<?php
header('Pragma: no-cache');
header('Expires: 0');
header('Cache-control: none');
require("../SSI.php");
if (!defined('SMF'))
die('Hacking attempt...');
loadLanguage('Errors');
loadLanguage('sbox');
if ($context['user']['is_guest'] && $modSettings['sbox_GuestVisible'] != '1')
die($txt[1] . ' ' . $txt['sbox_Login']);
/***[ BEGIN CONFIGURATION ]***************************************************/
$sbox_HistoryFile = $boarddir . '/sbox.history.html';
$sbox_NickPrefix = '<'; // this won't be linked to the profile page
$sbox_NickInnerPrefix = '<b>'; // this will be linked to the profile page, use formatting tags (<B>) here
$sbox_NickInnerSuffix = '</b>'; // so that they are applied inside the <A>, otherwise they won't work
$sbox_NickSuffix = '>';
$sbox_DatePrefix = '[';
$sbox_DateSeparator = ' '; // separates weekday from time
$sbox_DateSuffix = ']';
/***[ END CONFIGURATION ]*****************************************************/
// BEGIN: BORROWED FROM http://de2.php.net/manual/en/function.flock.php
/*
* I hope this is usefull.
* If mkdir() is atomic,
* then we do not need to worry about race conditions while trying to make the lockDir,
* unless of course we're writing to NFS, for which this function will be useless.
* so thats why i pulled out the usleep(rand()) piece from the last version
*
* Again, its important to tailor some of the parameters to ones indivdual usage
* I set the default $timeLimit to 3/10th's of a second (maximum time allowed to achieve a lock),
* but if you're writing some extrememly large files, and/or your server is very slow, you may need to increase it.
* Obviously, the $staleAge of the lock directory will be important to consider as well if the writing operations might take a while.
* My defaults are extrememly general and you're encouraged to set your own
*
* $timeLimit is in microseconds
* $staleAge is in seconds
*/
function microtime_float() {
list($usec, $sec) = explode(' ', microtime());
return ((float)$usec + (float)$sec);
}
function locked_filewrite($filename, $data, $timeLimit = 300000, $staleAge = 5) {
ignore_user_abort(1);
$lockDir = $filename . '.lock';
if (is_dir($lockDir)) {
if ((time() - filemtime($lockDir)) > $staleAge) {
rmdir($lockDir);
}
}
$locked = @mkdir($lockDir);
if ($locked === false) {
$timeStart = microtime_float();
do {
if ((microtime_float() - $timeStart) > $timeLimit) break;
$locked = @mkdir($lockDir);
} while ($locked === false);
}
$success = false;
if ($locked === true) {
$fp = @fopen($filename, 'at');
if (@fwrite($fp, $data)) $success = true;
@fclose($fp);
rmdir($lockDir);
}
ignore_user_abort(0);
return $success;
}
// END: BORROWED FROM http://de2.php.net/manual/en/function.flock.php
function missinghtmlentities($text) {
global $context;
// entitify missing characters, ignore entities already there (Unicode / UTF8) (hopefully in {-notation)
$split = preg_split('/(&#[\d]+;)/', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
// filter out "ANSI_X3.4-1968" charset, which just means plain old ASCII ... replace by UTF-8
if (strpos($context['character_set'], 'ANSI_') !== false) $charset = 'UTF-8'; else $charset = $context['character_set'];
$result = '';
foreach ($split as $s) {
if (substr($s, 0, 2) == '&#' || substr($s, -1, 1) == ';') {
// Convert to std character and htmlentity-fy it again - to re-convert e.g. c; to < so that XSS isn't possible
$result .= @htmlentities(@html_entity_decode($s, ENT_NOQUOTES, $charset), ENT_NOQUOTES, $charset);
} else {
$result .= @htmlentities($s, ENT_NOQUOTES, $charset);
}
}
return $result;
}
//display html header
echo '<html xmlns="http://www.w3.org/1999/xhtml"' . ($context['right_to_left']?' dir="rtl"':'') . '>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=', $context['character_set'], '" />';
$result = db_query("SELECT time FROM {$db_prefix}sbox_content ORDER BY time DESC LIMIT 1", __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$refreshBlocked = false;
$delta = time() - $row['time'];
if ((!empty($_REQUEST['action'])) && ($_REQUEST['action'] == 'write')) $dontblock = true; else $dontblock = false;
