<?php
if(!defined('DATALIFEENGINE')) {
die("Hacking attempt!");
}
$id = intval($_REQUEST['id']);
$action = $_REQUEST ['action'];
$subaction = $_REQUEST ['subaction'];
$proceed = $_REQUEST ['proceed'];
if ($config['allow_alt_url'] == "yes") {
$g_path = 'guestbook/';
$g_proceed = 'proceed/';
$g_proceed_u = 'com_update.html';
$g_act = 'action/';
$g_act_a['edit'] = 'edit/';
$g_id = '';
$g_act_a['del'] = 'del/';
$g_pg = 'page/';
}
else {
$g_path = '?do=guestbook';
$g_proceed = '&proceed';
$g_proceed_u = '=com_update';
$g_act = '&action';
$g_act_a['edit'] = '=edit';
$g_id = '&id=';
$g_act_a['del'] = '=del';
$g_pg = '&cstart=';
}
$_TIME = time()+($config['date_adjust']*60);
if ($_SERVER['HTTP_X_FORWARDED_FOR']) $ip = $db->safesql($_SERVER['HTTP_X_FORWARDED_FOR']); else $ip = $db->safesql($_SERVER['REMOTE_ADDR']);
if ((intval($cstart) > 0 and isset($_REQUEST['cstart'])) OR preg_match('/^do=guestbook$/',$_SERVER['QUERY_STRING'])) $_SESSION['g_pg'] = $cstart;
if (intval($cstart) == 0 and !isset($_REQUEST['cstart'])) $cstart = $_SESSION['g_pg'];
if (intval($cstart) > 0 and !isset($_REQUEST['cstart'])) {
$g_pg_lnk = $g_pg.$cstart;
} else $g_pg_lnk = '';
include_once(ENGINE_DIR.'/classes/parse.class.php');
$parse = new ParseFilter();
$parse->safe_mode = true;
if ($action == "del") {
$date_max = "SELECT MAX(date) FROM " . PREFIX . "_guestbook";
$date_max = $db->super_query($date_max);
$rights_usr = "SELECT date, userid, is_reg FROM " . PREFIX . "_guestbook WHERE id = '$id'";
$rights_usr = $db->super_query($rights_usr);
if ($is_logged AND (($member_id['user_id'] == $rights_usr['userid'] AND ($rights_usr['is_reg'] == 1) AND $user_group[$member_id['user_group']]['allow_delc'] AND ($rights_usr['date'] == $date_max['MAX(date)'])) OR $member_id['user_group'] == '1' OR $user_group[$member_id['user_group']]['del_allc'])){
$db->query("DELETE FROM " . PREFIX . "_guestbook WHERE id = '$id'");
msgbox ($lang['all_info'], 'Выбранное сообщение было успешно удалено. <a href="'.$config['http_home_url'].$g_path.$g_pg_lnk.'">Вернуться назад...</a>');
}
else msgbox ($lang['all_info'], 'Отказано в доступе. <a href="'.$config['http_home_url'].$g_path.$g_pg_lnk.'">Вернуться назад...</a>');
} elseif ($action == "edit") {
$rights_usr = "SELECT userid, is_reg FROM " . PREFIX . "_guestbook WHERE id = '$id'";
$rights_usr = $db->super_query($rights_usr);
if (($is_logged AND ($member_id['user_id'] == $rights_usr['userid'] AND ($rights_usr['is_reg'] == 1) AND $user_group[$member_id['user_group']]['allow_editc'])) OR $user_group[$member_id['user_group']]['edit_allc']){
$row = $db->super_query("SELECT * FROM " . PREFIX . "_guestbook WHERE id = '$id'");
$tpl->load_template('addmessage.tpl');
if ($config['allow_comments_wysiwyg'] == "yes"){
$tpl->copy_template = "<script language=JavaScript src='".$config['http_home_url']."engine/editor/scripts/innovaeditor.js'></script>\n".$tpl->copy_template;
}
else {
include_once ENGINE_DIR.'/modules/bbcode.php';
}
if ($config['allow_comments_wysiwyg'] != "yes")
$text = $parse->decodeBBCodes($row['message'], false);
else
