Location: PHPKode > projects > Enigma > Enigma2/Enigma2_Install/modules/Mod_ShoutBox.php
<?php
/*
*****************************************************************

 Mod_ShoutBox.php
 
*****************************************************************
This file and all of the Shout Box code was derived/converted from
the Enigma 1.x Ultimate Shout Box mod by Greg Haase
*****************************************************************
LSP: Lunabyte Systems Portal
Open-Source Project Inspired by Zef Hemel (hide@address.com)
*****************************************************************
Software Version:             LSP 2.0 "Enigma 2"
Software by:                  Lunabyte Systems (http://www.lunabyte.net)
Copyright 2002-2005 by:       Lunabyte Systems (http://www.lunabyte.net)
Support, News, Updates at:    http://www.lunabyte.net
*****************************************************************
This program is free software; you may redistribute it and/or modify it 
under the terms of the provided license as published by Lunabyte Systems.

This program is distributed in the hope that it is and will be useful,
but WITHOUT ANY WARRANTIES; without even any implied warranty of           
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                        

See the "LSP_license.txt" file for details of the LSP license.
The latest version can always be found at http://www.lunabyte.net.
*****************************************************************
*/
if (!defined('ENIGMA'))
	die('<b>Access Violation</b><br />Direct Access to this location is not allowed.');
else
	ShoutsHub();


function ShoutsHub()
{
	global $context, $txt;

	loadMLanguage('ShoutBox');
	loadMTemplate('ShoutBox');

	$sa = !empty($_REQUEST['sa']) ? $_REQUEST['sa'] : '';

	$subActions = array(
		'shout_reader',
		'shout_archive',
		'shout',
		'delete_shout',
		'delete_all_shouts',
		'delete_shout_age',
	);

	if (isset($context['ShoutInclude'])) {} // loaded for an included display elswhere in the code, do nothing
	elseif (in_array($sa, $subActions))
		$sa();
	elseif (isset($subActions[$sa]))
		$subActions[$sa]();
	else // if there's no subaction, default to the reader
		shout_reader();

	unset($subActions);
}

function shout_reader()
{
	global $db_prefix, $modSettings, $user_info, $context, $txt;

	if (!empty($modSettings['shoutdir']) && $modSettings['shoutdir'] != 0)
	{
		// pull shouts in descending order
		$result = db_query("
			SELECT *
			FROM {$db_prefix}shoutbox
			ORDER BY id DESC
			LIMIT " . (empty($modSettings['shoutlimit']) ? '10' : $modSettings['shoutlimit']), __FILE__, __LINE__);
	}
	else
	{
		// pull shouts in ascending order
		$result = db_query("
			SELECT COUNT(*)
			FROM {$db_prefix}shoutbox", __FILE__, __LINE__);

		list($ct) = mysql_fetch_row($result);
		mysql_free_result($result);
		$limit = empty($modSettings['shoutlimit']) ? 10 : $modSettings['shoutlimit'];
		$rows = (($ct - $limit) > 0) ? $ct - $limit : 0;

		$result = db_query("
			SELECT *
			FROM {$db_prefix}shoutbox
			ORDER BY id ASC
			LIMIT $rows, $limit", __FILE__, __LINE__);
	}

	// Make sure we have results before doing anything
	if (mysql_num_rows($result) > 0)
	{
		//Loop through the results and setup the $context template variables
		$i=0;
		while($r=mysql_fetch_array($result))
		{
			$context['shouts'][$i] = array(
				'time'		=> timeformat($r['time']),
				'id'			=> $r['id'],
				'name'		=> $r['name'],
				'displayname'	=> !empty($r['displayname']) ? $r['displayname'] : '',
				'email'		=> !empty($r['email']) ? $r['email'] : '',
			);
			$message = $r['message'];

			//Censor the message in case some flamer dropped by
			censorText($message);

			// This is Chiani's Magic Make Long Words Short Words Recipe
			// Pay attention, this gets complicated
			$message = explode(" ",$message);
			$mcounter = 0;
			$mlimit = count($message);
			while ($mlimit > $mcounter) {
				$wordlength = strlen($message[$mcounter]);
				if ($wordlength > $modSettings['shoutmaxchr']) {
					$firsthalf = substr($message[$mcounter], 0, $modSettings['shoutsplitchr']) . '...';
					$secondhalf = substr($message[$mcounter], ($modSettings['shoutsplitchr']-$wordlength));
					$returned = array_splice($message, $mcounter, 1, array($firsthalf, $secondhalf));
				}
				$mcounter++;
			}
			$message = implode(" ",$message);

