Problem mit Bildersperre

RageNo1

RageNo1

Erfahrenes Mitglied
Hallo,
ich versuche grad dieses Tutorial (http://www.tutorials.de/tutorials63349.html) in meine Kommentarfunktion einzutragen.

Soweit scheint auch die Sache mit dem Generieren zu klappen: http://www.eblogx.de/index.php?&comments=1471

Nun habe ich aber noch ein Problem und zwar wo ich die Überprüfung einbaue.
Sprich diesen Code:
PHP: 
if($_GET['action'] == 'do') { 
    session_name('tutorials'); 
    session_start(); 
    if($_SESSION['image'] == $_POST['code']) { 
        echo "Der eingegebene Code war richtig. Ihre Anmeldung wurde registriert."; 
    } 
    else { 
        echo "Der eingegebene Code ist falsch"; 
    } 
}

Hier der Teil in dem Script wo die Kommantare gespeichert werden:
PHP: 
// Hier werden die Kommentare gespeichert

    if (!function_exists("postComment")) {
    function postComment() {

        global $extension,
               $news_id,
               $options,
               $success,
               $failure,
               $REMOTE_ADDR;

        // hier definiere die zu blockenden wörter
        $badwords = array("fly2.cc", "payday", "loans", "mortage", "cash-services", "refinance", "credit", "online-casinos-matrix", "online-casinos", "epraha", "slot-machines", "roulette", "hbsnwa", "gambling", "blackjack", "free-slots", "itp4kids", "casinos", "online-gambling", "mothershope", "texas-holdem", "texas-hold-em", "online-casinos-research", "best-777-online-casinos", "best-online-casinos-tips", "racepointfunding", "casino7-online", "perfect-online-casinos", "diamond-online-casinos", "teriandersonandassoc.com", "online-casinos-know-how", "sure-online-casinos", "access-online-casinos", "best-9-online-casinos.com", "casinos-jp", "texas", "poker", "casino", "teriandersonandassoc", "easy-online-casinos.com", "easy-online-casinos", "online-casinos-comparation.com", "online-casinos-comparation", "online-casinos-pro-choice.com", "online-casinos-pro-choice", "casinos-in-linea-it.udcorp.com", "casinos-in-linea-it");

           
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);
        require("corebb".$extension);
        
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id");
        if ($result['id'] != "") {
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC");
            if (($ipcheck['time'] + $options['flood_control']) <= time()) {
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) {
                    $author = str_replace("'", "\"", htmlspecialchars($author));
                    $email = str_replace("'", "\"", htmlspecialchars($email));
                    $title = str_replace("'", "\"", htmlspecialchars($title));

// methode 1: nur checken ob verbotenes wort enthalten, wenn ja => nicht speichern und beenden
			if($x = badwords($comment, $badwords)) { 
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />";
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>";
                        return false;
                    }

                    switch ($options['html_bb_allow']) {
                        case 0: $comment2 = htmlspecialchars($comment);                  break;
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break;
                        case 2: $comment2 = $comment;                                    break;
                        case 3: $comment2 = corebb($comment, "toHTM");                   break;
                    }
                    $comment2 = str_replace("\r\n", "<br />", $comment2);
                    $comment2 = stripslashes($comment2);
                    $comment2 = str_replace("'", "\"", $comment2);
                    $time = time();
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')");
                    if ($query) {
                        $success = "<span id=main>kommentar eingetragen!</span>";
                    } else {
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>";
                    }    
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>";
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!";
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!";
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>";
                }
            } else {
                if ($options['flood_control'] <= 60) {
                    $wait = $options['flood_control']." sekunden";
                } else {
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten";
                }
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>";
            }    
        $close = $dbconn->close();
        }
    }}

Ich hatte es bereits an mehreren Stellen eingebunden aber igrgendwie wird es total ignoriert. Ich hoffe mir kann jemand dabei helfen.
Mfg Ragey
 
Ach ja hier noch eben der Teil, welcher die Form generiert und wo ich den Code eingebunden hab für die Anzeige und das eingabefeld:
PHP: 
// Hier wird das Kommentar schreiben Feld erstellt

    if (!function_exists("showPostComment")) {
    function showPostComment() {

        global $extension,
               $options,
               $styledata,
               $news_id,
               $QUERY_STRING,
               $PHP_SELF;
                
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);

        $comm2_template = $styledata['tpl_comm2'];
        $formheight = ""; $formwidth = "";
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />";
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />";
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />";
	$form_imgcode ="<img src=\"imagespamcode.php\" />";
	$form_imgcodetext ="<input type=\"text\" name=\"code\" />";

