Fehler im Script, weiss nicht weiter.

[RageNo1]

Hallo,
da seit geraumer Zeit meine Kommentarfunktion zum Spammen genutzt wird habe ich vor die Bildercodesperre aus diesem Tutorial einzubauen.

Soweit ist alles drin nur kommt ein Fehler beim abschicken des Kommentars:

Warning: file(codes/.hsp): failed to open stream: No such file or directory in /var/www/ema1/html/news/show_functions/comm_functions.php on line 43
Ungültiger Postcode!
Bitte gehen Sie zurück und korriegieren den Postcode. Danke. Zurück

Zeile 43 ist das hier:

$codeFile = file("codes/".$iCode.".hsp");

Es werden aber Dateien beim aufrufen abgelegt in dem Ordner "codes".
Hier noch der Teil der das überprüft:

// Maßnahme gegen Sctiptangriffe 
// Öffnen der Datei, die in insert.php erzeugt wurde 
// und deren Name per GET übergeben wurde. 
$codeFile = file("codes/".$iCode.".hsp"); 
// Check ob die gepostete Zahl mit der aus der Datei uebereinstimmt 
if($codeFile[0] != md5($_POST['imgCode']))

Ich hoffe jemand von euch findet den Fehler.

Achja hier noch der Teil wo iCode ebenfalls auftaucht:

        $comm2_template = $styledata['tpl_comm2'];
        $formheight = ""; $formwidth = "";
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />";
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />";
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />";
        $form_postcode ="<input type=\"text\" maxlength=\"6\" name=\"imgCode\"> <img src=\"imagecode.php?iCode=$iRandFileVal\" />";
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />";
        if (!$options['force_email']) {+
            $force_mail = " (freiwillig)";
        } else {
            $force_mail = "";
        }

        print "<a name=\"newcomment\"></a>\r\n";
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;iCode=$iRandFileVal&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n";
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template);
        $comm2_template = str_replace("{author}", $form_author, $comm2_template);
        $comm2_template = str_replace("{email}", $form_email, $comm2_template);
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template);
        $comm2_template = str_replace("{title}", $form_title, $comm2_template);
        $comm2_template = str_replace("{postcode}", $form_postcode, $comm2_template);
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template);

So wie es aussieht wird iCode nicht über geben daher im Fehler codes/.hsp

Mfg Ragey

 

[Gumbo]

Probier mal $_GET['iCode'] beziehungsweise $_REQUEST['iCode'] statt $iCode. Grund: Ist die Einstellungsoption register_globals deaktiviert, werden die EGPCS-Variablen nicht als globale Variablen registriert.

 

[RageNo1]

Vielen Dank,
das war die Lösung!

 

[RageNo1]

Hallo,
war wohl zu voreilig denn nun gibt es doch noch ein Problem.
Hier der betroffene Teil:

$codeFile = file("codes/".$_GET['iCode'].".hsp"); 
// Check ob die gepostete Zahl mit der aus der Datei uebereinstimmt 
if($codeFile[0] != md5($_POST['imgCode']))
{ 
    echo "<b>ung&uuml;ltiger postcode!<br />". 
         "bitte gehen Sie zur&uuml;ck und korrigieren den postcode.<br />". 
         "<a class=\"news\" href=\"javascript:history.back()\">zur&uuml;ck</a><br /><br />".
	 "</b>";
	exit;

Leider bendent exit alle laufenden Scripte und die Seite wird nicht weiter aufgerufen.
Nehme ich es raus so wird der Kommentar trotz falschem Code in die Datenbank geschrieben.
Gibt es eine andere Möglichkeit als exit beispielsweise um die Funktion post_comment zu umgehen?

Mfg Ragey

 

[Gumbo]

Wie sieht denn das gesamte Skript aus?

 

[Matthias_Nordwig]

eine andere Möglichkeit, die ich persönlich auch lieber nutze, ist das ganze in Funktionen zu packen. Das könnte dann beispielsweise so aussehen:

function xyz()
{
$loctemp=
"<b>ung&uuml;ltiger postcode!<br />". 
         "bitte gehen Sie zur&uuml;ck und korrigieren den postcode.<br />". 
         "<a class=\"news\" href=\"javascript:history.back()\">zur&uuml;ck</a><br /><br />". 
     "</b>"; 
return $loctemp
}

Dann gibst du dann einfach dort aus wo du die Datei von einbeziehst
Diese Funktionen kannst du auch ohne Probs mittels "break" beenden

 

[RageNo1]

Hier mal das ganze Script bzw. die Datei um die es geht mit der Kommentarfunktion:

<?php

function badwords($text, $badwords, $replace = "*****") {
   if(!is_array($badwords)) $badwords = array($badwords);
   if(count($badwords) <= 0) return false;

   $global_matches = array();

   foreach($badwords as $badword) {
      $filter = array();
      for($i = 0; $i < strlen($badword); $i++) {
         $filter[] = $badword[$i];
      }

