Location: PHPKode > projects > PBBoard > PBBoard_v2.1.4/Upload/modules/visitormessage.module.php
<?php
session_start();
(!defined('IN_PowerBB')) ? die() : '';

$CALL_SYSTEM					=	array();
$CALL_SYSTEM['VISITORMESSAGE'] 		= 	true;

define('JAVASCRIPT_PowerCode',true);

include('common.php');

define('CLASS_NAME','PowerBBVisitorMessageMOD');

class PowerBBVisitorMessageMOD
{
	function run()
	{
		global $PowerBB;

		/** ADD Visitor Message **/

		if ($PowerBB->_CONF['info_row']['active_visitor_message'] == '1')
		{

			if ($PowerBB->_GET['del'])
			{
	          $this->_StartDelVisitorMessage();
			}
			if ($PowerBB->_GET['edit'])
			{
	          $this->_EditVisitorMessage();
			}
			if ($PowerBB->_GET['start_edit'])
			{
	          $this->_StartEditVisitorMessage();
			}
			if ($PowerBB->_GET['add_visitor_message'])
			{
			  $this->_StartAddVisitorMessage();
			}

		}
		else
		{
			$PowerBB->functions->ShowHeader();
			$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['Sorry_you_This feature was disabled']);
			$PowerBB->functions->GetFooter();
		}

	}



    function _StartDelVisitorMessage()
	{
		global $PowerBB;

		$PowerBB->functions->ShowHeader($PowerBB->_CONF['template']['lang']['deletion_process']);

		if (empty($PowerBB->_POST['check']))
		{
			$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['You_do_not_select_any_visitormessage']);
		}


       $VisitorMessage_D = $PowerBB->_POST['check'];


       foreach ($VisitorMessage_D as $VisitorMessage)
       {

				// Delete Visitor Message from database
				$DelVisitorMessage 							= 	array();
				$DelVisitorMessage['name'] 	        		=  	'id';
		        $DelVisitorMessage['where'] 		    	= 	array('id',intval($VisitorMessage));

				$DeleteVisitorMessage = $PowerBB->visitormessage->DeleteVisitorMessage($DelVisitorMessage);

       }


                $PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['del_visitormessage_successfully']);
				$PowerBB->functions->redirect('index.php?page=profile&show=1&id='.$PowerBB->_GET['id']);
                $PowerBB->functions->GetFooter();

	}

    function _EditVisitorMessage()
	{
		global $PowerBB;

		$PowerBB->functions->ShowHeader();
		$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
		if (empty($PowerBB->_GET['id']))
		{
			$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
		}

		if (!$PowerBB->visitormessage->IsVisitorMessage(array('where' => array('id',$PowerBB->_GET['id']))))
		{
			$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
		}
		$SmlArr 					= 	array();
		$SmlArr['order'] 			=	array();
		$SmlArr['order']['field']	=	'id';
		$SmlArr['order']['type']	=	'ASC';
		$SmlArr['limit']			=	$PowerBB->_CONF['info_row']['smiles_nm'];
		$SmlArr['proc'] 			= 	array();
		$SmlArr['proc']['*'] 		= 	array('method'=>'clean','param'=>'html');

		$PowerBB->_CONF['template']['while']['SmileRows'] = $PowerBB->icon->GetSmileList($SmlArr);

		$VisitorMessageArr 			= 	array();
		$VisitorMessageArr['where'] 	= 	array('id',$PowerBB->_GET['id']);

		$VisitorMessageinfo = $PowerBB->visitormessage->GetVisitorMessageInfo($VisitorMessageArr);

		$MemberArr 			= 	array();
		$MemberArr['where'] 	= 	array('id',$VisitorMessageinfo['userid']);

		$MemberInfo = $PowerBB->member->GetMemberInfo($MemberArr);
        $PowerBB->template->assign('username',$MemberInfo['username']);
        $PowerBB->template->assign('visitormessageinfo',$VisitorMessageinfo);
        $VisitorMessageinfo['pagetext'] = str_ireplace('&amp;',"&",$VisitorMessageinfo['pagetext']);
        $VisitorMessageinfo['pagetext'] = str_replace('&quot;','',$VisitorMessageinfo['pagetext']);
		$PowerBB->template->assign('pagetext',$VisitorMessageinfo['pagetext']);

      $show1 = ($PowerBB->_CONF['member_row']['id'] == $VisitorMessageinfo['postuserid']);
      $show2 = ($PowerBB->_CONF['member_row']['id'] == $VisitorMessageinfo['userid']);
      if ($show2)
      {
			$PowerBB->template->display('visitormessage_edit');
			$PowerBB->functions->GetFooter();
      }
      elseif ($PowerBB->_CONF['group_info']['admincp_allow'])
      {
			$PowerBB->template->display('visitormessage_edit');
			$PowerBB->functions->GetFooter();
      }
      elseif ($show1)
      {
			$PowerBB->template->display('visitormessage_edit');
			$PowerBB->functions->GetFooter();
      }
      else
      {
	    $PowerBB->functions->error($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
      }


	}

    function _StartEditVisitorMessage()
	{
		global $PowerBB;

		$PowerBB->functions->ShowHeader($PowerBB->_CONF['template']['lang']['deletion_process']);

		$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
		if (empty($PowerBB->_GET['id']))
		{
			$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
		}
			if (!$PowerBB->_CONF['group_info']['visitormessage'])
			{
				$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
			}
		if (!$PowerBB->visitormessage->IsVisitorMessage(array('where' => array('id',$PowerBB->_GET['id']))))
		{
			$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
		}

