PageRenderTime 75ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/shoutbox.php

https://github.com/igorw-forks/icy_phoenix
PHP | 227 lines | 185 code | 21 blank | 21 comment | 46 complexity | 02c38222c5905da0456b540e99c6f4a4 MD5 | raw file
Possible License(s): AGPL-1.0 
    

  1. <?php
    2. 

  2. /**
    3. 

  3. *
    4. 

  4. * @package Icy Phoenix
    5. 

  5. * @version $Id$
    6. 

  6. * @copyright (c) 2008 Icy Phoenix
    7. 

  7. * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    8. 

  8. *
    9. 

  9. */
    10. 

  10. 

  11. define('IN_ICYPHOENIX', true);
    12. 

  12. if (!defined('IP_ROOT_PATH')) define('IP_ROOT_PATH', './');
    13. 

  13. if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
    14. 

  14. include(IP_ROOT_PATH . 'common.' . PHP_EXT);
    15. 

  15. include_once(IP_ROOT_PATH . 'includes/bbcode.' . PHP_EXT);
    16. 

  16. define ('NUM_SHOUT', 20);
    17. 

  17. 

  18. // Start session management
    19. 

  19. $userdata = session_pagestart($user_ip, false);
    20. 

  20. init_userprefs($userdata);
    21. 

  21. // End session management
    22. 

  22. 

  23. $cms_page['page_id'] = 'shoutbox';
    24. 

  24. $cms_page['page_nav'] = (!empty($cms_config_layouts[$cms_page['page_id']]['page_nav']) ? true : false);
    25. 

  25. $cms_page['global_blocks'] = (!empty($cms_config_layouts[$cms_page['page_id']]['global_blocks']) ? true : false);
    26. 

  26. // Force to false...
    27. 

  27. $cms_page['page_nav'] = false;
    28. 

  28. $cms_page['global_blocks'] = false;
    29. 

  29. $cms_auth_level = (isset($cms_config_layouts[$cms_page['page_id']]['view']) ? $cms_config_layouts[$cms_page['page_id']]['view'] : AUTH_ALL);
    30. 

  30. check_page_auth($cms_page['page_id'], $cms_auth_level);
    31. 

  31. 

  32. // Start auth check
    33. 

  33. switch ($userdata['user_level'])
    34. 

  34. {
    35. 

  35. 	case ADMIN :
    36. 

  36. 	case MOD : $is_auth['auth_mod'] = 1;
    37. 

  37. 	default:
    38. 

  38. 		$is_auth['auth_read'] = 1;
    39. 

  39. 		$is_auth['auth_view'] = 1;
    40. 

  40. 		if ($userdata['user_id']==ANONYMOUS)
    41. 

  41. 		{
    42. 

  42. 			$is_auth['auth_delete'] = 0;
    43. 

  43. 			$is_auth['auth_post'] = 0;
    44. 

  44. 		}
    45. 

  45. 		else
    46. 

  46. 		{
    47. 

  47. 			$is_auth['auth_delete'] = 1;
    48. 

  48. 			$is_auth['auth_post'] = 1;
    49. 

  49. 		}
    50. 

  50. }
    51. 

  51. 

  52. if(!$is_auth['auth_read'])
    53. 

  53. {
    54. 

  54. 	message_die(GENERAL_MESSAGE, $lang['Not_Authorized']);
    55. 

  55. }
    56. 

  56. // End auth check
    57. 

  57. 

  58. //$refresh = (isset($_POST['auto_refresh']) || isset($_POST['refresh'])) ? 1 : 0;
    59. 

  59. $refresh = (isset($_GET['auto_refresh']) || isset($_GET['refresh'])) ? 1 : 0;
    60. 

  60. $submit = (isset($_POST['shout']) && isset($_POST['message'])) ? 1 : 0;
    61. 

  61. $mode = request_var('mode', '');
    62. 

  62. 

  63. // Set toggles for various options
    64. 

  64. if (!$config['allow_html'])
    65. 

  65. {
    66. 

  66. 	$html_on = 0;
    67. 

  67. }
    68. 

  68. else
    69. 

  69. {
    70. 

  70. 	$html_on = ($submit || $refresh || $preview) ? ((!empty($_POST['disable_html'])) ? 0 : 1) : (($userdata['user_id'] == ANONYMOUS) ? $config['allow_html'] : $userdata['user_allowhtml']);
    71. 

  71. }
    72. 

  72. if (!$config['allow_bbcode'])
    73. 

  73. {
    74. 

  74. 	$bbcode_on = 0;
    75. 

