triby gracias por ayudarme :D
aqui esta el show.inc.php
yo creo qe es aqui:
Código PHP:
//####################################################################################################################
// Add Comment
//####################################################################################################################
if($allow_add_comment){
$name = trim($name);
$mail = trim($mail);
$id = (int) $id; // Yes it's stupid how I didn't thought about this :/
//----------------------------------
// Check the lenght of comment, include name + mail
//----------------------------------
if( strlen($name) > 50 ){
echo"<div style=\"text-align: center;\">Your name is too long!</div>";
$CN_HALT = TRUE;
break 1;
}
if( strlen($mail) > 50){
echo"<div style=\"text-align: center;\">Your e-mail is too long!</div>";
$CN_HALT = TRUE;
break 1;
}
if( strlen($comments) > $config_comment_max_long and $config_comment_max_long != "" and $config_comment_max_long != "0"){
echo"<div style=\"text-align: center;\">Your comment is too long!</div>";
$CN_HALT = TRUE;
break 1;
}
//----------------------------------
// Get the IP
//----------------------------------
$foundip = TRUE;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if(getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else if(getenv("HTTP_X_FORWARDED_FOR")) $ip = getenv("HTTP_X_FORWARDED_FOR");
else {$ip = "not detected"; $foundip = FALSE;}
if( !$foundip or !preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", "$ip") ){ $ip = "not detected"; $foundip = FALSE;} //ensure that what we have is a real IP
//----------------------------------
// Flood Protection
//----------------------------------
if($config_flood_time != 0 and $config_flood_time != "" ){
if(flooder($ip, $id) == TRUE ){
echo("<div style=\"text-align: center;\">Flood protection activated !!!<br />you have to wait $config_flood_time seconds after your last comment before posting again at this article.</div>");
$CN_HALT = TRUE;
break 1;
}
}
//----------------------------------
// Check if IP is blocked
//----------------------------------
$blockip = FALSE;
$old_ips = file("$cutepath/data/ipban.db.php");
$new_ips = fopen("$cutepath/data/ipban.db.php", "w");
@flock ($new_ips,2);
foreach($old_ips as $old_ip_line){
$ip_arr = explode("|", $old_ip_line);
//implemented wildcard match
$ip_check_matches = 0;
$db_ip_split = explode(".", $ip_arr[0]);
$this_ip_split = explode(".", $ip);
for($i_i=0;$i_i<4;$i_i++){
// echo"IF $this_ip_split[$i_i] == $db_ip_split[$i_i] or $db_ip_split[$i_i] == '*'<br>";
if ($this_ip_split[$i_i] == $db_ip_split[$i_i] or $db_ip_split[$i_i] == '*') {
$ip_check_matches += 1;
}
}
if ($ip_check_matches == 4) {
$countblocks = $ip_arr[1] = $ip_arr[1] + 1;
fwrite($new_ips, "$ip_arr[0]|$countblocks||\n"); $blockip = TRUE;
} else {
fwrite($new_ips, $old_ip_line);
}
}
@flock ($new_ips,3);
fclose($new_ips);
if($blockip){
echo("<div style=\"text-align: center;\">Sorry but you have been blocked from posting comments</div>");
$CN_HALT = TRUE;
break 1;
}
//----------------------------------
// Check if the name is protected
//----------------------------------
$is_member = FALSE;
foreach($all_users as $member_db_line)
{
if(!eregi("<\?",$member_db_line) and $member_db_line != ""){
$user_arr = explode("|",$member_db_line);
//if the name is protected
if((strtolower($user_arr[2]) == strtolower($name) or strtolower($user_arr[4]) == strtolower($name)) and ($user_arr[3] != $CNpass and $user_arr[3] != md5($password)) and $name != "")
{
//$comments = replace_comment("add", $comments); //commented because will mess up the <br />
