WAP-Script fehler

chaosdiablo · 07.01.2008, 19:58

thx funzt!

chaosdiablo · 11.01.2008, 15:20

wapaddreply.php
[code=php]<?php
$filename="wapaddreply.php";

require("./global.php");
require("./acp/lib/class_parse.php");

if(!isset($threadid) || $thread['closed']==3) eval("error(\"".$tpl->get("error_falselink")."\");");
if(($wbbuserdata['canreplyowntopic']==0 && $thread['starterid'] && $thread['starterid']==$wbbuserdata['userid']) || $thread['visible']==0 || $wbbuserdata['canreplytopic']==0 || $board['replypermission']==0 || $board['closed']==1 || $board['isboard']==0 || ($thread['closed']!=0 && $wbbuserdata['issupermod']==0 && !$modpermissions['userid'])) access_error();

if(isset($_POST['send'])) {
$topic=trim($_POST['topic']);
if($dostopshooting==1) $topic=stopShooting($topic);
$message=stripcrap(trim($_POST['message']));
if(isset($_POST['iconid'])) $iconid=intval($_POST['iconid']);
else $iconid=0;
if(!$wbbuserdata['userid']) $guestname=trim($_POST['guestname']);

if(isset($_POST['postid'])) $postid=intval($_POST['postid']);
else $postid=0;
if(!isset($_POST['preview'])) {
$error="";
if(!$wbbuserdata['userid']) {
$wbbuserdata['username']=$guestname;
if(!$wbbuserdata['username'] || !verify_username($wbbuserdata['username'])) eval ("\$error .= \"".$tpl->get("newthread_error2")."\";");
$wbbuserdata['username']=htmlspecialchars($wbbuserdata['username']);
}
if(!$message) eval ("\$error .= \"".$tpl->get("wapnewthread_error1")."\";");
if(flood_control($wbbuserdata['userid'],$REMOTE_ADDR,$wbbuserdata['avoidfc'])) eval ("\$error .= \"".$tpl->get("newthread_error3")."\";");
if($wbbuserdata['maxpostimage']!=-1 && substr_count(strtolower($message),"[img]")>$wbbuserdata['maxpostimage']) eval ("\$error .= \"".$tpl->get("newthread_error4")."\";");
if($error) eval ("\$wapaddreply_error .= \"".$tpl->get("wapnewthread_error")."\";");
else {
if($_POST['parseurl']==1) $message=parseURL($message);
$result=$db->query_first("SELECT postid, threadid FROM bb".$n."_posts WHERE threadid='$threadid' AND userid='$wbbuserdata[userid]' AND username='".addslashes($wbbuserdata['username'])."' AND iconid='$iconid' AND posttopic='".addslashes(htmlspecialchars($topic))."' AND message='".addslashes($message)."' AND ipaddress='".$REMOTE_ADDR."' AND posttime>='".(time()-$dpvtime)."' LIMIT 1");
if($result['threadid']) {
header("Location: wapthread.php?threadid=$_POST[threadid]");
exit();
}

if($wbbuserdata['canpostwithoutmoderation']==1) $board['moderatenew']=0;
$time=time();
$db->query("INSERT INTO bb".$n."_posts (parentpostid,threadid,userid,username,iconid,posttopic,posttime,message,allowsmilies,showsignature,ipaddress,visible) VALUES ('$postid','$threadid','$wbbuserdata[userid]','".addslashes($wbbuserdata['username'])."','$iconid','".addslashes(htmlspecialchars($topic))."','$time','".addslashes($message)."','".ifelse($_POST['disablesmilies']==1,"0","1")."','".intval($_POST[showsignature])."','".$REMOTE_ADDR."','".ifelse($board['moderatenew']==1 || $board['moderatenew']==11,0,1)."')");
$postid = $db->insert_id();

