<?php header("Content-type: text/html; charset=utf-8"); //Send to browser that the charset is utf-8 ?>

<?php

/*    ******************************

           kShoutBox 0.2

   ******************************
*/

/*    ****************************************

   This ShoutBox script was created by
   Juan Karlo Aquino de Guzman

   DO NOT MODIFY THIS CODE AND DISTRIBUTING
   IT WITHOUT ANY PERMISSION. E-MAIL THE
   AUTHOR FIRST. Email: 01karlo@gmail.com

   DO NOT REMOVE THE "POWERED BY".

   FOR SUGGESTIONS, COMMENTS, ETC, SEND AN
   EMAIL TO 01karlo@gmail.com

   HOPE THAT YOU ENJOY THIS SCRIPT!

   MY FRIENDSTER: karlo@*BLEEP*it.com
   
   ****************************************
*/

/*    ******************************

Make sure that your editor supports WordWrap

   ******************************
*/

//error_reporting("0"); // Turns error reporting off

$dbHost = 'localhost'; // Database host
$dbUser = 'username'; // Database username
$dbPass = 'password'; // Database password
$dbName = 'karlo_scripts'; // Database name

$color1 = '#6699FF'; // Color #1
$color2 = '#66CCFF'; // Color #2

$ver = '0.2'; // kShoutBox version

/*    ******************************

   kShoutBox 0.2 - UNINSTALL

   ******************************
   Please make sure that you change
   it to something else. Or, take the
   risk. If someone tries to enter
   "uninstall in their taskbar, the
   kShoutBox will be uninstalled.
   You can change it to anything that
   you like. Example, convert "uninstall"
   to your own language. Example, "Tanggalin"
   means "to remove".
*/

if(preg_match('/uninstall/',$_SERVER['QUERY_STRING'])) { // Check if "uninstall" is found it's value from tha table
   mysql_connect($dbHost,$dbUser,$dbPass,$dbName);
   mysql_select_db($dbName);
   $query = mysql_query("SELECT * FROM password"); // Requests MySQL to show the table
   $password = mysql_fetch_row($query); // Gets the "password" field and
   
       if(isset($_GET['choice'])) { // Check if the user choses to delete the database or not
       
           switch($_GET['choice']) {
           case 0:
           mysql_query("DROP DATABASE $dbName"); // Deletes the database
           die('<b>Database deleted and Uninstalled!<br><br><a href="'.$_SERVER['SCRIPT_NAME'].'" style="color: blue;">Continue</a></b>');
           mysql_close(); // Closes MySQL
           exit;
           break;
           case 1:
           die('<b>Uninstalled!<br><br><a href="'.$_SERVER['SCRIPT_NAME'].'" style="color: blue;">Continue</a></b>');
           mysql_close(); // Closes MySQL
           exit;
           break;
               }
       }

       if($_POST['password']===$password[0]) { // Check if it's the same
           mysql_query("DROP TABLE kShoutBox"); // Drops the Table
           mysql_query("DROP TABLE password"); // Drops the Table
           die('<form name="database" method="get"><b>Would you like to delete the Database?</b><br><br>Yes <input type="radio" name="choice" value="0"> No <input type="radio" name="choice" value="1"><br><br><input type="submit" value="Continue" style="width: 200px;"><input type="hidden" name="password" value="'.$_POST['password'].'"><input type="hidden" name="uninstall"</b></form>'); // Outputs the question
               }
   die('Enter the password:<br><br><form name="authentication" method="post"><input type="textbox" name="password" size="30"><br><br>Then press enter.</form>'); // Outputs the verify page
}

mysql_connect($dbHost,$dbUser,$dbPass,$dbName) or error_msg("Unable to connect to MySQL!"); // Connects to MySQL
mysql_select_db($dbName) or doInstall(); // Selects the MySQL Database
$list1 = mysql_query("SELECT * FROM password"); // Check if the password table exists
$list2 = mysql_fetch_row($list1); // fetch the password

if($list2 < 1) { // If there is no password, then it means that this script is not installed yet
   doInstall();
}

/*    ******************************

   kShoutBox 0.2 - INFO ABOUT THE POST

   ******************************
*/

   if(isset($_GET['info'])) {

   $ra = array('pid' => 'Post ID','nickname' => 'Nickname','nickname_info' => 'Email/Website','happened' => 'Date','content' => 'Message','ip' => 'IP Address'); // Array, if the MySQL's result is "pid", it will be automatically changed to "Post ID"
   $i=0; // sets the counter to zero.
   $query_fields = mysql_query("SHOW COLUMNS FROM kShoutBox"); // shows the columns in kShoutBox
   
