Dharma Bum

I have an mboard bulletin board script running on my site that I got from PHP Junkyard. It looks like this: <?php # PHP message board (MBoard) # Version: 1.22 from April 21, 2006 # File name: mboard.php # Written 19th April 2005 by Klemen Stirn (info@phpjunkyard.com) # http://www.PHPJunkYard.com ############################################################################## # COPYRIGHT NOTICE # # Copyright 2004-2006 PHPJunkYard All Rights Reserved. # # # # This script may be used and modified free of charge by anyone so long as # # this copyright notice and the comments above remain intact. By using this # # code you agree to indemnify Klemen Stirn from any liability that might # # arise from it's use. # # # # Selling the code for this program without prior written consent is # # expressly forbidden. In other words, please ask first before you try and # # make money off this program. # # # # Obtain permission before redistributing this software over the Internet or # # in any other medium. In all cases copyright and header must remain intact. # # This Copyright is in full effect in any country that has International # # Trade Agreements with the United States of America or with # # the European Union. # ############################################################################## ############################# # DO NOT EDIT BELOW # ############################# error_reporting(E_ALL ^ E_NOTICE); require_once('settings.php'); $settings['verzija']='1.22'; if(empty($_REQUEST['a'])) { $a=''; } else { $a=htmlspecialchars($_REQUEST['a']); } if ($settings['autosubmit'] && ($a=='addnew' || $a=='reply')) { session_start(); if (empty($_SESSION['checked'])) { $_SESSION['checked']='N'; $_SESSION['secnum']=rand(10000,99999); $_SESSION['checksum']=$_SESSION['secnum']; } if ($_SESSION['checked'] == 'N') { print_secimg(); } elseif ($_SESSION['checked'] == $settings['filter_sum']) { $_SESSION['checked'] = 'N'; $secnumber=pj_isNumber($_POST['secnumber']); if(empty($secnumber)) { print_secimg(1); } if (!check_secnum($secnumber,$_SESSION['checksum'])) { print_secimg(2); } } else { problem('Internal script error. Wrong session parameters!'); } } printTopHTML(); if ($a) { if (!empty($_SESSION['block'])) { problem('You are not allowed to visit this forum!'); } if ($a=='delete') { $num=pj_isNumber($_REQUEST['num'],'Internal script error: Wrong data type for $num'); $up=pj_isNumber($_REQUEST['up'],'Internal script error: Wrong data type for $num'); confirmDelete($num,$up); } if ($a=='confirmdelete') { $pass=pj_input($_REQUEST['pass'],'Please enter your admin password!'); $num=pj_isNumber($_REQUEST['num'],'Internal script error: Wrong data type for $num'); $up=pj_isNumber($_REQUEST['up'],'Internal script error: Wrong data type for $num'); doDelete($pass,$num,$up); } $name=pj_input($_POST['name'],'Please enter your name!'); $message=pj_input($_POST['message'],'Please write a message!'); if(!empty($_POST['email'])) { $email=pj_input($_POST['email']); if(!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) { problem('Please enter a valid e-mail address!'); } $char = array('.','@'); $repl = array("&#46;","&#64;"); $email=str_replace($char,$repl,$email); } else {$email='NO';} if ($a=='addnew') { $subject=pj_input($_POST['subject'],'Please write a subject!'); addNewTopic($name,$email,$subject,$message); } elseif ($a=='reply') { $subject=pj_input($_POST['subject'],'Please write a subject!'); $orig['id']=pj_input($_POST['orig_id'],'Internal script error: No orig_id'); $orig['name']=pj_input($_POST['orig_name'],'Internal script error: No orig_name'); $orig['sub']=pj_input($_POST['orig_subject'],'Internal script error: No orig_subject'); $orig['date']=pj_input($_POST['orig_date'],'Internal script error: No orig_date'); addNewReply($name,$email,$subject,$message,$orig['id'],$orig['name'],$orig['sub'],$orig['date']); } else {problem('Internal script error: No valid action');} } ?