[code]<?php
/*
	PHP / AJAX / JAVASCRIPT / MYSQL Post-it script
	Lars Van Overmeire
	http://www.larsvanovermeire.be
	
	Gebruikers kunnen met dit script een Post-it bericht achterlen op jouw muur.
		Features:
			- AJAX om berichten toe te voegen.
			- Hacker proof
			- Duplicate content beveliging
	
*/

$database['host'] = ''; //MySQL host, meestal localhost
$database['user'] = ''; //username, voorbeeld: root
$database['password'] = ''; //paswoord
$database['name'] = ''; // databasenaam

$maxmessages = 500; // maximum aantal berichten dat geplaatst kan worden, 1000 berichten wil zeggen een pagina van rond de 150kb. 
$password = 'clearall'; //Als iemand dit woord of zinnetje plaatst dan worden alle berichten verwijderd. Laat dit leeg om dit uit te schakelen.
/*
	Hieronder niks veranderen tenzij je weet wat je doet!
*/

mysql_connect($database['host'],$database['user'],$database['password']);
mysql_select_db($database['name']);


if(!empty($_POST['x']) && (!empty($_POST['y'])) && (!empty($_POST['text'])))
{
	if(is_numeric($_POST['x']) && is_numeric($_POST['y']) && $_POST['y'] <= 1000 && $_POST['x'] <= 2500)
	{
		if(strlen($_POST['text']) <= 100)
		{
			$f = mysql_query("SELECT * FROM texts WHERE text = '".addslashes($_POST['text'])."'");
			if(mysql_num_rows($f) == 0)
			{
			mysql_query("INSERT INTO texts (id,text,x,y,date) VALUES ('','".htmlspecialchars($_POST['text'])."','".$_POST['x']."','".$_POST['y']."','".time()."')");
				print '0';
			}
			else
			{
				print '1';
			}
		}
		if($_POST['text'] == $password)
		{
			mysql_query('TRUNCATE TABLE texts');
		}
	}
	die(); //executie stopt hier :-)
}
?>
<html>
	<title>Post-it wall</title>
	<head>
		<script type="text/javascript">
		var doNotMove = false; var xNow = 0; var yNow = 0; var submitted = false;
		function placeInputBox(x,y)
		{
			if((!doNotMove) && (!submitted))
			{
				var element = document.getElementById('formBox');
				element.style.left = x+'px';
				element.style.top = y+'px';
				element.style.display = 'inline';
				xNow = x; yNow = y;
			}
			if(submitted)
			{
				submitted = false;
			}
		}
		function limitText(limitField, limitCount, limitNum) //http://www.mediacollege.com/internet/javascript/form/limit-characters.html
		{
			if (limitField.value.length > limitNum)
			{
				limitField.value = limitField.value.substring(0, limitNum);
			} else
			{
				limitCount.value = limitNum - limitField.value.length;
			}
		}

		function createXMLHttpRequest()
		{
			if(window.ActiveXObject)
			{
				xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
			}
			else if(window.XMLHttpRequest)
			{
				xmlHttp = new XMLHttpRequest();
			}
		}

		function postRequest(data,url)
		{
			createXMLHttpRequest();
			xmlHttp.open("POST", url, true);
			xmlHttp.onreadystatechange = function()
			{
				if(xmlHttp.responseText == "1")
				{
					document.getElementById('container').innerHTML += "<div class='message' style='left: "+xNow+"px; top: "+yNow+"px;'><font color='red'><b>Je bericht werd niet toegevoegd. Reden:<br /><i>bestaat al</i></b></font></div>";
				}
				else
				{
					txt = document.getElementById('textField').value.replace(/</g,"&lt;");
					txt = txt.replace(/>/g,"&gt;");
					document.getElementById('container').innerHTML += "<div class='message' style='left: "+xNow+"px; top: "+yNow+"px;'>"+txt+"</div>";
				}
				document.getElementById('textField').value = '';
			};
			xmlHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");    
			xmlHttp.send(data);
		}
		
		function placeThing() //document.getElementById('textField').value
		{
			postRequest('x='+escape(xNow)+"&y="+escape(yNow)+"&text="+escape(document.getElementById('textField').value),'index.php');
			submitted = true; doNotMove = false;
			document.getElementById('formBox').style.display = 'none';
		}
		</script>
		
		<style type="text/css">
		#container
		{
					background:#FFFFFF url(bg.jpg) repeat scroll 0 0;
					height:100%;
					margin:0;
					padding:0;
					width:100%;
		}
		body
		{
					background:#FFFFFF url(bg.jpg) repeat scroll 0 0;
					height:100%;
					margin:0;
					padding:0;
					width:100%;
					color:#3D4664;
					font-family: verdana, arial, century gothic;
					font-size: 10px;
		}
		#formBox
		{
					background-color:#F6EF88;
					border:1px dotted #303030;
					display:none;
					padding:10px 0;
					position:absolute;
					text-align:center;
					width:200px;
					height:152px;
		}
		#formBox textarea
		{
					background-color:#F6EF88;
					border:1px solid #303030;
		}
		.message
		{
					background-color:#F6EF88;
					border:1px dotted #303030;
					padding:0 3px;
					position:absolute;
		}
		
		#copyright
		{
			background-color:#F6EF88;
			border:1px dotted #303030;
			padding:2px 3px;
			position:absolute;
			bottom: 2px;
			left: 50%;
			margin-left: -100px;
			width: 200px;
		}
		
		a
		{
			color: #000;
		}
		</style>
	</head>
	<body>
		<div id="container" onClick="placeInputBox(event.clientX,event.clientY);">
		<?php
		$q = mysql_query('SELECT * FROM texts ORDER BY id ASC LIMIT '.$maxmessages);
		while($res = mysql_fetch_assoc($q))
		{
			print '<div class="message" style="left: '.($res['x']).'px; top: '.($res['y']).'px;">'.wordwrap($res['text'],20,"<br />", true).'</div>'."\n";
		}
		?>
			<div id="formBox" onMouseOver="doNotMove = true;" onMouseOut="doNotMove = false;">
			<form method="POST" onSubmit="placeThing(); return false;">
				<textarea rows="4" cols="22" id="textField" name="limitedtextarea"  onKeyDown="limitText(this.form.limitedtextarea,this.form.countdown,100);" 
onKeyUp="limitText(this.form.limitedtextarea,this.form.countdown,100);" onFocus="if(this.value == 'Your text'){ this.value = '';}">Jouw tekst</textarea>
Je hebt <input readonly type="text" name="countdown" size="3" value="100"> characters over.</font>
				<input type="button" value="Submit" onClick="placeThing();" />
			</form>
			</div>
			<div id="copyright">Post-it &copy; <br><a href="http://www.larsvanovermeire.be">Lars Van Overmeire</a></div>
		</div>
	</body>
</html>
[/code]