  75. }
    76. 

  76. else
    77. 

  77. {
    78. 

  78. 	$bbcode_on = ($submit || $refresh || $preview) ? ((!empty($_POST['disable_bbcode'])) ? 0 : 1) : (($userdata['user_id'] == ANONYMOUS) ? $config['allow_bbcode'] : $userdata['user_allowbbcode']);
    79. 

  79. }
    80. 

  80. 

  81. if (!$config['allow_smilies'])
    82. 

  82. {
    83. 

  83. 	$smilies_on = 0;
    84. 

  84. }
    85. 

  85. else
    86. 

  86. {
    87. 

  87. 	$smilies_on = ($submit || $refresh || $preview) ? ((!empty($_POST['disable_smilies'])) ? 0 : 1) : (($userdata['user_id'] == ANONYMOUS) ? $config['allow_smilies'] : $userdata['user_allowsmile']);
    88. 

  88. 	if ($smilies_on)
    89. 

  89. 	{
    90. 

  90. 		include(IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT);
    91. 

  91. 		generate_smilies('inline');
    92. 

  92. 		if ($mode == 'smilies')
    93. 

  93. 		{
    94. 

  94. 			generate_smilies('window');
    95. 

  95. 			exit;
    96. 

  96. 		}
    97. 

  97. 	}
    98. 

  98. }
    99. 

  99. 

  100. if ($refresh)
    101. 

  101. {
    102. 

  102. 	$message = request_post_var('message', '', true);
    103. 

  103. 	if (!empty($message))
    104. 

  104. 	{
    105. 

  105. 		$template->assign_var('MESSAGE',$message);
    106. 

  106. 	}
    107. 

  107. }
    108. 

  108. elseif ($submit || isset($_POST['message']))
    109. 

  109. {
    110. 

  110. 	$current_time = time();
    111. 

  111. 	// Flood control
    112. 

  112. 	$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "shout_ip = '$user_ip'" : 'shout_user_id = ' . $userdata['user_id'];
    113. 

  113. 	$sql = "SELECT MAX(shout_session_time) AS last_post_time
    114. 

  114. 		FROM " . SHOUTBOX_TABLE . "
    115. 

  115. 		WHERE $where_sql";
    116. 

  116. 	$db->sql_return_on_error(true);
    117. 

  117. 	$result = $db->sql_query($sql);
    118. 

  118. 	$db->sql_return_on_error(false);
    119. 

  119. 	if ($result)
    120. 

  120. 	{
    121. 

  121. 		if ($row = $db->sql_fetchrow($result))
    122. 

  122. 		{
    123. 

  123. 			if (($row['last_post_time'] > 0) && (($current_time - $row['last_post_time']) < $config['flood_interval']) && ($userdata['user_level'] != ADMIN))
    124. 

  124. 			{
    125. 

  125. 				$error = true;
    126. 

  126. 				$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Flood_Error'] : $lang['Flood_Error'];
    127. 

  127. 			}
    128. 

  128. 		}
    129. 

  129. 	}
    130. 

  130. 	// Check username
    131. 

  131. 	$username = $userdata['session_logged_in'] ? htmlspecialchars($userdata['username']) : request_post_var('username', '', true);
    132. 

  132. 	if (!$userdata['session_logged_in'] && !empty($username))
    133. 

  133. 	{
    134. 

  134. 		include(IP_ROOT_PATH . 'includes/functions_validate.' . PHP_EXT);
    135. 

  135. 		$result = validate_username($username);
    136. 

  136. 		if ($result['error'])
    137. 

  137. 		{
    138. 

  138. 			$error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg'];
    139. 

  139. 		}
    140. 

  140. 	}
    141. 

  141. 

  142. 	$message = request_post_var('message', '', true);
    143. 

  143. 	$message = htmlspecialchars_decode($message, ENT_COMPAT);
    144. 

  144. 	// insert shout !
    145. 

  145. 	if (!empty($message) && $is_auth['auth_post'] && !$error)
    146. 

  146. 	{
    147. 

  147. 		include_once(IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT);
    148. 

  148. 		$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on);
    149. 

  149. 		if ($config['img_shoutbox'] == true)
    150. 

  150. 		{
    151. 

  151. 			$message = preg_replace ("#\[url=(http://)([^ \"\n\r\t<]*)\]\[img\](http://)([^ \"\n\r\t<]*)\[/img\]\[/url\]#i", '[url=\\1\\2]\\4[/url]', $message);
    152. 

  152. 			$message = preg_replace ("#\[img\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message);
    153. 

