Просмотр файла chat.php

Размер файла: 6.27Kb
<?php

session_start();

include "file/db.php";
include "file/config.php";
include "style/".$autorize['skin']."/head.php";
include "file/aut.php";

echo "</center><div class='menu'><center><b>Чат</b></center></div><div class='tab'>";

switch ($_GET['go'])
{
case 'add':
$error='';
if(empty($_POST['msg'])) $error.='Отсутствует сообщение !!!<br/>';
if(preg_match("/^[\s]+[\s]+$/",$_POST['msg']))$error.='Отсутствует сообщение !!!<br/>';
if(!empty($error))
{
print "<center><b><u><font color=\"red\">Ошибка!!!&nbsp;";
print "Причина: ".$error."</font></u></b></center><div class='hr'></div>";

}

if(empty($error))
{

$q_msg = mysql_query("select * from `chat`;");
$row_msg=mysql_fetch_array($q_msg);
$msg=$row_msg['msg'];

$msg=iconv_substr($_POST['msg'],0,10000,'utf-8');
$msg=str_replace("'","`",$msg);
$msg=mysql_escape_string($msg);
$msg=trim(htmlspecialchars($msg));
$smile_arr=scandir('smile');
$smile_arr[1]=natsort($smile_arr);
$fr=array();
$n=1;
foreach($smile_arr as $key => $value)
{
if(preg_match("/[gif]+$/",$value))
{
array_push($fr,':'.$n.':');
$n++;
}
}
$sm=array();
for($i=1; $i<=sizeof($fr); $i++)
{
array_push($sm,'<img src="smile/'.$i.'.gif" alt="smile"/>');}
$msg = str_replace($fr,$sm,$msg);
function links_preg1($arr)
{
return '<a href="'.$arr[2].'">'.$arr[2].'</a>';
}
function links_preg2($arr)
{
return $arr[1].'<a href="'.$arr[2].'">'.$arr[3].'</a>'.$arr[4];
}
  $msg = str_replace("[small]","<small>",$msg );
  $msg = str_replace("[/small]","</small>",$msg);
  $msg = str_replace("[black]","<font color = \"black\">",$msg );
  $msg = str_replace("[/black]","</font>",$msg);
  $msg = str_replace("[blue]","<font color = \"blue\">",$msg );
  $msg = str_replace("[/blue]","</font>",$msg);
  $msg = str_replace("[white]","<font color = \"white\">",$msg );
  $msg = str_replace("[/white]","</font>",$msg);
  $msg = str_replace("[green]","<font color = \"green\">",$msg );
  $msg = str_replace("[/green]","</font>",$msg);
  $msg = str_replace("[red]","<font color = \"red\">",$msg );
  $msg = str_replace("[/red]","</font>",$msg);
  $msg = str_replace("[big]","<big>",$msg );
  $msg = str_replace("[/big]","</big>",$msg);
  $msg = str_replace("[b]","<b>",$msg );
  $msg = str_replace("[/b]","</b>",$msg);
  $msg = str_replace("[i]","<i>",$msg);
  $msg = str_replace("[/i]","</i>",$msg);
  $msg = str_replace("[s]","<s>",$msg);
  $msg = str_replace("[/s]","</s>",$msg);
  $msg = str_replace("[u]","<u>",$msg);
  $msg = str_replace("[/u]","</u>",$msg);
  $msg=preg_replace_callback('~\[url=([a-z]+://[^ \r\n\t`\'"]+)\](.*?)\[/url\]~iu', 'links_preg1', $msg);
  $msg=preg_replace_callback('~(^|\s)([a-z]+://([^ \r\n\t`\'"]+))(\s|$)~iu', 'links_preg2', $msg);




$login = $autorize['log'];
$time="14400"; // Смещение в секундах от Гринвича
$date=gmdate('d.m.Y H:i',time()+$time);
$avatar=$autorize['avatar'];
$aid=$autorize['id'];
$add = mysql_query("INSERT INTO `chat` SET `date` = '".$date."',`aid` = '".$aid."',`avatar` = '".$avatar."',`msg` = '".base64_encode($msg)."',`login` = '".$login."';");
print '<center><b><u>Добавлено !!!</u></b></center><div class="hr"></div>';


