Help php, violazione database

[redevilduil]

Salve, avrei un piccolo problema .
Alcuni amici mi segnalano un bug che consente la lettura dei "pvt" o semplicemente dei messaggi di chat, anche se si viene bannato e senza effettuare login.
Io personalmente ho provato in tutti i modi a trovare tale bug senza esito positivo .
Priorità alla lettura di messaggi privati vi posto qui il file : chat.php spero di aver postato tutto in modo giusto
Il seguente codice usa una protezione di reindirizzamento se si prova ad apire il file txt

Posto qui link del sito per eventuale test http://chattapeople.altervista.org/index.php
nick = user
passw = user

<?php
 session_start();
 header ("cache-control: no-cache, must-revalidate");
 header ("cache-control: no-cache, must-revalidate");
 header("Cache-control: private");
 header ("pragma: no-cache");
 error_reporting(0);
 if(!isset($_SESSION["login"]))
 {header("location: index.php"); exit;}
 if(!isset($_COOKIE['PHPSESSID']))
 if(!isset($_COOKIE['PHPSESSID']))
 {header("location: avviso.php?page=nocookie"); exit;}
 $tm_start = array_sum(explode(' ', microtime()));
 @require_once("setting.inc.php");
 @require_once("detect.inc.php");
 @require_once("bann.inc.php");
 $login=$_SESSION["login"];

 if(@file_exists("database/".$suff."_shout.txt") AND isset($_GET['shout'])){
 $var=@file("database/".$suff."_shout.txt");
 $riga=trim($var[0]);
 $dati=explode("||",$riga);
 $id=trim($dati[2]);
 $var=@fopen($suff."_shout".$id."/$login.txt","w+");
 @fwrite($var,"");
 @fclose($var);
 }

 if(@file_exists($suff."_deletenick/$login.txt"))
 {
 unset($_SESSION['login']);
 @unlink($suff."_deletenick/$login.txt");
 setcookie("nick","", time()-20000000);
 setcookie("pwd","", time()-20000000);
 if(@file_exists($suff."_online1/$login.txt"))
 {@unlink($suff."_online1/$login.txt");}
 if(@file_exists($suff."_online2/$login.txt"))
 {@unlink($suff."_online2/$login.txt");}
 if(@file_exists($suff."_room/$login.txt"))
 {@unlink($suff."_room/$login.txt");}
 header("location: avviso.php?page=delnick"); exit;
 }

 if(!@file_exists($suff."_hid/$login.txt"))
 {//memorizzo azione=chat
 $var34=@fopen($suff."_azione/$login.txt","w+");
 @fwrite($var34,"CHAT");
 @fclose($var34);
 }
 //aggiorno statistiche
 if(isset($_GET['a']))
 {
 //aggiorno txt entrate
 $oggi=time();
 $g=date("d",$oggi);
 $m=date("m",$oggi);
 $a=date("y",$oggi);
 $settimana=date("D",$oggi);

 $ieri=mktime(0,0,0,$m,$g-2,$a);
 $ggieri=date("d",$ieri);
 $mmieri=date("m",$ieri);
 $aaieri=date("y",$ieri);

 $data=@time();
 $modcell="";
 if(isset($_SERVER["HTTP_X_DEVICE_USER_AGENT"]))
 {$modcell=htmlentities($_SERVER["HTTP_X_DEVICE_USER_AGENT"]);
 $modcell = str_replace(array("\r\n", "\r", "\n"), "", $modcell);
 $modcell = str_replace("|","", $modcell);}

 $cell="nondefinito";
 if(!empty($subno))
 {$cell=$subno;}
 if(!empty($h3g))
 {$cell=md5($h3g);}

 if($cell=="nondefinito" AND !empty($opera))
 {$cell=$opera;}
 $isp=gethostbyaddr($_SERVER['REMOTE_ADDR']);

 function ipCheck2() {

 if (getenv('HTTP_CLIENT_IP')) {
 $ip = getenv('HTTP_CLIENT_IP');
 }
 elseif (getenv('HTTP_X_FORWARDED_FOR')) {
 $ip = getenv('HTTP_X_FORWARDED_FOR');
 }
 elseif (getenv('HTTP_X_FORWARDED')) {
 $ip = getenv('HTTP_X_FORWARDED');
 }
 elseif (getenv('HTTP_FORWARDED_FOR')) {
 $ip = getenv('HTTP_FORWARDED_FOR');
 }
 elseif (getenv('HTTP_FORWARDED')) {
 $ip = getenv('HTTP_FORWARDED');
 }
 else {
 $ip = $_SERVER['REMOTE_ADDR'];
 }
 return $ip;
 }
 $ip= htmlspecialchars(ipCheck2());
 $ipproxy = $_SERVER["REMOTE_ADDR"];

 if($ip==$ipproxy)
 {$ipproxy="no proxy";}
 $variabile4=$login."||pwd||".$ipproxy."||".$ip."||".$modcell."||".$browser."||".$isp."||".$cell."||".$data;

 if (@!is_dir($suff."_controlentrate")) mkdir($suff."_controlentrate");
 $indirizzo = $suff."_controlentrate/$g"."$m"."$a.txt";
 $var888=@fopen("$indirizzo","a+");
 @fwrite($var888,$variabile4."\n");
 @fclose($var888);

 //elimino il file control entrate del giorno precedente se esiste
 if(@file_exists($suff."_controlentrate/"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_controlentrate/"."$ggieri"."$mmieri"."$aaieri.txt");}