> <div align="center"><img src="http://www.mydomain.com/nameboard.jpg" /></div> <div align="center"><img src="http://www.mydomain.com/eldor.gif" /></div> <div align="center"><center> <table border="0" width="95%"><tr> <td> <p><a href="#new"><b>New topic</b></a></p> <hr> <p align="center"><b>Recent topics</b></p> <ul> <?php include_once 'threads.txt'; ?> </ul> <hr></td> </tr></table> </center></div> <p align="center"><a name="new"></a><b>Add new topic</b></p> <div align="center"><center> <table border="0"><tr> <td> <form method=post action="mboard.php" name="form" onSubmit="return mboard_checkFields();"> <p><input type="hidden" name="a" value="addnew"><b>Name:</b><br> <input type=text name="name" size=30 maxlength=30><br> <b>E-mail</b> (optional):<br><input type="text" name="email" size=30 maxlength=50><br> <b>Subject:</b><br><input type=text name="subject" size=30 maxlength=100><br><br> <b>Message:</b><br><textarea cols=50 rows=9 name="message"></textarea><br> </p> <p><input type=submit value="Add New Topic" style="color:#ffff00;background-color:#000000;font-weight:bold;"> </form> </td> </tr></table> </center></div> <?php printCopyHTML(); printDownHTML(); exit(); // >>> START FUNCTIONS <<< // function filter_bad_words($text) { global $settings; $file = 'badwords/'.$settings['filter_lang'].'.php'; if (file_exists($file)) { include_once($file); } else { problem("The bad words file ($file) can't be found! Please check the name of the file. On most servers names are CaSe SeNsiTiVe!"); } foreach ($settings['badwords'] as $k => $v) { $text = preg_replace("/$k/i",$v,$text); } return $text; } // END filter_bad_words function addNewReply($name,$email,$subject,$comments,$orig_id,$orig_name,$orig_subject,$orig_date) { global $settings; $date=date ("d/M/Y"); $comments = str_replace("\'","'",$comments); $comments = str_replace("\"",""",$comments); $comments = MakeUrl($comments); $comments = str_replace("\r\n","<br>",$comments); $comments = str_replace("\n","<br>",$comments); $comments = str_replace("\r","<br>",$comments); /* Let's strip those slashes */ $comments = stripslashes($comments); $subject = stripslashes($subject); $name = stripslashes($name); $orig_name = stripslashes($orig_name); $orig_subject = stripslashes($orig_subject); /* Make text bold, italic and underlined text */ if ($_REQUEST['nostyled'] != "Y") {$comments=styledText($comments);} if ($settings['smileys'] == 1 && $_REQUEST['nosmileys'] != "Y") {$comments = processsmileys($comments);} if ($email != "NO") {$mail = "<<a href=\"mailto:$email\">$email</a>>";} else {$mail=" ";} if ($settings['filter']) { $comments = filter_bad_words($comments); $name = filter_bad_words($name); $subject = filter_bad_words($subject); } $fp = fopen("count.txt","rb") or problem("Can't open the count file (count.txt) for reading!"); $count=fread($fp,6); fclose($fp); $count++; $fp = fopen("count.txt","wb") or problem("Can't open the count file (count.txt) for writing! Please CHMOD this file to 666 (rw-rw-rw)"); fputs($fp,$count); fclose($fp); $threads = file("threads.txt"); for ($i=0;$i<=count($threads);$i++) { if(strstr($threads[$i],'<!--o '.$orig_id.'-->')) { preg_match("/<\!--(.*)-->\s\((.*)\)/",$threads[$i],$matches); $number_of_replies=$matches[2];$number_of_replies++; $threads[$i] = "<!--o $orig_id--> ($number_of_replies)\n"; $threads[$i] .= "<!--z $count-->\n"; $threads[$i] .= "<!--s $count--><ul><li><a href=\"msg/$count.$settings[extension]\">$subject</a> - <b>$name</b> <i>$date</i>\n"; $threads[$i] .= "<!--o $count--> (0)\n"; $threads[$i] .= "</li></ul><!--k $count-->\n"; break; } } $newthreads=implode('',$threads); $fp = fopen("threads.txt","wb") or problem("Couldn't open links file (threads.txt) for writing! Please CHMOD it to 666 (rw-rw-rw)!"); fputs($fp,$newthreads); fclose($fp); $other = "in reply to <a href=\"$orig_id.$settings[extension]\">$orig_subject</a> posted by $orig_name on $orig_date"; createNewFile($name,$mail,$subject,$comments,$count,$date,$other,$orig_id); $oldfile="msg/".$orig_id.".".$settings['extension']; $filecontent = file($oldfile); for ($i=0;$i<=count($filecontent);$i++) { if(preg_match("/<!-- zacni -->/",$filecontent[$i])) { $filecontent[$i] = "<!