Be sure writing is allowed in this directory."; $langPassChanged = "The password has been changed."; $langPassError = "The new passwords don't match !"; $langPassword = "Change Password"; $langRetype = "Retype new Password :"; $langSubmit = "Send Message"; $langSubmitModif = "Submit Modifications"; $langSystemError = "System Error"; $langSystemMessage = "System Message"; $langWrongPassword = "Wrong Admin Password"; $langSPAMalert = "The Guestbook has been permanently closed"; $SPAMtext = "http"; $SPAMtext2 = "href"; $SPAMtext3 = ".com"; $SPAMtext4 = "work"; //****************************************************************************** // carbonCopy = 1 enables mail sending to mailRecipient. // mailRecipient receives a mail each times an entry is entered (if carbonCopy = 1) // mailSubject is the subject of the mail which is sent. $carbonCopy = 0; $mailRecipient = "wedding@xephalon.net"; $mailSubject = "New Guestbook Entry"; //****************************************************************************** // Basic Color Scheme $colorDrkGrn = "\"#354615\""; $colorBeige = "\"#fbfae3\""; $colorMdGrn = "\"#86A54A\""; $colorLtGrn = "\"#ecf0cb\""; $colorPink = "\"#f5a5a5\""; // Data submission form colors $formHeadColor = $colorBeige; $formBodyColor = $colorBeige; $formTailColor = $colorBeige; $formHeadText = $colorDrkGrn; $formBodyText = $colorDrkGrn; // Guestbook entries colors $entryHeadColor = $colorLtGrn; $entryBodyColor1 = $colorBeige; $entryBodyColor2 = $colorBeige; $entryHeadText = $colorMdGrn; $entryBodyText1 = $colorDrkGrn; $entryBodyText2 = $colorMdGrn; // Messages colors $adminHeadColor = $colorLtGrn; $adminHeadText = $colorMdGrn; $adminBodyColor1 = $colorBeige; $adminBodyText1 = $colorDrkGrn; $adminBodyColor2 = $colorBeige; $adminBodyText2 = $colorDrkGrn; //****************************************************************************** function displayHeader() { // You migh use and include instead of all this : // include ("head.inc"); include ("guestbook.header.inc"); } function displayFooter() { include ("guestbook.footer.inc"); } //****************************************************************************** // Number of fields to be displayed simultaneously. // To display everything, set $displayStep to 0. $displayStep = 20; //****************************************************************************** // Allows autolink $allowAutoLink=1; //****************************************************************************** // $absoluteScriptPath is the name of the current script (this file) and which is going to // be modified by itself. This means that (theoretically) this file can be // placed anywhere on the system, with any fileName. $absoluteScriptPath = $_SERVER["PATH_TRANSLATED"]; $relativeScriptPath = $_SERVER["PHP_SELF"]; $refererpage = $_SERVER["HTTP_REFERER"]; // when the php preprocessor is installed as an independant binary (as CGI). if ($_SERVER["PATH_INFO"]!="") { $relativeScriptPath = $_SERVER["PATH_INFO"]; } // to be used when $PHP_SELF contains virtual directory reference // (for multi-users servers, eg : free.fr, online.fr ...) if (($_SERVER["SERVER_NAME"]=="php.proxad.net")||(($_SERVER["SERVER_NAME"]=="php3.pro.proxad.net"))) { $relativeScriptPath = substr($relativeScriptPath, strpos(substr($relativeScriptPath, 1), "/")+1); } $theName=substr($absoluteScriptPath, 0, strrpos($absoluteScriptPath, ".")); $extension=substr($absoluteScriptPath, strrpos($absoluteScriptPath, ".")+1); // The dataFile contains all the guestbook entries, and $adminpassword . // $adminpassword is the password which will be asked for any administration // actions. This password could be changed only if in admin mode (old // $adminpassword matches $admin). // Defines the name of the database file where the entries are stored. $dataFile = "guestbook.dat"; //****************************************************************************** // function displayForm : Display the form which enables the client to type a // message. function displayForm() { global $relativeScriptPath; $borderThickness = 0; global $formHeadColor; global $formBodyColor; global $formTailColor; global $formHeadText; global $formBodyText; global $langName; global $langEmail; global $langMessage; global $langSubmit; // Writing HTML Code echo ("\n"); echo ("\n"); echo ("\n"); } //****************************************************************************** // function displayMessage displays the $errorMessage error message. function displayMessage($errorMessage,$msgType) { global $adminHeadColor; global $adminHeadText; global $adminBodyColor1; global $adminBodyText1; global $adminBodyColor2; global $adminBodyText2; global $langAdminError; global $langSystemError; global $langSystemMessage; global $langBsGuestbook; global $langSPAMalert; displayHeader(); echo ("

