# 
#----------[ INTRUCTION ]------------------------------- 
# 
# Delete the rand.php 
# 
# Lsche die rand.php 
# 
#
#----------[ OPEN ]-------------------------------------
#

contact_form.php

#
#----------[ FIND ]-------------------------------------
#

session_start();
init_userprefs($userdata); 

#
#----------[ REPLACE WITH ]-----------------------------
#

init_userprefs($userdata); 

#
#----------[ FIND ]-------------------------------------
#

      if($_POST["rand"] != $_SESSION["new_string"]) {
	     message_die(GENERAL_ERROR, $lang['code_wrong']);
	  } 

#
#----------[ REPLACE WITH ]-----------------------------
#

	  if ( $board_config['enable_confirm'] && !$userdata['session_logged_in'] ) 
	  { 
		if ( empty($HTTP_POST_VARS['confirm_id']) || empty($HTTP_POST_VARS['confirm_code']) ) 
		{ 
			$error = TRUE; 
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong']; 
		} 
		else 
		{ 
			$confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); 
			if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id)) 
			{ 
				$confirm_id = ''; 
			} 

			$sql = 'SELECT code 
				FROM ' . CONFIRM_TABLE . " 
				WHERE confirm_id = '$confirm_id' 
				AND session_id = '" . $userdata['session_id'] . "'"; 
			if (!($result = $db->sql_query($sql))) 
			{ 
				message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); 
			} 

			if ($row = $db->sql_fetchrow($result)) 
			{ 
				if ($row['code'] != $HTTP_POST_VARS['confirm_code']) 
				{ 
					$error = TRUE; 
					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong']; 
				} 
				else 
				{ 
					$sql = 'DELETE FROM ' . CONFIRM_TABLE . " 
						WHERE confirm_id = '$confirm_id' 
						AND session_id = '" . $userdata['session_id'] . "'"; 
						if (!$db->sql_query($sql)) 
						{ 
							message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); 
						} 
				} 
			} 
			else 
			{       
				$error = TRUE; 
				$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong']; 
			} 
			$db->sql_freeresult($result); 
		} 
		($error) ? message_die(GENERAL_MESSAGE, $error_msg) : '';
	  } 

#
#----------[ FIND ]-------------------------------------
#

$template->set_filenames(array( 
    'body' => 'contact_form.tpl' 
    ) 
); 

#
#----------[ AFTER, ADD ]-------------------------------
#

$hidden_form_fields = '';
// 
// Visual confirmation for guests 
// 
$confirm_image = ''; 
if( !$userdata['session_logged_in'] && (!empty($board_config['enable_confirm'])) ) 
{ 
   $sql = 'SELECT session_id 
      FROM ' . SESSIONS_TABLE; 
   if (!($result = $db->sql_query($sql))) 
   { 
      message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql); 
   } 
    
   if ($row = $db->sql_fetchrow($result)) 
   { 
      $confirm_sql = ''; 
      do 
      { 
         $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'"; 
      } 
      while ($row = $db->sql_fetchrow($result)); 
    
      $sql = 'DELETE FROM ' .  CONFIRM_TABLE . " 
         WHERE session_id NOT IN ($confirm_sql)"; 
      if (!$db->sql_query($sql)) 
      { 
         message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql); 
      } 
   } 
   $db->sql_freeresult($result); 
    
   // Generate the required confirmation code
   $code_length = mt_rand(4, 6);
   $code = dss_rand();
   $code = strtoupper(base_convert($code, 16, 35));
   $code = str_replace('I', '', $code); // The letter I could get confused with the letter J and the number 1 (one) so we remove it
   $code = str_replace('0', '', $code); // NB 0 (zero) could get confused with O (the letter) so we remove it
   $code = substr($code, 2, $code_length);

   $confirm_id = md5(uniqid($user_ip));
    
   $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) 
      VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')"; 
   if (!$db->sql_query($sql)) 
   { 
      message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql); 
   } 
    
   unset($code); 
    
   $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />';
   $hidden_form_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; 
    
   $template->assign_block_vars('switch_confirm', array()); 
} 
$hidden_form_fields .= '<input type="hidden" name="mode" value="send" /> ';
#
#----------[ FIND ]-------------------------------------
#

	'MESSAGE' => $message,

#
#----------[ AFTER, ADD ]-------------------------------
#

	'CONFIRM_IMG' => $confirm_image, 

	'L_CONFIRM_CODE_IMPAIRED'   => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'), 
	'L_CONFIRM_CODE' => $lang['Confirm_code'], 
	'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'], 

#
#----------[ FIND ]-------------------------------------
#

	'L_OPTION_FOUR' => $lang['EOption_Four_Text']
	
	 ) 
); 

#
#----------[ REPLACE WITH ]-----------------------------
#

	'L_OPTION_FOUR' => $lang['EOption_Four_Text'],

	'S_HIDDEN_FIELDS' => $hidden_form_fields) 
); 

#
#----------[ OPEN ]-------------------------------------
#

contact_form.tpl

#
#----------[ FIND ]-------------------------------------
#

            <td><span class="genmed">{L_EYOUR_NAME}:</span> <font color="006699">*</font></td>

#
#----------[ REPLACE WITH ]-----------------------------
#

            <td width="38%"><span class="genmed">{L_EYOUR_NAME}:</span> <font color="006699">*</font></td>

#
#----------[ FIND ]-------------------------------------
#

          <tr>
            <td><img src="rand.php" border="0"> <font color="006699">*</font></td>
            <td><input name="rand" size="5" maxlength="5"></td>
          </tr> 

#
#----------[ REPLACE WITH ]-----------------------------
#

<!-- BEGIN switch_confirm -->
		<tr>
			<td colspan="2" align="center"><span class="gensmall">{L_CONFIRM_CODE_IMPAIRED}</span><br /><br />{CONFIRM_IMG}<br /><br /></td>
		</tr>
		<tr> 
			<td><span class="genmed">{L_CONFIRM_CODE}: <font color="006699">*</font> </span><br /><span class="gensmall">{L_CONFIRM_CODE_EXPLAIN}</span></td>
			<td><input type="text" class="post" style="width: 200px" name="confirm_code" size="10" maxlength="10" value="" /></td>
		</tr>
<!-- END switch_confirm -->

#
#----------[ FIND ]-------------------------------------
#

            <td align="right"> <input type="hidden" name="mode" value="send" /> 
              <input name="submit" type="submit" class="liteoption" value="{L_ESUBMIT}" /> 
              <input name="reset" type="reset" class="liteoption" value="{L_ECLEAR_FORM}" /> 
              <br /> <br /> </td>
          </tr>

#
#----------[ REPLACE WITH ]-----------------------------
#

            <td align="right"> {S_HIDDEN_FIELDS}
          </tr>
          <tr> 
            <td colspan="2" align="center">
              <input name="submit" type="submit" class="liteoption" value="{L_ESUBMIT}" /> 
              <input name="reset" type="reset" class="liteoption" value="{L_ECLEAR_FORM}" /> 
              <br /> <br /> </td>
          </tr>

#
#----------[ SAVE AND CLOSE ALL FILES ]-----------------
#
# EoM