Services Offline"; ob_end_flush(); exit(); } if ($uptime = exec('uptime')) { preg_match("/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/", $uptime, $regs); $load = $regs[1]; if($load >= $config['services_max_load']) { echo "Services Overloaded"; ob_end_flush(); exit(); } } if ($user_id=="security.png") { $capt = new captchaZDR; $capt->display(); exit; } // Page load time $load = new pageLoad;//Here is the point where // Load template engine $template = new template(); // Connect to MySQL $mysql = new mysql(); $connection = $mysql->connect($config['sql_server'], $config['sql_user'], $config['sql_pass'], $config['sql_db']); $user_id = $mysql->escape_string($user_id); $query = $mysql->query("SELECT `id`, `rank` FROM `main_data` WHERE `id`='$user_id'", "Check Username"); $error_response["name"]["100"] = "Name required"; $error_response["subject"]["100"] = "Subject required"; $error_response["email"]["100"] = "Email address required"; $error_response["email"]["102"] = "Invalid email address"; $error_response["message"]["100"] = "Message required"; $error_response["capt"]["100"] = "Security code required"; if ($mysql->num_rows($query)>0) { $service = "feedback"; $query = $mysql->query("SELECT `service` FROM `services_stats` WHERE `date`='$date' AND `service`='$service';", "Search Service Stats"); if ($mysql->num_rows($query)=="0") { $mysql->query("INSERT INTO `services_stats` (`service`, `hits`, `date`) VALUES ('$service', '1', '$date')", "Insert Service Stat"); } else { $mysql->query("UPDATE `services_stats` SET `hits` = `hits`+1 WHERE `date`='$date' AND `service`='$service';", "Update Service Stats"); } $query = $mysql->query("SELECT `user_id` FROM `services_stats_users` WHERE `date`='$date' AND `service`='$service' AND `user_id`='$user_id';", "Search Service Stats User"); if ($mysql->num_rows($query)=="0") { $mysql->query("INSERT INTO `services_stats_users` (`service`, `user_id`, `hits`, `date`) VALUES ('$service', '$user_id', '1', '$date')", "Insert Service Stat User"); } else { $mysql->query("UPDATE `services_stats_users` SET `hits` = `hits`+1 WHERE `date`='$date' AND `service`='$service' AND `user_id`='$user_id';", "Update Service Stats User"); } $query = $mysql->query("SELECT `email`, `return_url`, `allowed_refs` FROM `feedback_data` WHERE `id`='$user_id'", "Get Settings"); if ($mysql->num_rows($query)>0) { if (count($_POST)>0) { $validator = new Validator($_POST); $validator->filledIn("name"); $validator->filledIn("email"); $validator->filledIn("subject"); $validator->filledIn("message"); $validator->filledIn("capt"); $validator->email("email"); $errors = $validator->getErrors(); $error_id = $validator->getId(); if (count($errors)>0) { $error = form_errors($errors); } else { $capt = new captchaZDR; if($capt->check_result()) { $r = $mysql->fetch_array($query); $arr = explode(",", "veroweb.com,feedback.veroweb.com," . $r['allowed_refs']); $refer = str_replace("www.", "", parse_url($_SERVER['HTTP_REFERER'])); if (in_array($refer['host'], $arr)) { $log_ip = get_ip(); $log_date = date("Y-m-d H:i:s", time()-60); $query = $mysql->query("SELECT `date` FROM `feedback_logs` WHERE `member_id`='{$user_id}' AND `ip`='{$log_ip}' AND `date` >= '{$log_date}'", "Flood filter"); if ($mysql->num_rows($query)=="0") { $name = $mysql->escape_string($_POST['name']); $email = $mysql->escape_string($_POST['email']); $subject = $mysql->escape_string($_POST['subject']); $refer = $mysql->escape_string($_SERVER['HTTP_REFERER']); $browser = $mysql->escape_string($_SERVER['HTTP_USER_AGENT']); $ip_addr = gethostbyaddr($log_ip); $log_date = date("Y-m-d H:i:s"); $mysql->query("INSERT INTO `feedback_logs` (`id` ,`member_id` ,`name` ,`subject` ,`email` ,`message` ,`browser` ,`ip` ,`ip_addr` ,`date` ,`refer`) VALUES (NULL , '$user_id', '$name', '$subject', '$email', '$message', '$browser', '$log_ip', '$ip_addr', '$log_date', '$refer');", "Insert Log"); //$message = "$message\n\n-----------------------------------------------------\nIf this is a SPAM message please click the link below\nhttp://www.veroweb.com/?robot=report&service=feedback&id=".$id."&rid=".ip2int($_SERVER['REMOTE_ADDR']); $message = htmlentities($_POST['name']). " sent you the following message\n\n" . htmlentities($_POST['message']); $subject = htmlentities($_POST['subject']); mail($r['email'], "Veroweb.com Feedback [Subject: {$subject}]", "$message", "From: <{$_POST['email']}>\n". "Reply-To: <{$_POST['email']}>\n"); if (!empty($r['return_url'])) { header("Location: " . rawurldecode($r['return_url'])); exit; } else { $error = "

Email sent

Your message was sent! Click here to return to the prevous page.

\n"; } } else { $r = $mysql->fetch_array($query); $wait_time = 60-(time()-strtotime($r['date'])); $error = "

There were some problems

You may only send one email every 60 seconds. Please wait {$wait_time} seconds and try again.

\n"; } } else { $error = "

There were some problems

Invalid referring domain: {$refer['host']}

\n"; } } else { $error = "

There were some problems

Security code incorrect

\n"; } } } $form = new form; $print = $form->form_start("feedback", "/$user_id", "POST"); $print .= $form->form_text("Name", "name", $_POST['name'], 10, "class=\"text\"", "*"); $print .= $form->form_text("Email", "email", $_POST['email'], 10, "class=\"text\"", "*"); $print .= $form->form_text("Subject", "subject", $_POST['subject'], 10, "class=\"text\"", "*"); $print .= $form->form_textarea("Message", "message", "5", "15", $_POST['message'], "class=\"text\""); $print .= $form->form_captcha("Security Code", "/security.png?" . rand(10000,99999)); $print .= $form->form_text("Enter Security Code", "capt", "", 40, "class=\"text\"", "*"); $print .= $form->form_go("Submit", "Clear"); $print .= $form->form_end(); $vars["errors"] = $error; $vars["form"] = $print; $template->display("./temp.tpl", $vars); } else { echo "The feedback service for $user_id, has not been properly setup."; } } else { echo "Error: Username '$user_id' not found. If you wish you use this service please click here."; } ob_end_flush(); $mysql->close(); ?>