"); echo ("

"); echo (" $langBsGuestbook
"); echo ("

"); if ($msgType=="1") // Admin Message echo (" $langAdminError"); if ($msgType=="2") // System Error echo (" $langSystemError"); if ($msgType=="3") // System Message echo (" $langSystemMessage"); if ($msgType=="4") // SPAM alert echo (" $langSPAMalert"); echo (""); echo ("

"); echo (""); echo ("
$errorMessage

"); echo ("

\n"); echo ("

"); displayFooter(); exit; } //****************************************************************************** // function standardizeText filters ambiguous chains in $str function standardizeStoredText($str) { $str = str_replace("\\'", "'", $str); $str = str_replace("\\\"", "\"", $str); $str = htmlspecialchars($str); $str = str_replace("\n", "
", $str); $str = str_replace("$", "$", $str); return $str; } function standardizeDisplayedText($str) { return $str; } function standardizeAdminText($str) { return $str; } function seekHttp($rawText) { $pattern = array( "/http:\/\/((\w|\.|\?|\%|=|\/|-|~|#)*)/", "/mailto:((\w|\.|@|-)*)/"); $replacement = array( "http://\\1", "\\1"); $hyperLinkedText=preg_replace($pattern, $replacement, $rawText); return $hyperLinkedText; } //****************************************************************************** // function Xfopen : opens a file $fileName and locks it function Xfopen($fileName, $openMode, $sharing) { global $langOpenError; $fp=@fopen($fileName, $openMode); if (!$fp) { displayMessage($langOpenError,2); } if ($sharing==true) { $op=1; } else { $op=2; } if (!@flock($fp,$op)) { @flock($fp,3); displayMessage("flock timeout",2); } return $fp; } //****************************************************************************** // function Xfclose : unlocks the file $fp and closes it function Xfclose($fp) { @flock($fp,3); @fclose($fp); } //****************************************************************************** // function fullDisplay function fullDisplay() { global $displayStep,$displayBegin, $maxDisplay ; global $entryHeadColor,$entryHeadText, $entryBodyColor1,$entryBodyText1, $entryBodyColor2,$entryBodyText2 ; global $relativeScriptPath; global $index; global $archive_mail, $archive_name, $archive_text, $archive_date; global $allowAutoLink; global $SPAMtext, $SPAMtext2, $SPAMtext3, $SPAMtext4; // Checks if $displayBegin is not too large (Thanks to Ahmet Sabri ALPER ) if ($displayBegin>$maxDisplay) { $displayBegin=$maxDisplay-$displayStep+1; } displayHeader(); // Displays the entry form to enable the client to type a message. displayForm(); if ($index==0) { displayFooter(); return; } echo ("

\n"); // Message arrays are displayed here : echo "\n"; // Displaying all the entries. if ($displayStep==0) { $displayBegin=1; $displayStep=$index; } if ($displayBegin==1) { $startAt=$index % $displayStep; if ($startAt==0) $startAt=$displayStep; } else { $startAt=$displayBegin+$displayStep-1; } for ($msgNumber=$startAt ; $msgNumber>=$displayBegin ; $msgNumber--) { echo (""); echo (""); echo (""); echo ("

