Location: PHPKode > scripts > Ramui web hosting directory script > Ramui web hosting directory script/gb/user/include/clspost.php
<?php
/*
Copyright (c) 2011 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class post extends clslogin
{
private function add_post()
{
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script>';
		$title='Add new post';
		$max=sprintf("%d",$this->site['postsize']);
		$menu=$this->get_menu();
		include "include/head.php";
		include "include/add_post.php";
		include "include/footer.html";
}
private function edit_post($id)
{
		if(!($this->site['allowedit'])){@header("Location: index.php");exit;}
		$query=sprintf("SELECT* FROM ".$this->prefix."post WHERE id = %d AND locked <> 'Y' AND publish = 'Y' AND uid = %d",$id,$this->uid);
		$result=@mysql_query($query);
		$num=@mysql_num_rows($result);
        if($num<1){$loc='../../index.php';@header("Location: $loc");exit;}
		$row =@mysql_fetch_array($result, MYSQL_ASSOC);
		$title=$row['title'];
		$max=sprintf("%d",$this->site['postsize']);
		$menu=$this->get_menu();
		$scriptfile='<script type="text/javascript" src="../script/comment.js"></script><script>var pid='.$id.';</script>';
		include "include/head.php";
		include "include/add_post.php";
		include "include/footer.html";
}
private function verify_url(&$response,$url,$id='')
{
		$arr=parse_url(strtolower($url));
		if(($arr===false)||(empty($arr['host']))){$response='<span style="color:red; background-color:white;">Bad URL! Please enter correct url.</span>';return false;}
		$scheme=empty($arr['scheme'])? 'http' : $arr['scheme'];
		$u=(strpos($arr['host'],'www.')===0)? substr($arr['host'],4) : $arr['host'];
		$w=$scheme.'://www.'.$u;
		$u=$scheme.'://'.$u;
		$query=sprintf("SELECT id FROM ".$this->prefix."post WHERE (url LIKE '%s%%' OR url LIKE '%s%%')",mysql_real_escape_string($u),mysql_real_escape_string($w));
		if(!empty($id)){$query.=sprintf(" AND id <> %d",$id);}
		$result=@mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if(!empty($row['id'])){$response='<span style="color:red; background-color:white;">Domain already exists!</span>&nbsp;&nbsp;<a href="http://'.getenv('HTTP_HOST').fw_get_docroot().'index.php?pid='.$row['id'].'">http://'.getenv('HTTP_HOST').fw_get_docroot().'index.php?pid='.$row['id'].'</a>';return false;}
		$url=$scheme.'://'.$arr['host']; return true;
}
private function save_post($id='')
{
        if((!($this->site['allowedit']))&&(!empty($id))){
			$query=sprintf("SELECT date FROM ".$this->prefix."post WHERE id = %d",$id);
			$result=@mysql_query($query);
			$row = @mysql_fetch_array($result, MYSQL_ASSOC);
			if(empty($row['date'])||($row['date']<(time()-900))){echo '<span style="color:red; background-color:white;">Sorry! this board doesn\'t allow you to edit your post</span>';exit;}
		}
		if((empty($_SESSION['fw_captcha_code']))||(md5($_POST['fw_captcha_code'])!==($_SESSION['fw_captcha_code']))){
            echo '<span style="color:red; background-color:white;">Error! wrong verification code. Please try again.</span>';
            exit;}
		$title=trim(fw_strip_slashes(rawurldecode($_POST["title"])));
		$title=htmlspecialchars(fw_remove_smarttag($title));
		$content=trim(fw_strip_slashes(rawurldecode($_POST["content"])));
		$content=fw_remove_smarttag($content);
		$content_text=fw_bb2text($content);
		$url=trim(fw_strip_slashes(rawurldecode($_POST["url"])));
		$response='';
		if(!($this->verify_url($response,$url,$id))){echo $response;exit;}
		$bw=trim(fw_strip_slashes(rawurldecode($_POST["bw"])));
		$usd=trim(fw_strip_slashes(rawurldecode($_POST["usd"])));
		$space=trim(fw_strip_slashes(rawurldecode($_POST["space"])));
		$uptime=trim(fw_strip_slashes(rawurldecode($_POST["uptime"])));
		$noofdomain=trim(fw_strip_slashes(rawurldecode($_POST["noofdomain"])));
		$server=$_POST['server'];
		$freedomain=(empty($_POST["freedomain"])? 0 : 1);
		$autolink=(empty($_POST["autolink"])? 0 : 1);
