Просмотр файла gbs/index.php

Размер файла: 11.57Kb
<?
Error_Reporting(E_ALL & ~E_NOTICE);
list($msec,$sec)=explode(chr(32),microtime());
$HeadTime=$sec+$msec;
header("Cache-Control: no-cache");
header("Content-type:text/vnd.wap.wml; charset=utf-8");

$ref=rand(10000,1000000);

require("conf.inc.php");

$link = @mysql_connect ($MySQL_Hostname, $MySQL_Username, $MySQL_Password)
or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Can not connect to MySQL<br/></p>
</card>
</wml>");
@mysql_select_db($MySQLDatabasename) or die ("<wml>
<card id=\"error\" title=\"error\">
<do type=\"prev\" label=\"Back\"><prev/></do><p align=\"center\">Error select the database...<br/></p>
</card>
</wml>");
//configs

//авточистка
$timeoutseconds 	= 60480000;
$timestamp=time();
$timeout=$timestamp-$timeoutseconds;
//а-ля авто ввод ника
$tol = 60*15;
$timeb=$timestamp-$tol;
//online
$timeoutnline 	= 60*5;
$timekik=$timestamp-$timeoutnline;

@mysql_query("DELETE FROM nline WHERE time<$timekik");

$id = intval($id);
$id=@mysql_escape_string($id);
$result=@mysql_query("select * from gbsusers where id='$id' limit 1;");

if (mysql_affected_rows() == 0) {
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"http://kraswap.net\"><timer value=\"15\"/>";
echo "<p align=\"center\"><small>";
echo "Гостевой не существует!";
echo "</small></p></card></wml>";
exit;

mysql_close($link);
}

require "functions.php";

$data=mysql_fetch_array($result);
$num_msgs=$data['msgs'];
$title=$data['title'];
$id=$data['id'];
$razdel=$data['razdel'];
$link=$data['link'];
$sitename=$data['sitename'];
$komp=$data['komp'];
$proxy=$data['proxy'];
$verh=$data['verh'];
$niz=$data['niz'];
$agent = getenv('HTTP_USER_AGENT');
$agent = htmlspecialchars($agent);
$addr = getenv('REMOTE_ADDR');
$realip = getenv('HTTP_X_FORWARDED_FOR');

if (empty($sitename)) $sitename="На главную";
if (empty($num_msgs)) $num_msgs="5";
if (empty($title)) $title="Гостевая";
/////Доступ с ПК
if ($komp == 1)
{
if ( (strpos ($agent,"M3Gate") !== false) || (strpos ($agent,"Opera") !== false) || (strpos ($agent,"emulator") !== false) || (strpos ($agent,"WinWAP") !== false) || (strpos ($agent,"Mozilla") !== false) || (strpos ($agent,"M3GATE") !== false))
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"http://piratoff.net\"><timer value=\"10\"/>";
echo "<p align=\"center\"><small>";
echo "Доступ с компьютера запрещен!";
echo "</small></p></card></wml>";
exit();
mysql_close($link);
}
}
////Прокси
if ($proxy == 1) {
if ((getenv('REMOTE_ADDR') != getenv('HTTP_X_FORWARDED_FOR')) or (substr_count($agent, "Anonymouse.org") != 0) or (substr_count($agent, "px.wpb.com.ua") != 0))
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"http://piratoff.net\"><timer value=\"10\"/>";
echo "<p align=\"center\"><small>";
echo "Доступ с прокси запрещен!<br/>";
echo "</small></p></card></wml>";
exit;

mysql_close($link);
}
}
//Бан  ip+BROWSER
mysql_query ("Select * from ban WHERE gid='".$id."' and ip='".$addr."' and brows='".$agent."' LIMIT 1;");
if (mysql_affected_rows()!=0)

{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<head><meta http-equiv=\"Cache-Control\" content=\"no-cache\" forua=\"true\"/></head>";
echo "<card id=\"ban\" title=\"ERROR\" ontimer=\"http://piratoff.net\"><timer value=\"20\"/>";
echo "<p align=\"center\"><small>";
echo "Вы были забанены по связке IP+BROWSER!<br/>";
echo "</small></p></card></wml>";
exit;
mysql_close($link);
}

echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.2//EN\" \"http://www.wapforum.org/DTD/wml12.dtd\">";
echo "<wml>";
echo "<head><meta http-equiv=\"Cache-Control\" content=\"no-cache\" forua=\"true\"/></head>";
echo "<card id=\"main\" title=\"$title\">";

echo "
<do type=\"options\" name=\"update\" label=\"Обновить\"><go href=\"index.php?id=$id&amp;ref=$ref\" method=\"get\"/></do>
<do type=\"options\" name=\"say\" label=\"Написать\"><go href=\"#say\" method=\"get\"/></do>
<do type=\"options\" name=\"home\" label=\"$sitename\"><go href=\"$link\" method=\"get\"/></do>
<do type=\"options\" name=\"trans\" label=\"Транслит\"><go href=\"translit.php?id=$id\" method=\"get\"/></do>";