$comments = preg_replace(array("'\"'", "'\''", "''"), array(""", "'", ""), $comments);
$name = replace_comment("add", preg_replace("/\n/", "",$name));
$mail = replace_comment("add", preg_replace("/\n/", "",$mail));
echo"<div style=\"text-align: center;\">This name is owned by a registered user and you must enter password to use it<br />
<form name=passwordForm id=passwordForm method=\"post\" action=\"\">
Password: <input type=\"password\" name=\"password\" />
<input type=\"hidden\" name=\"name\" value=\"$name\" />
<input type=\"hidden\" name=\"comments\" value=\"$comments\" />
<input type=\"hidden\" name=\"mail\" value=\"$mail\" />
<input type=\"hidden\" name=\"ip\" value=\"$ip\" />
<input type=\"hidden\" name=\"subaction\" value=\"addcomment\" />
<input type=\"hidden\" name=\"show\" value=\"$show\" />
<input type=\"hidden\" name=\"ucat\" value=\"$ucat\" />
$user_post_query
<input type=\"submit\" /> \n <br>
<input type=\"checkbox\" name=\"CNrememberPass\" value=1 /> Remember password in cookie (md5 format)
</form>
</div>";
$CN_HALT = TRUE;
break 2;
}
if(strtolower($user_arr[2]) == strtolower($name)) $is_member = TRUE;
//----------------------------------
// Member wants to save his pass in cookie ?
//----------------------------------
if($CNrememberPass == 1){
if(file_exists("$cutepath/remember.js")){
echo"<script type=\"text/javascript\" src=\"$config_http_script_dir/remember.js\"></script>";
echo"<script>CNRememberPass('".md5($password)."')</script>";
}
}
}
}
//----------------------------------
// Check if only members can comment
//----------------------------------
if($config_only_registered_comment == "yes" and !$is_member){
echo"<div style=\"text-align: center;\">Sorry but only registered users can post comments, and '".htmlspecialchars($name)."' is not recognized as valid member.</div>";
$CN_HALT = TRUE;
break 1;
}
//----------------------------------
// Wrap the long words
//----------------------------------
if($config_auto_wrap > 1){
$comments_arr = explode("\n", $comments);
foreach($comments_arr as $line){
$wraped_comm .= ereg_replace("([^ \/\/]{".$config_auto_wrap."})","\\1\n", $line) ."\n";
}
if(strlen($name) > $config_auto_wrap){ $name = substr($name, 0, $config_auto_wrap)." ..."; }
$comments = $wraped_comm;
}
//----------------------------------
// Do some validation check 4 name, mail..
//----------------------------------
$comments = replace_comment("add", $comments);
$name = replace_comment("add", preg_replace("/\n/", "",$name));
$mail = replace_comment("add", preg_replace("/\n/", "",$mail));
if($name == " " or $name == ""){
echo("<div style=\"text-align: center;\">You must enter name.<br /><a href=\"javascript:history.go(-1)\">go back</a></div>");
$CN_HALT = TRUE;
break 1;
}
if($mail == " " or $mail == ""){ $mail = "none"; }
else{ $ok = FALSE;
if(preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $mail)) $ok = TRUE;
elseif($config_allow_url_instead_mail == "yes" and preg_match("/((http(s?):\/\/)|(www\.))([\w\.]+)([\/\w+\.-?]+)/", $mail)) $ok = TRUE;
elseif($config_allow_url_instead_mail != "yes"){
echo("<div style=\"text-align: center;\">This is not a valid e-mail<br /><a href=\"javascript:history.go(-1)\">go back</a></div>");
$CN_HALT = TRUE;
break 1;
}
else{
echo("<div style=\"text-align: center;\">This is not a valid e-mail or site URL<br /><a href=\"javascript:history.go(-1)\">go back</a></div>");
$CN_HALT = TRUE;
break 1;
}
}
if($comments == ""){
echo("<div style=\"text-align: center;\">Sorry but the comment can not be blank<br /><a href=\"javascript:history.go(-1)\">go back</a></div>");
$CN_HALT = TRUE;
break 1;
}
$time = time()+($config_date_adjust*60);