 //aggiorno txt statistiche di oggi
 if (@!is_dir($suff."_statistic")) mkdir($suff."_statistic");
 if (@!is_dir($suff."_statistic/week")) mkdir($suff."_statistic/week");
 if (@!file_exists($suff."_statistic/week/weekend.txt"))
 {$tempoend=$oggi;
 $diff=0;
 switch($settimana)
 {
 case'Mon':
 $diff=6;
 break;

 case'Tue':
 $diff=5;
 break;

 case'Wed':
 $diff=4;
 break;

 case'Thu':
 $diff=3;
 break;

 case'Fri':
 $diff=2;
 break;

 case'Sat':
 $diff=1;
 break;

 case'Sun':
 $diff=0;
 break;
 }

 $tempoend=mktime(23,59,59,$m,$g+$diff,$a);

 $var868=@fopen($suff."_statistic/week/weekend.txt","w+");
 @fwrite($var868,$tempoend);
 @fclose($var868);

 }
 else
 {$var6667=@file($suff."_statistic/week/weekend.txt");
 $tempoend=trim($var6667[0]);}


 if(($oggi-$tempoend)>0)
 {
 @unlink($suff."_statistic/week/Mon.txt");
 @unlink($suff."_statistic/week/Tue.txt");
 @unlink($suff."_statistic/week/Wed.txt");
 @unlink($suff."_statistic/week/Thu.txt");
 @unlink($suff."_statistic/week/Fri.txt");
 @unlink($suff."_statistic/week/Sat.txt");
 @unlink($suff."_statistic/week/Sun.txt");
 @unlink($suff."_statistic/week/weekend.txt");
 }
 $rigat=0;
 if(@file_exists($suff."_statistic/week/$settimana.txt")){
 $var278=@file($suff."_statistic/week/$settimana.txt");
 $rigat=trim($var278[0]);}
 $rigatnew=($rigat+1);
 $var868=@fopen($suff."_statistic/week/$settimana.txt","w+");
 @fwrite($var868,$rigatnew);
 @fclose($var868);

 //memorizzo time entrata dell utente nel suo txt
 if (@!is_dir($suff."_time")) mkdir($suff."_time");
 if(!@file_exists($suff."_hid/$login.txt"))
 {
 $timestampatt = time();
 $percorso=$suff."_time/$login.txt";
 $var34=@fopen("$percorso","w+");
 @fwrite($var34,"$timestampatt");
 @fclose($var34);}

 //aggiorno statistiche accesso
 $oggi=time();
 $g=date("d",$oggi);
 $m=date("m",$oggi);
 $a=date("y",$oggi);

 $ieri=mktime(0,0,0,$m,$g-1,$a);

 $ggieri=date("d",$ieri);
 $mmieri=date("m",$ieri);
 $aaieri=date("y",$ieri);

 //elimino il file accessi del giorno precedente (se esiste)
 if(@file_exists($suff."_statoggi/"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file conta msg1 del giorno precedente
 if(@file_exists($suff."_statoggi/"."msg1_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/"."msg1_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file conta msg2 del giorno precedente
 if(@file_exists($suff."_statoggi/"."msg2_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/"."msg2_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file smile inseriti del giorno precedente (se esiste)
 if(@file_exists($suff."_statoggi/smile_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/smile_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file COMMENTI USER inseriti del giorno precedente (se esiste)
 if(@file_exists($suff."_statoggi/comm_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/comm_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file sondaggi inseriti del giorno precedente (se esiste)
 if(@file_exists($suff."_statoggi/sondaggi_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/sondaggi_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file POST BLOG inseriti del giorno precedente (se esiste)
 if(@file_exists($suff."_statoggi/post_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/post_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file LASTFOTO inserite nel giorno precedente (se esiste)
 if(@file_exists($suff."_statoggi/lastfoto_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/lastfoto_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file COMMFOTO inserite nel giorno precedente (se esiste)
 if(@file_exists($suff."_statoggi/commfoto_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/commfoto_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file ULTIMO REGISTRATO del giorno precedente
 if(@file_exists($suff."_statoggi/"."reg_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/"."reg_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file COMMENT BLOG del giorno precedente
 if(@file_exists($suff."_statoggi/"."commpost_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/"."commpost_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file BANN NICK del giorno precedente
 if(@file_exists($suff."_statoggi/"."bannick_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/"."bannick_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file NICK ELIMINATI del giorno precedente
 if(@file_exists($suff."_statoggi/"."nickdel_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/"."nickdel_"."$ggieri"."$mmieri"."$aaieri.txt");}

 //elimino il file POST FORUM del giorno precedente
 if(@file_exists($suff."_statoggi/forumpost_"."$ggieri"."$mmieri"."$aaieri.txt"))
 {@unlink($suff."_statoggi/forumpost_"."$ggieri"."$mmieri"."$aaieri.txt");}

 $entrata=1;
 if(@file_exists($suff."_statoggi/"."$g"."$m"."$a.txt"))
 {
 $var=@file($suff."_statoggi/"."$g"."$m"."$a.txt");
 $entrata=trim($var[0]);
 $entrata++;
 }

