|
Feedback
/*
+-------------------------------------------------------------------+
| G U E S T B O O K (v1.12) |
| |
| Copyright Gerd Tentler www.gerd-tentler.de/tools |
| Created: Jun. 12, 2000 Last modified: Jan. 3, 2008 |
+-------------------------------------------------------------------+
| This program may be used and hosted free of charge by anyone for |
| personal purpose as long as this copyright notice remains intact. |
| |
| Obtain permission before selling the code for this program or |
| hosting this software on a commercial website or redistributing |
| this software over the Internet or in any other medium. In all |
| cases copyright must remain intact. |
+-------------------------------------------------------------------+
*/
//========================================================================================================
// Set variables, if they are not registered globally; needs PHP 4.1.0 or higher
//========================================================================================================
if(isset($_POST['create'])) $create = $_POST['create'];
if(isset($_REQUEST['start'])) $start = $_REQUEST['start'];
if(isset($_REQUEST['sign'])) $sign = $_REQUEST['sign'];
if(isset($_REQUEST['delete'])) $delete = $_REQUEST['delete'];
if(isset($_REQUEST['admin'])) $admin = $_REQUEST['admin'];
if(isset($_POST['tstamp'])) $tstamp = $_POST['tstamp'];
if(isset($_POST['gbID'])) $gbID = $_POST['gbID'];
if(isset($_POST['gbName'])) $gbName = $_POST['gbName'];
if(isset($_POST['gbEMail'])) $gbEMail = $_POST['gbEMail'];
if(isset($_POST['gbSubject'])) $gbSubject = $_POST['gbSubject'];
if(isset($_POST['gbText'])) $gbText = $_POST['gbText'];
if(isset($_POST['gbRating'])) $gbRating = $_POST['gbRating'];
if(isset($_POST['gbSignature'])) $gbSignature = $_POST['gbSignature'];
if(isset($_SERVER['PHP_SELF'])) $PHP_SELF = $_SERVER['PHP_SELF'];
if(isset($_SERVER['HTTP_HOST'])) $HTTP_HOST = $_SERVER['HTTP_HOST'];
if(isset($_SERVER['HTTP_USER_AGENT'])) $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
if(isset($_SERVER['HTTP_REFERER'])) $HTTP_REFERER = $_SERVER['HTTP_REFERER'];
//========================================================================================================
// Make sure that the following variables are integers, e.g. to avoid possible database problems
//========================================================================================================
$start = (int) $start;
$delete = (int) $delete;
//========================================================================================================
// Includes
//========================================================================================================
if($HTTP_HOST == 'localhost' || $HTTP_HOST == '127.0.0.1' || ereg('^192\.168\.0\.[0-9]+$', $HTTP_HOST)) {
include('config_local.inc.php');
}
else {
include('config_main.inc.php');
}
if(!isset($language)) $language = 'en';
include("languages/lang_$language.inc.php");
include('smilies.inc.php');
include('funclib.inc.php');
//========================================================================================================
// Set session variables (admin login and message ID); needs PHP 4.1.0 or higher
//========================================================================================================
if($admin && $admin == $adminPass) $_SESSION['gb_admin'] = $admin;
if(!$sign && $enableIDs && !$_SESSION['msgID']) {
srand((double) microtime() * 1000000);
$_SESSION['msgID'] = md5(uniqid(rand()));
}
//========================================================================================================
// Functions
//========================================================================================================
function buildNavigation($start, $records, $pageEntries, $nr = 1) {
$link = "$PHP_SELF?start=";
if($start < 0) $start = $records - ($records % $pageEntries);
if($start >= $records) $start -= $pageEntries;
$pageFrom = (int) ($start / $pageEntries / 10) * 10;
$pageTo = $pageFrom + 10;
if($pageTo > $records / $pageEntries) $pageTo = $records / $pageEntries;
if($start) {
?>
}
if($pageFrom >= 10) {
?>
|
}
else echo ' | ';
for($i = $pageFrom; $i < $pageTo; $i++) {
if($i == $start / $pageEntries) {
?>
echo $i + 1; ?> |
}
else {
?>
echo $i + 1; ?> |
}
}
if($pageTo < $records / $pageEntries) {
?>
}
if($start + $pageEntries < $records) {
?>
}
}
//========================================================================================================
// Main
//========================================================================================================
?>
if(db_open($db_server, $db_user, $db_pass, $db_name)) {
$error = '';
$valid_mail = '/[a-z0-9._-]+@[a-z0-9äöüÄÖÜ.-]+\.[a-z]{2,4}/i';
if(!mysql_query("SELECT 1 FROM $tbl_name LIMIT 1")) {
$table_exists = false;
if($create == 'yes') {
$sql = "CREATE TABLE $tbl_name ( " .
