[ Index ] |
PHP Cross Reference of phpwcms V1.4.3 _r380 (23.11.09) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2009 Oliver Georgi (oliver@phpwcms.de) // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // session_name('hashID'); 24 session_start(); 25 $phpwcms = array(); 26 $ref = $_SESSION['REFERER_URL']; 27 28 29 require_once ('../../config/phpwcms/conf.inc.php'); 30 require_once ('../inc_lib/default.inc.php'); 31 require_once (PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php'); 32 33 require_once (PHPWCMS_ROOT.'/include/inc_lib/general.inc.php'); 34 checkLogin(); 35 require_once (PHPWCMS_ROOT.'/include/inc_lib/backend.functions.inc.php'); 36 37 if(isset($_GET['del']) && intval($_GET['del'])) { 38 39 $sql = "UPDATE ".DB_PREPEND."phpwcms_guestbook SET "; 40 $sql .= "guestbook_trashed=9 WHERE guestbook_cid="; 41 $sql .= intval($_GET['cid'])." AND guestbook_id=".intval($_GET['del']); 42 $sql .= " LIMIT 1;"; 43 mysql_query($sql, $db); 44 45 } 46 47 if(isset($_GET['edit']) && intval($_GET['edit'])) { 48 49 $gberror = ''; 50 51 if(isset($_POST['gbsubmit'])) { 52 $gbemail = clean_slweg(remove_unsecure_rptags($_POST['gbemail'])); 53 $gbname = clean_slweg(remove_unsecure_rptags($_POST['gbname'])); 54 $gburl = clean_slweg(remove_unsecure_rptags($_POST['gburl'])); 55 $gbmsg = clean_slweg(remove_unsecure_rptags($_POST['gbmsg'])); 56 $gbshow = intval($_POST['gbshow']); 57 if($gbshow > 2) $gbshow = 0; 58 $gbid = intval($_POST['gbid']); 59 $gbcid = intval($_POST['gbcid']); 60 61 if(!$gbemail || !$gbname) { 62 $gberror = 'Old values recovered - no changes made'; 63 } 64 65 if(!$gberror) { 66 67 $sql = "UPDATE ".DB_PREPEND."phpwcms_guestbook SET "; 68 $sql .= "guestbook_msg='".aporeplace($gbmsg)."', "; 69 $sql .= "guestbook_name='".aporeplace($gbname)."', "; 70 $sql .= "guestbook_email='".aporeplace($gbemail)."', "; 71 $sql .= "guestbook_url='".aporeplace($gburl)."', "; 72 $sql .= "guestbook_show='".$gbshow."' WHERE "; 73 $sql .= "guestbook_cid='".$gbcid."' AND guestbook_id='".$gbid."' LIMIT 1;"; 74 mysql_query($sql, $db); 75 } 76 } 77 78 $edit_ID = ' AND guestbook_id='.intval($_GET['edit']); 79 } else { 80 $edit_ID = ''; 81 } 82 83 ?> 84 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 85 <html xmlns="http://www.w3.org/1999/xhtml"> 86 <head> 87 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 88 <title>phpwcms Backend Guestbook</title> 89 <style type="text/css"> 90 <!-- 91 body,td,th { 92 font-family: Verdana, Arial, Helvetica, sans-serif; 93 font-size: 10px; 94 color: #000000; 95 } 96 body { 97 background-color: #F3F4F5; 98 margin-left: 3px; 99 margin-top: 3px; 100 margin-right: 3px; 101 margin-bottom: 3px; 102 width: 417px; 103 } 104 a { 105 font-family: Verdana, Arial, Helvetica, sans-serif; 106 font-size: 10px; 107 color: #000000; 108 } 109 a:visited { 110 color: #000000; 111 } 112 a:active { 113 color: #000000; 114 } 115 td { 116 padding-left: 4px; 117 padding-right: 4px; 118 padding-top: 2px; 119 padding-bottom: 2px; 120 } 121 122 input, textarea { 123 font-family: Verdana, Arial, Helvetica, sans-serif; 124 font-size: 12px; 125 } 126 --> 127 </style></head> 128 129 <body> 130 <table width="100%" border="0" cellpadding="2" cellspacing="0" summary=""> 131 <?php 132 133 134 $sql = "SELECT * FROM ".DB_PREPEND."phpwcms_guestbook WHERE guestbook_cid="; 135 $sql .= intval($_GET['cid']).$edit_ID." AND guestbook_trashed=0 ORDER BY guestbook_created DESC;"; 136 $c = 0; 137 if($result = mysql_query($sql, $db)) { 138 139 if(!$edit_ID) { 140 while($row = mysql_fetch_assoc($result)) { 141 142 143 ?> 144 <tr bgcolor="#E7E8EB"> 145 <td><strong><?php echo date('Y-m-d H:i', intval($row['guestbook_created'])).' | IP: <a href="http://www.dnsstuff.com/tools/ptr.ch?ip='.$row['guestbook_ip'].'" target="_blank">'.$row['guestbook_ip'].'</a> | <a href="http://www.dnsstuff.com/tools/whois.ch?ip='.$row['guestbook_ip'].'" target="_blank">WHOIS</a>' ?></strong></td> 146 <td align="right"><a href="act_guestbook.php?<?php echo 'cid='.$row['guestbook_cid'].'&edit='.$row['guestbook_id'] ?>" target="_self"><img src="../../img/button/edit_22x13.gif" width="22" height="13" border="0" alt="edit guestbook entry" /></a><img src="../../img/leer.gif" alt="" width="2" height="1" /><a href="act_guestbook.php?<?php echo 'cid='.$row['guestbook_cid'].'&del='.