General Support2 sam2kb Jan 23, 2010 04:03
b2evolution CMS Support Forums- Miscellaneous
- Chat away
- Comments suddenly all showing up under posts on main page?!
1 chirin Jan 23, 2010 02:49
3 chirin Jan 23, 2010 04:17
I tried disabling the turing test, but it didn't fix the problem.
4 sam2kb Jan 23, 2010 05:16
Then you should check your skin files for recent changes.
Can you post the _main.php file here?
5 chirin Jan 23, 2010 19:14
OK, here it is:
<?php
/**
* This is the main template. It displays the blog.
*
* However this file is not meant to be called directly.
* It is meant to be called automagically by b2evolution.
* To display a blog, the easiest way is to call index.php?blog=#
* where # is the number of your blog.
*
* This file is part of the b2evolution project - {@link http://b2evolution.net/}
*
* @copyright (c)2003-2006 by Francois PLANQUE - {@link http://fplanque.net/}
* Parts of this file are copyright (c)2005 by Jason EDGECOMBE.
* Parts of this file are copyright (c)2004-2005 by Daniel HAHLER.
*
* @license http://b2evolution.net/about/license.html GNU General Public License (GPL)
*
* {@internal Open Source relicensing agreement:
* Daniel HAHLER grants Francois PLANQUE the right to license
* Daniel HAHLER's contributions to this file and the b2evolution project
* under any OSI approved OSS license (http://www.opensource.org/licenses/).
*
* Jason EDGECOMBE grants Francois PLANQUE the right to license
* Jason EDGECOMBE's personal contributions to this file and the b2evolution project
* under any OSI approved OSS license (http://www.opensource.org/licenses/).
* }}
*
* @package evoskins
* @subpackage custom
*
* {@internal Below is a list of authors who have contributed to design/coding of this file: }}
* @author blueyed: Daniel HAHLER
* @author cafelog (team)
* @author edgester: Jason EDGECOMBE (personal contributions, not for hire)
* @author fplanque: Francois PLANQUE - {@link http://fplanque.net/}
*
* @version $Id: _main.php,v 1.116.2.13 2007/03/10 18:37:31 fplanque Exp $
*/
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
skin_content_header(); // Sets charset!
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php locale_lang() ?>" lang="<?php locale_lang() ?>">
<head>
<?php skin_content_meta(); /* Charset for static pages */ ?>
<?php $Plugins->trigger_event( 'SkinBeginHtmlHead' ); ?>
<title><?php
$Blog->disp('name', 'htmlhead');
request_title( ' - ', '', ' - ', 'htmlhead' );
?></title>
<?php skin_base_tag(); /* Base URL for this skin. You need this to fix relative links! */ ?>
<meta name="description" content="<?php $Blog->disp( 'shortdesc', 'htmlattr' ); ?>" />
<meta name="keywords" content="<?php $Blog->disp( 'keywords', 'htmlattr' ); ?>" />
<meta name="generator" content="b2evolution <?php echo $app_version ?>" /> <!-- Please leave this for stats -->
<link rel="alternate" type="text/xml" title="RSS 2.0" href="<?php $Blog->disp( 'rss2_url', 'raw' ) ?>" />
<link rel="alternate" type="application/atom+xml" title="Atom" href="<?php $Blog->disp( 'atom_url', 'raw' ) ?>" />
<LINK rel = STYLESHEET
href = "http://www.pelleas.net/includes/anime.css"
Type = "text/css" >
<link rel="stylesheet" href="custom.css" type="text/css" />
<?php
$Blog->disp( 'blog_css', 'raw');
$Blog->disp( 'user_css', 'raw');
?>
</head>
<body class=anime>
<table cellpadding=0 cellspacing=0 border=0 align=center width=700>
<tr><td width=130 style='vertical-align: top'><a class="menu" href=http://www.pelleas.net/aniTOP><img border=0 src=http://www.pelleas.net/pics/pelleas.gif></a>
<p class=menuhead><a class="menu" href=http://www.pelleas.net/aniTOP>TOP</a>
<p class=menuhead>FEATURES
<p class=menubody><a class="menu" href="http://www.pelleas.net/int/int3.shtml">Sanrio Article</a><br>
<a class="menu" href="http://www.pelleas.net/animators">Karisuma Animators</a><br>
<a class="menu" href="http://www.pelleas.net/reviews">Old Anime Reviews</a><br>
<p class=menuhead>FILMOS
<p class=menubody><a class="menu" href="http://www.pelleas.net/yuasa">Masaaki Yuasa</a><br>
<a class="menu" href="http://www.pelleas.net/mori">Yasuji Mori</a><br>
<a class="menu" href="http://www.pelleas.net/hm">Masami Hata</a><br>
<p class=menuhead>INTERVIEWS
<p class=menubody><a class="menu" href="http://www.pelleas.net/int/int1.shtml">Fumio Kurokawa</a><br>
<a class="menu" href="http://www.pelleas.net/int/int2.shtml">Y. Otsuka x Y. Mori</a>
<script language="JavaScript">
document.write("<p style='font-size: 10px'>"+"<a class=bl h")
document.write("ref=m")
document.write("ailt")
document.write("o:")
document.write("ani"+"pag"+"es")
document.write("@")
document.write("pe"+"ll")
document.write("eas."+"net>")
document.write("<img border=0 src=http://www.pelleas.net/pics/wmt/mailto.gif> Contact AniPages!")
