Location: PHPKode > projects > Quick Guestbook > quicktalk/qtg_adm.php
<?php



/**

* PHP versions 4 and 5

*

* LICENSE: This source file is subject to version 3.0 of the PHP license

* that is available through the world-wide-web at the following URI:

* http://www.php.net/license.  If you did not receive a copy of

* the PHP License and are unable to obtain it through the web, please

* send a note to hide@address.com so we can mail you a copy immediately.

*

* @package    QuickTalk Guestbook

* @author     Philippe Vandenberghe <hide@address.com>

* @copyright  2009-2012 The PHP Group

* @version    2.5 build:20100731

*/



session_start();

require_once('bin/qtg_init.php');

if ( !isset($_SESSION['qtgAuth']) ) HtmlRedirect(Href('qtg_login.php')); // CHECK LOGIN

if ( $_SESSION['qtgAuth']!='yes' )  HtmlRedirect(Href('qtg_login.php'));



include(GetLang().'qtg_adm.php');



$qtg_skin='admin';

$pg_name=$L['Security'];

$pg_url='qtg_adm.php';



$arrYN = array($L['No'],$L['Yes']);



// --------

// SUBMITTED

// --------



if ( isset($_POST['ok']) )

{

  // check guestbook status

  if ( $_POST['status']=='1' ) { $qtg_actif=true; } else { $qtg_actif=false; }



  // check notify (can be empty)

  if ( empty($error) )

  {

    $str=trim($_POST['notify']); if ( get_magic_quotes_gpc() ) $str=stripslashes($str);

    if ( empty($str) )

    {

    $qtg_notify='';

    }

    else

    {

    if ( QTismail($str) ) { $qtg_notify=$str; } else { $error='E-mail ['.$str.'] '.$L['E_invalid']; }

    }

  }  



  // check antispam method

  $qtg_antispam = $_POST['antispam'];

  

  // check msg max size

  $str = trim($_POST['max_size']);

  if ( !is_numeric($str) ) $error=$L['Msg_max_size'].' ['.$str.'] '.$L['E_invalid'].' (500-50000)';

  if ( empty($error) ) { if ( !QTisbetween($str,500,5000) ) $error=$L['Msg_max_size'].' ['.$str.'] '.$L['E_invalid'].' (500-50000)'; }

  if ( empty($error) ) $qtg_max_size = intval($str);



  // check flood time

  $str = trim($_POST['max_sec']);

  if ( !is_numeric($str) ) $error=$L['Flood_max_sec'].' ['.$str.'] '.$L['E_invalid'].' (1-100)';

  if ( empty($error) ) { if ( !QTisbetween($str,1,100) ) $error=$L['Flood_max_sec'].' ['.$str.'] '.$L['E_invalid'].' (1-100)'; }

  if ( empty($error) ) $qtg_max_sec = intval($str);

  

  // check day

  $str = trim($_POST['maxday']);

  if ( !is_numeric($str) ) $error=$L['Flood_max_day'].' ['.$str.'] '.$L['E_invalid'].' (1-100)';

  if ( empty($error) ) { if ( !QTisbetween($str,1,100) ) $error=$L['Flood_max_day'].' ['.$str.'] '.$L['E_invalid'].' (1-100)'; }

  if ( empty($error) ) $qtg_maxday = intval($str);

  

  // check ip

  if ( $_POST['checkip']=='Y' ) { $qtg_checkip=true; } else { $qtg_checkip=false;}

  $qtg_checkip_list = '';  if ( isset($_POST['iplist']) ) $qtg_checkip_list = trim($_POST['iplist']);

  $qtg_checkip_list = str_replace(array("\r\n","\n",",",";"),' ',$qtg_checkip_list);

  

  // check each ip

  if ( !empty($qtg_checkip_list) )

  {

    $arrIp = explode(' ',$qtg_checkip_list);

    foreach($arrIp as $strIp)

    {

      if ( !preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\..+$/',$strIp) ) $error='IP '.$L['E_invalid'];

    }

  }

  // check javamail

  if ( $_POST['javamail']=='1' ) { $qtg_javamail=true; } else { $qtg_javamail=false; }



  // check meaning

  if ( $_POST['meaning']=='1' ) { $qtg_meaning=true; } else { $qtg_meaning=false; }



  // check langue

  if ( $_POST['checklang']=='1' ) { $qtg_checklang=true; } else { $qtg_checklang=false; }



  // save result

  if ( empty($error) )

  { 

    // check string variables to remove quotes

    foreach (array('qtg_notify','qtg_checkip_list') as $strVar)

    {

      if ( isset($$strVar) ) {

      if ( strstr($$strVar,"'") ) {

        $$strVar = str_replace("'",'&#039;',$$strVar);

      }}

    }



$strTxt = '<?php

$qtg_actif = '.($qtg_actif ? 'true' : 'false').';

$qtg_notify = "'.$qtg_notify.'";

$qtg_max_size = '.$qtg_max_size.';

$qtg_max_sec = '.$qtg_max_sec.';

$qtg_max_day = '.$qtg_maxday.';

$qtg_antispam = '.$qtg_antispam.';

$qtg_checkip = '.($qtg_checkip ? 'true' : 'false').';

$qtg_checkip_list = "'.$qtg_checkip_list.'";

$qtg_javamail = '.($qtg_javamail ? 'true' : 'false').';

$qtg_meaning = '.($qtg_meaning ? 'true' : 'false').';

$qtg_checklang = '.($qtg_checklang ? 'true' : 'false').'; ?>';

    

    if ( !is_writable('bin/config_stop.php') ) $error='Impossible to write into the file [bin/config_stop.php].';

    

    if ( empty($error) )