$db->unbuffered_query("UPDATE bb".$n."_threads SET lastposttime = '$time', lastposterid = '$wbbuserdata[userid]', lastposter = '".addslashes($wbbuserdata['username'])."', replycount = replycount+1$threadclose WHERE threadid = '$threadid'",1);
$db->unbuffered_query("UPDATE bb".$n."_boards SET postcount=postcount+1, lastthreadid='$threadid', lastposttime='$time', lastposterid='$wbbuserdata[userid]', lastposter='".addslashes($wbbuserdata['username'])."' WHERE boardid IN ($board[parentlist],$boardid)",1);
$wbbuserdata['userposts']+=1;
list($rankid)=$db->query_first("SELECT rankid FROM bb".$n."_ranks WHERE groupid IN ('0','$wbbuserdata[groupid]') AND needposts<='$wbbuserdata[userposts]' AND gender IN ('0','$wbbuserdata[gender]') ORDER BY needposts DESC, gender DESC LIMIT 1");
$db->unbuffered_query("UPDATE bb".$n."_users SET userposts=userposts+1".ifelse($rankid!=$wbbuserdata['rankid'],", rankid='$rankid'","")." WHERE userid = '$wbbuserdata[userid]'",1);

$thread['topic']=rehtmlspecialchars($thread['topic']);
$result=$db->query("SELECT u.email, u.username, s.countemails FROM bb".$n."_subscribethreads s LEFT JOIN bb".$n."_users u USING(userid) WHERE s.threadid='$threadid' AND s.userid<>'$wbbuserdata[userid]' AND s.emailnotify=1 AND s.countemails<'$maxnotifymails' AND u.email is not null");
while($rowy=$db->fetch_array($result)) {
if($row['countemails']==$maxnotifymails-1) eval ("\$mail_text = \"".$tpl->get("mt_newpost_lastone")."\";");
else eval ("\$mail_text = \"".$tpl->get("mt_newpost")."\";");
eval ("\$mail_subject = \"".$tpl->get("ms_newpost")."\";");
mailer($row['email'],$mail_subject,$mail_text);
}
$db->unbuffered_query("UPDATE bb".$n."_subscribethreads SET countemails=countemails+1 WHERE threadid='$threadid' AND emailnotify=1 AND countemails<'$maxnotifymails'",1);

header("Location: wapthread.php?threadid=$_POST[threadid]");
exit();
}
}
}

elseif(isset($postid)) {
if($post['posttopic']!="") {
$post['posttopic']=preg_replace("/^RE: /i","",$post['posttopic']);
eval ("\$topic = \"".$tpl->get("addreply_quote_topic")."\";");
}
if(isset($_REQUEST['action']) && $_REQUEST['action']=="quote") {
if($docensor==1) {
$parse = new parse(1);
$post['message']=$parse->censor($post['message']);
}

$post['username']=rehtmlspecialchars($post['username']);
eval ("\$message = \"".$tpl->get("addreply_quote_message")."\";");
}
}

$navbar=getNavbar($board['parentlist']);
eval ("\$navbar .= \"".$tpl->get("navbar_board")."\";");

if($wbbuserdata['userid']==0) eval ("\$newthread_username .= \"".$tpl->get("newthread_username_input")."\";");
else eval ("\$newthread_username .= \"".$tpl->get("newthread_username")."\";");

if(!isset($iconid)) $iconid=0;

$count=0;
if(!$parse) $parse = new parse($docensor,75,$board['allowsmilies'],$board['allowbbcode'],$wbbuserdata['showimages'],$usecode);
while($posts=$db->fetch_array($result)) {
$tdbgcolor=getone($count,"{tablecolorb}","{tablecolora}");
$tdid=getone($count,"tableb","tablea");
$posts['message']=$parse->doparse($posts['message'],$posts['allowsmilies']*$board['allowsmilies'],$board['allowhtml'],$board['allowbbcode'],$board['allowimages']);
$posts['posttopic']=$parse->textwrap($posts['posttopic'],30);
if($posts['iconid'] && $board['allowicons']==1) $posticon=makeimgtag($posts['iconpath'],$posts['icontitle']);
else $posticon="";

eval ("\$postbit .= \"".$tpl->get("wapaddreply_postbit")."\";");
$count++;
}

if(isset($message)) $message=parse::convertHTML($message);
if(isset($topic)) $topic=str_replace("\"",""",$topic);
if(isset($guestname)) $guestname=str_replace("\"",""",$guestname);

if(strlen($thread['topic'])>60) $thread['topic']=parse::textwrap($thread['topic'],60);

eval("\$tpl->output(\"".$tpl->get("wapaddreply")."\");");
?>
[/code]
Fehler:

Zitat:Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/chris.sunsonic.de/httpdocs/Testforum/acp/lib/class_db_mysql.php on line 71

ich komme trotzdem ans script, aber diese fehlermeldung kommt.
wie kann ich da den blauen hintergrund denn wegmachen? ps die wapaddreply arbeitet mit templates.
PS welche überschüssigen zeilen könnten raus?

