PHP Code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>{hotelName} - News</title>
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=138881106159184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
<script type="text/javascript">
document.habboLoggedIn = true;
var habboName = "{username}";
var habboId = "{userid}";
var habboReqPath = "";
var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
var habboPartner = "";
var habboDefaultClientPopupUrl = "{url}/client";
window.name = "habboMain";
if (typeof HabboClient != "undefined") {
HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
HabboClient.maximizeWindow = true;
}
</script>
<!--[if IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
<![endif]-->
<!--[if lt IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
<![endif]-->
<!--[if lt IE 7]>
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
<script type="text/javascript">
try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
</script>
<style type="text/css">
body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
</style>
<![endif]-->
</head>
<body id="news">
<div id="overlay"></div>
<div id="header-container">
<div id="header" class="clearfix">
<h1><a href="http://shockhotel.com/"></a></h1>
<div id="subnavi">
<div id="subnavi-user">
<ul>
<li id="myfriends"><a href="#"><span>My Friends</span></a><span class="r"></span></li>
<li id="mygroups"><a href="#"><span>My Groups</span></a><span class="r"></span></li>
<li id="myrooms"><a href="#"><span>My Rooms</span></a><span class="r"></span></li>
</ul>
</div>
<div id="subnavi-search">
<div id="subnavi-search-upper">
<ul id="subnavi-search-links">
<u><li><a href="http://shockhotel.com/logout" style="color:#000">Logout</a></li></u>
</ul>
</div>
</div>
<div id="to-hotel">
<a href="{url}/api.php" class="new-button green-button" target="eac955c8dbc88172421193892a3e98fc7402021a" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter Strike Hotel</b><i></i></a>
</div>
</div>
<ul id="navi">
<li class="metab"><a href="{url}/me">{username}</a><span></span></li>
<li class="selected"><strong>Community</strong><span></span></li>
<li><a href="{url}/vip">VIP</a><span></span></li>
<li><a href="{url}/404">Coming Soon! ({vip_points}p)</a><span></span></li>
</ul>
<div id="habbos-online">
<div id="content">
<div class="cbb ">
<span>{online} members online</span></div>
</div>
</div>
</div>
</div>
</div>
<?php
if( $_GET['id'] ) {
$query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");
$array = mysql_fetch_assoc( $query );
}
if( $_GET['id'] ) {
$query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '".filter($_GET['id'])."'");
$array = mysql_fetch_assoc( $query );
}
?>
<div id="content-container">
<div id="navi2-container" class="pngbg">
<div id="navi2" class="pngbg clearfix">
<ul>
<li><a href="{url}/community">Community</a></li>
<li class="selected">☆ News☆</li>
<li><a href="{url}/staff">Staff</a></li>
<li><a href="{url}/topstats">Top User Stats</a></li>
<li class=" last"><a href="{url}/expert">eXperts</a></li>
</ul>
</div>
</div>
<div id="container">
<div id="content" style="position: relative" class="clearfix">
<div id="column1" class="column">
<div class="habblet-container ">
<div class="cbb clearfix red ">
<h2 class="title">News</h2>
<div id="article-archive">
<ul>
{newsList}
</ul>
</div>
</div>
</div>
<script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
</div>
<div id="column2" class="column">
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper">
<h2>{newsTitle} </h2>
<div class="article-meta">Posted {newsDate}</div>
<p class="summary">{newsTitle}</p>
<div class="article-body">
{newsContent}
<script type="text/javascript" language="Javascript">
document.observe("dom:loaded", function() {
$$('.article-images a').each(function(a) {
Event.observe(a, 'click', function(e) {
Event.stop(e);
Overlay.lightbox(a.href, "Image is loading");
});
});
$$('a.article-2729').each(function(a) {
a.replace(a.innerHTML);
});
});
</script>
</div>
</div>
</div>
</div>
<?php
if(isset($_POST['post_comment']))
$posted_on = date("M j, Y g:i A");
if (empty($_POST['comment']))
$_POST['comment'] = '';
$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
//define("ERROR", "You have to type in a reply!<br /><br />");
//$error_message = 'You have to type in a reply!<br /><br />';
}else{
if (isLogged)
{
mysql_query("INSERT INTO cms_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['user']['id']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');") or die(mysql_error());
define('SUCCESS', 'You have successfully posted a comment on this news article!');
define("ERROR", "<br>Thanks for your reply!<br />");
//$error_message = 'Thanks for your reply!<br /><br />';
}
}
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if($userPosts >= 1)
{
define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
<?php echo SUCCESS; ?><br />
</div>
<div> </div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
<?php echo ERROR; ?><br />
</div>
<div> </div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>
<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM cms_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if(mysql_num_rows($getComments) == 0) {
echo "No comments for this article!";
} else {
echo '<table width="528px">';
while($Comments = mysql_fetch_array($getComments)){
$getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
$userInfo = mysql_fetch_array($getUserInfo);
echo '
<tr>
<td width="90px" valign="top"></div>
<div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
<div style="float:left"><img position:absolute; src="http://www.habbo.nl/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
';
if($userInfo['rank'] >= 5) {
echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/album1584/ADM.gif"></div>';
}
if($userInfo['rank'] == 3) {
echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
}
if($userInfo['rank'] == 4) {
echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/XXX.gif"></div>';
}
if($userInfo['rank'] == 2) {
echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/badges/VIP.gif"></div>';
}
if($userInfo['rank'] == 1) {
echo '<div style="position: absolute; z-index:1"><img src="{url}/lid.png"></div>';
}
echo '
</td>
<td width="427px" valign="top">
<i><a href="/me">'.$userInfo['username'].' </a></i>
<br /><br />'.$Comments['comment'].'
</td>
</tr>
<tr>
<td width="80px" valign="top">
</td>
<td width="400px" align="right">
</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>
</td>
</tr>';
}
echo '</table>';
}
?></div> </div> </div> </div>
</div>
</div>
</div>
</div>
<script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
<script type="text/javascript">
HabboView.run();
</script>
<!--[if lt IE 7]>
<script type="text/javascript">
Pngfix.doPngImageFix();
</script>
<![endif]-->
<div id="footer" >
<?php include "app/tpl/skins/Habbo/inc/footer.php"; ?>
</div>
</body>
</html>
-- Table structure for `cms_comments`
-- ----------------------------
DROP TABLE IF EXISTS `cms_comments`;
CREATE TABLE `cms_comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`article` int(11) NOT NULL,
`userid` int(11) NOT NULL,
`comment` varchar(500) NOT NULL,
`posted_on` varchar(150) NOT NULL DEFAULT '',
`author` varchar(255) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=latin1;
Screenshots:
Credits:
Sledmore: Cleaning up the exploits.
Holmes: Pin pointing error.
Me: Putting this all together and making it work for everyone and SQL and fixing html up.
Pythonx19 or someshit: Making the whole thing.