			//Get the smilies and the YaBBC so it looks all pretty
			$context['shouts'][$i]['message'] = doUBBC($message,true);
			$message = '';
			$i++;
		}
		mysql_free_result($result);

		//determine if the current user has permission to delete shouts
		$context['delete_allowed'] = allowedTo('delete_shouts');
	}
	else // there weren't any shouts in the db, so there's nothing to set
	{
		$context['shouts'] = '';
	}

	// if the current user is allowed to submit shouts, call the shout form
	// and set a var to check in the template
	if (allowedTo('submit_shouts'))
	{
		$context['submit_shout'] = (int) true;
		shout_form();
	}
	else
		$context['submit_shout'] = (int) false;

	// before setting the page title, do we need it?
	if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'shout_reader')
		$context['page_title'] = $txt['shoutbox_0'];

	// if this file was included in a page, another template or block,
	// we have to call the subtemplate directly
	if (isset($context['ShoutInclude']))
		loadSubTemplate('shout_reader');
	else
		$context['sub_template'] = 'shout_reader';
}

function shout_archive()
{
global $db_prefix, $modSettings, $settings, $txt, $user_info, $sourcedir, $imagesdir, $smileyfromcache, $sc, $smileytocache, $context;


	if ($modSettings['shoutdir']!=0) //returning the shouts in ascending order
		$result = db_query("SELECT * FROM {$db_prefix}shoutbox ORDER BY id ASC", __FILE__, __LINE__);
	else //For descending order, we just need pull them exactly as they are
		$result = db_query("SELECT * FROM {$db_prefix}shoutbox ORDER BY id DESC", __FILE__, __LINE__);

	$context['page_title'] = $txt['shoutbox_1'];
	// set a variable to check in the shoutform
	$context['shout_archive'] = (int) true;

	if (mysql_num_rows($result) > 0)
	{
		// Loop through the results and load the $context array
		$i=0;
		while($r=mysql_fetch_array($result))
	
		{
	
			$context['shouts_archive'][$i] = array(
				'time'		=> timeformat($r['time']),
				'id'			=> $r['id'],
				'name'		=> $r['name'],
				'displayname'	=> !empty($r['displayname']) ? $r['displayname'] : '',
				'email'		=> !empty($r['email']) ? $r['email'] : '',
			);
			$message = $r['message'];

			//Censor the message in case some flamer dropped by
			censorText($message);

			//Get the smilies and the YaBBC so it looks all pretty
			$context['shouts_archive'][$i]['message'] = doUBBC($message,true);
			$message = '';

			$i++;
		}
		mysql_free_result($result);

		//determine if the current user has permission to delete shouts
		$context['delete_allowed'] = allowedTo('delete_shouts');
	}
	else // there weren't any shouts in the db, so there's nothing to set
	{
		$context['shouts_archive'] = '';
	}

	$context['sub_template'] = 'shout_archive';

	// check if we need the shout form and if the user is allowed to shout
	// and set a var to check in the template
	if (!empty($modSettings['enablearchiveshout']) && $modSettings['enablearchiveshout'] == 1 && allowedTo('submit_shouts'))
	{
		$context['submit_shout'] = (int) true;
		shout_form();
	}
	else
		$context['submit_shout'] = (int) false;


}

function shout_form()
{
	global $context, $user_info, $modSettings, $settings, $db_prefix, $txt;

	// permissions already checked before calling this function, but what the heck?
	isAllowedTo('submit_shouts');

	// setup a link for the form to use to return back to the current page after submitting a shout
	$context['shoutform']['returnlink'] = $_SERVER['PHP_SELF'] . '?' . str_replace(';code=1', '', $_SERVER['QUERY_STRING']);
	// var to designate this user is an admin... do we need this?
	$context['shoutform']['is_admin'] = ($user_info['is_admin']) ? (int) true : (int) false;

	// if the user is a guest and verification has not been disabled
	if ($user_info['is_guest'] && (empty($modSettings['disableshoutverify']) || $modSettings['disableshoutverify'] != '1'))
	{
		$context['shout_image_verify'] = (int) true;

		// Image verification stuff
		include_once('ModuleCaptcha/image_class.php');

		$context['shoutsesc'] = md5(round(rand(0,40000)));
	