***pattex*** · 11.01.2008, 15:34

Kannst du noch das Template wapaddreply posten?

bei dem anderen fehler bin ich gerade am suchen

chaosdiablo · 11.01.2008, 15:42

Code:
{!DOCTYPE}

<html>

<head>

<title>Antwort erstellen</title>

</head>

<body>

 <br>$wapaddreply_error

<form action="wapaddreply.php" method="post" name="bbform" onSubmit="return validate(this)">

<B>Antwort erstellen</B></font><br>

<normalfont>Benutzername:<br>

$newthread_username<br>

<normalfont>Thema:</font><br>

<input class="input" type="text" name="topic" value="$topic" SIZE=10 MAXLENGTH=10><br>

 Nachricht:<br>

<textarea name="message" rows=10 cols=10 wrap="soft" onChange=getActiveText(this) onclick=getActiveText(this) onFocus=getActiveText(this)>$message</textarea><br></font>

 <input type="hidden" name="send" value="send">

 <input type="hidden" name="threadid" value="$threadid">

 <input type="hidden" name="postid" value="$postid">

 <input type="hidden" name="sid" value="$session[hash]">

 <input class="input" type="submit" name="submit" accesskey="S" value="Antworten"><br>

</p></form>

</body>

</html>

***pattex*** · 11.01.2008, 18:30

Das kann raus in der wapaddreply:
$navbar=getNavbar($board['parentlist']);
eval ("\$navbar .= \"".$tpl->get("navbar_board")."\";");

Ist der Fehler weg wenn du das entfernst aus der wapaddreply?

Code:
$topic=trim($_POST['topic']);

 if($dostopshooting==1) $topic=stopShooting($topic);

 $message=stripcrap(trim($_POST['message']));

 if(isset($_POST['iconid'])) $iconid=intval($_POST['iconid']);

 else $iconid=0;

 if(!$wbbuserdata['userid']) $guestname=trim($_POST['guestname']);

 if(isset($_POST['postid'])) $postid=intval($_POST['postid']);

 else $postid=0;

 if(!isset($_POST['preview'])) {

  $error="";

  if(!$wbbuserdata['userid']) {

   $wbbuserdata['username']=$guestname;

   if(!$wbbuserdata['username'] || !verify_username($wbbuserdata['username'])) eval ("\$error .= \"".$tpl->get("newthread_error2")."\";");

   $wbbuserdata['username']=htmlspecialchars($wbbuserdata['username']);

  }

  if(!$message) eval ("\$error .= \"".$tpl->get("wapnewthread_error1")."\";");

  if(flood_control($wbbuserdata['userid'],$REMOTE_ADDR,$wbbuserdata['avoidfc'])) eval ("\$error .= \"".$tpl->get("newthread_error3")."\";");

  if($wbbuserdata['maxpostimage']!=-1 && substr_count(strtolower($message),"[img]")>$wbbuserdata['maxpostimage']) eval ("\$error .= \"".$tpl->get("newthread_error4")."\";");

  if($error) eval ("\$wapaddreply_error .= \"".$tpl->get("wapnewthread_error")."\";");

  else {

   if($_POST['parseurl']==1) $message=parseURL($message);

   $result=$db->query_first("SELECT postid, threadid FROM bb".$n."_posts WHERE threadid='$threadid' AND userid='$wbbuserdata[userid]' AND username='".addslashes($wbbuserdata['username'])."' AND iconid='$iconid' AND posttopic='".addslashes(htmlspecialchars($topic))."' AND message='".addslashes($message)."' AND ipaddress='".$REMOTE_ADDR."' AND posttime>='".(time()-$dpvtime)."' LIMIT 1");

   if($result['threadid']) {

    header("Location: wapthread.php?threadid=$_POST[threadid]");

    exit();

   }

   if($wbbuserdata['canpostwithoutmoderation']==1) $board['moderatenew']=0;

   $time=time();