$row['guestbook_id'] ?>" target="_self" onclick="return confirm('Do you really want to \ndelete this guestbook entry?');"><img src="../../img/button/trash_13x13_1.gif" alt="delete entry" width="13" height="13" border="0" /></a></td> 147 </tr> 148 <tr> 149 <td colspan="2"><?php 150 151 echo htmlspecialchars($row['guestbook_name']); 152 echo ', '; 153 echo '<a href="mailto:'.htmlspecialchars($row['guestbook_email']); 154 echo '">'.htmlspecialchars($row['guestbook_email']).'</a>'; 155 if($row['guestbook_url']) { 156 echo ' (<a href="'.htmlspecialchars($row['guestbook_url']).'" target="_blank" title="'.htmlspecialchars($row['guestbook_url']).'">URL</a>)'; 157 } 158 if($row['guestbook_msg']) { 159 echo '<br />'.nl2br(htmlspecialchars($row['guestbook_msg'])); 160 } 161 162 ?></td> 163 </tr> 164 <tr> 165 <td colspan="2"><img src="../../img/leer.gif" alt="" width="1" height="1" /></td> 166 </tr> 167 <?php 168 $c++; 169 } 170 171 } else { 172 173 while($row = mysql_fetch_assoc($result)) { 174 ?> 175 <tr bgcolor="#E7E8EB"> 176 <td>[<a href="act_guestbook.php?cid=<?php echo $row['guestbook_cid'] ?>" target="_self">close</a>]<br /><img src="../../img/leer.gif" alt="" width="1" height="2" /></td> 177 <td><strong><?php echo date('Y-m-d H:i', intval($row['guestbook_created'])).' | IP: <a href="http://www.dnsstuff.com/tools/ptr.ch?ip='.$row['guestbook_ip'].'" target="_blank">'.$row['guestbook_ip'].'</a> | <a href="http://www.dnsstuff.com/tools/whois.ch?ip='.$row['guestbook_ip'].'" target="_blank">WHOIS</a>' ?></strong></td> 178 </tr> 179 <tr><td colspan="2"><img src="../../img/leer.gif" alt="" width="1" height="1" /></td></tr> 180 <?php 181 182 if($gberror) { 183 ?> <tr> 184 <td style="color:#FF3333;">error: </td> 185 <td><strong style="color:#FF3333;"><?php echo $gberror ?></strong></td> 186 </tr><?php 187 188 } 189 190 ?> 191 <form name="editguestbook" action="act_guestbook.php?<?php echo 'cid='.$row['guestbook_cid'].'&edit='.$row['guestbook_id'] ?>" target="_self" method="post"> 192 <tr> 193 <td>name: </td> 194 <td><input name="gbname" type="text" id="gbname" style="width:350px;" value="<?php echo htmlspecialchars($row['guestbook_name']) ?>" /></td> 195 </tr> 196 <tr> 197 <td>email: </td> 198 <td><input name="gbemail" type="text" id="gbemail" style="width:350px;" value="<?php echo htmlspecialchars($row['guestbook_email']) ?>" /></td> 199 </tr> 200 <tr> 201 <td>URL: </td> 202 <td><input name="gburl" type="text" id="gburl" style="width:350px;" value="<?php echo htmlspecialchars($row['guestbook_url']) ?>" /></td> 203 </tr> 204 <tr> 205 <td valign="top">msg:<img src="../../img/leer.gif" alt="" width="1" height="15" /> </td> 206 <td><textarea name="gbmsg" rows="10" id="gbmsg" style="width:350px;"><?php echo htmlspecialchars($row['guestbook_msg']) ?></textarea></td> 207 </tr> 208 <tr> 209 <td valign="top" class="v10">display:<img src="../../img/leer.gif" alt="" width="1" height="15" /> </td> 210 <td><input name="gbshow" type="radio" value="0"<?php is_checked(0, intval($row['guestbook_show']), 1); ?> /> 211 show email <input name="gbshow" type="radio" value="1"<?php is_checked(1, intval($row['guestbook_show']), 1); ?> />hide email<br /> 212 <input type="radio" name="gbshow" value="2"<?php is_checked(2, intval($row['guestbook_show']), 1); ?> />show email as "info at mail dot com"</td> 213 </tr> 214 <tr> 215 <td><img src="../../img/leer.gif" alt="" width="1" height="30" /><input name="gbcid" type="hidden" value="<?php echo intval($row['guestbook_cid']) ?>" /><input name="gbid" type="hidden" value="<?php echo intval($row['guestbook_id']) ?>" /></td> 216 <td valign="bottom"> 217 <input name="gbsubmit" type="submit" id="gbsubmit" value="submit changes" style="font-size:10px;" /> 218 <input name="gbcancel" type="button" id="gbcancel" value="close" style="font-size:10px;" onclick="location.href='act_guestbook.php?cid=<?php echo $row['guestbook_cid'] ?>';" /></td> 219 </tr> 220 </form> 221 <?php 222 $c++; 223 } 224 225 } 226 227 mysql_free_result($result); 228 } 229 230 // if no guestbook entry available 231 if(!$c) { 232 ?><tr> 233 <td colspan="2">No guestbook entry available</td> 234 </tr> 235 <?php 236 } 237 238 ?> 239 </table> 240 </body> 241 </html>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Dec 30 05:55:15 2009 | Cross-referenced by PHPXref 0.7 |