<?PHP

include ( 'includes/mysql.php' ) ;

$action = ( empty ( $_GET [ 'a' ] ) ) ? "" : $_GET [ 'a' ] ;

switch ( $action )

{

case "avcheck" :

$avatar = $_GET [ 'av' ] ;

$er = "Error: Avatar doesnt exist" ;

if ( $avatar == "Your avatar name" ) die ( $er ) ;

if ( ! preg_match ( '/^[a-z|A-Z|0-8]+$/' , $avatar ) ) die ( $er ) ;

if ( ! avExists ( $avatar ) ) die ( $er ) ;

else die ( "Nice name :) Thanks for visiting, <i>" . $avatar . "</i>." ) ;

break ;

case "avset" ;

$avatar = $_GET [ 'av' ] ;

setcookie ( "avatarname" , $avatar ) ;

break ;

case "all" :

$q = mysql_query ( "SELECT * FROM " . table ( ) . " WHERE deleted = '0' ORDER BY id DESC" ) ;

if ( ! $q ) die ( "Error: " . mysql_error ( ) ) ;

else if ( mysql_num_rows ( $q ) == 0 ) die ( "No comments" ) ;

else {

while ( $r = mysql_fetch_array ( $q ) ) {

$avatar = $r [ 'owner' ] ;

$time = $r [ 'time_created' ] ;

$msg = unsqlstr ( $r [ 'message' ] ) ;

$avpic = "http://www.imvu.com/catalog/web_av_pic.php?av=" . $avatar ;

$time_ago = setTimeAgo ( $time ) ;

echo '<div class="status-box">

<div class="status-pic">

<img src="' . $avpic . '" alt="' . $avatar . '" />

</div>

<div class="status-msg">

<div class="avatar-title">

<p>' . $avatar . '</p>' ;

if ( $r [ 'ipaddr' ] == $_SERVER [ 'REMOTE_ADDR' ] && $_COOKIE [ 'avatarname' ] == $r [ 'owner' ] )

echo '<a href="#" onClick="Control.RemoveStatus(\'' . $r [ 'hash_id' ] . '\')">Remove</a>' ;

echo '</div>

<p class="msg">' . htmlspecialchars ( $msg ) . '</p>

<p style="color:#666">' . date ( "d/m/Y H:i" , $time ) . '</p>

</div>' ;

$hash = $r [ 'hash_id' ] ;

$qc = mysql_query ( "SELECT * FROM " . tablec ( ) . " WHERE status_id = ' $hash ' AND deleted = '0' " ) ;

if ( ! $qc ) {

if ( strstr ( mysql_error ( ) , 'exist' ) ) {

create_table ( ) ;

continue ;

}

else die ( "Failed to get comments because: " . mysql_error ( ) . "<br />" ) ;

}

else if ( mysql_num_rows ( $qc ) > 0 ) {

while ( $rc = mysql_fetch_array ( $qc ) ) {

echo '<!-- Comment start -->

<div class="comment-box">

<div class="status-pic">

<img src="http://www.imvu.com/catalog/web_av_pic.php?av=' . $rc [ 'owner' ] . '" alt="' . $rc [ 'owner' ] . '" />

</div>

<div class="comment-comment">

<div class="avatar-title">

<p>' . $rc [ 'owner' ] . '</p>' ;

if ( $r [ 'ipaddr' ] == $_SERVER [ 'REMOTE_ADDR' ] && $_COOKIE [ 'avatarname' ] == $r [ 'owner' ] )

echo '<a href="#" onClick="Control.RemoveComment(\'' . $rc [ 'comment_id' ] . '\')">Remove</a>' ;

echo '</div>

<p>' . $rc [ 'message' ] . '</p>

<p style="color:#666">' . date ( "d/m/Y H:i" , $rc [ 'time_created' ] ) . '</p>

</div>

</div>

<!-- Comment end -->' ;

}

}

echo '<div class="status-comment-box">

<input type="text" name="' . $r [ 'hash_id' ] . '" class="textbox" />

<input type="button" name="submit_status" onclick="Control.Comment(\'' . $r [ 'hash_id' ] . '\');" class="btny" />

</div>

</div>' ;

}

}

break ;

case "new" :

foreach ( $_POST as $n => $v )

$_POST [ $n ] = sqlstr ( $v ) ;

$msg = $_POST [ 'message' ] ;

