<?
/*
+-------------------------------------------------------------------+
| G U E S T B O O K (v1.20) |
| |
| Copyright Gerd Tentler www.gerd-tentler.de/tools |
| Created: Jun. 12, 2000 Last modified: Jan. 8, 2011 |
+-------------------------------------------------------------------+
| This program may be used and hosted free of charge by anyone for |
| personal purpose as long as this copyright notice remains intact. |
| |
| Obtain permission before selling the code for this program or |
| hosting this software on a commercial website or redistributing |
| this software over the Internet or in any other medium. In all |
| cases copyright must remain intact. |
+-------------------------------------------------------------------+
*/
error_reporting(E_WARNING);
if(function_exists('session_start')) session_start();
//========================================================================================================
// Set variables, if they are not registered globally; needs PHP 4.1.0 or higher
//========================================================================================================
if(isset($_POST['create'])) $create = $_POST['create'];
if(isset($_REQUEST['start'])) $start = $_REQUEST['start'];
if(isset($_REQUEST['sign'])) $sign = $_REQUEST['sign'];
if(isset($_REQUEST['delete'])) $delete = $_REQUEST['delete'];
if(isset($_REQUEST['admin'])) $admin = $_REQUEST['admin'];
if(isset($_POST['tstamp'])) $tstamp = $_POST['tstamp'];
if(isset($_POST['gbID'])) $gbID = $_POST['gbID'];
if(isset($_POST['gbName'])) $gbName = $_POST['gbName'];
if(isset($_POST['gbEMail'])) $gbEMail = $_POST['gbEMail'];
if(isset($_POST['gbSubject'])) $gbSubject = $_POST['gbSubject'];
if(isset($_POST['gbText'])) $gbText = $_POST['gbText'];
if(isset($_POST['gbSignature'])) $gbSignature = $_POST['gbSignature'];
if(isset($_SERVER['PHP_SELF'])) $PHP_SELF = $_SERVER['PHP_SELF'];
if(isset($_SERVER['HTTP_HOST'])) $HTTP_HOST = $_SERVER['HTTP_HOST'];
if(isset($_SERVER['HTTP_USER_AGENT'])) $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
if(isset($_SERVER['HTTP_REFERER'])) $HTTP_REFERER = $_SERVER['HTTP_REFERER'];
//========================================================================================================
// Make sure that the following variables are integers
//========================================================================================================
$start = (int) $start;
$delete = (int) $delete;
$sign = (int) $sign;
//========================================================================================================
// Includes
//========================================================================================================
if($HTTP_HOST == 'localhost' || $HTTP_HOST == '127.0.0.1' || ereg('^192\.168\.0\.[0-9]+$', $HTTP_HOST)) {
include('config_local.inc.php');
}
else {
include('config_main.inc.php');
}
if(!isset($language)) $language = 'en';
include("languages/lang_$language.inc");
include('smilies.inc');
include('funclib.inc');
//========================================================================================================
// Set session variables (admin login and message ID); needs PHP 4.1.0 or higher
//========================================================================================================
if($admin && $admin == $adminPass) $_SESSION['gb_admin'] = $admin;
if(!$sign && $enableIDs && !$_SESSION['msgID']) {
srand((double) microtime() * 1000000);
$_SESSION['msgID'] = md5(uniqid(rand()));
}
//========================================================================================================
// Functions
//========================================================================================================
function buildNavigation($start, $records, $pageEntries, $nr = 1) {
$link = "$PHP_SELF?start=";
if($start < 0) $start = $records - ($records % $pageEntries);
if($start >= $records) $start -= $pageEntries;
$pageFrom = (int) ($start / $pageEntries / 10) * 10;
$pageTo = $pageFrom + 10;
if($pageTo > $records / $pageEntries) $pageTo = $records / $pageEntries;
if($start) {
?>
<a href="<? echo $link . ($start - $pageEntries); ?>" onMouseOver="over('arrowleft_<? echo $nr; ?>')" onMouseOut="out('arrowleft_<? echo $nr; ?>')">
<img src="arrowleft.gif" border="0" name="arrowleft_<? echo $nr; ?>" width="14" height="14" align="absmiddle"></a>
<?
