Jump to content

Shoutbox, poll system and news system

moon 111

By moon 111
in Beta Test Your Stuff!

 Share

Recommended Posts

moon 111 Regular Member

moon 111

Posted
Posted

Here are my shoutbox poll system and news system. What do you think?

News: http://www.kingdavidwebdesign.com/News%20System/index.php

Poll: http://www.kingdavidwebdesign.com/Poll%20System/index.php

Shout Box: http://www.kingdavidwebdesign.com/shoutbox/shoutbox.php

 

Any more features I should add? Ignore the lack of graphics...

 

Note: The poll is meant to be included as one of the "boxes" in a "box" template if that means anything. Basiclly its not meant to be views like it is atm.

 

I'm posting my code so you can tell me how horribly I wrote it. But beware, its in OOP!

 

Poll System (class_lib.php)

<?php

class poll
{
  public function __construct()
  {
  }
  
  public function addPoll($title, $options)
  {
    common::dbConnect();
    
    $q = "INSERT INTO poll (title) VALUES ('".$title."')";
    mysql_query($q);
    
    $q = "SELECT * FROM poll ORDER BY id DESC LIMIT 1";
    $result = mysql_query($q);
    $id = mysql_fetch_array($result);
    $id = $id['id'];
    $optionsArray = explode(';', $options);
    $q1 = "INSERT INTO options (id, pid, title, votes) VALUES ";
    
    foreach($optionsArray as $value)
    {
      $q1 .= "(NULL, '".$id."', '".$value."', ''), ";
    }
    
    $q1 = substr($q1, 0, strlen($q1) - 2);
    mysql_query($q1);
  }
  
  public function getOptions($id)
  {
    common::dbConnect($id);
    
    $q = "SELECT * FROM options WHERE pid = " . $id;
    $result = mysql_query($q);
    
    while($options = mysql_fetch_array($result))
    {
      $optionsArray[] = array($options['id'], $options['option'], $options['votes']);
    }
    return $optionsArray;
  }
  
  public function getPollInfo($id)
  {
    common::dbConnect($id);
    
    $q = "SELECT * FROM poll WHERE id = " . $id;
    $result = mysql_query($q);
    $poll = mysql_fetch_array($result);
    
    return array($poll['id'], $poll['title'], $poll['votes'], $poll['ips']);
  }
  
  public function hasVoted($id)
  {
    common::dbConnect();
    
    $q = "SELECT * FROM poll WHERE id = " . $id;
    $result = mysql_query($q);
    $poll = mysql_fetch_array($result);
    $ips = explode(',', $poll['ips']);
    $ip = $_SERVER['REMOTE_ADDR'];
    if(in_array($ip, $ips)) return true;
    return false;
  }
  
  public function addVote($id, $pid)
  {
    common::dbConnect();
    
    if(!$this->hasVoted($pid))
    {
      $q = "UPDATE options SET votes = (votes+1) WHERE id = " . $id;
      mysql_query($q);
      
      $q = "UPDATE poll SET votes = (votes+1) WHERE id = " . $pid;
      mysql_query($q);
      
      $q = "SELECT * FROM poll WHERE id = " . $pid;
      $result = mysql_query($q);
      $poll = mysql_fetch_array($result);
      $ips = $poll['ips'] . $_SERVER['REMOTE_ADDR'] . ",";
      $q = "UPDATE poll SET ips = '".$ips."' WHERE id = " . $pid;
      mysql_query($q);
      return true;
    }
    return false;
  }
  
  public function displayPoll($id = "")
  {
    common::dbConnect();
    
    if($id != "")
    {
      $q = "SELECT * FROM poll WHERE id = " . $id;
    }
    else
    {
      $q = "SELECT * FROM poll ORDER BY id DESC LIMIT 1";
    }
    
    $result = mysql_query($q);
    $poll = mysql_fetch_array($result);
    $id = $poll['id'];
    if(!$this->hasVoted($id))
    {
      //Print form
      $content .= "<form action='index.php' method='POST'>";
      $content .= "<table>";
      $content .= "<tr><td colspan='2' align='center'><b>".$poll['title']."</b></td></tr>";
      