}
break;

case 'goadd':

break;

case 'del':
if($autorize['id']<=2 && $autorize['id']>0)
{
mysql_query("DELETE FROM `chat` WHERE `id` = '".$_GET['id']."';");
print "<center><b><u>Удалено !!!</u></b><div class='hr'></div></center>";
}
else
{
print "<div class='hr'></div><center>Пошёл отсюда хакер не доделанный !!!<div class='hr'></div></center>";
}
break;

exit();
}
$num = $autorize['kol_chat'];
if(empty($_GET['page']) || $_GET['page']<0)$_GET['page']=1;
$page = intval($_GET['page']);
$results = mysql_query('SELECT * FROM `chat`');
$posts = mysql_num_rows($results);
$total = intval(($posts-1)/$num)+1;
if($page>$total) $page = $total;
$start = $page*$num-$num;

$result = mysql_query("SELECT * FROM `chat` ORDER BY `id` DESC LIMIT $start, $num;");


if(mysql_num_rows($result) === 0)
{
print '<center><b><u>Сообщений нет !!!</u></b></center><div class = "hr"></div>';
}
else
{
if(mysql_num_rows($result) !== FALSE)
{
while($chat = mysql_fetch_array($result))
{


$id=$autorize['id'];
$r = mysql_query("SELECT * FROM `chat` WHERE `avatar`= ".$chat[4].";");
if(mysql_fetch_array($r))
{
echo "<img src=\"avatar/".$chat[4].".gif\" height=\"32\" width=\"32\" alt=\"Аватар\" />\n";
}
else
{
echo "<img src=\"no.gif\" height=\"32\" width=\"32\" alt=\"Аватар\" />\n";
}
print "<a href=\"anketa.php?id=".$chat[5]."&amp;".session_name()."=".session_id()."\"><b>".$chat[1]."</b></a>";
print " <u><b>".$chat[2]."</b></u>";
print "<div class=\"msg\">".base64_decode($chat[3])."</div>";
if($autorize['id']<=2 && $autorize['id']>0)
{
echo "<b>[</b><a href='?page=".$page."&amp;go=del&amp;id=".$chat[0]."&amp;".session_name()."=".session_id()."'><b>Удалить</b></a><b>]</b><br />";
}

}
}
}
echo "<p align='center'>";
echo "<a class=\"main\" href=\"smile.php?".session_name()."=".session_id()."\"><b>Смайлы</b></a>";
echo "<a class=\"main\" href=\"bb.php?".session_name()."=".session_id()."\"><b>BB-Коды</b></a>";
print "<div class='hr'></div>";
print "<form method='post' action='?page=".$page."&amp;go=add&amp;".session_name()."=".session_id()."'>";
print "Сообщение:<br/>";
print "<textarea name='msg' class='main' maxlength='1000' type='text' cols='22' rows='4'></textarea><br/>";
print "<input type='submit' class='main' value='Добавить'/>";
print "</form></p>";
if(mysql_num_rows($result) > 0)
{
print '<div class="str">Стр:';
$num_pages=ceil($posts/$num);
if($page>$num_pages || $page<1)
{
$page=1;
$start=0;
}
for($pr='', $i=1; $i<=$num_pages; $i++)
{
print $pr=(($i == 1 || $i == $num_pages || abs($i-$page) < 2) ? ($i == $page ? " <b>$i</b> " :
' <a href="'.$_SERVER['SCRIPT_NAME'].'?'.session_name()."=".session_id().'&amp;page='.$i.'">'.$i.'</a> ') : (($pr == ' ... ' || $pr == '')? '' : ' ... '));
}
print "</div>";
}


echo "<img src=\"style/".$autorize['skin']."/home.png\" alt=\"*\"/><a href=\"../enter.php?".session_name()."=".session_id()."\">Панель</a><div class=\"hr\"></div></div>";
include "style/".$autorize['skin']."/foot2.php";

?>