sb

1. <?php
2. /*-------------------------------------------------------+
3. | PHP-Fusion Content Management System
4. | Copyright (C) 2002 - 2008 Nick Jones
5. | http://www.php-fusion.co.uk/
6. +--------------------------------------------------------+
7. | Filename: shoutbox_panel.php
8. | Author: Nick Jones (Digitanium)
9. +--------------------------------------------------------+
10. | This program is released as free software under the
11. | Affero GPL license. You can redistribute it and/or
12. | modify it under the terms of this license which you
13. | can read by viewing the included agpl.txt or online
14. | at www.gnu.org/licenses/agpl.html. Removal of this
15. | copyright header is strictly prohibited without
16. | written permission from the original author(s).
17. |===
18. | by PolarFox aka Psc | http://unlogic.info | Build: 6
19. +--------------------------------------------------------*/
20. if (!defined('IN_FUSION')) { die('Access Denied'); }
21. include_once INFUSIONS."shoutbox_panel/infusion_db.php";
22. include_once INCLUDES."infusions_include.php";
23.  
24. ///move to settings
25. //settings
26. $sb_online_t = (time()- 600 ); //10 mins (60*10)
27. $sb_chidden = '<p class="admin-message">hidden</p>';
28. $sb_bbcodes = 'smiley|b|i|color|url';
29. $sb_bbcodesp = 'b|i|u|url|color|quote';
30.  
31. function sbwrap($text) {
32.     global $locale;
33.    
34.     $i = 0; $tags = 0; $chars = 0; $res = "";
35.    
36.     $str_len = strlen($text);
37.    
38.     for ($i = 0; $i < $str_len; $i++) {
39.         $chr = mb_substr($text, $i, 1, $locale['charset']);
40.         if ($chr == "<") {
41.             if (mb_substr($text, ($i + 1), 6, $locale['charset']) == "a href" || mb_substr($text, ($i + 1), 3, $locale['charset']) == "img") {
42.                 $chr = " ".$chr;
43.                 $chars = 0;
44.             }
45.             $tags++;
46.         } elseif ($chr == "&") {
47.             if (mb_substr($text, ($i + 1), 5, $locale['charset']) == "quot;") {
48.                 $chars = $chars - 5;
49.             } elseif (mb_substr($text, ($i + 1), 4, $locale['charset']) == "amp;" || mb_substr($text, ($i + 1), 4, $locale['charset']) == "#39;" || mb_substr($text, ($i + 1), 4, $locale['charset']) == "#92;") {
50.                 $chars = $chars - 4;
51.             } elseif (mb_substr($text, ($i + 1), 3, $locale['charset']) == "lt;" || mb_substr($text, ($i + 1), 3, $locale['charset']) == "gt;") {
52.                 $chars = $chars - 3;
53.             }
54.         } elseif ($chr == ">") {
55.             $tags--;
56.         } elseif ($chr == " ") {
57.             $chars = 0;
58.         } elseif (!$tags) {
59.             $chars++;
60.         }
61.        
62.         if (!$tags && $chars == 18) {
63.             $chr .= "<br />";
64.             $chars = 0;
65.         }
66.         $res .= $chr;
67.     }
68.    
69.     return $res;
70. }
71.  
72. $shout_settings = get_settings('shoutbox_panel');
73.  
74. $link = FUSION_SELF.(FUSION_QUERY ? "?".FUSION_QUERY : "");
75. $link = preg_replace("^(&amp;|\?)s_action=(edit|delete)&amp;shout_id=\d*^", "", $link);
76. $sep = stristr($link, "?") ? "&amp;" : "?";
77. $shout_link = '';$shout_message = '';
78.  
79. if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "delete") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
80.     if ((iADMIN && checkrights("S")) || (iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='".$_GET['shout_id']."' AND shout_name='".$userdata['user_id']."' AND shout_hidden='0'"))) {
81.         $result = dbquery("DELETE FROM ".DB_SHOUTBOX." WHERE shout_id='".$_GET['shout_id']."'".(iADMIN ? "" : " AND shout_name='".$userdata['user_id']."'"));
82.     }
83.     redirect($link);
84. }
85.  
86. if (!defined('ashSCRIPT')) {
87.     add_to_head('<script type="text/javascript" src="'.INFUSIONS.'shoutbox_panel/ash.js"></script>');
88.     define('ashSCRIPT', true);
89. }
90.  
