// ********************************************************************************************************************************************************************
// ** DO NOT MAKE CHANGES BELOW HERE UNLESS YOU KNOW WHAT YOU'RE DOING! ***********************************************************************************************
// ********************************************************************************************************************************************************************
// xxs preventing
foreach ($_GET as $key => $val){
$_GET[$key] = strip_tags($val);
$_REQUEST[$key] = strip_tags($val);
}
$ptsfr = dirname(__FILE__)."/";
$dat = $ptsfr."data.dat";
$template = $ptsfr."template.inc.php";
$log = $ptsfr."log.dat.php";
setlocale(LC_TIME, $datelang);
//CAPTCHA session settings to pass to 'captcha.php'
$_SESSION['captcha_case'] = $captcha_case;
$_SESSION['captcha_symbol'] = $captcha_symbol;
$_SESSION['captcha_shapes'] = $captcha_shapes;
$_SESSION['captcha_width'] = $fieldlength;
$me = $_SERVER['PHP_SELF'];
$empty = false;
$now = time();
$version = "1.55";
if (!isset($_GET['hash']) || $_GET['hash']=="") {
srand($now);
for ($i=0; $i<16 ; $i++) $secret.=chr(rand(60, 127));
$secret = md5($secret);
$hash = md5($_SERVER['HTTP_USER_AGENT'].$now.$secret);
}else $hash = $_GET['hash'];
$getvars = "?hash=$hash";
if (isset($_REQUEST['do'])) $do = $_REQUEST['do'];
if (isset($_REQUEST['id'])) $id = $_REQUEST['id'];
if (isset($_REQUEST['action'])) $action = $_REQUEST['action'];
if (isset($_REQUEST['name'])) $name = $_REQUEST['name'];
if (isset($_REQUEST['pwd'])) $pwd = $_REQUEST['pwd'];
if (isset($_REQUEST['email'])) $email = $_REQUEST['email'];
if (isset($_REQUEST['www'])) $www = $_REQUEST['www'];
if (isset($_REQUEST['msg'])) $msg = $_REQUEST['msg'];
if (isset($_REQUEST['time'])) $time = $_REQUEST['time'];
if (isset($_REQUEST['keyword'])) $keyword = $_REQUEST['keyword'];
if (isset($_SESSION['submitCmd']))
$submitCmd = $_SESSION['submitCmd'];
else {
$submitCmd = substr($hash, 0, 10);
$_SESSION['submitCmd'] = $submitCmd;
}
// ************************** functions ***********************
// ************************************************************
class mdasort {
var $data;
var $sortkeys;
function _sortcmp($a, $b, $i=0) {
$r = strnatcmp($a[$this->sortkeys[$i][0]],$b[$this->sortkeys[$i][0]]);
if ($this->sortkeys[$i][1] == "DESC") $r = $r * -1;
if($r==0) {
$i++;
if ($this->sortkeys[$i]) $r = $this->_sortcmp($a, $b, $i);
}
return $r;
}
function msort() {
if(count($this->sortkeys)) {
usort($this->data,array($this,"_sortcmp"));
}
}
}
function getkey($index, $stuff){
foreach ($stuff->data as $key => $item){
if ($item['id']==$index){
$ret = $key;
break;
}
}
return $ret;
}
function validemail($addr){
return eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $addr);
}
function clearoldadmins() {
global $log, $now, $adminexpire;
include($log);
if (count($admins)>0){
$i=0;
$fp = fopen($log, "w");
fputs($fp, "\n");
foreach ($admins as $line){
if ($now-$line['time']<$adminexpire)
fputs($fp, "\$admins[$i]['time']=".$line[time]."; \$admins[$i]['hash']='".$line['hash']."';\n");
$i++;
}
fputs($fp, "?>");
fclose($fp);
}
}
function saveposts($stuff){
global $dat;
$fp = fopen($dat, "w");
foreach ($stuff->data as $post){
$line = $post['id']."|".$post['time']."|".$post['name']."|".$post['email']."|".$post['www']."|".$post['post']."\n";
fputs($fp, $line);
}
fclose($fp);
}
function isloggedin() {
global $log, $now, $adminexpire;
include($log);
$logged = false;