 $open = @fopen($suff."_statoggi/"."$g"."$m"."$a.txt","w+");
 @fwrite($open, $entrata);
 @fclose($open);
 /* */
 }

 if(isset($_GET['stato']) AND @file_exists($suff."_room/$login.txt"))
 {@unlink($suff."_room/$login.txt");}
 if (@file_exists($suff."_room/$login.txt"))
 {header("location: chat2.php"); exit;}

 if (@file_exists($suff."_online2/$login.txt"))
 {@unlink($suff."_online2/$login.txt");}

 function ipCheck() {

 if (getenv('HTTP_CLIENT_IP')) {
 $ip = getenv('HTTP_CLIENT_IP');
 }
 elseif (getenv('HTTP_X_FORWARDED_FOR')) {
 $ip = getenv('HTTP_X_FORWARDED_FOR');
 }
 elseif (getenv('HTTP_X_FORWARDED')) {
 $ip = getenv('HTTP_X_FORWARDED');
 }
 elseif (getenv('HTTP_FORWARDED_FOR')) {
 $ip = getenv('HTTP_FORWARDED_FOR');
 }
 elseif (getenv('HTTP_FORWARDED')) {
 $ip = getenv('HTTP_FORWARDED');
 }
 else {
 $ip = $_SERVER['REMOTE_ADDR'];
 }
 return $ip;
 }
 $ip= htmlspecialchars(ipCheck());
 $ipproxy = $_SERVER["REMOTE_ADDR"];
 $isp=gethostbyaddr($_SERVER['REMOTE_ADDR']);

 $cell="nondefinito";
 if(!empty($subno))
 {$cell=$subno;}
 if(!empty($h3g))
 {$cell=md5($h3g);}

 //controlli BANN
 if(bannbrowser($browser,$suff) OR bannnick($login,$ip,$ipproxy,$suff) OR banncell($cell,$suff) OR bannisp($isp,$suff))
 {
 unset($_SESSION);
 session_destroy();
 if(@file_exists($suff."_online1/$login.txt"))
 {@unlink($suff."_online1/$login.txt");}
 if(@file_exists($suff."_online2/$login.txt"))
 {@unlink($suff."_online2/$login.txt");}
 if(@file_exists($suff."_room/$login.txt"))
 {@unlink($suff."_room/$login.txt");}
 setcookie("bann","1", time()+20000000);
 header("location: avviso.php?page=bann");exit;}

 if(isset($_COOKIE["bann"]))
 {setcookie("bann","", time()-20000000);}

 $level=0;
 //controllo se membro STAFF
 if(@file_exists($suff."_staff/$login.txt"))
 {
 $level=@file($suff."_staff/$login.txt");
 $level=trim($level[0]);
 }

 //NEWMP
 $nonletto=0;
 if(@file_exists($suff."_mp/$login.txt"))
 {
 $mp=@file($suff."_mp/$login.txt");
 $totmp=count($mp);
 for($a=($totmp-1); $a>=0; $a--){
 $esplodo=explode("||",$mp[$a]);
 if($esplodo[2]==0)
 {$nonletto=1; break;}
 }//end for
 }
 if($nonletto==1){$newmp="newmail";}else{$newmp="mail";}
 ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link href=?favicon.ico? rel=?shortcut icon? type=?image/x-icon? />
<link rel="shortcut icon" href="favicon.ico" >
<link rel="icon" href="favicon.ico" >
<META http-equiv="Content-Type" content="text/html; charset=utf-8" >
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="0">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META NAME="KEYWORDS" CONTENT="chat,cellulari,mobile,telefonia,wap,chat gratuita,incontri,amicizia">
<META NAME="DESCRIPTION" CONTENT="Chat gratuita accessibile anche da cellulare">
<META NAME="ROBOTS" CONTENT="INDEX, FOLLOW">
<META NAME="REVISIT-AFTER" CONTENT="1 DAYS">
<META NAME="RATING" CONTENT="GENERAL">
<div align="center"style="background-color:  #66ffcc" "><font color="0000cc">Benvenuti in Amorexte</font></div>
<title><?php $titolo= utf8_encode ($title); echo $titolo; ?></title>
<link rel="stylesheet" type="text/css" href="stylechatcell.css">
<?php if($dispositivo=="PC"){
 echo "<script type='text/javascript' src='refresh.js'></script>"; ?>
<style type="text/css">
 body{

 background-image: url(sfondocell/stelle.gif);
 background-repeat: no repeat-y;
 }

 div.pic{float:left;margin: 0px;padding:0 0 12px 0;
 background: url(background.gif) no-repeat bottom center}