"); echo (""); if ($archive_mail[$msgNumber]!="") { echo ("".standardizeDisplayedText($archive_name[$msgNumber]).""); } else { echo (standardizeDisplayedText($archive_name[$msgNumber])); } echo (""); echo ("

"); echo (""); if ($allowAutoLink==1) echo ("".seekHttp(standardizeDisplayedText($archive_text[$msgNumber])).""); else echo ("".standardizeDisplayedText($archive_text[$msgNumber]).""); echo ("

"); echo ("$archive_date[$msgNumber]

\n"); } echo ("

\n"); echo (""); for($i=1;$i<=$index;$i=$nextEnd+1) { $nextBegin = $i; if ($i==1) { $nextEnd=$index % $displayStep; if ($nextEnd==0) $nextEnd=$displayStep; } else $nextEnd = $i+$displayStep-1; if ($displayBegin==$nextBegin && $nextEnd!=$nextBegin) echo ("[$nextBegin-$nextEnd]\n"); else if ($displayBegin==$nextBegin && $nextEnd==$nextBegin) echo ("[$nextBegin]\n"); else if ($nextEnd==$nextBegin) echo ("[$nextBegin]\n"); else echo ("[$nextBegin-$nextEnd]\n"); } echo "\n"; displayFooter(); } //****************************************************************************** function readData($resetBegin) { global $adminpassword; global $index; global $dataFile; global $archive_mail, $archive_name, $archive_text, $archive_date; global $displayBegin, $displayStep, $maxDisplay; // Includes automatically filled data arrays : $index = 0; $fout=Xfopen($dataFile, "r", true); include($dataFile); Xfclose($fout); // From now, $index will indicate the number of data entries. // Beginning of the data to be displayed, default = 1 if (!isset($displayBegin)) $displayBegin=""; if ($displayBegin=="" || $resetBegin==1) { $displayBegin = $index-$displayStep+1; if ($displayBegin<=0) $displayBegin=1; } // Sets the maximum that $displayBegin can reach $maxDisplay = $index; } //****************************************************************************** // If the Datafile does not exist, creates it. if (!file_exists(${dataFile})) { $fout = Xfopen($dataFile, "w+", false); fputs($fout, ""); Xfclose ($fout); } // $admin could be set via Admin-Form by POST or via URL by GET $admin=$HTTP_POST_VARS["admin"]; if (!isset($admin)) $admin=$HTTP_GET_VARS["admin"]; else // assign POST-variables from Admin-Form { $newPassword1=$HTTP_POST_VARS["newPassword1"]; $newPassword2=$HTTP_POST_VARS["newPassword2"]; $command=$HTTP_POST_VARS["command"]; $index=$HTTP_POST_VARS["index"]; } if (!isset($admin)) { // assing variables from Guestbook-From $name=$HTTP_POST_VARS["name"]; $email=$HTTP_POST_VARS["email"]; $message=$HTTP_POST_VARS["message"]; if (!isset($name)) { $name=""; $message=""; } if ($name=="" || $message=="") { /**************************************************************************************** * Use Case no 1-A * * * * This case is encountered when a client simply wants to add a message to the * * guestbook. (Every variable is empty); * ************************************************************************************/ readData(0); fullDisplay(); exit; } if (substr_count($message, $SPAMtext)>=1 || substr_count($message, $SPAMtext2)>=1 || substr_count($message, $SPAMtext3)>=1 || substr_count($message, $SPAMtext4)>=1 || strlen($message)>0) { /**************************************************************************************** * SPAM FILTER / CLOSE GUESTBOOK * * * * This case is encountered when message contains SPAMtext or if message length exceeds * * 0 characters, closing the guestbook permanently * ************************************************************************************/ displayMessage("$langSPAMalert",1); readData(0); fullDisplay(); exit; } else { /******************************************************************************** * Use Case no 1-B * * * * Case is encountered when a client has just filled in the appropriate fields * * (name, mail, message). * * $name = "Some Name" * * $email = "Some@Email" * * $message = "Some Message" * * Simply add message in the top of all previous messages. * ********************************************************************************/ $position = filesize($dataFile); $fout = Xfopen($dataFile, "r+", false); fseek($fout,$position-2); $insert_msgdate = date( "M d, Y - h:i:s A" ); $name=standardizeStoredText($name); $email=standardizeStoredText($email); $message=standardizeStoredText($message); fputs ($fout,"\$archive_name[++\$index] = \"$name\";\n"); fputs ($fout,"\$archive_mail[ \$index] = \"$email\";\n"); fputs ($fout,"\$archive_date[ \$index] = \"$insert_msgdate\";\n"); fputs ($fout,"\$archive_text[ \$index] = \"$message\";\n"); fputs ($fout,"\n?>"); Xfclose($fout); // Sending a mail to $mailRecipient if $carbonCopy=1, with the subject $mailSubject. if ($carbonCopy==1) { $message = str_replace("
", "\n", $message); $mailBody = "From: $name <$email>\n$insert_msgdate\n\n$message"; mail($mailRecipient,$mailSubject,$mailBody,"From: $email\nReply-to: $name <$email>"); } if (strpos($refererpage, "?")==false) $page=$refererpage; else $page=substr($refererpage, 0, strpos($refererpage, "?")); header("Location: $page?"); exit; } } else { readData(0); if ($admin==$adminpassword) { if ($command=="") { displayHeader(); /************************************************************************ * Use Case no 2-A * * * * Admin mode (The administrator can modify password, fields, or remove * * messages). * * $admin = $adminpassword * * Shows a password modification form. * * Shows all messages and enables to modify/delete them. * ************************************************************************/ // Display the form which enables the admin to change his password echo ("\n"); echo("

