Location: PHPKode > projects > H-tracker > shoutbox.php
<?
//
//  H-Tracker v0.2
//    http://h-tracker.org
//    Based on TorrentTrader (http://www.torrenttrader.org)
//
//
require_once("backend/functions.php");
require_once("backend/smilies.php"); 
dbconn(false);

if ($site_config['SHOUTBOX']){
?>
<script language=javascript>
function SmileIT(smile,form,text){
   document.forms[form].elements[text].value = document.forms[form].elements[text].value+" "+smile+" ";
   document.forms[form].elements[text].focus();
} 

var win = null;
function PopMoreSmiles(form,name,w,h,scroll){
LeftPosition = (screen.width) ? (screen.width-w)/2 : 0;
TopPosition = (screen.height) ? (screen.height-h)/2 : 0;
settings =
'height='+h+',width='+w+',top='+TopPosition+',left='+LeftPosition+',scrollbars='+scroll+',resizable'
link='moresmiles.php?form='+form+'&text='+name  
win = window.open(link,'moresmile',settings)
} 

function show_smilies(sender)
{
    if(sender)
    {
      var getStyle = document.getElementById('tools').style.visibility;
      if(getStyle == "visible")
        document.getElementById('tools').style.visibility = "hidden";
      else
        document.getElementById('tools').style.visibility = "visible";
    }
    else
    {
        document.getElementById('tools').style.visibility = "hidden";
    }

} 

function bbshout(repdeb, repfin) {
  var input = document.forms['shoutboxform'].elements['message'];
  input.focus();
  if(typeof document.selection != 'undefined') {
    var range = document.selection.createRange();
    var insText = range.text;
    range.text = repdeb + insText + repfin;
    range = document.selection.createRange();
    if (insText.length == 0) {
      range.move('character', -repfin.length);
    } else {
      range.moveStart('character', repdeb.length + insText.length + repfin.length);
    }
    range.select();
  }
  else if(typeof input.selectionStart != 'undefined')
  {
    var start = input.selectionStart;
    var end = input.selectionEnd;
    var insText = input.value.substring(start, end);
    input.value = input.value.substr(0, start) + repdeb + insText + repfin + input.value.substr(end);
    var pos;
    if (insText.length == 0) {
      pos = start + repdeb.length;
    } else {
      pos = start + repdeb.length + insText.length + repfin.length;
    }
    input.selectionStart = pos;
    input.selectionEnd = pos;
  }
  else
  {
    var pos;
    var re = new RegExp('^[0-9]{0,3}$');
    while(!re.test(pos)) {
      pos = prompt("Insertion à la position (0.." + input.value.length + "):", "0");
    }
    if(pos > input.value.length) {
      pos = input.value.length;
    }
    var insText = prompt("Veuillez entrer le texte à formater:");
    input.value = input.value.substr(0, pos) + repdeb + insText + repfin + input.value.substr(pos);
  }
}
function bbcolor() {
    var colorvalue = document.forms['shoutboxform'].elements['color'].value;
    bbshout("[color="+colorvalue+"]", "[/color]");
}
function bbfont() {
    var fontvalue = document.forms['shoutboxform'].elements['font'].value;
    bbshout("[font="+fontvalue+"]", "[/font]");
} 
 
</script>

<?

//DELETE MESSAGES
if (isset($_GET['del'])){

	if (is_numeric($_GET['del'])){
		$query = "SELECT * FROM shoutbox WHERE msgid=".$_GET['del'] ;
		$result = mysql_query($query);
	}else{
		echo "invalid msg id STOP TRYING TO INJECT SQL";
		exit;
	}

	$row = mysql_fetch_row($result);
		
	if ( ($CURUSER["edit_users"]=="yes") || ($CURUSER['username'] == $row[1]) ){	
		$query = "DELETE FROM shoutbox WHERE msgid=".$_GET['del'] ;
		write_log("<B><font color=orange>Shout Deleted: </font> Deleted by   ".$CURUSER['username']."</b>");
		mysql_query($query);	
	}
}

