Просмотр файла gbs/add.php

Размер файла: 9.36Kb
<?
error_reporting(0);
list($msec,$sec)=explode(chr(32),microtime()); 
$HeadTime=$sec+$msec;
header("Cache-Control: no-cache");
header("Content-type:text/vnd.wap.wml; charset=utf-8");   
$ref=rand(10000,1000000);   
require("conf.inc.php");
$link = @mysql_connect ($MySQL_Hostname, $MySQL_Username, $MySQL_Password)

                or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Can not connect to MySQL<br/>".mysql_error()."</p>
</card>
</wml>");
@mysql_select_db($MySQLDatabasename) or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Error select the database...<br/>".mysql_error()."</p>
</card>
</wml>");

$timeoutseconds 	= 60480000; 
$timestamp=time();                                                                                            
$timeout=$timestamp-$timeoutseconds; 
$tol = 60*15;                                                                                          
$timeb=$timestamp-$tol; 
$timeoutnline 	= 60*5; 
$timekik=$timestamp-$timeoutnline; 
@mysql_query("DELETE FROM nline WHERE time<$timekik");
$id = intval($id);
$id=@mysql_escape_string($id);
$result=@mysql_query("select * from gbsusers where id='$id' limit 1;");
if (mysql_affected_rows() == 0) {
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"http://wen-info.com\"><timer value=\"15\"/>";
echo "<p align=\"center\"><small>";
echo "Гостевой не существует!";
echo "</small></p></card></wml>";
exit();
mysql_close($link);
}
require "functions.php";
$data=mysql_fetch_array($result);
$num_msgs=$data['msgs'];
$title=$data['title'];
$id=$data['id'];
$razdel=$data['razdel'];
$link=$data['link'];
$sitename=$data['sitename'];
$komp=$data['komp'];
$proxy=$data['proxy'];
$antiadv=$data['antiadv'];
$agent = getenv('HTTP_USER_AGENT');
$agent = htmlspecialchars($agent);
$addr = getenv('REMOTE_ADDR');
$realip = getenv('HTTP_X_FORWARDED_FOR');

######################
##ANTISPAM BAN
######################
mysql_query ("Select * from ban WHERE ip='".$addr."' and brows='-' LIMIT 1;");
if (mysql_affected_rows()!=0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">\n";
echo "<wml>\n";
echo "<head><meta http-equiv=\"Cache-Control\" content=\"no-cache\" forua=\"true\"/></head>\n";
echo "<card id=\"ban\" title=\"ERROR\" ontimer=\"antispam.php\"><timer value=\"20\"/>\n";
echo "<p align=\"left\"><small>\n";
echo "Not access.<br/>\n";
echo "</small></p></card></wml>\n";
exit();
mysql_close($link);
}
######################
##END
######################

