Loginbox
Trage bitte in die nachfolgenden Felder Deinen Benutzernamen und Kennwort ein, um Dich einzuloggen.
[FINAL] CrackerTracker Professional G5
Dessau/Anhalt
hat keiner einen tip, woran es liegen könnte?
Saarland
Hi,
wirklich alles korrekt eingebaut? Speziell die functions_post.php?
wirklich alles korrekt eingebaut? Speziell die functions_post.php?
CBACK Forum kaufen | individuelles Webdesign | PHP & Pluginentwicklung | Projektpflege
KEIN Support per PM, Mail oder Messenger! - Denk an die Community!
NO Support via PM, Mail or Messenger! - Remember the Community
KEIN Support per PM, Mail oder Messenger! - Denk an die Community!
NO Support via PM, Mail or Messenger! - Remember the Community
hab ansich alle datein die mit posts zut un hben, mehrmals durchgescheckt. werd woh aber die tage nochmal einen zweiten versuch starten.
hier der editierte teil aus der functions_post.php
bei den übrigen mods sind keine änderungen in der datei
Code
//
// Post a new topic/reply/poll or edit existing post/poll
//
function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
// CrackerTracker v5.x
global $ctracker_config;
if ( ($mode == 'newtopic' || $mode == 'reply') && ($ctracker_config->settings['spammer_blockmode'] > 0 || $ctracker_config->settings['spam_attack_boost'] == 1) && $userdata['user_level'] != ANONYMOUS )
{
include_once($phpbb_root_path . 'ctracker/classes/class_ct_userfunctions.' . $phpEx);
$login_functions = new ct_userfunctions();
$login_functions->handle_postings();
unset($login_functions);
}
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$current_time = time();
if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost')
{
//
// Flood control
//
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? ";poster_ip = '$user_ip'"; : 'poster_id = ' . $userdata['user_id'];
$sql = ";SELECT MAX(post_time) AS last_post_time
FROM "; . POSTS_TABLE . ";
WHERE $where_sql";;
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval']))
{
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
}
}
}
}
if ($mode == 'editpost')
{
remove_search_post($post_id);
}
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
$topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0;
$sql = ($mode != ";editpost";) ? ";INSERT INTO "; . TOPICS_TABLE . "; (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', "; . $userdata['user_id'] . ";, $current_time, $forum_id, "; . TOPIC_UNLOCKED . ";, $topic_type, $topic_vote)"; : ";UPDATE "; . TOPICS_TABLE . "; SET topic_title = '$post_subject', topic_type = $topic_type "; . (($post_data['edit_vote'] || !empty($poll_title)) ? ";, topic_vote = "; . $topic_vote : ";";) . "; WHERE topic_id = $topic_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if ($mode == 'newtopic')
{
$topic_id = $db->sql_nextid();
}
}
$edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ";, post_edit_time = $current_time, post_edit_count = post_edit_count + 1 "; : ";";;
$sql = ($mode != ";editpost";) ? ";INSERT INTO "; . POSTS_TABLE . "; (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, "; . $userdata['user_id'] . ";, '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)"; : ";UPDATE "; . POSTS_TABLE . "; SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig"; . $edited_sql . "; WHERE post_id = $post_id";;
if (!$db->sql_query($sql, BEGIN_TRANSACTION))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if ($mode != 'editpost')
{
$post_id = $db->sql_nextid();
}
$sql = ($mode != 'editpost') ? ";INSERT INTO "; . POSTS_TEXT_TABLE . "; (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')"; : ";UPDATE "; . POSTS_TEXT_TABLE . "; SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));
//
// Add poll
//
if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2)
{
$sql = (!$post_data['has_poll']) ? ";INSERT INTO "; . VOTE_DESC_TABLE . "; (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, "; . ($poll_length * 86400) . ";)"; : ";UPDATE "; . VOTE_DESC_TABLE . "; SET vote_text = '$poll_title', vote_length = "; . ($poll_length * 86400) . "; WHERE topic_id = $topic_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$delete_option_sql = '';
