$val){ $_GET[$key] = strip_tags($val); $_REQUEST[$key] = strip_tags($val); } $ptsfr = dirname(__FILE__)."/"; $dat = $ptsfr."data.dat"; $template = $ptsfr."template.inc.php"; $log = $ptsfr."log.dat.php"; setlocale(LC_TIME, $datelang); //CAPTCHA session settings to pass to 'captcha.php' $_SESSION['captcha_case'] = $captcha_case; $_SESSION['captcha_symbol'] = $captcha_symbol; $_SESSION['captcha_shapes'] = $captcha_shapes; $_SESSION['captcha_width'] = $fieldlength; $me = $_SERVER['PHP_SELF']; $empty = false; $now = time(); $version = "1.55"; if (!isset($_GET['hash']) || $_GET['hash']=="") { srand($now); for ($i=0; $i<16 ; $i++) $secret.=chr(rand(60, 127)); $secret = md5($secret); $hash = md5($_SERVER['HTTP_USER_AGENT'].$now.$secret); }else $hash = $_GET['hash']; $getvars = "?hash=$hash"; if (isset($_REQUEST['do'])) $do = $_REQUEST['do']; if (isset($_REQUEST['id'])) $id = $_REQUEST['id']; if (isset($_REQUEST['action'])) $action = $_REQUEST['action']; if (isset($_REQUEST['name'])) $name = $_REQUEST['name']; if (isset($_REQUEST['pwd'])) $pwd = $_REQUEST['pwd']; if (isset($_REQUEST['email'])) $email = $_REQUEST['email']; if (isset($_REQUEST['www'])) $www = $_REQUEST['www']; if (isset($_REQUEST['msg'])) $msg = $_REQUEST['msg']; if (isset($_REQUEST['time'])) $time = $_REQUEST['time']; if (isset($_REQUEST['keyword'])) $keyword = $_REQUEST['keyword']; if (isset($_SESSION['submitCmd'])) $submitCmd = $_SESSION['submitCmd']; else { $submitCmd = substr($hash, 0, 10); $_SESSION['submitCmd'] = $submitCmd; } // ************************** functions *********************** // ************************************************************ class mdasort { var $data; var $sortkeys; function _sortcmp($a, $b, $i=0) { $r = strnatcmp($a[$this->sortkeys[$i][0]],$b[$this->sortkeys[$i][0]]); if ($this->sortkeys[$i][1] == "DESC") $r = $r * -1; if($r==0) { $i++; if ($this->sortkeys[$i]) $r = $this->_sortcmp($a, $b, $i); } return $r; } function msort() { if(count($this->sortkeys)) { usort($this->data,array($this,"_sortcmp")); } } } function getkey($index, $stuff){ foreach ($stuff->data as $key => $item){ if ($item['id']==$index){ $ret = $key; break; } } return $ret; } function validemail($addr){ return eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $addr); } function clearoldadmins() { global $log, $now, $adminexpire; include($log); if (count($admins)>0){ $i=0; $fp = fopen($log, "w"); fputs($fp, ""); fclose($fp); } } function saveposts($stuff){ global $dat; $fp = fopen($dat, "w"); foreach ($stuff->data as $post){ $line = $post['id']."|".$post['time']."|".$post['name']."|".$post['email']."|".$post['www']."|".$post['post']."\n"; fputs($fp, $line); } fclose($fp); } function isloggedin() { global $log, $now, $adminexpire; include($log); $logged = false; if (count($admins)>0){ foreach ($admins as $line){ if ($line['hash'] == md5($_GET['hash'])) $logged = true; } } return $logged; } function showmenu() { global $txtsign, $txtview, $txtadmin, $txtlogout, $me, $getvars, $submitCmd; if (!isloggedin()) $login = "$txtadmin"; else $login = "$txtlogout"; echo "
$txtsign $txtview$login

