<?php
include 'config.php';
include 'guestbook/mylib.php';
$pflag=0;
if (!checkagent($_SERVER['HTTP_USER_AGENT'])) { noemul(); exit; }
list ($opname, $chatok) = check_op($_SERVER['REMOTE_ADDR']);
if (!$chatok) { unk_op(); exit; }
session_start();
$message=rmvbadch($_POST['message']);
$agent=$_SERVER['HTTP_USER_AGENT'];
$addr=$_SERVER['REMOTE_ADDR'];
$f=htmlspecialchars(trim($_POST['f']),ENT_QUOTES);
$t=htmlspecialchars(trim($_POST['t']),ENT_QUOTES);
if ((!$f)&&(!$t)) exit;
$tr=htmlspecialchars(trim($_POST['tr']),ENT_QUOTES);
if (!$t) $theme=rmvbadch($_POST['theme']);
$sie=0;
if ($tr) {
$message=tr_conv($message);
if ($f) $theme=tr_conv($theme);
}
$message=htmlspecialchars(trim($message),ENT_QUOTES);
if (!$t) $theme=htmlspecialchars(trim($theme),ENT_QUOTES);
if (ereg("^SIE-.*",$_SERVER['HTTP_USER_AGENT'])) $sie=1;
if (ereg("^Alcatel-.*",$_SERVER['HTTP_USER_AGENT'])) $sie=1;
if (ereg("^MOT-.*",$_SERVER['HTTP_USER_AGENT'])) $sie=1;
if (ereg("^SEC-.*",$_SERVER['HTTP_USER_AGENT'])) $sie=1;
if (ereg("^Panasonic-.*",$_SERVER['HTTP_USER_AGENT'])) $sie=1;
$uid=0;
$access=0;
$flag=0;
$lang=$_POST['lang'];
if ((trim($_COOKIE['Login'])!='')&&(trim($_COOKIE['Password'])!='')) {
$login=htmlspecialchars(trim($_COOKIE['Login']),ENT_QUOTES);
$pass=htmlspecialchars(trim($_COOKIE['Password']),ENT_QUOTES);
} else {
$login=htmlspecialchars(trim($_POST['login']),ENT_QUOTES);
$pass=htmlspecialchars(trim($_POST['pass']),ENT_QUOTES);
# $sie=1;
}
if (!($conn=pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser password=$dbpass"))) exit;
if (!$t) {
$res=pg_query($conn,"select flag from forums where id='$f';");
if (!pg_numrows($res)) { pg_close($conn); exit; }
$flag=pg_result($res,0,0);
} else {
$res=pg_query($conn,"select forums.id,forums.flag,themes.closed from forums,themes where forums.id=themes.forum and themes.id='$t';");
if (!pg_numrows($res)) { pg_close($conn); exit; }
$f=pg_result($res,0,0);
$flag=pg_result($res,0,1);
$closed=pg_result($res,0,2);
if ($closed) { pg_close($conn); exit; }
}
if (isset($_SESSION['id'])) {
$uid=$_SESSION['id'];
$res=pg_query($conn,"select moder,access,lastagent,temp_ban,lastforum from users where id='$uid';");
if (pg_result($res,0,0)) $uid=0;
$access=pg_result($res,0,1);
$lastagent=pg_result($res,0,2);
$temp_ban=pg_result($res,0,3);
$lastforum=pg_result($res,0,4);
$_SESSION['access']=$access;
} else {
$res=pg_query($conn,"select id,access,lastagent,temp_ban,lastforum from users where login='$login' and passwd='$pass' and moder=0;");
if (pg_numrows($res)==1) {
$uid=pg_result($res,0,0);
$access=pg_result($res,0,1);
$lastagent=pg_result($res,0,2);
$temp_ban=pg_result($res,0,3);
$lastforum=pg_result($res,0,4);
$_SESSION['id']=$uid;
$_SESSION['access']=$access;
}
}
# if ($uid) {
# setcookie("Login", $login, time()+864000, "/");
# setcookie("Password", $pass, time()+864000, "/");
# }
if ($agent!=$lastagent) {
session_unset();
setcookie("Login", "", time()-3600, "/");
setcookie("Password", "", time()-3600, "/");
pg_close($conn);
if ($_GET['lang']=='eng') header("Location: index.php?lang=eng");
else header("Location: index.php");
exit;
}
if (($message=="")||((!$t)&&($theme=="")))
{
header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<card id="SignErr" title="Ошибка">
<p align="center">
Не все поля заполнены<br/>
<a href="/">На главную</a>
</p>
</card>
</wml>
<?php
pg_close($conn);
exit;
}
if (($message==".")||($message=="..")||($message=="...")||($message=="....")||($message==",")||($message==",,")||($message==",,,")||($message==":")||($message==";"))
{
header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<card id="SignErr" title="Ошибка">
<p align="center">
Не все поля заполнены<br/>
<a href="/">На главную</a>
</p>
</card>
</wml>
<?php
pg_close($conn);
exit;
}
if (!$uid)
{
header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<card id="SignErr" title="Ошибка">
<p align="center">
Bad login or password.