$onco=mysql_query ("SELECT id FROM nline WHERE (gid='$id' and ip='$REMOTE_ADDR' and brows='".$agent."' and time>=$timekik) LIMIT 1");

if(mysql_affected_rows()==0)
{
mysql_query("Insert into nline set gid='".$id."', ip='".$addr."', brows='".$agent."', time='".time()."'");
}
$r = mysql_query ("select count(id) as num from nline WHERE (gid = '".$id."')and(time >= '".$timekik."')");
$a = mysql_fetch_array($r);
$inb = $a["num"];

if (!empty($verh))

{
echo "<p align=\"center\">";
echo "$verh";
echo "</p>";
}
echo "<p align=\"left\">";

$id=htmlspecialchars(stripslashes(trim($id)));
$msg=htmlspecialchars(stripslashes(trim($msg)));
$login=htmlspecialchars(stripslashes(trim($login)));
$email=htmlspecialchars(stripslashes(trim($email)));
if(!empty($msg) && !empty($login)) {

$r = mysql_query("SELECT msg FROM recs order by id desc LIMIT 1");
$a = mysql_fetch_array($r);
$msgearch = array ("'\t'i",
"'([\n])[\s]+'",
"'\s{2,}'",
"'&(nbsp|#160);'i",
"'&#(\d+);'i");
//               "'&#(\d+);'e");

$replace = array ("",
"\n",
" ",
" ",
"-");
//                "chr(\\1)");

$msg = preg_replace ($msgearch, $replace, $msg);
$msg=str_replace('$','$$',$msg);
$msg=str_replace('\0',' ',$msg);
$msg=preg_replace("/\[!\[/","<",$msg);
$msg=preg_replace("/\]!\]/",">",$msg);
$msg = eregi_replace("((http://))((([a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z;]{2,3}))|(([0-9]{1,3}\.){3}([0-9]{1,3})))((/|\?)[a-z0-9~#%&'_\+=:;\?\.-]*)*)", "<a href=\"\\0\">\\3</a>", $msg);
if ($translit=="") require "convert_to_smiles.php";
if($translit=="toall") $msg=latrus($msg);

if ($a["msg"] !== $msg)
{

$daten=date("d M H:i");
$login = preg_replace ($msgearch, $replace, $login);
$login=str_replace('$','$$',$login);
$login=str_replace('#',' ',$login);
$login=str_replace('\0',' ',$login);
$login=str_replace('|',' ',$login);
$login=str_replace('&lt;',' ',$login);
$login=str_replace('&gt;',' ',$login);
$login=preg_replace("/\[!\[/","<",$login);
$login=preg_replace("/\]!\]/",">",$login);
$email = preg_replace ($msgearch, $replace, $email);
$email=str_replace('$','$$',$email);
$email=str_replace('\0',' ',$email);
$email=preg_replace("/\[!\[/","<",$email);
$email=preg_replace("/\]!\]/",">",$email);

@mysql_query ("Insert into recs set gid='".$id."', login='".$login."', msg='".$msg."', email='".$email."', ip='".$REMOTE_ADDR."', brows='".$HTTP_USER_AGENT."', time='".$daten."', time2='".time()."'");
}
}
$r = mysql_query("select count(*) as num from recs where gid = '".$id."'");
$a = mysql_fetch_array($r);
$num = $a["num"];

if(!isset($s))$s=1;

$mx=round(($num/$num_msgs)+0.45);

if($s>$mx)$s=$mx;
if($s==0)$s=1;

$ot=(($s-1)*$num_msgs)+1;
$do=$s*$num_msgs;

if($do>$num)$do=$num;

$o=$ot-1;
$n=$ot;

if($do==0)$n=$o;

if($data['fsize'] == "small") { $fsize1 = "<small>"; $fsize2 = "</small>"; }
elseif($data['fsize'] == "big") { $fsize1 = "<big>"; $fsize2 = "</big>"; }
else { $fsize1 = ""; $fsize2 = ""; }

echo $fsize1;
echo "Показано $n-$do из $num сообщений<br/>\n";
echo "<anchor>Написать<go href=\"#say\" method=\"get\"/></anchor><br/>";
echo "<a href=\"index.php?id=$id&amp;ref=$ref\">Обновить</a>";

