le 02/06/2009 à 15:06
nicolas917
le probleme est meme sans la pages qui permet de l ajout des commentaire sur mon blog la base se rempli de message de spam donc comment faire cela
pour eviter les spam
pour eviter les spam
<?<?php
$cryptinstall="./../crypt/cryptographp.fct.php";
include $cryptinstall;
?>
<?php
include '../lib/config.inc.php';
$db = mysql_connect($sql_host,$sql_user,$sql_pass);
mysql_select_db($sql_bdd,$db);
$ipNow = $_SERVER['REMOTE_ADDR'];
$sql = "SELECT * FROM ".$mysql_prefix."identvisites WHERE nom='".$_GET['IDblog']."' AND ipNow='$ipNow'";
$result = mysql_query($sql);
if(mysql_fetch_array($result) == 0)
{
$sql = "INSERT INTO ".$mysql_prefix."identvisites (id, nom, ipNow, dateVisite) VALUES ('', '".$_GET['IDblog']."', '$ipNow', '".date("d.m.Y")."')";
$result = mysql_query($sql);
$sql3 = "SELECT * FROM ".$mysql_prefix."identstats WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$re = mysql_query($sql3);
$raw = mysql_fetch_array($re);
$nb_total = $raw['hits']+1;
$sql8 = "UPDATE ".$mysql_prefix."identstats SET hits='$nb_total' WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$result = mysql_query($sql8);
}
else
{
$sql2 = "SELECT * FROM ".$mysql_prefix."identvisites WHERE nom='".$_GET['IDblog']."' AND ipNow='$ipNow'";
$resul = mysql_query($sql2);
$row = mysql_fetch_array($resul);
$sql4 = "SELECT * FROM ".$mysql_prefix."identstats WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$re = mysql_query($sql4);
$raw = mysql_fetch_array($re);
if($row['dateVisite'] <> "".date("d.m.Y")."")
{
$sql7 = "UPDATE ".$mysql_prefix."identvisites SET dateVisite='".date("d.m.Y")."' WHERE nom='".$_GET['IDblog']."' AND ipNow='$ipNow'";
$result = mysql_query($sql7);
$nb_total = $raw['hits']+1;
$sql5 = "UPDATE ".$mysql_prefix."identstats SET hits='$nb_total' WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$result = mysql_query($sql5);
}
}
include 'lib/http_get.php';
include 'lib/select.inc.php';
include 'lib/select_prefs.inc.php';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Commentaire Blog <?php echo $_GET['IDblog'] ; ?> <?php echo $_GET['msgID'] ; ?></title>
<link href="<?php echo $url_site; ?>/template/<?php echo $style; ?>/style.css" rel="stylesheet" type="text/css">
<meta name="description" content="<?php echo $titre ; ?> - blog gratuit espace illimitée" />
<?php echo $metaTag; ?>
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="27%" background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_logo.gif"><a href="http://<?php echo $_GET['IDblog']; ?>.easy4blog.com"><img src="<?php echo $url_site; ?>/template/<?php echo $style; ?>/logo.gif" width="341" height="101" border="0" alt="Accueil de <?php echo $_GET['IDblog']; ?>"></a></td>
<td width="73%" colspan="2" background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_logo.gif">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="73"><?php include 'include/header.php'; ?></td>
</tr>
<tr>
<td><?php include '../include/dedi.php'; ?></td>
</tr>
</table>
</td>
</tr>
<tr valign="top">
<td height="49" colspan="3">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="12%" height="75" valign="top" background="template/<?php echo $style; ?>/menu_gauche.gif">
<div id="gauche">
<img src="template/<?php echo $style; ?>/menu_gauche.gif" alt="Sommaire Gauche" width="200" height="17" border="0" />
<?php include'include/gauche.php'; ?>
</div>
</td>
<td width="73%" valign="top" nowrap background="<?php echo $enzo; ?>">
<div align="left">
<?php
include 'bbcode.php';
$db = mysql_connect($sql_host,$sql_user,$sql_pass) or die(mysql_error());
mysql_select_db($sql_bdd,$db);
$query = "SELECT * FROM ".$mysql_prefix."identbillet WHERE nom='".$_GET['IDblog']."' AND msg_ID='".$_GET['msgID']."'";
$result = mysql_query($query) or die (mysql_error());
$nb_result = mysql_num_rows($result);
$row = mysql_fetch_array($result);
$sql = "SELECT * FROM ".$mysql_prefix."identcomment WHERE nom='".$_GET['IDblog']."' AND msgID='".$row['msg_ID']."'";
$res = mysql_query($sql) or die (mysql_error());
$nb_res = mysql_num_rows($res);
$imgg = "../picture/".$row['nom']."/".$row['image']."";
echo '<table width="80%" border="0" align="center" cellpadding="0" cellspacing="0">';
echo '<tr><td height="26" class="back_menu"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">';
echo '<tr><td class="txt_menu">'.stripslashes($row['titre']).'</td>';
echo '</tr></table></td></tr><tr>';
echo '<td><table width="100%" border="0" cellspacing="2" cellpadding="0">';
echo '<tr><td>Posté le '.$row['date_post'].' par <a href="mailto:'.stripslashes($row['mail']).'">'.stripslashes($row['auteur']).'</a></td>';
echo '</tr><tr><td><br><p>';
if($row['image'] == "")
{
echo '';
}
elseif($row['image'] == ".")