		$lsp_captcha = new captcha($context['shoutsesc'], 'modules/ModuleCaptcha/cache');
		$context['shoutimg'] = $lsp_captcha->get_pic(5);
	}
	// otherwise don't do verification
	else
		$context['shout_image_verify'] = (int) false;

	if (!empty($modSettings['shoutsmileys']) && $modSettings['shoutsmileys'] == '1')
	{
		// Initialize smiley array...
		$context['shoutsmileys'] = array(
			'shoutform' => array(),
			'shoutpopup' => array(),
		);
	
		// Load smileys - don't bother to run a query if we're not using the database's ones anyhow.
		if (empty($modSettings['smiley_enable']) && $user_info['smiley_set'] != 'none')
			$context['shoutsmileys']['shoutform'][] = array(
				'smileys' => array(
					array('code' => ':)', 'filename' => 'smiley.gif', 'description' => $txt[287]),
					array('code' => ';)', 'filename' => 'wink.gif', 'description' => $txt[292]),
					array('code' => ':D', 'filename' => 'cheesy.gif', 'description' => $txt[289]),
					array('code' => ';D', 'filename' => 'grin.gif', 'description' => $txt[293]),
					array('code' => '>:(', 'filename' => 'angry.gif', 'description' => $txt[288]),
					array('code' => ':(', 'filename' => 'sad.gif', 'description' => $txt[291]),
					array('code' => ':o', 'filename' => 'shocked.gif', 'description' => $txt[294]),
					array('code' => '8)', 'filename' => 'cool.gif', 'description' => $txt[295]),
					array('code' => '???', 'filename' => 'huh.gif', 'description' => $txt[296]),
					array('code' => '::)', 'filename' => 'rolleyes.gif', 'description' => $txt[450]),
					array('code' => ':P', 'filename' => 'tongue.gif', 'description' => $txt[451]),
					array('code' => ':-[', 'filename' => 'embarassed.gif', 'description' => $txt[526]),
					array('code' => ':-X', 'filename' => 'lipsrsealed.gif', 'description' => $txt[527]),
					array('code' => ':-\\', 'filename' => 'undecided.gif', 'description' => $txt[528]),
					array('code' => ':-*', 'filename' => 'kiss.gif', 'description' => $txt[529]),
					array('code' => ':\'(', 'filename' => 'cry.gif', 'description' => $txt[530])
				),
				'last' => true,
			);
		elseif ($user_info['smiley_set'] != 'none')
		{
			$request = db_query("
				SELECT code, filename, description, smileyRow, hidden
				FROM {$db_prefix}smileys
				WHERE hidden IN (0, 2)
				ORDER BY smileyRow, smileyOrder", __FILE__, __LINE__);
			while ($row = mysql_fetch_assoc($request))
				$context['shoutsmileys'][empty($row['hidden']) ? 'shoutform' : 'shoutpopup'][$row['smileyRow']]['smileys'][] = $row;
			mysql_free_result($request);
		}
	
		// Clean house... add slashes to the code for javascript.
		foreach (array_keys($context['shoutsmileys']) as $location)
		{
			foreach ($context['shoutsmileys'][$location] as $j => $row)
			{
				$n = count($context['shoutsmileys'][$location][$j]['smileys']);
				for ($i = 0; $i < $n; $i++)
				{
					$context['shoutsmileys'][$location][$j]['smileys'][$i]['code'] = addslashes($context['shoutsmileys'][$location][$j]['smileys'][$i]['code']);
					$context['shoutsmileys'][$location][$j]['smileys'][$i]['js_description'] = addslashes($context['shoutsmileys'][$location][$j]['smileys'][$i]['description']);
				}
	
				$context['shoutsmileys'][$location][$j]['smileys'][$n - 1]['last'] = true;
			}
			if (!empty($context['shoutsmileys'][$location]))
				$context['shoutsmileys'][$location][count($context['shoutsmileys'][$location]) - 1]['last'] = true;
		}
		$settings['smileys_url'] = $modSettings['smileys_url'] . '/' . $user_info['smiley_set'];
	}
}

function shout()
{
	global $db_prefix, $user_info, $txt, $modSettings;

	// first, check permissions
	isAllowedTo('submit_shouts');

	// if the user is a guest, and verification is not disabled, check post variable set on site.
	if ($user_info['is_guest'] && (empty($modSettings['disableshoutverify']) || $modSettings['disableshoutverify'] != '1')  && !empty($_POST['go']) && $_POST['go'] == 'verify')
	{
		include_once('ModuleCaptcha/image_class.php');