$old_poll_result = array();
if ($mode == 'editpost' && $post_data['has_poll'])
{
$sql = ";SELECT vote_option_id, vote_result
FROM "; . VOTE_RESULTS_TABLE . ";
WHERE vote_id = $poll_id
ORDER BY vote_option_id ASC";;
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
}
while ($row = $db->sql_fetchrow($result))
{
$old_poll_result[$row['vote_option_id']] = $row['vote_result'];
if (!isset($poll_options[$row['vote_option_id']]))
{
$delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];
}
}
}
else
{
$poll_id = $db->sql_nextid();
}
@reset($poll_options);
$poll_option_id = 1;
while (list($option_id, $option_text) = each($poll_options))
{
if (!empty($option_text))
{
$option_text = str_replace(";\'";, ";''";, htmlspecialchars($option_text));
$poll_result = ($mode == ";editpost"; && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;
$sql = ($mode != ";editpost"; || !isset($old_poll_result[$option_id])) ? ";INSERT INTO "; . VOTE_RESULTS_TABLE . "; (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)"; : ";UPDATE "; . VOTE_RESULTS_TABLE . "; SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$poll_option_id++;
}
}
if ($delete_option_sql != '')
{
$sql = ";DELETE FROM "; . VOTE_RESULTS_TABLE . ";
WHERE vote_option_id IN ($delete_option_sql)
AND vote_id = $poll_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql);
}
}
}
$meta = '<meta http-equiv=";refresh"; content=";3;url=' . append_sid(";viewtopic.$phpEx?"; . POST_POST_URL . ";="; . $post_id) . '#' . $post_id . '";>';
$message = $lang['Stored'] . '
' . sprintf($lang['Click_view_message'], '<a href=";' . append_sid(";viewtopic.$phpEx?"; . POST_POST_URL . ";="; . $post_id) . '#' . $post_id . '";>', '</a>') . '
' . sprintf($lang['Click_return_forum'], '<a href=";' . append_sid(";viewforum.$phpEx?"; . POST_FORUM_URL . ";=$forum_id";) . '";>', '</a>');
return false;
}
// Post a new topic/reply/poll or edit existing post/poll
//
function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
// CrackerTracker v5.x
global $ctracker_config;
if ( ($mode == 'newtopic' || $mode == 'reply') && ($ctracker_config->settings['spammer_blockmode'] > 0 || $ctracker_config->settings['spam_attack_boost'] == 1) && $userdata['user_level'] != ANONYMOUS )
{
include_once($phpbb_root_path . 'ctracker/classes/class_ct_userfunctions.' . $phpEx);
$login_functions = new ct_userfunctions();
$login_functions->handle_postings();
unset($login_functions);
}
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$current_time = time();
if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost')
{
//
// Flood control
//
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? ";poster_ip = '$user_ip'"; : 'poster_id = ' . $userdata['user_id'];
$sql = ";SELECT MAX(post_time) AS last_post_time
FROM "; . POSTS_TABLE . ";
WHERE $where_sql";;
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval']))
{
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
}
}
}
}
if ($mode == 'editpost')
{
remove_search_post($post_id);
}
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
$topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0;
$sql = ($mode != ";editpost";) ? ";INSERT INTO "; . TOPICS_TABLE . "; (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', "; . $userdata['user_id'] . ";, $current_time, $forum_id, "; . TOPIC_UNLOCKED . ";, $topic_type, $topic_vote)"; : ";UPDATE "; . TOPICS_TABLE . "; SET topic_title = '$post_subject', topic_type = $topic_type "; . (($post_data['edit_vote'] || !empty($poll_title)) ? ";, topic_vote = "; . $topic_vote : ";";) . "; WHERE topic_id = $topic_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if ($mode == 'newtopic')
{
$topic_id = $db->sql_nextid();
}
}
$edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ";, post_edit_time = $current_time, post_edit_count = post_edit_count + 1 "; : ";";;