{
echo '';
}
elseif(file_exists($imgg))
{
echo redim($imgg);
}
echo bbcode(stripslashes(nl2br($row['billet'])));
echo '</p></td>';
echo '</tr><tr><td><div align="right">';
if($row['comment'] == "1")
{
echo "<A HREF=\"#comm\"><b>".$nb_res." commentaires</b></a>";
{
echo " <img src='http://www.easy4blog.com/img/icons/commentaires.png' border='0'> <A HREF=\"http://".$_GET['IDblog'].".easy4blog.com/ajout-commentaire-" . str_replace(" ","-",OterAccents($row['titre'])) . '-' . $row['msg_ID'].".html#commentaire\">Ajouter un commentaire</a>";
}
{
echo " <img src='http://www.easy4blog.com/img/icons/image.png' border='0'> <A HREF=\"http://".$_GET['IDblog'].".easy4blog.com/imprimer-".$row['msg_ID'].".html#\">Imprimer cette photo</a>";
}
}
echo '</div></td></tr></table></td></tr></table><br>';
mysql_close($db);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title><?php echo $titre ; ?>danois</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="template/<?php echo $style; ?>/style.css" rel="stylesheet" type="text/css">
<script type="text/javascript">
var ns6=document.getElementById&&!document.all
function restrictinput(maxlength,e,placeholder){
if (window.event&&event.srcElement.value.length>=maxlength)
return false
else if (e.target&&e.target==eval(placeholder)&&e.target.value.length>=maxlength){
var pressedkey=/[a-zA-Z0-9\.\,\/]/
if (pressedkey.test(String.fromCharCode(e.which)))
e.stopPropagation()
}
}
function countlimit(maxlength,e,placeholder){
var theform=eval(placeholder)
var lengthleft=maxlength-theform.value.length
var placeholderobj=document.all? document.all[placeholder] : document.getElementById(placeholder)
if (window.event||e.target&&e.target==eval(placeholder)){
if (lengthleft<0)
theform.value=theform.value.substring(0,maxlength)
placeholderobj.innerHTML=lengthleft
}
}
function displaylimit(thename, theid, thelimit){
var theform=theid!=""? document.getElementById(theid) : thename
var limit_text='<b><span id="'+theform.toString()+'">'+thelimit+'</span></b> caractères maximum.'