      $pattern = "/(\b".implode("[ \.\*\+\~\-\_\:]*", $filter)."\b)/is";

      if(preg_match_all($pattern, $text, $matches, PREG_PATTERN_ORDER)) {
         $global_matches = array_merge($global_matches, $matches[0]);
         $text = preg_replace($pattern, $replace, $text);
      }
   }

   if(count($global_matches) > 0) return array("matches" => $global_matches, "text" => $text);
   else return false;
}

// Hier werden die Kommentare gespeichert


    if (!function_exists("postComment")) {
    function postComment() {

        global $extension,
               $news_id,
               $options,
               $success,
               $failure,
               $REMOTE_ADDR;

// Maßnahme gegen Sctiptangriffe 
// Öffnen der Datei, die in insert.php erzeugt wurde 
// und deren Name per GET übergeben wurde. 
$codeFile = file("codes/".$_GET['iCode'].".hsp"); 
// Check ob die gepostete Zahl mit der aus der Datei uebereinstimmt 
if($codeFile[0] != md5($_POST['imgCode']))
{ 
    echo "<span id=main><b>ung&uuml;ltiger postcode!<br />". 
         "bitte gehen Sie zur&uuml;ck und korrigieren den postcode.<br />". 
         "<a class=\"news\" href=\"javascript:history.back()\">zur&uuml;ck</a><br /><br />".
	 "</b></span>";
	exit;
} 
// Alles passt und dein Code kann ausgeführt werden 



        // hier definiere die zu blockenden wörter
        $badwords = array("fly2.cc", "poker4spain.com", "vneighbor.com", "petsellers.net", "casinos4spain.com", "vmousetrap.com", "vcrap.com", "vmillionaire.com", "knowtax.net", "tournament", "luxuryrenting.net", "mydivx.info", "monstersgame.de", "nemasoft.com", "bayfronthomes.net", "jobruler.com", "consultanthub.com", "erealtystore.com", "nudepoker", "prescription-diet-pills", "budgethawaii.net", "diet-pills", "diet", "olimpiadaspequim2008.blogspot.com", "computerxchange.com", "online-diet-pills", "cheap-diet-pills", "weight-loss-diet-pills", "diet-pill", "the-discount-store", "buy-diet-pills", "leptoprin", "4best-health", "pharmacy", "enlargement", "viagra", "cialis", "payday", "loans", "mortage", "cash-services", "refinance", "credit", "online-casinos-matrix", "online-casinos", "epraha", "slot-machines", "roulette", "hbsnwa", "gambling", "blackjack", "free-slots", "itp4kids", "casinos", "online-gambling", "mothershope", "texas-holdem", "texas-hold-em", "online-casinos-research", "best-777-online-casinos", "best-online-casinos-tips", "racepointfunding", "casino7-online", "perfect-online-casinos", "diamond-online-casinos", "teriandersonandassoc.com", "online-casinos-know-how", "sure-online-casinos", "access-online-casinos", "best-9-online-casinos.com", "casinos-jp", "texas", "poker", "casino", "teriandersonandassoc", "easy-online-casinos.com", "easy-online-casinos", "online-casinos-comparation.com", "online-casinos-comparation", "online-casinos-pro-choice.com", "online-casinos-pro-choice", "casinos-in-linea-it.udcorp.com", "casinos-in-linea-it");
           
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);
        require("corebb".$extension);
        


        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id");
        if ($result['id'] != "") {
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC");
            if (($ipcheck['time'] + $options['flood_control']) <= time()) {
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) {
                    $author = str_replace("'", "\"", htmlspecialchars($author));
                    $email = str_replace("'", "\"", htmlspecialchars($email));
                    $title = str_replace("'", "\"", htmlspecialchars($title));

// methode 1: nur checken ob verbotenes wort enthalten, wenn ja => nicht speichern und beenden
			if($x = badwords($comment, $badwords)) { 
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />";
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>";
                        return false;
                    }

                    switch ($options['html_bb_allow']) {
                        case 0: $comment2 = htmlspecialchars($comment);                  break;
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break;
                        case 2: $comment2 = $comment;                                    break;
                        case 3: $comment2 = corebb($comment, "toHTM");                   break;
                    }
                    $comment2 = str_replace("\r\n", "<br />", $comment2);
                    $comment2 = stripslashes($comment2);
                    $comment2 = str_replace("'", "\"", $comment2);
                    $time = time();
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')");
                    if ($query) {
                        $success = "<span id=main>kommentar eingetragen!</span>";
                    } else {
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>";
                    }    
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>";
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!";
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!";
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>";
                }
            } else {
                if ($options['flood_control'] <= 60) {
                    $wait = $options['flood_control']." sekunden";
                } else {
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten";
                }
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>";
            }    
        $close = $dbconn->close();
        }
    }}

