if($loggedin) {
$name_settings = "value='".getnickname($userID)."' readonly ";
eval ("\$shoutbox = \"".gettemplate("shoutbox")."\";");
echo $shoutbox;
}
else {
$_SESSION['shoutcode']=get_code(4);
$pic_url = "shoutbox";
$sid=session_id();
$sname=session_name();
eval ("\$shoutbox_notlogged = \"".gettemplate("shoutbox_notlogged")."\";");
echo $shoutbox_notlogged;
}
function checkIfUserExists($username) {
$ergebnis=safe_query("SELECT username FROM ".PREFIX."user WHERE nickname='".trim(addslashes($username))."' LIMIT 1");
if (mysql_num_rows($ergebnis) != 0) return true;
else return false;
}
if($_GET['action']=="save") {
$do = $_GET['do'];
include("_mysql.php");
include("_settings.php");
include('_functions.php');
if(!$_SESSION['shoutcode']) die("Fehler!");
if ($do == 'verify')
{
if ($_POST['password']==$_SESSION['shoutcode'])
{
$_SESSION['shoutcode']=get_code(4);
$message = $_POST['message'];
include('badwords.php');
$name = $_POST['name'];
if($userID) {
$name = getnickname($userID);
} else if (checkIfUserExists($name)) {
die('<script type="text/javascript">
alert("Sie sind nicht berechtigt diesen Spitznamen zu verwenden!");
</script>');
} else {
$name = $name;
}
if(!empty($name) && !empty($message)) {
$date=time();
$ip = $_SERVER['REMOTE_ADDR'];
$ergebnis = safe_query("SELECT * FROM ".PREFIX."shoutbox ORDER BY date DESC LIMIT 0,1");
$ds=mysql_fetch_array($ergebnis);
if(($ds[message] != $message) OR ($ds[name] != $name)) safe_query("INSERT INTO ".PREFIX."shoutbox (date, name, message, ip) VALUES ( '$date', '$name', '$message', '$ip' ) ");
}
header("Location: shoutbox_content.php?action=show");
}
else{
$_SESSION['shoutcode']=get_code(4);
echo '<script type="text/javascript">
alert("Ihre Code-Bestätigung ist ungültig!\nBitte versuchen Sie es noch einmal.");
</script>
';
$_GET['action']=="show";
}
}
}
elseif($_GET['action']=="saveuser") {
include("_mysql.php");
include("_settings.php");
$message = $_POST['message'];
$name = $_POST['name'];
if(!empty($name) && !empty($message)) {
$date=time();
$ip = $_SERVER['REMOTE_ADDR'];
$ergebnis = safe_query("SELECT * FROM ".PREFIX."shoutbox ORDER BY date DESC LIMIT 0,1");
$ds=mysql_fetch_array($ergebnis);
if(($ds[message] != $message) OR ($ds[name] != $name)) safe_query("INSERT INTO ".PREFIX."shoutbox (date, name, message, ip) VALUES ( '$date', '$name', '$message', '$ip' ) ");
}
header("Location: shoutbox_content.php?action=show");
}
elseif($_GET['action']=="delete") {
include("_mysql.php");
include("_settings.php");
include('_functions.php');
if(!isfeedbackadmin($userID)) die('Zugriff verweigert.');
foreach($_POST['shoutID'] as $id) {
safe_query("DELETE FROM ".PREFIX."shoutbox WHERE shoutID='$id'");
}
header("Location: index.php?site=shoutbox_content&action=showall");
}
elseif($_GET['action'] == 'edit') {
if(!isfeedbackadmin($userID)) die('Zugriff verweigert!');
$ergebnis = safe_query("SELECT message FROM ".PREFIX."shoutbox WHERE shoutID='".$_GET['shoutID']."'");
$ds = mysql_fetch_array($ergebnis);
eval ("\$shoutbox_edit = \"".gettemplate("shoutbox_edit")."\";");
echo $shoutbox_edit;
}
elseif($_POST['saveedit']) {
include("_mysql.php");
include("_settings.php");
include("_functions.php");
if(!isfeedbackadmin($userID)) die('Zugriff verweigert!');
$userID=$userID;