-- zacni -->\n<!--s $count--><li><a href=\"$count.$settings[extension]\">$subject</a> - <b>$name</b> <i>$date</i></li>\n"; break; } } $rewritefile=implode('',$filecontent); $fp = fopen($oldfile,"wb") or problem("Couldn't open file $oldfile for writing! Please CHMOD the "msg" folder to 777 (rwx-rwx-rwx)!"); fputs($fp,$rewritefile); fclose($fp); ?> <p> </p> <p> </p> <p align="center"><b>Your message was successfully added!</b></p> <p align="center"><a href="mboard.php">Click here to continue</a></p> <p> </p> <p> </p> <p> </p> <p> </p> <?php printCopyHTML(); printDownHTML(); exit(); } function createNewFile($name,$mail,$subject,$comments,$count,$date,$other="",$up="0") { global $settings; $header=implode('',file('header.txt')); $footer=implode('',file('footer.txt')); $content=' <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>'.$subject.'</title> <meta content="text/html; charset=windows-1250"> <link href="'.$settings['mboard_url'].'/style.css" type="text/css" rel="stylesheet"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <script language="Javascript" src="'.$settings['mboard_url'].'/javascript.js"><!-- //--> </script> </head> <body> '; $content.=$header; $content.=' <div align="center"><img src="http://www.mydomain.com/nameboard.jpg" /></div> <div align="center"><img src="http://www.mydomain.com/elbee.gif" /></div> <div align="center"><center> <table border="0" width="95%"><tr> <td> <p align="center"><a href="#new">Post a reply</a> || <a href="'.$settings['mboard_url'].'/mboard.php">Back to '.$settings['mboard_title'].'</a></p> <hr> <p align="center"><b>'.$subject.'</b></p> <p><a href="'.$settings['mboard_url'].'/mboard.php?a=delete&num='.$count.'&up='.$up.'"><img src="'.$settings['mboard_url'].'/images/delete.gif" width="16" height="14" border="0" alt="Delete this post"></a> Submitted by '.$name.' '.$mail.' on '.$date.' '.$other; if ($settings['display_IP']==1) {$content .= '<br><font class="ip">'.$_SERVER['REMOTE_ADDR'].'</font>';} $content .= '</p> <p><b>Message</b>:</p> <p>'.$comments.'</p> <hr> <p align="center"><b>Replies to this post</b></p> <ul> <!-- zacni --><p>No replies yet</p> </ul> <hr></td> </tr></table> </center></div> <p align="center"><a name="new"></a><b>Reply to this post</b></p> <div align="center"><center> <table border="0"><tr> <td> <form method=post action="'.$settings['mboard_url'].'/mboard.php" name="form" onSubmit="return mboard_checkFields();"> <p><input type="hidden" name="a" value="reply"><b>Name:</b><br><input type=text name="name" size=30 maxlength=30><br> E-mail (optional):<br><input type=text name="email" size=30 maxlength=50><br> <b>Subject:</b><br><input type=text name="subject" value="Re: '.$subject.'" size=30 maxlength=100><br><br> <b>Message:</b><br><textarea cols=50 rows=9 name="message"></textarea> <input type="hidden" name="orig_id" value="'.$count.'"> <input type="hidden" name="orig_name" value="'.$name.'"> <input type="hidden" name="orig_subject" value="'.$subject.'"> <input type="hidden" name="orig_date" value="'.$date.'"><br> <p><input type="submit" value="Submit Reply" style="color:#ffff00;background-color:#000000;font-weight:bold;"> </form> </td> </tr></table> </center></div> '; $content.=' <!-- Changing the "Powered by" credit sentence without purchasing a licence is illegal! Please visit http://www.phpjunkyard.com/copyright-removal.php for more information. --> <p align="center"><font size="1">Powered by Free PHP message board '.$settings['verzija'].' from PHPJunkYard - Free PHP scripts</font></p>'; $content.=$footer; $content.=' </body> </html>'; $newfile="msg/".$count.".".$settings['extension']; $fp = fopen($newfile,"wb") or problem("Couldn't create file "$newfile"! Please CHMOD the "msg" folder to 666 (rw-rw-rw)!"); fputs($fp,$content); fclose($fp); unset($content); unset($header); unset($footer); /* Notify admin */ if ($settings['notify'] == 1) { $message = "Hello! Someone has just posted a new message on your forum! Visit the below URL to view the message: $settings[mboard_url]/$newfile End of message "; mail($settings['admin_email'],'New forum post',$message); } /* Delete old posts */ $count -= $settings['maxposts']; $newfile="msg/".