if (!defined("IN_FUSION")) { die("Access Denied"); }



$link = FUSION_SELF.(FUSION_QUERY ? "?".FUSION_QUERY : "");

$link = preg_replace("^(&|\?)s_action=(edit|delete)&shout_id=\d*^", "", $link);

$sep = stristr($link, "?") ? "&" : "?";



if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "delete") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {

	if ((iADMIN && checkrights("S")) || (iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='".$_GET['shout_id']."' AND shout_name='".$userdata['user_id']."'"))) {

		$result = dbquery("DELETE FROM ".DB_SHOUTBOX." WHERE shout_id='".$_GET['shout_id']."'".(iADMIN ? "" : " AND shout_name='".$userdata['user_id']."'"));

	}

	redirect($link);

}



if (iMEMBER || $settings['guestposts'] == "1") {

	if (isset($_POST['post_shout'])) {

		$flood = false;

		if (iMEMBER) {

			$shout_name = $userdata['user_id'];

		} elseif ($settings['guestposts'] == "1") {

			$shout_name = trim(stripinput($_POST['shout_name']));

			$shout_name = preg_replace("(^[0-9]*)", "", $shout_name);

			if (isnum($shout_name)) { $shout_name = ""; }

			include_once INCLUDES."securimage/securimage.php";

			$securimage = new Securimage();

			if (!isset($_POST['sb_captcha_code']) || $securimage->check($_POST['sb_captcha_code']) == false) { redirect($link); }

		}

		$shout_message = str_replace("\n", " ", $_POST['shout_message']);

		$shout_message = preg_replace("/^(.{255}).*$/", "$1", $shout_message);

		$shout_message = trim(stripinput(censorwords($shout_message)));

		if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {

			$comment_updated = false;

			if ((iADMIN && checkrights("S")) || (iMEMBER && dbcount("(shout_id)", DB_SHOUTBOX, "shout_id='".$_GET['shout_id']."' AND shout_name='".$userdata['user_id']."'"))) {

				if ($shout_message) {

					$result = dbquery("UPDATE ".DB_SHOUTBOX." SET shout_message='$shout_message' WHERE shout_id='".$_GET['shout_id']."'".(iADMIN ? "" : " AND shout_name='".$userdata['user_id']."'"));

				}

			}

			redirect($link);

		} elseif ($shout_name && $shout_message) {

			require_once INCLUDES."flood_include.php";

			if (!flood_control("shout_datestamp", DB_SHOUTBOX, "shout_ip='".USER_IP."'")) {

				$result = dbquery("INSERT INTO ".DB_SHOUTBOX." (shout_name, shout_message, shout_datestamp, shout_ip) VALUES ('$shout_name', '$shout_message', '".time()."', '".USER_IP."')");

			}

		}

		redirect($link);

	}

	if (iMEMBER && (isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {

		$esresult = dbquery(

			"SELECT ts.*, tu.user_id, tu.user_name FROM ".DB_SHOUTBOX." ts

			LEFT JOIN ".DB_USERS." tu ON ts.shout_name=tu.user_id

			WHERE ts.shout_id='".$_GET['shout_id']."'"

		);

		if (dbrows($esresult)) {

			$esdata = dbarray($esresult);

			if ((iADMIN && checkrights("S")) || (iMEMBER && $esdata['shout_name'] == $userdata['user_id'] && isset($esdata['user_name']))) {

				if ((isset($_GET['s_action']) && $_GET['s_action'] == "edit") && (isset($_GET['shout_id']) && isnum($_GET['shout_id']))) {

					$edit_url = $sep."s_action=edit&shout_id=".$esdata['shout_id'];

				} else {

					$edit_url = "";

				}

				$shout_link = $link.$edit_url;

				$shout_message = $esdata['shout_message'];

			}

		} else {

			$shout_link = $link;

			$shout_message = "";

		}

	} else {

		$shout_link = $link;

		$shout_message = "";