$sql = ($mode != ";editpost";) ? ";INSERT INTO "; . POSTS_TABLE . "; (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, "; . $userdata['user_id'] . ";, '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)"; : ";UPDATE "; . POSTS_TABLE . "; SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig"; . $edited_sql . "; WHERE post_id = $post_id";;
if (!$db->sql_query($sql, BEGIN_TRANSACTION))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if ($mode != 'editpost')
{
$post_id = $db->sql_nextid();
}
$sql = ($mode != 'editpost') ? ";INSERT INTO "; . POSTS_TEXT_TABLE . "; (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')"; : ";UPDATE "; . POSTS_TEXT_TABLE . "; SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));
//
// Add poll
//
if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2)
{
$sql = (!$post_data['has_poll']) ? ";INSERT INTO "; . VOTE_DESC_TABLE . "; (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, "; . ($poll_length * 86400) . ";)"; : ";UPDATE "; . VOTE_DESC_TABLE . "; SET vote_text = '$poll_title', vote_length = "; . ($poll_length * 86400) . "; WHERE topic_id = $topic_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$delete_option_sql = '';
$old_poll_result = array();
if ($mode == 'editpost' && $post_data['has_poll'])
{
$sql = ";SELECT vote_option_id, vote_result
FROM "; . VOTE_RESULTS_TABLE . ";
WHERE vote_id = $poll_id
ORDER BY vote_option_id ASC";;
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
}
while ($row = $db->sql_fetchrow($result))
{
$old_poll_result[$row['vote_option_id']] = $row['vote_result'];
if (!isset($poll_options[$row['vote_option_id']]))
{
$delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];
}
}
}
else
{
$poll_id = $db->sql_nextid();
}
@reset($poll_options);
$poll_option_id = 1;
while (list($option_id, $option_text) = each($poll_options))
{
if (!empty($option_text))
{
$option_text = str_replace(";\'";, ";''";, htmlspecialchars($option_text));
$poll_result = ($mode == ";editpost"; && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;
$sql = ($mode != ";editpost"; || !isset($old_poll_result[$option_id])) ? ";INSERT INTO "; . VOTE_RESULTS_TABLE . "; (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)"; : ";UPDATE "; . VOTE_RESULTS_TABLE . "; SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$poll_option_id++;
}
}
if ($delete_option_sql != '')
{
$sql = ";DELETE FROM "; . VOTE_RESULTS_TABLE . ";
WHERE vote_option_id IN ($delete_option_sql)
AND vote_id = $poll_id";;
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql);
}
}
}
$meta = '<meta http-equiv=";refresh"; content=";3;url=' . append_sid(";viewtopic.$phpEx?"; . POST_POST_URL . ";="; . $post_id) . '#' . $post_id . '";>';
$message = $lang['Stored'] . '
' . sprintf($lang['Click_view_message'], '<a href=";' . append_sid(";viewtopic.$phpEx?"; . POST_POST_URL . ";="; . $post_id) . '#' . $post_id . '";>', '</a>') . '
' . sprintf($lang['Click_return_forum'], '<a href=";' . append_sid(";viewforum.$phpEx?"; . POST_FORUM_URL . ";=$forum_id";) . '";>', '</a>');
return false;
}
hier der editierte teil aus der functions_post.php
bei den übrigen mods sind keine änderungen in der datei
aber dürfte der fehler nicht ehr in diesem bereich der posting.php liegen?
da ja die post-ID nicht gefunden werden kann.
da ja die post-ID nicht gefunden werden kann.
Zitat
//
// Here we do various lookups to find topic_id, forum_id, post_id etc.
// Doing it here prevents spoofing (eg. faking forum_id, topic_id or post_id
//
$error_msg = '';
$post_data = array();
switch ( $mode )
{
case 'newtopic':
if ( empty($forum_id) )
{
message_die(GENERAL_MESSAGE, $lang['Forum_not_exist']);
}
$sql = ";SELECT *
FROM "; . FORUMS_TABLE . ";
WHERE forum_id = $forum_id";;
break;
case 'reply':
case 'vote':
if ( empty( $topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_topic_id']);
}
$sql = ";SELECT f.*, t.topic_status, t.topic_title, t.topic_type
FROM "; . FORUMS_TABLE . "; f, "; . TOPICS_TABLE . "; t
WHERE t.topic_id = $topic_id
AND f.forum_id = t.forum_id";;
break;
case 'quote':
case 'editpost':
case 'delete':
case 'poll_delete':
if ( empty($post_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_post_id']);
}
