Location: PHPKode > projects > Quick Guestbook > quicktalk/qtg_msg_edit.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license.  If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTalk Guestbook
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2009-2012 The PHP Group
* @version    2.5 build:20100731
*/

session_start();
require_once('bin/qtg_init.php');

// Check argument

$ok = '';
$id = '-1'; // in case of file system, id is a filename (hashed)
$page = 1;
QThttpvar('ok id page', 'str str int');
if ( $id<0 ) die('ID '.$L['E_invalid']);

$pg_name=$L['Edit_my_message'];
$pg_url='qtg_msg_edit';

// Check if using the administration section

if ( isset($_GET['adm']) || isset($_POST['adm']) ) { $bAdm=true; } else { $bAdm=false; }
if ( $bAdm ) { if ( !isset($_SESSION['qtgAuth']) ) $bAdm=false; }
if ( $bAdm ) { if ( $_SESSION['qtgAuth']!='yes' ) $bAdm=false; }

// Setting for administration section

if ( $bAdm )
{
  include(GetLang().'qtg_adm.php');
  $qtg_skin = 'admin';
  $pg_name=$L['Edit'];
}
else
{
}

// Get the message

$oPost = new cPost($id);

// Map

if ( !empty($qtg_gkey) )
{ 
  include('qtg_map_lib.php');
  include(GetLang().'qtg_map.php');
  $strBodyAddOnunload='GUnload()';
}

// --------
// SUBMITTED
// --------

if ( !empty($ok) )
{

  // read values
  if ( isset($_POST['from']) ) $oPost->postfrom = substr(strip_tags(trim($_POST['from'])),0,50); if ( get_magic_quotes_gpc() ) $oPost->postfrom = stripslashes($oPost->postfrom);
  if ( isset($_POST['mail']) ) $oPost->useremail = substr(strip_tags(trim($_POST['mail'])),0,50);
  if ( isset($_POST['name']) ) $oPost->name = substr(strip_tags(trim($_POST['name'])),0,50); if ( get_magic_quotes_gpc() ) $oPost->name = stripslashes($oPost->name);
  if ( isset($_POST['msg']) )  $oPost->message = strip_tags(trim($_POST['msg'])); if ( get_magic_quotes_gpc() ) $oPost->message = stripslashes($oPost->message);
  if ( isset($_POST['age']) )
  {
    $_POST['age'] = trim($_POST['age']);
    if ( empty($_POST['age']) ) { $oPost->userage = -1; } else { $oPost->userage = intval($_POST['age']); }
  }
  // check code
  if ( empty($error) && $qtg_antispam!=0 && !$bAdm)
  {
    if ( isset($_POST['code']) ) { $strCode=substr(trim($_POST['code']),0,4); } else { $strCode=-1; }
    if ( !QTisbetween(intval($strCode),0,9999) ) $error = $L['E_code'];
    if ( $_SESSION['textcolor'] != sha1($strCode) ) $error = $L['E_code'];
  }

  // read values
  if ( empty($error) )
  { 
    // mandatory fields
    $oPost->name = QTconv($oPost->name,'2',QT_CONVERT_AMP);
    $oPost->message = QTconv($oPost->message,'2',QT_CONVERT_AMP);
    if ( empty($oPost->name) ) $error = $L['Name'].' '.$L['E_invalid'];
    if ( empty($oPost->message) )  $error = $L['Message'].' '.$L['E_invalid'];
    $oPost->message = str_replace("\r\n\r\n\r\n","\r\n\r\n",$oPost->message);
    $oPost->message = str_replace("\n\n\n","\n\n",$oPost->message);     
    if ( !$oPost->CheckMessage($qtg_max_size,2,2) ) $error = $L['E_size'];
    if ( isset($_POST['m_map_gcenter']) ) { $oPost->x = QTgetx($_POST['m_map_gcenter']); $oPost->y = QTgety($_POST['m_map_gcenter']); } else { $oPost->x=0;$oPost->y=0; }
  }

  // check optional fields
  if ( empty($error) && $oPost->userage>=0 ) { if ( !QTisbetween($oPost->userage,1,120) ) $error = $L['Age'].' '.$L['E_invalid']; }
  if ( empty($error) && $oPost->useremail!='' ) { if ( !QTismail($oPost->useremail) ) $error = $L['Email'].' '.$L['E_invalid']; }
  if ( empty($error) && $oPost->postfrom!='' ) { $oPost->postfrom = QTconv($oPost->postfrom,'2',QT_CONVERT_AMP); }

  // multipost check
  if ( empty($error) && TooMuch($qtg_max_day) ) $error = $L['E_maxday'];