//INSERT MESSAGE
if (!empty($_POST['message']) && $CURUSER) {	
	$_POST['message'] = sqlesc($_POST['message']);
	$query = "SELECT COUNT(*) FROM shoutbox WHERE message=".$_POST['message']." AND user='".$CURUSER['username']."' AND UNIX_TIMESTAMP('".get_date_time()."')-UNIX_TIMESTAMP(date) < 30";
	$result = mysql_query($query);
	$row = mysql_fetch_row($result);

	if ($row[0] == '0') {
		$query = "INSERT INTO shoutbox (msgid, user, message, date, userid) VALUES (NULL, '".$CURUSER['username']."', ".$_POST['message'].", '".get_date_time()."', '".$CURUSER['id']."')";
		mysql_query($query);
	}
}

if(!isset($_GET['history'])){ 
?>
<HTML>
<HEAD>
<TITLE><?=$site_config['SITENAME']?>Shoutbox</TITLE>
<META HTTP-EQUIV="refresh" content="120">
<link rel="stylesheet" type="text/css" href="<?=$site_config['SITEURL']?>/themes/<?=$THEME?>/css/theme.css" />
<script type="text/javascript" src="<?= $site_config["SITEURL"]; ?>/js/overlib.js"></script> 
</HEAD>
<body class="shoutbox_body">
<?
	echo '<div class="shoutbox_contain"><table border="0" style="width: 99%; table-layout:fixed">';
}else{
	stdhead();
	begin_frame("Shoutbox History");
	echo '<div class="shoutbox_history">';

	$query = 'SELECT COUNT(*) FROM shoutbox';
	$result = mysql_query($query);
	$row = mysql_fetch_row($result);
	echo '<div align="middle">Pages: ';
	$pages = round($row[0] / 100) + 1;
	$i = 1;
	while ($pages > 0){
		echo "<a href='".$site_config['SITEURL']."/shoutbox.php?history=1&page=".$i."'>[".$i."]</a>&nbsp;";
		$i++;
		$pages--;
	}

	echo '</div></br><table border="0" background="#ffffff" style="width: 99%; table-layout:fixed">';
}

if (isset($_GET['history'])) {
	if (isset($_GET['page'])) {
		if($_GET['page'] > '1') {
			$lowerlimit = $_GET['page'] * 100 - 100;
			$upperlimit = $_GET['page'] * 100;
		}else{
			$lowerlimit = 0;
			$upperlimit = 100;
		}
	}else{
		$lowerlimit = 0;
		$upperlimit = 100;
	}	
	$query = 'SELECT * FROM shoutbox ORDER BY msgid DESC LIMIT '.$lowerlimit.','.$upperlimit;
}else{
	$query = 'SELECT * FROM shoutbox ORDER BY msgid DESC LIMIT 20';
}

if ($CURUSER){
        $res = mysql_query("SELECT COUNT(*) FROM messages WHERE receiver=" . $CURUSER["id"] . " and unread='yes' AND location IN ('in','both')") or print(mysql_error());
        $arr = mysql_fetch_row($res);
        $unreadmail = $arr[0];
        if ($unreadmail){
            print("<div align=center><blink><img src=\"images/mail/newmess.gif\"><br>[<a target=_parent href=mailbox.php?inbox>$unreadmail</a>]</blink></div></b></a></font><embed src='images/error/newpm.swf' autostart='true' width='0' height='0' hidden='true'>&nbsp;&nbsp;");
}
}