safe_query("UPDATE ".PREFIX."shoutbox SET message='".$_POST['message']."' WHERE shoutID='".$_POST['shoutID']."' ");
redirect('index.php?site=shoutbox_content&action=showall','',0);
}
elseif($_GET['action']=="showall") {
eval ("\$title_shoutbox = \"".gettemplate("title_shoutbox")."\";");
echo $title_shoutbox;
$page= $_GET['page'];
$all = safe_query("SELECT count(shoutID) FROM ".PREFIX."shoutbox ORDER BY date");
$all = mysql_result($all, 0);
$pages=1;
if(!isset($page)) $page = 1;
if(!isset($type)) $type = "DESC";
$max=$maxsball;
for ($n=$max; $n<=$all; $n+=$max) {
if($all>$n) $pages++;
}
if($pages>1) $page_link = makepagelink("index.php?site=shoutbox_content&action=showall&type=$type", $page, $pages);
if ($page == "1") {
$ergebnis = safe_query("SELECT * FROM ".PREFIX."shoutbox ORDER BY date $type LIMIT 0,$max");
if($type=="DESC") $n=$all;
else $n=1;
}
else {
$start=$page*$max-$max;
$ergebnis = safe_query("SELECT * FROM ".PREFIX."shoutbox ORDER BY date $type LIMIT $start,$max");
if($type=="DESC") $n = $all-($page-1)*$max;
else $n = ($page-1)*$max+1;
}
if($type=="ASC")
$sorter='
Sortierung:
&&&';
else
$sorter='
Sortierung:
&&&';
echo'<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td>'.$sorter.' '.$page_link.'</td>
</tr>
</table>';
eval ("\$shoutbox_all_head = \"".gettemplate("shoutbox_all_head")."\";");
echo $shoutbox_all_head;
$i=1;
while($ds=mysql_fetch_array($ergebnis)) {
$i%2 ? $bg1=BG_1 : $bg1=BG_2;
$date=date("d.m - H:i", $ds[date]);
$name=cleartext($ds[name]);
$message=cleartext($ds[message]);
$message=str_break($message, 22, "\n", 1);
$ip='gespeichert';
if(isfeedbackadmin($userID)) {
$actions='
<input class="input" type="checkbox" name="shoutID[]" value="'.$ds[shoutID].'">';
$ip=$ds[ip];
}
else $actions='';
eval ("\$shoutbox_all_content = \"".gettemplate("shoutbox_all_content")."\";");
echo $shoutbox_all_content;
if($type=="DESC") $n--;
else $n++;
$i++;
}
eval ("\$shoutbox_all_foot = \"".gettemplate("shoutbox_all_foot")."\";");
echo $shoutbox_all_foot;
if(isfeedbackadmin($userID)) $submit='<input class="input" type="checkbox" name="ALL" value="ALL" onClick="SelectAll(this.form);"> alle ausw&hlen
<input type="submit" value="Ausgew&hlte entfernen">';
echo'<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>'.$page_link.'</td>
<td align="right">'.$submit.'</td>
</tr>
</table></form>';
if($pages>1) $page_link = makepagelink("index.php?site=shoutbox_content&action=showall", $page, $pages);
}
if(!isset($_GET['action']) || $_GET['action']=="show") {
include("_mysql.php");
include("_settings.php");
include("_functions.php");
$pagebg=PAGEBG;
$border=BORDER;
$bghead=BGHEAD;
$bgcat=BGCAT;
$bg1=BG_1;
if(!$sbrefresh) $sbrefresh = 60;
eval ("\$shoutbox_head = \"".gettemplate("shoutbox_head")."\";");
echo $shoutbox_head;
$ergebnis=safe_query("SELECT * FROM ".PREFIX."shoutbox ORDER BY date DESC LIMIT 0,".$maxshoutbox."");
while($ds=mysql_fetch_array($ergebnis)) {
$date=date("H:i", $ds[date]);
$name=clearfromtags($ds[name]);
$message=cleartext($ds[message]);
$message=str_break($message, 22, "\n", 1);
eval ("\$shoutbox_content = \"".gettemplate("shoutbox_content")."\";");
echo $shoutbox_content;
}
eval ("\$shoutbox_foot = \"".gettemplate("shoutbox_foot")."\";");
echo $shoutbox_foot;
}