document.write("</a>")
</script>
<br><br><br><br><br><br>
</div>
<!-- =================================== START OF SIDEBAR =================================== -->
<div class="bSideBar">
<div class="bSideItem">
<p class="menuhead" style="color: #D98719; border-bottom: 3px #D98719 solid">
<?php $Blog->disp( 'name', 'htmlbody' ) ?></p>
<p class=tophead style='border-bottom: 0px'><a class=menu
href="<?php $Blog->disp( 'lastcommentsurl', 'raw' ) ?>"><strong>› <?php echo T_('Last comments') ?></strong></a>
<P class=tophead style="BORDER-BOTTOM-WIDTH: 0px"><A class=menu target="_new"
href="http://www.pelleas.net/aniBBS">› Forum</a>
<P class=tophead style="BORDER-BOTTOM-WIDTH: 0px"><A class=menu
href="http://www.pelleas.net/aniTOP/index.php?p=463&more=1&c=1&tb=1&pb=1">› Past Highlights</A></P>
<P class=tophead style="BORDER-BOTTOM-WIDTH: 0px"><A class=menu
href="http://www.pelleas.net/aniTOP/index.php?cat=15">› Mind Game</A></P>
<P class=tophead style="BORDER-BOTTOM-WIDTH: 0px"><A class=menu
href="http://www.pelleas.net/aniTOP/index.php?cat=16">› Kemonozume</A></P>
<P class=tophead style="BORDER-BOTTOM-WIDTH: 0px"><A class=menu
href="http://www.pelleas.net/aniTOP/index.php?cat=17">› Denno Coil</A></P>
<P class=tophead style="BORDER-BOTTOM-WIDTH: 0px"><A class=menu
href="http://www.pelleas.net/aniTOP/index.php?cat=19">› Kaiba</A></P>
<?php
// -------------------------- CALENDAR INCLUDED HERE -----------------------------
// Call the Calendar plugin:
$Plugins->call_by_code( 'evo_Calr', array( // Params follow:
'block_start'=>'',
'block_end'=>'',
'title'=>'', // No title.
) );
// -------------------------------- END OF CALENDAR ----------------------------------
?>
</div>
<div class="bSideItem">
<p class="tophead"><?php echo T_('Search') ?></p>
<?php form_formstart( $Blog->dget( 'blogurl', 'raw' ), 'search', 'SearchForm' ) ?>
<p><input style='font-family: courier new; color: #FF7F00; width: 90%' type="text" name="s" size="30" value="<?php echo htmlspecialchars($s) ?>" class="SearchField" /><br />
<input type="radio" name="sentence" value="AND" id="sentAND" <?php if( $sentence=='AND' ) echo 'checked="checked" ' ?>/><label for="sentAND"><?php echo T_('All Words') ?></label><br />
<input type="radio" name="sentence" value="OR" id="sentOR" <?php if( $sentence=='OR' ) echo 'checked="checked" ' ?>/><label for="sentOR"><?php echo T_('Some Word') ?></label><br />
<input type="radio" name="sentence" value="sentence" id="sentence" <?php if( $sentence=='sentence' ) echo 'checked="checked" ' ?>/><label for="sentence"><?php echo T_('Entire phrase') ?></label></p>
<input type="submit" name="submit" class="submit" value="<?php echo T_('Search') ?>" />
</form>
</div>
<?php
// -------------------------- ARCHIVES INCLUDED HERE -----------------------------
// Call the Archives plugin:
$Plugins->call_by_code( 'evo_Arch', array( // Add parameters below:
) );
// -------------------------------- END OF ARCHIVES ----------------------------------
?>
<?php if( ! $Blog->get('force_skin') )
{ // Skin switching is allowed for this blog: ?>
<div class="bSideItem">
<><?php echo T_('Choose skin') ?></h3>
<ul>
<?php // ------------------------------- START OF SKIN LIST -------------------------------
for( skin_list_start(); skin_list_next(); ) { ?>
<li><a href="<?php skin_change_url() ?>"><?php skin_list_iteminfo( 'name', 'htmlbody' ) ?></a></li>
<?php } // ------------------------------ END OF SKIN LIST ------------------------------ ?>
</ul>
</div>
