cinput.php3
如下:
<html>
<head>
<title>输入</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" href="main.css" type="text/css">
<script language="JavaScript">
<!--
function NameGotFocus( ) {
document.frmInput.txtSend.focus();
}
function CheckValid() {
document.frmInput.sEmotion.value=top.emotion.frmEmotion.selEmotion.value;
document.frmInput.sColor.value=top.emotion.frmEmotion.selColor.value;
if (document.frmInput.txtSend.value == "") {
document.frmInput.txtSend.focus();
return false;
}
return true;
}
//-->
</script>
<link rel="stylesheet" href="main.css" type="text/css">
</head>
<body >
<?php
function suiji($max){
srand((double)microtime()*1000000);
$x=rand();
$y=getrandmax();
$r=$x/$y*($max-1);
$r=round($r++);
return $r;
}
function StrOccurs($sStr, $sFind){
$sTemp=$sStr;
$iLen=strlen($sFind);
$iCount=0;
while (true){
if (strstr($sTemp, $sFind))
break;
else{
$sTemp = substr($sTemp,strpos($sTemp,$sFind)+$iLen);
$iCount++;
}
}
return $iCount;
}
function StrDupl($sStr, $iCnt){
$ret="";
for($i=1;$i<=$iCnt;$i++)
$ret.=$sStr;
return $ret;
}
function DelQuot($sStr){
$s=str_replace(chr(124),"¦",$sStr);
$s=str_replace(chr(39),"´",$s);
$s=str_replace(chr(34),""",$s);
return $s;
}
function DelTag($sStr){
$bNeed="False";
$sOther=strtoupper($sStr);
if ($bNeed!="True" || !strstr($sOther,"<TABLE")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</TABLE")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<SCRIPT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</SCRIPT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<BODY")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</BODY")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<HTML")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</HTML")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<HEAD")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</HEAD")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<FORM")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</FORM")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<INPUT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</INPUT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<OPTION")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</OPTION")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<SELECT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</SELECT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<APPLET")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</APPLET")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<OBJECT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</OBJECT")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<MENU")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</MENU")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<FRAMESET")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</FRAMESET")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<FRAME")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</FRAME")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<IFRAME")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</IFRAME")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<STYLE")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"</STYLE")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"<BASE")) $bNeed="True";
if ($bNeed!="True" || !strstr($sOther,"FONT-SIZE:")) $bNeed="True";
if ($bNeed=="True")
return str_replace(">",">",str_replace("<","<",$sStr));
else
return $sStr;
}
function AddLost($sStr){
$ret=$sStr;
$ret.=StrDupl(">", (StrOccurs(strtoupper($ret), "<") - StrOccurs(strtoupper($ret), ">")));
$ret.=StrDupl("</FONT>", (StrOccurs(strtoupper($ret), "<FONT") - StrOccurs(strtoupper($ret), "</FONT>")));