  153. 			$message = preg_replace ("#\[img align=left\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message);
    154. 

  154. 			$message = preg_replace ("#\[img align=right\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message);
    155. 

  155. 		}
    156. 

  156. 		$sql = "INSERT INTO " . SHOUTBOX_TABLE . " (shout_text, shout_session_time, shout_user_id, shout_ip, shout_username, enable_bbcode, enable_html, enable_smilies)
    157. 

  157. 				VALUES ('" . $db->sql_escape($message) . "', '" . time() . "', '" . $userdata['user_id'] . "', '$user_ip', '" . $db->sql_escape($username) . "', $bbcode_on, $html_on, $smilies_on)";
    158. 

  158. 		$result = $db->sql_query($sql);
    159. 

  159. 

  160. 		// auto prune
    161. 

  161. 		if ($config['prune_shouts'])
    162. 

  162. 		{
    163. 

  163. 			$sql = "DELETE FROM " . SHOUTBOX_TABLE . " WHERE shout_session_time<=" . (time() - (86400 * $config['prune_shouts']));
    164. 

  164. 			$result = $db->sql_query($sql);
    165. 

  165. 		}
    166. 

  166. 	}
    167. 

  167. }
    168. 

  168. 

  169. // see if we need offset
    170. 

  170. $start = request_var('start', 0);
    171. 

  171. $start = ($start < 0) ? 0 : $start;
    172. 

  172. if ($submit)
    173. 

  173. {
    174. 

  174. 	$start = 0;
    175. 

  175. }
    176. 

  176. 

  177. // Show simple shoutbox
    178. 

  178. if ($is_auth['auth_post'])
    179. 

  179. {
    180. 

  180. 	$template->assign_block_vars('switch_auth_post', array());
    181. 

  181. }
    182. 

  182. else
    183. 

  183. {
    184. 

  184. 	$template->assign_block_vars('switch_auth_no_post', array());
    185. 

  185. }
    186. 

  186. 

  187. if ($bbcode_on)
    188. 

  188. {
    189. 

  189. 	$template->assign_block_vars('switch_auth_post.switch_bbcode', array());
    190. 

  190. }
    191. 

  191. $template->set_filenames(array('body' => 'shoutbox_body.tpl'));
    192. 

  192. 

  193. 

  194. $template->assign_vars(array(
    195. 

  195. 	'U_SHOUTBOX' => append_sid('shoutbox.' . PHP_EXT . '?start=' . $start),
    196. 

  196. 	'U_SHOUTBOX_VIEW' => append_sid('shoutbox_view.' . PHP_EXT . '?start=' . $start),
    197. 

  197. 	'T_HEAD_STYLESHEET' => $theme['head_stylesheet'],
    198. 

  198. 	'T_NAME' => $theme['template_name'],
    199. 

  199. 

  200. 	'L_SHOUTBOX' => $lang['Shoutbox'],
    201. 

  201. 	'L_SHOUT_PREVIEW' => $lang['Preview'],
    202. 

  202. 	'L_SHOUT_SUBMIT' => $lang['Go'],
    203. 

  203. 	'L_SHOUT_TEXT' => $lang['Shout_text'],
    204. 

  204. 	'L_SHOUT_REFRESH' => $lang['Shout_refresh'],
    205. 

  205. 	'L_SMILIES' => $lang['Smilies'],
    206. 

  206. 	'T_URL' => 'templates/' . $theme['template_name'],
    207. 

  207. 	'S_CONTENT_ENCODING' => $lang['ENCODING'],
    208. 

  208. 	'L_BBCODE_CLOSE_TAGS' => $lang['Close_Tags'],
    209. 

  209. 	'L_SHOUTBOX_LOGIN' => $lang['Login_join'],
    210. 

  210. 

  211. 	'SHOUT_VIEW_SIZE' => ($max) ? $max : 0,
    212. 

  212. 	'S_HIDDEN_FIELDS' => $s_hidden_fields
    213. 

  213. 	)
    214. 

  214. );
    215. 

  215. 

  216. if($error_msg != '')
    217. 

  217. {
    218. 

  218. 	$template->set_filenames(array('reg_header' => 'error_body.tpl'));
    219. 

  219. 	$template->assign_vars(array('ERROR_MESSAGE' => $error_msg));
    220. 

  220. 	$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
    221. 

  221. 	$message = request_var('message', '', true);
    222. 

  222. 	$template->assign_var('MESSAGE', $message);
    223. 

  223. }
    224. 

  224. 

  225. $template->pparse('body');
    226. 

  226. 

  227. ?>
    228.