   // HTML Body
   echo('<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" http://www.w3.org/TR/html4/loose.dtd"><html><head><meta name="keywords" content="kshoutbox, shoutbox, juan, karlo, aquino, de, guzman, box, shout, '.$_GET['info'].'"><meta name="kShoutBox '.$ver.' created by Juan Karlo Aquino de Guzman"><title>User info: '.$_GET['info'].'</title></head><body style="
cursor: default;">'); // HTML Body
   
   echo('<table align="center" cellpadding="8" cellspacing="4" width="100%"><tr width="100%">'); // the table
       
       while($qfields = mysql_fetch_assoc($query_fields)){
       $colors = ($i % 2) ? '#6699FF':'#33CCFF';
       $a = $qfields[Field];
       $b = $ra[$a];
       echo("<td align=\"center\" style=\"background: $colors; font-weight: bold; font-family: verdana; font-size: 12px;\">$b</td>");
       $i++;
       } // Outputs the Post ID, Nickname, etc...

   $query_rows = mysql_query("SELECT * FROM kShoutBox WHERE nickname LIKE '".$_GET['info']."' ORDER BY pid"); // Find the Nickname

   echo("</tr>");

       // Outputs the search results

       $i = 1;
       while($fetch_row=mysql_fetch_object($query_rows)){
       $colors = ($i %2) ? '#FFFFCC':'#33FFCC'; // Alternate table colors
       $date_replace = str_replace("\n",'<br>',$fetch_row->happened); // Replaces the "\n" or the "blank line" with <br>

       // Table Body
       echo('<tr width="100%"><td align="center" style="background: '.$colors.'; font-weight: bold; font-family: verdana; font-size: 12px;"  onmouseover="this.style.background=\'white\';" onmouseout="this.style.background=\''.$colors.'\';">'.$i.'</td>'.'<td align="center" style="background: '.$colors.'; font-weight: bold; font-family: verdana; font-size: 12px;"  onmouseover="this.style.background=\'white\';" onmouseout="this.style.background=\''.$colors.'\';">'.$fetch_row->nickname.'</td><td align="center" style="background: '.$colors.'; font-weight: bold; font-family: verdana; font-size: 12px;"  onmouseover="this.style.background=\'white\';" onmouseout="this.style.background=\''.$colors.'\';">'.$fetch_row->nickname_info.'</td><td align="center" style="background: '.$colors.'; font-weight: bold; font-family: verdana; font-size: 12px;"  onmouseover="this.style.background=\'white\';" onmouseout="this.style.background=\''.$colors.'\';">'.$date_replace.'</td><td align="center" style="background: '.$colors.'; font-weight: bold; font-family: verdana; font-size: 12px;"  onmouseover="this.style.background=\'white\';" onmouseout="this.style.background=\''.$colors.'\';">'.$fetch_row->content.'</td><td align="center" style="background: '.$colors.'; font-weight: bold; font-family: verdana; font-size: 12px;"  onmouseover="this.style.background=\'white\';" onmouseout="this.style.background=\''.$colors.'\';">'.$fetch_row->ip.'</td></tr>'); // Table Body = The Results
       $i++; // Add something to the counter
       }

       mysql_close(); // Closes MysQL
       die("</table><br><div align=\"center\" style=\"font-family: verdana; font-size: 9px;\">Date and Time, GMT+8, from the PHP manual of gmdate() function, thanks to info@kogik.com<br><br>Thanks to:<br><br><a href=\"http://tm-software.uni.cc\" style=\"color: blue;\" target=\"_blank\">http://tm-software.uni.cc</a><br><a href=\"http://www.freewebmasterhelp.com\" style=\"color: blue;\" target=\"blank\">http://www.freewebmasterhelp.com</a></div></body></html>"); // Closes the HTML.

}

/*    ******************************

   kShoutBox 0.2 - Record the Data

   ******************************
*/

if(isset($_POST['nickname'])) {
   $timezone = +8; // your timezone. default is +8 (philippines)
   $nickname = $_POST['nickname']; // the nickname of the user
   $nickname_info = $_POST['nickname_info']; // the email/website of the user
   $happened = "Summer time: ".gmdate("F d Y, h:i:s a",time()+3600*($timezone+date("I"))); // from the PHP manual of gmdate() function, thanks to info@kogik.com
   $happened.= "\nWinter time: ".gmdate("F d Y, h:i:s a",time()+3600*($timezone+date("0"))); // from the PHP manual of gmdate() function, thanks to info@kogik.com
   $content = $_POST['content']; // content of the post
   $ip = $_SERVER['REMOTE_ADDR']; // IP address of the user

   // Checks if the user entered something
   empty($nickname) ? error_msg("You didn't enter your nickname!"):null;
   empty($nickname_info) ? error_msg("You didn't enter your website/email!"):null;
   empty($content) ? error_msg("You didn't enter any message!"):null; // Checks if the user entered something

