'); # PhpBook installé? if ($db = @mysql_connect($configuration['host'], $configuration['name'], $configuration['pass'])) { $query = "SHOW TABLES FROM ".$configuration['db']; $result = @mysql_query($query); $tables = 0; while ($row = mysql_fetch_row($result)) { if (preg_match("`^phpbook([0-9]*)_(bann|msg|vars|antiflood|words)$`", $row[0])) { $tables++; } } if ($tables == 0) { header('Location: install.php'); exit; } } else header('Location: install.php'); # Visites user_visit(); # Variables $db =& new db; $db->query("SELECT Imgbot, Theme, Titresite, Langage, Sauts, PrintMsg, Msg FROM ".$configuration['prefix']."_vars"); list ($Imgbot, $Theme, $TitreSite, $Langage, $sautslignes, $printmsg, $len) = mysql_fetch_array($db->query); # Langage require ('langages/'.$Langage); # En tête $template =& new Templates; $template->SetFile('templates/head.tpl'); $template->Read(); $template->SetEntry = array('js' => '', 'css' => 'templates', 'titresite' => $TitreSite, 'theme' => $Theme); $template->SetEntry(); # Install existe? if (is_file('install.php')) { $template->SetFile("templates/".$Theme."/nobdd.tpl"); $template->Read(); $template->SetVars = array('noinstall' => 'deleteinstall'); $template->SetVars(); $template->Write(); exit; } # Formulaire d'ajout $mode = (isset($_GET['mode'])) ? $_GET['mode'] : ""; $com_start = ($Imgbot == 'true' && function_exists('imagecreate')) ? '' : ''; if ($mode == "add") { $template->SetFile("templates/".$Theme."/add.tpl"); $template->Read(); $template->SetVars = array('msglist', 'addnote', 'headmsg', 'pseudo', 'note', 'site', 'with', 'email', 'body', 'colors', 'blue', 'red', 'purple', 'orange', 'yellow', 'gray', 'green', 'size', 'vsmall', 'small', 'big', 'vbig', 'msg', 'addmynote', 'restart', 'imgbot', 'tipimgbot'); $template->SetVars(); $template->SetEntry = array('PSEUDO' => '', 'TITRE' => '', 'URL' => '', 'EMAIL' => '', 'TEXTE' => '', 'errorinfos' => '', 'errormsg' => '', 'errorbotimg' => '', 'start_imgbot' => $com_start, 'end_imgbot' => $com_end); $template->SetEntry(); $template->SetFile("templates/".$Theme."/copyright.tpl"); $template->Read(); $template->Write(); exit; } # Formulaire d'ajout posté elseif ($mode == "post" && @$_POST['POST'] == "yes") { $db->query("SELECT Antiflood FROM ".$configuration['prefix']."_vars"); list ($result_antiflood) = mysql_fetch_array($db->query); if ($result_antiflood > 0) { $db->query("SELECT UNIX_TIMESTAMP()"); list($timestamp) = mysql_fetch_array($db->query); $db->query("SELECT start FROM ".$configuration['prefix']."_antiflood WHERE ip = '".$_SERVER['REMOTE_ADDR']."'"); if (mysql_num_rows($db->query) > 0) { $user_exists = true; list($startantiflood) = mysql_fetch_array($db->query); $results = $timestamp - $startantiflood; } else { $user_exists = false; $results = $result_antiflood; } if ($results < $result_antiflood) { $Errormsg = ''; $templateerror =& new Templates; $templateerror->SetFile("templates/".$Theme."/error.tpl"); $templateerror->Read(); $templateerror->SetVars = array('error' => 'antiflood'); $templateerror->SetVars(); $Error = $templateerror->read[0]; $template->SetFile(array("templates/".$Theme."/add.tpl", 'templates/'.$Theme.'