<?php } ?>
<?php
// -------------------------- LINKBLOG INCLUDED HERE -----------------------------
require( dirname(__FILE__).'/_linkblog.php' );
// -------------------------------- END OF LINKBLOG ----------------------------------
?>
<div class="bSideItem">
<p class="tophead"><?php echo T_('Misc') ?></p>
<ul>
<?php
user_login_link( '<li>', '</li>' );
user_register_link( '<li>', '</li>' );
user_admin_link( '<li>', '</li>' );
user_profile_link( '<li>', '</li>' );
user_subs_link( '<li>', '</li>' );
user_logout_link( '<li>', '</li>' );
?>
</ul>
</div>
<div class="bSideItem">
<p class="tophead"><img src="<?php echo $rsc_url ?>icons/feed-icon-16x16.gif" width="16" height="16" class="top" alt="" /> <?php echo T_('XML Feeds') ?></p>
<ul>
<li>
RSS 0.92:
<a href="<?php $Blog->disp( 'rss_url', 'raw' ) ?>"><?php echo T_('Posts') ?></a>,
<a href="<?php $Blog->disp( 'comments_rss_url', 'raw' ) ?>"><?php echo T_('Comments') ?></a>
</li>
<li>
RSS 1.0:
<a href="<?php $Blog->disp( 'rdf_url', 'raw' ) ?>"><?php echo T_('Posts') ?></a>,
<a href="<?php $Blog->disp( 'comments_rdf_url', 'raw' ) ?>"><?php echo T_('Comments') ?></a>
</li>
<li>
RSS 2.0:
<a href="<?php $Blog->disp( 'rss2_url', 'raw' ) ?>"><?php echo T_('Posts') ?></a>,
<a href="<?php $Blog->disp( 'comments_rss2_url', 'raw' ) ?>"><?php echo T_('Comments') ?></a>
</li>
<li>
Atom:
<a href="<?php $Blog->disp( 'atom_url', 'raw' ) ?>"><?php echo T_('Posts') ?></a>,
<a href="<?php $Blog->disp( 'comments_atom_url', 'raw' ) ?>"><?php echo T_('Comments') ?></a>
</li>
</ul>
<a href="http://webreference.fr/2006/08/30/rss_atom_xml" title="External - English"><?php echo T_('What is RSS?') ?></a>
</div>
<?php
if( empty($generating_static) && ! $Plugins->trigger_event_first_true('CacheIsCollectingContent') )
{ // We're not generating static pages nor is a caching plugin collecting the content, so we can display this block
// TODO: when this gets a SkinTag plugin this check should get done by the Plugin
?>
<div class="bSideItem">
<p class="tophead"><?php echo T_('Who\'s Online?') ?></p>
<?php
$Sessions->display_onliners();
?>
</div>
<?php } ?>
<p class="center">powered by<br />
<a href="http://b2evolution.net/" title="b2evolution home"><img src="<?php echo $rsc_url; ?>img/b2evolution_logo_80.gif" alt="b2evolution" width="80" height="17" border="0" class="middle" /></a></p>
</div>
<td class=pel-apd>
<div class="pageHeader" style='background-image: url(http://www.pelleas.net/pics/anitop.gif); background-position: center; background-repeat: no-repeat'>
</div>
<div class="bPosts">
<!-- =================================== START OF MAIN AREA =================================== -->
<?php
// ------------------------- MESSAGES GENERATED FROM ACTIONS -------------------------
if( empty( $preview ) ) $Messages->disp( );
// fp>> TODO: I think we should rather forget the messages here so they don't get displayed again.
// --------------------------------- END OF MESSAGES ---------------------------------
?>
<?php
// ------------------------- TITLE FOR THE CURRENT REQUEST -------------------------
request_title( '<h2 style="font-family: helvetica; font-weight: heavy; color: #aaaaaa">', '</h2>' );
// ------------------------------ END OF REQUEST TITLE -----------------------------
?>
<?php
// -------------- START OF INCLUDES FOR LAST COMMENTS, MY PROFILE, ETC. --------------
// Note: you can customize any of the sub templates included here by
// copying the matching php file into your skin directory.