    {

       if (!$handle = fopen('bin/config_stop.php', 'w')) $error='Impossible to open the file [bin/config_stop.php].';

    }

    if ( empty($error) )

    {

       if ( fwrite($handle,$strTxt)===FALSE )

       {

        $error = 'Impossible to write into the file [bin/config_stop.php].';

       }

       else

       {

         $strInfo = $L['Save_successfull'];

         fclose($handle);

       }

    }

  }

}



// --------

// HTML START

// --------



include('qtg_p_header.php');

include('qtg_adm_menu.php');



echo '<h2>',$L['Activity_status'],'</h2>

<form method="post" action="',Href('qtg_adm.php'),'">

<table width="100%" border="0" cellspacing="0" class="admin">

<tr>

<td class="admin_top" style="width:180px;"><span class="texthead"><label for="status">',$L['Guestbook_status'],'</label></span></th>

<td class="admin" style="width:210px;">&nbsp;',($qtg_actif ? '<img src="admin/qtg_adm_actif.gif" border="0" alt="actif" title="actif"/>' : '<img src="admin/qtg_adm_closed.gif" border="0" alt="closed" title="closed"/>'),'&nbsp;&nbsp;<select id="status" name="status" onchange="bEdited=true;">',QTasTag(array($L['Closed'],$L['Actif']),$qtg_actif),'</select></td>

<td class="admin_help">(v',QTGVERSION,')</td>

</tr>

<tr>

<td class="admin_top"><span class="texthead"><label for="notify">',$L['Activity_notify'],'</label></span></th>

<td class="admin"><input type="text" name="notify" id="notify" size="30" maxlength="255" value="',$qtg_notify,'" onchange="bEdited=true;"/></td>

<td class="admin_help">',$L['HActivity_notify'],'</td>

</tr>

</table>

';

echo '<h2>',$L['Security_settings'],'</h2>

<table width="100%" border="0" cellspacing="0" class="admin">

<tr>

<td class="admin_top" style="width:180px;"><span class="texthead"><label for="max_size">',$L['Msg_max_size'],'</label></span></th>

<td class="admin" style="width:210px;"><input id="max_size" name="max_size" size="6" maxlength="6" value="',$qtg_max_size,'" onchange="bEdited=true;">&nbsp;',$L['Characters'],'</td>

<td class="admin_help">',$L['HMsg_max_size'],'</td>

</tr>

<tr>

<td class="admin_top"><span class="texthead"><label for="max_sec">',$L['Flood_max_sec'],'</label></span></th>

<td class="admin"><input id="max_sec" name="max_sec" size="3" maxlength="3" value="',$qtg_max_sec,'" onchange="bEdited=true;"/> ',$L['Sec'],'</td>

<td class="admin_help">',$L['HFlood_max_sec'],'</td>

</tr>

<tr>

<td class="admin_top"><span class="texthead"><label for="maxday">',$L['Flood_max_day'],'</label></span></th>

<td class="admin"><input id="maxday" name="maxday" size="3" maxlength="3" value="',$qtg_max_day,'" onchange="bEdited=true;"/>/ ',$L['User'],'</td>

<td class="admin_help">',$L['HFlood_max_day'],'</td>

</tr>

<tr>

<td class="admin_top"><span class="texthead"><label for="antispam">',$L['Check_human'],'</label></span></th>

<td class="admin">

<select id="antispam" name="antispam" onchange="bEdited=true;">',QTasTag(array($L['No'],$L['Text'],$L['Image']),$qtg_antispam),'</select>

<td class="admin_help">',$L['HCheck_human'],'</td>

</tr>

<tr>

<td class="admin_top"><span class="texthead"><label for="javamail">',$L['Javamail'],'</label></span></th>

<td class="admin">

<select id="javamail" name="javamail" onchange="bEdited=true;">',QTasTag($arrYN,$qtg_javamail),'</select>

<td class="admin_help">',$L['HJavamail'],'</td>

</tr>

</table>

';

if ( !isset($qtg_meaning) ) $qtg_meaning=false;

if ( !isset($qtg_checklang) ) $qtg_checklang=false;

echo '<h2>',$L['Input_control'],'</h2>

<table width="100%" border="0" cellspacing="0" class="admin">

<tr>

<td class="admin_top" style="width:180px;"><span class="texthead"><label for="meaning">',$L['Check_meaning'],'</label></span></td>

<td class="admin" style="width:210px;">

<select id="meaning" name="meaning" onchange="bEdited=true;">',QTasTag($arrYN,$qtg_meaning),'</select>

</td>

<td class="admin_help">',$L['HCheck_meaning'],'</td>

</tr>

<tr>

<td class="admin_top" style="width:180px;"><span class="texthead"><label for="checklang">',$L['Check_lang'],'</label></span></td>

<td class="admin" style="width:100px;">

<select id="checklang" name="checklang" onchange="bEdited=true;">',QTasTag($arrYN,$qtg_checklang),'</select>

</td>

<td class="admin_help">',$L['HCheck_lang'],'</td>

</tr>

<tr valign="top">

<td class="admin_top"><span class="texthead"><label for="checkip">',$L['Check_ip'],'</label></span></th>

<td class="admin">

<select id="checkip" name="checkip" onchange="bEdited=true;">',QTasTag($arrYN,$qtg_checkip),'</select><br/>

<textarea class="small" name="iplist" id="iplist" cols="29" rows="3">',$qtg_checkip_list.'</textarea>

<td class="admin_help">',$L['HCheck_ip'],'</td>

</tr>

</table>

';

echo '<p style="text-align:center"><input type="submit" name="ok" value="',$L['Save'],'"/></p>

</form>

';



// --------

// HTML END

// --------



include('qtg_p_footer.php');



?>
Return current item: Quick Guestbook