| [ Index ] |
PHP Cross Reference of phpwcms V1.4.3 _r380 (23.11.09) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2009 Oliver Georgi (oliver@phpwcms.de) // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // ---------------------------------------------------------------- 24 // obligate check for phpwcms constants 25 if (!defined('PHPWCMS_ROOT')) { 26 die("You Cannot Access This Script Directly, Have a Nice Day."); 27 } 28 // ---------------------------------------------------------------- 29 30 31 32 //guestbook/comments 33 34 // include neccessary frontend functions, but only once 35 include_once (PHPWCMS_ROOT.'/include/inc_front/content/cnt_functions/cnt18.func.inc.php'); 36 37 38 $CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]); 39 40 $guestbook = unserialize($crow["acontent_form"]); 41 $guestbook['error'] = array(); 42 43 44 if(!$guestbook['aliasID']) { 45 $guestbook['cid'] = $crow["acontent_id"]; 46 } else { 47 $guestbook['cid'] = $guestbook['aliasID']; 48 } 49 $guestbook['cid'] = intval($guestbook['cid']); 50 51 $guestbook['image_dir'] = PHPWCMS_ROOT.'/'.PHPWCMS_FILES.'guestbook_'.$guestbook['cid']; 52 53 // getting guestbook template 54 if(is_file(PHPWCMS_TEMPLATE.'inc_cntpart/guestbook/'.$guestbook['template'])) { 55 $guestbook['template'] = @file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/guestbook/'.$guestbook['template']); 56 } else { 57 $guestbook['template'] = @file_get_contents(PHPWCMS_TEMPLATE.'inc_default/guestbook.tmpl'); 58 } 59 60 61 // check 'visible' status 62 if(empty($guestbook['gb_login_show'])) { 63 $guestbook['visible'] = true; 64 } elseif(_getFeUserLoginStatus()) { 65 $guestbook['visible'] = true; 66 } else { 67 $guestbook['visible'] = false; 68 // get template replacement in case login necessary and user not logged in 69 $CNT_TMP .= get_tmpl_section('LOGIN_INFO', $guestbook['template']); 70 } 71 72 if($guestbook['visible']) { 73 74 // get guestbook sections 75 $guestbook['form'] = get_tmpl_section('FORM', $guestbook['template']); 76 $guestbook['signed'] = get_tmpl_section('FORM_SUCCESS', $guestbook['template']); 77 $guestbook['nav'] = get_tmpl_section('NAV', $guestbook['template']); 78 $guestbook['entry'] = get_tmpl_section('GUESTBOOK_ENTRY', $guestbook['template']); 79 $guestbook['list'] = get_tmpl_section('GUESTBOOK', $guestbook['template']); 80 $guestbook['ban'] = trim(get_tmpl_section('BAN', $guestbook['template']).' '.$guestbook['banned']); 81 $guestbook['replace'] = strip_tags(trim(get_tmpl_section('BAN_REPLACE', $guestbook['template']))); 82 $guestbook['ban_ip'] = trim(get_tmpl_section('BAN_IP', $guestbook['template'])); 83 $guestbook['comment'] = trim(get_tmpl_section('COMMENT', $guestbook['template'])); 84 $guestbook['comment'] = explode('|', $guestbook['comment']); 85 $guestbook['comment'][0] = trim($guestbook['comment'][0]); 86 $guestbook['comment'][1] = trim($guestbook['comment'][1]); 87 88 89 // processiong post values 90 if(isset($_POST['guestbook_send'])) { 91 92 $guestbook['post']['email'] = clean_slweg(remove_unsecure_rptags($_POST['guestbook_email'])); 93 $guestbook['post']['name'] = clean_slweg(remove_unsecure_rptags($_POST['guestbook_name'])); 94 $guestbook['post']['url'] = clean_slweg(remove_unsecure_rptags($_POST['guestbook_url'])); 95 $guestbook['post']['msg'] = clean_slweg(remove_unsecure_rptags($_POST['guestbook_msg'])); 96 $guestbook['post']['msg'] = preg_replace('/\[c\](.*?)