<?php
session_start();
(!defined('IN_PowerBB')) ? die() : '';
$CALL_SYSTEM = array();
$CALL_SYSTEM['VISITORMESSAGE'] = true;
define('JAVASCRIPT_PowerCode',true);
include('common.php');
define('CLASS_NAME','PowerBBVisitorMessageMOD');
class PowerBBVisitorMessageMOD
{
function run()
{
global $PowerBB;
/** ADD Visitor Message **/
if ($PowerBB->_CONF['info_row']['active_visitor_message'] == '1')
{
if ($PowerBB->_GET['del'])
{
$this->_StartDelVisitorMessage();
}
if ($PowerBB->_GET['edit'])
{
$this->_EditVisitorMessage();
}
if ($PowerBB->_GET['start_edit'])
{
$this->_StartEditVisitorMessage();
}
if ($PowerBB->_GET['add_visitor_message'])
{
$this->_StartAddVisitorMessage();
}
}
else
{
$PowerBB->functions->ShowHeader();
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['Sorry_you_This feature was disabled']);
$PowerBB->functions->GetFooter();
}
}
function _StartDelVisitorMessage()
{
global $PowerBB;
$PowerBB->functions->ShowHeader($PowerBB->_CONF['template']['lang']['deletion_process']);
if (empty($PowerBB->_POST['check']))
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['You_do_not_select_any_visitormessage']);
}
$VisitorMessage_D = $PowerBB->_POST['check'];
foreach ($VisitorMessage_D as $VisitorMessage)
{
// Delete Visitor Message from database
$DelVisitorMessage = array();
$DelVisitorMessage['name'] = 'id';
$DelVisitorMessage['where'] = array('id',intval($VisitorMessage));
$DeleteVisitorMessage = $PowerBB->visitormessage->DeleteVisitorMessage($DelVisitorMessage);
}
$PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['del_visitormessage_successfully']);
$PowerBB->functions->redirect('index.php?page=profile&show=1&id='.$PowerBB->_GET['id']);
$PowerBB->functions->GetFooter();
}
function _EditVisitorMessage()
{
global $PowerBB;
$PowerBB->functions->ShowHeader();
$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
if (empty($PowerBB->_GET['id']))
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
}
if (!$PowerBB->visitormessage->IsVisitorMessage(array('where' => array('id',$PowerBB->_GET['id']))))
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
}
$SmlArr = array();
$SmlArr['order'] = array();
$SmlArr['order']['field'] = 'id';
$SmlArr['order']['type'] = 'ASC';
$SmlArr['limit'] = $PowerBB->_CONF['info_row']['smiles_nm'];
$SmlArr['proc'] = array();
$SmlArr['proc']['*'] = array('method'=>'clean','param'=>'html');
$PowerBB->_CONF['template']['while']['SmileRows'] = $PowerBB->icon->GetSmileList($SmlArr);
$VisitorMessageArr = array();
$VisitorMessageArr['where'] = array('id',$PowerBB->_GET['id']);
$VisitorMessageinfo = $PowerBB->visitormessage->GetVisitorMessageInfo($VisitorMessageArr);
$MemberArr = array();
$MemberArr['where'] = array('id',$VisitorMessageinfo['userid']);
$MemberInfo = $PowerBB->member->GetMemberInfo($MemberArr);
$PowerBB->template->assign('username',$MemberInfo['username']);
$PowerBB->template->assign('visitormessageinfo',$VisitorMessageinfo);
$VisitorMessageinfo['pagetext'] = str_ireplace('&',"&",$VisitorMessageinfo['pagetext']);
$VisitorMessageinfo['pagetext'] = str_replace('"','',$VisitorMessageinfo['pagetext']);
$PowerBB->template->assign('pagetext',$VisitorMessageinfo['pagetext']);
$show1 = ($PowerBB->_CONF['member_row']['id'] == $VisitorMessageinfo['postuserid']);
$show2 = ($PowerBB->_CONF['member_row']['id'] == $VisitorMessageinfo['userid']);
if ($show2)
{
$PowerBB->template->display('visitormessage_edit');
$PowerBB->functions->GetFooter();
}
elseif ($PowerBB->_CONF['group_info']['admincp_allow'])
{
$PowerBB->template->display('visitormessage_edit');
$PowerBB->functions->GetFooter();
}
elseif ($show1)
{
$PowerBB->template->display('visitormessage_edit');
$PowerBB->functions->GetFooter();
}
else
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
}
}
function _StartEditVisitorMessage()
{
global $PowerBB;
$PowerBB->functions->ShowHeader($PowerBB->_CONF['template']['lang']['deletion_process']);
$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
if (empty($PowerBB->_GET['id']))
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
}
if (!$PowerBB->_CONF['group_info']['visitormessage'])
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
}
if (!$PowerBB->visitormessage->IsVisitorMessage(array('where' => array('id',$PowerBB->_GET['id']))))
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['path_not_true']);
}
// Kill SQL Injection
$PowerBB->_POST['text'] = $PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'sql');
$PowerBB->_POST['text'] = str_ireplace('{39}',"'",$PowerBB->_POST['text']);
