<?php
// X-Thief ICQ: 4644864
// [email protected]
// wap.telon.ru - Бесплатные загрузки, каждый день!
require ("ini.php");
Error_Reporting(E_ALL & ~E_NOTICE);
@session_start();
header("Cache-Control: no-cache");
header("Content-type:text/html; charset=utf-8");
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Добавить</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body><div class="body">';
if (!@$act){
print "
<form method=\"post\" action=\"addkomm.php?act=do&time=$time\">";
print 'Имя:<br/>
<input name="name"><br/>';
print "Сообщение:<br/>
<textarea name=mess rows=5></textarea><br/>
<input value=\"Добавить\" name=\"do\" type=\"submit\"/></form><br/>";
print $footer;}
else
{
if($name==""){print 'Вы не указали имя!<br/><a href="komm.php?time='.$time.'">Назад</a><br/>
';print $footer;exit();}
if($mess==""){print 'Вы не указали сообщение!<br/><a href="komm.php?time='.$time.'">Назад</a><br/>
';print $footer;exit();}
$ip = getenv("REMOTE_ADDR");
$reg = mysql_query("INSERT INTO `news_antispam` SET `ip` = '".$ip."';");
$prov=mysql_query("SELECT * from `news_antispam` WHERE `ip`='$ip' LIMIT 1");
$s=mysql_fetch_array($prov);
if($s['ban']>time())
{$vse=date("H:i", $s['ban']);
print "Вы не можете писать коментарии в течении $bank сек.<br/>";
print $footer; exit;}
$t=time();
$mess=mysql_escape_string(htmlspecialchars(@$_POST['mess']));
$name=mysql_escape_string(htmlspecialchars(@$_POST['name']));
if ($news)
$mess = str_replace ("<", "<", $mess);
$mess = str_replace (">", ">", $mess);
$mess = ereg_replace ('\\\"', """, $mess);
$mess = ereg_replace ("\\\'", """, $mess);
$mess = ereg_replace ("\"", """, $mess);
$mess = ereg_replace ("\'", "'", $mess);
$mess = ereg_replace ("'", "`", $mess);
$mess = str_replace ("\r", "", $mess);
$mess = str_replace ("\n", "<br>", $mess);
$mess = str_replace ("%", "%", $mess);
$mess = str_replace ("!", "!", $mess);
$mess = str_replace ("^ +", "", $mess);
$mess = str_replace (" +$", "", $mess);
$mess = str_replace ("|", "l", $mess);
$name = str_replace ("<", "<", $name);
$name = str_replace (">", ">", $name);
$name = ereg_replace ('\\\"', """, $name);
$name = ereg_replace ("\\\'", """, $name);
$name = ereg_replace ("\"", """, $name);
$name = ereg_replace ("\'", "'", $name);
$name = ereg_replace ("'", "`", $name);
$name = str_replace ("\r", "", $name);
$name = str_replace ("\n", "<br>", $name);
$name = str_replace ("%", "%", $name);
$name = str_replace ("!", "!", $name);
$name = str_replace ("^ +", "", $name);
$name = str_replace (" +$", "", $name);
$name = str_replace ("|", "l", $name);
$name=str_replace($nadmin, "<font color=\"red\">$nadmin2</font>", $name);
mysql_query("INSERT into `news_komm` VALUES('0','$name','$mess','$time','$t')");
print 'Коментарий добавлен<br/><a href="index.php">К новостям</a><br/>';
$id = mysql_insert_id();
$ti0=time()+$bank;
mysql_query("UPDATE `news_antispam` SET `ban` = '$ti0', `ip` = '$ip';");
print $footer;}
?>