/copyright.tpl')); $template->Read(); $template->SetVars = array('msglist', 'addnote', 'headmsg', 'pseudo', 'note', 'site', 'with', 'email', 'body', 'colors', 'blue', 'red', 'purple', 'orange', 'yellow', 'gray', 'green', 'size', 'vsmall', 'small', 'big', 'vbig', 'msg', 'addmynote', 'restart', 'imgbot', 'tipimgbot'); $template->SetVars(count($template->read)-2); $template->SetEntry = array('PSEUDO' => htmlspecialchars(MyStripSlashes(trim($_POST['Pseudo'])), ENT_QUOTES), 'URL' => htmlspecialchars(MyStripSlashes(trim($_POST['Url'])), ENT_QUOTES), 'EMAIL' => htmlspecialchars(MyStripSlashes(trim($_POST['Email'])), ENT_QUOTES), 'TEXTE' => htmlspecialchars(MyStripSlashes(trim($_POST['Texte'])), ENT_QUOTES), 'errorinfos' => $Error, 'errorimgbot' => '', 'start_imgbot' => $com_start, 'end_imgbot' => $com_end, 'errormsg' => $Errormsg); $template->SetEntry(count($template->read)-2); $template->Write(); exit; } } $db->where = "ip = '".$_SERVER['REMOTE_ADDR']."'"; if ($db->linesw('_bann') != 0) { $template->SetFile("templates/".$Theme."/bann.tpl"); $template->Read(); $template->SetVars = array('bann' => 'yourebann'); $template->SetVars(); $template->Write(); exit; } global $Error, $Errormsg, $Errorimgbot; $pseudo = trim($_POST['Pseudo']); $texte = trim($_POST['Texte']); if ($Imgbot == 'true') { $code = trim($_POST['imgbot']); if ($code != $_SESSION['antibotcode'] || empty($code)) { $tm =& new templates; $tm->SetFile("templates/".$Theme."/error.tpl"); $tm->Read(); $tm->SetVars = array('error' => 'botcodeinvalid'); $tm->SetVars(); $Errorimgbot = $tm->read[count($tm->read)-1]; } } if (!empty($pseudo) && !empty($texte)) { if (!empty($_POST['Email'])) { if (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $_POST['Email'])) { $Email = $_POST['Email']; } else { $tm =& new templates; $tm->SetFile("templates/".$Theme."/error.tpl"); $tm->Read(); $tm->SetVars = array('error' => 'invalidemail'); $tm->SetVars(); $Error = $tm->read[count($tm->read)-1]; } } else { $Email = ""; } if (empty($Error) && empty($Errorimgbot)) { if (!empty($_POST['Url'])) { if (substr($_POST['Url'], 0, 7) != "http://") $Url = "http://".$_POST['Url']; elseif (preg_match("`^http://(www)*$`", $_POST['Url'])) $Url = ""; else $Url = $_POST['Url']; } else $Url = ""; $Note = $_POST['Note']; $Message = trim($_POST['Texte']); $db->query("INSERT INTO ".$configuration['prefix']."_msg VALUES('', '$Note', ".$db->quote_smart($pseudo).", ".$db->quote_smart($Email).", '".$_SERVER['REMOTE_ADDR']."', ".$db->quote_smart($Url).", '".date_fr()."', ".$db->quote_smart($Message).")"); if ($result_antiflood > 0) { if ($user_exists == false) { $db->query("INSERT INTO ".$configuration['prefix']."_antiflood VALUES('', '".$_SERVER['REMOTE_ADDR']."', '$timestamp')"); } else { $db->query("UPDATE ".$configuration['prefix']."_antiflood SET start = '$timestamp' WHERE ip = '".$_SERVER['REMOTE_ADDR']."'"); } } header('Location: index.php'); exit; } } # Erreur else { $template_error =& new Templates; $template_error->SetFile("templates/".$Theme."/error.tpl"); $template_error->Read(); $template_error->SetVars = array('error' => 'entermsg'); $template_error->SetVars(); $template_error->SetFile("templates/".$Theme."/error.tpl"); $template_error->Read(); $template_error->SetVars = array('error' => 'notcompleted'); $template_error->SetVars(); if (empty($texte) && !empty($pseudo)) $Errormsg = $template_error->read[(count($template_error->read)-2)]; elseif (!empty($texte) && (empty($pseudo))) $Error = $template_error->read[(count($template_error->read)-1)]; elseif (empty($texte) && empty($pseudo)) { $Error = $template_error->read[(count($template_error->read)-1)]; $Errormsg = $template_error->read[(count($template_error->read)-2)]; } } $template->SetFile("templates/".$Theme."