este es el codigo
Código PHP:
<?php
$time_string = explode(" ", microtime());
$stime = $time_string[1] . substr($time_string[0],1,strlen($time_string[0]));
$version = "2.32";
if (1!=1) {?><link rel="stylesheet" href="../stylesheet.css" type="text/css"><?}
// Shoutbox (C) 2001, 2002 Brett Taylor
// * Idea taken from the old Aftertalk.com service.
// * Written in windows using PHP Coder Pro! <[url]http://www.phpide.de[/url]>
// * Typed in using the Dvorak keyboard layout. Look Mum! No QWERTY!
//
// ####### Licence: #############################################
//
// 1. You may modify, mangle or use as you wish.
// 2 You may not distribute this script to anyone.
// 3. If you use this script, please visit
// <[url]http://www.webfroot.co.nz/[/url]>
// and post in the shoutbox there.
// 4. If you make any cool stylesheets, e-mail them [email][email protected][/email] and he'll
// make them available for others if you wish...
// 5. Link to <[url]http://www.webfroot.co.nz/[/url]> must be visible on pages
// the shoutbox is on. You may move it from the current location, but it has
// to be visible to all users.
// 6. Do not claim you wrote this script, because Brett Taylor did.
// 7. Do not remove or modify this notice. So there.
// 8. By using the script you agree to the terms of the licence.
// 9. We accept no responsibility for damages, losses, or problems caused by the
// script. It's supplied AS IS.
//
// NOTES TO PPL READING MY CODE:
// 1. I know i could have written my functions better without the globals.
// $brettscarefactor[1] = 0;
// 2. Seperating Code from HTML? When I see a good example of how it's meant
// to be done, i'll change it. But it's pretty good how it is now if you
// ask me :)
// $brettscarefactor[2] = 0;
// 3. I am a New Zealander. I know no other verbal language (except maybe
// l337sp33k), so my comments/vars/funcs/html are all in english.
// $brettscarefactor[3] = 0;
// 4. If you change anything, i'd love to see what you've done. Put your URL in
// my shoutbox at <[url]http://www.webfroot.co.nz/[/url]> so I can come look :)
// $brettscarefactor[4] = 1;
// - Brett
if (!isset($conf)) {
$conf="shoutboxconf.php";
} else {
# michel v was there :)
$conf = str_replace(':', '', $conf); // hi cross-site scripting, bye cross-site scripting
$conf = str_replace('%3a', '', $conf); // hi cross-site scripting, bye cross-site scripting
}
require_once ($conf);
require_once ("shoutboxsmileys.php");
require_once ("shoutbox_censor.php");
// *BOB* --- Sets the refresh URL to be the viewshoutbox.php script in the same dir as the shoutbox.php script
// *BOB* --- This means that the user doesn't need to configure it.
$page = $PHP_SELF;
$c = strlen($page);
while (substr($page,$c,1) <> "/") { $page = substr($page,0,$c); $c--; }
$page .= "viewshoutbox.php";
// location to refresh to
// SELECT ACTION TO PERFORM
switch ($action) {
case "show": // show current shouts
showShouts();
break;
case "add": // add form submissions
addShouts();
break;
case "deleteshout": // add form submissions
if ($REMOTE_ADDR == getIP($timestamp)) {
deleteShout($timestamp);
$error = _PROCESS_DELETED;
header ("Location: ".$page."?error=".$error."&showall=".$showall);
} else {
// there was an error, so lets send the fields back for them.
$error = _PROCESS_DELETEFAILED;
header ("Location: ".$page."?error=".$error."&showall=".$showall);
}
break;
}
// This adds a shout to the file
function addShouts() {
global $nick, $shout, $url, $page, $showall, $maxshoutlen, $lang;
$defaultnick = trim(_FORM_NAME);
$defaultshout = trim(_FORM_MESSAGE);
$defaulturl = trim(_FORM_URL);
$nick = trim($nick);
$shout = trim($shout);
$url = trim($url);
# michel v was there :)
$sbvars = array('defaultnick', 'defaultshout', 'defaulturl', 'nick', 'shout', 'url');
foreach ($sbvars as $sbvar) {
$$sbvar = str_replace('<', '<', $$sbvar);
$$sbvar = str_replace('>', '>', $$sbvar);
if (stristr($sbvar, 'url')) {
$$sbvar = eregi_replace('javascript:', 'iamsuchawannabehacker:', $$sbvar);
}
#if (!get_magic_quotes_gpc()) {
# $$sbvar = addslashes($$sbvar);
#}
}
if ($url == $defaulturl || $url=="") { unset($url); };
if (isset($url) && !strstr($url,"http://")) {$error = _PROCESS_INVALIDURL;} // invalid url
if (!isset($shout) || $shout == $defaultshout || $shout == "") {$error = _PROCESS_INVALIDMSG;} // invalid msg
if (!isset($nick)|| $nick == $defaultnick || $nick=="") {$error = _PROCESS_INVALIDNAME;} // invalid name
if ($checkurl) { if (!@fopen($url,"r")) { $error = _PROCESS_URLFAILED; } } // if url doesn't exist
if (strlen($shout) > $maxshoutlen) {
$error = _PROCESS_TOOLONG; // too long
$shout = substr($shout,0,$maxshoutlen);
}
if (isFlooding() >= 3) {
$error .= _PROCESS_FLOODING;
}
if (!isset($error)) { // check for null or default posts
//$nick = htmlspecialchars($nick,ENT_QUOTES);
//$shout = htmlspecialchars($shout,ENT_QUOTES);
//$url = htmlspecialchars($url,ENT_QUOTES);
writeShouts ($nick, $shout, $url); // calls from selected module
// we're clear!, so lets get back shall we?