 div.pic img{display: block;border: 1px solid;
 border-color: #CCC #CCC #AAA #CCC;
 padding: 4px;background: #000000}
 .purple #slatenav{position:relative;display:block;height:42px;font-size:11px;font-weight:bold;background:transparent url(purpleslate_background.gif) repeat-x top left;font-family:Arial,Verdana,Helvitica,sans-serif;text-transform:uppercase;}
 .purple #slatenav ul{margin:0px;padding:0;list-style-type:none;width:auto;}
 .purple #slatenav ul li{display:block;float:left;margin:0 1px 0 0;}
 .purple #slatenav ul li a{display:block;float:left;color:#FBDAFA;text-decoration:none;padding:14px 22px 0 22px;height:28px;}
 .purple #slatenav ul li a:hover,.purple #slatenav ul li a.current{color:#fff;background:transparent url(purpleslate_backgroundOVER.gif) no-repeat top center;}
 .redslate #slatenav{position:relative;display:block;height:42px;font-size:11px;font-weight:bold;background:transparent url(redslate_background.gif) repeat-x top left;font-family:Arial,Verdana,Helvitica,sans-serif;text-transform:uppercase;}
 .redslate #slatenav ul{margin:0px;padding:0;list-style-type:none;width:auto;}
 .redslate #slatenav ul li{display:block;float:left;margin:0 1px 0 0;}
 .redslate #slatenav ul li a{display:block;float:left;color:#FBDAFA;text-decoration:none;padding:14px 22px 0 22px;height:28px;}
 .redslate #slatenav ul li a:hover,.redslate #slatenav ul li a.current{color:#fff;background:transparent url(redslate_backgroundOVER.gif) no-repeat top center;}
 .greenslate #slatenav{position:relative;display:block;height:42px;font-size:11px;font-weight:bold;background:transparent url(greenslate_background.gif) repeat-x top left;font-family:Arial,Verdana,Helvitica,sans-serif;text-transform:uppercase;}
 .greenslate #slatenav ul{margin:0px;padding:0;list-style-type:none;width:auto;}
 .greenslate #slatenav ul li{display:block;float:left;margin:0 1px 0 0;}
 .greenslate #slatenav ul li a{display:block;float:left;color:#000000;text-decoration:none;padding:14px 22px 0 22px;height:28px;}
 .greenslate #slatenav ul li a:hover,.greenslate #slatenav ul li a.current{color:#fff;background:transparent url(greenslate_backgroundOVER.gif) no-repeat top center;}
</style></head>
<?php } if($dispositivo=="PC" AND @file_exists($suff."_refresh/$login.txt")){echo "<body bgcolor='black' onLoad='self.document.form1.msg.focus(); startTimer();'>";}
 elseif($dispositivo=="PC"){echo "<body bgcolor='black' onLoad='self.document.form1.msg.focus();'>";}
 else{echo "<body bgcolor='black'>";} ?>
<?php if(!isset($_SERVER["HTTP_X_H3G_MSISDN"]) AND !isset($_SERVER["HTTP_X_OPERAMINI_PHONE"]) AND !isset($_SERVER["HTTP_X_MOBILE_GATEWAY"])){ ?>
<script type="text/javascript" src="wz_tooltip.js"></script><?php } ?>
<?php
if($dispositivo=="PC")
 {
?>

<?php echo "<strong>$titolo</strong>"; ?>
<div class="purple">
<div id="slatenav"><center>
<ul><li><div class="pic"><img src='size.php?x=80&y=80&src=logochat.jpg' border="0"></div></li>

<li><a href="opzioni.php">opzioni</a></li>

<li><a href='mp.php'><img src='<?php echo $newmp;?>.gif' border='0' alt='MP'></a></li>

<li><a href="admin.php" title="admin">Admin</a></li>

<li><a href="infoiconechat.php" title="Info delle icone della chat">INFO ICONE CHAT</a></li>

<?php if(@file_exists("database/cbrs87_validanick.txt"))
{$var2=@file("database/cbrs87_validanick.txt");
$i=count($var2);} if($level>1) echo "<li><a href='validanick.php' title='ValidaNick'><i>Valida Nick</i>[$i]</a></li>"; ?>

<li><a href="listasmile.php" title="Lista Smile">Smile</a></li>

<li><a href="gallery.php" title="Gallery CHAT">Gallery</a></li>

<li><a href="esci.php" title="Abbandona la chat">Esci</a></li>
</ul>
</div>
</div>

</center>

<? }
 else{
?>

<?php echo "<strong>$titolo</strong>"; ?><center>
<div class="testatablue"><a href='infoiconechat.php'>INFO ICONE</a> | <a href='opzioni.php'>OPZIONI</a> | <a

 href="mp.php"><img src='<?php echo $newmp;?>.png' border='0' alt="MP"></a> | <?php if($level>0){echo "<a

 href='admin.php'>AMMINISTRAZIONE</a>";}else{echo " | <a href='listasmile.php'>SMILE</a>";} ?>
</div></center>
<?php }

 function elimina($dirname){

 if(@is_dir($dirname)){
 $handle = opendir($dirname);
 while (false !== ($file = readdir($handle))) {
 if(is_file($dirname.$file)){
 unlink($dirname.$file);
 }
 }
 $handle = closedir($handle);
 rmdir($dirname);
 }
 }

 /// CONTROLLO SHOUT //////
 if(@file_exists("database/".$suff."_shout.txt")){
 //vedo se scaduto
 $var=@file("database/".$suff."_shout.txt");
 $riga=trim($var[0]);
 $dati=explode("||",$riga);
 $mitt=trim($dati[0]);
 $msg=trim(stripslashes($dati[1]));
 $id=trim($dati[2]);
 $data=trim($dati[3]);
 $attuale=time();
 if(($data-$attuale)>0){
 //prelevo impostazioni login
 $var=@file($suff."_impostaz/$login.txt");
 $da=explode("||",$var[0]);
 $smile=$da[1];

 if($smile==1) {
 @require_once("smile.inc.php");
 $msgorig=$msg;
 $percorso=$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];
 $percorso=str_replace("chat.php","smile/",$percorso);
 $percorso="http://".$percorso;
 for ($k=0; $k < count($arrsmile); $k+=2) {
 if(empty($arrsmile[$k])) continue;
 $contat += substr_count($msg, $arrsmile[$k]);
 $msg = str_replace($arrsmile[$k], "<img src=\"" . $percorso . $arrsmile[$k+1] . "\">", $msg);
 }
 if ($contat > 5) $msg = $msgorig;}
 if(!@file_exists($suff."_shout$id/$login.txt")) {
 echo "<marquee><font color='#FFCC00'>[$mitt]";
 if(@file_exists($suff."_staff/$mitt.txt"))
 {echo "[STAFF]";}
 echo "</font> $msg </marquee><a rel='nofollow' href='chat.php?shout=0'><img border='0' alt='[X]' src='delete.png'></a><font>
<hr size='1'color='#853CFF'></font>";}
 }else{@unlink("database/".$suff."_shout.txt"); if(@is_dir($suff."_shout$id")) {$vai=@elimina($suff."_shout$id"."/");}}
 }