$select_sql = (!$submit) ? ', t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig, u.user_sig_bbcode_uid' : '';
$from_sql = ( !$submit ) ? ";, "; . POSTS_TEXT_TABLE . "; pt, "; . USERS_TABLE . "; u"; : '';
$where_sql = ( !$submit ) ? ";AND pt.post_id = p.post_id AND u.user_id = p.poster_id"; : '';
$sql = ";SELECT f.*, t.topic_id, t.topic_status, t.topic_type, t.topic_first_post_id, t.topic_last_post_id, t.topic_vote, p.post_id, p.poster_id"; . $select_sql . ";
FROM "; . POSTS_TABLE . "; p, "; . TOPICS_TABLE . "; t, "; . FORUMS_TABLE . "; f"; . $from_sql . ";
WHERE p.post_id = $post_id
AND t.topic_id = p.topic_id
AND f.forum_id = p.forum_id
$where_sql";;
break;
default:
message_die(GENERAL_MESSAGE, $lang['No_valid_mode']);
}
if ( $result = $db->sql_query($sql) )
{
$post_info = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$forum_id = $post_info['forum_id'];
$forum_name = $post_info['forum_name'];
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $post_info);
if ( $post_info['forum_status'] == FORUM_LOCKED && !$is_auth['auth_mod'])
{
message_die(GENERAL_MESSAGE, $lang['Forum_locked']);
}
else if ( $mode != 'newtopic' && $post_info['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod'])
{
message_die(GENERAL_MESSAGE, $lang['Topic_locked']);
}
if ( $mode == 'editpost' || $mode == 'delete' || $mode == 'poll_delete' )
{
$topic_id = $post_info['topic_id'];
$post_data['poster_post'] = ( $post_info['poster_id'] == $userdata['user_id'] ) ? true : false;
$post_data['first_post'] = ( $post_info['topic_first_post_id'] == $post_id ) ? true : false;
$post_data['last_post'] = ( $post_info['topic_last_post_id'] == $post_id ) ? true : false;
$post_data['last_topic'] = ( $post_info['forum_last_post_id'] == $post_id ) ? true : false;
$post_data['has_poll'] = ( $post_info['topic_vote'] ) ? true : false;
$post_data['topic_type'] = $post_info['topic_type'];
$post_data['poster_id'] = $post_info['poster_id'];
if ( $post_data['first_post'] && $post_data['has_poll'] )
{
$sql = ";SELECT *
FROM "; . VOTE_DESC_TABLE . "; vd, "; . VOTE_RESULTS_TABLE . "; vr
WHERE vd.topic_id = $topic_id
AND vr.vote_id = vd.vote_id
ORDER BY vr.vote_option_id";;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql);
}
$poll_options = array();
$poll_results_sum = 0;
if ( $row = $db->sql_fetchrow($result) )
{
$poll_title = $row['vote_text'];
$poll_id = $row['vote_id'];
$poll_length = $row['vote_length'] / 86400;
do
{
$poll_options[$row['vote_option_id']] = $row['vote_option_text'];
$poll_results_sum += $row['vote_result'];
}
while ( $row = $db->sql_fetchrow($result) );
}
$db->sql_freeresult($result);
$post_data['edit_poll'] = ( ( !$poll_results_sum || $is_auth['auth_mod'] ) && $post_data['first_post'] ) ? true : 0;
}
else
{
$post_data['edit_poll'] = ($post_data['first_post'] && $is_auth['auth_pollcreate']) ? true : false;
}
//
// Can this user edit/delete the post/poll?
//
if ( $post_info['poster_id'] != $userdata['user_id'] && !$is_auth['auth_mod'] )
{
$message = ( $delete || $mode == 'delete' ) ? $lang['Delete_own_posts'] : $lang['Edit_own_posts'];
$message .= '
' . sprintf($lang['Click_return_topic'], '<a href=";' . append_sid(";viewtopic.$phpEx?"; . POST_TOPIC_URL . ";=$topic_id";) . '";>', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
else if ( !$post_data['last_post'] && !$is_auth['auth_mod'] && ( $mode == 'delete' || $delete ) )
{
message_die(GENERAL_MESSAGE, $lang['Cannot_delete_replied']);
}
else if ( !$post_data['edit_poll'] && !$is_auth['auth_mod'] && ( $mode == 'poll_delete' || $poll_delete ) )
{
message_die(GENERAL_MESSAGE, $lang['Cannot_delete_poll']);
}
}
else
{
if ( $mode == 'quote' )
{
$topic_id = $post_info['topic_id'];
}
if ( $mode == 'newtopic' )
{
$post_data['topic_type'] = POST_NORMAL;
}
$post_data['first_post'] = ( $mode == 'newtopic' ) ? true : 0;
$post_data['last_post'] = false;
$post_data['has_poll'] = false;
$post_data['edit_poll'] = false;
}
if ( $mode == 'poll_delete' && !isset($poll_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
// Here we do various lookups to find topic_id, forum_id, post_id etc.