91. opentable($locale['SB_title']);
92. echo '<div id="sb_adiv">';
93. if (iMEMBER || $shout_settings['guest_shouts'] == "1") {
94.     include_once INCLUDES."bbcode_include.php";
95.     if (isset($_POST['post_shout'])) {
96.         $flood = false;
97.         if (iMEMBER) {
98.             $shout_name = $userdata['user_id'];
99.         } elseif ($shout_settings['guest_shouts'] == "1") {
100.             $shout_name = trim(stripinput($_POST['shout_name']));
101.             $shout_name = preg_replace("(^[+0-9\s]*)", "", $shout_name);
102.             if (isnum($shout_name)) { $shout_name = ""; }
103.             include_once INCLUDES."securimage/securimage.php";
104.             $securimage = new Securimage();
105.             if (!isset($_POST['sb_captcha_code']) || $securimage->check($_POST['sb_captcha_code']) == false) { redirect($link); }
106.         }
107.         $shout_message = str_replace("\n", " ", $_POST['shout_message']);
108.         $shout_message = preg_replace("/^(.{255}).*$/", "$1", $shout_message);
109.         $shout_message = trim(stripinput(censorwords($shout_message)));
110.         if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
111.             $comment_updated = false;
112.             if ((iADMIN && checkrights("S")) || (iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='".$_GET['shout_id']."' AND shout_name='".$userdata['user_id']."' AND shout_hidden='0'"))) {
113.                 if ($shout_message) {
114.                     $result = dbquery("UPDATE ".DB_SHOUTBOX." SET shout_message='$shout_message' WHERE shout_id='".$_GET['shout_id']."'".(iADMIN ? "" : " AND shout_name='".$userdata['user_id']."'"));
115.                 }
116.             }
117.             redirect($link);
118.         } elseif ($shout_name && $shout_message) {
119.             require_once INCLUDES."flood_include.php";
120.             if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='".USER_IP."'")) {
121.                 $result = dbquery("INSERT INTO ".DB_SHOUTBOX." (shout_name, shout_message, shout_datestamp, shout_ip, shout_ip_type, shout_hidden) VALUES ('$shout_name', '$shout_message', '".time()."', '".USER_IP."', '".USER_IP_TYPE."', '0')");
122.             }
123.         }
124.         redirect($link);
125.     }
126.    
127.     if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
128.         $esresult = dbquery(
129.             "SELECT ts.shout_id, ts.shout_name, ts.shout_message, tu.user_id, tu.user_name
130.             FROM ".DB_SHOUTBOX." ts
131.             LEFT JOIN ".DB_USERS." tu ON ts.shout_name=tu.user_id
132.             WHERE ts.shout_id='".$_GET['shout_id']."'".(iADMIN && checkrights('S')?'':" AND shout_hidden='0'")  );
133.         if (dbrows($esresult)) {
134.             $esdata = dbarray($esresult);
135.             if ((iADMIN && checkrights('S')) || (iMEMBER && $esdata['shout_name'] == $userdata['user_id'] && isset($esdata['user_name']))) {
136.                 if ((isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {
137.                     $edit_url = $sep."s_action=edit&amp;shout_id=".$esdata['shout_id'];
138.                 } else {
139.                     $edit_url = '';
140.                 }
141.                 $shout_link = $link.$edit_url;
142.                 $shout_message = $esdata['shout_message'];
143.             }
144.         } else {
145.             $shout_link = $link;
146.             $shout_message = '';
147.         }
148.     } else {
149.         $shout_link = $link;
150.         $shout_message = '';
151.     }
152.    
153.    
154.  
155. $numrows = dbcount('(shout_id)', DB_SHOUTBOX,(checkrights('S')?'':"shout_hidden='0'"));
156. $result = dbquery(
157.     "SELECT ts.shout_id, ts.shout_name, ts.shout_message, ts.shout_datestamp,".(checkrights('S')?'ts.shout_ip,ts.shout_hidden,':'')." tu.user_id, tu.user_name,tu.user_avatar,tu.user_level,tu.user_lastvisit,tu.user_status FROM ".DB_SHOUTBOX." ts
158.     LEFT JOIN ".DB_USERS." tu ON ts.shout_name=tu.user_id
159.     ".(checkrights('S')?'':"WHERE shout_hidden='0'")."
160.     ORDER BY ts.shout_datestamp DESC LIMIT 0,".$shout_settings['visible_shouts']);
161.    