if (document.all||ns6)
document.write(limit_text)
if (document.all){
eval(theform).onkeypress=function(){ return restrictinput(thelimit,event,theform)}
eval(theform).onkeyup=function(){ countlimit(thelimit,event,theform)}
}
else if (ns6){
document.body.addEventListener('keypress', function(event) { restrictinput(thelimit,event,theform) }, true);
document.body.addEventListener('keyup', function(event) { countlimit(thelimit,event,theform) }, true);
}
}
</script>
<p> </p><table width="80%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td height="26" class="back_menu"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td class="txt_menu">Ajouter un commentaires</td></tr> </table></td></tr>
<tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr>
<td><br> <table width="70%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td><div align="center"> <?php
if($post == "1")
{
if (empty($_POST['nom']) || empty($_POST['msgID']) || empty($_POST['auteur']) || empty($_POST['mail']) || empty($_POST['titre']) || empty($_POST['code']) ||empty($_POST['comment']))
{
echo "<span class=\"txt_rouge\">Tous les champs sont obligatoires !</span>";
}
elseif(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $mail))
{
echo "<span class=\"txt_rouge\">Votre adresse email est invalide !</span>";
}
else
{
if (chk_crypt($_POST['code']))
{
$db = mysql_connect($sql_host,$sql_user,$sql_pass) or die(mysql_error());
mysql_select_db($sql_bdd,$db) or die(mysql_error());
$query = "INSERT INTO ".$mysql_prefix."identcomment (id, nom, msgID, auteur, mail, titre, comment, blog, date) VALUES ('', '".$_GET['IDblog']."', '".$_GET['msgID']."', '".strip_tags($auteur)."', '".strip_tags($mail)."', '".strip_tags($titre)."', '".strip_tags($comment)."', 'http://".$blog.".easy4blog.com/', '".date("d.m.Y")."')";
mysql_query($query) or die(mysql_error());
echo "<strong><span class=\"txt_rouge\">Votre commentaire à bien été posté !</span></strong>";
if($_POST["ajouter"][$i]=="ok");
mysql_close($db);
}
else
{
echo "<tr><td height=\"30\" colspan=\"2\"><strong><span class=\"txt_rouge\">ERREUR de saisie du code !</span></strong></td></tr>";
}
}
}
?> </div></td></tr> </table><br> <form action="?IDblog=<?php echo $_GET['IDblog']; ?>&msgID=<?php echo $_GET['msgID']; ?>" method="post" name="commentaire" id="commentaire">
<table width="95%" border="0" align="center" cellpadding="0" cellspacing="2">
<tr> <td height="30"><strong>:: Poster un commentaire</strong></td></tr> <tr>
<td>
<table width="89%" border="0" align="center" cellpadding="0" cellspacing="2">
<tr> <td width="41%" height="20">Votre NOM : <span class="txt_rouge">*</span>
</td><td width="59%" height="20"><input name="auteur" type="text" class="form_input_txt" id="auteur" value="<?php echo "$auteur"; ?>" size="30"></td></tr>
<tr> <td height="20">Votre adresse email : <span class="txt_rouge">*</span> </td><td height="25"><input name="mail" type="text" class="form_input_txt" id="mail" value="<?php echo "$mail"; ?>" size="30"></td></tr>
<tr> <td height="20">Titre du commentaire : <span class="txt_rouge">*</span> </td><td height="25"><input name="titre" type="text" class="form_input_txt" id="titre" value="<?php echo "$titre"; ?>" size="30"></td></tr>
<tr> <td height="20">Votre message : <span class="txt_rouge">*</span> </td><td height="25"><textarea name="comment" cols="40" rows="10" class="form_input_txt" id="easy4blog.com"><?php echo "$comment"; ?></textarea>
<br><script>
displaylimit("","easy4blog.com",30000)
</script></td></tr> <tr>
<td height="20">Votre blog :</td>
<td height="15">http://<input name="blog" type="text" class="form_input_txt" id="blog" value="<?php echo "$blog"; ?>" size="10">.easy4blog.com</td>
</tr>
<tr>
<td align="center"><br></td>
</tr>
<tr>
<td height="15"> </td>
<td height="20"><?php dsp_crypt(1,1); ?></td>
</tr>
<tr>
<td height="15">Recopier le code:</td>
<td height="20"><input type="text" class="form_input_txt" name="code" value="<?php echo "$code"; ?>" size="35" maxlength="50"><input type='checkbox' name='ajouter[$i]' value='ok'></td>
