Location: PHPKode > projects > PHPKode - PHPGuestbook > kode_operations.php
<?php

  header("Content-Type: text/html; charset=utf-8");
//error_reporting(0);
  session_start();
  $is_demo = False;

  $action = trim($_POST["action"]);

  $messageReturn = "Error: The parameter is incorrect.";

  if (empty($action) || !in_array($action, array("signMsg", "replyMsg", "delMsg", "adminConfig", "adminLogin", "adminLogout"))) {
      returnMsg($messageReturn);
  }

  include "./data/kode_config.php";
  include "kode_class_db.php";
  include "kode_connect_db.php";
  include "kode_functions.php";
  include "kode_author.php";


  $DB_PREFIX = MYSQL_TABLE_PREFIX;

  switch ($action) {
      
      case "signMsg":
          signMsg();
          break;
      case "replyMsg":
          replyMsg();
          break;
      case "delMsg":
          delMsg();
          break;
      case "adminConfig":
          adminConfig();
          break;
      case "adminLogin":
          adminLogin();
          break;
      case "adminLogout":
          adminLogout();
          break;
      default :
          replyMsg();
  }

// Submit message
  function signMsg() {
      global $messageReturn, $DB_PREFIX;

      $validate_code = $_POST['validate_code'];
      if (!isset($_SESSION['kode_validate_code']) || $validate_code != $_SESSION['kode_validate_code']) {
          returnMsg('Error: Invalid validate code!');
      }
      $visitor_name = htmlspecialchars($_POST['visitor_name']);
      $avatar = htmlspecialchars($_POST['avatar_id']);
      $email = htmlspecialchars($_POST['email']);
      $webiste = htmlspecialchars($_POST['webiste']);
      $subject = htmlspecialchars($_POST['subject']);
      $comment = htmlspecialchars($_POST['comment']);

      if (empty($visitor_name)) {
          $messageReturn = "Error:Your Name field is required.";
          returnMsg($messageReturn);
      }
      if ($comment == '' || $comment == null) {
          $messageReturn = "Error:Comment field is required.";
          returnMsg($messageReturn);
      }

      $realip = getIP();

      if (get_visitor_key() == "None") {
          $_COOKIE["visitor_key"] = randKey(6);
          setcookie("visitor_key", $_COOKIE["visitor_key"], time() + 432000);
      }

      $userAgent = getBrowser($_SERVER['HTTP_USER_AGENT']);
      $browser = strtolower($userAgent['name']);
      $os = getSystem($_SERVER['HTTP_USER_AGENT']);
      $language = getLanguage($_SERVER['HTTP_ACCEPT_LANGUAGE']);
      $now = date("Y-m-d H:i:s", time());

      $sql = "INSERT INTO {$DB_PREFIX}message (id, visitor_name, avatar,email, website, subject, comment, date_added, realip, language,browser,  os, visitor_key) ";
      $sql .= " VALUES (null,'$visitor_name', '$avatar','$email', '$webiste', '$subject','$comment', '$now', '$realip', '$language', '$browser','$os', '" . $_COOKIE["visitor_key"] . "')";

//      die($sql);
      $connDb = conn_Db();
      $result = $connDb->query($sql);
      $connDb->close();

      if ($result) {
          $messageReturn = "Sign guestbook successfully";
          returnMsg($messageReturn);
      }
      else {
          $messageReturn = "Error:Sign guestbook failed";
          returnMsg($messageReturn);
      }
  }

#reply message

  function replyMsg() {
      global $messageReturn, $DB_PREFIX;

      if (!Logged()) {
          returnMsg('Error: Please loged in first.');
      }

      $reply_content = htmlspecialchars(trim($_POST['reply_content']));
      $reply_id = trim($_POST['reply_id']);

      if (empty($reply_id) || empty($reply_content)) {
          $messageReturn = "Error: No enough parameters";
          returnMsg($messageReturn);
      }

      $sql = "SELECT * FROM {$DB_PREFIX}reply  WHERE message_id=" . $reply_id;
      $result = conn_Db()->query($sql);
      $total = conn_Db()->rowCount($result);
      if ($total > 0) {
          $sql = "UPDATE {$DB_PREFIX}reply SET comment='$reply_content' WHERE message_id=" . $reply_id;
      }
      else {
          $now = date("Y-m-d H:i:s", time());
          $sql = "INSERT INTO {$DB_PREFIX}reply (id, message_id, comment, date_added)  VALUES(null,'$reply_id','$reply_content', '$now')";
      }