if (($delta > $modSettings['lastActive']*60) && ($modSettings['sbox_BlockRefresh'] == '1') && (!$dontblock)) {
$refreshBlocked = true;
} elseif (empty($_REQUEST['action']) || ($_REQUEST['action'] != 'stoprefresh')) {
echo '
<meta http-equiv="refresh" content="' . $modSettings['sbox_RefreshTime'] . ';URL=sboxDB.php?ts=' . time() . '">';
}
$sbox_CurTheme = strtolower(substr($settings['theme_url'], strrpos($settings['theme_url'], '/')+1));
$sbox_DarkThemes = explode('|', strtolower($modSettings['sbox_DarkThemes']));
if (in_array($sbox_CurTheme, $sbox_DarkThemes)) {
$sbox_TextColor2 = $modSettings['sbox_TextColor2'];
} else {
$sbox_TextColor2 = $modSettings['sbox_TextColor1'];
}
echo '
<link rel="stylesheet" type="text/css" href="' . $settings['theme_url'] . '/style.css?rc2" />
<script language="JavaScript" type="text/javascript"><!-- // --><![CDATA[
function kill() { return confirm("' . $txt['sbox_KillShout'] . '"); }
function clearHist() { return confirm("' . $txt['quickmod_confirm'] . '"); }
// get SMF-time including time zone corrections (system+user)
if (parent && parent.document.sbox.ts) {
parent.document.sbox.ts.value = ' . forum_time(true) . ';
}
// ]]></script>
<style type="text/css">
.windowbg2 {
font-family: ' . $modSettings['sbox_FontFamily'] . ';
font-style: normal;
font-size: ' . $modSettings['sbox_TextSize'] . ';
font-weight: normal;
text-decoration: none;
}
.Even {
color: ' . $sbox_TextColor2 . ';
font-weight: normal;
text-decoration: none;
}
body {
width: 100%;
padding: 0;
margin: 0;
border: 0;
}
.Kill, A.Kill {
color: #ff0000;
}
</style>';
if (!empty($_REQUEST['action'])) switch ($_REQUEST['action']) {
case 'write':
if (((!$context['user']['is_guest']) || ($modSettings['sbox_GuestAllowed'] == '1')) && !empty($_REQUEST['sboxText'])) {
is_not_banned(true); // die with message, if user is banned, let him read everything though
$content = $_REQUEST['sboxText'];
// get current timestamp
$date = time();
$posterip = $user_info['ip'];
$pip = explode('.', $posterip);
$piph = sprintf("%02s%02s%02s%02s", dechex($pip[0]), dechex($pip[1]), dechex($pip[2]), dechex($pip[3]));
// handle special characters
$content = addslashes($piph . $content);
$content = mysql_escape_string($content);
// insert shout message into database
$sql = "INSERT INTO " . $db_prefix . "sbox_content (ID_MEMBER, content, time) VALUES ('" . $context['user']['id'] . "', '" . $content . "', '$date')";
db_query($sql, __FILE__, __LINE__);
// delete old shout messages (get id of last shouting and delete all shoutings as defined in settings
$result = db_query("SELECT id FROM " . $db_prefix . "sbox_content WHERE ID_MEMBER='" . $context['user']['id'] . "' AND content='" . $content . "' AND time='$date'", __FILE__, __LINE__);
$rows = mysql_fetch_assoc($result);
$sql = 'DELETE FROM ' . $db_prefix . "sbox_content WHERE id < '" . ($rows["id"]-$modSettings['sbox_MaxLines']) . "'";
db_query($sql, __FILE__, __LINE__);
// write into history if needed
if ($modSettings['sbox_DoHistory'] == '1') {
$ds = $sbox_DatePrefix . date('Y-m-d', $date) . $sbox_DateSeparator . date('H:i.s', $date) . $sbox_DateSuffix;
$content = stripslashes($content); // shouting content
$content = substr($content, 8);
$content = missinghtmlentities($content);
if ($modSettings['sbox_AllowBBC'] == '1' && ($context['user']['id'] > 0 || $modSettings['sbox_GuestBBC'] == '1')) {
$content = parse_bbc($content);
}
$output = $ds . ' ' . $sbox_NickPrefix;
if ($context['user']['id'] > 0) {
$output .= '<a href="' . $scripturl . '?action=profile;u=' . $context['user']['id'] . '" target="_blank" class="' . $divclass . '">';
$output .= $sbox_NickInnerPrefix . ((!empty($context['user']['name']))?$context['user']['name']:$context['user']['username']) . $sbox_NickInnerSuffix;
$output .= '</a>';
} else {
$output .= $sbox_NickInnerPrefix . 'Guest-' . base_convert($piph, 16, 36) . $sbox_NickInnerSuffix;
}
$output .= $sbox_NickSuffix . ' ' . $content . '</div><br />' . "\n";
if (!file_exists($sbox_HistoryFile)) {
// TODO: Prepare file ... HTML-header, stylesheet, etc.