      $q = "SELECT * FROM options WHERE pid = " . $id;
      $result1 = mysql_query($q);
      $i = " checked";
      while($options = mysql_fetch_array($result1))
      {
        $content .= "<tr>";
        $content .= "<td width='100'>".$options['title']."</td>";
        $content .= "<td><input type='radio' name='id' value='".$options['id']."'".$i."></td>";
        $content .= "</tr>";
        if($i == " checked") $i = "";
      }
      
      $content .= "<tr><td>Votes: ".$poll['votes']."</td>";
      $content .= "<td><input type='submit' name='submit' value='Vote!'></td></tr>";
      $content .= "</table>";
      $content .= "<input type='hidden' name='pid' value='".$id."'>";
      $content .= "</form>";
    }
    else
    {
      $content .= "<table>";
      $content .= "<tr><td colspan='2' align='center'><b>".$poll['title']."</b></td></tr>";
      
      $q = "SELECT * FROM options WHERE pid = " . $id;
      $result1 = mysql_query($q);
      while($options = mysql_fetch_array($result1))
      {
        $votes[] = $options['votes'];
        $title[] = $options['title'];
      }
      
      $total = array_sum($votes);
      $i = 0;
      foreach($votes as &$value)
      {
        $value = round($value / $total * 100.0, 2);
        $content .= "<tr><td width='100'>".$title[$i]."</td><td>".$value."%</td></tr>";
        $i++;
      }
      
      $content .= "<tr><td colspan='2' align='center'>Votes: ".$poll['votes']."</td>";
      $content .= "</table>";
    }
    return $content;
  }
}

class common
{
  public function __construct()
  {
  }
  
  public function clean($var)
  {
    return strip_tags($var);
  }
  
  public function dbConnect()
  {
    $dbcnx = @mysql_connect("p50mysql107.secureserver.net", "bankwolf8", "Dcmbr2506") 
        or die("The site database appears to be down."); 
  
    if (!@mysql_select_db("bankwolf8")) 
        die("The site database is unavailable."); 
      
    return $dbcnx; 
  }
}

?>

 

Poll System (index.php)

<?php

include('class_lib.php');

$poll = new poll;

if($_POST['submit'])
{
  $poll->addVote($_POST['id'], $_POST['pid']);
}

echo $poll->displayPoll();

?>

 

News System (class_lib.php)

<?php

class news
{
  private $newsLimitPerPage = 10;
  private $commentsLimitPerPage = 5;
  private $maxLength = 1000;
  
  public function __construct()
  {
  }
  
  public function addNewsItem($title, $message, $user)
  {
    common::dbConnect();
    $date = date("m/d/Y");
    
    $q = "INSERT INTO news (title, date, user, message, views) VALUES ('".$title."', '".$date."', ".
         "'".$user."', '".$message."', 0)";
         
    if(mysql_query($q)) return true;
    return false;
  }
  
  public function deleteNewsItem($id)
  {
    common::dbConnect();
    
    $q = "DELETE FROM news WHERE id = '" . $id . "'";
    
    if(mysql_query($q)) return true;
    return false;
  }
  
  public function addNewsView($id)
  {
    common::dbConnect();
    
    $q = "UPDATE news SET views = (views+1) WHERE id = " . $id;
    if(mysql_query($q)) return true;
    return false;
  }
  
  public function getNewsViews($id)
  {
    common::dbConnect();
    
    $q = "SELECT views FROM news WHERE id = " . $id;
    $result = mysql_query($q);
    $views = mysql_fetch_array($result);
    
    return $views['views'];
  }
  
  public function getNews($id = "")
  {
    common::dbConnect();
    
    if($id == "")
    {
      $q = "SELECT * FROM news ORDER BY id DESC LIMIT " . $this->newsLimitPerPage;
      $result = mysql_query($q);
      
      while($news = mysql_fetch_array($result))
      {
        $newsArray[] = array($news['id'], $news['title'], $news['date'], $news['user'], 
                             $news['message']);
      }
      return $newsArray;
    }
    else
    {
      $q = "SELECT * FROM news WHERE id = '".$id."' LIMIT 1";
      $result = mysql_query($q);
      $news = mysql_fetch_array($result);
      return array($news['id'], $news['title'], $news['date'], $news['user'], $news['message']);
    }
  }
  
  public function addComment($id, $title, $message, $user)
  {
    common::dbConnect();
    if($title == "" OR $message == "" OR $user == "") return false;
    $date = date("m/d/Y - H:i:s");
    
