<%@ page import="java.sql.*,java.io.*,java.net.*,java.util.*" errorPage="error.jsp" autoFlush="true" buffer="256kb" contentType="text/html; charset=windows-1251" %> <% response.sendRedirect("guestbook.php"); if (response == response) return; %> Ергаки - Гостевая книга <%! static int pageSize = 10; Connection db; PreparedStatement selectGuestbook, selectRecords, addRecord, removeRecord, addAnswer; public void jspInit() { try { DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver()); db = DriverManager.getConnection("jdbc:oracle:thin:GB/gb86753099@info.krasu.ru:1521:PORTAL"); selectGuestbook = db.prepareStatement("SELECT id,quantity FROM Guestbook WHERE name=?"); selectRecords = db.prepareStatement("SELECT pos,name,email,url,message,to_char(when_added,'hh24:mi dd.mm.yyyy'),answer_message FROM GuestbookRecord WHERE book_id=? AND pos=? ORDER BY pos DESC"); addRecord = db.prepareStatement("begin add_record(?,?,?,?,?); end;"); removeRecord = db.prepareStatement("begin remove_record(?,?); end;"); addAnswer = db.prepareStatement("begin add_answer(?,?,?); end;"); } catch(Exception e) { } } public void jspDestroy() { try {db.close();} catch(Exception e) { } } static int str2int(String s, int def) { try {return Integer.parseInt(s);} catch(Exception e) {return def;} } void fail(String msg) throws Exception { throw new Exception(msg); } public static String changeAll(String s, String sub, String nsub) { if(s == null || sub == null || nsub == null) return s; int n = 0, old = 0, L = sub.length(), LL = s.length(); StringBuffer buf = new StringBuffer(2 * LL + 1); while(old < LL) { old = n; n = s.indexOf(sub,old); if(n == -1) break; buf.append(s.substring(old,n)); buf.append(nsub); n += L; } if(old == 0) return s; if(old < LL) buf.append(s.substring(old)); return buf.toString(); } static String getResource(String url) throws IOException { InputStream in = new URL(url).openStream(); byte[] buf = new byte[65535]; int len; StringBuffer sb = new StringBuffer(); while ((len = in.read(buf)) > 0) sb.append(new String(buf,0,len,"windows-1251")); in.close(); return sb.toString(); } static void filter (String message, String url, String email, String name) throws ServletException, IOException { //if (url != null && name != null && url.matches("^.*\\d{6,}\\.html?$") && name.matches("^[A-Za-z]{3,}$")) // throw new ServletException("Некорректное сообщение"); } static String generatePassword() { int len = 2; String chars = "0123456789"; StringBuffer password = new StringBuffer(); Random random = new Random(System.currentTimeMillis()); for (int n = 0; n < len; n++) password.append(chars.charAt(random.nextInt(chars.length()))); return password.toString(); } static String cleanMessage(String message) { if (message == null) return null; String lmessage = message.toLowerCase(); return lmessage.indexOf("= 0 || lmessage.indexOf("= 0 ? null : changeAll(changeAll(changeAll(changeAll(message,"&","&"), "<", "<"), ">", ">"), "\n", "
"); } %> <%=getResource("http://ergaki.krasu.ru/header.inc")%>


Здесь вы можете поделиться со всеми своими впечатлениями о Ергаках, а также высказать предложения и замечания по сайту Ергаки. Желающие могут получать 20 последних сообщений в формате RSS: .

<% request.setCharacterEncoding("windows-1251"); ResultSet rs = null; int size = 0, ppage = 0, pos = -1; String book = null, name = null, email = null, url = null, message = null, action = null, password = null, real_password = null; boolean admin = request.getRemoteAddr() != null && (request.getRemoteAddr().equals("80.250.188.11") || request.getRemoteAddr().equals("172.17.16.13")); for (int tries = 0; tries < 2; tries++) try { book = request.getParameter("book"); name = request.getParameter("name"); email = request.getParameter("email"); url = request.getParameter("url"); message = request.getParameter("message"); action = request.getParameter("action"); size = str2int(request.getParameter("size"),pageSize); pos = str2int(request.getParameter("pos"),-1); ppage = str2int(request.getParameter("page"),1) - 1; password = request.getParameter("a"); real_password = request.getParameter("bb"); if (size < 1) size = pageSize; if (ppage < 0) ppage = 0; if (book == null) book = "ergaki"; selectGuestbook.setString(1,book); rs = selectGuestbook.executeQuery(); break; } catch (Exception e) {jspInit();} filter(message, url, email, name); if (!rs.next()) fail("incorrect book's name"); int bookID = rs.getInt(1), quantity = rs.getInt(2); rs.close(); message = cleanMessage(message); if (message != null && message.length() > 0 && password != null && real_password != null && !password.equals("") && real_password.equals(password)) { ppage = 0; addRecord.setInt(1,bookID); addRecord.setString(2,name); if (email != null && email.indexOf('@') < 0) email = null; addRecord.setString(3,email); if (url != null && !(url.startsWith("http://") && url.length() > 7)) url = null; addRecord.setString(4,url); addRecord.setString(5,message); addRecord.executeUpdate(); quantity++; } if (action != null && action.equals("remove") && admin) { removeRecord.setInt(1,bookID); removeRecord.setInt(2,pos); if (pos != -1) removeRecord.executeUpdate(); } if (action != null && action.equals("answer") && admin) { addAnswer.setInt(1,bookID); addAnswer.setInt(2,pos); addAnswer.setString(3,request.getParameter("answer")); addAnswer.executeUpdate(); } int pages = (quantity / size) + (quantity % size != 0 ? 1 : 0); if (ppage >= pages) ppage = pages - 1; %> <% selectRecords.setInt(1,bookID); selectRecords.setInt(2,quantity-ppage*size); selectRecords.setInt(3,quantity-(ppage+1)*size); rs = selectRecords.executeQuery(); if (pages > 1) { ppage++; if (ppage > 1) {%>
<< <%} else {%>
<< <%} for (int p = 1; p <= pages; p++) if (p != ppage) {%><%=p%> <%} else {%><%=p%> <%} if (ppage < pages) {%>>>
<%} else {%>>>
<%} } %>
<% while (rs.next()) { String s0 = rs.getString(1), s1 = rs.getString(2), s2 = rs.getString(3), s3 = rs.getString(4), s4 = rs.getString(5), s5 = rs.getString(6), s6 = rs.getString(7); // pos,name,email,url,message,date,answer_message //if (s1 != null) s1 = new String(s1.getBytes("windows-1251")); //if (s4 != null) s4 = new String(s4.getBytes("windows-1251")); //if (s6 != null) s6 = new String(s6.getBytes("windows-1251")); String who = s1 == null ? "некто" : s1; String remove = admin ? " /удалить/ " : ""; String answer_message = (s6 == null ? "" : changeAll(changeAll(s6,"\"","\\\0x22"),"'","\'")); String answer = admin ? " /ответить/ " : ""; if (s2 != null) who = "" + who + ""; %><% if (s6 != null) {%><%} %><% } %>
<%=who%> оставил(а) сообщение в <%=s5%>
<% if (s3 != null) {%>он(а) же оставил(а) ссылку: <%=s3%>
<%} %>
<%=s4%><%=remove%><%=answer%>
<%=s6%>
<% rs.close(); String generated_password = generatePassword(); %>
Добавить сообщение

имя
e-mail
url
введите <%=generated_password%>
(защита от спама)

   
<%=getResource("http://ergaki.krasu.ru/tail.inc")%>