Messer 0 Опубликовано: 25 октября 2009 Рассказать Опубликовано: 25 октября 2009 У меня вот такя проблема некак не хочет редактировать коментарии ... при быстром редактировании пишет Access denied....при полном редактировании пишет Hacking attempt! Not Allowed Area Эти ошибки произошли после вставки модуля награды.... Но сам модуль мне нравить поэтом убирать его нехочеться... а вот что можно атредактировать чтоб заработал редактор коментариев вот что написано у меня в addcomments.phpа вот еще версия DLE 8.2 <?php @error_reporting( 7 ); @ini_set( 'display_errors', true ); @ini_set( 'html_errors', false ); @session_start(); define( 'DATALIFEENGINE', true ); define( 'ROOT_DIR', '../..' ); define( 'ENGINE_DIR', '..' ); include ENGINE_DIR . '/data/config.php'; if( $config['http_home_url'] == "" ) { $config['http_home_url'] = explode( "engine/ajax/addcomments.php", $_SERVER['PHP_SELF'] ); $config['http_home_url'] = reset( $config['http_home_url'] ); $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; } require_once ENGINE_DIR . '/classes/mysql.php'; require_once ENGINE_DIR . '/data/dbconfig.php'; require_once ENGINE_DIR . '/modules/functions.php'; require_once ENGINE_DIR . '/classes/templates.class.php'; $_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false); if( ! @is_dir( ROOT_DIR . '/templates/' . $_REQUEST['skin'] ) ) { die( "Hacking attempt!" ); } //################# Определение групп пользователей $user_group = get_vars( "usergroup" ); if( ! $user_group ) { $user_group = array (); $db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" ); while ( $row = $db->get_row() ) { $user_group[$row['id']] = array (); foreach ( $row as $key => $value ) { $user_group[$row['id']][$key] = $value; } } set_vars( "usergroup", $user_group ); $db->free(); } if( $config["lang_" . $_REQUEST['skin']] ) { @include_once (ROOT_DIR . '/language/' . $config["lang_" . $_REQUEST['skin']] . '/website.lng'); } else { include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng'; } $config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset']; require_once ENGINE_DIR . '/modules/sitelogin.php'; if( ! $is_logged ) { $member_id['user_group'] = 5; } $tpl = new dle_template( ); $tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin']; define( 'TEMPLATE_DIR', $tpl->dir ); $ajax_adds = true; $_POST['name'] = convert_unicode( $_POST['name'], $config['charset'] ); $_POST['mail'] = convert_unicode( $_POST['mail'], $config['charset'] ); $_POST['comments'] = convert_unicode( $_POST['comments'], $config['charset'] ); require_once ENGINE_DIR . '/modules/addcomments.php'; if( $CN_HALT != TRUE ) { $row = $db->super_query( "SELECT " . PREFIX . "_comments.id, post_id, " . PREFIX . "_comments.user_id, date, autor as gast_name, " . PREFIX . "_comments.email as gast_email, text, ip, is_register, name, " . USERPREFIX . "_users.email, news_num, comm_num, user_group, reg_date, signature, foto, fullname, land, icq, xfields FROM " . PREFIX . "_comments LEFT JOIN " . USERPREFIX . "_users ON " . PREFIX . "_comments.user_id=" . USERPREFIX . "_users.user_id WHERE " . PREFIX . "_comments.post_id = '$post_id' order by id DESC LIMIT 0,1" ); $tpl->load_template( 'comments.tpl' ); if( strpos( $tpl->copy_template, "[xfvalue_" ) !