$count.".".$settings['extension']; if (file_exists($newfile)) { deleteOld($count,$newfile); } } function addNewTopic($name,$email,$subject,$comments) { global $settings; $date=date ("d/M/Y"); $comments = str_replace("\'","'",$comments); $comments = str_replace("\"",""",$comments); $comments = MakeUrl($comments); $comments = str_replace("\r\n","<br>",$comments); $comments = str_replace("\n","<br>",$comments); $comments = str_replace("\r","<br>",$comments); /* Let's strip those slashes */ $comments = stripslashes($comments); $subject = stripslashes($subject); $name = stripslashes($name); /* Make text bold, italic and underlined */ if ($_REQUEST['nostyled'] != "Y") {$comments=styledText($comments);} if ($settings['smileys'] == 1 && $_REQUEST['nosmileys'] != "Y") {$comments = processsmileys($comments);} if ($email != "NO") {$mail = "<<a href=\"mailto&#58;$email\">$email</a>>";} else {$mail=" ";} if ($settings['filter']) { $comments = filter_bad_words($comments); $name = filter_bad_words($name); $subject = filter_bad_words($subject); } $fp = fopen("count.txt","rb") or problem("Can't open the count file (count.txt) for reading!"); $count=fread($fp,6); fclose($fp); $count++; $fp = fopen("count.txt","wb") or problem("Can't open the count file (count.txt) for writing! Please CHMOD this file to 666 (rw-rw-rw)"); fputs($fp,$count); fclose($fp); $addline = "<!--z $count-->\n"; $addline .= "<!--s $count--><p><li><a href=\"msg/$count.$settings[extension]\">$subject</a> - <b>$name</b> <i>$date</i>\n"; $addline .= "<!--o $count--> (0)\n"; $addline .= "</li><!--k $count-->\n"; $fp = @fopen("threads.txt","rb") or problem("Can't open the log file (threads.txt) for reading!"); $threads = @fread($fp,filesize("threads.txt")); fclose($fp); $addline .= $threads; $fp = fopen("threads.txt","wb") or problem("Couldn't open links file (threads.txt) for writing! Please CHMOD it to 666 (rw-rw-rw)!"); fputs($fp,$addline); fclose($fp); createNewFile($name,$mail,$subject,$comments,$count,$date); ?> <p> </p> <p> </p> <p align="center"><b>Your message was successfully added!</b></p> <p align="center"><a href="mboard.php">Click here to continue</a></p> <p> </p> <p> </p> <p> </p> <p> </p> <?php printCopyHTML(); printDownHTML(); exit(); } function deleteOld($num,$file) { global $settings; if ($settings['keepoldmsg'] == 0) {unlink($file);} // Delete input from threads.txt $keep = 'YES'; $threads = file('threads.txt'); $newthreads=''; foreach ($threads as $mythread) { if (strstr($mythread,'<!--z '.$num.'-->')) {$keep = 'NO'; continue;} elseif (strstr($mythread,'<!--k '.$num.'-->')) {$keep = 'YES'; continue;} elseif ($keep == 'NO') {continue;} else {$newthreads.=$mythread;} } $fp = fopen("threads.txt","wb") or problem("Couldn't open links file (threads.txt) for writing! Please CHMOD it to 666 (rw-rw-rw)!"); fputs($fp,$newthreads); fclose($fp); } function doDelete($pass,$num,$up) { global $settings; if ($pass != $settings[apass]) {problem("Wrong password! The entry hasn't been deleted.");} if ($settings['keepoldmsg'] == 0) { unlink("msg/$num.$settings[extension]") or problem("Can't delete this post, access denied or post doesn't exist!"); } // Delete input from threads.txt $keep = 'YES'; $threads = file('threads.txt'); $newthreads=''; foreach ($threads as $mythread) { if (!empty($up) && strstr($mythread,'<!--o '.$up.'-->')) { preg_match("/<\!--(.*)-->\s\((.*)\)/",$mythread,$matches); $number_of_replies=$matches[2];$number_of_replies--; $newthreads.= '<!--o '.$up.'--> ('.$number_of_replies.")\n"; continue; } elseif (strstr($mythread,'<!--z '.$num.'-->')) {$keep = 'NO'; continue;} elseif (strstr($mythread,'<!--k '.$num.'-->')) {$keep = 'YES'; continue;} elseif ($keep == 'NO') {continue;} else {$newthreads.=$mythread;} } $fp = fopen('threads.txt','wb') or problem("Couldn't open links file (threads.txt) for writing! Please CHMOD it to 666 (rw-rw-rw)!"); fputs($fp,$newthreads); fclose($fp); // Delete input from upper file if any $upfile="msg/$up.