<?php
/*
MGB 0.6.x - OpenSource PHP and MySQL Guestbook
Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; ifnot, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
// ========= //
// index.php //
// ========= //
//
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //
// show all errors
error_reporting(E_ALL & ~E_NOTICE);
$site_name = "index.php";
// load config, templates, settings and language files
require ("includes/functions.inc.php");
// check ifMGB has been already installed or updated
mgb_iou_check("");
require ("includes/config.inc.php");
require ("includes/load_settings.inc.php");
include_once ("language/".$settings['language_path']."/lang_main.php");
include_once ("language/".$settings['language_path']."/settings.php");
// ============
$settings['wrong_captcha_count'] = "3"; // durch richtige settings ersetzen
// ============
// set timezone
date_default_timezone_set($settings['timezone']);
if($settings['banlist_ips'] == 1)
{
if(mgb_check_banlist_ips($_SERVER['REMOTE_ADDR'], $settings['blocktime']) == TRUE)
{
echo "<b>ERROR</b><br><br>You have been banned.<br><br>If this is a mistake, please contact the Administrator of this website.";
if(isset($settings['spam_mail']) AND $settings['spam_mail'] != "")
{
$header = 'Content-Type: text/html; charset='.$charset."\r\n".'From: '.$settings['admin_gbemail']."\r\n".'Reply-To: '.$settings['spam_mail']."\r\n".'X-Mailer: PHP/'.phpversion();
$caption = "index.php: ".$_SERVER['REMOTE_ADDR']." kam wieder!";
$mailtext = $_SERVER['REMOTE_ADDR']." Wurde erfolgreich durch die permanente Blockliste abgewehrt!<br><br>\n\n";
$mailtext.= "IP: ".$_SERVER['REMOTE_ADDR']."<br>\n";
$mailtext.= "User-Agent: ".$_SERVER['HTTP_USER_AGENT'];
if(!mail($settings['spam_mail'], $caption, $mailtext, $header))
{
echo "<br>Script is unable to send mail to administrator.";
}
}
if(isset($settings['banlist_log']) AND $settings['banlist_log'] != "")
{
mgb_sql_connect("INSERT INTO ".$db['prefix']."spam_log (
ID ,
ip ,
email ,
user_agent ,
message ,
type ,
site ,
timestamp
) values (
NULL ,
'".$_SERVER['REMOTE_ADDR']."' ,
'' ,
'".$_SERVER['HTTP_USER_AGENT']."' ,
'' ,
'1' ,
'".$site_name."' ,
'".time()."')", "ERROR while saving data into spam_log.", 0);
}
die();
}
}
// load general templates
$content_header = mgb_load_template("user", $settings['template_path'], "general/header");
$content_footer = mgb_load_template("user", $settings['template_path'], "general/footer");
$content_copyright = mgb_load_template("user", $settings['template_path'], "general/copyright");
$content_scrolling_function = mgb_load_template("user", $settings['template_path'], "general/scrolling_function");
// load main templates
$content_index_body = mgb_load_template("user", $settings['template_path'], "main/index_body");
$content_index_entry = mgb_load_template("user", $settings['template_path'], "main/index_entry");
$content_index_entry_aim = mgb_load_template("user", $settings['template_path'], "main/index_entry_aim");
$content_index_entry_city = mgb_load_template("user", $settings['template_path'], "main/index_entry_city");
$content_index_entry_comment = mgb_load_template("user", $settings['template_path'], "main/index_entry_comment");
$content_index_entry_email = mgb_load_template("user", $settings['template_path'], "main/index_entry_email");