}
locked_filewrite($sbox_HistoryFile, $output);
}
}
break;
case 'clearhist':
if ($context['user']['is_admin']) {
if (file_exists($sbox_HistoryFile)) {
$lockDir = $sbox_HistoryFile . '.lock';
$start = time();
while ((is_dir($lockDir)) && ((time() - $start) < 5)) {
usleep(100000); // sleep 1/10th of a second (for a PC these are ages!)
}
if (!is_dir($lockDir)) @unlink($sbox_HistoryFile);
}
}
break;
case 'kill':
if (!empty($_REQUEST['kill']) && ($context['user']['is_admin'] || ($modSettings['sbox_ModsRule'] && count(boardsAllowedTo('moderate_board'))>0))) {
$sql = 'DELETE FROM ' . $db_prefix . 'sbox_content WHERE id=' . intval($_REQUEST['kill']);
db_query($sql, __FILE__, __LINE__);
}
break;
}
// close header and open body
echo '
</head>
<body class="windowbg2"><div class="windowbg2">';
echo "\n" . '<b>' . $sbox_DatePrefix . strftime($user_info['time_format'], forum_time(true)) . $sbox_DateSuffix;
if ($refreshBlocked) {
echo ' ' . $txt['sbox_RefreshBlocked'];
}
echo '</b><br />';
if ($context['user']['is_admin']) {
if ($modSettings['sbox_DoHistory'] == '1') {
echo "\n";
if (file_exists($sbox_HistoryFile)) {
echo '[<a href="' . str_replace($boarddir, $boardurl, $sbox_HistoryFile) . '" target="_blank">' . $txt['sbox_History'] . '</a>]';
echo ' [<a href="' . $_SERVER['PHP_SELF'] . '?action=clearhist" class="Kill" onClick="return clearHist();">' . $txt['sbox_HistoryClear'] . '</a>]';
} else {
echo '[' . $txt['sbox_HistoryNotFound'] . ']';
}
echo '';
}
}
if (!$refreshBlocked) {
if (!empty($_REQUEST['action']) && ($_REQUEST['action'] == 'stoprefresh')) {
echo ' [<a href="' . $_SERVER['PHP_SELF'] . '">' . $txt['sbox_RefreshEnable'] . '</a>]';
} else {
echo ' [<a href="' . $_SERVER['PHP_SELF'] . '?action=stoprefresh">' . $txt['sbox_RefreshDisable'] . '</a>]';
}
}
/*
if (!empty($settings['display_who_viewing'])) {
echo '<small>';
if ($settings['display_who_viewing'] == 1)
echo count($context['view_members']), ' ', count($context['view_members']) == 1 ? $txt['who_member'] : $txt[19];
else
echo empty($context['view_members_list']) ? '0 ' . $txt[19] : implode(', ', $context['view_members_list']) . ((empty($context['view_num_hidden']) or $context['can_moderate_forum']) ? '' : ' (+ ' . $context['view_num_hidden'] . ' ' . $txt['hidden'] . ')');
echo $txt['who_and'], $context['view_num_guests'], ' ', $context['view_num_guests'] == 1 ? $txt['guest'] : $txt['guests'], $txt['who_viewing_board'], '</small>';
}
*/
// get shout messages out of database
$result = db_query("
SELECT *
FROM {$db_prefix}sbox_content AS sb
LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = sb.ID_MEMBER)
ORDER BY id DESC, time ASC LIMIT " . $modSettings['sbox_MaxLines'], __FILE__, __LINE__);
if(mysql_num_rows($result)) {
$lname = '';
$count = 0;
$div = false;
$alert = false;
while($row = mysql_fetch_assoc($result)) {
$name = $row['ID_MEMBER']; // user name
$date = forum_time(true, $row['time']); // shouting date and time
$content = stripslashes($row['content']); // shouting content
$piph = substr($content, 0, 8);
$content = substr($content, 8);
