Location: PHPKode > projects > MGB OpenSource Guestbook > mgb-0.6.9.2/admin/edit.inc.php
<?php
	/*
	MGB 0.6.x - OpenSource PHP and MySql Guestbook
	Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/

	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
	*/

	// ============ //
	// edit.inc.php //
	// ============ //
	//
	// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //

	// make sure nobody has direct acces to this script
	if (!defined('ADMINISTRATION'))
		{
		include ("error.html");
		die();
		}
	else
		{
		if(check_rights($_GET['action'], $_SESSION['ID']))
			{
			// load config, settings and language files
			require ("../includes/config.inc.php");
			require ("../includes/load_settings.inc.php");
			require ("../language/".$settings['language_path']."/lang_admin.php");
			// load templates
			require ("load_template_admin.inc.php");

			// set number of site to "1" if it is "0"
			if(!isset($_GET['p'])) { $_GET['p'] = 1; }

			// connect to database
			$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(edit.inc.php) Error, line 48: ".mysql_error());
			@mysql_select_db($db['dbname'], $link) or die ("(edit.inc.php) Error, line 49: ".mysql_error());

			$ok = 1;

			if(isset($_GET['id']))
				{
				if(isset($_POST['sent_edit']) AND $_POST['sent_edit'] == 1)
					{
					// delete html code, php code and white spaces

					if(!isset($_POST['user_notification'])) { $_POST['user_notification'] = 0; }
					if(!isset($_POST['user_show_email'])) { $_POST['user_show_email'] = 0; }
					
					require ("../includes/functions.inc.php");

					// stripslashes and so on
					$_POST['date'] = cleanstr($_POST['date']);
					$_POST['time'] = cleanstr($_POST['time']);
					$_POST['name'] = cleanstr($_POST['name']);
					$_POST['city'] = cleanstr($_POST['city']);
					$_POST['email'] = cleanstr($_POST['email']);
					$_POST['icq'] = cleanstr($_POST['icq']);
					$_POST['aim'] = cleanstr($_POST['aim']);
					$_POST['msn'] = cleanstr($_POST['msn']);
					$_POST['hp'] = cleanstr($_POST['hp']);
					$_POST['message'] = cleanstr($_POST['message']);
					$_POST['comment'] = cleanstr($_POST['comment']);
					$_POST['user_notification'] = cleanstr($_POST['user_notification']);
					$_POST['user_show_email'] = cleanstr($_POST['user_show_email']);

					// delete bbcode except from message and comment
					$_POST['date'] = bbcode_delete($_POST['date']);
					$_POST['time'] = bbcode_delete($_POST['time']);
					$_POST['name'] = bbcode_delete($_POST['name']);
					$_POST['city'] = bbcode_delete($_POST['city']);
					$_POST['aim'] = bbcode_delete($_POST['aim']);
					$_POST['msn'] = bbcode_delete($_POST['msn']);
					$_POST['hp'] = bbcode_delete($_POST['hp']);

					$_POST['message'] = nl2br($_POST['message']);
					$_POST['comment'] = nl2br($_POST['comment']);
					$t1 = chr(10);
					$t2 = chr(13);
					$_POST['message'] = str_ireplace($t1, '', $_POST['message']);
					$_POST['message'] = str_ireplace($t2, '', $_POST['message']);
					$_POST['comment'] = str_ireplace($t1, '', $_POST['comment']);
					$_POST['comment'] = str_ireplace($t2, '', $_POST['comment']);

					// set timestamp back to NOW(); format
					$delimiter = substr($settings['dateform'], 1,1);

					$date = explode($delimiter, $_POST['date']);

					$first_date = substr($settings['dateform'], 0,1);
					$second_date = substr($settings['dateform'], 2,1);
					$third_date = substr($settings['dateform'], 4,1);

					$hours = substr($_POST['time'], 0,2);
					$minutes = substr($_POST['time'], 3,2);

					switch ($first_date)
						{
						case "d":
							$day = $date[0];
							break;
						case "m":
							$month = $date[0];
							break;
						case "Y":
							$year = $date[0];
							break;
						}
					switch ($second_date)
						{
						case "d":
							$day = $date[1];
							break;
						case "m":
							$month = $date[1];
							break;
						case "Y":
							$year = $date[1];
							break;
						}
					switch ($third_date)
						{
						case "d":
							$day = $date[2];
							break;
						case "m":
							$month = $date[2];
							break;
						case "Y":
							$year = $date[2];
							break;
						}

					$timestamp = mktime($hours, $minutes, 0, $month, $day, $year);