$current_skin_includes_path = dirname(__FILE__).'/';
// Call the dispatcher:
require $skins_path.'_dispatch.inc.php';
// --------------- END OF INCLUDES FOR LAST COMMENTS, MY PROFILE, ETC. ---------------
?>
<?php
// ------------------------------------ START OF POSTS ----------------------------------------
if( isset($MainList) ) $MainList->display_if_empty(); // Display message if no post
if( isset($MainList) ) while( $Item = & $MainList->get_item() )
{
the_date( '‹ l, F d, Y ›', '<H3 style="COLOR: #111111">', '</h3>' );
?>
<?php
//previous_post(); // link to previous post in single page mode
//next_post(); // link to next post in single page mode
?>
<div class="bPost bPost<?php $Item->status( 'raw' ) ?>" lang="<?php $Item->lang() ?>">
<?php
locale_temp_switch( $Item->locale ); // Temporarily switch to post locale
$Item->anchor(); // Anchor for permalinks to refer to
?>
<div class="bSmallHead">
<?php
$Item->permanent_link( '#icon#' );
echo ' ';
$Item->issue_time();
echo ', ';
$Item->wordcount();
echo ' '.T_('words');
echo ', ';
$Item->views();
echo ' ';
echo T_('Categories'), ': ';
$Item->categories();
?>
<h3 class="bTitle"><?php $Item->title(); ?></h3>
</div>
<div class="bText">
<?php $Item->content(); ?>
<?php link_pages() ?>
</div>
<div class="bSmallPrint">
<?php $Item->feedback_link( 'comments', '' ) // Link to comments ?>
<?php $Item->feedback_link( 'trackbacks', ' • ' ) // Link to trackbacks ?>
<?php $Item->edit_link( ' • ' ) // Link to backoffice for editing ?>
<?php $Item->trackback_rdf() // trackback autodiscovery information ?>
</div>
<?php
// ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
$disp_comments = 1; // Display the comments if requested
$disp_comment_form = 1; // Display the comments form if comments requested
$disp_trackbacks = 1; // Display the trackbacks if requested
$disp_trackback_url = 1; // Display the trackbal URL if trackbacks requested
$disp_pingbacks = 1; // Display the pingbacks if requested
require( dirname(__FILE__).'/_feedback.php' );
// -------------- END OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. --------------
locale_restore_previous(); // Restore previous locale (Blog locale)
?>
</div>
<?php
} // ---------------------------------- END OF POSTS ------------------------------------
?>
<p class="center"><strong>
<?php posts_nav_link(); ?>
<?php
// previous_post( '<p class="center">%</p>' );
// next_post( '<p class="center">%</p>' );
?>
</strong></p>
</div>
</table>
<table cellpadding=0 cellspacing=0 border=0 align=center width=700><tr><td width=130><td class=sm><a class=bl href=http://www.pelleas.net>HOME</a><td class=sm align=right>© Benjamin Ettinger
<?php
$Hit->log(); // log the hit on this page
debug_info(); // output debug info if requested
?>
</body>
</html>6 sam2kb Jan 23, 2010 19:46
Can you show the _feedback.php too, _main.php seems OK to me.
7 chirin Jan 23, 2010 21:38
Here it is:
_feedback.php
<?php
/**
* This is the template that displays the feedback for a post
* (comments, trackbak, pingback...)
*
* This file is not meant to be called directly.
* It is meant to be called by an include in the _main.php template.
* To display a feedback, you should call a stub AND pass the right parameters
* For example: /blogs/index.php?p=1&more=1&c=1&tb=1&pb=1
* Note: don't code this URL by hand, use the template functions to generate it!
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2006 by Francois PLANQUE - {@link http://fplanque.net/}
*
* @package evoskins
* @subpackage custom
*/
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
/**
* We now call the default feedback handler...
* However you can replace this file with the full handler (in /blogs) and customize it!
*/
require $skins_path.'_feedback.php';
?>8 sam2kb Jan 23, 2010 22:29
This file is basically redirecting you to another _feedback.php located in /skins/ directory.
Can you show that one?
9 chirin Jan 24, 2010 01:50
Sorry... Thanks for your patience. :)
<?php
/**
* This is the template that displays the feedback for a post
* (comments, trackback, pingback...)
*
* You may want to call this file multiple time in a row with different $c $tb $pb params.
* This allow to seprate different kinds of feedbacks instead of displaying them mixed together
*
* This file is not meant to be called directly.
* It is meant to be called by an include in the _main.php template.