// Hier werden die Kommentare ausgegeben

    if (!function_exists("showComments")) {
    function showComments() {

        global $extension,
               $news_id,
               $options,
               $failure,
               $success,
               $styledata;
               
        require("config.inc".$extension);

        print "<span id=main><b>kommentare:</b></span><br />\r\n";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $commentdata = $dbconn->fetchMultiple("SELECT * FROM $commentstable WHERE news_id = $news_id ORDER BY id ASC");
        $close = $dbconn->close();
        $comm1_tpl = $styledata['tpl_comm1'];
        if ($commentdata != "") {
            foreach ($commentdata as $key=>$elem) {
                if (($options['show_comm_email']) && ($elem['email'] != "")) {
                    $author = "<a class=\"comments\" href=\"mailto:$elem[email]\"><b>$elem[author]</b></a>";
                } else {
        	    $author = $elem['author'];
        	}
                $comment = $elem['comment']; 
                $comment = str_replace("<a ", "<a class=\"comments\" ", $comment);
                $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                $rows = $dbconn->countRows("SELECT * FROM $smilietable");
                if ($options['comment_smilies'] > 0) {
                    for($smilie_id = 1; $smilie_id <= $rows; $smilie_id ++) {
                        $correctdata = 0;
                        while($correctdata < 1) {
                            $data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_id");
                            if ($data['id'] == "") { $smilie_id ++; $rows ++; } else { $correctdata = 1; }
                        }
                        $comment_repl = "<img src=\"$options[smilie_dir]$data[name]\" border=\"0\" alt=\"$data[title]\" />";
                        $comment = str_replace($data['code'], $comment_repl, $comment);
                    }
                }
                $close = $dbconn->close(); 
                $comm1_template = $comm1_tpl;
                $comm1_template = str_replace("{title}", $elem['title'], $comm1_template);
                $comm1_template = str_replace("{author}", $author, $comm1_template);
                $comm1_template = str_replace("{time}", date("G:i", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{date}", date("j. n. Y", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{comment}", $comment, $comm1_template);
                if ($options['php_allowed']) {
                    $comm1_template = str_replace('"', '\"', $comm1_template);
                    $comm1_template = str_replace('?>', 'print "', $comm1_template);
                    $comm1_template = str_replace('<?php', '"; ', $comm1_template);
                    $comm1_template = 'print "'.$comm1_template.'";';
                    $comm1_template = eval($comm1_template);
                }
                print $comm1_template;
            }
        } else { print "<span id=main>noch keine kommentare vorhanden!<br />\r\n"; }
        if(isset($failure)) { print "<span id=main><b>fehler: $failure</b></span><br />\r\n"; }
        if(isset($success)) { print "<span id=main><b>$success</b></span><br />\r\n"; }
    }}

// Hier wird das Kommentar schreiben Feld erstellt

    if (!function_exists("showPostComment")) {
    function showPostComment() {

// Zufallsgenerator starten. Erzeugt den Dateinamen 
mt_srand((double)microtime()*1000000); 
$iRandFileVal = mt_rand(1000000, 9999999); 

        global $extension,
               $options,
               $styledata,
               $news_id,
               $QUERY_STRING,
               $PHP_SELF;
                
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);

        $comm2_template = $styledata['tpl_comm2'];
        $formheight = ""; $formwidth = "";
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />";
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />";
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />";
        $form_postcode ="<input type=\"text\" maxlength=\"6\" name=\"imgCode\"> <img src=\"imagecode.php?iCode=$iRandFileVal\" />";
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />";
        if (!$options['force_email']) {+
            $force_mail = " (freiwillig)";
        } else {
            $force_mail = "";
        }

        print "<a name=\"newcomment\"></a>\r\n";
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;iCode=$iRandFileVal&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n";
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template);
        $comm2_template = str_replace("{author}", $form_author, $comm2_template);
        $comm2_template = str_replace("{email}", $form_email, $comm2_template);
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template);
        $comm2_template = str_replace("{title}", $form_title, $comm2_template);
        $comm2_template = str_replace("{postcode}", $form_postcode, $comm2_template);
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template);
        if ($options['comment_smilies'] > 0) {
            $form_smilies = commentSmilies();
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template);
        } else {
            $comm2_template = str_replace("{smilies}", "", $comm2_template);
        }
        if ($options['php_allowed']) {
            $comm2_template = str_replace('"', '\"', $comm2_template);
            $comm2_template = str_replace('?>', 'print "', $comm2_template);
            $comm2_template = str_replace('<?php', '"; ', $comm2_template);
            $comm2_template = 'print "'.$comm2_template.'";';
            $comm2_template = eval($comm2_template);
        }
        print $comm2_template;
        print "</form>\r\n";   
    }}
    