== false ) $xfound = true; else $xfound = false; if( $xfound ) $xfields = xfieldsload( true ); $row['date'] = strtotime( $row['date'] ); $row['gast_name'] = stripslashes( $row['gast_name'] ); $row['gast_email'] = stripslashes( $row['gast_email'] ); $row['name'] = stripslashes( $row['name'] ); if( ! $row['is_register'] or $row['name'] == '' ) { if( $row['gast_email'] != "" ) { $tpl->set( '{author}', "<a href=\"mailto:".htmlspecialchars($row['gast_email'], ENT_QUOTES)."\">" . $row['gast_name'] . "</a>" ); } else { $tpl->set( '{author}', $row['gast_name'] ); } $tpl->set( '{login}', $row['gast_name'] ); $tpl->set( '[profile]', "" ); $tpl->set( '[/profile]', "" ); } else { if( $config['ajax'] ) $go_page = "onclick=\"DlePage(\'subaction=userinfo&user=" . urlencode( $row['name'] ) . "\'); return false;\" "; else $go_page = ""; if( $config['allow_alt_url'] == "yes" ) { $go_page .= "href=\"" . $config['http_home_url'] . "user/" . urlencode( $row['name'] ) . "/\""; $tpl->set( '[profile]', "<a href=\"" . $config['http_home_url'] . "user/" . urlencode( $row['name'] ) . "/\">" ); } else { $go_page .= "href=\"$PHP_SELF?subaction=userinfo&user=" . urlencode( $row['name'] ) . "\""; $tpl->set( '[profile]', "<a href=\"$PHP_SELF?subaction=userinfo&user=" . urlencode( $row['name'] ) . "\">" ); } $go_page = "onclick=\"return dropdownmenu(this, event, UserMenu('" . htmlspecialchars( $go_page ) . "', '" . $row['user_id'] . "', '" . $user_group[$member_id['user_group']]['admin_editusers'] . "'), '170px')\" onmouseout=\"delayhidemenu()\""; if( $config['allow_alt_url'] == "yes" ) $tpl->set( '{author}', "<a {$go_page} href=\"" . $config['http_home_url'] . "user/" . urlencode( $row['name'] ) . "/\">" . $row['name'] . "</a>" ); else $tpl->set( '{author}', "<a {$go_page} href=\"$PHP_SELF?subaction=userinfo&user=" . urlencode( $row['name'] ) . "\">" . $row['name'] . "</a>" ); $tpl->set( '{login}', $row['name'] ); $tpl->set( '[/profile]', "</a>" ); } if( $is_logged and $member_id['user_group'] == '1' ) $tpl->set( '{ip}', "IP: <a onclick=\"return dropdownmenu(this, event, IPMenu('" . $row['ip'] . "', '" . $lang['ip_info'] . "', '" . $lang['ip_tools'] . "', '" . $lang['ip_ban'] . "'), '190px')\" onmouseout=\"delayhidemenu()\" href=\"http://www.nic.ru/whois/?ip={$row['ip']}\" target=\"_blank\">{$row['ip']}</a>" ); else $tpl->set( '{ip}', '' ); if( $is_logged and (($member_id['name'] == $row['name'] and $row['is_register'] and $user_group[$member_id['user_group']]['allow_editc']) or $user_group[$member_id['user_group']]['edit_allc']) ) { $tpl->set( '[com-edit]', "<a onclick=\"return dropdownmenu(this, event, MenuCommBuild('" . $row['id'] . "'), '170px')\" onmouseout=\"delayhidemenu()\" href=\"" . $config['http_home_url'] . "?do=comments&action=comm_edit&id=" . $row['id'] . "\">" ); $tpl->set( '[/com-edit]', "</a>" ); $allow_comments_ajax = true; } else $tpl->set_block( "'\\[com-edit\\](.*?)\\[/com-edit\\]'si", "" ); if( $is_logged and (($member_id['name'] == $row['name'] and $row['is_register'] and $user_group[$member_id['user_group']]['allow_delc']) or $member_id['user_group'] == '1' or $user_group[$member_id['user_group']]['del_allc']) ) { $tpl->set( '[com-del]', "<a href=\"javascript:confirmDelete('" . $config['http_home_url'] . "?do=comments&action=comm_del&id=" . $row['id'] . "&dle_allow_hash=" . $dle_login_hash . "')\">" ); $tpl->set( '[/com-del]', "</a>" ); } else $tpl->set_block( "'\\[com-del\\](.*?)