censorText($content);
$content = missinghtmlentities($content);
if ($modSettings['sbox_AllowBBC'] == '1' && ($name > 0 || $modSettings['sbox_GuestBBC'] == '1')) {
$content = preg_replace('/(\[img)(.*?)(\[\/img\])/i', '', $content); // filter out [img]-BBC
$content = parse_bbc($content);
}
if (!empty($_REQUEST['ts']) && !$div && $date<$_REQUEST['ts']) {
if ($count > 0 && $modSettings['sbox_NewShoutsBar'] == '1') {
echo '<hr />' . "\n";
}
$div = true;
}
if ($name != $lname) {
$count++; // increase counter
}
$lname = $name;
// display shouting message and use a different color each second row
if ($count % 2 == 0) {
$divclass = 'windowbg2';
} else {
$divclass = 'Even';
}
/* $r = $g = $b = 0;
for ($i=0;$i<strlen($name);$i++) {
$x = ord(substr($name, $i, 1));
switch ($i % 3) {
case 0: $r += $x; break;
case 1: $g += $x; break;
case 2: $b += $x; break;
}
}
$r = dechex($r % 192);
$g = dechex($g % 192);
$b = dechex($b % 192);
if (strlen($r)<2) $r = '0' . $r;
if (strlen($g)<2) $g = '0' . $g;
if (strlen($b)<2) $b = '0' . $b;
$colh = $r . $g . $b;
echo "\n" . '<div class="' . $divclass . '" style="color: #' . $colh . '">'; */
echo "\n" . '<div class="' . $divclass . '">';
if ($context['user']['is_admin'] || ($modSettings['sbox_ModsRule'] && count(boardsAllowedTo('moderate_board'))>0)) {
echo '[<a title="' . $txt['sbox_KillShout'] . '" class="Kill" onClick="return kill();" href="' . $_SERVER['PHP_SELF'] . '?action=kill&kill=' . $row['id'] . '">X</a>]';
}
$wd = $txt['days_short'][date('w', $date)];
$ts = date('H:i', $date);
$ds = $sbox_DatePrefix . $wd . $sbox_DateSeparator . $ts . $sbox_DateSuffix;
// highlight username, realname and make sound
if (!empty($context['user']['name']) && strpos($content, $context['user']['name']) !== false) {
if ($div === false) $alert = true;
$content = str_replace($context['user']['name'], '<b><u>' . $context['user']['name'] . '</u></b>', $content);
}
if (!empty($user_info['username']) && $user_info['username'] != $context['user']['name'] && strpos($content, $user_info['username']) !== false) {
if ($div === false) $alert = true;
$content = str_replace($user_info['username'], '<b><u>' . $user_info['username'] . '</u></b>', $content);
}
echo $ds . ' ' . $sbox_NickPrefix;
if ($name > 0) {
if ($modSettings['sbox_UserLinksVisible'] == '1') echo '<a href="' . $scripturl . '?action=profile;u=' . $name . '" target="_top" style="text-decoration: none;"><span class="' . $divclass . '">';
echo $sbox_NickInnerPrefix . ((!empty($row['realName']))?$row['realName']:$row['memberName']) . $sbox_NickInnerSuffix;
if ($modSettings['sbox_UserLinksVisible'] == '1') echo '</span></a>';
} else {
echo $sbox_NickInnerPrefix . $txt['sbox_Guest'] . '-' . base_convert($piph, 16, 36) . $sbox_NickInnerSuffix;
}
echo $sbox_NickSuffix . ' ' . $content . '</div>';
}
if (($modSettings['sbox_EnableSounds']) && ($alert === true) && ($div === true)) {
echo '<embed src="' . $boardurl . '/chat-inbound_GSM.wav" hidden="true" autostart="true" loop="false"></embed>' . "\n";
}
}
?>
</div>
</body>
</html>