$settings[extension]"; if(!empty($up) && file_exists($upfile)) { $threads = file($upfile); $newthreads=''; foreach ($threads as $mythread) { if (strstr($mythread,'<!--s '.$num.'-->')) {continue;} else {$newthreads.=$mythread;} } $fp = fopen($upfile,"wb") or problem("Couldn't open file $upfile for writing! Please CHMOD it to 666 (rw-rw-rw)!"); fputs($fp,$newthreads); fclose($fp); } ?> <hr> <p> </p> <p> </p> <p align="center"><b>Selected post and all replies to it were successfully removed!</b></p> <p align="center"><a href="<?php echo($settings[mboard_url]); ?>/mboard.php">Click here to continue</a></p> <p> </p> <p> </p> <?php printCopyHTML(); printDownHTML(); exit(); } function confirmDelete($num,$up) { global $settings; ?> <hr> <p> </p> <p> </p> <form action="<?php echo($settings[mboard_url]); ?>/mboard.php" method="POST"><input type="hidden" name="a" value="confirmdelete"> <input type="hidden" name="num" value="<?php echo($num); ?>"><input type="hidden" name="up" value="<?php echo($up); ?>"> <p align="center"><b>Please enter your administration password:</b><br> <input type="password" name="pass" size="20"></p> <p align="center"><b>Are you sure you want to delete this post and all replies to it? This action cannot be undone!</b></p> <p align="center"><input type="submit" value="YES, delete this entry and replies to it"> | <a href="<?php echo($settings[mboard_url]); ?>/mboard.php">NO, I changed my mind</a></p> </form> <p> </p> <p> </p> <?php printCopyHTML(); printDownHTML(); exit(); } function styledText($strText) { $strText = preg_replace("/\[b\](.*?)\[\/B\]/i","<B>$1</B>",$strText); $strText = preg_replace("/\[i\](.*?)\[\/I\]/i","<I>$1</I>",$strText); $strText = preg_replace("/\[u\](.*?)\[\/U\]/i","<U>$1</U>",$strText); return($strText); } function MakeUrl($strUrl) { $strText = ' ' . $strUrl; $strText = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "$1<a href=\"$2\" target=\"_blank\" rel=\"nofollow\">$2</a>", $strText); $strText = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "$1<a href=\"http://$2\" target=\"_blank\" rel=\"nofollow\">$2</a>", $strText); $strText = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "$1<a href=\"mailto&#58;$2&#64;$3\" rel=\"nofollow\">$2&#64;$3</a>", $strText); $strText = substr($strText, 1); return($strText); } function processsmileys($text) { $text = str_replace('','<img src="../images/icon_smile.gif" border="0" alt="">',$text); $text = str_replace('','<img src="../images/icon_frown.gif" border="0" alt="">',$text); $text = str_replace('','<img src="../images/icon_biggrin.gif" border="0" alt="">',$text); $text = str_replace('','<img src="../images/icon_wink.gif" border="0" alt="">',$text); $text = preg_replace("/\:o/i",'<img src="../images/icon_redface.gif" border="0" alt="">',$text); $text = preg_replace("/\:p/i",'<img src="../images/icon_razz.gif" border="0" alt="">',$text); $text = str_replace(':cool:','<img src="../images/icon_cool.gif" border="0" alt="">',$text); $text = str_replace('','<img src="../images/icon_rolleyes.gif" border="0" alt="">',$text); $text = str_replace(':mad:','<img src="../images/icon_mad.gif" border="0" alt="">',$text); $text = str_replace(':eek:','<img src="../images/icon_eek.gif" border="0" alt="">',$text); $text = str_replace(':clap:','<img src="../images/yelclap.gif" border="0" alt="">',$text); $text = str_replace(':bonk:','<img src="../images/bonk.gif" border="0" alt="">',$text); $text = str_replace(':chased:','<img src="../images/chased.gif" border="0" alt="">',$text); $text = str_replace(':crazy:','<img src="../images/crazy.gif" border="0" alt="">',$text); $text = str_replace('','<img src="../images/cry.gif" border="0" alt="">',$text); $text = str_replace(':curse:','<img src="../images/curse.gif" border="0" alt="">',$text); $text = str_replace(':err:','<img src="../images/errr.gif" border="0" alt="">',$text); $text = str_replace(':livid:','<img src="../images/livid.gif" border="0" alt="">',$text); $text = str_replace(':rotflol:','<img src="../images/rotflol.gif" border="0" alt="">',$text); $text = str_replace(':love:','<img src="../images/love.gif" border="0" alt="">',$text); $text = str_replace(':nerd:','<img src="../images/nerd.gif" border="0" alt="">',$text); $text = str_replace(':nono:','<img src="../images/nono.gif" border="0" alt="">',$text); $text = str_replace(':smash:','<img src="../images/smash.gif" border="0" alt="">',$text); $text = str_replace(':thumbsup:','<img src="../images/thumbup.gif" border="0" alt="">',$text); $text = str_replace(':toast:','<img src="../images/toast.gif" border="0" alt="">',$text); $text = str_replace(':welcome:','<img src="../images/welcome.gif" border="0" alt="">',$text); $text = str_replace(':ylsuper:','<img src="../images/ylsuper.gif" border="0" alt="">',$text); return $text; } function problem($myproblem) { echo '<p> </p> <p> </p> <p align="center"><b>Error</b></p> <p align="center">'.$myproblem.'</p> <p> </p> <p> </p> <p> </p>'; printCopyHTML(); printDownHTML(); exit(); } function printTopHTML() { header('Expires: Mon, 26 Jul 2000 05:00:00 GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); global $settings; echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>'.$settings['mboard_title'].'</title> <meta content="text/html; charset=windows-1250"> <link href="style.css" type="text/css" rel="stylesheet"> <script language="Javascript" src="javascript.js" type="text/javascript"><!-- //--> </script> </head> <body> '; include_once 'header.txt'; } function printDownHTML() { include_once 'footer.txt'; echo '</body> </html>'; } function printCopyHTML() { global $settings; echo '<hr width="95%"> <!-- Changing the "Powered by" credit sentence without purchasing a licence is illegal! Please visit http://www.phpjunkyard.com/copyright-removal.php for more information. --> <p align="center"><font size="1">Powered by Free PHP message board '.$settings['verzija'].' from PHPJunkYard - Free PHP scripts</font></p>'; } function pj_input($in,$error=0) { $in = trim($in); if (strlen($in)) { $in = htmlspecialchars($in); } elseif ($error) { problem($error); } return stripslashes($in); } function pj_isNumber($in,$error=0) { $in = trim($in); if (preg_match("/\D/",$in) || $in=="") { if ($error) { problem($error); } else { return '0'; } } return $in; } function print_secimg($message=0) { global $settings; printTopHTML(); $_SESSION['checked']=$settings['filter_sum']; ?> <p> </p> <p> </p> <p align="center"><b>Anti-SPAM check</b></p> <div align="center"><center> <table border="0"><tr> <td> <hr> <form method=post action="<?php echo $settings['mboard_url']; ?>/mboard.php?<?php echo strip_tags(SID); ?>" method="POST" name="form"> <?php if ($message == 1) {echo '<p align="center"><font color="#FF0000"><b>Please type in the security number</b></font></p>';} elseif ($message == 2) {echo '<p align="center"><font color="#FF0000"><b>Wrong security number. Please try again</b></font></p>';} ?> <p> </p> <p>This is a security check that prevents automated signups of this forum (SPAM). Please enter the security number displayed below into the input field and click the continue button.</p> <p> </p> <p>Security number: <b><?php echo $_SESSION['secnum']; ?></b><br> Please type in the security number displayed above: <input type="text" size="7" name="secnumber" maxlength="5"></p> <p> <?php foreach ($_POST as $k=>$v) { if ($k == 'secnumber') {continue;} echo '<input type="hidden" name="'.htmlspecialchars($k).'" value="'.htmlspecialchars(stripslashes($v)).'">'; } ?> </p> <p align="center"><input type="submit" value=" Continue "></p> <hr> </form> </td> </tr> </table> <p> </p> <p> </p> <?php printCopyHTML(); printDownHTML(); exit(); } function check_secnum($secnumber,$checksum) { global $settings; $secnumber.=$settings['filter_sum'].date('dmy'); if ($secnumber == $checksum) { unset($_SESSION['checked']); return true; } else { return false; } } ?> </body></html> I am trying to add a simple captcha script to it but I can't get it to work. Very frustrating, especially since I have become a favorite target for the spam bots now. Can anybody make this work?