\n"); // Message arrays are displayed here in forms in order to modify them : echo ("\n"); echo (""); displayFooter(); exit; } else if ($command=="passwd") { // Use Case no 2-B // Admin mode (The administrator is modifying his password.). // $admin = $adminpassword // $newPassword1 = "New Password 1" // $newPassword2 = "New Password 2" // Check if $newPassword1 matches $newPassword2 // Set the $adminpassword line to : // $adminpassword = "$newPassword1" in the dataFile if($newPassword1!=$newPassword2) { // The passwords doesn't match displayMessage("$langPassError",1); } else { // Rewrites the whole Datafile with the new password, and all the entries. $fout = Xfopen($dataFile, "w", false); fputs ($fout,""); Xfclose($fout); displayMessage("$langPassChanged",3); exit; } } else if ($command=="modify") { /******************************************************************************** * Use Case no 2-C * * * * Admin mode (The administrator is updating entries). * * $admin = $adminpassword * * $nameXXX = "Modified name (no XXX)" * * $emailXXX = "Modified email (no XXX)" * * $messageXXX = "Modified message (no XXX)" * * $keep = "on" or "" * * Check if $admin matches $adminpassword. * * Rewrites ALL the fields except when $keepXXX = "" * * Rewrites the whole Datafile with the new password, and all the entries. * ********************************************************************************/ $fout = Xfopen($dataFile, "w", false); fputs ($fout,""); Xfclose($fout); if (strpos($refererpage, "?")==false) $page=$refererpage; else $page=substr($refererpage, 0, strpos($refererpage, "?")); header("Location: $page?"); exit; } } else { /************************************************ * Use Case no 2-Z * * * * If $admin does NOT match $adminpassword. * * $admin != $adminpassword * * Error message : "Wrong Admin Password" * ************************************************/ displayMessage("$langWrongPassword",1); } } ?>

$langName		$langEmail
\n"); echo ("$langMessage \n"); echo ("\n"); echo ("
\n"); echo (""); echo ("

"); echo ("\n"); echo (" $langPassword.
"); echo (" $langnewPassword	"); echo ("
"); echo (" $langRetype	"); echo ("
\n"); echo ("\n"); echo ("\n"); echo ("

\n"); echo (" "); echo ("$langEntry #$msgNumber.

".standardizeAdminText($str)); echo ("