// Helper für "showPostComment", der die Smilies erzeugt

    if (!function_exists("commentSmilies")) {
    function commentSmilies() {

        global $extension,
               $options,
               $styledata;
                
        require("config.inc".$extension);
        $num_smilies = $options['comment_smilies'];
        $form_smilies = "";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        for($smilie_id = 1; $smilie_id <= $num_smilies; $smilie_id ++) {
            $smilie_desc = $dbconn->fetchArray("SELECT * FROM $csmilietable WHERE id = $smilie_id");
            $smilie_data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_desc[smilie_id]");
            $form_smilies = $form_smilies."    <td class=\"cncomments\">\r\n";
            $form_smilies = $form_smilies."      <a href=\"javascript:document.newcomment.comment.value = document.newcomment.comment.value + ' $smilie_data[ code ]'; document.newcomment.comment.focus();\"\r\n";
            $form_smilies = $form_smilies."\t  onmouseover=\"status='$smilie_data[title]';return true;\"  onmouseout=\"status='';return true;\">\r\n";
            $form_smilies = $form_smilies."    <img src=\"$options[smilie_dir]$smilie_data[name]\" border=\"0\" alt=\"$smilie_data[title]\" /></a>\r\n";
            $form_smilies = $form_smilies."    </td>\r\n";
            if ($smilie_id == ($num_smilies / 2)) {
                $form_smilies = $form_smilies."  </tr>\r\n  <tr>\r\n";
            }	
        }
        $close = $dbconn->close(); 
        $form_smilies = "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\">\r\n  <tr>\r\n$form_smilies  </tr>\r\n</table>";
        return $form_smilies;
    }}
?>

@Matthias Nordwig
Da du offensichtlich das gleiche Script nutzt, hast du eine Möglichkeit gefunden,
das die Files anschließend aus dem Ordner löscht?
Da ich bereits jetzt nach ein paar Stunden fast 2000 Files drin hatte.

Aber wie du das meinst mit den Funktionen check ich nicht ganz.

Mfg Ragey

 

[Matthias_Nordwig]

Nö kenne das Skript nicht

Aber hier ein Lösungsvorschag:

Nimmst den Teil nach der If-Anweisung und packst den in eine funktion, die du nur dann ausführst wenn deine Bedingung $codeFile[0] != md5($_POST['imgCode']) nicht erfüllt ist also in etwa so:

Die Funktion:

function tmpFct()
{

        // hier definiere die zu blockenden wörter 
        $badwords = array("fly2.cc", "poker4spain.com", "vneighbor.com", "petsellers.net", "casinos4spain.com", "vmousetrap.com", "vcrap.com", "vmillionaire.com", "knowtax.net", "tournament", "luxuryrenting.net", "mydivx.info", "monstersgame.de", "nemasoft.com", "bayfronthomes.net", "jobruler.com", "consultanthub.com", "erealtystore.com", "nudepoker", "prescription-diet-pills", "budgethawaii.net", "diet-pills", "diet", "olimpiadaspequim2008.blogspot.com", "computerxchange.com", "online-diet-pills", "cheap-diet-pills", "weight-loss-diet-pills", "diet-pill", "the-discount-store", "buy-diet-pills", "leptoprin", "4best-health", "pharmacy", "enlargement", "viagra", "cialis", "payday", "loans", "mortage", "cash-services", "refinance", "credit", "online-casinos-matrix", "online-casinos", "epraha", "slot-machines", "roulette", "hbsnwa", "gambling", "blackjack", "free-slots", "itp4kids", "casinos", "online-gambling", "mothershope", "texas-holdem", "texas-hold-em", "online-casinos-research", "best-777-online-casinos", "best-online-casinos-tips", "racepointfunding", "casino7-online", "perfect-online-casinos", "diamond-online-casinos", "teriandersonandassoc.com", "online-casinos-know-how", "sure-online-casinos", "access-online-casinos", "best-9-online-casinos.com", "casinos-jp", "texas", "poker", "casino", "teriandersonandassoc", "easy-online-casinos.com", "easy-online-casinos", "online-casinos-comparation.com", "online-casinos-comparation", "online-casinos-pro-choice.com", "online-casinos-pro-choice", "casinos-in-linea-it.udcorp.com", "casinos-in-linea-it"); 
            
        $getvars = array(); 
        $postvars = array('author' ,'email' ,'title' ,'comment'); 
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } } 
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } } 

        require("config.inc".$extension); 
        require("corebb".$extension); 
         


        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id"); 
        if ($result['id'] != "") { 
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC"); 
            if (($ipcheck['time'] + $options['flood_control']) <= time()) { 
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) { 
                    $author = str_replace("'", "\"", htmlspecialchars($author)); 
                    $email = str_replace("'", "\"", htmlspecialchars($email)); 
                    $title = str_replace("'", "\"", htmlspecialchars($title)); 

// methode 1: nur checken ob verbotenes wort enthalten, wenn ja => nicht speichern und beenden 
            if($x = badwords($comment, $badwords)) { 
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />"; 
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>"; 
                        return false; 
                    } 

                    switch ($options['html_bb_allow']) { 
                        case 0: $comment2 = htmlspecialchars($comment);                  break; 
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break; 
                        case 2: $comment2 = $comment;                                    break; 
                        case 3: $comment2 = corebb($comment, "toHTM");                   break; 
                    } 
                    $comment2 = str_replace("\r\n", "<br />", $comment2); 
                    $comment2 = stripslashes($comment2); 
                    $comment2 = str_replace("'", "\"", $comment2); 
                    $time = time(); 
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')"); 
                    if ($query) { 
                        $success = "<span id=main>kommentar eingetragen!</span>"; 
                    } else { 
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>"; 
                    }     
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>"; 
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!"; 
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!"; 
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>"; 
                } 
            } else { 
                if ($options['flood_control'] <= 60) { 
                    $wait = $options['flood_control']." sekunden"; 
                } else { 
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten"; 
                } 
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>"; 
            }     
        $close = $dbconn->close(); 
        } 
    }} 