* To display a feedback, you should call a stub AND pass the right parameters
* For example: /blogs/index.php?p=1&more=1&c=1&tb=1&pb=1
* Note: don't code this URL by hand, use the template functions to generate it!
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2006 by Francois PLANQUE - {@link http://fplanque.net/}
*
* @package evoskins
*/
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
if( empty($c) )
{ // Comments not requested
$disp_comments = 0; // DO NOT Display the comments if not requested
$disp_comment_form = 0; // DO NOT Display the comments form if not requested
}
if( empty($tb) || !$Blog->get( 'allowtrackbacks' ) )
{ // Trackback not requested or not allowed
$disp_trackbacks = 0; // DO NOT Display the trackbacks if not requested
$disp_trackback_url = 0; // DO NOT Display the trackback URL if not requested
}
if( empty($pb) )
{ // Pingback not requested
$disp_pingbacks = 0; // DO NOT Display the pingbacks if not requested
}
if( ! ($disp_comments || $disp_comment_form || $disp_trackbacks || $disp_trackback_url || $disp_pingbacks ) )
{ // Nothing more to do....
return false;
}
echo '<a id="feedbacks"></a>';
$type_list = array();
$disp_title = array();
if( $disp_comments )
{ // We requested to display comments
if( $Item->can_see_comments() )
{ // User can see a comments
$type_list[] = "'comment'";
$disp_title[] = T_("Comments");
}
else
{ // Use cannot see comments
$disp_comments = false;
}
echo '<a id="comments"></a>';
}
if( $disp_trackbacks )
{
$type_list[] = "'trackback'";
$disp_title[] = T_("Trackbacks");
echo '<a id="trackbacks"></a>';
}
if( $disp_pingbacks )
{
$type_list[] = "'pingback'";
$disp_title[] = T_("Pingbacks");
echo '<a id="pingbacks"></a>';
}
if( $disp_trackback_url )
{ // We want to display the trackback URL:
?>
<h4><?php echo T_('Trackback address for this post:') ?></h4>
<?php
/*
* Trigger plugin event, which could display a captcha form, before generating a whitelisted URL:
*/
if( ! $Plugins->trigger_event_first_true( 'DisplayTrackbackAddr', array('Item' => & $Item, 'template' => '<code>%url%</code>') ) )
{ // No plugin displayed a payload, so we just display the default:
?>
<code><?php $Item->trackback_url() ?></code>
<?php
}
}
if( $disp_comments || $disp_trackbacks || $disp_pingbacks )
{
?>
<!-- Title for comments, tbs, pbs... -->
<h4><?php echo implode( ", ", $disp_title) ?>:</h4>
<?php
$CommentList = & new CommentList( 0, implode(',', $type_list), array('published'), $Item->ID, '', 'ASC' );
$CommentList->display_if_empty(
'<div class="bComment"><p>' .
sprintf( /* TRANS: NO comments/trackabcks/pingbacks/ FOR THIS POST... */
T_('No %s for this post yet...'), implode( "/", $disp_title) ) .
'</p></div>' );
while( $Comment = & $CommentList->get_next() )
{ // Loop through comments:
?>
<!-- ========== START of a COMMENT/TB/PB ========== -->
<?php $Comment->anchor() ?>
<div class="bComment">
<div class="bCommentTitle">
<?php
switch( $Comment->get( 'type' ) )
{
case 'comment': // Display a comment:
echo T_('Comment from:').' ';
$Comment->author();
$Comment->msgform_link( $Blog->get('msgformurl') );
$Comment->author_url( '', ' · ', '' );
break;
case 'trackback': // Display a trackback:
echo T_('Trackback from:') ?>
<?php $Comment->author( '', '#', '', '#', 'htmlbody', true ) ?>
<?php break;
case 'pingback': // Display a pingback:
echo T_('Pingback from:') ?>
<?php $Comment->author( '', '#', '', '#', 'htmlbody', true ) ?>
<?php break;
}
?>
</div>
<div class="bCommentText">
<?php $Comment->content() ?>
</div>
<div class="bCommentSmallPrint">
<?php $Comment->permanent_link( '#', '#', 'permalink_right' ); ?>
<?php $Comment->edit_link( '', '', '#', '#', 'permalink_right' ); /* Link to backoffice for editing */ ?>
<?php $Comment->delete_link( '', '', '#', '#', 'permalink_right' ); /* Link to backoffice for deleting */ ?>
<?php $Comment->date() ?> @ <?php $Comment->time( 'H:i' ) ?>
</div>
</div>
<!-- ========== END of a COMMENT/TB/PB ========== -->
<?php
} // End of comment list loop.