$avatar = $_COOKIE [ 'avatarname' ] ;

if ( ! avExists ( $avatar ) ) die ( " \" " . $avatar . " \" does not exist" ) ;

//get id

$q = mysql_query ( "SELECT * FROM " . table ( ) ) ;

if ( ! $q ) die ( "Error getting ID: " . mysql_error ( ) ) ;

else $id = mysql_num_rows ( $q ) ;

$hash_id = substr ( sha1 ( rand ( ) ) , 0 , 10 ) ;

$ipaddr = $_SERVER [ 'REMOTE_ADDR' ] ;

$time_created = time ( ) ;

$q = mysql_query

( "INSERT INTO " . table ( ) . " VALUES (' $id ', ' $hash_id ', ' $msg ', ' $avatar ', ' $ipaddr ', ' $time_created ', '0', null);" ) ;

if ( ! $q ) die ( "Error updating status: " . mysql_error ( ) ) ;

else {

die ( "Updated" ) ;

}

break ;

case 'comment' :

if ( empty ( $_POST [ 'status_id' ] ) || empty ( $_POST [ 'message' ] ) )

die ( "Invalid comment" ) ;

$id = $_POST [ 'status_id' ] ;

$msg = $_POST [ 'message' ] ;

$comment_id = md5 ( rand ( ) ) ;

$owner = $_COOKIE [ 'avatarname' ] ;

$time_created = time ( ) ;

$ipaddr = $_SERVER [ 'REMOTE_ADDR' ] ;

$q = mysql_query ( "INSERT INTO " . tablec ( ) . " VALUES (' $comment_id ', ' $id ', ' $msg ', ' $owner ', ' $ipaddr ', ' $time_created ', '0', null)" ) ;

if ( ! $q ) die ( mysql_error ( ) ) ;

else die ( "Commented!" ) ;

break ;

case 'rs' :

$id = $_POST [ 'status_id' ] ;

//check if status belongs to you

$q = mysql_query ( "SELECT * FROM " . table ( ) . " WHERE hash_id = ' $id ' AND ipaddr = '" . $_SERVER [ 'REMOTE_ADDR' ] . "'" ) ;

if ( ! $q ) die ( mysql_error ( ) ) ;

else if ( mysql_num_rows ( $q ) == 0 ) die ( "Error: This status doesn't belong to you" ) ;

else {

$q = mysql_query ( "UPDATE " . table ( ) . " SET deleted = '1', time_deleted = '" . time ( ) . "' WHERE hash_id = ' $id ' AND ipaddr = '" . $_SERVER [ 'REMOTE_ADDR' ] . "'" ) ;

if ( ! $q ) die ( "Error deleting: " . mysql_error ( ) ) ;

else die ( "Status removed" ) ;

}

break ;

case 'rc' :

$id = $_POST [ 'comment_id' ] ;

//check if status belongs to you

$q = mysql_query ( "SELECT * FROM " . tablec ( ) . " WHERE comment_id = ' $id ' AND ipaddr = '" . $_SERVER [ 'REMOTE_ADDR' ] . "'" ) ;

if ( ! $q ) die ( mysql_error ( ) ) ;

else if ( mysql_num_rows ( $q ) == 0 ) die ( "Error: This comment doesn't belong to you" ) ;

else {

$q = mysql_query ( "UPDATE " . tablec ( ) . " SET deleted = '1', time_deleted = '" . time ( ) . "' WHERE comment_id = ' $id ' AND ipaddr = '" . $_SERVER [ 'REMOTE_ADDR' ] . "'" ) ;

if ( ! $q ) die ( "Error deleting: " . mysql_error ( ) ) ;

else die ( "Comment removed" ) ;

}

break ;

default : break ;

}

function setTimeAgo ( $x ) {

$t = 0 ;

if ( $x <= 60 ) $t = "About a minute ago" ;

else if ( $x > 60 && $x < 3600 ) $t = number_format ( $x / 60 ) . " minutes ago" ;

else if ( $x <= 3600 ) $t = "1 hour ago" ;

else if ( $x > 3600 /*&& $x<86400*/ ) {

$hours = $x / 60 / 60 ;

$t = $hours . " hours ago" ;

}

return $t ;

}

function AvExists ( $avatar ) {

$url = "http://avatars.imvu.com/" . $avatar ;

$url_contents = file_get_contents ( $url ) ;

if ( strstr ( $url_contents , 'IMVU login' ) ) return false ;

else return true ;

}