// Hier werden die Kommentare ausgegeben 

    if (!function_exists("showComments")) { 
    function showComments() { 

        global $extension, 
               $news_id, 
               $options, 
               $failure, 
               $success, 
               $styledata; 
                
        require("config.inc".$extension); 

        print "<span id=main><b>kommentare:</b></span><br />\r\n"; 
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
        $commentdata = $dbconn->fetchMultiple("SELECT * FROM $commentstable WHERE news_id = $news_id ORDER BY id ASC"); 
        $close = $dbconn->close(); 
        $comm1_tpl = $styledata['tpl_comm1']; 
        if ($commentdata != "") { 
            foreach ($commentdata as $key=>$elem) { 
                if (($options['show_comm_email']) && ($elem['email'] != "")) { 
                    $author = "<a class=\"comments\" href=\"mailto:$elem[email]\"><b>$elem[author]</b></a>"; 
                } else { 
                $author = $elem['author']; 
            } 
                $comment = $elem['comment']; 
                $comment = str_replace("<a ", "<a class=\"comments\" ", $comment); 
                $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
                $rows = $dbconn->countRows("SELECT * FROM $smilietable"); 
                if ($options['comment_smilies'] > 0) { 
                    for($smilie_id = 1; $smilie_id <= $rows; $smilie_id ++) { 
                        $correctdata = 0; 
                        while($correctdata < 1) { 
                            $data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_id"); 
                            if ($data['id'] == "") { $smilie_id ++; $rows ++; } else { $correctdata = 1; } 
                        } 
                        $comment_repl = "<img src=\"$options[smilie_dir]$data[name]\" border=\"0\" alt=\"$data[title]\" />"; 
                        $comment = str_replace($data['code'], $comment_repl, $comment); 
                    } 
                } 
                $close = $dbconn->close(); 
                $comm1_template = $comm1_tpl; 
                $comm1_template = str_replace("{title}", $elem['title'], $comm1_template); 
                $comm1_template = str_replace("{author}", $author, $comm1_template); 
                $comm1_template = str_replace("{time}", date("G:i", $elem['time']), $comm1_template); 
                $comm1_template = str_replace("{date}", date("j. n. Y", $elem['time']), $comm1_template); 
                $comm1_template = str_replace("{comment}", $comment, $comm1_template); 
                if ($options['php_allowed']) { 
                    $comm1_template = str_replace('"', '\"', $comm1_template); 
                    $comm1_template = str_replace('?>', 'print "', $comm1_template); 
                    $comm1_template = str_replace('<?php', '"; ', $comm1_template); 
                    $comm1_template = 'print "'.$comm1_template.'";'; 
                    $comm1_template = eval($comm1_template); 
                } 
                print $comm1_template; 
            } 
        } else { print "<span id=main>noch keine kommentare vorhanden!<br />\r\n"; } 
        if(isset($failure)) { print "<span id=main><b>fehler: $failure</b></span><br />\r\n"; } 
        if(isset($success)) { print "<span id=main><b>$success</b></span><br />\r\n"; } 
    }} 

// Hier wird das Kommentar schreiben Feld erstellt 

    if (!function_exists("showPostComment")) { 
    function showPostComment() { 

// Zufallsgenerator starten. Erzeugt den Dateinamen 
mt_srand((double)microtime()*1000000); 
$iRandFileVal = mt_rand(1000000, 9999999); 

        global $extension, 
               $options, 
               $styledata, 
               $news_id, 
               $QUERY_STRING, 
               $PHP_SELF; 
                 
        $getvars = array(); 
        $postvars = array('author' ,'email' ,'title' ,'comment'); 
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } } 
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } } 

        require("config.inc".$extension); 

        $comm2_template = $styledata['tpl_comm2']; 
        $formheight = ""; $formwidth = ""; 
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />"; 
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />"; 
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />"; 
        $form_postcode ="<input type=\"text\" maxlength=\"6\" name=\"imgCode\"> <img src=\"imagecode.php?iCode=$iRandFileVal\" />"; 
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />"; 
        if (!$options['force_email']) {+ 
            $force_mail = " (freiwillig)"; 
        } else { 
            $force_mail = ""; 
        } 

        print "<a name=\"newcomment\"></a>\r\n"; 
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;iCode=$iRandFileVal&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n"; 
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template); 
        $comm2_template = str_replace("{author}", $form_author, $comm2_template); 
        $comm2_template = str_replace("{email}", $form_email, $comm2_template); 
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template); 
        $comm2_template = str_replace("{title}", $form_title, $comm2_template); 
        $comm2_template = str_replace("{postcode}", $form_postcode, $comm2_template); 
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template); 
        if ($options['comment_smilies'] > 0) { 
            $form_smilies = commentSmilies(); 
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template); 
        } else { 
            $comm2_template = str_replace("{smilies}", "", $comm2_template); 
        } 
        if ($options['php_allowed']) { 
            $comm2_template = str_replace('"', '\"', $comm2_template); 
            $comm2_template = str_replace('?>', 'print "', $comm2_template); 
            $comm2_template = str_replace('<?php', '"; ', $comm2_template); 
            $comm2_template = 'print "'.$comm2_template.'";'; 
            $comm2_template = eval($comm2_template); 
        } 
        print $comm2_template; 
        print "</form>\r\n";    
    }} 
     