//	die($sql);
      $result = conn_Db()->query($sql);

      if ($result) {
          $messageReturn = "Reply message successfully";
          returnMsg($messageReturn);
      }
      else {
          $messageReturn = "Error: Reply message failed";
          returnMsg($messageReturn);
      }
  }

// delete message
  function delMsg() {
      global $messageReturn, $DB_PREFIX;
      $id = $_POST['id'];
      if (empty($id)) {
          $messageReturn = "Error:ID is not valid";
          returnMsg($messageReturn);
      }

      $connDb = conn_Db();
      if (!Logged()) {
          $visitor_key = get_visitor_key();

          $sql = "SELECT realip FROM  {$DB_PREFIX}message WHERE id=" . $id . " and visitor_key='" . $visitor_key . "'";
          $result = $connDb->query($sql);
          $rowCount = $connDb->rowCount($result);
          if ($rowCount != 1) {
              returnMsg('Error: Please log in first.');
          }
      }

      $sql = "DELETE FROM {$DB_PREFIX}reply WHERE message_id=" . $id;
      $connDb->query($sql);

      $sql = "DELETE FROM {$DB_PREFIX}message WHERE id=" . $id;
      $result = $connDb->query($sql);
      if ($result) {
          $messageReturn = "Deleted successfully";
          returnMsg($messageReturn);
      }
      else {
          $messageReturn = "Error:Delete failed";
          returnMsg($messageReturn);
      }
  }

// change password
  function adminConfig() {
      global $messageReturn, $DB_PREFIX, $is_demo;

      if ($is_demo) {
          returnMsg("Error:It is a demo version. The application doesn't allow you to change the settings.");
      }

      $adminname = (trim($_POST['admin_name']));
      $newpwd = (trim($_POST['new_pass']));
      $confirmpwd = (trim($_POST['confirm_pass']));

      $homepage = (trim($_POST['home_page']));
      $pagetitle = (trim($_POST['page_title']));
      $copyright = (trim($_POST['copyright']));

      if (empty($adminname)) {
          $messageReturn = "Error:Username field is required.";
          returnMsg($messageReturn);
      }

      $changepwd_sql = "";

      if (!empty($newpwd)) {
          if ($newpwd != $confirmpwd) {
              $messageReturn = "Error:Confirm new password did not match the new password you entered.";
              returnMsg($messageReturn);
          }

          $newpwd = md5($newpwd);
          $changepwd_sql = ", admin_pass='$newpwd'";
      }

      $sql = "UPDATE {$DB_PREFIX}config SET admin_name='$adminname',
              home_page='$homepage',
              page_title='$pagetitle',
              copyright='$copyright' $changepwd_sql WHERE id =" . $_SESSION['loggedid'];

      $connDb = conn_Db();
      $connDb->query($sql);
      $connDb->close();
      $messageReturn = "The configuration has been changed.";
      returnMsg($messageReturn);
  }

//Administrator Login
  function adminLogin() {
      global $messageReturn, $DB_PREFIX;
      $validate_code = $_POST['validate_code'];
      if (!isset($_SESSION['kode_validate_code']) || $validate_code != $_SESSION['kode_validate_code']) {
          returnMsg('Error: Invalid validate code!');
      }
      $admin_name = addslashes(trim($_POST['admin_name']));
      $admin_pass = md5(trim($_POST['admin_pass']));

      if (empty($admin_name)) {
          $messageReturn = "Error:Username field is required.";
          returnMsg($messageReturn);
      }
      if (empty($admin_pass)) {
          $messageReturn = "Error:Password field is required.";
          returnMsg($messageReturn);
      }

      $sql = "select id,admin_name,admin_pass from {$DB_PREFIX}config where admin_name='$admin_name' and admin_pass='$admin_pass'";
      $connDb = conn_Db();
      $result = $connDb->query($sql);
      $num_rows = $connDb->num_rows($result);

      if ($num_rows > 0) {
          $rows = $connDb->fetchAssoc($result);
          $connDb->close();
          $_SESSION['loggedid'] = $rows['id'];
          $_SESSION['adminuser'] = $admin_name;
          $messageReturn = "Login successfully. Return to Home Page...";
          returnMsg($messageReturn);
      }
      else {
          $messageReturn = "Error:Username or password error";
          $connDb->close();
          returnMsg($messageReturn);
      }
  }

// sign out
  function adminLogout() {
      global $messageReturn;
      unset($_SESSION['loggedid']);
      unset($_SESSION['adminuser']);
      $messageReturn = "Sign out successfully";
      returnMsg($messageReturn);
  }

// return info
  function returnMsg($msg) {
      exit($msg);
  }

?>
Return current item: PHPKode - PHPGuestbook