$r = mysql_query ("Select * from recs WHERE gid = '".$id."' order by id desc LIMIT $o,$do");

for ($i=$ot;$i<=$do;$i++){

$a = mysql_fetch_array($r);
$gid=$a['gid'];
$email=$a['email'];
$login=$a['login'];
$dbmsg=$a['msg'];
$dbotvet=$a['otvet'];
$dbtime=$a['time'];
$dbbrows=$a['brows'];
$kdbb = substr($dbbrows,0,strpos($dbbrows,"/"));

if (empty($kdbb)) $kdbb="Неизвестный браузер";
echo "<br/><a href=\"index.php?id=$id&amp;lgn=$login,&amp;ref=$ref#say\">$login</a> $dbtime<br/>$dbmsg";

if (!empty($email)) echo "<br/>E-mail:$email";
echo "<br/><u>$kdbb</u>\n";
if (!empty($dbotvet)) echo "<br/><b>Администратор: $dbotvet </b>";
echo "<br/>$razdel";

}

$next=$s+1;
$prev=$s-1;
if ($num>$do) {

$ot=(($next-1)*$num_msgs)+1;
$do=$next*$num_msgs;

if($do>$num)$do=$num;

echo "<br/><a href=\"index.php?id=$id&amp;s=$next&amp;ref=$ref\">$ot-$do &gt;&gt;&gt;&gt;</a>\n";

}

if($s>1) {

$ot=(($prev-1)*$num_msgs)+1;
$do=$prev*$num_msgs;

echo "<br/><a href=\"index.php?id=$id&amp;s=$prev&amp;ref=$ref\">&lt;&lt;&lt;&lt; $ot-$do</a><br/>\n";
}

echo $fsize2;
echo "</p>";
echo "<p align=\"center\">";

if (!empty($niz)) echo "$niz<br/>";
echo "<small>";
echo "<br/>Online: $inb";
echo "<br/><a href=\"$link\">$sitename</a>";
echo "<br/><a href=\"smiles.php?id=$id&amp;ref=$ref\">Смайлы</a>";
echo "<br/><a href=\"translit.php?id=$id\">Правила транслита</a><br/><br/>piratoff.net 2007";


list($msec,$sec)=explode(chr(32),microtime());

echo "<br/>[". round(($sec+$msec)-$HeadTime,4)."]";
echo "</small>";
?>

</p>
</card>
<?
echo "<card id=\"say\" title=\"Написать\">";
print '<p align="left">';

$id=htmlspecialchars(stripslashes(trim($id)));
$msg=htmlspecialchars(stripslashes(trim($msg)));
$login=htmlspecialchars(stripslashes(trim($login)));
$email=htmlspecialchars(stripslashes(trim($email)));

print 'Ник:<br/>';
?>
<?

$l = mysql_query("SELECT login FROM recs where ip='".$REMOTE_ADDR."' and brows='".$HTTP_USER_AGENT."' and time2>'".$timeb."' order by id desc");
$lf = mysql_fetch_array($l);
$entered=$lf["login"];

$code = str_replace('.', '', $addr);
$code = str_replace('0', '1', $code);
$code = str_replace('2', '3', $code);
$code = str_replace('4', '5', $code);
$code = str_replace('6', '7', $code);
$code = str_replace('8', '9', $code);

?>
<input name="login<? echo $ref; ?>" value="<? echo $entered; ?>" maxlength="16" emptyok="false"/><br/>
Сообщение:
<br/>
<input name="msg<? echo $ref; ?>" value="<? echo $lgn; ?>" maxlength="200"  emptyok="false"/><br/>
E-mail:<br/>
<input name="email" maxlength="32" emptyok="true"/><br/>
Сообщение:<br/>
<select multiple="true" name="translit">
<option value="toall">Транслит</option>
</select>
<br/>

<anchor>Добавить<go href="add.php?id=<? echo htmlspecialchars(stripslashes(trim($id))); ?>&amp;ref=<? echo $ref; ?>" method="post" sendreferer="true">
<postfield name="id" value="<? echo htmlspecialchars(stripslashes(trim($id))); ?>"/>
<postfield name="login" value="$(login<? echo $ref; ?>)"/>
<postfield name="email" value="$(email)"/>
<postfield name="msg" value="$(msg<? echo $ref; ?>)"/>
<postfield name="code" value="<? echo $code ?>"/>
<postfield name="translit" value="$(translit)"/>
</go></anchor>
<?
echo "<br/><a href=\"index.php?id=$id&amp;ref=$ref\">Гостевая</a><br/>";
?>
</p>
</card>
</wml>
<?

exit;
mysql_close($link);
?>