			// Kill SQL Injection
            $PowerBB->_POST['text'] 	= 	$PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'sql');

            $PowerBB->_POST['text'] = str_ireplace('{39}',"'",$PowerBB->_POST['text']);
            $PowerBB->_POST['text'] = str_ireplace('cookie','**',$PowerBB->_POST['text']);
            $PowerBB->_POST['text'] = str_ireplace('&amp;',"&",$PowerBB->_POST['text']);
            $PowerBB->_POST['text'] = str_replace('&quot;','',$PowerBB->_POST['text']);
            //


    		if (isset($PowerBB->_POST['text']{$PowerBB->_CONF['info_row']['visitor_message_chars']}))
    		{
                 $PowerBB->functions->error($PowerBB->_CONF['template']['lang']['visitor_message_large_number_of_characters']);
             }


			$UpdateArr 				= 	array();
			$UpdateArr['field']		=	array();

			 $UpdateArr['field']['pagetext'] 				= 	$PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'html');
		     $UpdateArr['where'] 						= 	array('id',$PowerBB->_GET['id']);

			$update = $PowerBB->visitormessage->UpdateVisitorMessage($UpdateArr);

            $PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['EditVisitorMessage_successfully']);
            $PowerBB->functions->redirect('index.php?page=profile&show=1&id='.$PowerBB->_POST['userid']);
            $PowerBB->functions->GetFooter();

	}

	/**
	 * Start Add VisitorMessage
	 */
	function _StartAddVisitorMessage()
	{

		global $PowerBB;
		$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
		if (empty($PowerBB->_GET['id']))
		{
			echo ('<script type="text/javascript">comm._toggle(); </script>');
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
		}
		$MemberArr 				= 	array();
		$MemberArr['where']		=	array('id',$PowerBB->_GET['id']);

		$member = $PowerBB->member->GetMemberInfo($MemberArr);

			if (!$PowerBB->_CONF['group_info']['visitormessage'])
			{
				echo ('<script type="text/javascript">comm._toggle(); </script>');
				$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
			}

			if (!$member['visitormessage'])
			{
				echo ('<script type="text/javascript">comm._toggle(); </script>');
				$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
			}

			if (empty($PowerBB->_POST['text']))
			{
				echo ('<script type="text/javascript">comm._toggle(); </script>');
				$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Please_write_the_visitor_message']);
			}
                //IsFlood
				$writer_postusername = $PowerBB->_CONF['member_row']['username'];
                $last_visitormessage_write_time = $PowerBB->DB->sql_query("SELECT  *   FROM " . $PowerBB->table['visitormessage'] . " WHERE postusername= '$writer_postusername' ORDER BY id desc");
                $last_visitormessage_time = $PowerBB->DB->sql_fetch_array($last_visitormessage_write_time);
	            if ((time() - $PowerBB->_CONF['info_row']['floodctrl']) <= $last_visitormessage_time['dateline'])
	            {
				$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['floodctrl']);

				}

         if(md5($PowerBB->_POST['code_confirm']) != $_SESSION['key'] and !$PowerBB->_CONF['member_permission'])
		 {
          $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Code_that_you_enter_the_wrong']);
	     }

			// Kill XSS
			$PowerBB->_POST['text'] 	= 	$PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'html');
			// Kill SQL Injection
              $PowerBB->_POST['text'] 	= 	$PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'sql');


            $PowerBB->_POST['text'] = str_ireplace('{39}',"'",$PowerBB->_POST['text']);
            $PowerBB->_POST['text'] = str_ireplace('cookie','**',$PowerBB->_POST['text']);
            $PowerBB->_POST['text'] = str_ireplace('&amp;',"&",$PowerBB->_POST['text']);
            $PowerBB->_POST['text'] = str_replace('&quot;','',$PowerBB->_POST['text']);

            //

    		if (isset($PowerBB->_POST['text']{$PowerBB->_CONF['info_row']['visitor_message_chars']}))
    		{
                 echo ('<script type="text/javascript">comm._toggle(); </script>');
                 $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['visitor_message_large_number_of_characters']);
             }

            if ($PowerBB->_GET['id'] == $PowerBB->_CONF['member_row']['id'])
    		{
               $messageread 	    = 	'0';
             }
			else
			{
               $messageread 	    = 	'1';
			}

			$VisitorMessageArr 			= 	array();
			$VisitorMessageArr['field']	=	array();

			$VisitorMessageArr['field']['pagetext'] 		= 	$PowerBB->_POST['text'];
			$VisitorMessageArr['field']['postusername'] 	= 	$PowerBB->_CONF['member_row']['username'];
			$VisitorMessageArr['field']['postuserid']    	= 	$PowerBB->_CONF['member_row']['id'];
			$VisitorMessageArr['field']['dateline'] 	    = 	$PowerBB->_CONF['now'];
			$VisitorMessageArr['field']['userid'] 	        = 	$PowerBB->_GET['id'];
			$VisitorMessageArr['field']['ipaddress'] 	    = 	$PowerBB->_CONF['ip'];
            $VisitorMessageArr['field']['messageread'] 	    = 	$messageread;


			$insert = $PowerBB->visitormessage->InsertVisitorMessage($VisitorMessageArr);

			if ($insert)
			{
			echo ('<SCRIPT LANGUAGE="JavaScript">window.location="index.php?page=profile&show=1&id='.$PowerBB->_GET['id'].'";</script>');
			//echo ('<SCRIPT LANGUAGE="JavaScript">window.opener.location="index.php";window.close(true)</script>');

			}

	}

}

?>
Return current item: PBBoard