}
if($pageFrom >= 10) {
?>
<a href="<? echo $link . (($pageFrom - 10) * $pageEntries); ?>" onMouseOver="over('arrowsleft_<? echo $nr; ?>')" onMouseOut="out('arrowsleft_<? echo $nr; ?>')">
<img src="arrowsleft.gif" border="0" name="arrowsleft_<? echo $nr; ?>" width="14" height="14" align="absmiddle"></a> |
<?
}
else echo ' | ';
for($i = $pageFrom; $i < $pageTo; $i++) {
if($i == $start / $pageEntries) {
?>
<font color="#FF0000"><? echo $i + 1; ?></font> |
<?
}
else {
?>
<a href="<? echo $link . ($i * $pageEntries); ?>"><? echo $i + 1; ?></a> |
<?
}
}
if($pageTo < $records / $pageEntries) {
?>
<a href="<? echo $link . ($pageTo * $pageEntries); ?>" onMouseOver="over('arrowsright_<? echo $nr; ?>')" onMouseOut="out('arrowsright_<? echo $nr; ?>')">
<img src="arrowsright.gif" border="0" name="arrowsright_<? echo $nr; ?>" width="14" height="14" align="absmiddle"></a>
<?
}
if($start + $pageEntries < $records) {
?>
<a href="<? echo $link . ($start + $pageEntries); ?>" onMouseOver="over('arrowright_<? echo $nr; ?>')" onMouseOut="out('arrowright_<? echo $nr; ?>')">
<img src="arrowright.gif" border="0" name="arrowright_<? echo $nr; ?>" width="14" height="14" align="absmiddle"></a>
<?
}
}
//========================================================================================================
// Main
//========================================================================================================
?>
<html>
<head>
<meta name="robots" content="noindex, nofollow">
<title><? echo $bookTitle; ?></title>
<script type="text/javascript"> <!--
function goTo(url) {
document.location.href = url;
}
function login(start) {
var pass = prompt("<? echo $msg['pass']; ?>", "");
if(pass) {
var param = "?start=" + start + "&admin=" + pass;
goTo("<? echo $PHP_SELF; ?>" + param);
}
}
<?
if($_SESSION['gb_admin'] && $_SESSION['gb_admin'] == $adminPass) {
?>
function confirmDelete(start, del) {
var check = confirm("<? echo $msg['confirm']; ?>");
if(check) {
var param = "?start=" + start + "&delete=" + del;
goTo("<? echo $PHP_SELF; ?>" + param);
}
}
<?
}
?>
function insertSmilie(txt) {
var el = document.f1.gbText;
if(!el.value) el.value = txt + " ";
else el.value += ((el.value.charAt(el.value.length-1) == " ") ? "" : " ") + txt + " ";
el.focus();
}
function countdown(cnt) {
var obj = 0;
if(document.getElementById) obj = document.getElementById('divSubmit');
else if(document.all) obj = document.all.divSubmit;
if(obj) {
if(cnt < 1) {
obj.innerHTML = '[ <a href="javascript:document.f1.submit()" class="cssLink"><? echo addslashes($msg['submit']); ?></a> ]';
}
else {
obj.innerHTML = '[ ' + cnt + ' ]';
cnt--;
setTimeout('countdown(' + cnt + ')', 1000);
}
}
}
function over(name) {
if(document.images) {
img = name.replace(/_[0-9]+$/, '');
document.images[name].src = img + '_r.gif';
}
}
function out(name) {
if(document.images) {
var img = name.replace(/_[0-9]+$/, '');
document.images[name].src = img + '.gif';
}
}
//--> </script>
<link rel="stylesheet" href="guestbook.css" type="text/css">
</head>
<body>
<table border="0" cellspacing="0" cellpadding="0" width="<? echo $bookWidth; ?>" align="<? echo $bookAlign; ?>"><tr>
<td>
<div class="cssTitle"><? echo $bookTitle; ?></div>
<?