$text = $parse->decodeBBCodes($row['message'], TRUE, $config['allow_comments_wysiwyg']);
$tpl->set_block("'\\[not-logged\\].*?\\[/not-logged\\]'si","");
$tpl->set_block("'\\[sec_code\\].*?\\[/sec_code\\]'si","");
if ($config['allow_comments_wysiwyg'] != "yes"){
$tpl->set('[not-wysywyg]',"");
$tpl->set('[/not-wysywyg]',"");
} else $tpl->set_block("'\\[not-wysywyg\\].*?\\[/not-wysywyg\\]'si","");
if ($config['allow_comments_wysiwyg'] == "yes"){
include_once ENGINE_DIR.'/editor/comments.php';
$tpl->set('{wysiwyg}',$wysiwyg);
} else
{
$tpl->set('{wysiwyg}','');
}
$tpl->set('{bbcode}',$bb_code);
$tpl->set('{text}', $text);
$tpl->set('{title}', 'Редактирование сообщения');
$tpl->copy_template = "<form method=\"post\" id=\"dle-comments-form\" enctype=\"multipart/form-data\" action=\"{$config['http_home_url']}{$g_path}{$g_proceed}{$g_proceed_u}\">".$tpl->copy_template."
<input type=\"hidden\" name=\"subaction\" value=\"addcomment\" />
<input type=\"hidden\" name=\"id\" value=\"".$id."\">";
$tpl->copy_template .= "</form>";
$tpl->compile('content');
$tpl->clear();
}
else msgbox ($lang['all_info'], 'Отказано в доступе. <a href="'.$config['http_home_url'].$g_path.$g_pg_lnk.'">Вернуться назад...</a>');
} elseif ($proceed == "com_update") {
$rights_usr = "SELECT userid, is_reg FROM " . PREFIX . "_guestbook WHERE id = '$id'";
$rights_usr = $db->super_query($rights_usr);
if (($is_logged AND ($member_id['user_id'] == $rights_usr['userid'] AND ($rights_usr['is_reg'] == 1) AND $user_group[$member_id['user_group']]['allow_editc'])) OR $user_group[$member_id['user_group']]['edit_allc']){
$id = intval($_POST['id']);
if ($config['allow_comments_wysiwyg'] != "yes")
$message = $db->safesql($parse->BB_Parse($parse->process($_POST['message']), false));
else{
$parse->wysiwyg = true;
$parse->ParseFilter(Array('div', 'a', 'span', 'p', 'br'), Array(), 0, 1);
$message = $db->safesql($parse->BB_Parse($parse->process($_POST['comments'])));
}
$result = $db->query("UPDATE " . PREFIX . "_guestbook SET message='$message' WHERE id='$id'");
@header("Location: {$config['http_home_url']}{$g_path}{$g_pg_lnk}");
}
else msgbox ($lang['all_info'], 'Отказано в доступе. <a href="'.$config['http_home_url'].$g_path.$g_pg_lnk.'">Вернуться назад...</a>');
} elseif ($proceed == "add") {
@set_time_limit(0);
if ($is_logged) {
$name = $member_id['name'];
$mail = $member_id['email'];
$is_register = "1";
} else {
$name = $db->safesql($parse->process(trim($_POST['name'])));
$mail = $db->safesql($parse->process(trim($_POST['mail'])));
$is_register = "0";
}
if ($config['allow_comments_wysiwyg'] != "yes")
$message = $db->safesql($parse->BB_Parse($parse->process($_POST['message']), false));
else{
$parse->wysiwyg = true;
$parse->ParseFilter(Array('div', 'a', 'span', 'p', 'br'), Array(), 0, 1);
$message = $db->safesql($parse->BB_Parse($parse->process($_POST['comments'])));
}
$sec_code = trim($_SESSION['sec_code_session']);
$sec_code_inp = $db->safeSQL($parse->process($_POST['sec_code']));
$date = date ("Y-m-d H:i:s", (time()+$config['date_adjust']*60));
if ($sec_code != $sec_code_inp AND !$is_logged AND !isset($member_id['user_id'])) {
