Файл: new_fanland/chat.php
Строк: 207
<?php
###########################
# Данная версия скрипта принадлежит #
# LiraS aka Артур Лукин Иванович #
# Вносить свои изменения крайне #
# запрещенно! #
###########################
include("db.php");
include "cfg.php";
function koment_first()
{
echo "<div class="main"><div class="in">"; pochta();
if (isset($_POST['zin']) && isset($_GET['usr']))
{
$msg=$_POST['zin'];
$msg = iconv('utf-8', 'windows-1251', $msg);
$msg=substr($msg, 0, 512);
$msg=stripslashes(htmlspecialchars($msg));
$msg=str_replace("rn","<br />",$msg);
$msg=str_replace("r","<br />",$msg);
$msg=str_replace("n","<br />",$msg);
$msg = addslashes($msg);
$msg=preg_replace ("|[rn]+|si","",$msg);
$b = mysql_fetch_array(mysql_query("SELECT * FROM chat WHERE user = '$_GET[usr]' ORDER BY last DESC LIMIT 1"));
$data_kom = strip_tags($b['last']);
$flud = strip_tags($b['flood']);
$data = time(strtotime("+60 seconds"));
$data_dbr = date("y/m/d H:i:s");
$time = time();
$flood = $time+30;
if($msg != "" && $time >= $flud)
{
mysql_query("INSERT INTO chat SET user = '".mysql_real_escape_string($_GET['usr'])."', msg = '".mysql_real_escape_string($msg)."', last = '$data', time = '$time', flood = '$flood'");
$rand = rand(1000,9999);
echo"<font color="green">Сообщение успешно написано<br/></font>";
}
elseif($time < $flud)
{
$sec = $flud - $time;
$rand = rand(1000,9999);
echo "<font color="red">Защита от Флуда! Подождите $sec секунд<br/></font>";
}
elseif($msg == "")
{
$rand = rand(1000,9999);
echo "<font color="red">Вы ненаписали сообщение!<br/></font>";
}
else
{
$rand = rand(1000,9999);
echo "<font color="red">Ошибка!<br/></font>";
}
}
function smiles($string){
$dir = opendir ("smiles");
while ($file = readdir ($dir)) {
if (ereg (".gif$", "$file")){
$file2=str_replace(".gif","",$file);
$string=str_replace(":$file2",'<img src="smiles/'.$file.'" alt="">',$string);
}}
closedir ($dir);
return $string; }
$rand = rand(1000,9999);
echo "<meta http-equiv="refresh" content="30;url=chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&r=$rand"/>";
$times = date("H:i");
echo '<div class="pt"><center>-='.$times.'=-</center></div>';
echo "<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=write">Написать</a><br/>";
echo "<a href="smile.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=">Смайлы</a><br/>";
echo "<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&r=$rand">Обновить</a><br/>";
echo "--------<br/>";
$all = mysql_num_rows(mysql_query("SELECT * FROM chat"));
if(isset($_GET['s'])){$s=intval($_GET['s']);}else{$s=0;}
if($s<0) $s=0;
if($s>$all) $s=0;
$c=$s+1;
$asd = mysql_query("SELECT id, user, msg, time, last FROM chat ORDER BY last DESC LIMIT ".$s.",10");
while($dsa = mysql_fetch_array($asd))
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '$_GET[usr]'"));
$nickas = strip_tags($dsa['user']);
$koment = strip_tags($dsa['msg']);
$time = strip_tags($dsa['time']);
$koment = iconv('windows-1251', 'utf-8', $koment);
$koment = smiles($koment);
echo "<b>[".chat($time)."]";
$t = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '$nickas'"));
$id = strip_tags($t['id']);
if ($t['adm'] >= 2)
{
echo "<img src="../img/admin.gif" alt="administration"></img>";
}
if ($t['adm'] == 1)
{
echo "<img src="../img/moder.gif" alt="moderator"></img>";
}
