farkas124 |
10th November 2013 16:52 |
Quote:
Originally Posted by firefly007
(Post 43283)
Post your shoutbox.php please
|
PHP Code:
<? require_once("include/bittorrent.php");
dbconn(false);
loggedinorreturn();
if (isset($_GET['torles'])) { if (is_numeric($_GET['torles'])) { $query = "SELECT * FROM shoutbox WHERE id=".sqlesc($_GET['torles']); $result = mysql_query($query); } else { echo "<center>Valótlan üzenet ID</center>"; exit;}
$row = mysql_fetch_row($result); { $query = "DELETE FROM shoutbox WHERE id=".sqlesc($_GET['torles']); mysql_query($query); } }
if (isset($_GET['szerkeztes'])) { if (is_numeric($_GET['szerkeztes'])) { $sql=mysql_query("SELECT id,text FROM shoutbox WHERE id=".sqlesc($_GET['szerkeztes'])); $res=mysql_fetch_array($sql); echo '<center>'; echo '<form method=post action=shoutbox.php>'; echo '<input type=hidden name=id value='.(int)$res['id'].'>'; echo '<textarea name=text id=specialbox >'.htmlspecialchars_my($res['text']).'</textarea>'; echo '<input type=submit name=save value=Mentés class=btn>'; echo'<input type="reset" value="Alaphelyzet" name="B3">'; echo '</form></center>';
} }
if (isset($_POST['text']) && is_valid_id($_POST['id'])) { $text = trim($_POST['text']); $id = (int)$_POST['id']; if (isset($text) && isset($id) && is_valid_id($id)) mysql_query("UPDATE shoutbox SET text = ".sqlesc($text)." WHERE id=".sqlesc($id)); }
?> <html><head> <title>Üzenőfal</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2" /> <META HTTP-EQUIV=REFRESH CONTENT="120; URL=shoutbox.php">
<style type="text/css"> A {color: white ; font-weight: bold; } A:hover {color: #FF0000;} .small {font-size: 8pt; font-family: tahoma; color: white; } .date {font-size: 7pt; color: balack; } </style> <STYLE>BODY { <? if ($CURUSER["stylesheet"] == 1){ ?> BACKGROUND: #383838; fixed repeat-x center bottom; <? } if ($CURUSER["stylesheet"] == 2){ ?> background-image: url(tablahatter2.png);fixed repeat-x center bottom; <? } ?> background-position: left; SCROLLBAR-3DLIGHT-COLOR: #004E98; SCROLLBAR-ARROW-COLOR: #004E98; SCROLLBAR-DARKSHADOW-COLOR: white; SCROLLBAR-BASE-COLOR: white; } textarea { font-family: tahoma, sans-serif; font-size: 10pt; background-color: #d8f4fd; padding: 2px; outline-style: none; border-color: 1px solid #8fc6ff; color: #1c00ac; width: 600; height: 20 }
textarea { background-color: #292929; font-weight: bold; font-size: 12px; color: white; border: 1px dashed #000000; border-collapse: collapse; width: 600; height: 20 }
input { font-family: tahoma, sans-serif; font-size: 10pt; background-color: #d8f4fd; padding: 2px; outline-style: none; border-color: 1px solid #8fc6ff; color: #1c00ac; }
input { background-color: #292929; font-weight: bold; font-size: 12px; color: white; border: 1px dashed #000000; border-collapse: collapse; }
a { color: lime; text-decoration:none; }
</STYLE> </head> <body> <?
if (!$_GET['edit'])
echo "<meta http-equiv=refresh content=\"65; URL=shoutbox.php".($_GET['page']?"?page=".$_GET['page']:"")."\" />\n";
?> </STYLE> </head> <body> <?