if (count($admins)>0){
foreach ($admins as $line){
if ($line['hash'] == md5($_GET['hash'])) $logged = true;
}
}
return $logged;
}
function showmenu() {
global $txtsign, $txtview, $txtadmin, $txtlogout, $me, $getvars, $submitCmd;
if (!isloggedin()) $login = "$txtadmin";
else $login = "$txtlogout";
echo "
";
clearoldadmins();
showmenu();
// admin stuff
if ($do == "admin") {
if ($action == "login"){
if ($name == $adminname && $pwd == $adminpwd){
include($log);
$fp=fopen($log, "w");
fputs($fp, "\n");
$i=0;
if (count($admins)>0){
foreach ($admins as $line){
fputs($fp, "\$admins[$i]['time']=".$line[time]."; \$admins[$i]['hash']='".$line['hash']."';\n");
$i++;
}
}
fputs($fp, "\$admins[$i]['time']=".$now."; \$admins[$i]['hash']='".md5($hash)."';\n?>");
fclose($fp);
echo "
";
}
}
if ($action == "delete" && isloggedin()){
$todel = getkey($id, $stuff);
unset($stuff->data[$todel]);
$stuff->msort();
saveposts($stuff);
$do = "view";
}else{
// show admin login form
echo "\n";
echo "
\n";
}
}
// sign post
if ($do == $submitCmd){
if ($action == "save"){
// check form fields
$error = false;
$saveit = false;
if ($name == "") $error.="
» $txtbadname";
if ($email != ""){ if (!validemail($email)) $error.="
» $txtbademail"; }
if ($msg == "") $error.="
» $txtbadmsg";
if (!isloggedin()){
//check the CAPTCHA
if ($captcha === true){
if ($keyword == ""){
$error.="
» $txtmisscaptcha";
unset($_SESSION['captcha_hash']);
} else {
if ($captcha_case === true){
$keyword = strtolower($keyword);
}
$keyword_hash = md5($keyword);
if ($keyword_hash != $_SESSION['captcha_hash']) $error.="
» $txtbadcaptcha";
$keyword = "";
$keyword_hash = "";
unset($_SESSION['captcha_hash']);
}
}
if ($msgfilter != ""){
$needles = explode(",", $msgfilter);
foreach ($needles as $needle){
if (strpos(strtolower($msg), $needle) !== false){
$error.="
» $txtmsgfiltermatch -(
$needle )-";
break;
}
}
}
if (($wordcount === true) && (!isloggedin())){
$words = explode(" ", $msg);
$word_total = count($words);
if ($word_total > $maxwords){
$error.="
» $txtwordcounterror";
}
}
if (($charactercount === true) && (!isloggedin())){
$character_total = strlen($msg);
if ($character_total > $maxchars){
$error.="
» $txtcharcounterror";
}
}
}
if ($error === false){
if ($id == "new"){
$index = $numposts;
$id = $nextindex;
$time = $now;
$saveit = true;
}else if (isloggedin() && is_numeric($id)){
$index = getkey($id, $stuff);
$saveit = true;
}
if ($saveit){
$stuff->data[$index]['id'] = $id;
$stuff->data[$index]['time'] = $time;
$stuff->data[$index]['name'] = htmlentities(strip_tags($name), ENT_QUOTES);
$stuff->data[$index]['email'] = strip_tags($email);
if ($www!="http://") $stuff->data[$index]['www'] = strip_tags($www);
else $stuff->data[$index]['www'] = "";
if (isloggedin()){
$stuff->data[$index]['post'] = str_replace(array("\r", "\n"), array("", "
"), $msg);
}else{
$stuff->data[$index]['post'] = str_replace(array("\r", "\n"), array("", "
"), htmlentities(strip_tags($msg), ENT_QUOTES));
}
saveposts($stuff);
$stuff->msort();
$empty = false;
}
//email notification function
if (($emailnotify === true) && (!isloggedin()) && ($email_subject != "") && ($email_to != "")){
if ($email != ""){
$email_from = strip_tags($email);
}
$email_header = "From: $email_from\n";
$email_header.= "BB22: bb22.org\n";
$email_header.= "mich@k8m.de\r\n";
$match = array("{name}", "{time}", "{guestbook}", "{post}");
$replace_text = array(stripslashes(strip_tags($name)), strftime($dateformat, $time), $guestbook, str_replace("\r", "", stripslashes(strip_tags($msg))));