   // Checks the length of the string that the user entered
   strlen($nickname > 10) ? error_msg("You are only allowed to enter a nickname that is not more than 10 characters."):null;
   strlen($nickname_info > 50) ? error_msg("You are only allowed to enter a website/email that is not more than 50 characters."):null;
   strlen($content > 500) ? error_msg("You are only allowed to enter a message that is not more than 500 characters."):null; // Checks the length of the string that the user entered

   if(!preg_match('/[\\wa-z]/',$nickname)) {
       error_msg("You entered an invalid nickname!");
   }
   if(!preg_match('/\\b(?P<protocol>https?|ftp):\/\/(?P<domain>[-A-Z0-9.]+)(?P<file>\/[-A-Z0-9+&@#\/%=~_|!:,.;]*)?(?P<parameters>\\?[-A-Z0-9+&@#\/%=~_|!:,.;]*)?/i',$nickname_info)){ // Checks if the user entered a website address
       if(!preg_match('/\\b[A-Z0-9._%-]+@[A-Z0-9._%-]+\\.[A-Z]{2,4}\\b/i',$nickname_info)){ error_msg("You entered an invalid e-mail address or websie! If you entered your website, you probably forgot to<br>include \"http\". If you entered your e-mail address, you probably forgot to include the \"@\" sign and the \".\" <- dots."); } // Checks if the user entered an email address
   }
   mysql_query("INSERT INTO kShoutBox VALUES(null,'$nickname','$nickname_info','$happened','$content','$ip')"); // Inserts the values to MySQL
   jredirect($_SERVER['SCRIPT_NAME']); // Redirects to the main page
}

?>

<?php

/*    ******************************

   kShoutBox - Installation

   ******************************
*/

function doInstall() {
   global $dbHost,$dbUser,$dbPass,$dbName,$ver;

   mysql_close(); // Closes the left opened MySQL connection.

   echo("<h3>kShoutBox $ver Installation</h3>"); // The Header

   if(!isset($_POST['password'])) { // If "install" is not yet called/set
   die('<form name="install" method="post">Enter a password (which will protect this script in case someone tries to install it):<br><br><input type="textbox" name="password" size="30"><br><br>Enter your email address (must be valid):<br><br><input type="textbox" name="email" size="30"><br><br><input type="submit" style="width: 150px;" value="Install"></form>'); // Shows the confirmation message to the user
   }else{
   mysql_connect($dbHost,$dbUser,$dbPass); // Connects to MySQL
   echo('<h4>Creating Database "'.$dbName.'" ...');
   $query_install = mysql_select_db($dbName) or $query_verify=1;
       if($query_verify===1) {
           mysql_query("CREATE DATABASE $dbName") or die('FAILED</h4>');
       } // Creates the Database
   echo('DONE</h4>');
   echo('<h4>Creating Table "kShoutBox" ...');
   mysql_select_db($dbName); // Selects the newly created Database
   $q = "CREATE TABLE kShoutBox ( pid INT(50) NOT NULL AUTO_INCREMENT,"; // Creates the PostID
   $q.= "nickname VARCHAR(10) NOT NULL,"; // Creates the Nickname
   $q.= "nickname_info VARCHAR(50) NOT NULL,"; // Creates the Nickname Info, email, website, etc...
   $q.= "happened VARCHAR(100) NOT NULL,"; // When did it happened?
   $q.= "content TEXT NOT NULL,"; // The content of the post
   $q.= "ip VARCHAR(20) NOT NULL,"; // The IP address of the poster.
   $q.= "INDEX (pid) \n)"; // Makes pid as the index
   mysql_query($q); // Requests "$q" to be inserted into the MySQL database.

   mysql_query("CREATE TABLE password ( password VARCHAR(25) NOT NULL UNIQUE )");
   mysql_query("INSERT INTO password VALUES('".sha1($_POST['password'])."');"); // Creates the table for the password

   mail($_POST['email'],'Password for kShoutbox '.$ver,'The password is: '.sha1($_POST['password']),'From: server@'.str_replace('www',null,$_SERVER['SERVER_NAME']));

   $query = mysql_query("SELECT * FROM password");
   $password = mysql_fetch_row($query);

   mysql_close(); // Closes MySQL
   die('DONE</h4><h4>The password was sended to the e-mail address that you entered.<br>Please do not lost it!<br>Your password is:<br>'.$password[0].'</h4><h4><a href="'.$_SERVER['SCRIPT_NAME'].'" style="color: blue;">Success!</h4>');
   }
}