162.  
163.    
164.    
165.    
166. if (dbrows($result)) {
167.     $i = 0;
168.     while ($data = dbarray($result)) {
169.    
170.    
171.         echo "<div class='shoutboxname'>";
172.         if ($data['user_name']) {
173.             if($data['user_avatar']) { echo '<img style="float: left;" src="'.IMAGES.'avatars/'.$data['user_avatar'].'" width="32" hspace="4" vspace="1" />'; } //set ava
174.             echo ($data['user_level']>=102?'<img src="'.INFUSIONS.'shoutbox_panel/sh_adm.png" border="0" title="Admin" alt="[A]"/> ':'').
175.             '<span class="side">'.profile_link($data['shout_name'],$data['user_name'],$data['user_status']).'</span>';
176.            
177.            
178.            
179.         } else {
180.             echo $data['shout_name']."\n";
181.         }
182.         if (iMEMBER || $shout_settings['guest_shouts'] == "1") //if shout exist
183.         echo " <a href='javascript:insertText(\"shout_message\",\"[b]".($data['user_name']?$data['user_name']:$data['shout_name'])."[/b], \", \"shout_form\");' class='small side'>[!]</a>";
184.  
185.         if ((iADMIN && checkrights('S')) || (iMEMBER && $data['shout_name'] == $userdata['user_id'] && isset($data['user_name']))) {
186.             echo "\n\n\n<a href='".$link.$sep."s_action=edit&amp;shout_id=".$data['shout_id']."#edit_shout"."' onclick='ash_edit(\"".$data['shout_id']."\");return false;' class='side' title='".$locale['SB_edit']."'><img src='".INFUSIONS."shoutbox_panel/sh_edit.png' class='bbcode' alt='[e]' border='0'></a>\n";
187.             echo "<a href='".$link.$sep."s_action=delete&amp;shout_id=".$data['shout_id']."' onclick='ash_del(\"".$data['shout_id']."\");return false;' class='side' title='".$locale['SB_delete']."'><img src='".INFUSIONS."shoutbox_panel/sh_delete.png' class='bbcode' alt='[d]' border='0'></a>";
188.             if(checkrights('S'))echo ''.$data['shout_ip'].'';
189.             }
190.        
191.        
192.        
193.         echo "</div>\n";
194.        
195.         echo "<div class='shoutboxdate' style='vertical-align: middle;'>".($data['user_lastvisit']>$sb_online_t?'<img src="'.INFUSIONS.'shoutbox_panel/sh_online.png" border="0" title="Online" alt="[on]"/> ':'<img src="'.INFUSIONS.'shoutbox_panel/sh_offline.png" border="0" title="Offline" alt="[off]"/> ').showdate("forumdate", $data['shout_datestamp'])."</div>";
196.         echo "<div class='shoutbox'>".(checkrights('S')&&$data['shout_hidden']?$sb_chidden:'').sbwrap(parseubb(parsesmileys($data['shout_message']), $sb_bbcodesp))."</div>\n";
197.         //if ((iADMIN && checkrights('S')) || (iMEMBER && $data['shout_name'] == $userdata['user_id'] && isset($data['user_name']))) {
198.         //  echo "<a href='".$link.$sep."s_action=edit&amp;shout_id=".$data['shout_id']."#edit_shout"."' onclick='ash_edit(\"".$data['shout_id']."\");return false;' class='side' title='".$locale['SB_edit']."'><img src='".INFUSIONS."shoutbox_panel/sh_edit.png' class='bbcode' alt='[e]' border='0'></a>\n";
199.         //  echo "<a href='".$link.$sep."s_action=delete&amp;shout_id=".$data['shout_id']."' onclick='ash_del(\"".$data['shout_id']."\");return false;' class='side' title='".$locale['SB_delete']."'><img src='".INFUSIONS."shoutbox_panel/sh_delete.png' class='bbcode' alt='[d]' border='0'></a>";
200.            
201.         //}
202.         $i++;
203.         if ($i != $numrows) { echo "<br />\n"; }
204.     }
205.    
206. echo '</div>';
207.  
