Файл: private.php
Строк: 320
<?php
#############################
# СКРИПТ ФОРУМА #
# КАК НА #
# http://ony.su #
# Автор : ExPLOiT #
# ICQ : 949-38-99 #
#############################
/*
! Вы не имеете права распространять данный скрипт. !
*/
include_once("connect.php");
include_once("config.php");
include_once("functions.php");
include_once("users.php");
if($authorize)
{
switch($_GET['p'])
{
default:
if(!empty($_GET['new']))
{
$new = "AND new=1 ";
}
if($version == "xhtml")
{
$thisPageSize = 700;
}
else
{
$thisPageSize = 500;
}
if($version == "wml")
{
header("content-type: text/vnd.wap.wml; charset=utf-8");
echo(doctype("Приват - ".$username).$tag);
echo('<a href="private.php?p=1&sid='.$sid.'&v=wml">Сказать</a><br />
<a href="private.php?v=wml&sid='.$sid.'&rnd='.$ref."">В начало</a><br /><br />rn");
if( isset($_GET['clear']) )
{
echo("Вы уверены, что хотите удалить все сообщения?rn");
echo("<a href='private.php?p=4&v=wml&sid=$sid'>Да</a> | <a href='private.php?v=wml&sid=$sid'>Нет</a><br />rn");
}
$sql = "SELECT *
FROM private
WHERE name = '".$username."'
".$new."
GROUP BY id
ORDER BY id DESC ";
$count = mysql_num_rows(mysql_query($sql));
$start = intval($_GET['s']);
if(!empty($start))
{
$limit = "LIMIT ".$start.", ".abs($count - $start);
$int = $start;
}
else
{
$int = 0;
}
$sql .= $limit;
$query = mysql_query($sql);
while($mess = mysql_fetch_assoc($query))
{
static $s;
if($mess['new'] == 1 AND $mess['mod'] == 'i')
{
echo('*');
}
echo(date("d.m H:i", $mess['time']).']');
if($mess['mod'] == "o" AND preg_match("|^$username|iu", $mess['name']))
{
echo("<b>Я><a href="" . $_SERVER['PHP_SELF'] . "?v=wml&sid=".$sid."&uid=".username2id($mess['tname'])."&p=1">".$mess['tname']."</a></b><br />rn");
}
else
{
echo("<b><a href="" . $_SERVER['PHP_SELF'] . "?v=wml&sid=".$sid."&p=1&uid=".username2id($mess['tname'])."">".$mess['tname']."</a></b><br />rn");
}
echo(nl2br($mess['mess'])."<br />rn");
$int++;
$s += strlen($mess['time'].$mess['name'].$mess['tname'].$mess['mess']);
if($s + $thisPageSize + (110 * abs($int - $start)) > $pageSize)
{
if($int != $count)
{
$next = $int;
}
break;
}
}
echo("- - - - <br />rn");
if(!empty($next))
{
echo("<a accesskey="3" href="" . $_SERVER['PHP_SELF'] . "?v=wml&sid=".$sid."&s=".$next."">Дальше...(3)</a><br />rn");
}
echo("<a href='private.php?sid=$sid&v=wml&clear=1'>Очистить приват</a><br />rn");
echo("<a href="".$forumdir."v=wml&sid=".$sid."" accesskey="1">В форум (1)</a>rn");
echo($tagC."</p></card></wml>");
} elseif($version == "xhtml")
{
header("Content-type: text/html; charset=utf-8");
echo('<html>
<head>
<title>Приват - '.$username.'</title>
</head>
<body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<tr><td align="center" bgcolor="'.$style['title'].'">
<font color="#FFFFFF"><b>Приват - '.$username.'</b></font>
</td></tr>
<tr><td bgcolor="'.$style['bottom'].'">'.$tag.'
<a href="private.php?v=xhtml&sid='.$sid.'&p=1">Сказать</a><br />
<a href="private.php?v=xhtml&sid='.$sid.'&rnd='.$ref.'">В начало</a><br />');
if( isset($_GET['clear']) )
{
echo("Вы уверены, что хотите удалить все сообщения?rn");
echo("<a href='private.php?p=4&v=html&sid=$sid'>Да</a> | <a href='private.php?v=html&sid=$sid'>Нет</a><br />rn");
}
echo($tagC.'</td></tr>
<tr bgcolor="'.$style['text'].'"><td>'.$tag);
$sql = "SELECT *
FROM private
WHERE name = '".$username."'