$result = mysql_query($query);
$alt = false;

while ($row = mysql_fetch_assoc($result)) {
	if ($alt){	
		echo '<tr class="shoutbox_noalt">';
		$alt = false;
	}else{
		echo '<tr class="shoutbox_alt">';
		$alt = true;
	}

	echo '<td style="font-size: 9px; width: 15%;">';
	echo "<div align='left' style='float: left'>";

	echo date('jS M, H:i:s', utc_to_tz_time($row['date']));
	

	echo "</div>";
$action =  $CURUSER["edit_users"]=="yes" || $CURUSER['username'] == $row['user'] ? "<a href='".$site_config['SITEURL']."/shoutedit.php?action=edit&msgid=".$row['msgid']."' target='_blank'><img src=\"".$site_config['SITEURL']."/images/buttons/edit.png\" border=\"0\" title=\"Edit this message\"></a>&nbsp;&nbsp;<a href='".$site_config['SITEURL']."/shoutbox.php?del=".$row['msgid']."'><img src=\"".$site_config['SITEURL']."/images/buttons/delete.png\" border=\"0\" title=\"Delete this message\"></a>" : ""; 
$UClass=@mysql_fetch_array(@mysql_query("SELECT Color, level,  username, avatar, added, uploaded, downloaded, privacy, age, client, donated FROM users JOIN groups ON users.class=groups.group_id WHERE users.id='$row[userid]'"));
$avatar2 = htmlspecialchars($UClass["avatar"]);
if (!$avatar2) {
$avatar2 = "".$site_config["SITEURL"]."/themes/$THEME/images/avatars/default_avatar.gif";
} 
if ($UClass["privacy"] != "strong" && $row["userid"] != 0) {
$user = "<font color=\"$UClass[Color]\" onMouseover=\"return overlib('<table width=100% class=ttable_col1 cellspacing=0 cellpadding=5 align=center><tr><td class=ttable_head colspan=2 align=center>".$row["user"]."</td></tr><tr valign=top><td><div align=center><img src=$avatar2 width=120 height=120><br /><div align=left><b>Class: </b>" . $UClass["level"] ."<br /></div><div align=left><b>Joined: </b>" . htmlspecialchars(utc_to_tz($UClass["added"])) ."<br /></div><div align=left><b>Uploaded: </b>" . mksize($UClass["uploaded"]) ."<br /></div><div align=left><b>Downloaded: </b>" . mksize($UClass["downloaded"]) ."<br /><b>Donated: </b>" . $UClass["donated"] ."&nbsp;$<br /><b>Age: </b>" . $UClass["age"] ."<br /><b>Client: </b>" . $UClass["client"] ."</td></tr></table>')\"; onMouseout=\"return nd()\">$row[user]</font>\n";
} else{
$user =  "<font color=\"$UClass[Color]\" onMouseover=\"return overlib('<table width=100% class=ttable_col1 cellspacing=0 cellpadding=5 align=center><tr><td class=ttable_head colspan=2 align=center>".$row["user"]."</td></tr><tr valign=top><td><div align=center><B>This member has selected<br> to keep their details private</B></td></tr></table>')\"; onMouseout=\"return nd()\">$row[user]</font>\n";                                                                                                                                                                                                   
} 
$donor = $UClass["donated"] > 0 ? "<img src=".$site_config['SITEURL']."/images/users/money.png title='Donor'>" : "";
$mail = $CURUSER['username'] == $row['user'] ? "" : '<a href=mailbox.php?compose&id='.$row['userid'].' target="_parent"><img src="'.$site_config['SITEURL'].'/images/buttons/pm.png" border="0" title="Send PM"></a>';   
    echo    '</td><td style="font-size: 12px; padding-left: 5px"><a href="'.$site_config['SITEURL'].'/account-details.php?id='.$row['userid'].'" target="_parent"><b>' .$user. '</b></a>&nbsp;'.$donor.'&nbsp;'.$mail.'&nbsp;:&nbsp;'."<font color=\"$UClass[Color]\">".nl2br(format_comment($row['message']))."</font>&nbsp;&nbsp;&nbsp;$action";
    echo    '</td></tr>';
}
?>

</table>
</div>
<br>

<?