	}



$result = dbquery(

	"SELECT ts.*, tu.user_id, tu.user_name FROM ".DB_SHOUTBOX." ts

	LEFT JOIN ".DB_USERS." tu ON ts.shout_name=tu.user_id

	ORDER BY ts.shout_datestamp DESC LIMIT 0,".$settings['numofshouts']

);

	

echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\">

<tr>

	<td width=\"50\" height=\"90\">

	

<a href=\"#\" onMouseover=\"moveup()\" onMouseout=\"clearTimeout(moveupvar)\">^</a> 

<a href=\"#\" onMouseover=\"movedown()\" onMouseout=\"clearTimeout(movedownvar)\">V</a>	

	

	</td>

	<td width=\"320\" height=\"90\">

	

	

	<script type='text/javascript' src='".INFUSIONS."shoutbox_panel/js/lighttable.js' language='Javascript'></script>

	<script type=\"text/javascript\">

		iens6=document.all||document.getElementById

		ns4=document.layers

		//specify speed of scroll (greater=faster)

		var speed=5

		if (iens6){

			document.write('<div id=\"container\" style=\"position:relative;width:310px;height:80px;border:0px solid #444444;overflow:hidden\">')

			document.write('<div id=\"content\" style=\"position:absolute;width:300;left:0;top:0\">')

		}

	</script>

	<ilayer name=\"nscontainer\" width=310 height=80 clip=\"0,0,277,400\">

	<layer name=\"nscontent\" width=310 height=80 visibility=hidden>";



if (dbrows($result) > 0) {

	while ($data = dbarray($result)) {

		echo "";

		$user = "".$data['user_prefix'].$data['user_name']."";

		if ($data['user_name']) {

			echo "<u><a href='".BASEDIR.'profile.php?lookup='.$data['user_id']."' class='side'>$user</a></u>";

		} else {

			echo "<u>".$gouest_opt['user_prefix'].$data['shout_name']."</u>";

		}

      echo "

<span class='shoutboxdate' style='font-size:8;'><i>".showdate("shortdate", $data['shout_datestamp'])."</i></span><br>";

		$mes = str_replace(" [", "[", $data[shout_message]);

		$mes = nl2br(parseubb(parsesmileys($mes)));

		echo "<span>".$mes ."</span><br>\n";

	}

} else {

      echo "<div>".$locale['127']."</div>\n";

} // end: if (dbrows($result) > 0) {

echo "

  	</layer></ilayer><script language=\"JavaScript1.2\">

   if (iens6) {

     	document.write('</div></div>')

   }

   </script>";



echo "

	<script language=\"JavaScript1.2\">

   	if (iens6) {

      	var crossobj=document.getElementById? document.getElementById(\"content\") : document.all.content

       	var contentheight=crossobj.offsetHeight

      } else if (ns4) {

       var crossobj=document.nscontainer.document.nscontent

       var contentheight=crossobj.clip.height

		}



		function movedown() {

			if (iens6 && parseInt(crossobj.style.top) >= (contentheight*(-1)+100)) {

				crossobj.style.top = parseInt(crossobj.style.top) - speed + \"px\"

			} else if (ns4 && crossobj.top >= (contentheight * (-1) + 100)) {

				crossobj.top -= speed

			}

			movedownvar = setTimeout(\"movedown()\",20)

		}



		function moveup() {

			if (iens6 && parseInt(crossobj.style.top) <= 0) {

				crossobj.style.top=parseInt(crossobj.style.top) + speed + \"px\"

			} else if (ns4 && crossobj.top <= 0) {

				crossobj.top += speed

			}

			moveupvar=setTimeout(\"moveup()\",20)

		}



		function getcontent_height() {

			if (iens6) {

				contentheight=crossobj.offsetHeight

			} else if (ns4) {

				document.nscontainer.document.nscontent.visibility=\"show\"

			}

		}

		window.onload=getcontent_height

	</script>";

}	

	

	echo "</td>

</tr>

</table>";