".$new."
GROUP BY id
ORDER BY id DESC ";
$count = mysql_num_rows(mysql_query($sql));
$start = intval($_GET['s']);
if(!empty($start))
{
$limit = "LIMIT ".$start.", ".abs($count - $start);
$int = $start;
}
else
{
$int = 0;
}
$sql .= $limit;
$query = mysql_query($sql);
while($mess = mysql_fetch_assoc($query))
{
static $s;
if($mess['new'] == 1 AND $mess['mod'] == 'i')
{
echo('*');
}
echo(date("d.m H:i", $mess['time']).']');
if($mess['mod'] == "o" AND preg_match("|^$username|iu", $mess['name']))
{
echo("<b>Я><a href="" . $_SERVER['PHP_SELF'] . "?v=xhtml&sid=".$sid."&uid=".username2id($mess['tname'])."&p=1">".$mess['tname']."</a></b><br />rn");
}
else
{
echo("<b><a href="" . $_SERVER['PHP_SELF'] . "?v=xhtml&sid=".$sid."&p=1&uid=".username2id($mess['tname'])."">".$mess['tname']."</a></b><br />rn");
}
echo(nl2br($mess['mess'])."<br />rn");
$int++;
$s += strlen($mess['time'].$mess['name'].$mess['tname'].$mess['mess']);
if($s + $thisPageSize + (110 * abs($int - $start)) > $pageSize)
{
if($int != $count)
{
$next = $int;
}
break;
}
}
echo($tagC.'</td></tr>
<tr bgcolor="'.$style['bottom'].'"><td>'.$tag);
if(!empty($next))
{
echo("<a href="" . $_SERVER['PHP_SELF'] . "?v=xhtml&sid=".$sid."&s=".$next."">Дальше...</a><br />rn");
}
echo("<a href='private.php?sid=$sid&v=xhtml&clear=1'>Очистить приват</a><br />rn");
echo("<a href="".$forumdir."v=xhtml&sid=".$sid."">В форум </a>rn");
echo($tagC.'</td></tr></table>
</body></html>');
}
mysql_query("UPDATE private SET new=0 WHERE name='".$username."'");
break;
case 1:
if($version == "wml")
{
header("content-type: text/vnd.wap.wml; charset=utf-8");
echo(doctype("Приват - ".$username).$tag);
echo("<a href='" . $_SERVER['PHP_SELF'] . "?p=3&v=wml&sid=$sid'>Игнор</a><br />rn");
if(!empty($_GET['uid']))
{
$uid = intval($_GET['uid']);
$username = mysql_query("SELECT username FROM users WHERE id=".$uid);
}
if(@mysql_num_rows($username) != 0)
{
$link = mysql_fetch_assoc($username);
echo("Кому: [".$link['username']."] <a href="".$forumdir."v=wml&sid=".$sid."&id=".$uid."&mode=user">[Анкета]</a>rn".$tagC);
echo("<a href='" . $_SERVER['PHP_SELF'] . "?p=3&uid=$uid&v=wml&sid=$sid'>[В игнор]</a>rn");
if( in_array($status, array('admin', 'moderator')) )
{
echo("<a href='ban.php?v=wml&back=" . base64_encode(htmlspecialchars($_SERVER['REQUEST_URI'])) . "&username=" . $link['username'] . "&sid=$sid'>[Бан]</a> $tagC");
}
}
else
{
echo("Кому: ".$tagC."<input type="text" name="to" />rn");
}
echo("<br />" . $tag."Сообщение:".$tagC." <input type="text" name="mess" /><br />
<anchor>[Сказать]
<go href="private.php?v=wml&sid=".$sid."&p=2&uid=" . $_GET['uid'] . "" method="post">
<postfield name="mess" value="$(mess)" />
<postfield name="to" value="$(to)".$link['username']."" />
</go></anchor><br />
".$tag."