msgbox ($lang['all_info'], 'Неверно указан код безопасности.<br><a href="'.$config['http_home_url'].$g_path.'">Вернуться назад...</a>');
} elseif (preg_match("/[\||\'|\"|\!|\$|\@|\&\~\*\+]/",$name)) {
msgbox ($lang['all_info'], 'Вы ввели недопустимое Имя. <a href="'.$config['http_home_url'].$g_path.'">Вернуться назад...</a>');
}
elseif ($member_id['user_group'] > 2 AND intval ($config['flood_time']) AND flooder($ip) == TRUE) {
msgbox ($lang['all_info'], $lang['news_err_4']. " Вы сможете добавить повторно запись только через {$config['flood_time']} ".$lang['news_err_6'].'. <br><a href="'.$config['http_home_url'].$g_path.'">Вернуться назад...</a>');
}
elseif (trim($message) == "" or !$message) {
msgbox ($lang['all_info'], 'Извините, но Вы не ввели сообщение. <a href="'.$config['http_home_url'].$g_path.'">Вернуться назад...</a>');
} elseif ((!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $mail)) or (empty($mail))) {
msgbox ($lang['all_info'], 'Извините, но Вы ввели неверный E-Mail. <a href="'.$config['http_home_url'].$g_path.'">Вернуться назад...</a>');
}
else {
$last_add = $db->super_query("SELECT id, userid, DATE_FORMAT(date,'%Y-%m-%d') as date, message, ip, is_reg FROM " . PREFIX . "_guestbook ORDER BY id DESC LIMIT 0,1"); // 88
if ($last_add['id']) {
if ($last_add['userid'] == $member_id['user_id'] AND $last_add['is_reg']) $update_comments = true;
elseif ($last_add['ip'] == $ip AND !$last_add['is_reg'] AND !$is_logged) $update_comments = true;
if ($last_add['date'] != date("Y-m-d", $_TIME)) $update_comments = false;
if (((strlen($last_add['message']) + strlen($message)) > 3000) AND $update_comments)
{
$update_comments = false;
$stop[] = $lang['news_err_3'];
msgbox ($lang['all_err_1'], implode("<br />", $stop)."<br /><br /><a href=\"javascript:history.go(-1)\">".$lang['all_prev']."</a>");
}
}
if ($update_comments) {
$message = $last_add['message']."<br /><br />".$message;
$db->query("UPDATE " . PREFIX . "_guestbook set message='{$message}' WHERE id='{$last_add['id']}'");
@header("Location: {$config['http_home_url']}{$g_path}{$g_pg_lnk}");
} else {
$dupe_url = $db->query("SELECT email, name FROM ".USERPREFIX."_users WHERE name = '$name' OR email = '$mail'");
if (($db->num_rows($dupe_url) > 0) AND $is_register == '0') {
msgbox ($lang['all_info'], 'Данное Имя или E-Mail использовать нельзя.<br><a href="'.$config['http_home_url'].$g_path.'">Вернуться назад...</a>');
} else {
if ($name == "1") $name = "";
$db->query("INSERT INTO ".PREFIX."_guestbook (name, userid, mail, ip, message, date, is_reg) VALUES ('$name', '$member_id[user_id]', '$mail', '$ip', '$message', '$date', '$is_register')");
if($config['flood_time'] != 0 and $config['flood_time'] != "")
{
$db->query("INSERT INTO " . PREFIX . "_flood (id, ip) values ('$_TIME', '$ip')");
}
@header("Location: {$config['http_home_url']}{$g_path}{$g_pg_lnk}");
}
}
}
} else {
$tpl->load_template('addmessage.tpl');
if (($is_logged AND $config_only_registered_comment == "yes") OR ($config_only_registered_comment != "yes"))
{
if ($config['allow_comments_wysiwyg'] == "yes"){