// _______________________________________________________________
// Display count of comments to be moderated:
$Item->feedback_moderation( 'feedbacks', '<div class="moderation_msg"><p>', '</p></div>',
T_('This post has no feedback awaiting moderation...'),
T_('This post has 1 feedback awaiting moderation... %s'),
T_('This post has %d feedbacks awaiting moderation... %s') );
// _______________________________________________________________
// Comment form:
if( $disp_comment_form && $Item->can_comment() )
{ // We want to display the comments form and the item can be commented on:
// Default form params:
$comment_author = isset($_COOKIE[$cookie_name]) ? trim($_COOKIE[$cookie_name]) : '';
$comment_author_email = isset($_COOKIE[$cookie_email]) ? trim($_COOKIE[$cookie_email]) : '';
$comment_author_url = isset($_COOKIE[$cookie_url]) ? trim($_COOKIE[$cookie_url]) : '';
$comment_content = '';
// PREVIEW:
$preview_Comment = $Session->get('core.preview_Comment');
if( $preview_Comment )
{
if( $preview_Comment->item_ID == $Item->ID )
{ // display PREVIEW:
?>
<div class="bComment" id="comment_preview">
<div class="bCommentTitle">
<?php
echo T_('PREVIEW Comment from:').' ';
$preview_Comment->author();
$preview_Comment->msgform_link( $Blog->get('msgformurl') );
$preview_Comment->author_url( '', ' · ', '' );
?>
</div>
<div class="bCommentText">
<?php $preview_Comment->content() ?>
</div>
<div class="bCommentSmallPrint">
<?php $preview_Comment->date() ?> @ <?php $preview_Comment->time( 'H:i' ) ?>
</div>
</div>
<?php
// Form fields:
$comment_content = $preview_Comment->original_content;
// for visitors:
$comment_author = $preview_Comment->author;
$comment_author_email = $preview_Comment->author_email;
$comment_author_url = $preview_Comment->author_url;
}
// delete any preview comment from session data:
$Session->delete( 'core.preview_Comment' );
$preview_Comment = NULL;
}
?>
<h4 class="bCommentLeaveHead"><?php echo T_('Leave a comment') ?>:</h4>
<!-- form to add a comment -->
<?php
$Form = & new Form( $htsrv_url.'comment_post.php', 'bComment_form_id_'.$Item->ID );
$Form->begin_form( 'bComment' );
$Form->hidden( 'comment_post_ID', $Item->ID );
$Form->hidden( 'redirect_to',
// Make sure we get back to the right page (on the right domain)
// fplanque>> TODO: check if we can use the permalink instead but we must check that application wide,
// that is to say: check with the comments in a pop-up etc...
url_rel_to_same_host(regenerate_url( '', '', $Blog->get('blogurl'), '&' ), $htsrv_url) );
if( is_logged_in() )
{ // User is logged in:
$Form->begin_fieldset();
$Form->info_field( T_('User'), '<strong>'.$current_User->get_preferred_name().'</strong>'
.' '.get_user_profile_link( ' [', ']', T_('Edit profile') ) );
$Form->end_fieldset();
}
else
{ // User is not logged in:
// Note: we use funky field names to defeat the most basic guestbook spam bots
$Form->text( 'u', $comment_author, 40, T_('Name'), '', 100, 'bComment' );
$Form->text( 'i', $comment_author_email, 40, T_('Email'), T_('Your email address will <strong>not</strong> be displayed on this site.'), 100, 'bComment' );
$Form->text( 'o', $comment_author_url, 40, T_('Site/Url'), T_('Your URL will be displayed.'), 100, 'bComment' );
}
echo '<div class="comment_toolbars">';
// CALL PLUGINS NOW:
$Plugins->trigger_event( 'DisplayCommentToolbar', array() );
echo '</div>';
// Message field:
$Form->textarea( 'p', $comment_content, 10, T_('Comment text'),
T_('Allowed XHTML tags').': '.htmlspecialchars(str_replace( '><',', ', $comment_allowed_tags)), 40, 'bComment' );
// set b2evoCanvas for plugins
echo '<script type="text/javascript">var b2evoCanvas = document.getElementById( "p" );</script>';
$comment_options = array();
$Form->output = false;
$Form->label_to_the_left = false;
$old_label_suffix = $Form->label_suffix;
$Form->label_suffix = '';
$Form->switch_layout('inline');
if( substr($comments_use_autobr,0,4) == 'opt-')
{
$comment_options[] = $Form->checkbox_input( 'comment_autobr', ($comments_use_autobr == 'opt-out'), T_('Auto-BR'), array(
'note' => '('.T_('Line breaks become <br />').')', 'tabindex' => 6 ) );
}
if( ! is_logged_in() )
{ // User is not logged in:
$comment_options[] = $Form->checkbox_input( 'comment_cookies', true, T_('Remember me'), array(
'note' => '('.T_('Set cookies for name, email and url').')', 'tabindex' => 7 ) );
// TODO: If we got info from cookies, Add a link called "Forget me now!" (without posting a comment).
