Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\AmbienteBogota\comments\ drwxrwxrwx |
Viewing file: index2.php (5.83 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php ob_start(); /** * Copyright 2008 Grestul Group * Powered by Grestul * **/ require ('inc/config.php'); include ('inc/settings.php'); /* Define vairables */ define('INSTALL_ROOT', dirname(dirname(__FILE__))."/install"); define('GRESTUL_ROOT', dirname(dirname(__FILE__))."/"); /* begin installer check */ if (file_exists('./install/lock')) { } else if (file_exists('./install')) { echo "<title>"; echo 'Grestul error'; echo "</title>"; echo "<strong>"; echo '<h1>Grestul Error!</h1>'; echo "<fieldset>"; echo '<legend>Grestul Says:</legend>'; echo 'Grestul detected the install directory. Please delete or lock this directory to view your copy of Grestul.<br />'; echo "<br />To lock this directory, create a blank folder called 'lock' in the install directory.<br />"; echo '<br /> This could also be a temporary glitch, try <a href="javascript:window.location=window.location;">Refreshing</a> to see if it fixes the problem.<br />'; echo "<br />If you haven't yet installed the software, please do so by visiting the install directory in your browser."; echo "</fieldset>"; echo "</strong>"; echo "<br />"; echo "<b>Grestul Systems</b>"; return; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo "$webname"; ?></title> <link href="inc/style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="comments" /> <div id="wrapper"> <?php // Let's count how many pages are available $identi = $_GET['id']; $req = "SELECT count(distinct ID) FROM comments"; $result = mysql_query ($req,$db); $arr = mysql_fetch_row($result); $count = $arr[0]; echo '<div class="pages">'; $pages = (int)($count / $per_page); if ($pages == 0) $pages=1; else if ($count % $per_page > 0) ++$pages; $cur_page = (int)$_GET['page']; if (!isset($cur_page)) $cur_page = 1; if ($cur_page < 1) $cur_page = 1; else if ($cur_page > $pages) $cur_page = (int)$pages; else echo $pages .' pages - '; echo 'Pagina: '.$cur_page.'</p>'."\n"; echo '</div>'; // Time to create the power of Pagination with style echo '<div class="pagination">'; if ($pages > 1 && $cur_page > 1) echo "<p><a href=\"index.php?page=1\"> primera </a> |"; else echo '<p>first | '; if ($cur_page > 1) echo '<a href="index.php?page='.($cur_page-1).'"> previa </a> | '; else echo 'prev | '; if ($cur_page < $pages) echo '<a href="index.php?page='.($cur_page+1).'"> siguiente</a> | '; else echo 'next | '; if ($pages > 1 && $cur_page < $pages) echo '<a href="index.php?page='.$pages.'"> ultima </a></p>'."\n"; else echo 'last</p>'."\n"; echo '</div>'; // Lets organize them shall we $req = 'SELECT ID, name, datetime, comment, id2 FROM comments where id2='.$_GET['id'].' ORDER BY ID desc limit ' .(($cur_page-1)*$per_page) . ", $per_page "; $result = mysql_query ($req,$db); while($row = mysql_fetch_assoc($result)) { mysql_real_escape_string($name = stripslashes(htmlentities($row['name']))); mysql_real_escape_string($comment = stripslashes(htmlentities($row['comment']))); $datetime = date("M-jS-o", $row['datetime']); echo ' <div class="comment">'."\n"; echo ' <div class="postertime"><p>'."\n"; echo ' <span class="poster">'; // Url detection for future version if ($url && preg_match("/(www\.)", "/(http:\.)", $url)) { echo '<a href="'.$url.'">'.$name.'</a>'; } else { echo "$name"; } // time to get the time working echo ' </span> <span class="time"><font size=1>Enviado: '.$datetime.'</font></span></p>'."\n"; echo ' </div>'."\n\n"; // How about the comment? echo ' <div class="usercomment">'."\n"; echo ' <p>'.(nl2br($comment)).'</p>'."\n"; echo ' </div>'."\n\n"; echo ' </div>'."\n\n"; } ?> <div class="boxtitle">Comentarios</div> <div class="formbstyle"> <!-- Begin form--> <div id="err" /> <form method="post" name="commentforms" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>"> <p> <label for="name">Nombre:*<br /> <input class="onebartext" type="text" name="name" id="name" tabindex="1" maxlength="21" /></label></p> <p> <label for="comment">Comentario:*<br /> <textarea class="textboxes" name="comment" id="comment" tabindex="3" rows="6"></textarea></label></p> <input class="input" type="submit" name="submit" value="Enviar comentario" tabindex="4" /> </form> </div> <div class="footer"> <!-- DO NOT CHANGE, REMOVE, OR HINDER WITH THE COPYRIGHT OR POWERED BY LINES BELOW --> <!-- YOU AGREED TO THE AGREEMENT WHEN YOU DOWNLOADED AND INSTALLED OUR SOFTWARE --> <!-- REMOVING THE LINES BELOW WILL FORCE US TO TAKE LEGAL ACTION --> <!-- BE FAIR AND KEEP THE POWERED BY AND COPYRIGHT LINES. --> </div> <?php //errors if (!empty($_GET['errorn'])) { echo '<div class="errors">'; echo '<img src="images/error.png" /> Please enter your name!'; echo '</div>'; } if (!empty($_GET['errorm'])) { echo '<div class="errors">'; echo '<img src="images/error.png" /> Please enter a message!'; echo '</div>'; } // lets submit the form if(isset($_POST['submit'])) { $comment = trim($_POST['comment']); $name = trim($_POST['name']); if ($name =="") { header("Location: ?errorn=1#err"); } elseif ($comment =="") { header("Location: ?errorm=1#err"); } else { header("Location: $domain#comments"); $ip = $_SERVER["REMOTE_ADDR"]; $datetime = time(); $name = SafeAddSlashes($name); $comment = SafeAddSlashes($comment); $sql="INSERT INTO comments (name, comment, ip, datetime, id2) VALUES ('$name', '$comment', '$ip', '$datetime', '$identi')"; $result = mysql_query($sql, $db); exit; } } ?> </div> </body> </html> <? ob_end_flush(); ?> |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]-- |