"; } function emailencoder ($str){ for ($i=0; $i< strlen($str); $i++){ $n = rand(0,10); if ($n>5) $foo.="&#".ord($str[$i]).";"; else $foo.="&#x".sprintf("%X", ord($str[$i])).";"; } return $foo; } function getTemplate($tpl, $html){ $match="/<\!\-\-$tpl\-\->(.*?)<\!\-\-$tpl\-\->/s"; preg_match($match, $html, $tmp); return $tmp[1]; } if (!function_exists('str_ireplace')){ function str_ireplace ($search, $replace, $subject, $count = null){ if (is_string($search) && is_array($replace)) { trigger_error('Array to string conversion', E_USER_NOTICE); $replace = (string) $replace; } if (!is_array($search)) { $search = array ($search); } if (!is_array($replace)){ $replace_string = $replace; $replace = array (); for ($i = 0, $c = count($search); $i < $c; $i++){ $replace[$i] = $replace_string; } } $length_replace = count($replace); $length_search = count($search); if ($length_replace < $length_search){ for ($i = $length_replace; $i < $length_search; $i++){ $replace[$i] = ''; } } $was_array = false; if (!is_array($subject)) { $was_array = true; $subject = array ($subject); } // Loop through each subject $count = 0; foreach ($subject as $subject_key => $subject_value){ foreach ($search as $search_key => $search_value){ $segments = explode(strtolower($search_value), strtolower($subject_value)); $count += count($segments) - 1; $pos = 0; foreach ($segments as $segment_key => $segment_value){ $segments[$segment_key] = substr($subject_value, $pos, strlen($segment_value)); $pos += strlen($segment_value) + strlen($search_value); } $subject_value = implode($replace[$search_key], $segments); } $result[$subject_key] = $subject_value; } if ($was_array === true) { return $result[0]; } return $result; } } function paging( $pages, $pagevar = "page", $ppv = 10, $first = "««« ", $firsts = "««« ", $prev = "««  ", $prevs = "««  ", $num = "{page}", $nums = "{page}", $sep = " | ", $more = "[...]", $next = "  »»", $nexts = "  »»", $last = " »»»", $lasts = " »»»"){ // get URI parameters $getvars=$_SERVER['PHP_SELF']."?"; foreach ($_GET as $key => $val){ if ($key!=$pagevar){ if (isset($val) && $val!=""){ $getvars.="$key=$val&"; }else{ $getvars.="$key&"; } } } $page = (is_numeric($_GET[$pagevar])) ? $_GET[$pagevar] : 1; $page = ($page>$pages) ? $pages : $page; $prevpage = ($page>1) ? $page-1 : 1; $nextpage = ($page < $pages) ? $page+1 : $pages; $paging = ""; if ($pages>1){ // first $paging .= ($page>1) ? str_replace("{url}", "$getvars$pagevar=1", $first) : $firsts; // prev $paging .= ($page>1) ? str_replace("{url}", "$getvars$pagevar=$prevpage", $prev) : $prevs; // pages $ppvrange = ceil($page/$ppv); $start = ($ppvrange-1)*$ppv; $end = ($ppvrange-1)*$ppv+$ppv; $end = ($end>$pages) ? $pages : $end; $paging .= ($start>1) ? str_replace("{url}", "$getvars$pagevar=".($start-1), $more).$sep : ""; for ($i=1; $i<=$pages; $i++){ if ($i>$start && $i<= $end){ $paging .= ($page==$i) ? str_replace("{page}", $i, $nums).(($i<$end) ? $sep : "") : str_replace(array("{url}", "{page}"), array("$getvars$pagevar=$i", $i), $num).(($i<$end) ? $sep : ""); } } $paging .= ($end<$pages) ? $sep.str_replace("{url}", "$getvars$pagevar=".($end+1), $more) : "" ; // next $paging .= ($page<$pages) ? str_replace("{url}", "$getvars$pagevar=$nextpage", $next) : $nexts; // last $paging .= ($page<$pages) ? str_replace("{url}", "$getvars$pagevar=$pages", $last) : $lasts; } return $paging; } // ************************** MAIN **************************** // ************************************************************ // init $foo = file($dat); $stuff = new mdasort; $stuff->sortkeys = array(array('time','DESC')); if (count($foo) == 0){ $empty = true; $nextindex = 1; }else{ $i=0; foreach ($foo as $line){ $line = explode("|", rtrim($line)); $stuff->data[$i] = array("id" => $line[0], "time" => $line[1], "name" => $line[2], "email" => $line[3], "www" => $line[4], "post" => $line[5]); $i++; } $stuff->sortkeys = array(array('id','DESC')); $stuff->msort(); $foo = current($stuff->data); $nextindex = $foo['id']+1; $stuff->sortkeys = array(array('time','DESC')); $stuff->msort(); $numposts = count($stuff->data); } echo "\n\n\n\n"; echo "
"; clearoldadmins(); showmenu(); // admin stuff if ($do == "admin") { if ($action == "login"){ if ($name == $adminname && $pwd == $adminpwd){ include($log); $fp=fopen($log, "w"); fputs($fp, "0){ foreach ($admins as $line){ fputs($fp, "\$admins[$i]['time']=".$line[time]."; \$admins[$i]['hash']='".$line['hash']."';\n"); $i++; } } fputs($fp, "\$admins[$i]['time']=".$now."; \$admins[$i]['hash']='".md5($hash)."';\n?>"); fclose($fp); echo ""; } } if ($action == "delete" && isloggedin()){ $todel = getkey($id, $stuff); unset($stuff->data[$todel]); $stuff->msort(); saveposts($stuff); $do = "view"; }else{ // show admin login form echo "\n"; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
$txtlogincap