// *BOB* --- Set the users nick and url in a cookie for next time:
setcookie("shoutinfo","$nick|$url",2147483647);
header ("Location: ".$page."?showall=".$showall);
} else {
// there was an error, so lets send the fields back for them.
header ("Location: ".$page."?error=".$error."&nick=".$nick."&shout=".$shout."&url=".$url."&showall=".$showall);
}
}
// This displays the shouts
function showShouts () {
global $showamount, $linelength, $direction, $showall, $censormode, $emoticons, $emoticon_theme, $emoticon_text, $REMOTE_ADDR, $lang, $deletetime;
$count=0;
$colour=0; // used to change the backgrounh colours
$shoutcount = countShouts(); // called from database module
$start = $shoutcount - $showamount;
if ($showall == TRUE) { // if we're to show everything, actually only show the last 400
$start = $shoutcount - 400;
}
if ($start<0) {
$start=0;
}
//echo $start.", ".($shoutcount-$start).", ".$showamount."<BR>" ;
$urlchecks[] = "http://";
$urlchecks[] = "ftp://";
$urlchecks[] = "https://";
$records = getShouts($start, $shoutcount, $direction);
for ($count=0;$count!=count($records);$count++) {
$shouts=$records[$count];
unset($url);
if (trim($shouts['nick'])!="" && trim($shouts['shout'])!="" && trim($shouts['time'])!="") {
$nick = wordwrap($shouts['nick'],$linelength,"<br>",1);
$ex_shout=explode(" ",$shouts['shout']);
for ($value=0;$value<count($ex_shout);$value++) {
$foundurl = "";
foreach ($urlchecks as $u) {
if ($u == substr($ex_shout[$value],0,strlen($u))) {
$foundurl = $ex_shout[$value];
}
}
if (substr($ex_shout[$value],0,4) == "www."){
$foundurl = "http://".$ex_shout[$value];
}
if (ereg("^([A-Za-z0-9_.-]*)@([A-Za-z0-9._-]*).([A-Za-z]*)$", $ex_shout[$value])){
$foundurl = "mailto:".$ex_shout[$value];
}
$ex_shout[$value] = wordwrap($ex_shout[$value],$linelength,"<br>",1);
$ex_shout[$value] = htmlspecialchars($ex_shout[$value],ENT_QUOTES);
if ($foundurl != "") {
$ex_shout[$value] = "<a href='".$foundurl."' target='_blank' class='inlinelink'>".$ex_shout[$value]."</a>";
}
}
$shout = implode(" ",$ex_shout);
$shout = str_replace("<br>","<BR>",$shout);
if ($emoticons == "TRUE") {
$shout = parseEmoticons($shout, $emoticon_theme, $emoticon_text);
}
if ($censormode == "TRUE") {
$shout = parseCensorship($shout);
}
$date = formatDate($shouts['time']);
if ($colour==0) {$colour=1;} else {$colour=0;}
// ########## LAYOUT HERE! ###########
if (strstr($shouts['url'],"http://")) {
$url = processLink($nick,$shouts['url']);
} else {
$url = processNoLink($nick);
}
if (($shouts['ipaddress'] == $REMOTE_ADDR) && ($shouts['time'] > time()-$deletetime)) { //
$shout = processDeleteLink($shout, $shouts['time']);
}
echo outputShout($url,$nick,$shout,$date,$colour,$count);
// ##########################################
}
} // end for
} // end showShouts()
function isFlooding() {
global $REMOTE_ADDR, $floodtime;
$countshouts = countShouts();
$records = getShouts($countshouts-3,$countshouts,1);
$floodcount = 0;
if (count($records)>0) {
foreach ($records as $shouts) {
if ( ($shouts['ipaddress'] == $REMOTE_ADDR) && ($shouts['time'] > time()-$floodtime) ) { //
$floodcount++;
}
}
}
return ($floodcount);
}
require_once ("shoutbox_cookies.php");
?> 