// Doing it here prevents spoofing (eg. faking forum_id, topic_id or post_id
//
$error_msg = '';
$post_data = array();
switch ( $mode )
{
case 'newtopic':
if ( empty($forum_id) )
{
message_die(GENERAL_MESSAGE, $lang['Forum_not_exist']);
}
$sql = ";SELECT *
FROM "; . FORUMS_TABLE . ";
WHERE forum_id = $forum_id";;
break;
case 'reply':
case 'vote':
if ( empty( $topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_topic_id']);
}
$sql = ";SELECT f.*, t.topic_status, t.topic_title, t.topic_type
FROM "; . FORUMS_TABLE . "; f, "; . TOPICS_TABLE . "; t
WHERE t.topic_id = $topic_id
AND f.forum_id = t.forum_id";;
break;
case 'quote':
case 'editpost':
case 'delete':
case 'poll_delete':
if ( empty($post_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_post_id']);
}
$select_sql = (!$submit) ? ', t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig, u.user_sig_bbcode_uid' : '';
$from_sql = ( !$submit ) ? ";, "; . POSTS_TEXT_TABLE . "; pt, "; . USERS_TABLE . "; u"; : '';
$where_sql = ( !$submit ) ? ";AND pt.post_id = p.post_id AND u.user_id = p.poster_id"; : '';
$sql = ";SELECT f.*, t.topic_id, t.topic_status, t.topic_type, t.topic_first_post_id, t.topic_last_post_id, t.topic_vote, p.post_id, p.poster_id"; . $select_sql . ";
FROM "; . POSTS_TABLE . "; p, "; . TOPICS_TABLE . "; t, "; . FORUMS_TABLE . "; f"; . $from_sql . ";
WHERE p.post_id = $post_id
AND t.topic_id = p.topic_id
AND f.forum_id = p.forum_id
$where_sql";;
break;
default:
message_die(GENERAL_MESSAGE, $lang['No_valid_mode']);
}
if ( $result = $db->sql_query($sql) )
{
$post_info = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$forum_id = $post_info['forum_id'];
$forum_name = $post_info['forum_name'];
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $post_info);
if ( $post_info['forum_status'] == FORUM_LOCKED && !$is_auth['auth_mod'])
{
message_die(GENERAL_MESSAGE, $lang['Forum_locked']);
}
else if ( $mode != 'newtopic' && $post_info['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod'])
{
message_die(GENERAL_MESSAGE, $lang['Topic_locked']);
}
if ( $mode == 'editpost' || $mode == 'delete' || $mode == 'poll_delete' )
{
$topic_id = $post_info['topic_id'];
$post_data['poster_post'] = ( $post_info['poster_id'] == $userdata['user_id'] ) ? true : false;
$post_data['first_post'] = ( $post_info['topic_first_post_id'] == $post_id ) ? true : false;
$post_data['last_post'] = ( $post_info['topic_last_post_id'] == $post_id ) ? true : false;
$post_data['last_topic'] = ( $post_info['forum_last_post_id'] == $post_id ) ? true : false;
$post_data['has_poll'] = ( $post_info['topic_vote'] ) ? true : false;
$post_data['topic_type'] = $post_info['topic_type'];
$post_data['poster_id'] = $post_info['poster_id'];
if ( $post_data['first_post'] && $post_data['has_poll'] )
{
$sql = ";SELECT *
FROM "; . VOTE_DESC_TABLE . "; vd, "; . VOTE_RESULTS_TABLE . "; vr
WHERE vd.topic_id = $topic_id
AND vr.vote_id = vd.vote_id
ORDER BY vr.vote_option_id";;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql);
}
$poll_options = array();
$poll_results_sum = 0;
if ( $row = $db->sql_fetchrow($result) )
{
$poll_title = $row['vote_text'];
$poll_id = $row['vote_id'];
$poll_length = $row['vote_length'] / 86400;
do
{
$poll_options[$row['vote_option_id']] = $row['vote_option_text'];
$poll_results_sum += $row['vote_result'];
}
while ( $row = $db->sql_fetchrow($result) );
}
$db->sql_freeresult($result);
$post_data['edit_poll'] = ( ( !$poll_results_sum || $is_auth['auth_mod'] ) && $post_data['first_post'] ) ? true : 0;
}
else
{
$post_data['edit_poll'] = ($post_data['first_post'] && $is_auth['auth_pollcreate']) ? true : false;
}
//
// Can this user edit/delete the post/poll?