\\[/com-del\\]'si", "" ); if( ($user_group[$member_id['user_group']]['allow_addc']) and $config['allow_comments'] == "yes" ) { if( ! $row['is_register'] or $row['name'] == '' ) $row['name'] = stripslashes( $row['gast_name'] ); else $row['name'] = stripslashes( $row['name'] ); $tpl->set( '[fast]', "<a onmouseover=\"dle_copy_quote('" . str_replace( array (" ","'"), array (" ", "&#039;"), $row['name'] ) . "');\" href=\"#\" onclick=\"dle_ins('" . str_replace( array (" ", "'"), array (" ", "&#039;"), $row['name'] ) . "'); return false;\"\">" ); $tpl->set( '[/fast]', "</a>" ); } else $tpl->set_block( "'\\[fast\\](.*?)\\[/fast\\]'si", "" ); $tpl->set( '{mail}', $row['email'] ); if( date( Ymd, $row['date'] ) == date( Ymd, $_TIME ) ) { $tpl->set( '{date}', $lang['time_heute'] . langdate( ", H:i", $row['date'] ) ); } elseif( date( Ymd, $row['date'] ) == date( Ymd, ($_TIME - 86400) ) ) { $tpl->set( '{date}', $lang['time_gestern'] . langdate( ", H:i", $row['date'] ) ); } else { $tpl->set( '{date}', langdate( $config['timestamp_active'], $row['date'] ) ); } $tpl->copy_template = preg_replace ( "#\{date=(.+?)\}#ie", "langdate('\\1', '{$row['date']}')", $tpl->copy_template ); $tpl->set( '{news_title}', "" ); $tpl->set( '{PAGEBREAK}', '' ); // Обработка дополнительных полей if( $xfound ) { $xfieldsdata = xfieldsdataload( $row['xfields'] ); foreach ( $xfields as $value ) { $preg_safe_name = preg_quote( $value[0], "'" ); if( $value[5] != 1 or $member_id['user_group'] == 1 or ($is_logged and $row['is_register'] and $member_id['name'] == $row['name']) ) { if( empty( $xfieldsdata[$value[0]] ) ) { $tpl->copy_template = preg_replace( "'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$ preg_safe_name}\\]'is", "", $tpl->copy_template ); } else { $tpl->copy_template = preg_replace( "'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$ preg_safe_name}\\]'is", "\\1", $tpl->copy_template ); } $tpl->copy_template = preg_replace( "'\\[xfvalue_{$preg_safe_name}\\]'i", stripslashes( $xfieldsdata[$value[0]] ), $tpl->copy_template ); } else { $tpl->copy_template = preg_replace( "'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$ preg_safe_name}\\]'is", "", $tpl->copy_template ); $tpl->copy_template = preg_replace( "'\\[xfvalue_{$preg_safe_name}\\]'i", "", $tpl->copy_template ); } } } // Обработка дополнительных полей $tpl->set( '{comment-id}', "--" ); #Awards Module include ENGINE_DIR.'/modules/awards/show.awards.php'; #Awards Module if( $row['foto'] ) $tpl->set( '{foto}', $config['http_home_url'] . "uploads/fotos/" . $row['foto'] ); else $tpl->set( '{foto}', "{THEME}/images/noavatar.png" ); if( $row['is_register'] and $row['icq'] ) $tpl->set( '{icq}', stripslashes( $row['icq'] ) ); else $tpl->set( '{icq}', '--' ); if( $row['is_register'] and $row['land'] ) $tpl->set( '{land}', stripslashes( $row['land'] ) ); else $tpl->set( '{land}', '--' ); if( $row['is_register'] and $row['fullname'] ) $tpl->set( '{fullname}', stripslashes( $row['fullname'] ) ); else $tpl->set( '{fullname}', '--' ); if( $row['is_register'] ) $tpl->set( '{registration}', langdate( "j.m.Y", $row['reg_date'] ) ); else $tpl->set( '{registration}', '--' ); if( $row['is_register'] and $row['signature'] and $user_group[$row['user_group']]['allow_signature'] ) { $tpl->set_block( "'\\[signature\\](.*?)\\[/signature\\]'si", "\\1" ); $tpl->set( '{signature}', stripslashes( $row['signature'] ) ); } else { $tpl->set_block( "'\\[signature\\](.