$ret.=StrDupl("</B>", (StrOccurs(strtoupper($ret), "<B") - StrOccurs(strtoupper($ret), "</B>")));
$ret.=StrDupl("</I>", (StrOccurs(strtoupper($ret), "<I") - StrOccurs(strtoupper($ret), "</I>")));
$ret.=StrDupl("</U>", (StrOccurs(strtoupper($ret), "<U") - StrOccurs(strtoupper($ret), "</U>")));
$ret.=StrDupl("</S>", (StrOccurs(strtoupper($ret), "<S") - StrOccurs(strtoupper($ret), "</S>")));
$ret.=StrDupl("</STRIKE>", (StrOccurs(strtoupper($ret), "<STRIKE") - StrOccurs(strtoupper($ret), "</STRIKE>")));
$ret.=StrDupl("</STRONG>", (StrOccurs(strtoupper($ret), "<STRONG") - StrOccurs(strtoupper($ret), "</STRONG>")));
$ret.=StrDupl("</SMALL>", (StrOccurs(strtoupper($ret), "<SMALL") - StrOccurs(strtoupper($ret), "</SMALL>")));
$ret.=StrDupl("</CITE>", (StrOccurs(strtoupper($ret), "<CITE") - StrOccurs(strtoupper($ret), "</CITE>")));
$ret.=StrDupl("</EM>", (StrOccurs(strtoupper($ret), "<EM") - StrOccurs(strtoupper($ret), "</EM>")));
$ret.=StrDupl("</CODE>", (StrOccurs(strtoupper($ret), "<CODE") - StrOccurs(strtoupper($ret), "</CODE>")));
$ret.=StrDupl("</SAMP>", (StrOccurs(strtoupper($ret), "<SAMP") - StrOccurs(strtoupper($ret), "</SAMP>")));
$ret.=StrDupl("</KBD>", (StrOccurs(strtoupper($ret), "<KBD") - StrOccurs(strtoupper($ret), "</KBD>")));
$ret.=StrDupl("</VAR>", (StrOccurs(strtoupper($ret), "<VAR") - StrOccurs(strtoupper($ret), "</VAR>")));
$ret.=StrDupl("</DFN>", (StrOccurs(strtoupper($ret), "<DFN") - StrOccurs(strtoupper($ret), "</DFN>")));
$ret.=StrDupl("</BIG>", (StrOccurs(strtoupper($ret), "<BIG") - StrOccurs(strtoupper($ret), "</BIG>")));
$ret.=StrDupl("</SUP>", (StrOccurs(strtoupper($ret), "<SUP") - StrOccurs(strtoupper($ret), "</SUP>")));
$ret.=StrDupl("</SUB>", (StrOccurs(strtoupper($ret), "<SUB") - StrOccurs(strtoupper($ret), "</SUB>")));
$ret.=StrDupl("</H1>", (StrOccurs(strtoupper($ret), "<H1") - StrOccurs(strtoupper($ret), "</H1>")));
$ret.=StrDupl("</H2>", (StrOccurs(strtoupper($ret), "<H2") - StrOccurs(strtoupper($ret), "</H2>")));
$ret.=StrDupl("</H3>", (StrOccurs(strtoupper($ret), "<H3") - StrOccurs(strtoupper($ret), "</H3>")));
$ret.=StrDupl("</H4>", (StrOccurs(strtoupper($ret), "<H4") - StrOccurs(strtoupper($ret), "</H4>")));
$ret.=StrDupl("</H5>", (StrOccurs(strtoupper($ret), "<H5") - StrOccurs(strtoupper($ret), "</H5>")));
$ret.=StrDupl("</H6>", (StrOccurs(strtoupper($ret), "<H6") - StrOccurs(strtoupper($ret), "</H6>")));
$ret.=StrDupl("</H7>", (StrOccurs(strtoupper($ret), "<H7") - StrOccurs(strtoupper($ret), "</H7>")));
return $ret;
}
$sSecret="False";
$sRefRate=5;
$ConnID=@odbc_connect("jtfcht","admin","");
if ($ConnID){
if ($id=="1" && $ps="superldz"){
$result=@odbc_exec($ConnID,"SELECT RefRate FROM User WHERE UserID=".$id);
if (@odbc_fetch_into($result,0,&$rArr)){
$sRefRate=$rArr[0];
if ($cmdSend=="送出"){
$sRefRate=(int)($txtRefRate);
if ($sRefRate<2) $sRefRate=2;
@odbc_exec($ConnID,"UPDATE User SET RefRate=".$sRefRate.",LstTime=".time()." WHERE UserID=".($id));
@odbc_exec($ConnID,"INSERT INTO ChtCont (sIDFrom, sNameFrom, sIPFrom, sIDTo, sNameTo, sTime, sCont, bSecret, RoomID) VALUES (".$id.", '管理员', '".getenv("REMOTE_ADDR")."', 0, '大家', '".date("H:i:s")."', '<font color=gray>【系统消息】".trim(DelQuot(htmlspecialchars($txtSend)))."</font>', False, 0)");
}
}
}
else{
$result=@odbc_exec($ConnID,"SELECT UserID,UserName,PassWord,LstTime,Secret,RefRate,ToID,ToName,RoomID FROM User WHERE UserID=".($id));
if (@odbc_fetch_into($result,0,&$rArr)){
if ($rArr[2]==$ps){
if ($rArr[3]>=(time()-1800)){
if ($rArr[4]) $sSecret="True";
$sRefRate=$rArr[5];
if ($cmdSend=="送出"){
$sUserName=$rArr[1];
$sToID=$rArr[6];
$sToName=$rArr[7];
$sRoomID=$rArr[8];
//$sSend=AddLost(DelTag(DelQuot($txtSend)));