					// save data to database
					$sql = "UPDATE ".$db['prefix']."entries SET
									`name` = '".$_POST['name']."',
									`city` = '".$_POST['city']."',
									`email` = '".$_POST['email']."',
									`icq` = '".$_POST['icq']."',
									`aim` = '".$_POST['aim']."',
									`msn` = '".$_POST['msn']."',
									`hp` = '".$_POST['hp']."',
									`message` = '".$_POST['message']."',
									`comment` = '".$_POST['comment']."',
									`timestamp` = '".$timestamp."',
									`user_notification` = '".$_POST['user_notification']."',
									`user_show_email` = '".$_POST['user_show_email']."'
									WHERE ID=".secure_value($_GET['id'])." LIMIT 1";

					if (@mysql_query($sql, $link) or die ("(edit.inc.php) Error, line 164: ".mysql_error()) )
						{
						$saved_settings_successfull = 1;
						}

					if($_POST['user_notification'] == 1 AND !empty($_POST['comment']) AND !empty($_POST['email']))
						{
						$date = date("d"."/"."m"."/"."Y");
						$time = date("H".":"."i");

						$url_to_gb = "http://".$settings['h_domain'].$settings['gb_path']."index.php";

						$lang['sendmail_user_comment_title'] = format_mail(repl_uml($lang['sendmail_user_comment_title'], $charset), $_POST['name'], $date, $time, xhtmlbr2nl($_POST['message']), $settings['h_domain'], $url_to_gb, "", "", "", "", "", "", "");
						$settings['sendmail_comment_text'] = format_mail(repl_uml($settings['sendmail_comment_text'], $charset), $_POST['name'], $date, $time, xhtmlbr2nl($_POST['message']), $settings['h_domain'], $url_to_gb, "", "", "", "", "", "", "");

						$mail_header = "content-type: text/plain; charset=".$charset."\n";
						$mail_header .= "from: ".$settings['admin_gbemail'];

						if (@mail($_POST['email'], $lang['sendmail_user_comment_title'], $settings['sendmail_comment_text'], $mail_header) )
							{
							$sendemail_successfull = 1;
							}
						}

					$ok = 1;
					}
				else
					{
					require ("../includes/functions.inc.php");

					$sql="SELECT * FROM ".$db['prefix']."entries WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
					$result = @mysql_query($sql, $link) or die ("(edit.inc.php) Error, line 195: ".mysql_error());

					$entry = mysql_fetch_array($result);

					$page_entry_single = $content_edit_single;

					$entryID = $entry['ID'];
					$name = $entry['name'];
					$city = $entry['city'];
					$email = $entry['email'];
					$icq = $entry['icq'];
					$aim = $entry['aim'];
					$msn = $entry['msn'];
					$hp = $entry['hp'];
					$message = $entry['message'];
					$comment = $entry['comment'];
					$ip = $entry['ip'];
					$timestamp = $entry['timestamp'];
					$user_notification = $entry['user_notification'];
					$user_show_email = $entry['user_show_email'];

					// Datum und Zeit trennen
					$date = date($settings['dateform'], $timestamp);
					$time = date("G:i", $timestamp);

					$message = xhtmlbr2nl($message);
					$comment = xhtmlbr2nl($comment);

					if ($user_notification == 1) { $checked_notify = " checked=\"checked\""; } else { $checked_notify = NULL; }
					if ($user_show_email == 1) { $checked_show_email = " checked=\"checked\""; } else { $checked_show_email = NULL; }

					$page_entry_single = template("LANG_ID", $lang['ID'], $page_entry_single);
					$page_entry_single = template("LANG_DATE", $lang['date'], $page_entry_single);
					$page_entry_single = template("LANG_TIME", $lang['time'], $page_entry_single);
					$page_entry_single = template("LANG_NAME", $lang['name'], $page_entry_single);
					$page_entry_single = template("LANG_CITY", $lang['city'], $page_entry_single);
					$page_entry_single = template("LANG_EMAIL", $lang['email'], $page_entry_single);
					$page_entry_single = template("LANG_ICQ", $lang['icq'], $page_entry_single);
					$page_entry_single = template("LANG_AIM", $lang['aim'], $page_entry_single);
					$page_entry_single = template("LANG_MSN", $lang['msn'], $page_entry_single);
					$page_entry_single = template("LANG_HP", $lang['hp'], $page_entry_single);
					$page_entry_single = template("LANG_MESSAGE", $lang['message'], $page_entry_single);
					$page_entry_single = template("LANG_COMMENT", $lang['comment'], $page_entry_single);
					$page_entry_single = template("LANG_IP", $lang['ip'], $page_entry_single);
					$page_entry_single = template("LANG_USER_NOTIFICATION", $lang['user_notification'], $page_entry_single);
					$page_entry_single = template("LANG_USER_SHOW_EMAIL", $lang['user_show_email'], $page_entry_single);
					$page_entry_single = template("LANG_SAVE", $lang['save'], $page_entry_single);