// Helper für "showPostComment", der die Smilies erzeugt 

    if (!function_exists("commentSmilies")) { 
    function commentSmilies() { 

        global $extension, 
               $options, 
               $styledata; 
                 
        require("config.inc".$extension); 
        $num_smilies = $options['comment_smilies']; 
        $form_smilies = ""; 
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
        for($smilie_id = 1; $smilie_id <= $num_smilies; $smilie_id ++) { 
            $smilie_desc = $dbconn->fetchArray("SELECT * FROM $csmilietable WHERE id = $smilie_id"); 
            $smilie_data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_desc[smilie_id]"); 
            $form_smilies = $form_smilies."    <td class=\"cncomments\">\r\n"; 
            $form_smilies = $form_smilies."      <a href=\"javascript:document.newcomment.comment.value = document.newcomment.comment.value + ' $smilie_data[ code ]'; document.newcomment.comment.focus();\"\r\n"; 
            $form_smilies = $form_smilies."\t  onmouseover=\"status='$smilie_data[title]';return true;\"  onmouseout=\"status='';return true;\">\r\n"; 
            $form_smilies = $form_smilies."    <img src=\"$options[smilie_dir]$smilie_data[name]\" border=\"0\" alt=\"$smilie_data[title]\" /></a>\r\n"; 
            $form_smilies = $form_smilies."    </td>\r\n"; 
            if ($smilie_id == ($num_smilies / 2)) { 
                $form_smilies = $form_smilies."  </tr>\r\n  <tr>\r\n"; 
            }     
        } 
        $close = $dbconn->close(); 
        $form_smilies = "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\">\r\n  <tr>\r\n$form_smilies  </tr>\r\n</table>"; 
        return $form_smilies; 
    }} 

}

Der Aufruf:

if($codeFile[0] != md5($_POST['imgCode'])) 
{ 
    echo "<span id=main><b>ung&uuml;ltiger postcode!<br />". 
         "bitte gehen Sie zur&uuml;ck und korrigieren den postcode.<br />". 
         "<a class=\"news\" href=\"javascript:history.back()\">zur&uuml;ck</a><br /><br />". 
     "</b></span>"; 
    exit; 
} else{tmpFct;}

Die funktion deklarierst du dann natürlich for der if-entscheidung

Ich weis jetzt nicht ob das 100% richtig ist, da ich mir den Code nicht komplett durchgelesen habe, aber prinzipiell müsste es genau so klappen

Gruß

Matthias Nordwig

 

[RageNo1]

Ok, habe es eingebaut und es kam immernoch der Fehler.
Klar das exit; war noch drin. Naja nun habe ich es entfernt und es scheint zu klappen.
Nur werden nun keine Kommentare gespeichert. Es scheint als verarbeitet er nicht die function tmpFct().

Hier das Script in veränderter Form:

<?php

function badwords($text, $badwords, $replace = "*****") {
   if(!is_array($badwords)) $badwords = array($badwords);
   if(count($badwords) <= 0) return false;

   $global_matches = array();

   foreach($badwords as $badword) {
      $filter = array();
      for($i = 0; $i < strlen($badword); $i++) {
         $filter[] = $badword[$i];
      }

      $pattern = "/(\b".implode("[ \.\*\+\~\-\_\:]*", $filter)."\b)/is";

      if(preg_match_all($pattern, $text, $matches, PREG_PATTERN_ORDER)) {
         $global_matches = array_merge($global_matches, $matches[0]);
         $text = preg_replace($pattern, $replace, $text);
      }
   }

   if(count($global_matches) > 0) return array("matches" => $global_matches, "text" => $text);
   else return false;
}

// Hier werden die Kommentare gespeichert


    if (!function_exists("postComment")) {
    function postComment() {

        global $extension,
               $news_id,
               $options,
               $success,
               $failure,
               $REMOTE_ADDR;

// Maßnahme gegen Sctiptangriffe 
// Öffnen der Datei, die in insert.php erzeugt wurde 
// und deren Name per GET übergeben wurde. 
$codeFile = file("codes/".$_GET['iCode'].".hsp"); 
// Check ob die gepostete Zahl mit der aus der Datei uebereinstimmt 
if($codeFile[0] != md5($_POST['imgCode']))
{ 
    echo "<span id=main><b>ung&uuml;ltiger postcode!<br />". 
         "bitte gehen Sie zur&uuml;ck und korrigieren den postcode.<br />". 
         "<a class=\"news\" href=\"javascript:history.back()\">zur&uuml;ck</a><br /><br />".
	 "</b></span>";