- - - - <br />
<anchor>Назад<prev /></anchor><br />
<a href="private.php?v=wml&sid=".$sid."&rnd=".$ref."">В приват</a>
".$tagC."</p>
</card></wml>");
} elseif($version == "xhtml")
{
header("Content-type: text/html; charset=utf-8");
echo('<html>
<head>
<title>Приват - '.$username.'</title>
</head>
<body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<form action="private.php?v=xhtml&sid='.$sid.'&p=2&uid=' . $_GET['uid'] . '" method="post">
<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<tr bgcolor="'.$style['title'].'"><td align="center" colspan="2">
<font color="#FFFFFF"><b>Приват - '.$username.'</b></font>
</td></tr>
<tr bgcolor="'.$style['bottom'].'">
<td colspan="2">
<a href="' . $_SERVER['PHP_SELF'] . '?p=3&v=html&sid=' . $sid . '">Игнор</a><br />
</td></tr>
<tr bgcolor="'.$style['text'].'"><td>');
if(!empty($_GET['uid']))
{
$uid = intval($_GET['uid']);
$username = mysql_query("SELECT username FROM users WHERE id=".$uid);
}
if(@mysql_num_rows($username) > 0)
{
$link = mysql_fetch_assoc($username);
echo($tag."Кому:</td><td> [".$link['username']."] <a href="".$forumdir."v=xhtml&sid=".$sid."&id=".$uid."&mode=user">[Анкета]</a>");
echo("<a href='" . $_SERVER['PHP_SELF'] . "?p=3&uid=$uid&v=html&sid=$sid'>[В игнор]</a>rn");
if( in_array($status, array('admin', 'moderator')) )
{
echo("<a href='ban.php?v=xhtml&back=" . base64_encode(htmlspecialchars($_SERVER['REQUEST_URI'])) . "&username=" . $link['username'] . "&sid=$sid'>[Бан]</a></td></tr>rn $tagC");
}
$hidden = "<input type="hidden" name="to" value="".$link['username']."" />rn";
}
else
{
echo($tag."Кому:".$tagC."</td><td> <input type="text" name="to" /></td></tr>rn");
}
echo("<tr bgcolor="".$style['text'].""><td>
".$tag."Сообщение:".$tagC."</td><td><textarea name="mess" cols="30" rows="5"></textarea></td></tr>
<tr bgcolor="".$style['text'].""><td align="center" colspan="2">
".$hidden."
<input type="submit" value="Сказать" /></td></tr>
<tr bgcolor="".$style['bottom'].""><td colspan="2">
$tag
<a href='javascript:history.back(1)'>Назад</a><br/>
<a href="private.php?v=xhtml&sid=".$sid."&rnd=".$ref."">В приват</a> $tagC
</td></tr></table>
</form>
</body></html>");
}
break;
case 2:
$mess = sql(htmlspecialchars(trim(substr($_POST['mess'], 0, 500))));
$mess = preg_replace_callback("|<(d{1,20})>|", "smile", $mess);
if($status == "admin" or $starus == "moderator")
{
$mess = preg_replace("|[url=(.*)](.*)[/url]|is", "<a href="go/?\1">\2</a>", $mess);
$mess = preg_replace("|[b](.*)[/b]|i", "<b>\1</b>", $mess);
$mess = preg_replace("|[i](.*)[/i]|i", "<i>\1</i>", $mess);
}
else
{
$mess = preg_replace("|(http://[^s]+)|i", "<a href="go/?\1">\1</a>", $mess);
}
$to = htmlspecialchars(trim(sql(substr($_POST['to'], 0, 15))));
if(!mysql_result(mysql_query("SELECT COUNT(*) FROM users WHERE username='".$to."'"), 0))
{
if($version == "wml")
{
header('Content-type: text/vnd.wap.wml; charset=utf-8');
echo(doctype("Ошибка").$tag.'
Пользователя не существует! <br />
- - - - <br />
<anchor>Назад<prev /></anchor><br />
<a href="private.php?v=wml&sid='.$sid.'">В приват</a>
'.$tag.'
</p></card></wml>');
} elseif($version == "xhtml")
{
header("Content-type: text/html; charset=utf-8");
echo('<html>
<head>
<title>Ошибка</title>
</head>
<body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<tr><td align="center" bgcolor="'.$style['title'].'">
<font color="#FFFFFF"><b>Ошибка</b></font>
</td></tr>
<tr><td bgcolor="'.$style['text'].'">
'.$tag.'Пользователя не существует!'.$tagC.'