$content_index_entry_gravatar = mgb_load_template("user", $settings['template_path'], "main/index_entry_gravatar");
$content_index_entry_hp = mgb_load_template("user", $settings['template_path'], "main/index_entry_hp");
$content_index_entry_icq = mgb_load_template("user", $settings['template_path'], "main/index_entry_icq");
$content_index_entry_info = mgb_load_template("user", $settings['template_path'], "main/index_entry_info");
$content_index_entry_message = mgb_load_template("user", $settings['template_path'], "main/index_entry_message");
$content_index_entry_msn = mgb_load_template("user", $settings['template_path'], "main/index_entry_msn");
// check if user has too many counts in trying to make a guestbook entry
$result = mgb_sql_connect("SELECT COUNT(ID) FROM ".$db['prefix']."spam", "Error while counting entries in spam table.", 1);
$total = @mysql_result($result, 0);
$result = mgb_sql_connect("SELECT id, ip, email, counter, timestamp FROM ".$db['prefix']."spam", "Error while loading entries from spam table.", 1);
for ($i = 0; $i < $total; $i++)
{
$spam[$i] = mysql_fetch_array($result);
if($_SERVER['REMOTE_ADDR'] == $spam[$i]['ip'])
{
$counter = $spam[$i]['counter'];
if($counter == 5)
{
if($settings['blocktime'] != 9999999)
{
$blocktime = time() - $spam[$i]['timestamp'];
// 99999999 = forever
// 6480000 = 1 month
// 216000 = 1 day
// 3600 = 1 hour
// 60 = 1 minute
// 0 = never
if($blocktime <= $settings['blocktime'])
{
$rest = $settings['blocktime'] - $blocktime;
echo "<b>ERROR</b><br><br>Due to some reason you have been banned. Wait ".$rest." more seconds.<br><br>ifthis is a mistake, please contact the Administrator of this website.";
$header = 'Content-Type: text/html; charset='.$charset."\r\n".'From: '.$settings['admin_gbemail']."\r\n".'Reply-To: '.$settings['spam_mail']."\r\n".'X-Mailer: PHP/'.phpversion();
$caption = "index.php: ".$_SERVER['REMOTE_ADDR']." kam wieder!";
$mailtext = $_SERVER['REMOTE_ADDR']." ist geblockt und hat nochmal versucht das Gästebuch zu erreichen!<br><br>\n\n";
$mailtext.= "IP: ".$_SERVER['REMOTE_ADDR']."<br>\n";
$mailtext.= "User-Agent: ".$_SERVER['HTTP_USER_AGENT'];
mail($settings['spam_mail'], $caption, $mailtext, $header);
die();
}
}
else
{
echo "<b>ERROR</b><br><br>You have been banned!<br><br>If this is a mistake, please contact the Administrator of this website.";
$header = 'Content-Type: text/html; charset='.$charset."\r\n".'From: '.$settings['admin_gbemail']."\r\n".'Reply-To: '.$settings['spam_mail']."\r\n".'X-Mailer: PHP/'.phpversion();
$caption = "index.php: ".$_SERVER['REMOTE_ADDR']." kam wieder!";
$mailtext = $_SERVER['REMOTE_ADDR']." ist geblockt und hat nochmal versucht das Gästebuch zu erreichen!<br><br>\n\n";
$mailtext.= "IP: ".$_SERVER['REMOTE_ADDR']."<br>\n";
$mailtext.= "User-Agent: ".$_SERVER['HTTP_USER_AGENT'];
mail($settings['spam_mail'], $caption, $mailtext, $header);
die();
}
}
}
}
// set number of site to "1" ifit is "0"
if(!isset($_GET['p'])) { $_GET['p'] = 1; }
// get total number of entries
$results = mgb_sql_connect("SELECT COUNT(ID) FROM ".$db['prefix']."entries WHERE CHECKED=1", "Error while counting guestbook entries.", 1);
$total = @mysql_result($results, 0);
// compute how many pages there are
$p = ($total / $settings['entries_per_page']);
if($p <= 1)
{
$p = 0;
if($total > 1)
{
$how_many_entries = $total." ".$lang['entries'];
}
elseif($total == 0)
{
$how_many_entries = $lang['no_entries'];