} else{tmpFct;} 

// Alles passt und dein Code kann ausgeführt werden 

function tmpFct() 
{ 

        // hier definiere die zu blockenden wörter
        $badwords = array("fly2.cc", "poker4spain.com", "vneighbor.com", "petsellers.net", "casinos4spain.com", "vmousetrap.com", "vcrap.com", "vmillionaire.com", "knowtax.net", "tournament", "luxuryrenting.net", "mydivx.info", "monstersgame.de", "nemasoft.com", "bayfronthomes.net", "jobruler.com", "consultanthub.com", "erealtystore.com", "nudepoker", "prescription-diet-pills", "budgethawaii.net", "diet-pills", "diet", "olimpiadaspequim2008.blogspot.com", "computerxchange.com", "online-diet-pills", "cheap-diet-pills", "weight-loss-diet-pills", "diet-pill", "the-discount-store", "buy-diet-pills", "leptoprin", "4best-health", "pharmacy", "enlargement", "viagra", "cialis", "payday", "loans", "mortage", "cash-services", "refinance", "credit", "online-casinos-matrix", "online-casinos", "epraha", "slot-machines", "roulette", "hbsnwa", "gambling", "blackjack", "free-slots", "itp4kids", "casinos", "online-gambling", "mothershope", "texas-holdem", "texas-hold-em", "online-casinos-research", "best-777-online-casinos", "best-online-casinos-tips", "racepointfunding", "casino7-online", "perfect-online-casinos", "diamond-online-casinos", "teriandersonandassoc.com", "online-casinos-know-how", "sure-online-casinos", "access-online-casinos", "best-9-online-casinos.com", "casinos-jp", "texas", "poker", "casino", "teriandersonandassoc", "easy-online-casinos.com", "easy-online-casinos", "online-casinos-comparation.com", "online-casinos-comparation", "online-casinos-pro-choice.com", "online-casinos-pro-choice", "casinos-in-linea-it.udcorp.com", "casinos-in-linea-it");
           
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);
        require("corebb".$extension);
        


        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id");
        if ($result['id'] != "") {
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC");
            if (($ipcheck['time'] + $options['flood_control']) <= time()) {
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) {
                    $author = str_replace("'", "\"", htmlspecialchars($author));
                    $email = str_replace("'", "\"", htmlspecialchars($email));
                    $title = str_replace("'", "\"", htmlspecialchars($title));

// methode 1: nur checken ob verbotenes wort enthalten, wenn ja => nicht speichern und beenden
			if($x = badwords($comment, $badwords)) { 
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />";
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>";
                        return false;
                    }

                    switch ($options['html_bb_allow']) {
                        case 0: $comment2 = htmlspecialchars($comment);                  break;
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break;
                        case 2: $comment2 = $comment;                                    break;
                        case 3: $comment2 = corebb($comment, "toHTM");                   break;
                    }
                    $comment2 = str_replace("\r\n", "<br />", $comment2);
                    $comment2 = stripslashes($comment2);
                    $comment2 = str_replace("'", "\"", $comment2);
                    $time = time();
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')");
                    if ($query) {
                        $success = "<span id=main>kommentar eingetragen!</span>";
                    } else {
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>";
                    }    
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>";
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!";
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!";
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>";
                }
            } else {
                if ($options['flood_control'] <= 60) {
                    $wait = $options['flood_control']." sekunden";
                } else {
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten";
                }
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>";
            }    
        $close = $dbconn->close();
        }
    }}


// Hier werden die Kommentare ausgegeben

    if (!function_exists("showComments")) {
    function showComments() {

        global $extension,
               $news_id,
               $options,
               $failure,
               $success,
               $styledata;
               
        require("config.inc".$extension);

        print "<span id=main><b>kommentare:</b></span><br />\r\n";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $commentdata = $dbconn->fetchMultiple("SELECT * FROM $commentstable WHERE news_id = $news_id ORDER BY id ASC");
        $close = $dbconn->close();
        $comm1_tpl = $styledata['tpl_comm1'];
        if ($commentdata != "") {
            foreach ($commentdata as $key=>$elem) {
                if (($options['show_comm_email']) && ($elem['email'] != "")) {
                    $author = "<a class=\"comments\" href=\"mailto:$elem[email]\"><b>$elem[author]</b></a>";
                } else {
        	    $author = $elem['author'];
        	}
                $comment = $elem['comment']; 
                $comment = str_replace("<a ", "<a class=\"comments\" ", $comment);
                $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                $rows = $dbconn->countRows("SELECT * FROM $smilietable");
                if ($options['comment_smilies'] > 0) {
                    for($smilie_id = 1; $smilie_id <= $rows; $smilie_id ++) {
                        $correctdata = 0;
                        while($correctdata < 1) {
                            $data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_id");
                            if ($data['id'] == "") { $smilie_id ++; $rows ++; } else { $correctdata = 1; }
                        }
                        $comment_repl = "<img src=\"$options[smilie_dir]$data[name]\" border=\"0\" alt=\"$data[title]\" />";
                        $comment = str_replace($data['code'], $comment_repl, $comment);
                    }
                }
                $close = $dbconn->close(); 
                $comm1_template = $comm1_tpl;
                $comm1_template = str_replace("{title}", $elem['title'], $comm1_template);
                $comm1_template = str_replace("{author}", $author, $comm1_template);
                $comm1_template = str_replace("{time}", date("G:i", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{date}", date("j. n. Y", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{comment}", $comment, $comm1_template);
                if ($options['php_allowed']) {
                    $comm1_template = str_replace('"', '\"', $comm1_template);
                    $comm1_template = str_replace('?>', 'print "', $comm1_template);
                    $comm1_template = str_replace('<?php', '"; ', $comm1_template);
                    $comm1_template = 'print "'.$comm1_template.'";';
                    $comm1_template = eval($comm1_template);
                }
                print $comm1_template;
            }
        } else { print "<span id=main>noch keine kommentare vorhanden!<br />\r\n"; }
        if(isset($failure)) { print "<span id=main><b>fehler: $failure</b></span><br />\r\n"; }
        if(isset($success)) { print "<span id=main><b>$success</b></span><br />\r\n"; }
    }}