<a href="/">На главную</a>
</p>
</card>
</wml>
<?php
pg_close($conn);
exit;
}
if ($temp_ban > time())
{
header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<card id="SignErr" title="Ошибка">
<p align="center">
<?php print "Banned till ".strftime("%d %b %G %T", $temp_ban)."<br/>\n"; ?>
<a href="/">На главную</a>
</p>
</card>
</wml>
<?php
pg_close($conn);
exit;
}
if ((!$access)&&($flag==1))
{
header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<card id="SignErr" title="Ошибка">
<p align="center">
Access DENIED.<br/>
<a href="/">На главную</a>
</p>
</card>
</wml>
<?php
pg_close($conn);
exit;
}
if ($access<4) {
$message=substr($message, 0, 600);
$theme=substr($theme, 0, 140);
}
$dtime=time()-300;
$res=pg_query($conn,"select message from threads where uid='$uid' and time > '$dtime' order by id desc limit 1;");
if (pg_numrows($res)) {
if ($message==pg_result($res,0,0)) {
header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<?php
print "<card id=\"SignDup\" title=\"Wait\" ontimer=\"http://wap.katrinka.ru/forum.php?lang=".$lang."&t=".$t."&f=".$f."&".SID."\">\n";
?>
<timer value="20"/>
<p align="center">
Please wait... We are taking you back to the forum...<br/>
<a href="/">На главную</a>
</p>
</card>
</wml>
<?php
pg_close($conn);
exit;
}
}
$mtime=time();
pg_query($conn,"begin;");
if (!$t) {
pg_query($conn,"insert into themes (forum,uid,name,time,lastrepl) values ('$f','$uid','$theme','$mtime','$mtime');");
$res=pg_query($conn,"select currval('public.themes_id_seq');");
$t=pg_result($res,0,0);
pg_query($conn,"update forums set nthemes=nthemes+1 where id='$f';");
pg_query($conn,"insert into threads (theme,message,uid,agent,host,time) values ('$t','$message','$uid','$agent','$addr','$mtime');");
} else {
pg_query($conn,"insert into threads (theme,message,uid,agent,host,time) values ('$t','$message','$uid','$agent','$addr','$mtime');");
pg_query($conn,"update forums set nrepl=nrepl+1 where id='$f';");
pg_query($conn,"update themes set rplnum=rplnum+1,lastrepl='$mtime' where id='$t';");
pg_query($conn,"delete from seen_by where theme='$t';");
}
pg_query($conn,"delete from fseen_by where forum='$f';");
pg_query($conn,"update users set lastact='$mtime',fposts=fposts+1,lastagent='$agent',lastforum='$mtime' where id='$uid';");
pg_query($conn,"end;");
if (!$res) { pg_close($conn); exit; }
pg_close($conn);
$link=sprintf("Location: forum.php?lang=%s&t=%s&f=%s&PHPSESSID=%s", $lang, $t, $f, session_id());
if (!$sie) {
header($link);
} else {
setcookie("Login", $login, time()+864000, "/");
setcookie("Password", $pass, time()+864000, "/");
header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<?php
print "<card id=\"SignOk\" title=\"Спасибо!\" ontimer=\"http://wap.katrinka.ru/forum.php?lang=".$lang."&t=".$t."&f=".$f."&".SID."\" onenterbackward=\"http://wap.katrinka.ru/\">\n";
?>
<timer value="10"/>
<p align="center">
Ваша запись добавлена<br/>
<?php
print "<a href=\"forum.php?lang=".$lang."&t=".$t."&f=".$f."\">Просмотр</a>\n";
?>
</p>
</card>
</wml>
<?php
}
?>