</td></tr>
<tr><td bgcolor="'.$style['bottom'].'">
'.$tag.'<a href="private.php/?v=xhtml&sid='.$sid.'">В приват</a>'.$tagC.'
</td></tr></table>
</body></html>');
}
}
else
{
if(!empty($_POST['mess']) && $to != $username)
{
if(mysql_result(mysql_query("SELECT COUNT(*) FROM private WHERE name='".$username."' AND `mod`='o'"), 0) > 15)
{
mysql_query("DELETE FROM private WHERE name='".$username."' AND `mod`='o' ORDER BY id LIMIT 1");
}
if(mysql_result(mysql_query("SELECT COUNT(*) FROM private WHERE name='".$to."' AND `mod`='i'"), 0) > 15)
{
mysql_query("DELETE FROM private WHERE name='".$to."' AND `mod`='i' ORDER BY id LIMIT 1");
}
$uid = (int)$_GET['uid'];
if( !mysql_result(mysql_query("SELECT COUNT(*) FROM `ignore` WHERE uid = $uid AND `ignore_user` = '$username'"), 0))
{
mysql_query("INSERT INTO private VALUES(0, '".$mess."', '".$to."', 'i', '".$username."', 1, ".time().")");
mysql_query("INSERT INTO private VALUES(0, '".$mess."', '".$username."', 'o', '".$to."', 1, ".time().")");
}
}
header("Location: ".$_SERVER['PHP_SELF'].'?v='.$version.'&sid='.$sid.'&rnd='.$ref);
}
break;
case 3:
if( isset($_GET['uid']) )
{
if( mysql_result(
mysql_query("SELECT COUNT(*) FROM `users` WHERE `id` = " . intval($_GET['uid'])), 0))
{
$uid2name = mysql_fetch_assoc(mysql_query("SELECT username FROM users WHERE id = " . intval($_GET['uid'])));
if( !mysql_result(mysql_query("SELECT COUNT(*) FROM `ignore` WHERE uid = $infoUserRows[id] AND `ignore_user` = '$uid2name[username]'"), 0))
{
mysql_query("INSERT INTO `ignore` VALUES(0, $infoUserRows[id], '" . $uid2name['username'] . "')");
}
}
}
if( isset($_GET['del']) )
{
$id = (int)$_GET['id'];
if( mysql_result(mysql_query(
"SELECT COUNT(*) FROM `ignore` WHERE id = $id AND uid = $infoUserRows[id]"), 0) )
{
mysql_query("DELETE FROM `ignore` WHERE id = $id");
}
}
$sql = mysql_query("SELECT * FROM `ignore` WHERE `uid` = $infoUserRows[id]");
if( !mysql_num_rows($sql) )
{
$print[] = "Список игнорируемых контактов пуст!";
}
else
{
while($contacts = mysql_fetch_assoc($sql))
{
$print[] = $contacts['ignore_user'] . " - <a href='" . $_SERVER['PHP_SELF'] . "?del=1&sid=$sid&p=3&id=" . $contacts['id'] . "&v=" . $version . "'>Удалить</a><br />rn";
}
}
if($version == "wml")
{
header('Content-type: text/vnd.wap.wml; charset=utf-8');
echo(doctype("Игнор") . $tag .
" <br /> rn" .
join($print) . "
- - - - <br />
<anchor>Назад<prev /></anchor><br />
<a href='private.php?v=wml&sid=$sid'>В приват</a>
".$tag."
</p></card></wml>");
} elseif($version == "xhtml")
{
header("Content-type: text/html; charset=utf-8");
echo('<html>
<head>
<title>Игнор</title>
</head>
<body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<tr><td align="center" bgcolor="'.$style['title'].'">
<font color="#FFFFFF"><b>Игнор</b></font>
</td></tr>
<tr><td bgcolor="'.$style['text'].'">
'.$tag . join($print) . $tagC.'
</td></tr>
<tr><td bgcolor="'.$style['bottom'].'">
'.$tag.'<a href="private.php/?v=xhtml&sid='.$sid.'">В приват</a>'.$tagC.'
</td></tr></table>
</body></html>');
}
break;
case 4:
mysql_query("DELETE FROM private WHERE name = '$username'");
header("Location: ".$_SERVER['PHP_SELF'].'?v='.$version.'&sid='.$sid.'&rnd='.$ref);
break;
}
}
?>