if ($CURUSER["uzifaljog"] == 'no')
{
print("<h2><center>Az üzifalra írási jogodat felfüggesztették.Nem írhatsz ide míg a STAFF vissza nem adja a jogot.2 hét lejárta után ha megtanultad a leckéd szólj egy STAFF-nak!</center></h2>");
exit;
}
else
{ $izeww = $CURUSER["username"];
$kerdeskviz=$_GET["kerdes_kviz"]; $nyeremenykviz=$_GET["nyeremeny_kviz"]; $duma=""; $nyeremeny=$_GET["nyeremeny"];
$vege=" [/color] || [color=yellow] Kérdezte $izeww [/color] "; $eleje="[b][color=gray] Kérdés: [/color][/b] [color=red] $kerdeskviz [/color]- [color=white]Nyeremény: "; $ido=sqlesc(time()); if($_GET["kviz"]!=""){ if(!$_GET["kerdes_kviz"]){ }else{ mysql_query("INSERT INTO shoutbox (userid, username, date, text) VALUES ('-1', 'Kvíz', $ido, '$eleje$ize$nyeremenykviz$nyeremeny$vege')") or sqlerr(__FILE__, __LINE__); } }
$nyertes_neve=$_GET["nyertes_neve"]; $nyeremeny2=$_GET["nyeremeny2"]; $nyeremeny3=$_GET["nyeremeny3"]; $duma=""; $ize="{"; $ize2="}"; $vege="}[/color]";
$eleje="[b][color=gray] Nyertes: [/color][/b][color=red] $nyertes_neve válaszolta meg a leggyorsabban! [/color] [color=white] Gratulálunk! [ $nyeremeny2 $nyeremeny3] [/color]"; $ido=sqlesc(time()); if($_GET["nyertes"]!=""){ if(!$_GET["nyertes"]){ }else{ mysql_query("INSERT INTO shoutbox (userid, username, date, text) VALUES ('-1', 'Kvíz', $ido, '$eleje')") or sqlerr(__FILE__, __LINE__); if($nyeremeny3=='MB'){ $nyeremeny4='1048576'; }if($nyeremeny3=='GB'){ $nyeremeny4='1073741824'; } $nyertes_neve2=sqlesc($HTTP_POST_VARS["nyertes_neve"]); $nyeremenye = $nyeremeny2*$nyeremeny4; } } if($_GET["rendszeruzi"]!=""){ if(!$_GET["rendszeruzenet"]){} else{ $uzenetee=$_GET["rendszeruzenet"]; $eleje=" [b][color=red] üzenet: [/color][color=white] "; $vege="[/color][/b][color=white][/color] - [color=yellow] $izeww [/color] "; mysql_query("INSERT INTO shoutbox (userid, username, date, text) VALUES ('-1', 'Rendszerüzenet', $ido, '$eleje$uzenetee$vege')") or sqlerr(__FILE__, __LINE__); } }
}
if ($CURUSER["chatpost"] == 'no') { print("<h2><center>Az üzifalazási jogodat felfüggesztették!</center></h2>"); exit; } else {
if($_GET["sent"]=="yes" && $_GET["shbox_text"]) { $userid=$CURUSER["id"]; $username=$CURUSER["username"]; $date=time(); $text=trim($_GET["shbox_text"]);
mysql_query("INSERT INTO shoutbox (id, userid, username, date, text) VALUES ('id'," . sqlesc($userid) . ", " . sqlesc($username) . ", $date, " . sqlesc($text) . ")") or sqlerr(__FILE__, __LINE__); }
$res = mysql_query("SELECT * FROM shoutbox ORDER BY date DESC LIMIT 35") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) print("\n"); else { print("<table border=0 cellspacing=0 cellpadding=2 width='100%' align='left' class='small'>\n");
while ($arr = mysql_fetch_assoc($res)){ $res2 = mysql_query("SELECT username,class,donor,enabled,warned FROM users WHERE id=$arr[userid]") or sqlerr(__FILE__, __LINE__); $arr2 = mysql_fetch_assoc($res2); $resowner = mysql_query("SELECT id, username, class FROM users WHERE id=$arr[userid]") or print(mysql_error()); $rowowner = mysql_fetch_array($resowner);