echo "<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nick=$nickas&id=write">$nickas</a>
<a href="info_m.php?usr=$_GET[usr]&pwd=$_GET[pwd]&man=".$id.""><img src="/img/info.png" alt="[i]" /></a>:</b> $koment<br/>";
if ($a['adm'] > 0)
{
echo "<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&kom=$dsa[id]&id=change_msg">[изменить]</a>|<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&kom=$dsa[id]&id=delete_msg">[удалить]</a><br/>";
}
}
echo "--------<br/>";
$q=mysql_query("SELECT * FROM users WHERE `usr` = '".mysql_real_escape_string($_GET['usr'])."' && `pwd` = '".mysql_real_escape_string($_GET['pwd'])."';");
$users=mysql_fetch_array($q);
if($users['adm'] == 3)
{
echo "<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=trinti">Удалить сообщения</a><br/>";
}
if($all>0)
{
$ba=ceil($all/10);
$ba2=$ba*10-10;
echo "Страницы:";
$asd=$s-(10*3);
$asd2=$s+(10*4);
if($asd<$all && $asd>0){echo ' <a href="chat.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&start=0&r='.$rand.'">1</a> .. ';}
for($i=$asd; $i<$asd2;)
{
if($i<$all && $i>=0)
{
$ii=floor(1+$i/10);
if($s==$i)
{
echo ' '.$ii;
}
else
{
echo ' <a href="chat.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&s='.$i.'&r='.$rand.'">'.$ii.'</a>';
}
}
$i=$i+10;
}
if($asd2<$all){echo ' .. <a href="chat.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&s='.$ba2.'&r='.$rand.'">'.$ba.'</a>';}
}
echo "<br/>n<a href="main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В игру</a>";
}
function rasymas_first()
{
echo "<div class="main"><div class="in">";
pochta();
echo"Сообщение<br/>";
echo "<form action="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]" method="POST">";
if (isset($_GET['nick']))
{
$_GET['nick'] = htmlspecialchars(stripslashes($_GET['nick']));
echo "<input type="text" name="zin" maxlength="250" value="$_GET[nick], " size="10"/><br/>";
}
else
{
echo "<input type="text" name="zin" maxlength="250" size="10"/><br/>";
}
echo "<input type="submit" value="Ok" class="ibutton"><br/>";
echo "---------<br/>";
echo "<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
}
function trinti_kom()
{
$q=mysql_query("SELECT * FROM users WHERE `usr` = '".mysql_real_escape_string($_GET['usr'])."' && `pwd` = '".mysql_real_escape_string($_GET['pwd'])."';");
$users=mysql_fetch_array($q);
if($users['adm'] == 3)
{
mysql_query("DELETE FROM chat");
echo "<div class="main"><div class="in">";
pochta();
echo "Удалено";
echo "<br/><a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
}
else
{
echo "<div class="main"><div class="in">";
pochta();
echo "Иди отсюда подальше:)!";
}
}
// Изменение поста!
function change_msg()
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
echo "<div class="main"><div class="in">";
pochta();
if ($a['adm'] >= 1)
{
$kom = htmlspecialchars(stripslashes($_GET['kom']));
$k = mysql_fetch_array(mysql_query("SELECT * FROM chat WHERE id = '$kom'"));
$k['komentaras'] = iconv("windows-1251","utf-8",$k['msg']);
echo "<form action ="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=change_save&kom=$kom" method="post">";
echo "Сообщение:<br/><input type="text" name="comment" value="$k[komentaras]"><br/>";
echo "<input type="submit" value="Изменить"></form>";
} else
{
echo "Не парь пургу!";
}
echo "<br/><a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В чат</a>";
}
// Сохранение измененного поста!