 /// CONTROLLO PVT //////
 if(@file_exists("richiesta/$login.txt"))
 {
 $open = @file("richiesta/$login.txt");
 $i=count($open);
 echo "<a href='listapvt.php'>Hai $i Richiesta/e di PVT</a><font><hr color='#853CFF' size='1'></font>";
 }
 if(@file_exists("accettato/$login.txt"))
 {
 $open = @file("accettato/$login.txt");
 $j=count($open);
 echo "<a href='listapvt.php'>Hai $j PVT in corso</a><font><hr color='#853CFF' size='1'></font>";
 }
 /////////////////////////
 //CONTROLLO RICHIESTE AMICIZIA
 if(@file_exists($suff."_richiestamicizia/$login.txt"))
 {
 $open = @file($suff."_richiestamicizia/$login.txt");
 $i=count($open);
 echo "<a href='listamici.php'>Hai $i richiesta/e di amicizia</a><font><hr color='#853CFF' size='1'></font>";
 }
 ////////////////////////
 echo "</div><div class=''><center><img border='0' src='mappa.gif' alt='Online'></img> ";
 $inv=0;
 if(@file_exists($suff."_hid/$login.txt")){$inv=1;}
 if($inv==0)
 {$filename = $suff."_online1/$login.txt";
 $string = @time();
 $a = @fopen("$filename", "w+");
 @fputs($a, $string);
 @fclose($a);}

 $path = $suff."_online1/";
 $dir_handle = @opendir($path);
 while ($file = readdir($dir_handle))
 {
 if($file != "." && $file != ".."){
 $f=file($path.$file);
 $data=intVal(str_replace("\n","",$f[0]));
 if($data<(time()-120)){
@unlink($path.$file);
 }
 }
 }
 $cartella = @opendir($suff.'_online1');
 while ($fi = readdir($cartella)) {
 $array_file[] = $fi;
 }
 foreach ($array_file as $fi) {
 if ( $fi == ".." || $fi == ".") {
 continue;
 }
 $rep= str_replace(".txt","",$fi);
 //color nick user online
 $var=@file($suff."_impostaz/$rep.txt");
 $dati=explode("||",$var[0]);
 $coloronline=$dati[0];

 $leveluser=0;
 if(@file_exists($suff."_staff/$rep.txt"))
 {
 $leveluser=@file($suff."_staff/$rep.txt");
 $leveluser=trim($leveluser[0]);}

 $livelloutente="UTENTE";
 if($leveluser==1) $livelloutente="[MODERATORE]";

 if($leveluser==2) $livelloutente="[SUPER MODERATORE]";

 if($leveluser==3) $livelloutente="[ADMIN]";

 if($leveluser==4) $livelloutente="[SUPER ADMIN]";

 if($leveluser==5) $livelloutente="[WEBMASTER]";


 //prelevo DATI DAL PROFILO user
 if(@file_exists($suff."_profili/$rep.txt"))
 {
 $var2=@file($suff."_profili/$rep.txt");
 $testo=explode("||",$var2[0]);
 $nome=stripslashes($testo[0]);
 $sesso=$testo[1];
 $anni=stripslashes($testo[2]);
 $regione=stripslashes($testo[3]);
 $regione=ucwords($regione);
 }else{
 $nome="";
 $sesso="";
 $anni="";
 $regione="";
 }
 if($sesso=="f") {$iconasesso="<img border=0 src=female.png>"; }
 elseif($sesso=="m") {$iconasesso="<img border=0 src=male.png>";}else{$iconasesso="";}

 $avataruser="default.gif>";
 if(@file_exists($suff."_avatar/$rep.txt")){
 $var=@file($suff."_avatar/$rep.txt");
 $avataruser=trim($var[0]);
 $rilpng=stristr($avataruser,".png");
 if(!empty($rilpng)) {$avataruser="png/".$avataruser.">";}

 if(empty($rilpng) AND !@file_exists("gallery/$rep/$avataruser.jpg")) $avataruser="default.gif>";
 }

 if(empty($rilpng) AND $avataruser!="default.gif>")
 {
 if($dispositivo=="PC") {$avataruser="gallery/$rep/$avataruser.jpg width=100>";}
 else{$avataruser="gallery/$rep/$avataruser.jpg width=50>";}
 }
 ?>
<A class=nodeco onmouseover="Tip('<font color=#000000><b><?php echo $livelloutente;?></b></font><br><font

 color=#000000>Sesso: <?php echo $iconasesso; ?></font><br><font color=#000000>Anni: <?php echo $anni; ?></font><br><font

 color=#000000>Regione: <?php echo $regione; ?></font><br><img border=0 src=<?php echo $avataruser; ?><br><a href=mp.php?

 page=send&user=<?php echo $rep; ?>><font color=#000000>MP</font></a>- <a href=listapvt.php?user=<?php echo $rep; ?>><font

 color=#000000>PRIVATO</font></a>', OPACITY, 90, TEXTALIGN, 'center', TITLEALIGN, 'center', TITLE, '<?php echo $nome; ?>',