}
else
{
$how_many_entries = $total." ".$lang['entry'];
}
}
else
{
$p = ceil($p);
$how_many_entries = $total." ".$lang['entries_on_pages'];
}
$pagenr = secure_value($_GET['p']);
$load_start = ($pagenr * $settings['entries_per_page']) - $settings['entries_per_page'];
$load_end = $settings['entries_per_page'];
$pages_total = ceil($p);
if($pagenr == 1)
{
$sf_forwards = "<a href=\"index.php?p=".($pagenr + 1)."\" title=\"".$lang['page_forwards']."\">".$lang['page_forwards_symbol']."</a>";
$sf_pagenumber = $pagenr;
if($pages_total >= 3 )
{
$sf_last = "<a href=\"index.php?p=".$pages_total."\" title=\"".$lang['page_last']."\">".$lang['page_last_symbol']."</a>";
}
}
if($pagenr > 1)
{
if(($pages_total >= 3) AND ($pagenr > 2))
{
$sf_first = "<a href=\"index.php?p=1\" title=\"".$lang['page_first']."\">".$lang['page_first_symbol']."</a>";
}
$sf_backwards = "<a href=\"index.php?p=".($pagenr - 1)."\" title=\"".$lang['page_backwards']."\">".$lang['page_backwards_symbol']."</a>";
$sf_pagenumber = $pagenr;
$sf_forwards = "<a href=\"index.php?p=".($pagenr + 1)."\" title=\"".$lang['page_forwards']."\">".$lang['page_forwards_symbol']."</a>";
if(($pages_total >= 3) AND ($pagenr < ($pages_total - 1)))
{
$sf_last = " <a href=\"index.php?p=".$pages_total."\" title=\"".$lang['page_last']."\">".$lang['page_last_symbol']."</a>";
}
}
if($pagenr == $pages_total)
{
if($pages_total >= 3)
{
$sf_first = "<a href=\"index.php?p=1\" title=\"".$lang['page_first']."\">".$lang['page_first_symbol']."</a>";
}
$sf_backwards = "<a href=\"index.php?p=".($pagenr - 1)."\" title=\"".$lang['page_backwards']."\">".$lang['page_backwards_symbol']."</a>";
$sf_pagenumber = $pagenr;
$sf_forwards = "";
}
if($pages_total <= 0)
{
$content_scrolling_function = "<br>";
}
// load guestbook entries
$result = mgb_sql_connect("SELECT ID, name, city, email, icq, aim, msn, hp, message, comment, timestamp, user_show_email FROM ".$db['prefix']."entries WHERE checked=1 ORDER BY ".$settings['entries_order']." ".$settings['entries_order_asc_desc']." LIMIT $load_start, $load_end", "Error while loading guestbook entries.", 1);
for($i = 0; $i < @mysql_num_rows($result); $i++)
{
$entry[$i] = @mysql_fetch_array($result);
}
// fill header template with content
$refresh = "";
$page_header = $content_header;
// check if"install" directory has been deleted
if(file_exists("install"))
{
$page_header = template("INSTALL_DIRECTORY_EXISTS", "<div style=\"background-color: white; padding: 3px; border: 2px solid black; width: 500px;\"><span style=\"color: red; font-size: 12px; font-weight: bold;\">".$lang['install_directory_exists']."</span></div>", $page_header);
}
else
{
$page_header = template("INSTALL_DIRECTORY_EXISTS", "", $page_header);
}
$page_header = template("LANGUAGE_SHORT", $language_short, $page_header);
$page_header = template("DOMAIN", $settings['h_domain'], $page_header);
$page_header = template("AUTHOR", $settings['h_author'], $page_header);
$page_header = template("KEYWORDS", $settings['h_keywords'], $page_header);
$page_header = template("DESCRIPTION", $settings['h_description'], $page_header);
$page_header = template("CHARSET", $charset, $page_header);
$page_header = template("REFRESH", $refresh, $page_header);
// fill entry template with content
if($settings['entries_numbering'] == 0)
{
$entry_counter = ($settings['entries_per_page'] * $pagenr) - $settings['entries_per_page'];