</tr>
<tr>
<td height="15"> </td>
<td height="20"> </td>
</tr>
<tr> <td height="15"> </td><td height="20"><input type="submit" name="Submit" class="form_button" value=" Poster votre messages" onClick="this.form.submit();this.disabled=true;this.value='Patientez...'">
<input name="post" type="hidden" id="post" value="1"></td></tr> </table></td></tr>
</table></form></td></tr> </table></td></tr> </table>
<p> </p><table width="80%" align="center" cellpadding="0" cellspacing="0" BORDERCOLOR="#333333">
<tr> <td height="26" class="back_menu"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td class="txt_menu"><a name="comm">Lires Les commentaires</a></td></tr> </table></td></tr>
<tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr>
<td><br>
<?php
$guest_page_03 = "15";
if(!isset($d))
$d = "0";
if(!isset($f))
$f = $guest_page_03;
$db = mysql_connect($sql_host,$sql_user,$sql_pass);
mysql_select_db($sql_bdd,$db);
$query = "SELECT * FROM ".$mysql_prefix."identcomment WHERE nom='".$_GET['IDblog']."' AND msgID='".$_GET['msgID']."' ORDER BY date DESC LIMIT ".$d.", ".$guest_page_03."";
$result = mysql_query($query) or die(mysql_error());
$nb_result = mysql_num_rows($result);
$sql = "SELECT * FROM ".$mysql_prefix."identcomment WHERE nom='".$_GET['IDblog']."' AND msgID='".$_GET['msgID']."'";
$resultat = mysql_query($sql);
$nb_result_nb = mysql_num_rows($resultat);
while ($row = mysql_fetch_array($result))
{
echo '<div class="citation">
<p class="titre_billet"> <img src="http://www.easy4blog.com/img/icons/commentaires.png" border="0"> <b>'.stripslashes($row['titre']).'</b></p>
<p class="auteur">Posté par <strong><a href="'.$row['blog'].'" target="_blank"><b>Voir mon blog</b></a></strong> <a href="mailto:'.$row['mail'].'" target="_blank">'.stripslashes($row['auteur']).'</a> le '.$row['date'].'<br /></p>
<p class="texte">'.stripslashes(nl2br($row['comment'])).'<br />
</div></div>';
}
mysql_close($db);
echo "<center>\n";
if ($d != "0")
{
$d_new1 = $d-$guest_page_03;
$f_new1 = $d;
echo "<a href=\"http://".$_GET['IDblog'].".easy4blog.com/commentaires-" . str_replace(" ","-",OterAccents($row['titre'])) . "-$d_new1-$f_new1-" . $row['msg_ID'] . ".html\">[« Commentaires Précédents ]</a> | \n";
}
$nb_pages = intval($nb_result_nb/$guest_page_03)+1;
if ($nb_pages > "1")
{
for ($i=0;$i<$nb_pages;$i++)
{
if (isset($d_page))
$d_page = $d_page+$guest_page_03;
else
$d_page = "0";
$f_page = $f_page+$guest_page_03;
$num_page = $i+1;
if ($d == $d_page)
echo "".$num_page." ";
else
{
if ($d_page < $nb_result_nb)
echo " <a href=\"http://".$_GET['IDblog'].".easy4blog.com/commentaires" . str_replace(" ","-",OterAccents($row['titre'])) . "-$d_page-$f_page-" . $row['msg_ID'] . ".html\">".$num_page."</a> \n";
}
}
}
if ($f < $nb_result_nb)
{
$d_new2 = $f;
$f_new2 = $f+$guest_page_03;
echo "| <a href=\"http://".$_GET['IDblog'].".easy4blog.com/commentaires" . str_replace(" ","-",OterAccents($row['titre'])) . "-$d_new2-$f_new2-" . $row['msg_ID'] . ".html\">[ Commentaires Suivants » ]</a>\n";
}
?></td></tr> <tr> <td><br> <table width="70%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td>
<div align="center">
</td></tr> </table><br> </td></tr> </table></td></tr>
</table>
<td width="0%" valign="top" nowrap background="<?php echo $enzo; ?>"></td>
<td width="12%" valign="top" background="template/<?php echo $style; ?>/menu_droite.gif">
<div id="droite">
<img src="template/<?php echo $style; ?>/menu_droite.gif" alt="Sommaire droite" width="200" height="17" border="0" />
<?php include'include/droite.php'; ?>
</div> </td>
</tr>
</table>
</td>
</tr>
<tr background="template/<?php echo $style; ?>/fond_footer.gif">
<tr background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_footer.gif">
<td height="27" colspan="3" background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_footer.gif">
<div align="center"><?php include'include/footer.php'; ?></div>
</td>
</tr>
</table>
</body>
</html> ?>
<?php
$cryptinstall="./crypt/cryptographp.fct.php";
include $cryptinstall;
?>