Viewing file:  ajax_messagebox.php (6.94 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/********************************************************************************
- MemHT Portal -
Copyright (C) 2007-2008 by Miltenovik Manojlo
http://www.memht.com
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your opinion) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
or write to the Free Software Foundation, Inc., 51 Franklin Street,
Fifth Floor, Boston, MA02110-1301, USA.
********************************************************************************/
$httphost = @$_SERVER['HTTP_HOST'];
$httpreferer = @$_SERVER['HTTP_REFERER'];
if (!eregi($httphost,$httpreferer) OR $httpreferer=="") {
header("HTTP/1.1 404 Not Found");
header("Status: 404 Not Found");
exit;
} else {
//===========================================
//Database: Connect
//===========================================
require_once("../../inc/inc_config.php");
require_once("../../inc/inc_database.php");
$dblink = new database();
$dblink->connect();
require_once("../../inc/inc_login.php");
require_once("../../inc/inc_functions.php");
require_once("../../inc/inc_bbcode.php");
require_once("../../inc/inc_readConfig.php");
global $siteConfig,$visitorInfo,$userid,$userInfo;
//===========================================
//SELECT LANGUAGE
//===========================================
include_once (file_exists("../../lang/".$siteConfig['language'].".php")) ? "../../lang/".$siteConfig['language'].".php" : "../../lang/".$siteConfig['default_language'].".php" ;
if (!defined("_LANG_CHARSET_")) { define("_LANG_CHARSET_","utf-8"); }
@header('Content-Type: text/html; charset='._LANG_CHARSET_);
//===========================================
switch ($_POST['op']) {
case "add":
$isuser = (isUser($userid)) ? true : false ;
if ($isuser || $siteConfig['guest_msgbox']==1) {
if ($isuser) {
$proceed = true;
$muser = $userInfo['user'];
} else if (isset($_POST['user'])) {
$muser = trim(censure(inCode($_POST['user'])));
$proceed = true;
} else {
if (!@validate($_POST['user'])) { echo "<b>"._NAME_."</b> "._REQUIRED_; }
$proceed = false;
}
if ($proceed) {
//===========================================
//TIMEZONE SETTING + DATABASE CHECK
//===========================================
$timezonerow = $dblink->get_row("SELECT timezone FROM memht_config");
$siteConfig['timezone'] = intval($timezonerow['timezone']);
$tzNOW = "DATE_ADD(NOW(),INTERVAL ".$siteConfig['timezone']." HOUR)";
$flood_time = 30; //Sec
$message = inCode($_POST['message']);
if (strlen($muser)==0) { die("<div align='center'><b>"._NAMEEMPTY_."</b></div>"); }
//Spam control
if ($dblink->get_num("SELECT id FROM memht_messagebox WHERE testo='$message' AND ip='".$visitorInfo['ip']."' AND (data + INTERVAL 24 HOUR) > $tzNOW")>2) {
//Ban
$dblink->query("INSERT INTO memht_banned (id,ip,user,range,permanent,reason,author,bandate)
VALUES (null,'".$visitorInfo['ip']."','$muser',0,1,'Spam in MessageBox','System',$tzNOW)");
} else {
//Flood control
if ($dblink->get_num("SELECT ip FROM memht_messagebox_flood WHERE ip='".$visitorInfo['ip']."' AND (time + INTERVAL $flood_time SECOND) > $tzNOW")) {
echo "<div style='margin-bottom:4px; padding:3px; border:1px solid #B36462; color:#B36462; background-color:#EEDBDB;' align='center'>"._MUSTWAIT_." $flood_time sec. "._TOSENDANOTHERMES_."</div>";
} else {
$amguest = ($isuser) ? 0 : 1 ;
$dblink->query("INSERT INTO memht_messagebox (id,autore,data,testo,ip,guest)
VALUES (null,'$muser',$tzNOW,'$message','".$visitorInfo['ip']."','$amguest')");
$dblink->query("REPLACE INTO memht_messagebox_flood (ip,time) VALUES ('".$visitorInfo['ip']."',$tzNOW)");
}
}
//-----
if ($result = $dblink->get_list("SELECT m.*,DATE_FORMAT(m.data,'%H:%i') as data,u.id AS uid FROM memht_messagebox AS m LEFT JOIN memht_utenti AS u ON m.autore=u.user ORDER BY m.id DESC LIMIT 10")) {
foreach ($result as $row) {
$m_id = intval($row['id']);
$m_author = outCode($row['autore']);
$m_email = maskEmail(outCode($row['email']));
$m_date = $row['data'];
$m_text = censure(bb2html(outCode($row['testo'],0)));
$m_ip = outCode($row['ip']);
$m_guest = intval($row['guest']);
$uid = intval($row['uid']);
$m_author = ($m_guest==0) ? "<a href='index.php?page=users&op=userInfo&uid=$uid' title='$m_author'>$m_author</a>" : $m_author ;
$isadmin = (isAuth($userid,3)) ? true : false ;
echo "<div style='margin-bottom:4px;'>\n";
echo "<div><b>$m_author</b> <img src='images/star.gif' border='0' alt='Star' ";
if ($isadmin) { echo "title='header=["._IP_."] body=[$m_ip]' "; }
echo "/> <span class='info'>$m_date</span></div>";
echo "<div class='small'>$m_text</div>\n";
echo "</div>\n";
}
} else {
echo "<div align='center'><b>"._EMPTY_."</b></div>";
}
}
} else {
echo _ACCESSDENIED_;
}
break;
default:
if ($result = $dblink->get_list("SELECT m.*,DATE_FORMAT(m.data,'%H:%i') as data,u.id AS uid FROM memht_messagebox AS m LEFT JOIN memht_utenti AS u ON m.autore=u.user ORDER BY m.id DESC LIMIT 10")) {
foreach ($result as $row) {
$m_id = intval($row['id']);
$m_author = outCode($row['autore']);
$m_date = $row['data'];
$m_text = censure(bb2html(outCode($row['testo'],0)));
$m_ip = outCode($row['ip']);
$m_guest = intval($row['guest']);
$uid = intval($row['uid']);
$m_author = ($m_guest==0) ? "<a href='index.php?page=users&op=userInfo&uid=$uid' title='$m_author'>$m_author</a>" : $m_author ;
$isadmin = (isAuth($userid,3)) ? true : false ;
echo "<div style='margin-bottom:4px;'>\n";
echo "<div><b>$m_author</b> <img src='images/star.gif' border='0' alt='Star' ";
if ($isadmin) {
echo "title='header=["._IP_."] body=[$m_ip]' ";
}
echo "/> <span class='info'>$m_date</span></div>";
echo "<div class='small'>$m_text</div>\n";
echo "</div>\n";
}
} else {
echo "<div align='center'><b>"._EMPTY_."</b></div>";
}
break;
}
//===========================================
//Database: Disconnect
//===========================================
$dblink->disconnect();
}
?>
|