Thread: Shoutbox
View Single Post
  #3  
Old 14th July 2008, 23:38
ReNeJcEk ReNeJcEk is offline
Senior Member
  
Join Date: Jul 2008
Posts: 23
Default Re: Shoutbox
Code:
<?
/*****************************

Hannes' ShoutBox v1.0

*****************************/

require_once("include/bittorrent.php");
dbconn(false);

loggedinorreturn();

//deleting messages

if (isset($_GET['del']))
{
if (is_numeric($_GET['del']))
{
$query = "SELECT * FROM shoutbox WHERE id=".$_GET['del'];
$result = mysql_query($query);
}
else {echo "invalid msg id STOP TRYING TO INJECT SQL TIT HEAD";exit;
}

$row = mysql_fetch_row($result);

if ( (get_user_class() >= UC_MODERATOR) )
{
$query = "DELETE FROM shoutbox WHERE id=".$_GET['del'];
mysql_query($query);
}
}
// EDIT SHOUT ?
if (isset($_GET['edit']) && get_user_class() >= UC_MODERATOR && is_valid_id($_GET['edit']))
{	
	$sql=sql_query("SELECT id,text FROM shoutbox WHERE id=".sqlesc($_GET['edit']));
	$res=mysql_fetch_array($sql);
	?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<meta http-equiv="Pragma" content="no-cache">
	<meta http-equiv="expires" content="0">
	<head profile="http://gmpg.org/xfn/11">
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
	<style type="text/css">
	#specialbox{
	border: 1px solid gray;
	width: 600px;
	background: #FBFCFA;
	font: 11px verdana, sans-serif;
	color: #dfa416;
	padding: 3px;	outline: none;
	}

	#specialbox:focus{
	border: 1px solid black;
	}
	.btn {
	cursor:pointer;
	border:outset 1px #ccc;
	background:#999;
	color:#666;
	font-weight:bold;
	padding: 1px 2px;
	background:url(pic/formbg.gif) repeat-x left top;
	}	
	</style>
	</head>
	<body bgcolor=#c2c1b8>
	<?php
	echo '<form method=post action=shoutbox.php>';
	echo '<input type=hidden name=id value='.(int)$res['id'].'>';
	echo '<textarea name=text rows=3 id=specialbox>'.htmlspecialchars($res['text']).'</textarea>';
	echo '<input type=submit name=save value=save class=btn>';
	echo '</form></body></html>';
	die;
}
// UPDATE SHOUT?
if (isset($_POST['text']) && get_user_class() >= UC_MODERATOR && is_valid_id($_POST['id']))
{
	$text = trim($_POST['text']);
	$id = (int)$_POST['id'];
	if (isset($text) && isset($id) && is_valid_id($id))
		sql_query("UPDATE shoutbox SET text = ".sqlesc($text)." WHERE id=".sqlesc($id));
}

?>
<html><head>
<title>Klepetalnica</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<meta http-equiv="Content-Type" content="text/html; charset=TIS-602">
<META HTTP-EQUIV=REFRESH CONTENT="1000; URL=shoutbox.php">
<style type="text/css">
A {color: #dfa416; font-weight: bold; }
A:hover {color: #FF0000;}
.small {font-size: 9pt; font-family: tahoma; }
.date {font-size: 9pt;}
</style>
</head>
<body>
<?

/*
if ($CURUSER["chatpost"] == 'no')
{
print("<h2>
<center>You are banned.</center></h2>");
exit;
}
else
{
*/

if($_GET["sent"]=="yes")
{
$userid=$CURUSER["id"];
$username=$CURUSER["username"];
$date=time();
$text=trim($_GET["shbox_text"]);

mysql_query("INSERT INTO shoutbox (id, userid, username, date, text) VALUES ('id'," . sqlesc($userid) . ", " . sqlesc($username) . ", $date, " . sqlesc($text) . ")") or sqlerr(__FILE__, __LINE__);
}

$res = mysql_query("SELECT * FROM shoutbox ORDER BY date DESC LIMIT 35") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0)
print("\n");
else
{
print("<table border=0 cellspacing=0 cellpadding=2 width='100%' align='left' class='small'>\n");

while ($arr = mysql_fetch_assoc($res))
{
$res2 = mysql_query("SELECT username,class,avatar,donor, title,enabled,warned FROM users WHERE id=$arr[userid]") or sqlerr(__FILE__, __LINE__);
$arr2 = mysql_fetch_assoc($res2);
$resowner = mysql_query("SELECT id, username, class FROM users WHERE id=$arr[userid]") or print(mysql_error());
$rowowner = mysql_fetch_array($resowner);


if ($rowowner["class"] == "96")
$usercolor= "<font color=#FF0000>" .htmlspecialchars($rowowner["username"]). "</font>";
elseif ($rowowner["class"] == "80")
$usercolor= "<font color=#666699>" .htmlspecialchars($rowowner["username"]). "</font>";
elseif ($rowowner["class"] == "64")
$usercolor= "<font color=#9900cc>" .htmlspecialchars($rowowner["username"]). "</font>";
elseif ($rowowner["class"] == "48")
$usercolor= "<font color=#0099FF>" .htmlspecialchars($rowowner["username"]). "</font>";
elseif ($rowowner["class"] == "32")
$usercolor= "<font color=#92929e>" .htmlspecialchars($rowowner["username"]). "</font>";
elseif ($rowowner["class"] == "16")
$usercolor= "<font color=#339933>" .htmlspecialchars($rowowner["username"]). "</font>";
elseif ($rowowner["class"] == "0")
$usercolor= "<font color=#dfa416>" .htmlspecialchars($rowowner["username"]). "</font>";

if (get_user_class() >= UC_MODERATOR) {
$del="[<a href=./shoutbox.php?del=".$arr[id].">Izbrisi</a>]";
$edit="<span class='date'>[<a href=shoutbox.php?edit=".$arr[id].">Uredi</a>]</span>\n";
}
$pm = "<span class='date'>[<a target=_blank href=sendmessage.php?receiver=$arr[userid]>Pm</a>]</span>\n";
print("<tr><td><font color=gray>|<span class='date'>".strftime("%H:%M",$arr["date"])."|</font>
$del$edit$pm <a href='userdetails.php?id=".$arr["userid"]."' target='_blank'> 
</span>
$usercolor" .
($arr2["donor"] == "yes" ? "[img].[/img]" : "") .
($arr2["class"] == "96" ? "[img].[/img]" : "") .
($arr2["class"] == "80" ? "[img].[/img]" : "") .
($arr2["class"] == "64" ? "[img].[/img]" : "") .
($arr2["class"] == "48" ? "[img].[/img]" : "") .
($arr2["class"] == "32" ? "[img].[/img]" : "") .
($arr2["class"] == "16" ? "[img].[/img]" : "") .
($arr2["class"] == "0" ? "[img].[/img]" : "") .
($arr2["warned"] == "yes" ? "[img].[/img]" : "") .
" ".format_comment($arr["text"])."
</td></tr>\n");
}
print("</table>");


}


?>
</body>
</html>
Reply With Quote