 CENTERMOUSE, true, BORDERCOLOR,'#dd00aa', STICKY, 1, SHADOW, true, CLICKCLOSE, true, BGCOLOR, '#ffffff',

 BORDERWIDTH, 2);" href="profilo.php?user=<?php echo $rep; ?>&page=chat"><font color=<?php echo $coloronline; ?>><?php echo

 $rep."</font></A>";
 $Ptra=file_get_contents($suff."_azione/".$rep.".txt");
 switch($Ptra)
 {
 case"LISTA MP": echo'<img src="ikone/traccia_LISTA_MP.png" alt="LISTA MP"/>'; break;
case"OPZIONI": echo'<img src="traccia_settaggi.gif"alt="OPZIONI"/>'; break;
 case"LISTA SMILE": echo'<img src="ikone/smile.gif" alt="LISTA SMILE"/>'; break;
 case"GALLERY": echo'<img src="ikone/gallery.gif" alt="GALLERY"/>'; break;
 case"CERCA UTENTE": echo'<img src="ikone/cercautente.gif" alt="CERCA UTENTE"/>'; break;
 case"CHAT INFO": echo'<img src="ikone/infochat.gif" alt="CHAT INFO"/>'; break;
 case"SHOUT CHAT": echo'<img src="ikone/shout.gif" alt="SHOUT CHAT"/>'; break;
 case"NICK ZITTITI": echo'<img src="ikone/shhhh.gif" alt="NICK ZITTITI"/>'; break;
 case"BANNATI": echo'<img src="mazzate.gif" alt=""/>'; break;
 case"GAMES": echo'<img src="traccia_games.png" alt="GAMES"/>'; break;
 case"ADMIN": echo'<img src="ikone/admin.gif" alt="ADMIN"/>'; break;
 case"AVVISI CHAT": echo'<img src="ikone/avvisi.gif" alt="AVVISI CHAT"/>'; break;
 case"GADGET": echo'<img src="niko.gif" alt="DEDICHE"/>'; break;
 case"EDITA PROFILO": echo'<img src="ikone/blog.gif" alt="EDITA PROFILO"/>'; break;
 case"CAMBIA COLORE": echo'<img src="ikone/coloritesto.gif" alt="CAMBIA COLORE"/>'; break;
 case"CAMBIA PWD": echo'<img src="ikone/cambiopsw.gif" alt="CAMBIA PWD"/>'; break;
 case"PORTALI AMICI": echo'<img src="ikone/affiliazioni.gif" alt="PORTALI AMICI"/>'; break;
 case"SCRIVE COMMENTO SU UN PROFILO": echo'<img src="ikone/forum.gif" alt="COMMENTA PROFILO"/>'; break;
 case"VEDE COMMENTO SU FOTO": echo'<img src="ikone/regolamento.gif.gif" alt="VEDE COMMENTO SU FOTO"/>'; break;
 case"INVIA MP": echo'<img src="mail.png" alt="INVIA MP"/>'; break;
 case"CAM": echo'<img src="ikone/videochat.gif" alt="videochat"/>'; break;
 case"TV": echo'<img src="traccia_tv.png" alt="TV"/>'; break;
 case"RADIO": echo'<img src="" alt=""/>'; break;
 case"VEDE SONDAGGIO": echo'<img src="ikone/sondaggi.gif" alt="VEDE SONDAGGIO"/>'; break;
 case"CLASSIFICA CHATTERS": echo'<img src="ikone/migliorichatters.gif" alt="CLASSIFICA CHATTERS"/>'; break;
 case"VEDE PROFILO": echo'<img src="ikone/profilo.gif" alt="VEDE PROFILO"/>'; break;
 case"LISTA AMICI": echo'<img src="ikone/amici.gif" alt="LISTA AMICI"/>'; break;
 case"LISTA NERA": echo'<img src="ikone/listanera.gif" alt="LISTA NERA"/>'; break;
 case"LISTA PVT": echo'<img src="ikone/listaprivati.gif" alt="LISTA PVT"/>'; break;
 case"FACEBOOK": echo'<img src="traccia_face.png" alt="FACEBOOK"/>'; break;
 case"YOUTUBE": echo'<img src="traccia_you.jpg" alt="YOUTUBE"/>'; break;
 case"PHOTO GALLERY CHATTERS": echo'<img src="ikone/gallery.gif" alt="PHOTO GALLERY CHATTERS"/>'; break;

 default:
 switch($leveluser)
 {

 case 5: echo'<img src="ikone/traccia_oro.gif">'; break;

 case 4: echo'<img src="ikone/star.gif" />'; break;

 case 2: echo'<img src="ikone/traccia_bronzo.gif" />'; break;

 case 0: echo'<img src="user2.gif" />'; break;

 }
 ;
 }
 echo"*";}//end foreach
 $num1=rand(1,12);
 $algoritmo=(($num1*$number)+(4*$num1)+(2*$number));
 $algoritmo.="9fjke76tr4";
 $algoritmo=md5($algoritmo);
 ?>
</div></center>
<hr>

<?php if(@file_exists($suff."_zittiti/$login.txt")){echo "<center><font color='red'>$login SEI STATO ZITTITO DALLO STAFF, NON

 PUOI SCRIVERE NELLE STANZE PUBBLICHE <img src='ikone/shhhh.gif'></font><font><hr color='#853CFF'

 size='1'></font></center>";}
if($totmp>=30){echo "<center><font color='red'>$login hai la casella PIENA(30 MP), svuotala per ricevere ulteriori