*?)\\[/signature\\]'si", "" ); } if( ! $row['user_group'] ) $row['user_group'] = 5; if( $user_group[$row['user_group']]['icon'] ) $tpl->set( '{group-icon}', "<img src=\"" . $user_group[$row['user_group']]['icon'] . "\" border=\"0\" />" ); else $tpl->set( '{group-icon}', "" ); $tpl->set( '{group-name}', $user_group[$row['user_group']]['group_name'] ); $tpl->set( '{news-num}', intval( $row['news_num'] ) ); $tpl->set( '{comm-num}', intval( $row['comm_num'] ) ); $tpl->set( '{comment}', "<div id='comm-id-" . $row['id'] . "'>" . stripslashes( $row['text'] ) . "</div>" ); if( $user_group[$member_id['user_group']]['allow_hide'] ) $tpl->set_block( "'\[hide\](.*?)\[/hide\]'si", "\\1" ); else $tpl->set_block( "'\\[hide\\](.*?)\\[/hide\\]'si", "<div class=\"quote\">" . $lang['news_regus'] . "</div>" ); $tpl->compile( 'content' ); } $db->close(); if( $_POST['editor_mode'] == "wysiwyg" ) { $clear_value = "tinyMCE.execInstanceCommand('comments', 'mceSetContent', false, '', false)"; } else { $clear_value = "form.comments.value = '';"; } if( $CN_HALT ) { $stop = implode( '\n', $stop ); $tpl->result['content'] = "<script language=\"Javascript\" type=\"text/javascript\">\n"; if( ! $where_approve ) $tpl->result['content'] .= " var form = document.getElementById('dle-comments-form'); {$clear_value} if ( form.sec_code ) { form.sec_code.value = ''; }"; $tpl->result['content'] .= "\n alert ('" . $stop . "');\n var timeval = new Date().getTime();\n if ( document.getElementById('dle-captcha') ) { document.getElementById('dle-captcha').innerHTML = '<img src=\"' + dle_root + 'engine/modules/antibot.php?rand=' + timeval + '\" border=0><br /><a onclick=\"reload(); return false;\" href=\"#\">{$lang['reload_code']}</a>'; }\n </script>"; } else { $tpl->result['content'] .= <<<HTML <script language='Javascript' type="text/javascript"> var timeval = new Date().getTime(); var post_box_top = _get_obj_toppos( document.getElementById( 'dle-ajax-comments' ) ); if ( post_box_top ) { scroll( 0, post_box_top - 70 ); } var form = document.getElementById('dle-comments-form'); {$clear_value} if ( form.sec_code ) { form.sec_code.value = ''; document.getElementById('dle-captcha').innerHTML = "<img src=\"" + dle_root + "engine/modules/antibot.php?rand=" + timeval + "\" border=0><br /><a onclick=\"reload(); return false;\" href=\"#\">{$lang['reload_code']}</a>"; } </script> HTML; } $tpl->result['content'] = str_replace( '{THEME}', $config['http_home_url'] . 'templates/' . $_REQUEST['skin'], $tpl->result['content'] ); @header( "Content-type: text/css; charset=" . $config['charset'] ); echo $tpl->result['content']; ?> Ссылка на сообщение Поделиться на других сайтах
celsoft 6 095 Опубликовано: 25 октября 2009 Рассказать Опубликовано: 25 октября 2009 Если ваша тема начинается с вопроса и вам нужна какая либо помощь, то в самой теме в обязательном порядке вы должны указывать ссылку на ваш сайт. Если ваш сайт находится в локальной сети и вы не можете предоставить ссылку то отправляйте персональное сообщение с вопросом в службу поддержки непосредственно с сайта http://dle-news.ru/, вам ответят на ваш вопрос в персональном порядке, в случае если пользуетесь легальной копией скрипта. Если вы не указали сайт, то ваша тема будет закрыта, а аккаунт на форуме заблокирован. Ссылка на сообщение Поделиться на других сайтах
Рекомендованные сообщения