Guest User

Untitled

a guest
Jan 23rd, 2018
78
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.57 KB | None | 0 0
  1. <?php
  2.  
  3. /************************
  4. CONSTANTS
  5. /************************/
  6. include "config.php";
  7. define("HOST", "$db_host");
  8. define("USER", "$db_user");
  9. define("PASSWORD", "$db_pass");
  10. define("DB", "$db_name");
  11.  
  12. /************************
  13. FUNCTIONS
  14. /************************/
  15. function connect($db, $user, $password){
  16. $link = @mysql_connect($db, $user, $password);
  17. if (!$link)
  18. die("Could not connect: ".mysql_error());
  19. else{
  20. $db = mysql_select_db(DB);
  21. if(!$db)
  22. die("Could not select database: ".mysql_error());
  23. else return $link;
  24. }
  25. }
  26. function getContent($link, $num){
  27. $res = @mysql_query("SELECT date, user, message FROM shoutbox ORDER BY date DESC LIMIT ".$num, $link);
  28. if(!$res)
  29. die("Error: ".mysql_error());
  30. else
  31. return $res;
  32. }
  33. function insertMessage($user, $message)
  34. {
  35. $ip=$_SERVER['REMOTE_ADDR'];
  36. $query = sprintf("INSERT INTO shoutbox(user, message, ip) VALUES('%s', '%s', '$ip');", mysql_real_escape_string(strip_tags($user)), mysql_real_escape_string(strip_tags($message)));
  37. $res = @mysql_query($query);
  38. if(!$res)
  39. die("Error: ".mysql_error());
  40. else
  41. return $res;
  42. }
  43.  
  44. /******************************
  45. MANAGE REQUESTS
  46. /******************************/
  47. if(!$_POST['action']){
  48. //We are redirecting people to our shoutbox page if they try to enter in our shoutbox.php
  49. header ("Location: index.php");
  50. }
  51. else{
  52. $link = connect(HOST, USER, PASSWORD);
  53. switch($_POST['action']){
  54. case "update":
  55. $res = getContent($link, 11);
  56. while($row = mysql_fetch_array($res)){
  57.  
  58. $test3= @mysql_query("SELECT * FROM ".$acc_db.".account WHERE username='".$row['user']."'") or die(mysql_error());
  59. $test4=mysql_fetch_assoc($test3);
  60. $test1= @mysql_query("SELECT * FROM ".$acc_db.".account_access WHERE RealmID='-1' AND id='".$test4['id']."'") or die(mysql_error());
  61. $test2=mysql_fetch_assoc($test1);
  62.  
  63. if ($test2['gmlevel']==''){
  64.  
  65. $result .= '<div class="sb_message"><div class="sb_comme"><strong>'
  66. .$row['user'].'</strong><div class="sb_m_date">'
  67. .$row['date'].'</div></div><div class="sb_te_comme">'
  68. .$row['message'].'</div></div>
  69. ';
  70. }
  71.  
  72. else{
  73. $result .= '<div class="sb_message"><div class="sb_comme"><strong><img src="brg.gif" />&nbsp;'
  74. .$row['user'].'</strong><div class="sb_m_date">'
  75. .$row['date'].'</div></div><div class="sb_te_comme"><font color="#00FFFF">'
  76. .$row['message'].'</font></div></div>
  77.  
  78. }
  79.  
  80. }
  81. echo $result;
  82. break;
  83. case "insert":
  84. echo insertMessage($_POST['nick'], $_POST['message']);
  85. break;
  86. }
  87. mysql_close($link);
  88. }
  89.  
  90.  
  91. ?>
Add Comment
Please, Sign In to add comment