if(db_open($db_server, $db_user, $db_pass, $db_name)) {
$error = '';
$valid_mail = '/[a-z0-9._-]+@[a-z0-9äöüÄÖÜ.-]+\.[a-z]{2,4}/i';
if(!mysql_query("SELECT 1 FROM $tbl_name LIMIT 1")) {
$table_exists = false;
if($create == 'yes') {
$sql = "CREATE TABLE $tbl_name ( " .
"$fld_id INT(10) NOT NULL auto_increment, " .
"$fld_timestamp VARCHAR(14) NOT NULL, " .
"$fld_name VARCHAR(50), " .
"$fld_email VARCHAR(75), " .
"$fld_subject VARCHAR(50) NOT NULL, " .
"$fld_text TEXT NOT NULL, " .
"PRIMARY KEY ($fld_id))";
if(!mysql_query($sql)) echo '<div class="cssError">' . mysql_error() . '</div>';
else $table_exists = true;
}
else if($create == 'no') {
echo '<div class="cssError">Operation cancelled.</div>';
}
else {
echo '<div class="cssContent">';
echo '<form name="f1" action="' . $PHP_SELF . '" method="post" style="margin:0px">';
echo "<b>Table $tbl_name doesn't exist. Create it now?</b> ";
echo '<input type="radio" name="create" value="yes" onClick="document.f1.submit()">yes ';
echo '<input type="radio" name="create" value="no" onClick="document.f1.submit()">no';
echo '</form></div>';
}
}
else $table_exists = true;
if($table_exists) {
if($admin && $admin != $_SESSION['gb_admin']) $error = $msg['wrongPass'];
else if($_SESSION['gb_admin'] && $_SESSION['gb_admin'] == $adminPass && $delete) {
$sql = "DELETE FROM $tbl_name WHERE $fld_id='$delete'";
if(!mysql_query($sql)) $error = mysql_error();
}
else if($sign == 2) {
if(!$gbSubject || !$gbText) $error = $msg['required'];
else if(checkSpam($gbID, $tstamp, $gbName, $gbEMail, $gbSubject, $gbText, $gbSignature)) $error = $msg['noSpam'];
else {
if(!get_magic_quotes_gpc()) {
$gbName = addslashes($gbName);
$gbEMail = addslashes($gbEMail);
$gbSubject = addslashes($gbSubject);
$gbText = addslashes($gbText);
}
if($enableSignature) $_SESSION['secCode'] = rand(100000, 999999);
$timestamp = date('YmdHis', time() - 60 * 60);
$sql = "SELECT $fld_id FROM $tbl_name WHERE $fld_timestamp>$timestamp AND $fld_name='$gbName' ";
$sql .= "AND $fld_email='$gbEMail' AND $fld_subject='$gbSubject' AND $fld_text='$gbText' LIMIT 1";
if(mysql_num_rows(mysql_query($sql))) {
$sign = 0;
$start = ($messageOrder == 'ASC') ? -1 : 0;
}
else {
$timestamp = date('YmdHis');
$sql = "INSERT INTO $tbl_name ($fld_timestamp, $fld_name, $fld_email, $fld_subject, $fld_text) ";
$sql .= "VALUES ('$timestamp', '$gbName', '$gbEMail', '$gbSubject', '$gbText')";
if(!mysql_query($sql)) $error = mysql_error();
else {
$sign = 0;
$start = ($messageOrder == 'ASC') ? -1 : 0;
if($maxEntries > 0) {
$sql = "SELECT $fld_id FROM $tbl_name ORDER BY $fld_timestamp DESC LIMIT $maxEntries, 1";
if($result = mysql_query($sql)) {
if(mysql_num_rows($result)) {
if($id = mysql_result($result, $fld_id)) {
$sql = "DELETE FROM $tbl_name WHERE $fld_id<=$id";
if(!mysql_query($sql)) $error = mysql_error();
}
}
}
}
if(preg_match($valid_mail, $mailNotify)) {
$text = $msg['date'] . ": $timestamp\n";
$text .= $msg['name'] . ": $gbName\n";
$text .= $msg['eMail'] . ": $gbEMail\n\n";
$text .= "$gbSubject\n\n$gbText";
$headers = "Return-Path: <$mailNotify>\n";
$headers .= "From: $bookTitle <$mailNotify>\n";
$headers .= "X-Sender: <$mailNotify>\n";
$headers .= "X-Mailer: PHP " . phpversion();
@mail($mailNotify, $msg['new'], stripslashes($text), $headers);
}
}
}
}
}
if($error) {
?>
<div class="cssError"><? echo $error; ?></div>
<?
