load('XY_MEGASHOUTBOX');
if($xy_megaboxon=="1"){
$parse= new parse($docensor,75,$board['allowsmilies'],$board['allowbbcode'],$wbbuserdata['showimages'],$_GET['hilight'],$usecode);
$timestamp=time();
// ###################################################
// # function swear #
// ###################################################
function swear($comment){
global $db,$swears;
if($swears){
while(list($orig,$rplace) = each($swears)){
$comment = str_replace($orig,$rplace,$comment);
}
reset($swears);
}
return $comment;
}
if($_POST['shouts'] == "kill"){
if($wbbuserdata['xy_can_shout_kill'] || $wbbuserdata['xy_can_shoutbox_admin']) $result = $db->query("TRUNCATE TABLE `bb".$n."_xy_shoutbox`");
echo "";
exit();
}
if($_GET['single']=="kill"){
if($wbbuserdata['xy_can_shout_kill'] || $wbbuserdata['xy_can_shoutbox_admin']) $result = $db->query("DELETE FROM `bb".$n."_xy_shoutbox` WHERE `id`='".intval($_GET['shoutid'])."'");
echo "";
exit();
}
//##########################
//# ban users from index #
//##########################
if(substr($_REQUEST['message'],0,4)=="/ban"){
if($wbbuserdata['xy_can_shoutbox_admin'] OR $wbbuserdata['xy_can_ban_shoutuser']){
$comment=trim(substr($_REQUEST['message'],4,strlen($_REQUEST['message'])));
@$db->query("DELETE FROM bb".$n."_xy_shoutbox WHERE `comment` LIKE ('/ban%')");
$reason=strchr($comment,":");
$comment = substr($comment,0,strlen($comment)-strlen($reason));
$reason = substr($reason,1);
$banuser_exist=$db->query("SELECT `userid`, `username` FROM bb".$n."_users WHERE `username` = '".mysql_real_escape_string($comment)."'");
if(mysql_num_rows($banuser_exist)!=0) {
while($ban = $db->fetch_array($banuser_exist)){
$banid=$ban['userid'];
$banned_user=$ban['username'];
$unbanable = explode(",",$xy_megaboxunbanable);
if(!in_array($banid,$unbanable)){
$errororo=$db->query("INSERT IGNORE INTO bb".$n."_xy_shoutbox_ban SET `userid`='".$banid."', `why`='".mysql_real_escape_string($reason)."', `date`='".intval($timestamp)."', `banned_by`='".mysql_real_escape_string($wbbuserdata['username'])."'");
$comment= $lang->get("LANG_XY_MEGASHOUTBOX_MESSAGE_ADD_BANNEDUSER", array('$banned_user' => $banned_user));
}
else $comment = $lang->get("LANG_XY_MEGASHOUTBOX_MESSAGE_UNBANABLE");
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_message')."\";");
}
}
else {
$comment=$lang->get("LANG_XY_MEGASHOUTBOX_MESSAGE_USERNOTEXIST", array('$comment' => $comment)); ;
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_message')."\";");
}
}
else {
$comment=$lang->items['LANG_XY_MEGASHOUTBOX_MESSAGE_NOBANRIGHTS'];
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_message')."\";");
}
$refresh= "";
eval("\$tpl->output(\"".$tpl->get('xy_shoutbox_chat')."\");");
exit();
}
#############################
# unban users #
#############################
if(substr($_REQUEST['message'],0,6)=="/unban"){
if($wbbuserdata['xy_can_ban_shoutuser'] OR $wbbuserdata['xy_can_shoutbox_admin']){
$comment=trim(substr($_REQUEST['message'],6,strlen($_REQUEST['message'])));
@$db->query("DELETE FROM bb".$n."_xy_shoutbox WHERE `comment` LIKE ('/unban%')");
$banuser_exist=$db->query("SELECT userid, `username` FROM bb".$n."_users WHERE `username` = '".mysql_real_escape_string($comment)."'");
if(mysql_num_rows($banuser_exist)!=0) {
while($ban = $db->fetch_array($banuser_exist)){
$banid=$ban['userid'];
$banned_user=$ban['username'];
$errororo=$db->query("DELETE FROM bb".$n."_xy_shoutbox_ban WHERE `userid`='$banid'");
$comment="User ".$banned_user." von Bannliste entfernt";
eval ("\$comment = \"$comment\";");
}
}
else {
$comment="Username existiert nicht";
}
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_message')."\";");
}
else {
$comment='Dududu das darfst du nicht!';
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_message')."\";");