$txtlogin \n"; echo "\n"; echo "
$txtpassword \n"; echo "\n"; echo "
 \n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo "
\n"; } } // sign post if ($do == $submitCmd){ if ($action == "save"){ // check form fields $error = false; $saveit = false; if ($name == "") $error.="
» $txtbadname"; if ($email != ""){ if (!validemail($email)) $error.="
» $txtbademail"; } if ($msg == "") $error.="
» $txtbadmsg"; if (!isloggedin()){ //check the CAPTCHA if ($captcha === true){ if ($keyword == ""){ $error.="
» $txtmisscaptcha"; unset($_SESSION['captcha_hash']); } else { if ($captcha_case === true){ $keyword = strtolower($keyword); } $keyword_hash = md5($keyword); if ($keyword_hash != $_SESSION['captcha_hash']) $error.="
» $txtbadcaptcha"; $keyword = ""; $keyword_hash = ""; unset($_SESSION['captcha_hash']); } } if ($msgfilter != ""){ $needles = explode(",", $msgfilter); foreach ($needles as $needle){ if (strpos(strtolower($msg), $needle) !== false){ $error.="
» $txtmsgfiltermatch -( $needle )-"; break; } } } if (($wordcount === true) && (!isloggedin())){ $words = explode(" ", $msg); $word_total = count($words); if ($word_total > $maxwords){ $error.="
» $txtwordcounterror"; } } if (($charactercount === true) && (!isloggedin())){ $character_total = strlen($msg); if ($character_total > $maxchars){ $error.="
» $txtcharcounterror"; } } } if ($error === false){ if ($id == "new"){ $index = $numposts; $id = $nextindex; $time = $now; $saveit = true; }else if (isloggedin() && is_numeric($id)){ $index = getkey($id, $stuff); $saveit = true; } if ($saveit){ $stuff->data[$index]['id'] = $id; $stuff->data[$index]['time'] = $time; $stuff->data[$index]['name'] = htmlentities(strip_tags($name), ENT_QUOTES); $stuff->data[$index]['email'] = strip_tags($email); if ($www!="http://") $stuff->data[$index]['www'] = strip_tags($www); else $stuff->data[$index]['www'] = ""; if (isloggedin()){ $stuff->data[$index]['post'] = str_replace(array("\r", "\n"), array("", "
"), $msg); }else{ $stuff->data[$index]['post'] = str_replace(array("\r", "\n"), array("", "
"), htmlentities(strip_tags($msg), ENT_QUOTES)); } saveposts($stuff); $stuff->msort(); $empty = false; } //email notification function if (($emailnotify === true) && (!isloggedin()) && ($email_subject != "") && ($email_to != "")){ if ($email != ""){ $email_from = strip_tags($email); } $email_header = "From: $email_from\n"; $email_header.= "BB22: bb22.org\n"; $email_header.= "mich@k8m.de\r\n"; $match = array("{name}", "{time}", "{guestbook}", "{post}"); $replace_text = array(stripslashes(strip_tags($name)), strftime($dateformat, $time), $guestbook, str_replace("\r", "", stripslashes(strip_tags($msg)))); $replace_HTML = array(stripslashes(strip_tags($name)), strftime($dateformat, $time), $guestbook, str_replace(array("\r", "\n"), array("", "
"), stripslashes(strip_tags($msg)))); if ($emailHTML === true){ $mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x"; $email_header.= "Content-Type: multipart/alternative;\n"; $email_header.= " boundary=\"{$mime_boundary}\"\r\n"; $templates = implode("", file($template)); $tpl_plaintext = getTemplate("EMAIL_PLAINTEXT", $templates); $tpl_HTML = getTemplate("EMAIL_HTML", $templates); $email_body = "This is a multi-part message in MIME format.\n\n"; $email_body.= "--{$mime_boundary}\n"; $email_body.= "Content-Type: text/plain; charset=\"iso-8859-1\"\n"; $email_body.= "Content-Transfer-Encoding: 7bit\n"; $email_body.= str_replace($match, $replace_text, $tpl_plaintext)."\n\n"; $email_body.= "--{$mime_boundary}\n"; $email_body.= "Content-Type: text/html; charset=\"iso-8859-1\"\n"; $email_body.= "Content-Transfer-Encoding: 7bit\n"; $email_body.= str_replace($match, $replace_HTML, $tpl_HTML)."\n\n"; $email_body.= "--{$mime_boundary}--"; }else{ $email_header.= "Content-Type: text/plain; charset=ISO-8859-1"; $email_header.= "Content-Transfer-Encoding: 7bit\n"; $templates = implode("", file($template)); $tpl_plaintext = getTemplate("EMAIL_PLAINTEXT", $templates); $email_body = str_replace($match, $replace_text, $tpl_plaintext); } mail($email_to, $email_subject, $email_body, $email_header); } $submitCmd = ""; unset($_SESSION['submitCmd']); echo ""; die(); }else{ $errortxt = "