  // flood check
  if ( empty($error) && !LastPostDelayAcceptable($qtg_max_sec) ) $error = $L['E_wait'];

  // check message meaning
  if ( empty($error) && $qtg_meaning )
  {
    if ( !$oPost->CheckMeaning() ) $error = $L['E_language'];
  }

  // check message wording
  if ( empty($error) && $qtg_checklang )
  {
    $b=false;
    include(GetLang().'qtg_goodbad.php');
    if ( $oPost->CheckWording($voc) ) $b=true;
    // check other languages if multiple lang allowed
    if ( !$b && $qtg_menulang )
    {
      include('bin/qtg_lang.php'); // this create $arrLang
      $arrLangDir = QTarrget($arrLang,2);
      unset($arrLangDir[GetIso()]);
      foreach($arrLangDir as $str)
      {
      include(GetLang($str).'qtg_goodbad.php');
      if ( $oPost->CheckWording($voc) ) { $b=true; break; }
      }
    }
    if ( !$b ) $error=$L['E_language'];
  }

  // save value
  if ( empty($error) )
  { 

    $_SESSION['qtg_endedit'] = time()+300;

    $oPost->Update();

    // exit
    include('qtg_p_header.php');
    if ( $bAdm )
    {
    echo '<h2>',$L['Update_successfull'],'</h2><p><a id="exiturl" href="qtg_adm_msg.php?page=',$page,'">',$L['Messages'],'</a></p>';
    }
    else
    {
    echo '<h2>',$L['Message_send'],'</h2>',$qtg_back;
    }
    echo '
    <script type="text/javascript">
    <!--
    setTimeout(\'window.location=document.getElementById("exiturl").href\',3000);
    -->
    </script>
    ';
    include('qtg_p_footer.php');
    exit;
  }

}

// --------
// HTML START
// --------

include('qtg_p_header.php');
if ( $bAdm ) include('qtg_adm_menu.php');

echo '<div id="msg_add">
';

if ( !$bAdm) 
{
echo '<h2>',$pg_name,'</h2>
';
}

// Force all fields in admin edit mode, else check user and time

if ( $bAdm ) 
{
  $qtg_use_age=true;
  $qtg_use_from=true;
  $qtg_use_from_type=0;
  $qtg_use_email=true;
  $qtg_bbc_bold=true ;
  $qtg_bbc_italic=true;
  $qtg_bbc_underline=true;
  $qtg_bbc_url=true;
}
else
{
  // CHECK USER AND TIME
  if ($_SERVER['REMOTE_ADDR']!=$oPost->ip)
  {
  echo 'This is not your message...<br/>'.$qtg_back;
  include('qtg_p_footer.php');
  exit;
  }
  if ( !isset($_SESSION['qtg_beginedit']) || !isset($_SESSION['qtg_endedit']) )
  {
  echo 'Out of time...<br/>',$qtg_back;
  include('qtg_p_footer.php');
  exit;
  }
  if ( time()+0>$_SESSION['qtg_endedit'] )
  {
  echo 'Out of time...<br/>',$qtg_back;
  include('qtg_p_footer.php');
  exit;
  }
}

if ( !empty($qtg_gkey) )
{
  if ( $oPost->x==0 && $oPost->y==0 )
  {
  $x = QTgetx($qtg_gcenter);
  $y = QTgety($qtg_gcenter);
  }
  else
  {
  $x = $oPost->x;
  $y = $oPost->y;
  $oMapPoint = new cMapPoint($y,$x,QTconv($oPost->name,'-3'),'',false);
  if ( isset($qtg_gsymbol) ) $oMapPoint->icon = $qtg_gsymbol;
  if ( isset($qtg_gshadow) ) $oMapPoint->shadow = $qtg_gshadow;
  if ( isset($qtg_gprinticon) ) $oMapPoint->printicon = $qtg_gprinticon;
  if ( isset($qtg_gprintshadow) ) $oMapPoint->printshadow = $qtg_gprintshadow;
  $arrExtData[$id] = $oMapPoint;
  }
}

if ( !empty($error) ) echo '<p class="error" style="text-align:center">',$error,'</p>';
$formaction = Href('qtg_msg_edit.php');
include ('qtg_form_msg.php');

// --------
// HTML END
// --------

if ( !empty($qtg_gkey) )
{ 

$strFooterAddScript = QTgmapscript($qtg_gkey).'
<script type="text/javascript">
<!--
'.QTgmappoints(false,$y,$x,'drag',$arrExtData).'
mapload();
-->
</script>
';

}

if ( !$bAdm) echo $qtg_back;

echo '</div>';
include('qtg_p_footer.php');

?>
100% Free PHP Newsletter Script! Download now!
Return current item: Quick Guestbook