Файл: iwup.biz/guest/index.php
Строк: 55
<?php
$mt=microtime(1);
$time=time();
include('../ses.php');
include('../shapka.php');
include('../db.php');
include('../nast.php');
if(!isset($_SESSION['kod']))
$_SESSION['kod']=rand(1,1000);
$ip1=mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$user1=mysql_real_escape_string(htmlspecialchars(substr($_SERVER['HTTP_USER_AGENT'],0,40)));
$ips = explode('.',$ip1);
$longip = $ips[3] + $ips[2] * 256 + $ips[1] * 256 * 256 + $ips[0] * 256 * 256 * 256;
$ipres=mysql_query("SELECT * from `guestban` WHERE (`ipstatus`=0 OR (`ipst`<=$longip AND `ipend`>=$longip)) AND (`userstatus`=0 OR `user`='$user1') limit 1") or die(mysql_error());
if(mysql_num_rows($ipres))
{
print "извините, но вам закрыт вход в гостевую<br />";
include('../foot.php');
exit;
}
if(isset($_GET['ref']))
{
$ref=mysql_real_escape_string(htmlspecialchars($_GET['ref']));
$res_ref=mysql_query("SELECT * from `user` WHERE `login`='$ref' AND `status`>1");
if(!mysql_num_rows($res_ref))
$ref='';
}
else
$ref='';
print '</div><div class="top">Гостевая книга:<br /></div><div>';
$page=intval(@$_GET['page']);
$start = $page * $guestsob;
$end = $start + $guestsob;
$result = mysql_query("SELECT * from `guest` ORDER by `gid` DESC limit $start, ".($end+1)."");
@mysql_data_seek($result, $start);
while($sob=mysql_fetch_assoc($result))
{
$date=date('d/m/Y H:i',$sob['time']);
echo '<b>'.htmlspecialchars($sob['name'])."($date)".'><br />'.'</b>';
echo nl2br(htmlspecialchars($sob['mess'])).'<br />';
if($sob['answer'])
print "<b>Ответ:</b>".nl2br(htmlspecialchars($sob['answer']))."<br />";
$start++; if($start>=$end) break;
print $razd;
}
if($end<mysql_num_rows($result))
{
print "<a href="index.php?ses=$ses&page=".($page+1)."">Далее</a><br />";
}
if($page>0)
print "<a href="index.php?ses=$ses&page=".($page-1)."">Назад</a><br />";
print"
</div><form action="guestadd.php?act=nar&ses=$ses" method="post"><div>
Ваше имя:<br/>
<input name="name" maxlength="30" value=""/><br/>
Сообщение:<br/>
<textarea name="zakaz" rows="5" cols="20"></textarea><br/>
Код на картинке: <img src="../img.php?ses=$ses" alt="" width="90" height="30"/><br /><input type="text" name="kod" maxlength="7" /><br />
<input type="submit" name="a" value="Добавить"/>
</div></form><div>";
print '</div><div class="down"><a href="../index.php">Игровой клуб</a><br /></div><div>';
include('../foot.php');
?>