if (empty($sitename)) $sitename="Главная";
if (empty($num_msgs)) $num_msgs="10";
if (empty($title)) $title="Гостевая";
if ($komp == 1) 
{
if ( (strpos ($agent,"M3Gate") !== false) || (strpos ($agent,"Opera") !== false) || (strpos ($agent,"emulator") !== false) || (strpos ($agent,"WinWAP") !== false) || (strpos ($agent,"Mozilla") !== false) || (strpos ($agent,"M3GATE") !== false))
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"http://wen-info.com\"><timer value=\"10\"/>";
echo "<p align=\"center\"><small>";
echo "Доступ с компьютера запрещен!";
echo "</small></p></card></wml>"; 
exit();
mysql_close($link);
}
}
if ($proxy == 1) {
if ((strpos($agent, "Unix")) or (strpos($agent, "px.wpb.com.ua")) or (!empty($realip)))
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"http://wen-info.com\"><timer value=\"10\"/>";
echo "<p align=\"center\"><small>";
echo "Доступ с прокси запрещен!<br/>";
echo "</small></p></card></wml>"; 
exit();
mysql_close($link);
}
}
mysql_query ("Select * from ban WHERE gid='".$id."' and ip='".$addr."' and brows='".$agent."' LIMIT 1;");
if (mysql_affected_rows()!=0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<head><meta http-equiv=\"Cache-Control\" content=\"no-cache\" forua=\"true\"/></head>";
echo "<card id=\"ban\" title=\"ERROR\" ontimer=\"http://wen-info.com\"><timer value=\"20\"/>";
echo "<p align=\"center\"><small>";
echo "Вы были забанены по связке IP+BROWSER!<br/>";
echo "</small></p></card></wml>";
exit();
mysql_close($link);
}
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<head><meta http-equiv=\"Cache-Control\" content=\"no-cache\" forua=\"true\"/></head>";
echo "<card id=\"main\" title=\"$title\" ontimer=\"index.php?id=$id\">";
if(isset($_POST['code']))
{
$code = $_POST['code'];
}
elseif(isset($_POST['msg']))
{
$code = "unknown";
}
else
{
$code = str_replace('.', '', $addr);
$code = str_replace('0', '1', $code);
$code = str_replace('2', '3', $code);
$code = str_replace('4', '5', $code);
$code = str_replace('6', '7', $code);
$code = str_replace('8', '9', $code);
}
$code2 = str_replace('.', '', $addr);
$code2 = str_replace('0', '1', $code2);
$code2 = str_replace('2', '3', $code2);
$code2 = str_replace('4', '5', $code2);
$code2 = str_replace('6', '7', $code2);
$code2 = str_replace('8', '9', $code2);
if(($code != $code2) or (empty($_GET['ref'])))
{
echo "<p align=\"left\"><small>";
echo "Сообщение НЕ добавлено! (ipcode is bad)<br/>";
echo "<a href=\"index.php?id=$id\">Продолжить</a><br/>";
echo "</small></p></card></wml>";
exit();
}
$id=htmlspecialchars(stripslashes(trim($_POST['id'])));
$msg=htmlspecialchars(stripslashes(trim($_POST['msg'])));
$login=htmlspecialchars(stripslashes(trim($_POST['login'])));
$login=eregi_replace('WAPS', 'ЧМО', $login);
$msg=eregi_replace('WAPS', 'ЧМО', $msg);
$login=eregi_replace('owap.ru', 'wen-info.com', $login);
$msg=eregi_replace('owap.ru', 'wen-info.com', $msg);
$email=htmlspecialchars(stripslashes(trim($_POST['email'])));
if(!empty($msg) && !empty($login)) 
{
$r = mysql_query("SELECT msg FROM recs order by id desc LIMIT 1");
$a = mysql_fetch_array($r);
$msgearch = array ("'\t'i",                                               
                 "'([\n])[\s]+'",                                       
                 "'\s{2,}'",                                                                                
                 "'&(nbsp|#160);'i",                            
                 "'&#(\d+);'i");                                        
//               "'&#(\d+);'e");                                
$replace = array ("",
                  "\n",
                  " ",
                  " ",
                  "-");
//                "chr(\\1)");
$msg = preg_replace ($msgearch, $replace, $msg);
$msg=str_replace('$','$$',$msg);
$msg=preg_replace("/\[!\[/","<",$msg);                
$msg=preg_replace("/\]!\]/",">",$msg);  
if($antiadv == 0)
{
$msg = eregi_replace("((http://))((([a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z;]{2,3}))|(([0-9]{1,3}\.){3}([0-9]{1,3})))((/|\?)[a-z0-9~#%&'_\+=:;\?\.-]*)*)", "<a href=\"\\0\">\\3</a>", $msg);
}
else
{
$msg = eregi_replace("((http://))((([a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z;]{2,3}))|(([0-9]{1,3}\.){3}([0-9]{1,3})))((/|\?)[a-z0-9~#%&'_\+=:;\?\.-]*)*)", "*censored*", $msg);
}
if ($translit=="") require "convert_to_smiles.php";
if($translit=="toall") $msg=latrus($msg);
$similar = similar_text($a["msg"], $msg, &$percent);
if (($a["msg"] !== $_POST['msg']) && ($percent < 85))
{
$daten=date("d.m.y H:i");
$login = preg_replace ($msgearch, $replace, $login);
$login=str_replace('$','$$',$login);           
$login=preg_replace("/\[!\[/","<",$login);
$login=preg_replace("/\]!\]/",">",$login);
$email = preg_replace ($msgearch, $replace, $email);
$email=str_replace('$','$$',$email);
$email=preg_replace("/\[!\[/","<",$email);
$email=preg_replace("/\]!\]/",">",$email);
@mysql_query ("Insert into recs set gid='".$id."', login='".$login."', msg='".$msg."', email='".$email."', ip='".$REMOTE_ADDR."', brows='".$agent."', time='".$daten."', time2='".time()."'");
echo "<timer value=\"10\"/><p align=\"left\"><small>";
echo "Сообщение успешно добавлено!<br/>";
echo "<a href=\"index.php?id=$id\">Продолжить</a><br/>";
echo "</small></p></card></wml>";
}
else
{
echo "<timer value=\"10\"/><p align=\"left\" ontimer=\"index.php?id=$id\"><small>";
echo "Сообщение НЕ добавлено!<br/>";
echo "<a href=\"index.php?id=$id\">Продолжить</a><br/>";
echo "</small></p></card></wml>";
}
}
else
{
echo "<timer value=\"10\"/><p align=\"left\"><small>";
echo "Сообщение НЕ добавлено!<br/>";
echo "<a href=\"index.php?id=$id\">Продолжить</a><br/>";
echo "</small></p></card></wml>";
}
//mysql_close($link);
?>