    $title = common::clean($title);
    $id = common::clean($id);
    $message = common::clean($message);
    $user = common::clean($user);
    $message = nl2br($message);
    
    $q = "INSERT INTO comments (nid, title, date, user, message) VALUES ('".$id."', '".$title."',". 
         "'".$date."', '".$user."', '".$message."')";
         
    if(mysql_query($q)) return true;
    return false;
  }
  
  public function deleteComment($id)
  {
    common::dbConnect();
    
    $q = "DELETE FROM comments WHERE id = '" . $id . "'";
    
    if(mysql_query($q)) return true;
    return false;
  }
  
  public function deleteNewsComments($id)
  {
    common::dbConnect();
    
    $q = "DELETE FROM comments WHERE nid = '" . $id . "'";
    
    if(mysql_query($q)) return true;
    return false;
  }
  
  public function getNumberOfComments($id)
  {
    common::dbConnect();
    
    $q = "SELECT * FROM comments WHERE nid = " . $id;
    $result = mysql_query($q);
    
    return mysql_num_rows($result);
  }
  
  public function getComments($id)
  {
    common::dbConnect();
    
    $q = "SELECT * FROM comments WHERE nid ='".$id."' ORDER BY id DESC LIMIT ".$this->commentsLimitPerPage;
    $result = mysql_query($q);
    while($comments = mysql_fetch_array($result))
    {
      $commentsArray[] = array($comments['id'], $comments['title'], $comments['date'], $comments['user'], 
                               $comments['message']);
    }
    return $commentsArray;
  }
  
  public function displayNews($id = "")
  {
    if($id == "")
    {
      $news = $this->getNews($id);
      
      if($news)
      {
        foreach($news as $value)
        {
          $id[] = $value[0];
          $title[] = $value[1];
          $date[] = $value[2];
          $user[] = $value[3];
          $message[] = $value[4];
        }
        
        $i = 0;
        foreach($id as $value)
        {
          if(strlen($message[$i] > $this->maxlength))
            $message[$i] = substr($message[$i], 0, $this->maxLength) . "...";
          $content .= "<b>" . $date[$i] . ": <span style='font-size: 20px'>". $title[$i] ."</span></b><br>";
          $content .= "by " . $user[$i] . "<br><br>";
          $content .= $message[$i] . "<br><br>";
          $content .= "<a href='index.php?id=".$id[$i]."'>Read More...</a>  |  ";
          $content .= "<a href='index.php?id=".$id[$i]."'>Comments(".$this->getNumberOfComments($id[$i]).")</a>";
          $content .= "<br><br><br><br>";
          $i++;
        }
      }
      return $content;
    }
    else
    {
      $this->addNewsView($id);
      $news = $this->getNews($id);
      
      $id = $news[0];
      $title = $news[1];
      $date = $news[2];
      $user = $news[3];
      $message = $news[4];
      
      $content .= "<b>" . $date . ": <span style='font-size: 20px'>". $title ."</span></b><br>";
      $content .= "by " . $user . "<br>";
      $content .= "Viewed " . $this->getNewsViews($id) . " times.<br><br>";
      $content .= $message . "<br><br><br>";
      
      $comments = $this->getComments($id);
      
      if($comments)
      {
        foreach($comments as $value)
        {
          $id1[] = $value[0];
          $title1[] = $value[1];
          $date1[] = $value[2];
          $user1[] = $value[3];
          $message1[] = $value[4];
        }
        
        $content .= "<h2>Comments</h2>";
        
        $i = 0;
        foreach($id1 as $value)
        {
          $content .= "<b>".$title1[$i]." posted on " . $date1[$i] . " by ". $user1[$i] ."</b><br>";
          $content .= $message1[$i] . "<br><br>";
          $i++;
        }
      }
      