}
else
{
$entry_counter = ($total - ($settings['entries_per_page'] * $pagenr) + ($settings['entries_per_page'] + 1));
}
if($total > 0)
{
for($i = 0; $i < count($entry); $i++)
{
$page_entry[$i] = $content_index_entry;
if($settings['entries_numbering'] == 0)
{
$entry_counter++;
}
else
{
$entry_counter--;
}
// wordwrap: ifmessage contains words longer than $settings['wordwrap'] they will
// be broken into two or more strings. if$settings['wordwrap'] == 0, function is off
// this method taken from http://de.php.net/manual/en/function.wordwrap.php#64517
// by ab_at_notenet(dot)dk (thanks for that!!) will luckily not break html tags
/* if($charset == "utf-8")
{
$entry[$i]['message'] = utf8_encode($entry[$i]['message']);
}
else
{
$entry[$i]['message'] = utf8_decode($entry[$i]['message']);
} */
if(!$settings['wordwrap'] == 0)
{
$entry[$i]['message'] = textWrap($entry[$i]['message'], $settings['wordwrap']);
}
// set smilies
if($settings['smileys'] == 1)
{
$entry[$i]['message'] = set_smilies($entry[$i]['message']);
$entry[$i]['comment'] = set_smilies($entry[$i]['comment']);
}
else
{
$entry[$i]['message'] = delete_smilies($entry[$i]['message']);
$entry[$i]['comment'] = delete_smilies($entry[$i]['comment']);
}
// set bbcode
if($settings['bbcode'] == 1)
{
$entry[$i]['message'] = bbcode_format($entry[$i]['message'], "");
$entry[$i]['comment'] = bbcode_format($entry[$i]['comment'], "");
}
else
{
$entry[$i]['message'] = bbcode_delete($entry[$i]['message']);
$entry[$i]['comment'] = bbcode_delete($entry[$i]['comment']);
}
// find out which optional data has been set by the user
$email = $content_index_entry_email;
$message = $content_index_entry_message;
$city = $content_index_entry_city;
$hp = $content_index_entry_hp;
$gravatar = $content_index_entry_gravatar;
$icq = $content_index_entry_icq;
$info = $content_index_entry_info;
$aim = $content_index_entry_aim;
$msn = $content_index_entry_msn;
$comment = $content_index_entry_comment;
$info_icons = 5;
if($entry[$i]['city'] == "") { $city = ""; }
if($entry[$i]['hp'] == "") { $hp = ""; $info_icons--; }
if($entry[$i]['icq'] == "") { $icq = ""; $info_icons--; }
if($entry[$i]['aim'] == "") { $aim = ""; $info_icons--; }
if($entry[$i]['msn'] == "") { $msn = ""; $info_icons--; }
if($entry[$i]['comment'] == "") { $comment = ""; }
// check ifemail is set
if($entry[$i]['email'])
{
// find out ifthe user wants his email to be shown
if($entry[$i]['user_show_email'] != 0)
{
if($settings['spam_protection'] == 1)
{
$entry_email_path = "email.php?id=".$entry[$i]['ID'];
$entry_email_pic = "images/iconsets/".$settings['iconset_path']."/email.png";
$entry_email_text = $lang['email_yes'];
}
else
{
$entry_email_path = "mailto:".$entry[$i]['email'];
$entry_email_pic = "images/iconsets/".$settings['iconset_path']."/email.png";
$entry_email_text = $lang['email_yes'];
}
}
else
{
$entry_email_path = "email.php?id=denied";
$entry_email_pic = "images/iconsets/".$settings['iconset_path']."/email_error.png";
$entry_email_text = $lang['email_no'];
}
}
else
{
$email = "";
$info_icons--;
}
if(!$settings['badwords'] == NULL)
{
// replace badwords
$badwords = explode(',', $settings['badwords']);
foreach($badwords as $key => $val)
$badwords[$key] = trim($val);
$entry[$i]['name'] = badwords($entry[$i]['name']);
$entry[$i]['city'] = badwords($entry[$i]['city']);