}
$refresh= "";
eval("\$tpl->output(\"".$tpl->get('xy_shoutbox_chat')."\");");
exit();
}
//###############################
//# Special shoutbox-commands #
//###############################
$tablerow=0;
if($_REQUEST['action']=="special") {
$result=$db->query("SELECT * FROM bb".$n."_xy_shoutbox_commands ORDER BY `command`ASC");
while($sp=$db->fetch_array($result)){
if($tablerow%2) $tablecolor="tablea";
else $tablecolor="tableb";
$command=$sp['command'];
$describ=$sp['describ'];
$use=str_replace("\n","
",$sp['use']);
eval("\$commandbit .= \"".$tpl->get('xy_shoutbox_commandbit')."\";");
$tablerow++;
}
eval("\$tpl->output(\"".$tpl->get('xy_shoutbox_special')."\");");
exit();
}
//########################
//# edit shouts on index #
//########################
if($_REQUEST['action']=="popup") {
if($_REQUEST['edit']=="single") {
if($wbbuserdata['xy_can_shout_kill'] || $wbbuserdata['xy_can_shoutbox_admin'] || $wbbuserdata['xy_can_edit_shouts'] || $wbbuserdata['xy_can_edit_ownshout']){
$comment = htmlspecialchars($_POST['comment'], ENT_NOQUOTES);
$db->query("UPDATE bb".$n."_xy_shoutbox SET `comment`= '".addslashes($comment)."' WHERE `id`='$_POST[shoutid]'");
}
}
if($wbbuserdata['xy_can_shout_kill'] || $wbbuserdata['xy_can_shoutbox_admin'] || $wbbuserdata['xy_can_edit_shouts'] || $wbbuserdata['xy_can_edit_ownshout'])
$result = $db->query("SELECT `comment`, `id` FROM bb".$n."_xy_shoutbox WHERE `id`='".$_REQUEST[shoutid]."' ");
while($pop = mysql_fetch_array($result)){
$popcomment=htmlspecialchars($pop['comment'],ENT_QUOTES);
$popcomment=stripslashes($pop['comment']);
$popshoutid=$pop['id'];
}
eval("\$tpl->output(\"".$tpl->get('xy_shoutedit_popup')."\");");
exit();
}
if($_REQUEST['page_shout'] == "chat"){
$reload=$xy_megaboxreload;
$anzahl=$xy_numberofshouts;
if($xy_shoutorder=="ASC") $selfscroll=$anzahl*150;
else $selfscroll=0;
if($_REQUEST['setting'] == "save" && $wbbuserdata['userid'] != "0" || $_REQUEST['setting'] == "save" && $wbbuserdata['userid'] == "0" && $xy_megaboxguests_canshout=="1"){
$message=trim($_REQUEST['message']);
if($wbbuserdata['userid'] == "0" && $xy_megaboxforguests=="0"){
$comment=$lang->items['LANG_XY_MEGASHOUTBOX_MESSAGE_NOBANRIGHTS'];
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_message')."\";");
$refresh= "";
eval("\$tpl->output(\"".$tpl->get('xy_shoutbox_chat')."\");");
exit();
}
$result=$db->query("SELECT userid FROM bb".$n."_xy_shoutbox_ban WHERE userid='".addslashes($wbbuserdata['userid'])."'");
if(mysql_num_rows($result)){
echo $css."".$lang->items['LANG_XY_MEGASHOUTBOX_UBANNED']."";
echo "";
exit();
}
if(trim($message."") == ""){
echo "";
exit();
}
//####################
//# Floodcontrol ###
//####################
if($xy_megaboxflood > "0") {
$xy_flood=$timestamp-$xy_megaboxflood;
}
else {
$xy_flood=$timestamp;
}
$sql = "SELECT id FROM bb".$n."_xy_shoutbox WHERE `date`>'".$xy_flood."' AND name='".addslashes($wbbuserdata['username'])."' AND comment='".addslashes($message)."'";
if(substr($message,0,1)=="/" && !$wbbuserdata['xy_can_shoutbox_admin'] && substr($message,0,1)=="/" && !$wbbuserdata['xy_can_use_megaboxcommands']) {
$res=$db->query("SELECT * FROM bb".$n."_xy_shoutbox_commands");
while($comm=$db->fetch_array($res)){
if($comm['command']==substr($message,0,$comm['commandcount'])){
$message=substr($message,$comm['commandcount'],strlen($message));
}
}
}
$result = $db->query($sql);
if(!mysql_fetch_row($result)){
if(!$wbbuserdata['userid']) $shoutername=$lang->items['LANG_XY_MEGASHOUTBOX_GUEST'].strrchr($REMOTE_ADDR,".");
else $shoutername=$wbbuserdata['username'];
$message=addslashes(htmlspecialchars($message, ENT_NOQUOTES));
$result = $db->query("INSERT INTO bb".$n."_xy_shoutbox SET `name`='".addslashes($shoutername)."',`comment`='".addslashes($message)."',`date`='".time()."'");