/add.tpl"); $template->Read(); $template->SetVars = array('msglist', 'addnote', 'headmsg', 'pseudo', 'note', 'site', 'with', 'email', 'body', 'colors', 'blue', 'red', 'purple', 'orange', 'yellow', 'gray', 'green', 'size', 'vsmall', 'small', 'big', 'vbig', 'msg', 'addmynote', 'restart', 'imgbot', 'tipimgbot'); $template->SetVars(); $template->SetEntry = array('PSEUDO' => htmlspecialchars(MyStripSlashes(trim($_POST['Pseudo'])), ENT_QUOTES), 'URL' => htmlspecialchars(MyStripSlashes(trim($_POST['Url'])), ENT_QUOTES), 'EMAIL' => htmlspecialchars(MyStripSlashes(trim($_POST['Email'])), ENT_QUOTES), 'TEXTE' => htmlspecialchars(MyStripSlashes(trim($_POST['Texte'])), ENT_QUOTES), 'errorinfos' => $Error, 'errorbotimg' => $Errorimgbot, 'errormsg' => $Errormsg, 'start_imgbot' => $com_start, 'end_imgbot' => $com_end); $template->SetEntry(); $template->SetFile("templates/".$Theme."/copyright.tpl"); $template->Read(); $template->Write(); exit; } $template->SetFile("templates/".$Theme."/newadmin.tpl"); $template->Read(); $template->SetVars = array('new' => 'addonenote', 'newadmin' => 'admin'); $template->SetVars(); $msglines = $db->lines('_msg'); if ($printmsg == 'true') $template->read[] = "
".$msglines." ".$lang['messagesinbook']."
'"; # Affichage des messages if ($msglines > 0) { $start = (isset($_GET['start'])) ? $_GET['start'] : 0; $censures = array(); $db->query("SELECT word FROM ".$configuration['prefix']."_words"); while (list($word) = mysql_fetch_array($db->query)) { $censures[] = strtolower($word); } $db->query("SELECT Id, Note, Pseudo, Email, Ip, Url, Date, Text FROM ".$configuration['prefix']."_msg ORDER BY id DESC LIMIT $start, $len"); while (list($id, $note, $pseudo, $email, $ip, $url, $date, $text) = mysql_fetch_array($db->query)) { $replace_email = (!empty($email)) ? ''.htmlspecialchars($pseudo).'' : htmlspecialchars($pseudo); $replace_url = (!empty($url)) ? '' : ''; $note = findimg($note); if (@$_SESSION['admin'] == "OK_IS_TRUE") { $replace_admin = "".$lang["; $replace_admin .= " ".$lang["; $subdb =& new db; $subdb->where = "ip = '$ip'"; if ($subdb->linesw('_bann') == 0) $replace_admin .= " "; } else $replace_admin = ' '; if ($sautslignes > 0) $text = preg_replace('#(?:'.EMPTY_PARAGRAPH.'){1,}#is', str_repeat(EMPTY_PARAGRAPH, $sautslignes-1), $text); $text = str_replace($censures, 'papillon', strtolower($text)); $template->SetFile("templates/".$Theme."/body.tpl"); $template->Read(); $template->SetEntry = array('DATE' => $date, 'PSEUDO' => $replace_email, 'TEXT' => $text, 'NOTE' => $note, 'EMAIL' => $replace_email, 'URL' => $replace_url, 'ADMIN' => $replace_admin); $template->SetEntry(); } # Pagination if ($start > 0) { $newstart = ($start - $len < 0) ? 0 : $start - $len; $page = round($msglines / $len); $precedent = ""; } else $precedent = " "; if (($start + $len) < $msglines) { $suivant = ""; } else $suivant = " "; if ($msglines > $len) { $pages = ceil($msglines / $len); $current = ceil($start / $len) + 1; $options = ""; } else $options = ' '; $template->SetFile("templates/".$Theme."/pages.tpl"); $template->Read(); $template->SetEntry = array('PRECEDENT' => $precedent, 'SUIVANT' => $suivant, 'PAGES' => $options); $template ->SetEntry(); } # Aucun message else { $template->SetFile("templates/".$Theme."/nomsg.tpl"); $template->Read(); $template->SetVars = 'nomsg'; $template->SetVars(); } $template->SetFile('templates/'.$Theme.'/copyright.tpl'); $template->Read(); # Affichage $template->Write(); $db->close(); ?>