View file newsub/addkomm.php

File size: 3.36Kb
<?php
//   X-Thief ICQ: 4644864
//   [email protected]
//   wap.telon.ru - Бесплатные загрузки, каждый день!
require ("ini.php");
Error_Reporting(E_ALL & ~E_NOTICE);
@session_start();
header("Cache-Control: no-cache");
header("Content-type:text/html; charset=utf-8");
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Добавить</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body><div class="body">';
	if (!@$act){
	print "
	<form method=\"post\" action=\"addkomm.php?act=do&amp;time=$time\">";

	print 'Имя:<br/>
	<input name="name"><br/>';
print "Сообщение:<br/>
<textarea name=mess rows=5></textarea><br/>
<input value=\"Добавить\" name=\"do\" type=\"submit\"/></form><br/>";
print $footer;}
else
{
if($name==""){print 'Вы не указали имя!<br/><a href="komm.php?time='.$time.'">Назад</a><br/>
';print $footer;exit();}
if($mess==""){print 'Вы не указали сообщение!<br/><a href="komm.php?time='.$time.'">Назад</a><br/>
';print $footer;exit();}
$ip = getenv("REMOTE_ADDR");
$reg = mysql_query("INSERT INTO `news_antispam` SET `ip` = '".$ip."';");
$prov=mysql_query("SELECT * from `news_antispam` WHERE `ip`='$ip' LIMIT 1");
$s=mysql_fetch_array($prov);
if($s['ban']>time())
{$vse=date("H:i", $s['ban']);
print "Вы не можете писать коментарии в течении $bank сек.<br/>";
print $footer; exit;}

$t=time();
$mess=mysql_escape_string(htmlspecialchars(@$_POST['mess']));
$name=mysql_escape_string(htmlspecialchars(@$_POST['name']));
if ($news)

$mess = str_replace ("<", "&lt;", $mess);
        $mess = str_replace (">", "&gt;", $mess);
        $mess = ereg_replace ('\\\"', "&quot;", $mess);
        $mess = ereg_replace ("\\\'", "&quot;", $mess);
		$mess = ereg_replace ("\&quot;", "&quot;", $mess);
		$mess = ereg_replace ("\'", "'", $mess);
		$mess = ereg_replace ("'", "`", $mess);
        $mess = str_replace ("\r", "", $mess);
        $mess = str_replace ("\n", "<br>", $mess);
        $mess = str_replace ("%", "&#37;", $mess);
        $mess = str_replace ("!", "&#33;", $mess);
        $mess = str_replace ("^ +", "", $mess);
        $mess = str_replace (" +$", "", $mess);
        $mess = str_replace ("|", "l", $mess);
$name = str_replace ("<", "&lt;", $name);
     $name = str_replace (">", "&gt;", $name);
     $name = ereg_replace ('\\\"', "&quot;", $name);
     $name = ereg_replace ("\\\'", "&quot;", $name);
	$name = ereg_replace ("\&quot;", "&quot;", $name);
	$name = ereg_replace ("\'", "'", $name);
	$name = ereg_replace ("'", "`", $name);
   $name = str_replace ("\r", "", $name);
  $name = str_replace ("\n", "<br>", $name);
     $name = str_replace ("%", "&#37;", $name);
     $name = str_replace ("!", "&#33;", $name);
        $name = str_replace ("^ +", "", $name);
       $name = str_replace (" +$", "", $name);
        $name = str_replace ("|", "l", $name);
$name=str_replace($nadmin, "<font color=\"red\">$nadmin2</font>", $name);
mysql_query("INSERT into `news_komm` VALUES('0','$name','$mess','$time','$t')");
print 'Коментарий добавлен<br/><a href="index.php">К новостям</a><br/>';
$id = mysql_insert_id();
$ti0=time()+$bank;
mysql_query("UPDATE `news_antispam` SET `ban` = '$ti0', `ip` = '$ip';");
print $footer;}
?>