$sSend=DelQuot(htmlspecialchars($txtSend));
if ($chkSecret=="Yes"){
$sSecret="True";
$sTalk="悄悄说:";
}
else{
$sSecret="False";
$sTalk="说:";
}
$sRefRate=(int)($txtRefRate);
if ($sRefRate<2) $sRefRate=2;
@odbc_exec($ConnID,"UPDATE User SET EmotionID=".$sEmotion.",ColorID='".$sColor."',Secret=".$sSecret.",RefRate=".$sRefRate.",LstTime=".time()." WHERE UserID=".$id);
$bCht="True";
$bToMe="False";
if (substr($sSend,0,3)=="/t "){
$sChtCont="<font color=blue><i>%m想".substr($sSend,3)."</i></font>";
$sSecret="False";
$bCht="False";
}
elseif (substr($sSend,0,3)=="/: "){
$sChtCont="<font color=red>%m".substr($sSend,3)."</font>";
$sSecret="False";
$bCht="False";
}
elseif (strtolower(substr($sSend,0,3))=="/w "){
$result=@odbc_exec($ConnID,"SELECT RoomID FROM User WHERE UserName='".trim(substr($sSend,3))."'");
if (@odbc_fetch_into($result,0,&$rArr)){
if ($rArr[0]>0){
$result=@odbc_exec($ConnID,"SELECT RoomName FROM Room WHERE RoomID=".$rArr[0]);
if (@odbc_fetch_into($result,0,&$rArr))
$sChtCont="<font color=gray>【系统消息】".trim(substr($sSend,3))."目前在房间".$rArr[0]."。</font>";
else
$sChtCont="<font color=gray>【系统消息】系统混乱了,".trim(substr($sSend,3))."目前在的房间不可识别!</font>";
}
else
$sChtCont="<font color=gray>【系统消息】".trim(substr($sSend,3))."目前没有上线。</font>";
$sSecret="True";
$bCht="False";
}
else{
$sChtCont="<font color=gray>【系统消息】没有".trim(substr($sSend,3))."这个人。</font>";
$sSecret="True";
$bCht="False";
}
$bToMe="True";
}
elseif (substr($sSend,0,3)=="// "){
$result=@odbc_exec($ConnID,"SELECT ActCont FROM Action WHERE ActID='".trim(substr($sSend,3))."'");
if (@odbc_fetch_into($result,0,&$rArr)){
$sChtCont="<font color=red>".trim($rArr[0])."</font>";
$sSecret="False";
$bCht="False";
}
else $bCht="True";
}
if ($bCht=="True"){
$result=@odbc_exec($ConnID,"SELECT COUNT(EmotionTp) AS CNT_TP FROM Emotion WHERE EmotionTp=".$sEmotion);
@odbc_fetch_into($result,0,&$rArr);
if ($rArr[0]>0){
$iEmCnt=suiji($rArr[0]);
$result=@odbc_exec($ConnID,"SELECT EmotionCont FROM Emotion WHERE EmotionTp=".$sEmotion." AND EmotionID=".$iEmCnt);
if (@odbc_fetch_into($result,0,&$rArr))
$sChtCont="%m".trim($rArr[0])."对%g".$sTalk.$sSend;
else
$sChtCont="%m对%g".$sTalk.$sSend;
}
else $sChtCont="%m对%g".$sTalk.$sSend;
if ($sSecret=="True")
$sChtCont="<font color=green>".$sChtCont."</font>";
else
$sChtCont="<font color=#".$sColor.">".$sChtCont."</font>";
}
if ($bToMe=="True")
@odbc_exec($ConnID,"INSERT INTO ChtCont (sIDFrom, sNameFrom, sIPFrom, sIDTo, sNameTo, sTime, sCont, bSecret, RoomID) VALUES (0, '大家', '".getenv("REMOTE_ADDR")."', ".$id.", '".$sUserName."', '".date("H:i:s")."', '".$sChtCont."', ".$sSecret.", ".$sRoomID.")");
else
@odbc_exec($ConnID,"INSERT INTO ChtCont (sIDFrom, sNameFrom, sIPFrom, sIDTo, sNameTo, sTime, sCont, bSecret, RoomID) VALUES (".$id.", '".$sUserName."', '".getenv("REMOTE_ADDR")."', ".$sToID.", '".$sToName."', '".date("H:i:s")."', '".$sChtCont."', ".$sSecret.", ".$sRoomID.")");
}
}
}
}
}
@odbc_close($ConnID);
}
?>
<div align="center"><center><form method="post" action="cinput.php3" name="frmInput" >
<input type="hidden" name="sEmotion" value="0"><input type="hidden" name="sColor" value="000000">
<?php
if ($sSecret=="True")
echo "t<input type="checkbox" name="chkSecret" value="Yes" checked>悄悄话n";
else
echo "t<input type="checkbox" name="chkSecret" value="Yes">悄悄话n";
?>
<input type="text" name="txtSend" maxlength="120" size="39"><input type="hidden" name="id" value="<?php echo $id; ?>"><input type="hidden" name="ps" value="<?php echo $ps; ?>">
<input type="submit" name="cmdSend" value="送出">
刷新:<input type="text" name="txtRefRate" maxlength="2" size="2" value="<?php echo $sRefRate; ?>">
<input type="button" name="cmdExit" value="退出">
</form></center></div>
</body>
</html>