}
if($sign) {
if(get_magic_quotes_gpc()) {
$gbName = stripslashes($gbName);
$gbEMail = stripslashes($gbEMail);
$gbSubject = stripslashes($gbSubject);
$gbText = stripslashes($gbText);
}
$gbName = str_replace('"', '"', $gbName);
$gbEMail = str_replace('"', '"', $gbEMail);
$gbSubject = str_replace('"', '"', $gbSubject);
$gbText = str_replace('"', '"', $gbText);
?>
<form name="f1" action="<? echo $PHP_SELF; ?>" method="post">
<input type="hidden" name="sign" value="2">
<input type="hidden" name="start" value="<? echo $start; ?>">
<input type="hidden" name="tstamp" value="<? echo time(); ?>">
<input type="hidden" name="gbID" value="<? echo $_SESSION['msgID']; ?>">
<div class="cssContent">
<table border="0" cellspacing="0" cellpadding="4" width="<? echo $bookWidth - 15; ?>"><tr valign="top">
<td>
<table border="0" cellspacing="0" cellpadding="2"><tr>
<td nowrap><b><? echo $msg['name']; ?>:</b></td>
<td><input type="text" name="gbName" size="50" maxlength="50" class="cssForm" value="<? echo $gbName; ?>"></td>
</tr><tr>
<td nowrap><b><? echo $msg['eMail']; ?>:</b></td>
<td><input type="text" name="gbEMail" size="50" maxlength="75" class="cssForm" value="<? echo $gbEMail; ?>"></td>
</tr><tr>
<td nowrap><font color="#D00000"><b><? echo $msg['subject']; ?>:</b></font></td>
<td><input type="text" name="gbSubject" size="50" maxlength="50" class="cssForm" value="<? echo $gbSubject; ?>"></td>
</tr><tr valign="top">
<td nowrap><font color="#D00000"><b><? echo $msg['message']; ?>:</b></font></td>
<td><textarea name="gbText" cols="48" rows="10" wrap="virtual" class="cssForm"><? echo $gbText; ?></textarea></td>
<?
if($enableSignature) {
?>
</tr><tr>
<td nowrap><font color="#D00000"><b><? echo $msg['code']; ?>:</b></font></td>
<td>
<table border="0" cellspacing="0" cellpadding="0"><tr>
<td><input type="text" name="gbSignature" size="6" maxlength="6" class="cssForm"></td>
<td> <b>«</b> </td>
<td><img src="seccode.php" width="71" height="21"></td>
</tr></table>
</td>
<?
}
?>
</tr></table>
</td>
<td class="cssSmall" align="right">
<b>HTML:</b> <img src="check<? echo $allowHTML ? '1' : '2'; ?>.gif" width="11" height="14" align="absmiddle"><br>
<b>URLs:</b> <img src="check<? echo $allowURLs ? '1' : '2'; ?>.gif" width="11" height="14" align="absmiddle"><br>
<b>UBBs:</b> <img src="check<? echo $allowUBBs ? '1' : '2'; ?>.gif" width="11" height="14" align="absmiddle"><br>
<br>
<?
