Jump to content
php.lv forumi

shoutbox problema

RKSport

By RKSport
in Iesācējiem

 Share

Recommended Posts

RKSport Newbie

RKSport

Posted
Posted

Problema tada, shoutboxa var ievadit visus html tagu <script></script> ut....

Man vajag lai nevaretu to izdarit.


<?php
if($_COOKIE['member_id'] > 0) {
               define('WWW','www');
       if (!defined('WWW')) { header('Location: http://'.$_SERVER['HTTP_HOST'].''); die(); }

$host = "localhost"; // db hosts
$dbname = "rs"; // foruma datubaze
$dbuser = "rs"; // foruma db users
$dbpass = "pass"; // juusu foruma datubaazes parole
$link = mysql_connect($host, $dbuser, $dbpass)
or die("NEsanaaca piekontektities: " . mysql_error());
mysql_select_db($dbname) or die("Datubaaze neekstistee");
$rez=mysql_query("SELECT * FROM shoutbox ORDER BY date");


if (isset($_POST['ierakstiit']))      {$body = stripslashes(mysql_real_escape_string($_POST['body'])); if ($body == '') {unset($_POST['ierakstiit']);}}
echo $r['date'];
$selekts=mysql_query("SELECT * FROM ibf_members WHERE id=".$_COOKIE['member_id']);
while ($r = mysql_fetch_array($selekts))
{
if(isset($_POST['ierakstiit'])) {
$body = stripslashes(mysql_real_escape_string($_POST['body']));

$datums = date('Y-m-d, H:i:s');
$memb_id = $_COOKIE['member_id'];
$membera_niks=$r['members_display_name'];

mysql_query("INSERT INTO shoutbox (nick, body, date, userid) VALUES ('$membera_niks','$body','$datums','$memb_id')");
   echo "<meta http-equiv='refresh' content='0;url=#'>";
}
}
if($_COOKIE['member_id'] > 0) {
echo '<script>
v=0
function chk(n){
v=n
}

function insert(str){
if(v==0){
return
}
if(v==1){
document.forms["form"]["body"].value+=str
}

}
</script>';
echo '

<center>
<form name="form" action="" method="post">
<a href="#s" onclick="insert(\':)\')"><img border=0 src="'.main_WEB_URL.'images/smiles/smile.gif"></a>
<a href="#s" onclick="insert(\';)\')"><img border=0 src="'.main_WEB_URL.'images/smiles/wink.gif"></a>
<a href="#s" onclick="insert(\':D\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lol.gif"></a>
<a href="#s" onclick="insert(\':good:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/good.gif"></a>
<a href="#s" onclick="insert(\':shit:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/shit.gif"></a>
<a href="#s" onclick="insert(\':(\')"><img border=0 src="'.main_WEB_URL.'images/smiles/cry.gif"></a>
<a href="#s" onclick="insert(\';(\')"><img border=0 src="'.main_WEB_URL.'images/smiles/bigcry.gif"></a>
<a href="#s" onclick="insert(\'O_o\')"><img border=0 src="'.main_WEB_URL.'images/smiles/blink.gif"></a>
<a href="#s" onclick="insert(\':lohs:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lohs.gif"></a>
<a href="#s" onclick="insert(\':fuck:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/fu.gif"></a>
<a href="#s" onclick="insert(\':lmfao:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/lmfao.gif"></a>
<a href="#s" onclick="insert(\':love:\')"><img border=0 src="'.main_WEB_URL.'images/smiles/loveheart.gif"></a>
<a href="#s" onclick="insert(\'-10\')"><img border=0 src="'.main_WEB_URL.'images/smiles/minus10.gif"></a>
<a href="#s" onclick="insert(\'+10\')"><img border=0 src="'.main_WEB_URL.'images/smiles/plus10.gif"></a>
<textarea style="width:140px;" onclick="chk(1)" type="post" name="body" /></textarea></center>
<input class="submit"; style="margin-bottom:5px; width:67px;" type="submit" name="ierakstiit" value="Pievienot" />
</form>
';
}


