Файл: rban/rban/fx/addtem_ok.php
Строк: 120
<?
require "conf.php";
$conn=mysql_connect(my_host, my_user, my_password);
mysql_select_db(my_db, $conn);
$room=$HTTP_GET_VARS['room'];
$truba=$HTTP_USER_AGENT;
function encoding2($s)
{
$len = strlen($s);
if($len<1) return '';//if emty string return
$pos = 0;
$newlen = 0;
$ret = '';
$to = array(
128,129,130,131,132,133,134,135,136,137,138,139,140,141,
142,143,144,145,146,147,148,149,150,151,153,154,155,156,
157,158,159,160,161,162,163,164,165,166,167,168,169,170,
171,172,173,174,175,176,177,178,179,180,181,182,183,184,
185,186,187,188,189,190,191,192,193,194,195,196,197,198,
199,200,201,202,203,204,205,206,207,208,209,210,211,212,
213,214,215,216,217,218,219,220,221,222,223,224,225,226,
227,228,229,230,231,232,233,234,235,236,237,238,239,240,
241,242,243,244,245,246,247,248,249,250,251,252,253,254,
255,32);
$from = array(
1026,1027,8218,1107,8222,8230,8224,8225,8364,8240,1033,8249,
1034,1036,1035,1039,1106,8216,8217,8220,8221,8226,8211,8212,
8482,1113,8250,1114,1116,1115,1119,160,1038,1118,1032,164,
1168,166,167,1025,169,1028,171,172,173,174,1031,176,177,1030,
1110,1169,181,182,183,1105,8470,1108,187,1112,1029,1109,1111,
1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,
1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,
1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,
1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,
1088,1089,1090,1091,1092,1093,1094,1095,1096,1097,1098,1099,
1100,1101,1102,1103,32);
while ($pos<$len) {
if (ord($s[$pos]) < 0x80) {
$ret .= $s[$pos];
$pos++;
} else {
if ( ((ord($s[$pos]) & 0xE0) == 0xC0) && ($pos < ($len-1)) ) {
$c = ( (ord($s[$pos]) & 0x1F) << 6 ) + ( ord($s[$pos+1]) &
0x3F)
;
$pos+=2;
} elseif ( ((ord($s[$pos]) & 0xF0) == 0xE0) && ($pos<($len-2)))
{
$c = (((ord($s[$pos])) & 0x0F) << 12) + ((ord($s[$pos+1]) &
0x3F
) << 6) + (ord($s[$pos+2]) & 0x3F);
$pos+=3;
} else {
$c = 0;
$pos+=4;
}
for ($i=0; $i<128; $i++) {
if ($c == $from[$i]) {
$c = $to[$i];
break;
}
}
$ret .= chr($c);
}
}
if ((ord($s[0]) == 0xEF)) {
$ret = substr($ret, 1, strlen($ret));
}
$ret=htmlspecialchars($ret);
return $ret;
}
if(isset($HTTP_GET_VARS['UIN']))
{
$UIN=$HTTP_GET_VARS['UIN'];
}
else
{
$UIN="Guest";
}
$UINmd5=$UIN;
$sql=("select `pass` from `index` where id='$UIN'");
$res=mysql_query($sql);
$row=mysql_fetch_object($res);
$alk=$row->id;
$stringer=$row->setting_string;
$banned=$row->banned;
if ($pass!=$row->pass)
{
$UIN="Guest";
}
if(isset($HTTP_GET_VARS['pass']))
{
$pass=$HTTP_GET_VARS['pass'];
}
else
{
$pass="Guest";
}
header("Content-Type: text/vnd.wap.wml; charset=utf-8");
echo '<?xml version="1.0" encoding="utf-8"?>';
echo '<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN"
"http://www.wapforum.org/DTD/wml_1.1.xml">';
$truba=$HTTP_USER_AGENT;
$sql=("select `pass` from `index` where id='$UIN'");
$res=mysql_query($sql);
$row=mysql_fetch_object($res);
$alk=$row->id;
if ($pass!=$row->pass)
{
$UIN="Guest";
}
$room=$HTTP_GET_VARS['room'];
$nick=$HTTP_GET_VARS['nick'];
echo "<wml>
<card ontimer="forum.php?UIN=$UINmd5&pass=$pass&room=$room" id="writeadd" title="Написать">
<timer value="10"/>
<p align="center">";
if ($UIN=="Guest")
{
print 'Please login first!<br/>';
