<?php
//MYSQL options
define(MYSQL_USERNAME,"blank");
define(MYSQL_PASSWORD,"admin");
define(MYSQL_SERVER,"localhost");
define(MYSQL_DB,"databasename");
define(MYSQL_TABLE,"shoutbox2");
//Configuration options
define(MAX_MSG_LENGTH,250); //Max length of messages
define(MAX_USER_LENGTH,12); //Max length of usernames
define(MESSAGES_DISPLAYED,20); //Number of messages displayed
define(ALLOW_HTML,FALSE); //Set true to allow HTML. Dangerous.
define(FORCED_ANON,FALSE); //Set true to disable usernames.
// define(USERNAME_RULE,"^[a-zA-Z0-9\[\(\<]([a-zA-Z0-9\[\(\<\]\>\)\ \^\&\!\@\#\$\%\.]*[a-zA-Z0-9\]\)\>])?$"); //Regex magic
define(USERNAME_RULE,"^.*$");
?>
<table>
<tr>
<td style="vertical-align:top;text-align:center;">
<div>
<form action="" method="post">
<table>
<tr><td>Username:</td><td><input type="text" name="sb_username" maxlength="<?php echo MAX_USER_LENGTH;?>" value="<?php echo $_COOKIE['sb_username'];?>" /></td></tr>
<tr><td>Message:</td><td><input type="text" name="sb_message" maxlength="<?php echo MAX_MSG_LENGTH;?>" /></td></tr>
<tr><td> </td><td><input type="submit" value="Submit" /></td></tr>
</table>
</form>
</div>
</td>
</tr>
<tr>
<td style="vertical-align:top;text-align:center;">
<div style="width:382px; height:205px; overflow:auto;border-style:groove;">
<div style="margin-left: 10px; margin-right: 10px; margin-top: 5px; margin-bottom: 5px; text-align:left;">
<script language="JavaScript" type="text/javascript">
<?php //Fancy javaflax ?>
function shouthandler ( shouth ){
document.shoutform.shouth.value = shouth;
document.shoutform.submit() ;
}
function selectText(){
document.getElementById("shout").select();
}
</script>
<?php
$sb_errors=array();
function addError($error="Unknown error occured."){
global $sb_errors;
array_push($sb_errors,$error);
}
$link=mysql_connect(MYSQL_SERVER, MYSQL_USERNAME, MYSQL_PASSWORD);
if(!$link){
//Could not connect. Die.
echo "Could not connect to MySQL server.";
return;
}
if(!@mysql_select_db(MYSQL_DB)){
//Could not connect. Die.
echo "Could not connect to database.";
return;
}
if($_POST['sb_username'] && $_POST['sb_message']){
$sb_username=htmlentities(stripslashes($_POST['sb_username']));
if(FORCED_ANON==TRUE){
$sb_username="Anonymous";
}
if(eregi(USERNAME_RULE,$sb_username) && strlen($sb_username)<=MAX_USER_LENGTH){
$sb_message=stripslashes($_POST['sb_message']);
if(ALLOW_HTML==FALSE){
$sb_message=htmlentities($sb_message);
}
if($sb_message>MAX_MSG_LENGTH){
unset($sb_message);
addError("Message cannot exceed ".MAX_MSG_LENGTH." characters.");
}
}else{
unset($sb_username);
unset($sb_message);
addError("Username cannot exceed ".MAX_USER_LENGTH." characters and cannot contain invalid characters.");
}
if(!$sb_errors){
$sb_username=mysql_real_escape_string($sb_username);
$sb_message=mysql_real_escape_string($sb_message);
@mysql_query("INSERT INTO ".MYSQL_TABLE." (Username,Message,IPA,DATE) VALUES(\"$sb_username\",\"$sb_message\",\"".$_SERVER['REMOTE_ADDR']."\",".mktime().")");
}
}
$count=@mysql_query("SELECT COUNT(*) FROM ".MYSQL_TABLE);
$count=@mysql_fetch_row($count);
$count=$count[0];
if (isset($_POST['curshout']) && isset($_POST['shouth']) && !isset($_POST['shout'])){
$sb_offset=$_POST['curshout'];
$shouth=$_POST['shouth'];
if ($shouth=="Next"){
if ($sb_offset<($count-MESSAGES_DISPLAYED)){
$sb_offset=$sb_offset+MESSAGES_DISPLAYED;
}else{
$sb_offset=$count-MESSAGES_DISPLAYED;
}
}else if($shouth=="Back"){
if ($sb_offset>MESSAGES_DISPLAYED){
$sb_offset=$sb_offset-MESSAGES_DISPLAYED;
}else{
$sb_offset=0;
}
}
}else{
$sb_offset=0;
}
?>
<form action="" method="post" name="shoutform">
<input type="hidden" name="shouth" />
<div style="text-align:center;">
<?php
if ($sb_offset>0){
echo "[<a href=\"javascript:shouthandler('Back')\">Back</a>]";
}else{
echo "[Back]";
}
echo "| Total shouts: $count | [";
if ($sb_offset<($count-MESSAGES_DISPLAYED)){
echo "<a href=\"javascript:shouthandler('Next')\">Next</a>]<br />";
}else{
echo "Next]<br />";
}
?>
</div>
</form>
<?php
$sb_posts=@mysql_query("SELECT Username, Message FROM ".MYSQL_TABLE." ORDER BY ID DESC LIMIT $sb_offset,".MESSAGES_DISPLAYED."");
if($sb_posts){
while($sb_post=mysql_fetch_array($sb_posts)){
echo "<span style=\"sb_username\">{$sb_post['Username']}:</span> <span style=\"sb_message\">{$sb_post['Message']}</span><br />\r\n";
}
}else{
echo "No shouts yet!";
}
?>
</div></div>
</td>
</tr>
<?php
if($sb_errors){
echo "<tr><td> </td><td style=\"text-align:center;\">".implode("<br />\r\n",$sb_errors)."</td></tr>";
}
?>
</table>