$result = $db->query("SELECT id FROM bb".$n."_xy_shoutbox WHERE name='".addslashes($wbbuserdata['username'])."' AND comment='".addslashes($message)."' AND date='$date'");
$rangee = mysql_fetch_assoc($result) ;
$identifiant = $rangee["id"] ;
$sql = "DELETE FROM bb".$n."_xy_shoutbox WHERE id='".($identifiant-$anzahl-10)."'";
$result = $db->query($sql);
echo "";
}else{
echo "";
}
}
elseif($_REQUEST['setting'] == "save" && $wbbuserdata['userid'] == "0" && $xy_megaboxguests_canshout=="0"){
$comment=$lang->items['LANG_XY_MEGASHOUTBOX_MESSAGE_NOGUESTSHOUTS'];
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_message')."\";");
$refresh= "";
eval("\$tpl->output(\"".$tpl->get('xy_shoutbox_chat')."\");");
exit();
}
else{
$result= $db->query("SELECT `orig`,`rplace` FROM bb".$n."_xy_shoutbox_swears");
while($row = mysql_fetch_assoc($result)){
$swears[$row["orig"]] = $row["rplace"];
}
$sid = $db->query("SELECT id FROM bb".$n."_xy_shoutbox ORDER BY `id` DESC LIMIT $anzahl");
while ($row = $db->fetch_array($sid)) {
$id.=",".$row['id'];
}
if($id){
$id=trim($id,",");
}
else $id=1;
$result = $db->query("SELECT s.*,u.userid FROM bb".$n."_xy_shoutbox s LEFT JOIN bb".$n."_users u ON(s.name=u.username) WHERE `id` IN($id) ORDER BY `id` $xy_shoutorder ");
if($reload){
$refresh = "";
}
if(!mysql_num_rows($result)){
$shoutbit=$lang->items['LANG_XY_MEGASHOUTBOX_NOMESSAGE'] ;
}else{
$colorswitch=0;
while($get = mysql_fetch_assoc($result)){
$colorswitch++;
if($colorswitch%2)$colorirc = "sboxfirstrow";
else $colorirc = "sboxsecondrow";
$name = htmlconverter($get['name']);
$name = ereg_replace("'","\'",$name);
$res=$db->query("SELECT * FROM `bb".$n."_users` WHERE `username` = '".$name."' LIMIT 0 , 1");
while($comm=$db->fetch_array($res)){
$name = ereg_replace("\'","'",$name);
$res2=$db->query("SELECT * FROM `bb".$n."_groups` WHERE `groupid` = '".$comm['useronlinegroupid']."' LIMIT 0 , 1");
while($commm=$db->fetch_array($res2)){
$variable = array("%s" => $name);
$name = strtr($commm['useronlinemarking'], $variable);
}
}
if($xy_megaboxdaychr=="0") $xy_megaboxdaychr="20";
$date = substr(getday(date("w",$get['date'])),0,$xy_megaboxdaychr) ." | ". formatdate($wbbuserdata['timeformat'],$get['date']);
$comment = stripslashes(str_replace("\n","
",$get['comment']));
//$comment = str_replace("\n","
",$comment);
$shoutuid= $get['userid'];
$shoutid = $get['id'];
$comment=$parse->doparse($comment,1,1,1,1);
$comment=$parse->parseCache($comment);
$comment=str_replace("/br","
",$comment);
$comment=swear($comment);
//######### megashoutboxcommands output ###############
$res=$db->query("SELECT * FROM bb".$n."_xy_shoutbox_commands");
while($comm=$db->fetch_array($res)){
if($comm['command']==substr(trim($comment),0,$comm['commandcount'])){
$comment=sprintf(stripslashes($comm['r_command']),substr($comment,$comm['commandcount'],strlen($comment)));
}
}
eval("\$shoutbit .= \"".$tpl->get('xy_shoutbox_bit')."\";");
}
}
eval("\$tpl->output(\"".$tpl->get('xy_shoutbox_chat')."\");");
}
// ###################################################
// # frameset #
// ###################################################
}
else{
if($xy_megaboxon=="1"){
if($wbbuserdata['userid'] && $xy_megaboxforguests=="0" OR $xy_megaboxforguests=="1"){
$lang->load("POSTINGS,XY_MEGASHOUTBOX");
$bbcode_smilies = getclickysmilies($smilie_table_cols,$smilie_table_rows);
if($xy_smiliepos=='left') $mboxsmiliesleft="$bbcode_smilies | ";
else $mboxsmiliesright="$bbcode_smilies | ";
$buttons ="$bbcode_buttons";
eval ("\$mbox_specialmenu = \"".$tpl->get("xy_mbox_specialmenu")."\";");
eval("\$tpl->output(\"".$tpl->get('xy_shoutbox_frame')."\");");
}
}
}
}
else echo $lang->items['LANG_XY_MEGASHOUTBOX_OFFMESSAGE'];
?>