$comment_options[] = $Form->checkbox_input( 'comment_allow_msgform', true, T_('Allow message form'), array(
'note' => '('.T_('Allow users to contact you through a message form (your email will NOT be displayed.)').')', 'tabindex' => 8 ) );
// TODO: If we have an email in a cookie, Add links called "Add a contact icon to all my previous comments" and "Remove contact icon from all my previous comments".
}
$Form->output = true;
$Form->label_to_the_left = true;
$Form->label_suffix = $old_label_suffix;
$Form->switch_layout(NULL);
if( ! empty($comment_options) )
{
$Form->begin_fieldset();
echo $Form->begin_field( NULL, T_('Options'), true );
echo implode( '<br />', $comment_options );
echo $Form->end_field();
$Form->end_fieldset();
}
$Plugins->trigger_event( 'DisplayCommentFormFieldset', array( 'Form' => & $Form, 'Item' => & $Item ) );
$Form->begin_fieldset();
echo '<div class="input">';
$Form->button_input( array( 'name' => 'submit_comment_post_'.$Item->ID.'[save]', 'class' => 'submit', 'value' => T_('Send comment'), 'tabindex' => 10 ) );
$Form->button_input( array( 'name' => 'submit_comment_post_'.$Item->ID.'[preview]', 'class' => 'preview', 'value' => T_('Preview'), 'tabindex' => 9 ) );
$Plugins->trigger_event( 'DisplayCommentFormButton', array( 'Form' => & $Form, 'Item' => & $Item ) );
echo '</div>';
$Form->end_fieldset();
?>
<div class="clear"></div>
<?php
$Form->end_form();
}
}
/*
nolog */
?>10 sam2kb Jan 25, 2010 09:00
I don't see nothing wrong with your files. Can you add the following code to _feedback.php
Edit
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
to
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
echo '<h1>'.$c.'</h1>';This will print the value of $c variable. Please post it here.
11 chirin Jan 25, 2010 17:22
It returned:
Resource id #3
12 sam2kb Jan 25, 2010 18:34
13 sam2kb Jan 26, 2010 10:50
See if you can find commentsfavicon.ico file in the media folder.
14 chirin Jan 26, 2010 17:26
I don't see any such file in the media folder.
15 sam2kb Jan 26, 2010 19:46
I think I found it, take a look at /cron/css.php
16 sam2kb Jan 26, 2010 20:05
I found the author of this tool
http://forum.xaknet.ru/showthread.php?p=81363
You're in serious trouble! This script allows hackers to do the following:
Translated from Russian
Description:
* Authorization
* Server info
* File Manager (copy, rename, move, delete, chmod, touch, create files and folders)
* View, hexview, editing, download, upload files
* Working with zip archives (packing, unpacking)
* Console
* SQL Manager (MySql, PostgreSql)
* Execution of PHP code
* Bypass Safe mode
* Work with strings in the hash + search online databases
* Brute-force (FTP, MySql, PostgreSQL)
* Bind ports and back-connect to C and Perl
* Self-delete
* Find text in files
* Under UNIX / WINFeatures
* anti-Google(check useragent if Google, then 404)
* Console remembers entered commands. ( use the arrows to switch up and down with the focus on the field for input)
* You can use AJAX
* Light weight (23.53 KB)
* Convenient for includes
* Select the encoding, in which Shell operates.
17 chirin Jan 26, 2010 20:24
What do I do to recover? Do I just delete that file? Do I need to re-install b2evo?
Is this a problem with b2evo or some security hole on my side??
18 sam2kb Jan 26, 2010 20:32
First of all delete the file.
Then you should search for other instances of this file. If you have shell access search for this string "gzinflate" in all files in your account.
Once you're 200% sure there's no such scripts on your server, change ALL passwords hosting, mysql, ftp, mail, b2evo etc. for ALL users.
This is not a joke! I've tested the script on my server and it allows hacker to do virtually anything with your server (read features above).