        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />";
        if (!$options['force_email']) {+
            $force_mail = " (freiwillig)";
        } else {
            $force_mail = "";
        }
        print "<a name=\"newcomment\"></a>\r\n";
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n"; 
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template);
        $comm2_template = str_replace("{author}", $form_author, $comm2_template);
        $comm2_template = str_replace("{email}", $form_email, $comm2_template);
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template);
        $comm2_template = str_replace("{title}", $form_title, $comm2_template);
	$comm2_template = str_replace("{imgcode}", $form_imgcode, $comm2_template);
	$comm2_template = str_replace("{imgcodetext}", $form_imgcodetext, $comm2_template);
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template);
        if ($options['comment_smilies'] > 0) {
            $form_smilies = commentSmilies();
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template);
        } else {
            $comm2_template = str_replace("{smilies}", "", $comm2_template);
        }
        if ($options['php_allowed']) {
            $comm2_template = str_replace('"', '\"', $comm2_template);
            $comm2_template = str_replace('?>', 'print "', $comm2_template);
            $comm2_template = str_replace('<?php', '"; ', $comm2_template);
            $comm2_template = 'print "'.$comm2_template.'";';
            $comm2_template = eval($comm2_template);
        }
        print $comm2_template;
        print "</form>\r\n";   
    }}
 
Ich habe es nun jeweils an den Stellen eingebaut mit den <<#####>>
leider funktioniert es nicht!

PHP: 
// Hier werden die Kommentare gespeichert 
<<#####>>

    if (!function_exists("postComment")) { 
    function postComment() { 

        global $extension, 
               $news_id, 
               $options, 
               $success, 
               $failure, 
               $REMOTE_ADDR; 

        // hier definiere die zu blockenden wörter 
        $badwords = array("fly2.cc", "payday", "loans", "mortage", "cash-services", "refinance", "credit", "online-casinos-matrix", "online-casinos", "epraha", "slot-machines", "roulette", "hbsnwa", "gambling", "blackjack", "free-slots", "itp4kids", "casinos", "online-gambling", "mothershope", "texas-holdem", "texas-hold-em", "online-casinos-research", "best-777-online-casinos", "best-online-casinos-tips", "racepointfunding", "casino7-online", "perfect-online-casinos", "diamond-online-casinos", "teriandersonandassoc.com", "online-casinos-know-how", "sure-online-casinos", "access-online-casinos", "best-9-online-casinos.com", "casinos-jp", "texas", "poker", "casino", "teriandersonandassoc", "easy-online-casinos.com", "easy-online-casinos", "online-casinos-comparation.com", "online-casinos-comparation", "online-casinos-pro-choice.com", "online-casinos-pro-choice", "casinos-in-linea-it.udcorp.com", "casinos-in-linea-it"); 

            
        $getvars = array(); 
        $postvars = array('author' ,'email' ,'title' ,'comment'); 
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } } 
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } } 

        require("config.inc".$extension); 
        require("corebb".$extension); 
         
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id"); 
        if ($result['id'] != "") { 
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC"); 
            if (($ipcheck['time'] + $options['flood_control']) <= time()) { 
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) { 
                    $author = str_replace("'", "\"", htmlspecialchars($author)); 
                    $email = str_replace("'", "\"", htmlspecialchars($email)); 
                    $title = str_replace("'", "\"", htmlspecialchars($title)); 

<<#####>>

// methode 1: nur checken ob verbotenes wort enthalten, wenn ja => nicht speichern und beenden 
            if($x = badwords($comment, $badwords)) { 
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />"; 
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>"; 
                        return false; 
                    } 

                    switch ($options['html_bb_allow']) { 
                        case 0: $comment2 = htmlspecialchars($comment);                  break; 
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break; 
                        case 2: $comment2 = $comment;                                    break; 
                        case 3: $comment2 = corebb($comment, "toHTM");                   break; 
                    } 
                    $comment2 = str_replace("\r\n", "<br />", $comment2); 
                    $comment2 = stripslashes($comment2); 
                    $comment2 = str_replace("'", "\"", $comment2); 
                    $time = time(); 
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')"); 
                    if ($query) { 
                        $success = "<span id=main>kommentar eingetragen!</span>"; 
                    } else { 
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>"; 
                    }     
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>"; 
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!"; 
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!"; 
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>"; 
                } 
            } else { 
                if ($options['flood_control'] <= 60) { 
                    $wait = $options['flood_control']." sekunden"; 
                } else { 
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten"; 
                } 
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>"; 
            }     
        $close = $dbconn->close(); 
        } 
    }}
 
Um antworten zu können musst du eingeloggt sein.

Neue Beiträge

Zurück