208.     if ($numrows > $shout_settings['visible_shouts']) {
209.         echo "<div style='text-align:center'>\n<a href='".INFUSIONS."shoutbox_panel/shoutbox_archive.php' class='side'>".$locale['SB_archive']."</a>\n</div>\n";
210. if(iMEMBER){echo '<script type="text/javascript">//<![CDATA[
211. document.write(\'<input style="float:right;" src="'.INFUSIONS.'shoutbox_panel/sh_more.png" class="bbcode" onclick="ash_addmore();return false;" title="More!" type="image">\');
212. //]]></script>'; }
213.     }
214. } else {
215.     echo "<div>".$locale['SB_no_msgs']."</div>\n";
216. }
217.  
218. echo "<a id='edit_shout' name='edit_shout'></a>\n";
219.     echo "<form name='shout_form' method='post' action='$shout_link' ".(iMEMBER?'onsubmit="ash_send();return false;"':'').">\n";
220.     if (iGUEST) {
221.         echo $locale['SB_name']."<br />\n";
222.         echo "<input type='text' name='shout_name' value='' class='textbox' maxlength='30' style='width:140px' /><br />\n";
223.         echo $locale['SB_message']."<br />\n";
224.     }
225.     echo "<textarea name='shout_message' rows='2' cols='20' class='textbox' style='width:1070px' onKeyDown='textCount(c_sbform.shout_message,c_sbform.com_len);sh_center(event);' onKeyUp='textCount(c_sbform.shout_message,c_sbform.com_len);'>$shout_message</textarea><br />\n";
226.  
227.     echo display_bbcodes("150px;", "shout_message", "shout_form", $sb_bbcodes);
228.     if (iGUEST) {
229.         echo $locale['SB_validation_code']."<br />\n";
230.         echo "<img id='sb_captcha' src='".INCLUDES."securimage/securimage_show.php' alt='' /><br />\n";
231.     echo "<a href='".INCLUDES."securimage/securimage_play.php'><img src='".INCLUDES."securimage/images/audio_icon.gif' alt='' class='tbl-border' style='margin-bottom:1px' /></a>\n";
232.     echo "<a href='#' onclick=\"document.getElementById('sb_captcha').src = '".INCLUDES."securimage/securimage_show.php?sid=' + Math.random(); return false\"><img src='".INCLUDES."securimage/images/refresh.gif' alt='' class='tbl-border' /></a><br />\n";
233.         echo $locale['SB_enter_validation_code']."<br />\n<input type='text' name='sb_captcha_code' class='textbox' style='width:100px' /><br />\n";
234.     }
235.     echo "<input type='submit' name='post_shout' value='wyslij' class='button' title='Ctrl+Enter' />\n";
236.     echo '<script type="text/javascript">//<![CDATA[
237. document.write(\' <input style="font-weight:bold;"  readonly="readonly" type="text" name="com_len" size="3"  value="\'+sb_max+\'">'.(iMEMBER?' <input src="'.INFUSIONS.'shoutbox_panel/sh_refropt.png" class="bbcode" onclick="return overlay(this, \\\'asb_refrupd\\\', \\\'bottomright\\\');" title="Od¶wie¿ co ...sek" type="image"> <input src="'.INFUSIONS.'shoutbox_panel/sh_refresh.png" class="bbcode" onclick="ash_refresh(0);return false;" title="Od¶wie¿" type="image">':'').'\');
238. var sb_fldr="'.INFUSIONS.'shoutbox_panel/",inc_row='.$shout_settings['visible_shouts'].',c_sbform=document.forms["shout_form"];
239. //]]></script>';
240. if(iMEMBER){
241.     echo '<div id="asb_refrupd" class="tbl1" style="display:none;border: 1px solid black; position: absolute; overflow: auto; width: 50px; height: auto;" onclick="overlayclose(\'asb_refrupd\');">
242. <label style="cursor:pointer;"><input name="ash_ab" value="-" type="radio" checked="checked" onclick="ash_setautor(0);">---</label>
243. <label style="cursor:pointer;"><input name="ash_ab" value="10" type="radio" onclick="ash_setautor(10);">10 s</label>
244. <label style="cursor:pointer;"><input name="ash_ab" value="20" type="radio" onclick="ash_setautor(20);">20 s</label>
245. <label style="cursor:pointer;"><input name="ash_ab" value="30" type="radio" onclick="ash_setautor(30);">30 s</label>';
246.  
247. echo "</div>";
248. }
249.  
250.     echo '</form>';
251. } else {
252.     echo "<div style='text-align:center'>".$locale['SB_login_req']."</div><br />\n";
253. }
254.  
255.  
256.  
257.  
258. closetable();
259. ?>