		$dt=time();
		$publish=(($this->site['approval']=='A')? 'Y':'');
		$max_size=$this->site['postsize'];
		if((strlen($content)>$max_size)||(strlen($title)>80)){echo '<span style="color:red; background-color:white;">Unespected error! Please try again.</span>';exit;}
		$description=trim(fw_strip_slashes(rawurldecode($_POST["description"])));
		$tags=trim(fw_strip_slashes(rawurldecode($_POST["tags"])));
		$description=htmlspecialchars(fw_remove_smarttag($description));
		$description=str_replace("\n"," ",str_replace("\r","",$description));
		$tags=htmlspecialchars(fw_remove_smarttag($tags));
		if((strlen($description)>250)||(strlen($tags)>250)){echo '<span style="color:red; background-color:white;">Unespected error! Please try again.</span>';exit;}
		$query="INSERT INTO ".$this->prefix."post(title, url, description, keywords, uid, content, autolink, publish, bw, usd, space, uptime, noofdomain, freedomain, server, updated, date) VALUES ('%s', '%s', '%s', '%s', %d, '%s', $autolink, '$publish', %.2f, %.2f, %.2f, %.2f, %u, $freedomain, %u, $dt, $dt)";
		$query=sprintf($query,mysql_real_escape_string($title),mysql_real_escape_string($url),mysql_real_escape_string($description),mysql_real_escape_string($tags),$this->uid,mysql_real_escape_string($content),$bw,$usd,$space,$uptime,$noofdomain,$server);
		if(!empty($id)){
			$query="UPDATE ".$this->prefix."post SET title = '%s', url = '%s', content = '%s', description = '%s', keywords = '%s', autolink = $autolink, bw = %.2f, usd = %.2f, space = %.2f, uptime = %.2f, noofdomain = %u, freedomain = '$freedomain', server = %u, updated = $dt WHERE id = %d AND uid = %d";
			$query=sprintf($query,mysql_real_escape_string($title),mysql_real_escape_string($url),mysql_real_escape_string($content),mysql_real_escape_string($description),mysql_real_escape_string($tags),$bw,$usd,$space,$uptime,$noofdomain,$server,$id,$this->uid);}
		@mysql_query($query);
		if(empty($id)){
			$new=true;
			$id=mysql_insert_id();
			$edit=$id.'<>';
			$query=sprintf("INSERT INTO ".$this->prefix."search(title, url, keywords, description, pid, uid, publish, body) VALUES ('%s', '%s', '%s', '%s', %d, %d, '$publish', '%s')",mysql_real_escape_string($title),mysql_real_escape_string($url),mysql_real_escape_string($keywords),mysql_real_escape_string($description),$id,$this->uid, mysql_real_escape_string($content_text));}
		else{$query=sprintf("UPDATE ".$this->prefix."search SET title = '%s', url = '%s', keywords = '%s', description = '%s', body = '%s' WHERE pid = %d AND cid = 0",mysql_real_escape_string($title),mysql_real_escape_string($url),mysql_real_escape_string($keywords),mysql_real_escape_string($description),mysql_real_escape_string($content_text),$id);}
		@mysql_query($query);
		echo $edit.'<span style="color:green; background-color:white;">'.((($this->site['approval']=='A')||(empty($new)))? 'Your message has been successfully posted':'Your message is waiting for approval').'</span>';
		exit;
}
private function bbcode_editor($id='')
{
		if(!empty($id)){
			$query=sprintf("SELECT content FROM ".$this->prefix."post WHERE id = %d",$id);
			$result=@mysql_query($query);
			$row = @mysql_fetch_array($result, MYSQL_ASSOC);
			$bbcode=$row['content'];}
		include "../bbcode/bbeditor.php";
}
public function get_query($qur)
{
		if(($this->admin)&&($qur[1]=="3")){
			$loc="../admin/index.php?qur=2M1M".$qur[2];
			@header("Location: $loc");exit;
		}
		$message='';
		if($this->verify_user($message)){
			switch ($qur[1]){
				case "1":
					$this->add_post();
				break;
				case "2":
					$this->save_post($qur[2]);
				break;
				case "3":
					$this->edit_post($qur[2]);
				break;
				case "4":
					$this->bbcode_editor($qur[2]);
				break;
				case "5":
					$this->log_out();
				break;
				default:
					$this->add_post();
			}
		}
		else{
			if($qur[1]!="2"){$this->log_in($message);}
		}
}
}
?>
Return current item: Ramui web hosting directory script