$tpl->copy_template = "<script language=JavaScript src='".$config['http_home_url']."engine/editor/scripts/innovaeditor.js'></script>\n".$tpl->copy_template;
}
else {
include_once ENGINE_DIR.'/modules/bbcode.php';
}
$tpl->set('{title}', 'Добавление Сообщения');
if (!$is_logged) {
$tpl->copy_template .= "
<script language='JavaScript' type=\"text/javascript\">
function reload () {
var rndval = new Date().getTime();
document.getElementById('dle-captcha').innerHTML = '<img src=\"{$config['http_home_url']}engine/modules/antibot.php?rndval=' + rndval + '\" border=\"0\" width=\"120\" height=\"50\"><br /><a onclick=\"reload(); return false;\" href=\"#\">{$lang['reload_code']}</a>';
};
</script>";
$tpl->set('[sec_code]','');
$tpl->set('[/sec_code]','');
$tpl->set('{sec_code}',"<span id=\"dle-captcha\"><img src=\"".$config['http_home_url']."engine/modules/antibot.php\" alt=\"{$lang['sec_image']}\" border=\"0\" /><br /><a onclick=\"reload(); return false;\" href=\"#\">{$lang['reload_code']}</a></span>");
}else {
$tpl->set_block("'\\[sec_code\\].*?\\[/sec_code\\]'si","");
}
if ($config['allow_comments_wysiwyg'] != "yes"){
$tpl->set('[not-wysywyg]',"");
$tpl->set('[/not-wysywyg]',"");
} else $tpl->set_block("'\\[not-wysywyg\\].*?\\[/not-wysywyg\\]'si","");
if ($config['allow_comments_wysiwyg'] == "yes"){
include_once ENGINE_DIR.'/editor/comments.php';
$tpl->set('{wysiwyg}',$wysiwyg);
} else
{
$tpl->set('{wysiwyg}','');
}
$tpl->set('{bbcode}',$bb_code);
$tpl->set('{text}', '');
if (!$is_logged) {
$tpl->set('[not-logged]','');
$tpl->set('[/not-logged]','');
}
else $tpl->set_block("'\\[not-logged\\](.*?)\\[/not-logged\\]'si","");
$tpl->copy_template = "<form method=\"post\" id=\"dle-comments-form\" enctype=\"multipart/form-data\"><input type=hidden name=do value=guestbook>
<input type=hidden name=proceed value=add>".$tpl->copy_template."
<input type=\"hidden\" name=\"subaction\" value=\"addcomment\" />
<input type=\"hidden\" name=\"op\" value=\"post\">";
$tpl->copy_template .= "</form>";
}
$tpl->compile('content');
$number = 15;
if ($cstart < 0) $cstart = 0;
if ($cstart){
$cstart = $cstart - 1;
$cstart = $cstart * $number;
}
$i = $cstart;
$s = 0;
$result = $db->query("SELECT id, date, name as gast_name, mail as gast_email, message, ip, is_reg, userid FROM " . PREFIX . "_guestbook ORDER BY date DESC LIMIT $cstart,$number");
$query_count = "SELECT COUNT(*) as count from " . PREFIX . "_guestbook";
$row_count = $db->super_query($query_count);
while($row = $db->get_array($result)){
$row['date'] = strtotime($row['date']);
$userid = $row['userid'];
$query_users = "SELECT user_group, news_num, icq, foto, reg_date FROM " . USERPREFIX . "_users WHERE user_id = '$userid'";
$result_users = $db->super_query($query_users);
$row['name'] = stripslashes($row['gast_name']);
$row['gast_email'] = stripslashes($row['gast_email']);
$i++;$s++;
if (!$row['is_reg'] OR $row['name'] == '') {
if($row['gast_email'] != ""){
if( preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $row['gast_email'])){ $url_target = ""; $mail_or_url = "mailto:"; }
else{
$url_target = "target=\"_blank\"";
$mail_or_url = "";
if(substr($row[email],0,3) == "www"){ $mail_or_url = "http://"; }