$cnt = 0;
reset($sm);
while(list($code, $img) = each($sm)) {
if($img != $img_old) {
?>
<a href="javascript:insertSmilie('<? echo $code; ?>')" title="<? echo $code; ?>">
<img src="smilies/<? echo $img; ?>" border="0" width="15" height="15" align="absmiddle"> </a>
<?
$cnt++;
if(!($cnt % 4)) echo '<br><br>';
}
$img_old = $img;
}
?>
<br></td>
</tr></table>
</div>
<div class="cssNavigation">
[ <a href="javascript:goTo('<? echo "$PHP_SELF?start=$start"; ?>')" class="cssLink"><? echo $msg['back']; ?></a> ]
<span id="divSubmit">[ <a href="javascript:document.f1.submit()" class="cssLink"><? echo $msg['submit']; ?></a> ]</span>
</div>
<script type="text/javascript"> <!--
countdown(5);
//--> </script>
<?
}
else {
$sql = "SELECT COUNT(*) AS cnt FROM $tbl_name";
if($records = mysql_result(mysql_query($sql), 'cnt')) {
?>
<div class="cssNavigation2"><? buildNavigation($start, $records, $pageEntries, 1); ?></div>
<?
$sql = "SELECT * FROM $tbl_name ORDER BY $fld_timestamp $messageOrder LIMIT $start, $pageEntries";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)) {
$id = $row[$fld_id];
$timestamp = timeStamp($row[$fld_timestamp]);
$name = format($row[$fld_name], $wordLength, $bookWidth - 105, true);
$email = format($row[$fld_email], $wordLength, $bookWidth - 105, true);
$subject = format($row[$fld_subject], $wordLength, $bookWidth - 105, true);
$text = format($row[$fld_text], $wordLength, $bookWidth - 105, false);
?>
<div class="cssContent">
<?
if($_SESSION['gb_admin'] && $_SESSION['gb_admin'] == $adminPass) {
?>
<div class="cssRaised" style="float:right" title="<? echo $msg['delete']; ?>"
onMouseDown="this.className='cssPressed'"
onMouseUp="this.className='cssRaised'"
onMouseOut="this.className='cssRaised'"
onClick="confirmDelete(<? echo "$start, $id"; ?>)"><img src="delete.gif" width="10" height="10"></div>
<?
}
?>
<table border="0" cellspacing="0" cellpadding="0"><tr>
<td><b><? echo $msg['date']; ?>:</b> </td>
<td><? echo $timestamp; ?></td>
</tr><tr>
<td><b><? echo $msg['from']; ?>:</b> </td>
<td>
<?
echo $name ? $name : '???';
if($email) {
if(preg_match($valid_mail, $email))
echo ' (<a href="mailto:' . $email . '">' . $email . '</a>)';
else echo " ($email)";
}
?>
</td>
</tr><tr>
<td height="8" colspan="2"></td>
</tr><tr valign="top">
<td><b><? echo $msg['subject']; ?>:</b> </td>
<td><b><? echo $subject; ?></b></td>
</tr><tr>
<td height="8" colspan="2"></td>
</tr><tr>
<td valign="top"><b><? echo $msg['message']; ?>:</b> </td>
<td><? echo $text; ?></td>
</tr></table>
</div>
<?
}
}
else {
?>
<div class="cssError">No messages.</div>
<?
}
?>
<div class="cssNavigation2"><? buildNavigation($start, $records, $pageEntries, 2); ?></div>
<div class="cssNavigation">
[ <a href="javascript:goTo('<? echo "$PHP_SELF?start=$start&sign=1"; ?>')" class="cssLink"><? echo $msg['new']; ?></a> ]
<?
if(!$_SESSION['gb_admin'] && $records) {
?>
[ <a href="javascript:login(<? echo $start; ?>)" class="cssLink"><? echo $msg['admin']; ?></a> ]
<?
}
?>
</div>
<?
}
}
mysql_close();
}
?>
</td>
</tr></table>
</body>
</html>