//
if ( $post_info['poster_id'] != $userdata['user_id'] && !$is_auth['auth_mod'] )
{
$message = ( $delete || $mode == 'delete' ) ? $lang['Delete_own_posts'] : $lang['Edit_own_posts'];
$message .= '
' . sprintf($lang['Click_return_topic'], '<a href=";' . append_sid(";viewtopic.$phpEx?"; . POST_TOPIC_URL . ";=$topic_id";) . '";>', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
else if ( !$post_data['last_post'] && !$is_auth['auth_mod'] && ( $mode == 'delete' || $delete ) )
{
message_die(GENERAL_MESSAGE, $lang['Cannot_delete_replied']);
}
else if ( !$post_data['edit_poll'] && !$is_auth['auth_mod'] && ( $mode == 'poll_delete' || $poll_delete ) )
{
message_die(GENERAL_MESSAGE, $lang['Cannot_delete_poll']);
}
}
else
{
if ( $mode == 'quote' )
{
$topic_id = $post_info['topic_id'];
}
if ( $mode == 'newtopic' )
{
$post_data['topic_type'] = POST_NORMAL;
}
$post_data['first_post'] = ( $mode == 'newtopic' ) ? true : 0;
$post_data['last_post'] = false;
$post_data['has_poll'] = false;
$post_data['edit_poll'] = false;
}
if ( $mode == 'poll_delete' && !isset($poll_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
Nun nach Deiner Beschreibung nicht. Du sagtest es passiert beim Absenden des Postes, in diesem Fall kommt hier ehr die submit_post Funktion in Frage, da diese letztendlich beim Abschicken eines Beitrags mit den übergebenen Werten arbeitet. Wenns auch beim Editieren passiert liegt der Fehler allerdings weiter vorne, korrekt.
Bitte beachte den nachfolgenden Hinweis auf die Forenregeln der CBACK Community!
Bitte lies Dir unsere Forenregeln genaustes durch!
Wir bitten um Verständnis!
Bitte beachte den nachfolgenden Hinweis auf die Forenregeln der CBACK Community!
- Du hast mehrere Posts auf Deinen eigenen gemacht, unter 24 Stündiger Wartezeit.
- Verwende um die Übersichtlichkeit und den Support Umlauf zu verbessern beim nachträglichen hinzufügen von Informationen den EDIT Button wenn zwischen den Posts noch keine 24h vergangen sind. Danke!
Bitte lies Dir unsere Forenregeln genaustes durch!
Wir bitten um Verständnis!
CBACK Forum kaufen | individuelles Webdesign | PHP & Pluginentwicklung | Projektpflege
KEIN Support per PM, Mail oder Messenger! - Denk an die Community!
NO Support via PM, Mail or Messenger! - Remember the Community
KEIN Support per PM, Mail oder Messenger! - Denk an die Community!
NO Support via PM, Mail or Messenger! - Remember the Community
ich hätte auch noch einen vorschlag:
jedesmal, wenn ich die logdatei des CT durchgehe, wird mir nur die IP des Users ausgegeben, bei dem der CT angesprungen ist.
Wäre es möglich/sinnvoll, in dieser Tabelle auch den Username ausgeben zu lassen? Ich muss mir nämlich immer erst über eine zusätzlich eingebaute IP-Suche den User rausfischen um dann bei ihm nachzuhaken, was warum passiert ist. Alle meine ";Angriffe"; gehen bisher auf das Konto von Fehlalarmen. Also den Debugger an und die Lösung eingekreist.
Dazu muss ich aber immer den User wissen um ihn anzusprechen und um dem ganzen Ablauf bis zum Alarm auf den Grund zu gehen.
Gruß
Heiko
jedesmal, wenn ich die logdatei des CT durchgehe, wird mir nur die IP des Users ausgegeben, bei dem der CT angesprungen ist.
Wäre es möglich/sinnvoll, in dieser Tabelle auch den Username ausgeben zu lassen? Ich muss mir nämlich immer erst über eine zusätzlich eingebaute IP-Suche den User rausfischen um dann bei ihm nachzuhaken, was warum passiert ist. Alle meine ";Angriffe"; gehen bisher auf das Konto von Fehlalarmen. Also den Debugger an und die Lösung eingekreist.
Dazu muss ich aber immer den User wissen um ihn anzusprechen und um dem ganzen Ablauf bis zum Alarm auf den Grund zu gehen.
Gruß
Heiko
 |
Registrierte in diesem Topic Aktuell kein registrierter in diesem Bereich |
Cookies von diesem Forum entfernen
•
FAQ / Hilfe
•
Teamseite
|
Aktuelle Ortszeit: 26.05.2013 - 00:56