//if the user is logged in, show the shoutbox, if not, dont.
if(!isset($_GET['history'])) {
	if (isset($CURUSER)){
		echo "<form name='shoutboxform' action='".$site_config['SITEURL']."/shoutbox.php' method='post'>";
		echo "<CENTER><table width=100% border=0 cellpadding=1 cellspacing=1>";
		echo "<tr class='shoutbox_messageboxback'>";
		echo "<td width='100%' align=center>";
		echo "<input type='text' name='message' class='shoutbox_msgbox'>";
		echo "</td>";
		echo "<td>";
		echo "<input type='submit' name='submit' value='Shout' class='shoutbox_shoutbtn'>";
		echo "</td>";
		echo "</tr></table>";?>
      <div id="tools">
<?

       $res_smilies = mysql_query("select * from smilies");
       $count = 0;
       echo "<table cellspacing=1 border=0 cellpadding=1>\n<tr>";
           while($row_smilies = mysql_fetch_array($res_smilies))
        {
            if($count == 4)
            {
                echo "</tr><tr>";
                $count=0;
            }
            echo "\n<td align='center' width='35'>\n <a href='#' alt='".$row_smilies['image_code']."' onclick=\"SmileIT('".($row_smilies['image_code'])."','shoutboxform','message');\" border=\"0\"><img src=\"images/smilies/".$row_smilies['id'].".gif\" border=\"0\"></a>\n</td>";
            $count ++;
        }
        echo "</table></div>"; 
		echo "<td align=center>";
        echo "<a href=\"#\" onclick=\"show_smilies('tool')\"><img src=\"images/smilies/1.gif\" border=\"0\"></a>";
        echo " - <a href=\"javascript: PopMoreSmiles('shoutboxform','message','450','400','yes')\"><b>More Smiles</b></a></td> - ";
        echo "<td>
<select name='color' size='0.5' onChange=\"javascript:bbcolor()\">
<option selected='selected'>COLOR</option>
<option value=skyblue style=color:skyblue>sky blue</option>
<option value=royalblue style=color:royalblue>royal blue</option>
<option value=blue style=color:blue>blue</option>
<option value=darkblue style=color:darkblue>dark-blue</option>
<option value=orange style=color:orange>orange</option>
<option value=orangered style=color:orangered>orange-red</option>
<option value=crimson style=color:crimson>crimson</option>
<option value=red style=color:red>red</option>
<option value=firebrick style=color:firebrick>firebrick</option>
<option value=darkred style=color:darkred>dark red</option>
<option value=green style=color:green>green</option>
<option value=limegreen style=color:limegreen>limegreen</option>
<option value=seagreen style=color:seagreen>sea-green</option>
<option value=deeppink style=color:deeppink>deeppink</option>
<option value=tomato style=color:tomato>tomato</option>
<option value=coral style=color:coral>coral</option>
<option value=purple style=color:purple>purple</option>
<option value=indigo style=color:indigo>indigo</option>
<option value=burlywood style=color:burlywood>burlywood</option>
<option value=sandybrown style=color:sandybrown>sandy brown</option>
<option value=sienna style=color:sienna>sienna</option>
<option value=chocolate style=color:chocolate>chocolate</option>
<option value=teal style=color:teal>teal</option>
<option value=silver style=color:silver>silver</option>
</select></td>";
		echo "<td> - <a href='shoutbox.php'><b>Refresh</b></a>";
		echo " - <a href='".$site_config['SITEURL']."/shoutbox.php?history=1' target=_blank><b>History</b></a>";
		echo "</td>";
		echo "</tr>";
		echo "</table></CENTER>";
		echo "</form>";
	}else{
		echo "<br /><div class='shoutbox_error'>You must login to shout.</div>";
	}
}

if(!isset($_GET['history'])){ 
	echo "</BODY></HTML>";
}else{
	end_frame();
	stdfoot();
}


}//END IF $SHOUTBOX
else{
	echo "Shoubox is disabled. Please do not direct link here";
}
?>
Return current item: H-tracker