 MP</font><font><hr color='#853CFF' size='1'></font></center>";} ?>
<form name="form1" method="POST" action="insertmess.php" acceptcharset="utf-8">
<input name="msg" type="text" class="input" >
<input type="Submit" class="button" name="Submit" value="Invia/Aggiorna">
<input type="reset" class="button" value="c">
<input type="hidden" name="codice" value="<?php echo $algoritmo; ?>" >
<input type="hidden" name="key" value="<?php echo $num1; ?>" >
</form>
<div style="background-image: url(sfondocell/stelle.gif);">
<?php
//prelevo impostazioni login
 $var=@file($suff."_impostaz/$login.txt");
 $dati=explode("||",$var[0]);
 $coloronline=$dati[0];
 $smile=$dati[1];
 $numpage=$dati[2];
 $viewavt=trim($dati[4]);


 //stampo last 10 msg pubblici
 if(@file_exists("database/".$suff."_msg1.txt"))
 {
 $apri=@file("database/".$suff."_msg1.txt");
 $totale=count($apri);

 $diff=($totale-20);
 if($diff<0){$diff=0;}

 $prendi = $numpage; // intervallo
 $npage=ceil(20/$prendi);

 if($totale<20){$npage=1;}

 if(is_int($totale/$prendi))
 $pagina=$npage;
 else
 $pagina=floor($totale/$prendi);


 if(isset($_GET['page'])){
 $page=trim($_GET['page']); // pagina corrente
 if(!is_numeric($page)){$page=1;}
 if($page==0 OR $page<0 OR $page>4 ){$page=1;}
 if($page>$npage)
 $page=1;}
 else
 $page=1;

 $start = ($page*$prendi)-$prendi; /* record da cui iniziare ad estrarre */
 $estremo=($totale-$start-$prendi);

 if ($estremo<$diff)
$estremo=$diff;

 if ($estremo<0)
 $estremo=0;

 for($a=($totale-$start-1);$a>=$estremo;$a--)
 {
 if($estremo<0){continue;}
$dati=explode("||",$apri[$a]);
 //prelevo avatar nick
 if($viewavt==1)
 {$avatar="default.gif";
 $rilpng=stristr($dati[2],".png");
 if(!empty($rilpng)) {$avatar="png/".$dati[2];}
 if($dati[2]!="default" AND empty($rilpng) AND @file_exists("gallery/$dati[1]/$dati[2].jpg")){$avatar="gallery/$dati[1]/$dati[2].jpg";}
 }
 $msg=stripslashes($dati[4]);
 if($smile==1) {
 @require_once("smile.inc.php");
 $percorso=$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];
 $percorso=str_replace("chat.php","smile/",$percorso);
 $percorso="http://".$percorso;
 $msg_orig = $msg;
 $contat = 0;
 for ($k=0; $k < count($arrsmile); $k+=2) {
 if(empty($arrsmile[$k])) continue;
 $contat += substr_count($msg, $arrsmile[$k]);
 $msg = str_replace($arrsmile[$k], "<img src=\"" . $percorso . $arrsmile[$k+1] . "\">", $msg);
 }
 if ($contat > 70) $msg = $msg_orig;
 }

 if($dati[0]==0)
 {//msg pubblico
 $leveluser=0;
 if(@file_exists($suff."_staff/$dati[1].txt"))
 {
 $leveluser=@file($suff."_staff/$dati[1].txt");
 $leveluser=trim($leveluser[0]);}
 if($leveluser==0) $usrmsg="<strong><a rel='nofollow' href='profilo.php?user=$dati[1]'><font color='#FFFF00'>$dati[1]</a><img border='0' src='user2.gif'
alt='Online'><font color='#FFFF00'>User Chat<b><img border='0' src='user2.gif' alt='Online'></strong></font>";

 if($leveluser==1) $usrmsg="<strong><a rel='nofollow' href='profilo.php?user=$dati[1]'><font color='#66ff33'>$dati[1]</a><img border='0' src='user2.gif'
alt='Online'><font color='#66ff00'>Moderatore <b><img border='0' src='ikone/traccia_bronzo.gif' alt='Online'><img border='0'
src='user2.gif' alt='Online'></strong></font>";

 if($leveluser==2) $usrmsg="<strong><a rel='nofollow' href='profilo.php?user=$dati[1]'><font color='#66ff00'>$dati[1]</a><img border='0' src='user2.gif'
alt='Online'><font color='#66ff00'> Super Mod <b><img border='0' src='ikone/traccia_bronzo.gif ' alt='Online'><img border='0'
src='user2.gif' alt='Online'> </strong></font>";


 if($leveluser==3) $usrmsg="<strong><a rel='nofollow' href='profilo.php?user=$dati[1]'><font color='#4B0082'>$dati[1]</a><img border='0' src='user2.gif'
alt='Online'><font color='#4B0082'> Admin <b><img border='0' src='ikone/traccia_oro.gif ' alt='Online'><img border='0' src='user2.gif'
alt='Online'> </strong></font>";

 if($leveluser==4) $usrmsg="<strong><a rel='nofollow' href='profilo.php?user=$dati[1]'><font color='#ff00ff'>$dati[1]</a><img border='0' src='user2.gif'

 alt='Online'><font color='#ff00ff'> Super Admin <b><img border='0' src='ikone/star.gif ' alt='Online'><img border='0' src='user2.gif'

 alt='Online'> </strong></font>";

