the original shoutbox source:
<script Language="JavaScript">
<!--
function popup(url, name, width, height)
{
settings=
"toolbar=no,location=no,directories=no,"+
"status=no,menubar=no,scrollbars=yes,"+
"resizable=yes,width="+width+",height="+height;
MyNewWindow=window.open(url,name,settings);
}
// Insert Smiles to text box
function x () {
return;
}
function DoSmilie(addSmilie) {
var addSmilie;
var revisedMessage;
var currentMessage = document.form1.comment.value;
revisedMessage = currentMessage+addSmilie;
document.form1.comment.value=revisedMessage;
document.form1.comment.focus();
return;
}
//Drop-Down fenu functions
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
function expand(listID)
{ if (listID.style.display=="none")
{ listID.style.display=""; }
else
{ listID.style.display="none";}
window.event.cancelBubble=true;}
function contract(listID)
{ if (listID.style.display=="show")
{ listID.style.display=""; }
else
{ listID.style.display="none";}
window.event.cancelBubble=true;}
//end Drop-Down fenu functions
//-->
</script>
<?php
global $HTTP_USER_AGENT,$bgcolor1,$bgcolor2,$bgcolor3,$bgcolor4,$HTTP_REFERER,$HTTP_URI,$loc,$uid;
$loc = "$HTTP_REFERER$HTTP_URI";
//Basic Page Junk here//
if (eregi("block-Counter.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}
include("config.php");
include("modules/Qshoutblock/functions.php");
//Testing of submit//
if($Submit == "shout"){
$test = 0;
$yr = date(Y);
$mnth = date(m);
$dy = date(d);
$day = "$mnth-$dy-$yr";
$h = date(g);
$m = date(i);
$ap = date(a);
$time = "$h:$m:$ap";
//Code testing, adding security with each process :) //
print "uid: $uid";
if($uid) { $username = "$uid"; }
//UID tests
if($conf[11] == "yes" && $conf[12] == "yes") {
$unum = strlen($username);
if($unum < 2) {$error = "uid to short";}
if($unum > 20) { $error = "uid to long"; }
if($conf[11] == "yes" && !$username)
{ $error = "no uid"; }
if (eregi("javascript:(.*)", $username))
{ $error = "uid javascript"; }
$username = ereg_replace("([^ ]{42})","\\1",$username);
$username = str_replace('<', '<', $username);
$username = str_replace('>', '>', $username);
}
//lots of little tests
$num = strlen($comment);
if($num < 2){ $error ="toshort"; }
if($num > 2500){ $error="tolong"; }
if(!$comment){ $error ="notext"; }
//no more XSS....more or less...needs work..//
if (eregi("javascript:(.*)", $comment))
{ $error = "javascript"; }
//add test to ensure all images have close tag on them, and $comment is not longer then 200char//
$needle1 = "<";
$needle2 = ">";
$oore1 = count(explode($needle1,$comment)) - 1;
$oore2 = count(explode($needle2,$comment)) - 1;
$done = $oore1 + $oore2;
if(1 & $done){ $error ="oddnumberofbrackets"; }
//Fix people entering urls.
$comment = ereg_replace("([^ ]{42})","\\1",$comment);
$comment = str_replace('<', '<', $comment);
$comment = str_replace('>', '>', $comment);
//Fix log words
//$comment = wordwrap( $comment, 21, " ", 1);
if (eregi("\[\/url\](.*)", $comment)){
$splits=explode(" ",$comment);
$maxchar = 21;
foreach($splits as $split){
if(!eregi("http", $split)){
$len=(strlen($split));
if($len>$maxchar){
$comment=$comment." ".$split; }}
}
} else { $comment = wordwrap( $comment, 21, " ", 1); }
if($conf[10] == "yes"){
//Allow for URL tags
if (eregi("\[url\](.*)", $comment))
{ $url = "1"; }
if (eregi("\[\/url\](.*)", $comment))
{ $url2 = "1";
if (!eregi("http://(.*)", $comment))
{ $error = "nohttpinurl"; }
if (!eregi("\.(.*)", $comment))
{ $error = "nodotinurl"; }
}
if($url && $url2){
$comment = ereg_replace("\[url\]","<a href=",$comment);
$comment = ereg_replace("\[\/url\]","target=_blank>url<\/a>",$comment);
}
} else {
if (eregi("\[url\](.*)", $comment))
{ $error = "urlpostingnoallowed"; }
}
//Icons from database
$eresult = sql_query("select * from ".$prefix."_quiecom_shoutblock_emoticons", $dbi);
while ($emoticons = mysql_fetch_row($eresult)){
$comment = str_replace($emoticons[1],$emoticons[2],$comment);}
$query = "select * from ".$prefix."_quiecom_shoutblock order by id DESC LIMIT 1";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
while ($row = mysql_fetch_row($result)){
//print "r: $row[2] <br>c: $comment";
if($row[2] == $comment){ $error ="sameposting"; }
}
//do ipblock test then error if on list
if($conf[6] == "yes"){
$ipresult = sql_query("select * from ".$prefix."_quiecom_shoutblock_ipblock", $dbi);
while ($badips = mysql_fetch_row($ipresult)){
if($REMOTE_ADDR == $badips[1])
$error ="bannedip";}
}
//do name test then error if on list
if($conf[7] == "yes"){
$nameresult = sql_query("select * from ".$prefix."_quiecom_shoutblock_nameblock", $dbi);
while ($badname = mysql_fetch_row($nameresult)){
if($username == $badname[1])
$error ="bannedusername";}
}
//look for bad words, then censor them.
//need to make this case insensitive.
if($conf[8] == "yes"){
$cresult = sql_query("select * from ".$prefix."_quiecom_shoutblock_censor", $dbi);
while ($censor = mysql_fetch_row($cresult)){
$one = strtolower($censor[1]);
$two = strtolower($censor[2]);
$comment = strtolower($comment);
$comment = " $comment";
$comment = str_replace($one,$two,$comment); }
}
//if error just reload page, else add posting.
if($error){
#print "error: $error";
Header("Location: index.php");
} else {
//print "$conf[16]";
#print "l: $username";
sql_query("INSERT INTO ".$prefix."_quiecom_shoutblock (id,name,comment,date,time ) VALUES ('0','$username ','$comment','$day','$time')",$dbi);
Header("Location: $loc");
exit;}
}