					$page_entry_single = template("ENTRY_ID", $entryID, $page_entry_single);
					$page_entry_single = template("ENTRY_DATE", $date, $page_entry_single);
					$page_entry_single = template("ENTRY_TIME", $time, $page_entry_single);
					$page_entry_single = template("ENTRY_NAME", $name, $page_entry_single);
					$page_entry_single = template("ENTRY_CITY", $city, $page_entry_single);
					$page_entry_single = template("ENTRY_EMAIL", $email, $page_entry_single);
					$page_entry_single = template("ENTRY_ICQ", $icq, $page_entry_single);
					$page_entry_single = template("ENTRY_AIM", $aim, $page_entry_single);
					$page_entry_single = template("ENTRY_MSN", $msn, $page_entry_single);
					$page_entry_single = template("ENTRY_HP", $hp, $page_entry_single);
					$page_entry_single = template("ENTRY_MESSAGE", $message, $page_entry_single);
					$page_entry_single = template("ENTRY_COMMENT", $comment, $page_entry_single);
					$page_entry_single = template("ENTRY_IP", $ip, $page_entry_single);
					$page_entry_single = template("CHECKED_NOTIFY", $checked_notify, $page_entry_single);
					$page_entry_single = template("CHECKED_SHOW_EMAIL", $checked_show_email, $page_entry_single);

					$page_entry_single = template("FORM_ACTION", "admin.php?action=edit&amp;id=".$entryID.$sid, $page_entry_single);

					$content_scrolling_function = "<br>";

					$page_include = $page_entry_single;

					$ok = 0;
					}
				}
			}
		else
			{
			$page_include = "<span class=\"admin\">".$lang['errormessage4']."</span>";
			$content_scrolling_function = "<br>";
			}

		if ($ok == 1)
			{
			// get total number of entries
			$results = @mysql_query("SELECT COUNT(ID) FROM ".$db['prefix']."entries WHERE isspam=0") or die ("(edit.inc.php) Error, line 278: ".mysql_error());
			$total = @mysql_result($results, 0); 

			// compute how many pages there are
			$p = ($total / 20);

			if ($p <= 1)
				{
				$p = 0;
				if ($total > 1)
					{
					$how_many_entries = "<span class=\"admin\">".$total."&nbsp;".$lang['entries']."</span>";
					}
				elseif ($total == 0)
					{
					$how_many_entries = "<span class=\"admin\">".$lang['no_entries']."</span>";
					}
				else
					{
					$how_many_entries = "<span class=\"admin\">".$total."&nbsp;".$lang['entry']."</span>";
					}
				}
			else
				{
				$p = ceil($p);
				$how_many_entries = "<span class=\"admin\">".$total."&nbsp;".$lang['entries_on_pages']."</span>";
				}

			$load_start = ($_GET['p'] * 20) - 20;
			$load_end = 20;

			$pages_total = ceil($p);

			if ($_GET['p'] == 1)
				{
				$sf_forwards = "<a class=\"admin\" href=\"admin.php?action=edit&amp;p=".($_GET['p'] + 1).$sid."\" title=\"".$lang['page_forwards']."\">".$lang['page_forwards_symbol']."</a>";
				$sf_pagenumber = $_GET['p'];
				if ($pages_total >= 3 )
					{
					$sf_last = "<a class=\"admin\" href=\"admin.php?action=edit&amp;p=".$pages_total."\" title=\"".$lang['page_last']."\">".$lang['page_last_symbol']."</a>";
					}
				}

			if ($_GET['p'] > 1)
				{
				if (($pages_total >= 3) AND ($_GET['p'] > 2))
					{
					$sf_first = "<a class=\"admin\" href=\"admin.php?action=edit&amp;p=1".$sid."\" title=\"".$lang['page_first']."\">".$lang['page_first_symbol']."</a>";
					}
				$sf_backwards = "<a class=\"admin\" href=\"admin.php?action=edit&amp;p=".($_GET['p'] - 1).$sid."\" title=\"".$lang['page_backwards']."\">".$lang['page_backwards_symbol']."</a>";
				$sf_pagenumber = $_GET['p'];
				$sf_forwards = "<a class=\"admin\" href=\"admin.php?action=edit&amp;p=".($_GET['p'] + 1).$sid."\" title=\"".$lang['page_forwards']."\">".$lang['page_forwards_symbol']."</a>";
				if (($pages_total >= 3) AND ($_GET['p'] < ($pages_total - 1)))
					{
					 $sf_last = "&nbsp;<a class=\"admin\" href=\"admin.php?action=edit&amp;p=".$pages_total.$sid."\" title=\"".$lang['page_last']."\">".$lang['page_last_symbol']."</a>";
					}
				}