// Hier wird das Kommentar schreiben Feld erstellt

    if (!function_exists("showPostComment")) {
    function showPostComment() {

// Zufallsgenerator starten. Erzeugt den Dateinamen 
mt_srand((double)microtime()*1000000); 
$iRandFileVal = mt_rand(1000000, 9999999); 

        global $extension,
               $options,
               $styledata,
               $news_id,
               $QUERY_STRING,
               $PHP_SELF;
                
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);

        $comm2_template = $styledata['tpl_comm2'];
        $formheight = ""; $formwidth = "";
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />";
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />";
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />";
        $form_postcode ="<input type=\"text\" maxlength=\"6\" name=\"imgCode\"> <img src=\"imagecode.php?iCode=$iRandFileVal\" />";
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />";
        if (!$options['force_email']) {+
            $force_mail = " (freiwillig)";
        } else {
            $force_mail = "";
        }

        print "<a name=\"newcomment\"></a>\r\n";
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;iCode=$iRandFileVal&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n";
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template);
        $comm2_template = str_replace("{author}", $form_author, $comm2_template);
        $comm2_template = str_replace("{email}", $form_email, $comm2_template);
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template);
        $comm2_template = str_replace("{title}", $form_title, $comm2_template);
        $comm2_template = str_replace("{postcode}", $form_postcode, $comm2_template);
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template);
        if ($options['comment_smilies'] > 0) {
            $form_smilies = commentSmilies();
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template);
        } else {
            $comm2_template = str_replace("{smilies}", "", $comm2_template);
        }
        if ($options['php_allowed']) {
            $comm2_template = str_replace('"', '\"', $comm2_template);
            $comm2_template = str_replace('?>', 'print "', $comm2_template);
            $comm2_template = str_replace('<?php', '"; ', $comm2_template);
            $comm2_template = 'print "'.$comm2_template.'";';
            $comm2_template = eval($comm2_template);
        }
        print $comm2_template;
        print "</form>\r\n";   
    }}
    
// Helper für "showPostComment", der die Smilies erzeugt

    if (!function_exists("commentSmilies")) {
    function commentSmilies() {

        global $extension,
               $options,
               $styledata;
                
        require("config.inc".$extension);
        $num_smilies = $options['comment_smilies'];
        $form_smilies = "";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        for($smilie_id = 1; $smilie_id <= $num_smilies; $smilie_id ++) {
            $smilie_desc = $dbconn->fetchArray("SELECT * FROM $csmilietable WHERE id = $smilie_id");
            $smilie_data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_desc[smilie_id]");
            $form_smilies = $form_smilies."    <td class=\"cncomments\">\r\n";
            $form_smilies = $form_smilies."      <a href=\"javascript:document.newcomment.comment.value = document.newcomment.comment.value + ' $smilie_data[ code ]'; document.newcomment.comment.focus();\"\r\n";
            $form_smilies = $form_smilies."\t  onmouseover=\"status='$smilie_data[title]';return true;\"  onmouseout=\"status='';return true;\">\r\n";
            $form_smilies = $form_smilies."    <img src=\"$options[smilie_dir]$smilie_data[name]\" border=\"0\" alt=\"$smilie_data[title]\" /></a>\r\n";
            $form_smilies = $form_smilies."    </td>\r\n";
            if ($smilie_id == ($num_smilies / 2)) {
                $form_smilies = $form_smilies."  </tr>\r\n  <tr>\r\n";
            }	
        }
        $close = $dbconn->close(); 
        $form_smilies = "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\">\r\n  <tr>\r\n$form_smilies  </tr>\r\n</table>";
        return $form_smilies;
    }} 
}

?>

 

[Matthias_Nordwig]

Hi

Sorry zu schnell getippt:

Die mus natürlich mit Klammern aufgerufen werden:

tmpFct();