   $db->query("INSERT INTO bb".$n."_posts (parentpostid,threadid,userid,username,iconid,posttopic,posttime,message,allowsmilies,showsignature,ipaddress,visible) VALUES ('$postid','$threadid','$wbbuserdata[userid]','".addslashes($wbbuserdata['username'])."','$iconid','".addslashes(htmlspecialchars($topic))."','$time','".addslashes($message)."','".ifelse($_POST['disablesmilies']==1,"0","1")."','".intval($_POST[showsignature])."','".$REMOTE_ADDR."','".ifelse($board['moderatenew']==1 || $board['moderatenew']==11,0,1)."')");

   $postid = $db->insert_id();

    $db->unbuffered_query("UPDATE bb".$n."_threads SET lastposttime = '$time', lastposterid = '$wbbuserdata[userid]', lastposter = '".addslashes($wbbuserdata['username'])."', replycount = replycount+1$threadclose WHERE threadid = '$threadid'",1);

    $db->unbuffered_query("UPDATE bb".$n."_boards SET postcount=postcount+1, lastthreadid='$threadid', lastposttime='$time', lastposterid='$wbbuserdata[userid]', lastposter='".addslashes($wbbuserdata['username'])."' WHERE boardid IN ($board[parentlist],$boardid)",1);

     $wbbuserdata['userposts']+=1;

     list($rankid)=$db->query_first("SELECT rankid FROM bb".$n."_ranks WHERE groupid IN ('0','$wbbuserdata[groupid]') AND needposts<='$wbbuserdata[userposts]' AND gender IN ('0','$wbbuserdata[gender]') ORDER BY needposts DESC, gender DESC LIMIT 1");

     $db->unbuffered_query("UPDATE bb".$n."_users SET userposts=userposts+1".ifelse($rankid!=$wbbuserdata['rankid'],", rankid='$rankid'","")." WHERE userid = '$wbbuserdata[userid]'",1);

    $thread['topic']=rehtmlspecialchars($thread['topic']);

    $result=$db->query("SELECT u.email, u.username, s.countemails FROM bb".$n."_subscribethreads s LEFT JOIN bb".$n."_users u USING(userid) WHERE s.threadid='$threadid' AND s.userid<>'$wbbuserdata[userid]' AND s.emailnotify=1 AND s.countemails<'$maxnotifymails' AND u.email is not null");

    while($rowy=$db->fetch_array($result)) {

     if($row['countemails']==$maxnotifymails-1) eval ("\$mail_text = \"".$tpl->get("mt_newpost_lastone")."\";");

     else eval ("\$mail_text = \"".$tpl->get("mt_newpost")."\";");

     eval ("\$mail_subject = \"".$tpl->get("ms_newpost")."\";");

     mailer($row['email'],$mail_subject,$mail_text);

    }

    $db->unbuffered_query("UPDATE bb".$n."_subscribethreads SET countemails=countemails+1 WHERE threadid='$threadid' AND emailnotify=1 AND countemails<'$maxnotifymails'",1);

    header("Location: wapthread.php?threadid=$_POST[threadid]");

    exit();

   }

  }

chaosdiablo · 11.01.2008, 19:01

ähm wenn man den code rausnimmt entsteht da keine sicherheitslücke? PS die redirection zum thread brauch ich noch

***pattex*** · 11.01.2008, 23:51

Also so kommt der Fehler nicht mehr:

Code:
<?php

$filename="wapaddreply.php";

require("./global.php");

require("./acp/lib/class_parse.php");

if(!isset($threadid) || $thread['closed']==3) eval("error(\"".$tpl->get("error_falselink")."\");");

if(($wbbuserdata['canreplyowntopic']==0 && $thread['starterid'] && $thread['starterid']==$wbbuserdata['userid']) || $thread['visible']==0 || $wbbuserdata['canreplytopic']==0 || $board['replypermission']==0 || $board['closed']==1 || $board['isboard']==0 || ($thread['closed']!=0 && $wbbuserdata['issupermod']==0 && !$modpermissions['userid'])) access_error();

if(isset($_POST['send'])) {

 $topic=trim($_POST['topic']);

 if($dostopshooting==1) $topic=stopShooting($topic);