}
if ($mail_or_url == "mailto:") {
$tpl->set('{author}', "<a href=\"mailto:{$row['gast_email']}\">".$row['gast_name']."</a>");
} else {
$tpl->set('{author}', "<a $url_target href=\"$mail_or_url".$row[gast_email]."\">".$row['gast_name']."</a>");
}
}
else{ $tpl->set('{author}', $row['gast_name']); }
}else
{
if ($config['allow_alt_url'] == "yes")
$tpl->set('{author}', "<a href=\"".$config['http_home_url']."user/".urlencode($row['name'])."/\">".stripslashes($row['name'])."</a>");
else
$tpl->set('{author}', "<a href=\"$PHP_SELF?subaction=userinfo&user=".urlencode($row['name'])."\">".stripslashes($row['name'])."</a>");
}
if (!$result_users['user_group']) $result_users['user_group'] = 5;
if ($user_group[$result_users['user_group']]['icon'])
$tpl->set('{group-icon}', "<img src=\"".$user_group[$result_users['user_group']]['icon']."\" border=\"0\" />");
else
$tpl->set('{group-icon}', "");
if (($is_logged AND ($member_id['user_id'] == $row['userid'] AND ($row['is_reg'] == 1) AND $user_group[$member_id['user_group']]['allow_editc'])) OR $user_group[$member_id['user_group']]['edit_allc']){
$tpl->set('[com-edit]',"<a href=\"".$config['http_home_url'].$g_path.$g_act.$g_act_a['edit'].$g_id.$row['id'].".html\">");
$tpl->set('[/com-edit]',"</a>");
$allow_comments_ajax = true;
}
else $tpl->set_block("'\\[com-edit\\](.*?)\\[/com-edit\\]'si","");
$date_max = "SELECT MAX(date) FROM " . PREFIX . "_guestbook";
$date_max = $db->super_query($date_max);
if ($is_logged AND (($member_id['user_id'] == $row['userid'] AND ($row['is_reg'] == 1) AND $user_group[$member_id['user_group']]['allow_delc'] AND ($row['date'] == $date_max['MAX(date)'])) OR $member_id['user_group'] == '1' OR $user_group[$member_id['user_group']]['del_allc'])){
$tpl->set('[com-del]',"<a href=\"javascript:confirmDelete('".$config['http_home_url'].$g_path.$g_act.$g_act_a['del'].$g_id.$row['id']."')\">");
$tpl->set('[/com-del]',"</a>");
}
else $tpl->set_block("'\\[com-del\\](.*?)\\[/com-del\\]'si","");
if (($user_group[$member_id['user_group']]['allow_addc']) AND $config['allow_comments'] == "yes")
{
if (!$row['is_register'] OR $row['name'] == '') $row['name'] = stripslashes($row['gast_name']); else $row['name'] = stripslashes($row['name']);
$tpl->set('[fast]',"<a onmouseover=\"dle_copy_quote('".str_replace( array(" ", "'"), array(" ", "&#039;"), $row['name'] )."');\" href=\"#\" onClick=\"dle_ins('".str_replace( array(" ", "'"), array(" ", "&#039;"), $row['name'] )."'); return false;\"\">");
$tpl->set('[/fast]',"</a>");
} else $tpl->set_block("'\\[fast\\](.*?)\\[/fast\\]'si","");
$tpl->set('{comment-id}', $row['id']);
$tpl->set('{date}', langdate($config['timestamp_comment'], $row['date']));
if ($row['is_reg'] AND $result_users['icq']) $tpl->set('{icq}', stripslashes($result_users['icq']));
else $tpl->set('{icq}', 'Не Указано');
if ($result_users['foto'])
$tpl->set('{foto}', $config['http_home_url']."uploads/fotos/".$result_users['foto']);
else
$tpl->set('{foto}', "{THEME}/images/noavatar.png");
if ($row['is_reg']) $tpl->set('{registration}', langdate($config['timestamp_active'], $result_users['reg_date']));