function change_save()
{
echo "<div class="main"><div class="in">";
pochta();
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
if (empty($_POST['comment']))
{
echo "Пустое сообщение!";
}
elseif (!empty($_POST['comment']))
{
$_POST['comment'] = iconv("utf-8","windows-1251",$_POST['comment']);
mysql_query("UPDATE chat SET msg = '".mysql_real_escape_string($_POST['comment'])."' WHERE id = '".mysql_real_escape_string($_GET['kom'])."'");
echo"Сообщение успешно изменено!";
}
}
else{
echo "Не парь пургу!";
}
echo "<br/><a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В чат</a>";
}
function delete_msg()
{
echo "<div class="main"><div class="in">";
pochta();
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
$kom = $_GET['kom'];
$k = mysql_fetch_array(mysql_query("SELECT * FROM chat WHERE id = '".mysql_real_escape_string($kom)."'"));
$nick = iconv("windows-1251","utf-8",$k['user']);
$msg = iconv("windows-1251","utf-8",$k['msg']);
$time = $k['time'];
echo "Вы действительно хотите удалить: $nick [".chat($time)."]:$msg?";
echo "<br/><a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]&kom=$kom&id=delete_save">да</a>|<a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]">нет</a>";
} else
{
echo "Не парь фигню!";
}
echo "<br/><a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В чат</a>";
}
function delete_save()
{
echo "<div class="main"><div class="in">";
pochta();
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '$_GET[usr]'"));
if ($a[adm] >= 1)
{
if (empty($_GET[kom]))
{
echo "Пустое сообщение";
}
elseif (!empty($_GET[kom]))
{
mysql_query("DELETE FROM chat WHERE id = '".mysql_real_escape_string($_GET['kom'])."'");
echo "Сообщение успешно удалено!";
}
} else
{
echo "Не парь фигню!";
}
echo "<br/><a href="chat.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В чат</a>";
}
$db_connection = mysql_connect($db_host, $db_user, $db_pass);
mysql_select_db($db_table, $db_connection);
mysql_query('SET NAMES cp1251');
$exist = mysql_num_rows(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."' AND pwd = '".mysql_real_escape_string($_GET['pwd'])."'"));
$q=mysql_query("SELECT * FROM users WHERE `usr` = '$_GET[usr]' && `pwd` = '$_GET[pwd]';");
$online = mysql_num_rows(mysql_query("SELECT * FROM online WHERE laikas > '$timeout'"));
$year = date("Y.m.d");
$times = date("H:i");
$vremechko = "$year $times";
$subt = file_get_contents("max_on.dat");
$max = explode("|", $subt);
$max_onl = $max[0];
$max_on_time = $max[1];
if ($online >= $max_onl)
{
$fp55 = fopen("max_on.dat", 'w');
fwrite($fp55, "$online|$vremechko|");
fclose($fp55);
}
$users=mysql_fetch_array($q);
if($exist == 1)
{
include("on.php");
$u = mysql_fetch_array(mysql_query("SELECT id FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
$ban = mysql_num_rows(mysql_query("SELECT * FROM ban WHERE user_id = '".mysql_real_escape_string($u['id'])."'"));
if ($ban > 0)
{
$set['title']='Бан';
head();
title ();
ban();
}
if($_GET['id'] == "")
{
require "d_res.php";
require "stroim.php";
require "food.php";
$set['title']='Чат';
head();
title ();
koment_first();}
elseif($_GET['id'] == "write")
{
$set['title']='Чат - Написать сообщение';
head();
title ();
rasymas_first();}
elseif($_GET['id'] == "writes")
{
$set['title']='Чат - Написать сообщение';
head();
title ();
rasymas();}
elseif($_GET['id'] == "trinti" && $users['adm'] == 3)
{
$set['title']='Чат - Удаление сообщений';
head();
title ();
trinti_kom();}
elseif ($_GET['id'] == "change_msg" && $users['adm'] >= 1)
{
$set['title']='Чат - Изменение сообщения';
head();
title ();
change_msg();}
elseif ($_GET['id'] == "delete_msg" && $users['adm'] >= 1)
{
$set['title']='Чат - Удаление сообщения!';
head();
title ();
delete_msg();
}
elseif ($_GET['id'] == "change_save" && $users['adm'] >= 1)
{
$set['title']='Чат - Сохранение сообщения!';
head();
title ();
change_save();
}
elseif ($_GET['id'] == "delete_save" && $users['adm'] >= 1)
{
$set['title']='Чат - Удаление сообщения!';
head();
title ();
delete_save();
}
}
else
{
echo "<div class="main"><div class="in">";
echo "Вы не зарегистрированы!!!<br/>";
echo "";
}
foot();
mysql_close($db_connection);
?>