 $message=stripcrap(trim($_POST['message']));

 if(isset($_POST['iconid'])) $iconid=intval($_POST['iconid']);

 else $iconid=0;

 if(!$wbbuserdata['userid']) $guestname=trim($_POST['guestname']);

 if(isset($_POST['postid'])) $postid=intval($_POST['postid']);

 else $postid=0;

 if(!isset($_POST['preview'])) {

  $error="";

  if(!$wbbuserdata['userid']) {

   $wbbuserdata['username']=$guestname;

   if(!$wbbuserdata['username'] || !verify_username($wbbuserdata['username'])) eval ("\$error .= \"".$tpl->get("newthread_error2")."\";");

   $wbbuserdata['username']=htmlspecialchars($wbbuserdata['username']);

  }

  if(!$message) eval ("\$error .= \"".$tpl->get("wapnewthread_error1")."\";");

  if(flood_control($wbbuserdata['userid'],$REMOTE_ADDR,$wbbuserdata['avoidfc'])) eval ("\$error .= \"".$tpl->get("newthread_error3")."\";");

  if($wbbuserdata['maxpostimage']!=-1 && substr_count(strtolower($message),"[img]")>$wbbuserdata['maxpostimage']) eval ("\$error .= \"".$tpl->get("newthread_error4")."\";");

  if($error) eval ("\$wapaddreply_error .= \"".$tpl->get("wapnewthread_error")."\";");

  else {

   if($_POST['parseurl']==1) $message=parseURL($message);

   $result=$db->query_first("SELECT postid, threadid FROM bb".$n."_posts WHERE threadid='$threadid' AND userid='$wbbuserdata[userid]' AND username='".addslashes($wbbuserdata['username'])."' AND iconid='$iconid' AND posttopic='".addslashes(htmlspecialchars($topic))."' AND message='".addslashes($message)."' AND ipaddress='".$REMOTE_ADDR."' AND posttime>='".(time()-$dpvtime)."' LIMIT 1");

   if($result['threadid']) {

    header("Location: wapaddreply.php?threadid=$_POST[threadid]");

    exit();

   }

   if($wbbuserdata['canpostwithoutmoderation']==1) $board['moderatenew']=0;

   $time=time();

   $db->query("INSERT INTO bb".$n."_posts (parentpostid,threadid,userid,username,iconid,posttopic,posttime,message,allowsmilies,showsignature,ipaddress,visible) VALUES ('$postid','$threadid','$wbbuserdata[userid]','".addslashes($wbbuserdata['username'])."','$iconid','".addslashes(htmlspecialchars($topic))."','$time','".addslashes($message)."','".ifelse($_POST['disablesmilies']==1,"0","1")."','".intval($_POST[showsignature])."','".$REMOTE_ADDR."','".ifelse($board['moderatenew']==1 || $board['moderatenew']==11,0,1)."')");

   $postid = $db->insert_id();

    $db->unbuffered_query("UPDATE bb".$n."_threads SET lastposttime = '$time', lastposterid = '$wbbuserdata[userid]', lastposter = '".addslashes($wbbuserdata['username'])."', replycount = replycount+1$threadclose WHERE threadid = '$threadid'",1);

    $db->unbuffered_query("UPDATE bb".$n."_boards SET postcount=postcount+1, lastthreadid='$threadid', lastposttime='$time', lastposterid='$wbbuserdata[userid]', lastposter='".addslashes($wbbuserdata['username'])."' WHERE boardid IN ($board[parentlist],$boardid)",1);

     $wbbuserdata['userposts']+=1;

     list($rankid)=$db->query_first("SELECT rankid FROM bb".$n."_ranks WHERE groupid IN ('0','$wbbuserdata[groupid]') AND needposts<='$wbbuserdata[userposts]' AND gender IN ('0','$wbbuserdata[gender]') ORDER BY needposts DESC, gender DESC LIMIT 1");

     $db->unbuffered_query("UPDATE bb".$n."_users SET userposts=userposts+1".ifelse($rankid!=$wbbuserdata['rankid'],", rankid='$rankid'","")." WHERE userid = '$wbbuserdata[userid]'",1);

    $thread['topic']=rehtmlspecialchars($thread['topic']);