?>

<?php

/*    ******************************

   kShoutBox - Error Message

   ******************************
*/

function error_msg($msg) {
   mysql_close(); // Closes MySQL
   die("<div align=\"center\" style=\"background-color: red; padding: 4px; font-family: verdana; font-size: 12px; font-weight: bold; color: white; width: 30%;\">There was an error!</div><div align=\"center\" style=\"background-color: #FFFFCC; padding: 8px; font-family: verdana; font-size: 12px; font-weight: bold; color: black; width: 30%;\">$msg<br><a href=\"javascript:history.back();\" style=\"color: blue; font-family: verdana; font-weight: bold; font-size: 12px;\">Go back</a></div>");
}

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>kShoutBox <?=$ver;?></title>
<style type="text/css">
body { background: White; font-family: Verdana; font-size: 12px; cursor: default; top: 0px; left: 0px; right: 0px; bottom: 0px; margin-width: 0px; margin-height: 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; }
td { background: White; font-size: 12px; }
#nickname { font-family: Verdana; font-size: 12px; height: 20px; }
#nickname_info { font-family: Verdana; font-size: 12px; height: 20px; }
#content { font-family: Verdana; font-size: 12px; }
#submit { width: 150px; }
</style>
</head>

<body>
<?php

/*    ******************************

   kShoutBox - Main

   ******************************
*/

$q = mysql_query("SELECT * FROM kShoutBox"); // Displays all of the available informations on the Table
$rows = mysql_numrows($q); // Gets the number of rows on the Table

$hr = $rows<1 ? null:'<hr>'; // Checks if the number of rows if it's empty

if($rows > 10) {
   $page = 11;
   $hr = "<a href=\"?page=$page\" style=\"color: blue; font-size: 11px\">next</a><hr>";
}

if(isset($_GET['page'])) { // Checks if the "page" is set
   
   if($_GET['page'] === '1') {
       jredirect($_SERVER['SCRIPT_NAME']);
   }

   if($_GET['page'] > 10) { // Checks if the "page" is more than 10
       $page = $_GET['page'];
       $pagenext = $page + 10;
       $pageprev = $page - 10;

       $q = mysql_query("SELECT * FROM kShoutBox ORDER BY pid DESC LIMIT $page,10");

       $hr = "<a href=\"?page=$pageprev\" style=\"color: blue; font-size: 11px\">previous</a> <a href=\"?page=$pagenext\" style=\"color: blue; font-size: 11px\">next</a><hr>";
   } // Generates the next page, previous page, etc...

   if($_GET['page']+9 > $rows) {
       $page = $_GET['page'];
       $pageprev = $page - 10;

       $q = mysql_query("SELECT * FROM kShoutBox ORDER BY pid DESC LIMIT $page,10");

       $hr = "<a href=\"?page=$pageprev\" style=\"color: blue; font-size: 11px\">previous</a><hr>";    

       echo('<b><span style="color: red;">No more posts to display.</span></b><br>');

   }

}else{ $q = mysql_query("SELECT * FROM kShoutBox ORDER BY pid DESC LIMIT 10"); } // Gets the post

$color_count=0; // Sets the alternate table color to "0"

while($data=mysql_fetch_assoc($q)) {
   $color_count++; // Adds something
   $color = ($color_count % 2) ? $color1:$color2; // Alternate table color
   echo("<div style=\"background: $color;\" onmouseover=\"this.style.background='White';\" onmouseout=\"this.style.background='$color';\"><a href=\"?info=$data[nickname]\" style=\"font-weight: bold; color: black; text-decoration: none; padding: 4px;\" target=\"_blank\">$data[nickname]:</a> $data[content]</div>"); // Outputs the posts
}

?>

<?=$hr;?>
<form name="kShoutBox" method="post" action="<?=$_SERVER['SCRIPT_NAME'];?>">
<table width="100%">
<tr>
   <td>Nickname:</td>
   <td><input id="nickname" type="text" name="nickname" size="15"></td>
</tr>
<tr>
   <td>Website/Email:</td>
   <td><input id="nickname_info" type="text" name="nickname_info" size="30" onmouseover="window.status='Please include \' http:// \'';" onmouseout="window.status='';"></td>
</tr>
<tr valign="middle">
   <td>Message:</td>
   <td><textarea id="content" name="content" rows="5" cols="25"></textarea></td>
</tr>
</table>
<table width="100%">
<tr>
   <td align="center"><input id="submit" type="submit" value="Shout"><br><a href="?uninstall" style="color: #EAEAEA; font-size: 10px;">Uninstall</a></td>
</tr>
</table>
<br>
<a href="http://www.karlo.ph.tc" style="color: gray; font-size: 10px; text-decoration: none;" target="_blank">Powered by kShoutBox <?=$ver;?><br>Created by Juan Karlo Aquino de Guzman</a>
</form>
</body>
</html>

<?php mysql_close(); // Closes MySQL ?>

<?php

/*    ******************************

   kShoutBox - Redirect

   ******************************
*/

function jredirect($url) {
   die("<script language=\"javascript\" type=\"text/javascript\">window.location='$url';</script>");
}

?>