Source of trunk/shoutbox.php at revision 363 (05/07/2008 10:05:26, 4482 bytes, 144 lines, language: php) [download]:
| 1 | <?php |
| 2 | |
| 3 | /* |
| 4 | ** Shoutbox Functions |
| 5 | ** for CodewiseBlog Multi-User |
| 6 | ** |
| 7 | |
| 8 | ** Copyright (c) 2005-2008 Codewise.org |
| 9 | */ |
| 10 | |
| 11 | /* |
| 12 | ** This file is part of CodewiseBlog |
| 13 | ** |
| 14 | ** CodewiseBlog is free software; you can redistribute it and/or modify |
| 15 | ** it under the terms of the GNU General Public License as published by |
| 16 | ** the Free Software Foundation; either version 2 of the License, or |
| 17 | ** (at your option) any later version. |
| 18 | ** |
| 19 | ** CodewiseBlog is distributed in the hope that it will be useful, |
| 20 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 21 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 22 | ** GNU General Public License for more details. |
| 23 | ** |
| 24 | ** You should have received a copy of the GNU General Public License |
| 25 | ** along with CodewiseBlog; if not, write to the Free Software |
| 26 | ** Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
| 27 | */ |
| 28 | |
| 29 | function shoutbox() |
| 30 | { |
| 31 | global $db; |
| 32 | |
| 33 | $q = $db->issue_query("SELECT * FROM shoutbox WHERE blogid = '" . BLOGID . "' ORDER BY timestamp DESC LIMIT ".SHOUTS_PER_PAGE); |
| 34 | $data = $db->fetch_all($q, L1SQL_ASSOC); |
| 35 | $data = array_reverse($data); |
| 36 | |
| 37 | $contents = ""; |
| 38 | for($i = 0; $row = $data[$i]; $i++) |
| 39 | { |
| 40 | $text = preg_replace("/\n$/", "", textprocess($row['text'])); |
| 41 | |
| 42 | if($i % 2) $sect = "row_odd"; |
| 43 | else $sect = "row_even"; |
| 44 | |
| 45 | $contents .= skinvoodoo("shoutbox", $sect, array( |
| 46 | "link" => $row['link'], |
| 47 | "name" => $row['name'], |
| 48 | "text" => $text, |
| 49 | "date" => date(DATE_FORMAT, $row['timestamp']), |
| 50 | "url_delshout" => INDEX_URL . "?controlpanel:manage&del=shout:{$row['timestamp']}", |
| 51 | )); |
| 52 | } |
| 53 | |
| 54 | if($db->num_rows[$q] == 0) |
| 55 | $contents = skinvoodoo("shoutbox", "nothing"); |
| 56 | |
| 57 | if(isset($_SESSION['postername'])) |
| 58 | $name = $_SESSION['postername']; |
| 59 | else |
| 60 | $name = ""; |
| 61 | |
| 62 | if(isset($_SESSION['posterlink']) && $_SESSION['posterlink'] != "") |
| 63 | $link = $_SESSION['posterlink']; |
| 64 | else |
| 65 | $link = "http://"; |
| 66 | |
| 67 | return skinvoodoo("shoutbox", "", array("contents" => $contents, "posturl" => INDEX_URL . "?shoutbox", "name" => $name, "link" => $link)); |
| 68 | } |
| 69 | |
| 70 | function shoutbox_process() |
| 71 | { |
| 72 | global $db; |
| 73 | |
| 74 | if (BLOGID == 2) |
| 75 | { |
| 76 | return skinvoodoo("error", "error", array("message" => "Shoutbox is disabled for this user.")); |
| 77 | } |
| 78 | |
| 79 | $name = strip_tags($_POST['name']); |
| 80 | if($name == "") |
| 81 | $name = ANONYMOUS_NAME; |
| 82 | |
| 83 | if($_POST['link'] == "http://" || $_POST['link'] == "") |
| 84 | { |
| 85 | $link = null; |
| 86 | } elseif(strpos($_POST['link'], "http://")) { |
| 87 | $link = htmlspecialchars("http://".$_POST['link']); |
| 88 | } else { |
| 89 | $link = htmlspecialchars($_POST['link']); |
| 90 | } |
| 91 | |
| 92 | $filter = in_text_filter($_POST['text']); |
| 93 | |
| 94 | if(is_array($filter)) |
| 95 | { |
| 96 | $text = $filter[0]; |
| 97 | $text_filter_msg = $filter[1]; |
| 98 | } else { |
| 99 | $text = $filter; |
| 100 | $text_filter_msg = ""; |
| 101 | } |
| 102 | |
| 103 | if($text_filter_msg) |
| 104 | { |
| 105 | return "<div style=\"border: 1px solid black; background: red; color: black;\">$text_filter_msg</div>" |
| 106 | . "<br />Your input:<div style=\"border: 1px solid black; background: #eee; color: black;\">" . htmlspecialchars($_POST['text']) . "</div>" |
| 107 | . "<a href=\"" . INDEX_URL . "\">Back...</a>"; |
| 108 | } |
| 109 | |
| 110 | if(strlen($text) > 255) |
| 111 | return skinvoodoo("error", "error", array("message" => "Text is too long. Please <a href=\"javascript:history.back()\">go back</a> and fix it.")); |
| 112 | |
| 113 | if($text == "") |
| 114 | return skinvoodoo("error", "error", array("message" => "Text cannot be empty.</div>Please <a href=\"javascript:history.back()\">go back</a> and fix it.")); |
| 115 | |
| 116 | $_SESSION['postername'] = $name; |
| 117 | $_SESSION['posterlink'] = $link; |
| 118 | |
| 119 | $ip = $_SERVER['REMOTE_ADDR']; |
| 120 | |
| 121 | // make sure we get the client's IP if we're using mod_rewrite to proxy the request |
| 122 | if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) |
| 123 | $ip .= "::".$_SERVER['HTTP_X_FORWARDED_FOR']; |
| 124 | |
| 125 | $data = array |
| 126 | ( |
| 127 | "blogid" => BLOGID, |
| 128 | "name" => $name, |
| 129 | "timestamp" => time(), |
| 130 | "link" => $link, |
| 131 | "text" => $text, |
| 132 | "extra" => "ip: $ip\nuseragent: {$_SERVER['HTTP_USER_AGENT']}\n", |
| 133 | ); |
| 134 | |
| 135 | if(($out = antispam_shoutbox($data, $ip)) !== NULL) |
| 136 | return $out; |
| 137 | |
| 138 | $db->insert("shoutbox", $data); |
| 139 | |
| 140 | return "Your shout has been recorded successfully. :)<br /><br /><a href=\"" . INDEX_URL . "\">Go Back</a>"; |
| 141 | } |
| 142 | |
| 143 | ?> |
| 144 |