      $content .= "<br>";
      $content .= "<h2>Post a comment</h2>";
      $content .= "<form action='index.php?id=".$id."' method='POST'>";
      $content .= "Name: <input type='text' name='user'><br>";
      $content .= "Title: <input type='text' name='title'><br>";
      $content .= "Message: <br>";
      $content .= "<textarea cols='40' rows='5' name='message'></textarea><br>";
      $content .= "<input type='hidden' name='id' value='".$id."'>";
      $content .= "<input type='submit' name='submit' value='Post'>";
      $content .= "</form>";
      
      return $content;
    }
  }
}

class common
{
  public function __construct()
  {
  }
  
  public function clean($var)
  {
    return strip_tags($var);
  }
  
  public function dbConnect()
  {
    $dbcnx = @mysql_connect("p50mysql107.secureserver.net", "bankwolf8", "Dcmbr2506") 
        or die("The site database appears to be down."); 
  
    if (!@mysql_select_db("bankwolf8")) 
        die("The site database is unavailable."); 
      
    return $dbcnx; 
  }
}

?>

 

News System (index.php)

<?php

include('class_lib.php');

$news = new news;
if($_POST['submit'])
{
  $news->addComment($_POST['id'], $_POST['title'], $_POST['message'], $_POST['user']);
}
echo $news->displayNews($_GET['id']);

?>

 

Shout Box (class_lib.php)

<?php

class shoutbox
{
  private $file = 'shoutbox.txt';
  
  public function __construct()
  {
  }
  
  public function parseFile()
  {
    $tempfile = array_reverse(file($this->file));
    
    foreach($tempfile as $value)
    {
      $i++;
      if($i > 10) break;
      $temp = explode(':-:', $value);
      $fileArray[] = array($temp[0], $temp[1], $temp[2]);
    }
    
    return $fileArray;
  }
  
  public function displayShoutBox($nick = "")
  {
    $fileArray = $this->parseFile();
    foreach($fileArray as $value)
    {
      $date[] = $value[0];
      $name[] = $value[1];
      $message[] = $value[2];
    }
    
    $content .= "<table border='0' cellspacing='0' cellpadding='5' bgcolor='#FFFFFF'>";
    $i = 0;
    foreach($name as $value)
    {
      $content .= "<tr><td>" . $date[$i] . "</td><td><b>" . $name[$i] . ":</b> " . $message[$i] . "</td></tr>";
      $i++;
    }
    
    $content .= "<tr><td colspan='2' align='left'>";
    $content .= "<form action='shoutbox.php' method='POST'>";
    $content .= "Nick: <input type='text' name='name' value='".$nick."'> Say: <input type='text' name='message'> ";
    $content .= "<input type='submit' name='send' value='Send'>";
    $content .= "</form>";
    $content .= "</td></tr>";
    $content .= "</table>";
    
    return $content;
  }
  
  public function addMessage($name, $message)
  {
    if($name == "" OR $message == "") return false;
    preg_replace("|\W|", "", array($name, $message));
    $message = stripslashes($message);
    $handle = fopen($this->file, "r+");
    if(filesize($this->file) > 0) $content = fread($handle, filesize($this->file));
    else $content = "";
    
    $date = date("H:i:s");
    $content = $date . ":-:" . $name . ":-:" . $message . "\r\n";
    fwrite($handle, $content);
  }
}

?>

 

Shout Box (shoutbox.php)

<?php

include_once('class_lib.php');

$shoutbox = new shoutbox;

if(!$_POST['send'])
{
  echo $shoutbox->displayShoutBox();
}
else
{
  $shoutbox->addMessage($_POST['name'], $_POST['message']);
  echo $shoutbox->displayShoutBox($_POST['name']);
}

?>

Link to comment
Share on other sites
Coreye Member

Coreye

Posted
Posted

ShoutBox Vulnerabilities

Cross Site Scripting:

You can submit ">code in your name.

 

Cross Site Scripting:

You can submit ">code in your message.

 

News System Vulnerabilities

Full Path Disclosure:

http://www.kingdavidwebdesign.com/News%20System/index.php?id=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/b/a/n/bankwolf6/html/News System/class_lib.php on line 50

 

 

 

 

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.