$entry[$i]['message'] = badwords($entry[$i]['message']);
}
// old date form
// $timestamp = $entry[$i]['timestamp'];
// $date = date($settings['dateform'], $timestamp);
// $time = date("G:i", $timestamp);
// $timestamp = $date." ".$lang['at']." ".$time." ".$lang['oclock'];
// new date form
$timestamp = date($settings['dateform'], $entry[$i]['timestamp']);
if(isset($settings['gravatar_show']) AND ($settings['gravatar_show'] == 1))
{
// load gravatar
if($settings['gravatar_rating'] == 0) { $gravatar_rating = "G"; }
if($settings['gravatar_rating'] == 1) { $gravatar_rating = "PG"; }
if($settings['gravatar_rating'] == 2) { $gravatar_rating = "R"; }
if($settings['gravatar_rating'] == 3) { $gravatar_rating = "X"; }
if($settings['gravatar_type'] == 0) { $gravatar_type = "&f=y"; }
if($settings['gravatar_type'] == 1) { $gravatar_type = "&d=mm"; }
if($settings['gravatar_type'] == 2) { $gravatar_type = "&d=identicon"; }
if($settings['gravatar_type'] == 3) { $gravatar_type = "&d=monsterid"; }
if($settings['gravatar_type'] == 4) { $gravatar_type = "&d=wavatar"; }
if($settings['gravatar_type'] == 5) { $gravatar_type = "&d=retro"; }
$gravatar_url = "http://www.gravatar.com/avatar/".md5(strtolower(trim($entry[$i]['email'])))."?s=".$settings['gravatar_size']."&r=".$gravatar_rating.$gravatar_type;
$img_gravatar = "<img src=\"".$gravatar_url."\" class=\"gravatar\" style=\"width: ".$settings['gravatar_size']."px; height: ".$settings['gravatar_size']."px;\" alt=\"".$lang['gravatar']."\" title=\"".$lang['gravatar']."\">";
}
else
{
$gravatar_size = 0;
$img_gravatar = NULL;
}
// fill template with other templates ifset
if($info_icons > 0)
{
$page_entry[$i] = template("TEMPLATE_ENTRY_INFO", $info, $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_ENTRY_EMAIL", $email, $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_ENTRY_HP", $hp, $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_ENTRY_ICQ", $icq, $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_ENTRY_AIM", $aim, $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_ENTRY_MSN", $msn, $page_entry[$i]);
}
elseif($info_icons == 0)
{
$page_entry[$i] = template("TEMPLATE_ENTRY_INFO", "", $page_entry[$i]);
}
$page_entry[$i] = template("TEMPLATE_ENTRY_CITY", $city, $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_ENTRY_MESSAGE", $message, $page_entry[$i]);
if($settings['gravatar_position'] == 0) {
$page_entry[$i] = template("ENTRY_GRAVATAR_LEFT", $gravatar, $page_entry[$i]);
$page_entry[$i] = template("ENTRY_GRAVATAR_RIGHT", "", $page_entry[$i]);
$page_entry[$i] = template("GRAVATAR_CSS", "entry_message_gravatar_left", $page_entry[$i]); }
else {
$page_entry[$i] = template("ENTRY_GRAVATAR_LEFT", "", $page_entry[$i]);
$page_entry[$i] = template("ENTRY_GRAVATAR_RIGHT", $gravatar, $page_entry[$i]);
$page_entry[$i] = template("GRAVATAR_CSS", "entry_message_gravatar_right", $page_entry[$i]); }
$page_entry[$i] = template("TEMPLATE_ENTRY_COMMENT", $comment, $page_entry[$i]);
// fill template with entry (language)
$page_entry[$i] = template("LANG_FROM", $lang['from'], $page_entry[$i]);
$page_entry[$i] = template("LANG_EMAIL_OF", $entry_email_text, $page_entry[$i]);
$page_entry[$i] = template("LANG_HP_OF", $lang['hp_of'], $page_entry[$i]);
$page_entry[$i] = template("LANG_COMMENT", $lang['comment'], $page_entry[$i]);
// fill template with entry (strings)