		$lsp_captcha = new captcha($_POST['shoutv'] , 'modules/ModuleCaptcha/cache');

		$checkcode = $lsp_captcha->verify( $_POST['password'] );
	}
	// verification has been disabled or the user is a member, just check the normal session
	elseif ((!empty($modSettings['disableshoutverify']) && $modSettings['disableshoutverify'] == '1') || !$user_info['is_guest'])
	{
		checkSession('post', '', true);
		// if session is bad, they'll already have an error.  if it's good, set the checkcode var
		$checkcode = (int) true;
	}
	// This user MUST be a bot! Let's have some fun!
	else
	{
		header('http://www.spamcop.net/');
		exit();
	}

	// if they posted on site, then they'll have the right credentials, and hopefully entered in the right code.
	if ($checkcode)
	{
		// make sure all the form fields get filled in
		if (empty($_POST['message']) || empty($_POST['name']) || htmlentities($_POST['name']) == $txt['shoutbox_6'])
			fatal_error($txt['shoutbox_11']);
		// check the email field if the user is a guest
		if ($user_info['is_guest'] && (empty($_POST['email']) || htmlentities($_POST['email']) == $txt['shoutbox_7'] || !eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])))
			fatal_error($txt['shoutbox_12']);
	
		db_query("
			INSERT INTO {$db_prefix}shoutbox (name, displayname, message, time, email)
			VALUES (
				'$_POST[name]',
				'" . (!empty($_POST['displayname']) ? $_POST['displayname'] : '') . "',
				'" . htmlspecialchars($_POST['message'], ENT_QUOTES) . "',
				'" . time() . "',
				'" . (!empty($_POST['email']) ? $_POST['email'] : '') . "'
				)", __FILE__, __LINE__);
	
		// return to the current page
		redirectexit($_POST['qstr'], false);
	}
	else
	{
		// code was wrong, return to the current page with an error in the shoutbox
		redirectexit($_POST['qstr'] . ';code=1', false);
	}


}

function delete_shout()
{
	global $db_prefix, $boardurl;

	// check permissions
	isAllowedTo('delete_shouts');

	// check the users session
	checkSession('get', '', true);

	// no id? Error!
	if (empty($_REQUEST['id']))
		fatal_lang_error(1);

	db_query("DELETE FROM {$db_prefix}shoutbox 
		WHERE id='$_REQUEST[id]'", __FILE__, __LINE__);

	// make sure the call was from this server and return back to refering page
	if (strpos($_SERVER['HTTP_REFERER'], $boardurl) == 0)
	{
		redirectexit($_SERVER['HTTP_REFERER'], false);
	}
	// otherwise, return to $boardurl
	else
		redirectexit();
}

function delete_all_shouts()
{
	global $db_prefix, $modSettings;

	// check permissions
	isAllowedTo('delete_shouts');

	// check the users session
	checkSession('post', '', true);

	// select all shouts
	$result = db_query("SELECT id FROM {$db_prefix}shoutbox ORDER BY id", __FILE__, __LINE__);

	//count the rows returned
	$rows = (mysql_num_rows($result) > 0) ? mysql_num_rows($result): '';

	//subtrack the shoutlimit from the last row to be deleted
	$i = $rows - $modSettings['shoutlimit'];

	if ($i > 0)
	{
		//find the id number for that row
		mysql_data_seek($result, ($i-1));
		$r = mysql_fetch_array($result);
		mysql_free_result($result);

		// set id to delete to
		$delpoint = $r['id'];

		//delete everything in the database that has that id or lower
		db_query("DELETE FROM {$db_prefix}shoutbox WHERE id<=$delpoint", __FILE__, __LINE__);
	}

	redirectexit('module=ShoutBox;sa=shout_archive');
}

function delete_shout_age()
{
	global $db_prefix;

	// check permissions
	isAllowedTo('delete_shouts');

	if (empty($_POST['age']))
		fatal_lang_error(1);

	// set time to delete older than
	$threshold = time()-(24*60*60*$_POST['age']);

	// delete shouts with a time less than the entered age
	db_query("DELETE FROM {$db_prefix}shoutbox WHERE time<$threshold", __FILE__, __LINE__);

	redirectexit('module=ShoutBox;sa=shout_archive');
}

?>
Return current item: Enigma