$replace_HTML = array(stripslashes(strip_tags($name)), strftime($dateformat, $time), $guestbook, str_replace(array("\r", "\n"), array("", "
"), stripslashes(strip_tags($msg))));
if ($emailHTML === true){
$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
$email_header.= "Content-Type: multipart/alternative;\n";
$email_header.= " boundary=\"{$mime_boundary}\"\r\n";
$templates = implode("", file($template));
$tpl_plaintext = getTemplate("EMAIL_PLAINTEXT", $templates);
$tpl_HTML = getTemplate("EMAIL_HTML", $templates);
$email_body = "This is a multi-part message in MIME format.\n\n";
$email_body.= "--{$mime_boundary}\n";
$email_body.= "Content-Type: text/plain; charset=\"iso-8859-1\"\n";
$email_body.= "Content-Transfer-Encoding: 7bit\n";
$email_body.= str_replace($match, $replace_text, $tpl_plaintext)."\n\n";
$email_body.= "--{$mime_boundary}\n";
$email_body.= "Content-Type: text/html; charset=\"iso-8859-1\"\n";
$email_body.= "Content-Transfer-Encoding: 7bit\n";
$email_body.= str_replace($match, $replace_HTML, $tpl_HTML)."\n\n";
$email_body.= "--{$mime_boundary}--";
}else{
$email_header.= "Content-Type: text/plain; charset=ISO-8859-1";
$email_header.= "Content-Transfer-Encoding: 7bit\n";
$templates = implode("", file($template));
$tpl_plaintext = getTemplate("EMAIL_PLAINTEXT", $templates);
$email_body = str_replace($match, $replace_text, $tpl_plaintext);
}
mail($email_to, $email_subject, $email_body, $email_header);
}
$submitCmd = "";
unset($_SESSION['submitCmd']);
echo "
";
die();
}else{
$errortxt = "
$txterrors$error
";
$name = htmlentities(stripslashes($name), ENT_QUOTES);
$msg = htmlentities(stripslashes($msg), ENT_QUOTES);
}
// end 'on save'
}elseif ($action == "edit" && isloggedin()){
$post = $stuff->data[getkey($id, $stuff)];
$name = stripslashes(html_entity_decode($post['name'], ENT_NOQUOTES));
$email = $post['email'];
$www = $post['www'];
$msg = stripslashes(str_replace("
", "\n", html_entity_decode($post['post'], ENT_QUOTES)));
$time = $post['time'];
$errortxt = "";
}else{
$name = "";
$email = "";
$www = "";
$msg = "";
$time = "notset";
$id = "new";
$errortxt = "";
}
echo "$errortxt";
// start outputting the sign form
echo "
\n";
// END show sign form
}
// display posts
if ($do == "view" || !isset($do)){
if (!$empty){
$templates = implode("", file($template));
$tpl_sig = getTemplate("SIGNATURES", $templates);
$i = 1;
$from = (is_numeric($_GET['page'])) ? (($_GET['page']-1)*$ppp)+1 : 1;
foreach($stuff->data as $post){
if ($post['id'] != 0 && $i>=$from && $i< ($from+$ppp) ){
if ($badwords != ""){
$badwords = explode(",", $badwords);
$post['post'] = str_ireplace($badwords, "****", $post['post']);
}
if ($wrap!==false) $post['post'] = wordwrap($post['post'], $wrap, " ", 1);
$post['name'] = stripslashes($post['name']);
$match = array("{name}", "{time}", "{website}", "{post}", "{edit}", "{delete}");
if (isloggedin())
$replace = array( ($post['email']!="") ? "
".$post['name']."" : $post['name'], strftime($dateformat, $post['time']), ($post['www']!="") ? "
Website" : "", stripslashes($post['post']), "
$txtedit", "
$txtdelete" );
else
$replace = array( ($post['email']!="") ? "
".$post['name']."" : $post['name'], strftime($dateformat, $post['time']), ($post['www']!="") ? "
Website" : "", stripslashes($post['post']), "", "" );
$html .= str_replace($match, $replace, $tpl_sig);
}
$i++;
}
echo $html;
$numpages = (fmod($numposts,$ppp)>0) ? floor($numposts/$ppp)+1 : ($numposts/$ppp);
echo "
";
echo paging($numpages);
echo "
";
}
}
echo "
";
echo "
";
echo "\n\n\n\n";
?>