"$fld_id INT(10) NOT NULL auto_increment, " .
"$fld_timestamp VARCHAR(14) NOT NULL, " .
"$fld_name VARCHAR(50), " .
"$fld_email VARCHAR(75), " .
"$fld_subject VARCHAR(50) NOT NULL, " .
"$fld_text TEXT NOT NULL, " .
"$fld_rating INT(1) NOT NULL, " .
"$fld_ip VARCHAR(32), " .
"PRIMARY KEY ($fld_id))";
if(!mysql_query($sql)) echo ' ' . mysql_error() . ' ';
else $table_exists = true;
}
else if($create == 'no') echo 'Operation cancelled. ';
else {
echo '';
echo ' ';
}
}
else $table_exists = true;
if($table_exists) {
if($admin && $admin != $_SESSION['gb_admin']) $error = $msg['wrongPass'];
else if($_SESSION['gb_admin'] && $_SESSION['gb_admin'] == $adminPass && $delete) {
$sql = "DELETE FROM $tbl_name WHERE $fld_id='$delete'";
if(!mysql_query($sql)) $error = mysql_error();
}
else if($sign == 2) {
if(!$gbSubject || !$gbText || !$gbRating || empty($gbRating)) $error = $msg['required'];
else if(checkSpam($gbID, $tstamp, $gbName, $gbEMail, $gbSubject, $gbText, $gbSignature)) $error = $msg['noSpam'];
else {
if(!get_magic_quotes_gpc()) {
$gbName = addslashes($gbName);
$gbEMail = addslashes($gbEMail);
$gbSubject = addslashes($gbSubject);
$gbText = addslashes($gbText);
}
$timestamp = date('YmdHis', time() - 60 * 60);
$sql = "SELECT $fld_id FROM $tbl_name WHERE $fld_timestamp>$timestamp AND $fld_name='$gbName' ";
$sql .= "AND $fld_email='$gbEMail' AND $fld_subject='$gbSubject' AND $fld_text='$gbText' LIMIT 1";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0) {
$sign = 0;
$start = ($messageOrder == 'ASC') ? -1 : 0;
}
else {
$timestamp = date('YmdHis');
$ipaddr = getIP();
$sql = "INSERT INTO $tbl_name ($fld_id, $fld_timestamp, $fld_name, $fld_email, $fld_subject, $fld_text, $fld_rating, $fld_ip) ";
$sql .= "VALUES ('', '$timestamp', '$gbName', '$gbEMail', '$gbSubject', '$gbText', '$gbRating', '$ipaddr')";
//$dbcon = mysql_connect($db_server, $db_user, $db_pass);
//mysql_select_db($db_name, $dbcon)
$result = mysql_query($sql);
if(!$result) {
$error = mysql_error();
} else {
$sign = 0;
$start = ($messageOrder == 'ASC') ? -1 : 0;
//echo $sql." ";
if ($maxEntries > 0) {
$sql = "SELECT $fld_id FROM $tbl_name ORDER BY $fld_timestamp DESC LIMIT $maxEntries, 1";
if($result = mysql_query($sql)) {
if(mysql_num_rows($result)) {
if($id = mysql_result($result, $fld_id)) {
$sql = "DELETE FROM $tbl_name WHERE $fld_id<=$id";
if(!mysql_query($sql)) $error = mysql_error();
}
}
}
}
if(preg_match($valid_mail, $mailNotify)) {
$text = $msg['date'] . ": $timestamp\n";
$text .= $msg['name'] . ": $gbName\n";
$text .= $msg['eMail'] . ": $gbEMail\n\n";
$text .= "$gbSubject\n\n$gbText";
$headers = "Return-Path: <$mailNotify>\n";
$headers .= "From: $bookTitle <$mailNotify>\n";
$headers .= "X-Sender: <$mailNotify>\n";
$headers .= "X-Mailer: PHP " . phpversion();
@mail($mailNotify, $msg['new'], stripslashes($text), $headers);
}
}
}
}
}
if($error) {
?>
echo $error; ?>
}
if($sign) {
if(get_magic_quotes_gpc()) {
$gbName = stripslashes($gbName);
$gbEMail = stripslashes($gbEMail);
$gbSubject = stripslashes($gbSubject);
$gbText = stripslashes($gbText);
}
$gbName = str_replace('"', '"', $gbName);
$gbEMail = str_replace('"', '"', $gbEMail);
$gbSubject = str_replace('"', '"', $gbSubject);
$gbText = str_replace('"', '"', $gbText);
?>
|
Support our free software by clicking ads below. - THANK YOU -
|
|
|
 |