$page_entry[$i] = template("ENTRY_ID", $entry_counter, $page_entry[$i]);
$page_entry[$i] = template("ENTRY_ANCHOR", "<a href=\"index.php?p=".$pagenr."#e".$entry_counter."\" title=\"".$lang['anchor']."\">»</a>", $page_entry[$i]);
$page_entry[$i] = template("ENTRY_CITY", $entry[$i]['city'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_EMAIL_PIC", $entry_email_pic, $page_entry[$i]);
$page_entry[$i] = template("ENTRY_EMAIL_PATH", $entry_email_path, $page_entry[$i]);
$page_entry[$i] = template("ENTRY_TIMESTAMP", $timestamp, $page_entry[$i]);
$page_entry[$i] = template("GRAVATAR_SIZE", $settings['gravatar_size'], $page_entry[$i]);
$page_entry[$i] = template("IMG_GRAVATAR", $img_gravatar, $page_entry[$i]);
$page_entry[$i] = template("ENTRY_MESSAGE", $entry[$i]['message'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_HP", $entry[$i]['hp'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_ICQ_NUMBER", $entry[$i]['icq'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_AIM_NAME", $entry[$i]['aim'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_MSN", $entry[$i]['msn'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_COMMENT", $entry[$i]['comment'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_NAME", $entry[$i]['name'], $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_PATH", "templates/".$settings['template_path'], $page_entry[$i]);
if(!isset($page_entry_echo)) { $page_entry_echo = NULL; }
$page_entry_echo .= $page_entry[$i];
}
}
if(!isset($page_entry_echo)) { $page_entry_echo = NULL; }
// fill index_body.tpl and load templates first
$page_body_index = $content_index_body;
$page_body_index = template("HEADER", $page_header, $page_body_index);
$page_body_index = template("TEMPLATE_SCROLLING_FUNCTION", $content_scrolling_function, $page_body_index);
$page_body_index = template("TEMPLATE_ENTRIES", $page_entry_echo, $page_body_index);
$page_body_index = template("TEMPLATE_PATH", "templates/".$settings['template_path'], $page_body_index);
$page_body_index = template("TEMPLATE_STYLE_PATH", $settings['template_style_path'], $page_body_index);
$page_body_index = template("TEMPLATE_COPYRIGHT", $content_copyright, $page_body_index);
$page_body_index = template("TEMPLATE_FOOTER", $content_footer, $page_body_index);
// then strings
$page_body_index = template("TITLE", $settings['title'], $page_body_index);
$page_body_index = template("ICONSET_PATH", $settings['iconset_path'], $page_body_index);
$page_body_index = template("LANG_HOW_MANY_ENTRIES", $how_many_entries, $page_body_index);
$page_body_index = template("PAGES", $p, $page_body_index);
$page_body_index = template("SF_FIRST", $sf_first, $page_body_index);
$page_body_index = template("SF_BACKWARDS", $sf_backwards, $page_body_index);
$page_body_index = template("SF_PAGENUMBER", $sf_pagenumber, $page_body_index);
$page_body_index = template("SF_FORWARDS", $sf_forwards, $page_body_index);
$page_body_index = template("SF_LAST", $sf_last, $page_body_index);
$page_body_index = template("MGB_VERSION", $settings['version'], $page_body_index);
$page_body_index = template("COPYRIGHT_DATE", date("Y"), $page_body_index);
// fill in the rest of the language strings
$page_body_index = mgb_template_language($page_body_index, "language/".$settings['language_path']."/lang_main.php", $settings['debug_mode']); // last number defines debug mode
// generate page
echo $page_body_index;
?>