<?php
#==============================================================================================#
# Name : Imperial CHAT #
# Made by : MaZaFaKa (___хакер___) #
# MODED : vipsds ( BOT ) #
# ICQ : 350502220 (vipsds) #
# E-mai : [email protected] #
# По всем вопросам и дополнительным модам обращайтесь на выше указанные данные #
#==============================================================================================#
error_reporting(0);
$ttl='Комментарии';
include('start.php');
include('config.php');
include('./includes/'.$ver.'/banned');
$nocache = mt_rand(10000, 99999);
list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
$banner = file('system/banner.dat');
$ssylka = trim($banner[0]);
$img = trim($banner[1]);
$kabinet = trim($banner[4]);
switch($ver)
{
////////////////////////////////////////////////////////
//WML VERSION
////////////////////////////////////////////////////////
case 'wml':
header("Content-type: text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");
//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = ".$id." AND `password` = '".md5($password)."';");
if(!mysql_num_rows($q))
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"ERROR\" ontimer=\"index.php?ver=wml\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Ошибка авторизации!<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}
//END AUTH
$level = mysql_result($q, 0);
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = ".$online.", `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".mysql_escape_string(htmlspecialchars(getenv('HTTP_USER_AGENT')))."' WHERE `id` = ".$id);
//END ONLINE
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"$ttl\"><p align=\"left\">\n";
$mss = mysql_fetch_assoc(mysql_query("select * from `chat_foto` where `id`='".intval($_GET['id'])));
$msg = mysql_escape_string(htmlspecialchars($_POST['msg']));
$ocenka = mysql_escape_string(htmlspecialchars($_POST['ocenka']));
if ($_GET['act']=='add')
{
if (!empty($msg))
{
$realtime=time()+$sdvigclock*3600;
$btime=$realtime-3600;
$re = mysql_query("select count(*) from `chat_com` where ip='".getenv('REMOTE_ADDR')."' and time>'".$btime."' and `idfoto` = ".$mss['id']);
$res=mysql_fetch_row($re);
if ($res[0]>=1)
{
$error = $error.'Новый комментарий можно добавлять через час.<br/>';
}
}
if (empty($mss['id']))
{
$error = $error."\nНе выбрано фото для комментария!<br/>\n";
}
if (empty($msg))
{
$error = $error."\nВы не ввели сообщение!<br/>\n";
}
if (!preg_match("|^[\s-@_0-9a-zA-Zа-яА-Я!?:)Ёё,;+=/;&%@(*-+]|u",$msg))
{
$error = $error."\nВы вводите запрещённые символы!<br/>\n";
}
if(mb_strlen($msg) < 3 || mb_strlen($msg) > 500) // проверка на длину msg.
{
$error = $error."\nНедопустимая длина сообщения разрешенно от 3 до 500 символов!<br/>\n";
}
if (empty($error))
{
$msg = str_replace("\n"," ",$msg);
$msg = str_replace("\r"," ",$msg);
mysql_query("INSERT INTO `chat_com` (idfoto, idhozyaina, idadda, msg, ocenka, time, ip)values(".$mss['id'].", '".$mss['iduser']."', '".intval($_SESSION['id'])."', '".$msg."', '".$ocenka."', ".time().", '".$_SERVER['REMOTE_ADDR']."');");
$coms = 'Комментарий успешно добавлен';
}
}
if ($error)
{
echo $error;
}
print $coms;
$q2 = mysql_query("SELECT * FROM `chat_com` WHERE `idfoto` = ".$mss['id']." order by id desc;");
$page = mysql_escape_string(htmlspecialchars($_GET['page']));
if ($page<=0)
{
$page=1;
}
$count = mysql_num_rows($q2);
while ($post = mysql_fetch_array($q2))
{
if ($i<=$page*10 & $i>=($page-1)*10)
{
$msx=mysql_fetch_array(mysql_query("select * from `chat_users` where `id`=".$post['idadda']));
echo'<fieldset>';
