File size: 6.12Kb
<?php
error_reporting(0);
require_once"./includes/functions/gzip.php";
include('start.php');
include("config.php");
include("./includes/".$ver."/banned");
list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
$nocache = rand(0, 999999999);
switch ($ver) {
//////////////HTML
case 'html':
$my_title = "CG Blog";
if (!isset($_COOKIE['theme'])) $_COOKIE['theme'] = 1;
include_once "themes/" . intval($_COOKIE['theme']) . "/index.php";
// AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT * FROM `chat_users` WHERE `id` = '" . $id . "' AND `password` = '" . md5($password) . "';");
if (mysql_affected_rows() == 0) {
echo "Not logged in!<br/>\n";
include_once "themes/" . intval($_COOKIE['theme']) . "/foot.php";
exit();
} else {
$nickname = mysql_result($q, 0, 'nickname');
}
// END AUTH
/*
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE
*/
//ONLINE IN CHAT
$query = mysql_query("SELECT COUNT(*) FROM `chat_users` WHERE `time` > ".time().";");
$online = mysql_result($query, 0);
//END ONLINE
if (isset($_GET['mod'])) {
$mod = $_GET['mod'];
} else {
$mod = "";
}
switch ($mod) {
case 'default':
$query = mysql_query("SELECT `id`, `name` , `author` FROM `chat_blog` ORDER BY `id` DESC LIMIT 10;");
echo "<div class='gmenu'><center><b>Blog List</b></center></div><br/>";
$posr = mysql_query("SELECT `posts` FROM `chat_users` WHERE `id`='".$id."';");
$posts = mysql_result($posr, 0);
If ($posts < 250 ) { echo "<center><b>You Must Have 250 Post To Add A Blog</b><br/></center>";}else{echo "<center><b><a href=\"blog.php?".SID."&ver=html&mod=add\">+ Add Your Blog Now +</a></b></center>";}
$qa = @mysql_query("SELECT COUNT(*) FROM `chat_blog`;");
$all = @mysql_result($qa, 0);
if(isset($_GET['s'])) $s = intval($_GET['s']);
else $s = 0;
if($s < 0) $s = 10;
if($s > $all) $s = 10;
$c = $s + 1;
while($news = @mysql_fetch_array($query))
{
$nid = $news['id'];
$name = $news['name'];
$author = $news['author'];
$q = mysql_query("SELECT `id` FROM `chat_users` WHERE `nickname` = '".$author."';");
$uid = mysql_result($q, 0);
$p = mysql_query("SELECT `level` FROM `chat_users` WHERE `id`='".$id."';");
$level = mysql_result($p, 0);
echo "<img src='img/chapel.jpg'> Title: <a href=\"blog.php?".SID."&nid=$nid&ver=html&mod=view\"><b>".$name."</b></a> || By :<a href=\"info.php?".SID."&ver=html&uid=$uid&nocache=$nocache\">$author </a> \n";
if (( $uid == $id )||($level > 4)){ echo "<a href=\"blog.php?" . SID . "&ver=html&mod=delete&nid=$nid&nocache=$nocache\">[Delete]</a><br/>";}
echo "<div class='dottedline'> </div>";
}
echo "<br><div class='dottedline'> </div>";
if ($all > 10) print "[ <a href=\"blog.php?".SID."&ver=html&mod=default&s=".($s+10)."\">Next</a> ]";
if ($s > 0) print " || [ <a href=\"blog.php?".SID."&ver=html&mod=default&s=".($s-10)."\">Prev</a> ]";
print '<br/><br/>';
break;
case 'add':
echo "<div class=\"form\">\n";
echo "<form method=\"post\" action=\"blog.php?" . SID . "&ver=html&mod=add\"/>\n";
echo "Blog Title:<br/>\n";
echo "<input name=\"title\" maxlength=\"20\" value=\"\" title=\"title\" value=\"\"/><br/>\n";
echo "Blog Text:<br/>\n";
echo "<input name=\"text\" maxlength=\"300\" value=\"\" title=\"text\"/><br/>\n";
echo "<input type=\"hidden\" name=\"action\" value=\"add\"/>";
echo "<input type=\"submit\" value=\"Add\"/></form></div><br/>\n";
$title = htmlspecialchars(mysql_escape_string(trim($_POST['title'])));
$title = str_replace('$', '$$', $title);
$text = htmlspecialchars(mysql_escape_string(trim($_POST['text'])));
$text = str_replace('$', '$$', $text);
if(empty($title))
{
echo "";
break;
}
if(empty($text))
{
echo "Empty text!<br/>\n";
break;
}
$q = mysql_query("SELECT `nickname` FROM `chat_users` WHERE `name` = '".$title."' AND `text` = '".$text."';");
$nickname = mysql_result($q, 0);
if(mysql_affected_rows($q) != 0)
{
echo "Already exist.<br/>\n";
break;
}
$q = mysql_query("SELECT `nickname` FROM `chat_users` WHERE `id` = '".$id."';");
$nickname = mysql_result($q, 0);
$date = date("d-m-Y");
$title = $title;
$sql = mysql_query("INSERT INTO `chat_blog` VALUES(0, '".$title."', '".$nickname."', '".$text."', '".$date."', ".time().");");
if($sql)
{
echo "successfully saved!<br/>\n";
}
else
{
echo "Error!<br/>\n";
echo mysql_error()."<br/>\n";
}
break;
case 'delete':
$nid =$_GET['nid'];
$q = mysql_query("DELETE FROM `chat_blog` WHERE `id` = '" . $nid . "';");
if (mysql_affected_rows() != 0) {
echo "Blog Removed Successfully<br/>\n";
} else {
echo "Shout Doesn't Exist!<br/>\n";
}
break;
case 'view':
$nid = $_GET['nid'];
$q = mysql_query("SELECT * FROM `chat_blog` WHERE `id` = '".$nid."';");
if(mysql_num_rows($q) == 0)
{
echo "Blog of such ID does not exist!<br/>";
echo "<a href=\"menu.php?".SID."&ver=html\">Hall</a><br/>";
include_once "themes/".intval($_COOKIE['theme'])."/foot.php";
exit();
}
else
{
$news = mysql_fetch_array($q);
$name = $news['name'];
$text = $news['text'];
$author = $news['author'];
$date = $news['date'];
}
$q = mysql_query("SELECT `id` FROM `chat_users` WHERE `nickname` = '".$author."';");
$uid = mysql_result($q, 0);
include "smiles.php";
$text = preg_replace($smiles_array, $smile, $text, 2);
echo "<img src='img/chapel.jpg'> <b>Blog By :</b> <a href=\"info.php?".SID."&ver=html&uid=$uid&nocache=$nocache\">$author :</a></b><br/>\n";
echo "<img src='img/chapel.jpg'> <b>Blog Text :</b> $text<br/><br/>\n";
}
echo "<a href=\"blog.php?".SID."&ver=html&mod=default\">BP Blog</a> || ";
echo "<a href=\"menu.php?".SID."&ver=html\">Hall</a><br/>\n";
include_once "themes/".intval($_COOKIE['theme'])."/foot.php";
}
?>