if($leveluser==5) $usrmsg=" <strong><a rel='nofollow' href='profilo.php?user=$dati[1]'><font color='#FF0000'>$dati[1]</a><img border='0' src='user2.gif'
alt='Online'><font color='#FF0000'> Webmaster <b><img border='0' src='ikone/traccia_oro.gif ' alt='Online'><img border='0'
src='user2.gif' alt='Online'> </strong></font>";
if($leveluser==6) $usrmsg=" <strong><a rel='nofollow' href='profilo.php?user=$dati[1]'><font color='#228B22'>$dati[1]</a><img border='0' src='user2.gif'
alt='Online'><font color='#228B22'> BOSS <b><img border='0' src='ikone/traccia_oro.gif ' alt='Online'><img border='0' src='user2.gif'
alt='Online'> </strong></font>";
if($viewavt==1)
echo"<table border='0' width='100%' cellspacing='0' cellpadding='0'><tr><td rowspan='2' width='55'><p align='left'><img
src='size.php?x=100&y=100&src=$avatar' style='border: none;'></td><td><strong>$usrmsg <font color='#808080'>[".date('d/m H:i',$dati
[12])."]</strong></font></td></tr><tr><td><strong><font color='$dati[5]'>".$msg."</strong></font></td></tr></table><div style='clear: both;'></div><hr>\n";
else
echo"<table border='0' width='30%' cellspacing='0' cellpadding='0'><tr><td rowspan='2' width='100' valign='top'><p align='left'><font
color='#808080'>".date('d/m H:i',$dati[12])."</font></td><td>$usrmsg</td></tr><tr><td><font color='$dati[5]'>".
$msg."</font></td></tr></table><div style='clear: both;'></div><br>\n";
}elseif($dati[1]==$login OR $dati[3]==$login)
 {//e un mio pvt ricevuto o inviato
echo"<table border='0' width='100%' cellspacing='0' cellpadding='0'><tr><td rowspan='2' width='20'><p align='left'>";
if($dati[1]==$login) echo "<img src='right_green.png' style='border: none;'></td><td><font color='#ff0000'>
<div  style=\"background-color:  #99ff00\">PVT a <a
href='profilo.php?user=$dati[3]'><font color='#ff0000'>$dati[3]</font></a></font></td></tr><tr><td><font color='#CC0000'><div class='testata'>".
 $msg."</font></td></tr></table><div style='clear: both;'></div></div><hr>\n";
else echo "<img src='left_red.png' style='border: none;'></td><td><font color='red'><div  style=\"background-color:  #5CA2C7\">PVT da <a rel='nofollow' href='profilo.php?user=$dati[1]'><font
color='red'>$dati[1]</font></a></font></td></tr><tr><td><font color='#3366FF'><div class='testata'>".$msg."</font></td></tr></table><div style='clear:
both;'></div><hr>\n";
 }
else{$estremo--;}
}//end for
 // ora stampiamo il numero di pagine
 if($page>1)
 {echo "<a href='?page=".($page-1)."'>«</a>";}
if($npage>1){
 for($i=$page; $i<=$npage; $i++){
if($i==$page)
 echo " [$i] "; /* la pagina corrente non la linko */
 else
 echo " <a href=\"?page=$i\">$i</a> ";
 }}
if($page<$npage)
{echo "<a href='?page=".($page+1)."'>»</a>";}
//end stamp
}else{echo "Nessun messaggio presente...";}
?>
<center>
<?php
if (!@file_exists($suff."_roomname2.txt"))
 {$name="[Amici]";}
 else
 {
 $var2=@file($suff."_roomname2.txt");
 $name=trim($var2[0]);
 }

 $path2 = $suff."_online2/";
 $dir_handle2 = @opendir($path2);
 while ($file2 = readdir($dir_handle2))
 {
 if($file2 != "." && $file2 != ".."){
 $fi=file($path2.$file2);
 $data=intVal(str_replace("\n","",$fi[0]));
 if($data<(time()-120)){
 @unlink($path2.$file2);
 }
 }
 }
 $dir2 = @glob($suff."_online2/*.*");
 $utentionline2 = count($dir2);
 if($dispositivo=="PC")
 { ?>
<table border="0" width="100%" id="foot" background="purple.gif" height="24" cellspacing="1" cellpadding="0">
<tr>
<td><center>
<A class=nodeco onMouseOver="Tip('<table border=0 width=300><tr><td align=center><?php $cartellaroom2 = opendir
($suff.'_online2'); while ($fi44 = readdir($cartellaroom2)) {$array_file_on222[] = $fi44;} foreach ($array_file_on222 as $gi66) {if ( $gi66
== ".." || $gi66 == ".") {continue;} $reproom2= str_replace(".txt","",$gi66); echo "<font size=1 color=#000000><b>
$reproom2</b></font> ";} ?></td></tr></table>', OPACITY, 90, TITLEALIGN, 'center', TITLE, '<?php echo stripslashes($name); ?>',
CENTERMOUSE, true, BORDERCOLOR,'#ff11cc', STICKY, 1, CLICKCLOSE, true);" href="chat2.php"><font face='verdana'
color='#000000' size='1'><?php echo stripslashes($name)."($utentionline2)"; ?></font></A>
</center></td></tr></table>
<?php }else{
 echo "</div><div class='testata'><center><a href='chat2.php'>".stripslashes($name)."[$utentionline2]</a></center></div>";
 }
 $secs_total = array_sum(explode(' ', microtime())) - $tm_start;
 $secs_total=number_format($secs_total,4);
 echo "<center>".$secs_total . " sec</center>";?>
</center>
</body>
</html>