    $result=$db->query("SELECT u.email, u.username, s.countemails FROM bb".$n."_subscribethreads s LEFT JOIN bb".$n."_users u USING(userid) WHERE s.threadid='$threadid' AND s.userid<>'$wbbuserdata[userid]' AND s.emailnotify=1 AND s.countemails<'$maxnotifymails' AND u.email is not null");

    while($rowy=$db->fetch_array($result)) {

     if($row['countemails']==$maxnotifymails-1) eval ("\$mail_text = \"".$tpl->get("mt_newpost_lastone")."\";");

     else eval ("\$mail_text = \"".$tpl->get("mt_newpost")."\";");

     eval ("\$mail_subject = \"".$tpl->get("ms_newpost")."\";");

     mailer($row['email'],$mail_subject,$mail_text);

    }

    $db->unbuffered_query("UPDATE bb".$n."_subscribethreads SET countemails=countemails+1 WHERE threadid='$threadid' AND emailnotify=1 AND countemails<'$maxnotifymails'",1);

    header("Location: wapaddreply.php?threadid=$_POST[threadid]");

    exit();

   }

  }

 }

elseif(isset($postid)) {

 if($post['posttopic']!="") {

  $post['posttopic']=preg_replace("/^RE: /i","",$post['posttopic']);

  eval ("\$topic = \"".$tpl->get("addreply_quote_topic")."\";");

 }

 if(isset($_REQUEST['action']) && $_REQUEST['action']=="quote") {

  if($docensor==1) {

   $parse = new parse(1);

   $post['message']=$parse->censor($post['message']);

  }

  $post['username']=rehtmlspecialchars($post['username']);

  eval ("\$message = \"".$tpl->get("addreply_quote_message")."\";");

 }

}

$navbar=getNavbar($board['parentlist']);

eval ("\$navbar .= \"".$tpl->get("navbar_board")."\";");

if($wbbuserdata['userid']==0) eval ("\$newthread_username .= \"".$tpl->get("newthread_username_input")."\";");

else eval ("\$newthread_username .= \"".$tpl->get("newthread_username")."\";");

if(!isset($iconid)) $iconid=0;

$count=0;

if(!$parse) $parse = new parse($docensor,75,$board['allowsmilies'],$board['allowbbcode'],$wbbuserdata['showimages'],$usecode);

if(isset($message)) $message=parse::convertHTML($message);

if(isset($topic)) $topic=str_replace("\"","&quot;",$topic);

if(isset($guestname)) $guestname=str_replace("\"","&quot;",$guestname);

if(strlen($thread['topic'])>60) $thread['topic']=parse::textwrap($thread['topic'],60);

eval("\$tpl->output(\"".$tpl->get("wapaddreply")."\");");

?>

Ohne das ->

Code:
while($posts=$db->fetch_array($result)) {

 $tdbgcolor=getone($count,"{tablecolorb}","{tablecolora}");

 $tdid=getone($count,"tableb","tablea");

 $posts['message']=$parse->doparse($posts['message'],$posts['allowsmilies']*$board['allowsmilies'],$board['allowhtml'],$board['allowbbcode'],$board['allowimages']);

 $posts['posttopic']=$parse->textwrap($posts['posttopic'],30);

 if($posts['iconid'] && $board['allowicons']==1) $posticon=makeimgtag($posts['iconpath'],$posts['icontitle']);

 else $posticon="";

 eval ("\$postbit .= \"".$tpl->get("wapaddreply_postbit")."\";");

 $count++;

}

Ich würde sagen da fehlt ne Abfrage -> $result

chaosdiablo · 14.01.2008, 20:54

aber bei deinem code wird der nich auf den thread zuückgeleitet....
Ich möchte gerne WapViews einbauen. welchen SQL Befehl brauch ich um die spalte "wapviews" in bb1_threads zu erstellen?

***pattex*** · 14.01.2008, 21:05

Ja klar. Um zurück zum thread zu kommen musst du die Adresse ändern:

Code:
header("Location: wapaddreply.php?threadid=$_POST[threadid]");

Wie meinst du das mit wapviews?

chaosdiablo · 14.01.2008, 22:51

????? das is doch schon in deinem code richtig....
ps das mit wapviews der sql befehl den hab i nun nur wie kann ich die viesw über wap im board darstellen? hb selber probiert, ging aber nicht.
PS ich meine im normalen forum darstellen, wie oft der thread aufm handy gelesen wurde (über das script also gelesen wurde)

Login




Merken Passwort vergessen?