print '<a href="../index.php">Главная</a><br/>';
}
elseif ($UIN=="Inferno")
{
echo '?';
}
else
{
$message=$text;
$message=encoding2($message);
$post=$message;
if ($message == "$")
{
;
print "Bы ввeли нeдoпycтимыe cимвoлы!";
}
else {
$sql= ("select `banned` from `index` where id = '$UIN'");
$result=mysql_query($sql);
$row=mysql_fetch_object($result);
$ban=$row->banned;
$truba=$row->truba;
if ($ban=="1")
{
print 'You has been banned...<br/>';
}
elseif ($truba=="WinWAP-PRO/3.1 (3.1.6.192)")
{
print 'You has been banned...<br/>';
}
else
{
$sql=("select * from `topic` where name='$UIN' order by id Desc Limit 1");
$result=mysql_query($sql);
$row=mysql_fetch_object($result);
if ($post==$row->message)
{
print '<a href="forum.php?UIN='.$UINmd5.'&pass='.$pass.'&room='.$room.'">Taкaя Teмa yжe ecть</a><br/>';
}
else
{
$oper=getenv('REMOTE_ADDR');
$sql22=("select `site` from `index` where id='$UINmd5'");
$res22=mysql_query($sql22);
$row22=mysql_fetch_object($res22);
$site=$row22->site;
$site=translate($site);
$iddd=$row22->site;
$site=eregi_replace("http://","", $site);
$point=".";
$time =$site;
$time .=" ";
$time .=date(d);
$time .=$point;
$time .=date(m);
$time .=$point;
$time .=date(y);
$time .="-";
$dpoint=":";
$time .= date(H);
$time .=$dpoint;
$time .=date(i);
if (isset($nick))
{
$temp=$nick;
$message=$temp;
$message=encoding2($message);
$temp=$message;
$temp .=", ";
$temp .=$post;
$post=$temp;
}
$sql="insert into topic (id, name, message, date, room) values (NULL, '$UIN', '$post', '$time', '$room')";
$res=mysql_query($sql);
$sql=("select `id` from `topic` order by id desc limit 1");
$res=mysql_query($sql);
$row=mysql_fetch_object($res);
$idd=$row->id;
$sql=("delete from `rating` where ident='$idd'");
mysql_query($sql);
$sql="insert into rating (id, room, ident) values (NULL, '$room', '$idd')";
mysql_query($sql);
/* $sqlq="select id from topic where order by id desc limit 1";
$resq=mysql_query($sqlq);
$aq = mysql_fetch_array($rq); */
$message=$text2;
$message=encoding2($message);
$post=$message;
if ($message == "$")
{
print "ввeдeны ндoпycтимыe cимвoлы";
exit;
}
$oper=getenv('REMOTE_ADDR');
$sql22=("select `site` from `index` where id='$UINmd5'");
$res22=mysql_query($sql22);
$row22=mysql_fetch_object($res22);
$site=$row22->site;
$site=translate($site);
$iddd=$row22->site;
$site=eregi_replace("http://","", $site);
$point=".";
$time =$site;
$time .=" ";
$time .=date(d);
$time .=$point;
$time .=date(m);
$time .=$point;
$time .=date(y);
$time .="-";
$dpoint=":";
$time .= date(H);
$time .=$dpoint;
$time .=date(i);
if (isset($nick))
{
$temp=$nick;
$message=$temp;
$message=encoding2($message);
if ((strpos ($message,"$") !== false)||(strpos ($message,'') !== false))
{
print "ввeдeны ндoпycтимыe cимвoлы";
exit;
}
$temp=$message;
$temp .=", ";
$temp .=$post;
$post=$temp;
}
$sql="insert into forum (id, name, message, date, topic, room) values (NULL, '$UIN', '$post', '$time', '$idd', '$room')";
mysql_query($sql);
/*$sql="delete from rating where ident='$id'";
mysql_query($sql);
$sql="insert into rating (id, room, ident) values (NULL, '$room', '$idd')";
mysql_query($sql); */
print '<br/>
<a href="forum.php?UIN='.$UINmd5.'&pass='.$pass.'&room='.$room.'">Ok</a><br/>';
}
}
}
}
print '</p>
</card>
</wml>';
?>