$txterrors$error

"; $name = htmlentities(stripslashes($name), ENT_QUOTES); $msg = htmlentities(stripslashes($msg), ENT_QUOTES); } // end 'on save' }elseif ($action == "edit" && isloggedin()){ $post = $stuff->data[getkey($id, $stuff)]; $name = stripslashes(html_entity_decode($post['name'], ENT_NOQUOTES)); $email = $post['email']; $www = $post['www']; $msg = stripslashes(str_replace("
", "\n", html_entity_decode($post['post'], ENT_QUOTES))); $time = $post['time']; $errortxt = ""; }else{ $name = ""; $email = ""; $www = ""; $msg = ""; $time = "notset"; $id = "new"; $errortxt = ""; } echo "$errortxt"; // start outputting the sign form echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; // CAPTCHA stuff if (($captcha === true) && (!isloggedin())){ echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; if ($captcha_case === false){ echo "\n"; echo "\n"; echo "\n"; echo "\n"; } } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
$txtname\n"; echo "\n"; echo "
$txtmessage\n"; echo "\n"; // word/character counters if (($charactercount === true) || ($wordcount === true)){ echo "
\n"; echo "$worddiv\n"; echo "$characterdiv\n"; } echo "
 
$txtcaptcha*\n"; echo "\n"; echo "
 $txtcaptchacase
 $txtmandatory
 \n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo "
\n"; // END show sign form } // display posts if ($do == "view" || !isset($do)){ if (!$empty){ $templates = implode("", file($template)); $tpl_sig = getTemplate("SIGNATURES", $templates); $i = 1; $from = (is_numeric($_GET['page'])) ? (($_GET['page']-1)*$ppp)+1 : 1; foreach($stuff->data as $post){ if ($post['id'] != 0 && $i>=$from && $i< ($from+$ppp) ){ if ($badwords != ""){ $badwords = explode(",", $badwords); $post['post'] = str_ireplace($badwords, "****", $post['post']); } if ($wrap!==false) $post['post'] = wordwrap($post['post'], $wrap, " ", 1); $post['name'] = stripslashes($post['name']); $match = array("{name}", "{time}", "{website}", "{post}", "{edit}", "{delete}"); if (isloggedin()) $replace = array( ($post['email']!="") ? "".$post['name']."" : $post['name'], strftime($dateformat, $post['time']), ($post['www']!="") ? "Website" : "", stripslashes($post['post']), "$txtedit", "$txtdelete" ); else $replace = array( ($post['email']!="") ? "".$post['name']."" : $post['name'], strftime($dateformat, $post['time']), ($post['www']!="") ? "Website" : "", stripslashes($post['post']), "", "" ); $html .= str_replace($match, $replace, $tpl_sig); } $i++; } echo $html; $numpages = (fmod($numposts,$ppp)>0) ? floor($numposts/$ppp)+1 : ($numposts/$ppp); echo "
"; echo paging($numpages); echo "

"; } } echo "

"; echo "
"; echo "\n\n\n\n"; ?>