Location: PHPKode > scripts > Flatfile Guestbook > guestbook/guestbook.php
<?php
$adminpassword = 'admin';

error_reporting(E_ALL ^ E_NOTICE);
$ipbans = array();
if((isset($_GET['admin']) && $_GET['admin'] == 1) || isset($_POST['admin']) && $_POST['admin'] == 1)
{
	if(!isset($_GET['adminpass']) && !isset($_POST['adminpass']))
	{
		echo 'Please enter the admin password.';
		echo '<form action="guestbook.php" method="get">
<input type="password" name="adminpass"/>
<input type="hidden" name="admin" value="1"/>
<input type="submit" value="Continue" />
</form>
</body>
</html>';
	}
	elseif($_GET['adminpass'] == $adminpassword || $_POST['adminpass'] == $adminpassword)
	{
		$data = unserialize(file_get_contents('data.txt'));
		$data = array_reverse($data);
		if(isset($_POST['edit']) && isset($_POST['message']))
		{
			$data[$_POST['edit']]['message'] = $_POST['message'];
			file_put_contents('data.txt', serialize($data));
			header("Location: guestbook.php?admin=1&adminpass={$_POST['adminpass']}");
		}
		elseif(isset($_GET['edit']))
		{
			echo '<strong>Editing comment id '.$_GET['edit'].'
<form action="guestbook.php" method="POST">
<textarea name="message" rows="6" cols="38">
'.$data[$_GET['edit']]['message'].'
</textarea>
<input type="hidden" name="edit" value="'.$_GET['edit'].'"/>
<input type="hidden" name="admin" value="1"/>
<input type="hidden" name="adminpass" value="'.$_GET['adminpass'].'"/>
<input type="submit" value="Submit"/>
</form>
<br/>
<br/>';
		}
		elseif(isset($_GET['delete']))
		{
			unset($data[$_GET['delete']]);
			file_put_contents('data.txt', serialize(array_reverse($data)));
			header("Location: guestbook.php?admin=1&adminpass={$_GET['adminpass']}");
		}
		elseif(isset($_GET['banuser']))
		{
			$bannedusers = unserialize(file_get_contents('userbans.txt'));	
			if(!isset($bannedusers))
				$bannedusers = array();
			array_push($bannedusers, $_GET['banuser']);
			file_put_contents('userbans.txt', serialize($bannedusers));
		}
		elseif(isset($_GET['banip']))
		{
			$bannedips = unserialize(file_get_contents('ipbans.txt'));
			array_push($bannedips, $_GET['banip']);
			file_put_contents('ipbans.txt', serialize($bannedips));
		}
		echo '<strong>Moderate Comments</strong>
<table width="100%">';
		$c = 0;
		for($i = 0; $i < count($data); $i++)
		{
		
			$date = date("F j, Y, g:i a", $data[$i]['date']);
			$user = htmlspecialchars(stripslashes($data[$i]['user']));
			$message = htmlspecialchars(stripslashes($data[$i]['message']));
			$ip = $data[$i]['ip'];
			if(isset($data[$i]['website']) && !empty($data[$i]['website']))
			{
				$website = htmlspecialchars(stripslashes($data[$i]['website']));
				$user = "<a href=\"$website\">$user</a>";
			}
			if($c == 0)
			{
				$c1 = '#CCCCEE';
				$c2 = '#DDDDDD';
				$c = 1;
			}
			else
			{
				$c1 = '#DDDDFF';
				$c2 = '#EEEEEE';
			}
			if($data[$i]['user'] != '11jds83jd7')
			{
				echo"<tr><td width=\"200\" valign=\"top\" style=\"background-color: $c1\"><strong>$user</strong><br/>IP: $ip<br/>$date</td><td valign=\"top\" style=\"background-color: $c2\">$message</td><td style=\"background-color: $c2\"><a href=\"guestbook.php?admin=1&adminpass={$_GET['adminpass']}&edit=$i\">Edit</a><br><a href=\"guestbook.php?admin=1&adminpass={$_GET['adminpass']}&delete=$i\">Delete</a></tr>\n";
			}
		};
		if(count($data) == 0)
		{
			echo '<tr><td colspan="2"><strong>There are no posts to display.</strong><br/><br/></td></tr>';
		}
		echo '</table>';
		?>
<br/>
<strong>Ban Username</strong>
<form action="guestbook.php" method="GET">
<input type="text" name="banuser" />
<input type="hidden" name="admin" value="1"/>
<input type="hidden" name="adminpass" value="<?php echo $_GET['adminpass']; ?>"/>
<input type="submit" value="Submit" />
</form>
<strong>Ban IP Address</strong>
<form action="guestbook.php" method="GET">
<input type="text" name="banip" />
<input type="hidden" name="admin" value="1"/>
<input type="hidden" name="adminpass" value="<?php echo $_GET['adminpass']; ?>"/>
<input type="submit" value="Submit" />
</form>
		<?php
	}
	exit;
}
if(isset($_POST['username']) && isset($_POST['message']) && !empty($_POST['username']) && !empty($_POST['message']))
{
	$bannedusers = unserialize(file_get_contents('userbans.txt'));
	$bannedips = unserialize(file_get_contents('ipbans.txt'));
	if(in_array($_POST['username'], $bannedusers))
		echo 'Your username has been banned by the administrator.<br/><br/>';
	if(in_array($_SERVER['REMOTE_ADDR'], $bannedips))
		echo 'Your IP has been banned by the administrator.<br/><br/>';
	elseif($_POST['1'] + $_POST['2'] != $_POST['check'])
		echo('You answered the security question incorrectly.');
	else
	{
		$data = unserialize(file_get_contents('data.txt'));
		array_push($data, array('user' => $_POST['username'], 'date' => time(), 'message' => $_POST['message'], 'website' => $_POST['website'], 'ip' => $_SERVER['REMOTE_ADDR']));
		file_put_contents('data.txt', serialize($data));
	}