if ($rowowner["class"] == "8") $usercolor= "<font color=darkred>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "7") $usercolor= "<font color=lime>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "6") $usercolor= "<font color=red>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "5") $usercolor= "<font color=blue>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "4") $usercolor= "<font color=navy>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "3") $usercolor= "<font color=#9400D3>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "2") $usercolor= "<font color=yellow>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "1") $usercolor= "<font color=green>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
elseif ($rowowner["class"] == "0") $usercolor= "<font color=gray>" .htmlspecialchars_my($rowowner["username"]). "</font><b><font color=dodgerblue>";
if ($arr["userid"] == "0") $usercolor= "<font color=LightBlue]Rendszer:</color>" .htmlspecialchars_my(Rendszer)."</font>"; if ($rowowner["class"] == "8") $usercolor2= "[color=Darkred]"; if ($rowowner["class"] == "7") $usercolor2= "[color=lime]"; elseif ($rowowner["class"] == "6") $usercolor2= "[color=red]"; elseif ($rowowner["class"] == "5") $usercolor2= "[color=blue]"; elseif ($rowowner["class"] == "4") $usercolor2= "[color=navy]"; elseif ($rowowner["class"] == "3") $usercolor2= "[color=#9400D3]"; elseif ($rowowner["class"] == "2") $usercolor2= "[color=yellow]"; elseif ($rowowner["class"] == "1") $usercolor2= "[color=green]"; elseif ($rowowner["class"] == "0") $usercolor2= " [color=gray]";
if (get_user_class() >= UC_MODERATOR) { $del="<span class='date'><font color='white'>[<a href=/shoutbox.php?torles=".$arr[id].">T</a>]</font></font></span>"; $edit="<span class='date'><font color='white'>[<a href=shoutbox.php?szerkeztes=".$arr[id].">Sz</a>]</font></font></span>\n"; } $szama = $arr["userid"];
print("<tr><td>");
print("<b><font color=black>[".strftime("%H:%M",$arr["date"])."]</b></font>"); if($szama !== '0' && $szama !=='-1'){?> <img onclick="javascript: window.top.SmileIT('[b]<?=$usercolor2?> :neki: <?=$rowowner["username"]?> [/b][/color][b][/b]','shbox','shbox_text')" title="[V]" src=pic/jobbra.gif border=0> <?} print(" $del $edit </span>");
if($szama !== '0' && $szama !=='-1'){ print"<a href='userdetails.php?id=".$szama."' target='_blank'>$usercolor</a>";} print( ($arr2["donor"] == "yes" ? "<img src=pic/star.gif alt='Támogató'>" : "") . ($arr2["warned"] == "yes" ? "<img src=pic/warned.gif alt='Figyelmeztetett'>": "") . " :".format_comment($arr["text"])." </font><br/>");
print(" </td></tr>\n"); } print("</table>");
/* print("<tr><td>[".strftime("%H:%M",$arr["date"])."] $del"); echo " <a href='sendmessage.php?receiver=".$arr["userid"]."' target=_blank title='PM ".$rowowner["username"]." nevű felhasználónak'><img src=pn_inbox_new.gif height=14px border=0></a> <a title=\"válasz\" href=\"javascript: window.top.SmileIT('$usercolor_sbox','shbox','shbox_text')\"> <img src='pic/valasz.gif' border='0' alt='[Válasz]'></a>"; print("
<a href='userdetails.php?id=".$arr["userid"]."' target=_blank>$usercolor</a>" . ($arr2["donor"] == "yes" ? "<img src=pic/star.gif alt='Támogató'>" : "") . ($arr2["warned"] == "yes" ? "<img src=pic/warned.gif alt='Figyelmeztetett'>" : "") . " : ".format_comment($arr["text"])." </td></tr>\n"); } print("</table>"); */ } }
if ($CURUSER["slight"] == no) { $res = mysql_query("SELECT * FROM shoutbox ORDER BY date DESC LIMIT 0, 20") or sqlerr(__FILE__,__LINE__); } else { $res = mysql_query("SELECT * FROM shoutbox ORDER BY date DESC LIMIT 0, 100") or sqlerr(__FILE__,__LINE__); } if (mysql_num_rows($res) == 0) die("<b>Nincsenek üzenetek!</b>"); ?> </body> </html>
|