$PowerBB->_POST['text'] = str_ireplace('cookie','**',$PowerBB->_POST['text']);
$PowerBB->_POST['text'] = str_ireplace('&',"&",$PowerBB->_POST['text']);
$PowerBB->_POST['text'] = str_replace('"','',$PowerBB->_POST['text']);
//
if (isset($PowerBB->_POST['text']{$PowerBB->_CONF['info_row']['visitor_message_chars']}))
{
$PowerBB->functions->error($PowerBB->_CONF['template']['lang']['visitor_message_large_number_of_characters']);
}
$UpdateArr = array();
$UpdateArr['field'] = array();
$UpdateArr['field']['pagetext'] = $PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'html');
$UpdateArr['where'] = array('id',$PowerBB->_GET['id']);
$update = $PowerBB->visitormessage->UpdateVisitorMessage($UpdateArr);
$PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['EditVisitorMessage_successfully']);
$PowerBB->functions->redirect('index.php?page=profile&show=1&id='.$PowerBB->_POST['userid']);
$PowerBB->functions->GetFooter();
}
/**
* Start Add VisitorMessage
*/
function _StartAddVisitorMessage()
{
global $PowerBB;
$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
if (empty($PowerBB->_GET['id']))
{
echo ('<script type="text/javascript">comm._toggle(); </script>');
$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
}
$MemberArr = array();
$MemberArr['where'] = array('id',$PowerBB->_GET['id']);
$member = $PowerBB->member->GetMemberInfo($MemberArr);
if (!$PowerBB->_CONF['group_info']['visitormessage'])
{
echo ('<script type="text/javascript">comm._toggle(); </script>');
$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
}
if (!$member['visitormessage'])
{
echo ('<script type="text/javascript">comm._toggle(); </script>');
$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Sorry_You_do_not_have_powers_to_access_this_page']);
}
if (empty($PowerBB->_POST['text']))
{
echo ('<script type="text/javascript">comm._toggle(); </script>');
$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Please_write_the_visitor_message']);
}
//IsFlood
$writer_postusername = $PowerBB->_CONF['member_row']['username'];
$last_visitormessage_write_time = $PowerBB->DB->sql_query("SELECT * FROM " . $PowerBB->table['visitormessage'] . " WHERE postusername= '$writer_postusername' ORDER BY id desc");
$last_visitormessage_time = $PowerBB->DB->sql_fetch_array($last_visitormessage_write_time);
if ((time() - $PowerBB->_CONF['info_row']['floodctrl']) <= $last_visitormessage_time['dateline'])
{
$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['floodctrl']);
}
if(md5($PowerBB->_POST['code_confirm']) != $_SESSION['key'] and !$PowerBB->_CONF['member_permission'])
{
$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Code_that_you_enter_the_wrong']);
}
// Kill XSS
$PowerBB->_POST['text'] = $PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'html');
// Kill SQL Injection
$PowerBB->_POST['text'] = $PowerBB->functions->CleanVariable($PowerBB->_POST['text'],'sql');
$PowerBB->_POST['text'] = str_ireplace('{39}',"'",$PowerBB->_POST['text']);
$PowerBB->_POST['text'] = str_ireplace('cookie','**',$PowerBB->_POST['text']);
$PowerBB->_POST['text'] = str_ireplace('&',"&",$PowerBB->_POST['text']);
$PowerBB->_POST['text'] = str_replace('"','',$PowerBB->_POST['text']);
//
if (isset($PowerBB->_POST['text']{$PowerBB->_CONF['info_row']['visitor_message_chars']}))
{
echo ('<script type="text/javascript">comm._toggle(); </script>');
$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['visitor_message_large_number_of_characters']);
}
if ($PowerBB->_GET['id'] == $PowerBB->_CONF['member_row']['id'])
{
$messageread = '0';
}
else
{
$messageread = '1';
}
$VisitorMessageArr = array();
$VisitorMessageArr['field'] = array();
$VisitorMessageArr['field']['pagetext'] = $PowerBB->_POST['text'];
$VisitorMessageArr['field']['postusername'] = $PowerBB->_CONF['member_row']['username'];
$VisitorMessageArr['field']['postuserid'] = $PowerBB->_CONF['member_row']['id'];
$VisitorMessageArr['field']['dateline'] = $PowerBB->_CONF['now'];
$VisitorMessageArr['field']['userid'] = $PowerBB->_GET['id'];
$VisitorMessageArr['field']['ipaddress'] = $PowerBB->_CONF['ip'];
$VisitorMessageArr['field']['messageread'] = $messageread;
$insert = $PowerBB->visitormessage->InsertVisitorMessage($VisitorMessageArr);
if ($insert)
{
echo ('<SCRIPT LANGUAGE="JavaScript">window.location="index.php?page=profile&show=1&id='.$PowerBB->_GET['id'].'";</script>');
//echo ('<SCRIPT LANGUAGE="JavaScript">window.opener.location="index.php";window.close(true)</script>');
}
}
}
?>