}
?>
<html>
<head>
<title>My Guestbook</title>
<style type="text/css">

body {
	font-family: Verdana, Arial, sans-serif;
}
th {
	background-color: #BBBBDD;
	background-image:url('images/top_gradient.png');
}
table  {
	border-collapse: collapse;
	background-color: #EEEEEE;
	border-color: black;
	font-size: 10px;
	font-family: Verdana, Arial, sans-serif;
}
input {
	font-size: 10px;
	border: 1px solid black;
	color: black;
	background-color: #AAAAAA;
}
textarea {
	font-size: 10px;
	font-family: Verdana, Arial, sans-serif;
	border: 1px solid black;
	color: black;
	background-color: #AAAAAA;
}
</style>
</head>
<body>
<table width="100%" class="table" border="1">
<tr><th colspan="2" style="text-align: center; font-size: larger;"><strong>My Guestbook</strong></td></tr>
<?php
$data = unserialize(file_get_contents('data.txt'));
$data = array_reverse($data);
$c = 0;
for($i = 0; $i < count($data); $i++)
{
	$date = date("F j, Y, g:i a", $data[$i]['date']);
	$user = htmlspecialchars(stripslashes($data[$i]['user']));
	$message = htmlspecialchars(stripslashes($data[$i]['message']));
	if(isset($data[$i]['website']) && !empty($data[$i]['website']))
	{
		$website = htmlspecialchars(stripslashes($data[$i]['website']));
		$user = "<a href=\"$website\">$user</a>";
	}
	if($c == 0)
	{
		$c1 = '#BBBBBB';
		$c2 = '#DDDDDD';
		$c = 1;
	}
	else
	{
		$c1 = 'CCCCCC';
		$c2 = '#EEEEEE';
		$c = 0;
	}
	if($data[$i]['user'] != '11jds83jd7')
	{
		echo"<tr><td width=\"300\" valign=\"top\" style=\"background-color: $c1\"><strong>$user</strong><br/>$date</td><td valign=\"top\" style=\"background-color: $c2\">$message</td></tr>";
	}
}
if(count($data) == 0)
{
	echo '<tr><td colspan="2"><strong>There are no posts to display.</strong><br/><br/></td></tr>';
}
$n1 = rand(0, 10);
$n2 = rand(0, 10);
?>
<tr>
<td colspan="2">
<form action="guestbook.php" method="post">
<strong>Sign my guestbook:</strong>
<table cellpadding="3">
<tr><td>Username</td><td><input type="text" size="40" name="username"/></td></tr>
<tr><td>Security Question</td><td><?php echo ''.$n1.' plus '.$n2.' = <input type="text" name="check" size="2" maxlength="2" />?'; ?><br></td></tr>
<tr><td>Website (optional)</td><td><input type="text" size="40" name="website"/></tr>
<tr><td>Message</td><td><textarea rows="6" cols="38" name="message"></textarea></tr>
<tr><td>Submit</td><td><input type="hidden" name="1" value="<?php echo $n1; ?>" /><input type="hidden" name="2" value="<?php echo $n2; ?>" /><input type="submit" value="Post Message"/></tr>
</form>
</td>
</tr>
<tr><td></td><td><span style="font-size:x-small">Guestbook made by <a href="http://buildism.net">Buildism</a></span></td></tr>
</table>
</body>
</html>
Return current item: Flatfile Guestbook