else $tpl->set('{registration}', 'Не Указано');
$tpl->set('{comment}', stripslashes($row['message']));
if ($is_logged) $tpl->set_block("'\[hide\](.*?)\[/hide\]'si","\\1");
else $tpl->set_block("'\\[hide\\](.*?)\\[/hide\\]'si","<div class=\"quote\">".$lang['news_regus']."</div>");
if ($is_logged AND $member_id['user_group'] == '1')
$tpl->set('{ip}', "IP: <a href=\"http://www.nic.ru/whois/?ip={$row['ip']}\" target=\"_blank\">{$row['ip']}</a>");
else
$tpl->set('{ip}', '');
$tpl->load_template('message.tpl');
$tpl->compile('content');
}
$tpl->load_template('navigation.tpl');
if($cstart > 0){
$prev = $cstart / $number;
$prev_page = $config['http_home_url'].$g_path.$g_pg.$prev;
$tpl->set_block("'\[prev-link\](.*?)\[/prev-link\]'si", "<a href=\"".$prev_page."\">\\1</a>");
}else{ $tpl->set_block("'\[prev-link\](.*?)\[/prev-link\]'si", "\\1"); $no_prev = TRUE; }
if($number){
$count_all = $row_count['count'];
$pages_count = @ceil($count_all/$number);
$pages_start_from = 0;
$pages = "";
$pages_per_section = 3;
if($pages_count > 10)
{
for($j = 1; $j <= $pages_per_section; $j++)
{
if($pages_start_from != $cstart)
{
$pages .= '<a href="'.$config['http_home_url'].$g_path.$g_pg.$j.'">'.$j.'</a> ';
}
else
{
$pages .= " [$j] ";
}
$pages_start_from += $number;
}
if(((($cstart / $number) + 1) > 1) && ((($cstart / $number) + 1) < $pages_count))
{
$pages .= ((($cstart / $number) + 1) > ($pages_per_section + 2)) ? '... ' : ' ';
$page_min = ((($cstart / $number) + 1) > ($pages_per_section + 1)) ? ($cstart / $number) : ($pages_per_section + 1);
$page_max = ((($cstart / $number) + 1) < ($pages_count - ($pages_per_section + 1))) ? (($cstart / $number) + 1) : $pages_count - ($pages_per_section + 1);
$pages_start_from = ($page_min - 1) * $number;
for($j = $page_min; $j < $page_max + ($pages_per_section - 1); $j++)
{
if($pages_start_from != $cstart)
{
$pages .= '<a href="'.$config['http_home_url'].$g_path.$g_pg.$j.'">'.$j.'</a> ';
}
else
{
$pages .= " [$j] ";
}
$pages_start_from += $number;
}
$pages .= ((($cstart / $number) + 1) < $pages_count - ($pages_per_section + 1)) ? '... ' : ' ';
}
else
{
$pages .= '... ';
}
$pages_start_from = ($pages_count - $pages_per_section) * $number;
for($j=($pages_count - ($pages_per_section - 1)); $j <= $pages_count; $j++)
{
if($pages_start_from != $cstart)
{
$pages .= '<a href="'.$config['http_home_url'].$g_path.$g_pg.$j.'">'.$j.'</a> ';
}
else
{
$pages .= " [$j] ";
}
$pages_start_from += $number;
}
}
else
{
for($j=1;$j<=$pages_count;$j++)
{
if($pages_start_from != $cstart)
{
$pages .= '<a href="'.$config['http_home_url'].$g_path.$g_pg.$j.'">'.$j.'</a> ';
}
else
{
$pages .= " [$j] ";
}
$pages_start_from += $number;
}
}
$tpl->set('{pages}', $pages);
}
if($number < $count_all and $i < $count_all){
$next_page = $i / $number + 1;
$next = $config['http_home_url'].$g_path.$g_pg.$next_page;
$tpl->set_block("'\[next-link\](.*?)\[/next-link\]'si", "<a href=\"".$next."\">\\1</a>");
}else{
$tpl->set_block("'\[next-link\](.*?)\[/next-link\]'si", "\\1"); $no_next = TRUE;
}
if (!$no_prev or !$no_next){ $tpl->compile('content'); }
$tpl->clear();
};
?>