This is not a b2evo flow, somebody brute-forced or stoled your FTP password. You don't need to reinstall b2evo, but it won't be a bad idea anyway.
19 chirin Jan 26, 2010 20:46
I've deleted the file.
I don't have shell access, but I will download everything and search through the files on my PC.
So I just search for the same content as that css.php file? That's enough?
I know this is not a joke. I search for my site on Google, instead of the normal title, it turns up the title "How to buy Vicodin online". Good god....
20 sam2kb Jan 26, 2010 20:59
BTW it shows Viagra at this address http://www.pelleas.net/aniTOP/
for($i=strlen($o)-1,$e='';$i>=0;--$i)$e.=$o[$i];eval(gzinflate(base64_decode($e)));gzinflate is used to decode the script. The script itself may differ but "gzinflate" and "base64_decode" should be always there.
21 chirin Jan 26, 2010 21:25
I found the string "gzinflate" in three other locations.
cgi-bin\secure
aniTOP\core.10425
aniTOP\core.1138
"secure" seemed to contain a hacker script, so I deleted it. The other two files seem to be binary files or something. Should I delete these too? (I've already done so to be safe, but just to know whether these are part of b2evo or not)
After deleting these files I can no longer see my top page - I'm getting an error:
Warning: require(/home/pelleas/public_html/cgi-bin/secure) [function.require]: failed to open stream: No such file or directory in /home/pelleas/public_html/aniTOP/conf/_config.php on line 11
Fatal error: require() [function.require]: Failed opening required '/home/pelleas/public_html/cgi-bin/secure' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/pelleas/public_html/aniTOP/conf/_config.php on line 11
22 sam2kb Jan 26, 2010 22:22
You can safely delete these 2 files core.10425 and core.1138 those are core dump files http://en.wikipedia.org/wiki/Core_dump
To get rid of the above error edit /home/pelleas/public_html/aniTOP/conf/_config.php on line 11, just delete the "require" line
23 chirin Jan 26, 2010 22:37
Done. Now the page is displaying correctly, without all the comments showing up under posts. I suppose this means all existing instances of the code are gone, so I should change the passwords pronto.
24 sam2kb Jan 26, 2010 22:44
I suppose this means all existing instances of the code are gone
Not necessarily.
Go ahead and change the passwords, b2evo will let you know once another shell script is injected in the code :)
BTW this is not the first time when hackers use variables like $t, $c or $p in their scripts causing b2evo to act abnormal.
If I would write such scripts I would use unique names :)
25 chirin Jan 26, 2010 22:51
I thought it was a b2evo problem at first, but b2evo turns out to have been my savior...
How do you suggest I find out what other things hackers have planted in my site? As I was downloading the entire contents of my site Norton detected that "PHP.RSTBackdoor" was located in one of the files for the forum program I have installed on my site.
It's lucky that the hackers happen to have used a code that clashed with b2evo, that way I discovered it this time... but the above shows that there might be others I haven't detected.
26 sam2kb Jan 26, 2010 23:02
Well, you can use [url=http://winmerge.org/]Winmerge[/url] and spend a few hours comparing your scripts to originals.
You can get b2evo 1.9.3 from here http://b2evolution.net/downloads/index.php
Don't forget that hacker could modify the database and add something to your posts or whatever.
I'd talk to hosting support, they should know what to do in such cases.
27 chirin Jan 26, 2010 23:28
You've been immensely helpful, sam2kb, even though this wasn't technically a problem with b2evo. Thank you for your help!
I did a search for "gzinflate" in my databases and it didn't turn up anything... does that mean it's clean or could there be other back doors they might have installed?
28 sam2kb Jan 27, 2010 02:16
No problem.
I don't like hackers, but I have to admit that the script I found is a piece of art :) It's a powerful server control panel in 23kb of code.
does that mean it's clean or could there be other back doors they might have installed?
What I meant is your posts may now have back-links to other websites or some hidden content.
The database is like a storage. It wouldn't be possible to execute malicious scripts stored in mysql.
29 fplanque Jan 29, 2010 23:41
2seconds 2cents just in case: when comments appear on the homepage it's usually because sth has set $c=1 or sth like that. blip.
30 chirin Jan 30, 2010 00:16
Just in case this happens to anybody else, I thought I'd point to [url=http://forums.b2evolution.net/viewtopic.php?t=18579&sid=48e27a18aaa5c4405f7af85b3006e618]a post by fplanque at the bottom of this thread[/url] that might account for what have happened to me here, because I use shared hosting.
Do you still see the comments when you disable Turing test plugin?
The current version of the plugin might not support b2evo 1.9