//Un visbeidzot pats selekts

$dati=mysql_query("SELECT * FROM shoutbox ORDER by date DESc LIMIT 10");
while($er=mysql_fetch_array($dati)) {
echo str_replace($smileys_in, $smileys_out, $text);
$bodijs = $er['body'];
$body = wordwrap($wrap, 20, "\n", true);
 $smileys_in = array(':)', ';)', ':D', ':good:', ':(', ';(', 'O_o', ':lohs:', ':fuck:', ':lmfao:', ':love:', '-10', '+10', ':blush:', ':rofl:', ':shit:', ':o)', ':P', ';P');
 $smileys_out = array(
   '<img src="'.main_WEB_URL.'images/smiles/smile.gif"/>',
   '<img src="'.main_WEB_URL.'images/smiles/wink.gif"/>',
   '<img src="'.main_WEB_URL.'images/smiles/lol.gif"/>',
   '<img src="'.main_WEB_URL.'images/smiles/good.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/cry.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/bigcry.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/blink.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/lohs.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/fu.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/lmfao.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/loveheart.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/minus10.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/plus10.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/modest.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/rofl.gif"/>',
   '<img src="'.main_WEB_URL.'images/smiles/shit.gif"/>');
 $prev = str_replace($smileys_in, $smileys_out, $bodijs);
echo "
<div class='chatcom' style='overflow: hidden;'><div style='float: left;'>
<a href='../user/".$er['userid']."'>".$er['nick']."</a> <span style='font-size:8px; color:#000;'> ".$er['date']."</span></div></div>
<div class='chattcom'>".$prev." </div>
";
}
echo "<div style='float: right; padding-bottom: 4px;'><a href='".main_WEB_URL."shoutbox' title='Bļautuves pārskats'><b>Lastīt vairāk</b></a></font></div><br />";
}else{
       echo "<center><div class='innerchat'><font color='#0398cd'>Lai izmantotu bļautuvi tev jāautorizējas.</font></div></center>";
$dati=mysql_query("SELECT * FROM shoutbox ORDER by date DESc LIMIT 10");
while($er=mysql_fetch_array($dati)) {
echo str_replace($smileys_in, $smileys_out, $text);
$bodijs = $er['body'];
$body = wordwrap($wrap, 20, "\n", true);
 $smileys_in = array(':)', ';)', ':D', ':good:', ':(', ';(', 'O_o', ':lohs:', ':fuck:', ':lmfao:', ':love:', '-10', '+10', ':blush:', ':rofl:', ':shit:', ':o)', ':P', ';P');
 $smileys_out = array(
   '<img src="'.main_WEB_URL.'images/smiles/smile.gif"/>',
   '<img src="'.main_WEB_URL.'images/smiles/wink.gif"/>',
   '<img src="'.main_WEB_URL.'images/smiles/lol.gif"/>',
   '<img src="'.main_WEB_URL.'images/smiles/good.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/cry.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/bigcry.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/blink.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/lohs.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/fu.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/lmfao.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/loveheart.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/minus10.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/plus10.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/modest.gif"/>',
       '<img src="'.main_WEB_URL.'images/smiles/rofl.gif"/>',
   '<img src="images/smiles/shit.gif"/>');
 $prev = str_replace($smileys_in, $smileys_out, $bodijs);

echo "<div class='chatcom' style='overflow: hidden;'><div style='float: left;'>
<a href='../user/".$er['userid']."'>".$er['nick']."</a> <span style='font-size:8px; color:#000;'> ".$er['date']."</span></div></div>
<div class='chattcom'>".$prev." </div>";
}

}
?>

atradu ineta šādu bet nemaku ielikt

function no_html( $text )
{
   $text = preg_replace(
       array(

         // Remove invisible content
           '@<head[^>]*?>.*?</head>@siu',
           '@<style[^>]*?>.*?</style>@siu',
           '@<script[^>]*?.*?</script>@siu',
           '@<object[^>]*?.*?</object>@siu',
           '@<embed[^>]*?.*?</embed>@siu',
           '@<applet[^>]*?.*?</applet>@siu',
           '@<noframes[^>]*?.*?</noframes>@siu',
           '@<noscript[^>]*?.*?</noscript>@siu',
           '@<noembed[^>]*?.*?</noembed>@siu',
         // Add line breaks before and after blocks
           '@</?((address)|(blockquote)|(center)|(del))@iu',
           '@</?((div)|(h[1-9])|(ins)|(isindex)|(p)|(pre))@iu',
           '@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu',
           '@</?((table)|(th)|(td)|(caption))@iu',
           '@</?((form)|(button)|(fieldset)|(legend)|(input))@iu',
           '@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu',
           '@</?((frameset)|(frame)|(iframe))@iu',
       ),
       array(
           ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ',
           "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0",
           "\n\$0", "\n\$0",
       ),
       $text );
   return strip_tags( $text );
}

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...