echo " <a href='info.php?".SID."&ver=wml&act=inf&uid=".$post['idadda']."'>".$msx['nickname']."</a> ".date("d-m-Y (H:i)", $post['time'])."<br/>";
echo "".$post['msg']."<br/>";
echo "Поставил - ".$post['ocenka']."";
echo'</fieldset>';
}
++$i;
}
echo "Комментировать:<br/>\n";
echo "<input type=\"text\" name=\"msg\" maxlength=\"300\"/><br/>\n";
echo "Отценка фото:<br/>\n";
echo "<select name=\"ocenka\">\n";
echo "<option value=\"1\">1</option>\n";
echo "<option value=\"2\">2</option>\n";
echo "<option value=\"3\">3</option>\n";
echo "<option value=\"4\">4</option>\n";
echo "<option value=\"5\">5</option>\n";
echo "</select><br/>\n";
echo "<anchor>Добавить<go href=\"com.php?".SID."&ver=wml&act=add&id=".$mss['id']."&page=$page\" method=\"post\">\n";
echo " <postfield name=\"msg\" value=\"$(msg)\"/>\n";
echo " <postfield name=\"ocenka\" value=\"$(ocenka)\"/>\n";
echo " </go></anchor><br/>\n";
$prev=$page-1;
if ($prev!=0)
{
print "<a href='com.php?".SID."&ver=wml&page=".$prev."&id=".$mss['id']."'>«Пред.</a>";}
else
{
print "«Пред.";
}
print " | ";
if ($count>10)
{
if ($page<ceil($count/10))
{$next=$page+1;
print "<a href='com.php?".SID."&ver=wml&page=".$next."&id=".$mss['id']."'>След.»</a>";
}
else
{
print "След.»";
}
}
else
{
print "След.»";
}
$gps=mysql_fetch_assoc(mysql_query("select `iduser` from `chat_foto` where `id`=".intval($_GET['id'])));
print "<br/>• <a href='fotko.php?".SID."&ver=wml&uid=".$gps['iduser']."'>Альбом</a>";
print "<br/>• <a href='info.php?".SID."&ver=wml&act=inf&uid=".$gps['iduser']."'>Анкета</a>";
print "<br/>• <a href='menu.php?".SID."&ver=wml'>Прихожая</a><br/>";
include('banners/kabinet');
echo $wmlfoot;
echo "</p></card></wml>";
break;
////////////////////////////////////////////////////////
//HTML VERSION
////////////////////////////////////////////////////////
case 'html':
header ("Content-type: text/html; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");
//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `id` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
if(mysql_num_rows($q) == 0)
{
echo "$css";
echo'<title>'.$ttl.'</title>';
echo'<div class="d3">Ошибка</div>';
echo "<div class=\"d5\">Ошибка авторизации!</div>\n";
echo'<div class="d3">';
include('banners/kabinet');
echo"$sitefoot";
echo'</div>';
echo "</body></html>";
exit();
}
//END AUTH
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = ".$online.", `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".mysql_escape_string(htmlspecialchars(getenv('HTTP_USER_AGENT')))."' WHERE `id` = ".$id);
//END ONLINE
echo $css;
echo'<title>'.$ttl.'</title>';
echo'<div class="d3">'.$ttl.'</div>';
$mss=mysql_fetch_array(mysql_query("select * from `chat_foto` where `id`='".intval(mysql_escape_string($_GET['id']))."';"));
$msg = mysql_escape_string(htmlspecialchars($_POST['msg']));
$ocenka = mysql_escape_string(htmlspecialchars($_POST['ocenka']));
if ($_GET['act']=='add')
{
if (!empty($msg))
{
$realtime=time()+$sdvigclock*3600;
$btime=$realtime-3600;
$re = mysql_query("select count(*) from `chat_com` where ip='".getenv('REMOTE_ADDR')."' and time>'".$btime."' and `idfoto` = ".$mss['id']);
$res=mysql_fetch_row($re);
if ($res[0]>=1)
{
$error = $error."Новый комментарий можно добавлять через час.<br/>\n";
}
}
if (empty($mss['id']))
{
$error = $error."\nНе выбрано фото для комментария!<br/>\n";
}
if (empty($msg))
{
$error = $error."\nВы не ввели сообщение!<br/>\n";
}
if (!preg_match("|^[\s-@_0-9a-zA-Zа-яА-Я!?:)Ёё,;+=/;&%@(*-+]|u",$msg))
{
$error = $error."\nВы вводите запрещённые символы!<br/>\n";
}
if(mb_strlen($msg) < 3 || mb_strlen($msg) > 500) // проверка на длину msg.