			if ($_GET['p'] == $pages_total)
				{
				if ($pages_total >= 3)
					{
					$sf_first = "<a class=\"admin\" href=\"admin.php?action=edit&amp;p=1".$sid."\" title=\"".$lang['page_first']."\">".$lang['page_first_symbol']."</a>";
					}
				$sf_backwards = "<a class=\"admin\" href=\"admin.php?action=edit&amp;p=".($_GET['p'] - 1).$sid."\" title=\"".$lang['page_backwards']."\">".$lang['page_backwards_symbol']."</a>";
				$sf_pagenumber = $_GET['p'];
				$sf_forwards = "";
				}

			if ($pages_total <= 0)
				{
				$content_scrolling_function = "<br><br>";
				}

			// load guestbook entries
			$sql="SELECT * FROM ".$db['prefix']."entries WHERE isspam=0 ORDER BY ID DESC LIMIT ".$load_start.",".$load_end;
			$result = @mysql_query($sql, $link) or die ("(edit.inc.php) Error, line 354: ".mysql_error());

			$counter = 0;

			for($i = 0; $i < mysql_num_rows($result); $i++)
				{
				$entry[$i] = mysql_fetch_array($result);
				$counter++;
				}

			if ($counter <= 1)
				{
				if ($_GET['p'] == 1)
					{
					$add_page_nr = NULL;
					}
				else
					{
					$add_page_nr = "&amp;p=".($_GET['p'] - 1);
					}
				}
			else
				{
				$add_page_nr = "&amp;p=".$_GET['p'];
				}

			// fill entry template with content
			require ("../includes/functions.inc.php");

			if(!isset($entry)) { $entry = NULL; }

			for($i = 0; $i < count($entry); $i++)
				{
				$page_entry[$i] = $content_edit;

				if($entry[$i]['ip'] == NULL) { $entry[$i]['ip'] = "-"; }
				if($entry[$i]['comment'] == NULL) { $entry[$i]['comment'] = "-"; }

				// wordwrap: if message contains words longer than $settings['wordwrap'] they will
				// be broken into two or more strings. If $settings['wordwrap'] == 0, function is off
				// this method taken from http://de.php.net/manual/en/function.wordwrap.php#64517
				// will luckily not affect html tags

				$entry[$i]['message'] = textWrap($entry[$i]['message'], 45);
				$entry[$i]['comment'] = textWrap($entry[$i]['comment'], 45);

				// convert bbcodes
				$entry[$i]['message'] = bbcode_format($entry[$i]['message'], "adminpanel");
				$entry[$i]['comment'] = bbcode_format($entry[$i]['comment'], "adminpanel");

				// convert smilies
				/* $entry[$i]['message'] = set_smilies($entry[$i]['message']);
				$entry[$i]['comment'] = set_smilies($entry[$i]['comment']); */

				if ($entry[$i]['checked'] == 0) { $status = "<img class=\"icon\" src=\"templates/default/images/inactive.png\" title=\"".$lang['inactive']."\" alt=\"".$lang['inactive']."\">"; } else { $status = "<img class=\"icon\" src=\"templates/default/images/active.png\" title=\"".$lang['active']."\" alt=\"".$lang['active']."\">"; }

				// fill template with entry (strings)
				$page_entry[$i] = template("ENTRY_ID", $entry[$i]['ID'], $page_entry[$i]);
				$page_entry[$i] = template("ENTRY_NAME", substr($entry[$i]['name'], 0, 20), $page_entry[$i]);
				$page_entry[$i] = template("ENTRY_MESSAGE", $entry[$i]['message'], $page_entry[$i]);
				$page_entry[$i] = template("ENTRY_IP", $entry[$i]['ip'], $page_entry[$i]);
				$page_entry[$i] = template("ENTRY_EMAIL", $entry[$i]['email'], $page_entry[$i]);
				$page_entry[$i] = template("ENTRY_HP", $entry[$i]['hp'], $page_entry[$i]);
				$page_entry[$i] = template("ENTRY_COMMENT", $entry[$i]['comment'], $page_entry[$i]);
				$page_entry[$i] = template("LANG_QUOTE", $lang['quote'], $page_entry[$i]);
				$page_entry[$i] = template("EDIT", $status."<br><a href=\"admin.php?action=edit&amp;id=".$entry[$i]['ID'].$add_page_nr.$sid."\"><img class=\"icon\" src=\"templates/default/images/edit.png\" title=\"".$lang['edit_entry']."\" alt=\"".$lang['edit_entry']."\"></a>", $page_entry[$i]);

				if(!isset($page_include)) { $page_include = NULL; }
				$page_include .= $page_entry[$i];
				}
			}
		}

		// close sql connection
		@mysql_close($link);
?>
Return current item: MGB OpenSource Guestbook