo "<div id='errorpost'>$lang[POSTERR3] </div>";
		$error4 = "color:#cc0000";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	if(strlen($amess) > $maxposting) {
		echo "<div id='errorpost'>Error [23] </div>";
		$error4 = "color:#cc0000";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	if(strlen($hashtags) < 3) {
		echo "<div id='errorpost'>$lang[POSTERR0] </div>";
		$error12 = "color:#cc0000";
		include ('form.php');
		$smarty->display('footer.php');
		die();
	}
	$name = array($bname,$amess);
	$list = "/(content-type|mime-version|content-transfer-encoding|to:|bcc:|cc:|document.cookie|document.write|onmouse|onkey|onclick|onload)/i";
	foreach($name as $name) {
		if(preg_match($list,$name)) {
			echo "<center><font face='verdana'>$lang[INVALIDCHAR] '??' </font></center>";
			die();
		}
	}
	@$_SESSION["reloadse"] = $cuniver;
	$time = date("Y-m-d H:i:s");
	$hcta = array("onload","onclick");
	$ycta = array("-","-");
	$amess = str_replace($hcta,$ycta,$amess);
	$helper = preg_replace('/([?,\/,|,",\',:,%,*,(,),[,\,\],\,])/',"-",$bname);
	$helper = urlencode($helper);
	$commas = array(" ,",", ");
	$replaced = array(",",",");
	$hasher = str_replace($commas,$replaced,$hashtags);
	$sql = $conn->Prepare('INSERT INTO article (main,univer,buserid,buser,btexty,tags,bhelper,bimgs,bdate,bamess) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
	if($conn->Execute($sql,array($type,$univer,$kori,$usercc,$bname,$hasher,$helper,$thumbs,$time,$amess)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
	$amess = htmlspecialchars_decode($amess);
	$amess = strip_tags($amess);
	$hcta = array("<",">","[","]","onload","onclick");
	$ycta = array("-","-","-","-","-","-");
	$amess = str_replace($hcta,$ycta,$amess);
	$sql2 = $conn->Prepare('INSERT INTO onewse (omain,oniver,otexty,ohelper,oamess,odate) VALUES (?, ?, ?, ?, ?, ?)');
	if($conn->Execute($sql2,array($type,$univer,$bname,$helper,$amess,$time)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
	$getags = explode(',',$hashtags);
	foreach($getags as $value) {
		$value = trim($value);
		$sql1 = $conn->Prepare('INSERT INTO catags (hashtags,nofhash) VALUES (?, ?) on duplicate key UPDATE nofhash = nofhash  + ?');
		if($conn->Execute($sql1,array($value,'1','1')) === false) {
			print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
		}
	}
	$conn->Close();
	$cname = "New Post - ".$bname."\r\nvia ".$usercc;
	$ctitle = "New Post [".$sitetitle."]";
	$headers = 'From:'.$sitemail."\r\n".'Reply-To: $ccmail'."\r\n".'X-Mailer: PHP/'.phpversion();
	mail($sitemail,$ctitle,$cname,$headers);
?>
<script type="text/javascript">
<!--
function delayer(){
window.location = "index.php"
}
//-->
</script>
</head>
<body onLoad="setTimeout('delayer()', 1200)">
<div id="loader"><?php echo $lang['SIGSEC'] ?><br /><br /><img src="themes/<?php echo $themes; ?>/styles/images/ajax-loader.gif" border="0"><br /></div></div>
<?php } else {
	$univer = date("Yhis");
	$ref = $_GET['ref'];
	if($ref == 1) {
		$type = '1';
	}
	if($ref == 2) {
		$type = '2';
	}
	if($ref == false) {
		die('no type');
	} ?>
<form action="post.php" id="incform" enctype="multipart/form-data" method="post">
<?php if($ref == 1) { ?>
<h3><?php echo $lang['ASK']; ?></h3>
<?php } ?>
<?php if($ref == 2) { ?>
<h3><?php echo $lang['SNIPPET']; ?></h3>
<?php } ?>
<input type="hidden" name="univer" value="<?php echo $univer; ?>" />
<input type="hidden" name="type" value="<?php echo $type; ?>" />
<div><?php echo $lang['BOOKFIELD1']; ?>:</div>
<div><input id="firstfield" type="text" name="bname" class="incc" /></div>
<br />
<br />
<div><?php echo $lang['POSTDES']; ?>:</div>
<script>edToolbar('mytxtarea3'); </script>
<div><textarea id="mytxtarea3" name="amess" class="ed"></textarea></div><br /><br />
<div><?php echo $lang['TAGS']; ?>: <?php echo $lang['TAGSDESC']; ?></div>
<div><input id="firstfield" type="text" name="hashtags" class="incc" /></div>
<br />
<br />
<div><input class="buton" type="submit" value="<?php echo $lang['LINKSUB']; ?>" name="query" /></div>
</form>
<br />
<br />
<?php } ?>
</div>
</div>
<?php $smarty->display('footer.php');
$conn->Close();
######################################
##post.php                      1.1.##
######################################
?>
Web-based Email Marketing Software for sending email newsletters
Return current item: Ja2BU