{
$error = $error."\nНедопустимая длина сообщения разрешенно от 3 до 500 символов!<br/>\n";
}
if (empty($error))
{
$msg = str_replace("\n"," ",$msg);
$msg = str_replace("\r"," ",$msg);
mysql_query("INSERT INTO `chat_com` (idfoto, idhozyaina, idadda, msg, ocenka, time, ip)values(".$mss['id'].", '".$mss['iduser']."', ".intval($_SESSION['id']).", '".$msg."', '".$ocenka."', '".time()."', '".$_SERVER['REMOTE_ADDR']."');");
$coms = '<div align="center"><b>Комментарий успешно добавлен</b></div>';
}
}
if ($error)
{
echo "<div align=\"center\"><b>".$error."</b></div>";
}
print "".$coms."";
$q2 = mysql_query("SELECT * FROM `chat_com` WHERE `idfoto` = ".$mss['id']." order by id desc;");
$page = mysql_escape_string(htmlspecialchars($_GET['page']));
if ($page<=0)
{
$page=1;
}
$count = mysql_num_rows($q2);
while ($post = mysql_fetch_array($q2))
{
if ($i<=$page*10 & $i>=($page-1)*10)
{
$msx=mysql_fetch_array(mysql_query("select * from `chat_users` where `id`=".$post['idadda']));
$d = $i / 2;
$d1 = ceil($d);
$d2 = $d1 - $d;
$d3 = ceil($d2);
if ($d3 == 0)
{
$div = "<div class='d2'>";
}
else
{
$div = "<div class='d1'>";
}
echo $div;
echo " <a href='info.php?".SID."&ver=html&act=inf&uid=".$post['idadda']."'>".$msx['nickname']."</a> ".date("d-m-Y (H:i)", $post['time'])."<br/>";
echo "".$post['msg']."<br/>";
echo "Поставил - ".$post['ocenka']."";
echo'</div>';
}
++$i;
}
echo "<form method=\"post\" action=\"com.php?".SID."&ver=html&act=add&id=".$mss['id']."&page=$page\">\n";
echo "Комментировать:<br/>\n";
echo "<textarea name=\"msg\" rows=\"2\" cols=\"20\" class=\"do_button\"></textarea><br />\n";
echo "<input type=\"checkbox\" name=\"tr\" class=\"do_button\" value=\"1\" /> Транслит<br />\n";
echo "Отценка фото:<br/>\n";
echo "<select name=\"ocenka\">\n";
echo "<option value=\"1\">1</option>\n";
echo "<option value=\"2\">2</option>\n";
echo "<option value=\"3\">3</option>\n";
echo "<option value=\"4\">4</option>\n";
echo "<option value=\"5\">5</option>\n";
echo "</select><br/>\n";
echo "<input value=\"Добавить\" class=\"button\" type=\"submit\" />\n";
echo "</form>\n";
$prev=$page-1;
if ($prev!=0)
{
print "<a href='com.php?".SID."&ver=html&page=".$prev."&id=".$mss['id']."'>«Пред.</a>";}
else
{
print "«Пред.";
}
print " | ";
if ($count>10)
{
if ($page<ceil($count/10))
{$next=$page+1;
print "<a href='com.php?".SID."&ver=html&page=".$next."&id=".$mss['id']."'>След.»</a>";
}
else
{
print "След.»";
}
}
else
{
print "След.»";
}
$gps = mysql_fetch_assoc(mysql_query("select `iduser` from `chat_foto` where `id`=".intval($_GET['id'])));
print "<br/>• <a href='fotko.php?".SID."&ver=html&uid=".$gps['iduser']."'>Альбом</a>";
print "<br/>• <a href='info.php?".SID."&ver=html&act=inf&uid=".$gps['iduser']."'>Анкета</a>";
print "<br/>• <a href='menu.php?".SID."&ver=html'>Прихожая</a>";
include('banners/kabinet');
echo'</div>';
echo'<div class="d3">';
echo $sitefoot;
echo'</div>';
echo "</body></html>";
break;
}
?>