\[\/c\]/is', "$1", $guestbook['post']['msg']); 97 $guestbook['post']['show'] = intval($_POST['guestbook_show']); 98 if($guestbook['post']['show'] > 2) { 99 $guestbook['post']['show'] = 0; 100 } 101 102 // email error 103 if(!is_valid_email($guestbook['post']['email'])) { 104 $guestbook['error']['email'] = 'Proof the email address: it is empty or false.'; 105 } 106 // name error 107 if(empty($guestbook['post']['name'])) { 108 $guestbook['error']['name'] = 'Don't forget to insert your name.'; 109 } 110 111 112 // banned stuff 113 $guestbook['ban_count'] = 0; 114 if($guestbook['ban']) { 115 116 $guestbook['ban'] = convertStringToArray($guestbook['ban'], ' '); 117 if(is_array($guestbook['ban']) && count($guestbook['ban'])) { 118 foreach($guestbook['ban'] as $key => $value) { 119 $value = preg_quote(trim($value)); 120 $guestbook['ban'][$key] = '/'.$value.'/i'; 121 $guestbook['ban_count']++; 122 } 123 } 124 125 if($guestbook['ban_count']) { 126 $guestbook['post']['msg'] = preg_replace($guestbook['ban'], $guestbook['replace'], $guestbook['post']['msg']); 127 } 128 129 } 130 131 // processing image upload 132 if(!empty($guestbook["image_upload"])) { 133 134 $guestbook['error']['image'] = array(); 135 136 // guestbook image 137 if(is_uploaded_file($_FILES['guestbook_image']['tmp_name']) && !$_FILES['guestbook_image']['error']) { 138 139 $guestbook['image']['info'] = @getimagesize($_FILES['guestbook_image']['tmp_name']); 140 141 if(is_array($guestbook['image']['info'])) { 142 143 // check if it is GIF, JPG or PNG 144 if($guestbook['image']['info'][2] == 1 || $guestbook['image']['info'][2] == 2 || $guestbook['image']['info'] == 3) { 145 146 $guestbook["max_image_filesize"] = return_bytes($guestbook["max_image_filesize"]); 147 if($_FILES['guestbook_image']['size'] > $guestbook["max_image_filesize"]) { 148 149 $guestbook['error']['image']['size'] = 'File size of uploaded image ('; 150 $guestbook['error']['image']['size'] .= return_bytes_shorten($_FILES['guestbook_image']['size']); 151 $guestbook['error']['image']['size'] .= ') is larger than allowed (max.'; 152 $guestbook['error']['image']['size'] .= return_bytes_shorten($guestbook["max_image_filesize"]); 153 $guestbook['error']['image']['size'] .= ').'; 154 155 } else { 156 157 $guestbook['image']['name'] = $_FILES['guestbook_image']['name']; 158 $guestbook['image']['hash'] = md5($_FILES['guestbook_image']['name'].$_FILES['guestbook_image']['size'].$guestbook['image']['info'][3]); 159 $guestbook['image']['file'] = $guestbook['image']['hash'].'.'; 160 switch($guestbook['image']['info'][2]) { 161 case 1: $guestbook['image']['file'] .= 'gif'; break; //GIF 162 case 2: $guestbook['image']['file'] .= 'jpg'; break; //JPG 163 case 3: $guestbook['image']['file'] .= 'png'; break; //PNG 164 } 165 166 // create neccessary guestbook image directory 167 if(!is_dir($guestbook['image_dir'])) { 168 $old_umask = umask(0); 169 $guestbook['owner'] = fileowner(PHPWCMS_ROOT.'/'.PHPWCMS_FILES); 170 @mkdir($guestbook['image_dir'], 0777); 171 @chmod($guestbook['image_dir'], 0777); 172 @chown($guestbook['image_dir'], intval($guestbook['owner'])); 173 umask($old_umask); 174 } 175 if(is_writable($guestbook['image_dir'])) { 176 177 if(!move_uploaded_file($_FILES['guestbook_image']['tmp_name'], $guestbook['image_dir'].'/'.$guestbook['image']['file'])) { 178 179 $guestbook['error']['image']['move'] = 'Image '.html_specialchars($guestbook['image']['name']).' could not be stored. Try again!'; 180 $guestbook['image']['name'] = ''; 181 $guestbook['image']['hash'] = ''; 182 $guestbook['image']['file'] = ''; 183 unlink($_FILES['guestbook_image']['tmp_name']); 184 185 } else { 186 187 chmod($guestbook['image_dir'].'/'.$guestbook['image']['file'], 0666); 188 189 } 190 191 } else { 192 193 $guestbook['error']['image']['writable'] = "Image directory is not writable. Send a notice to the webmaster of this site."; 194 195 } 196 197 } 198 199 } else { 200 201 $guestbook['error']['image']['format'] = "Proof image format: only JPG, GIF, PNG allowed."; 202 203 } 204 205 206 } else { 207 208 if($_FILES['guestbook_image']['error']) { 209 $guestbook['error']['image']['system'] = return_upload_errormsg($_FILES['guestbook_image']['error']); 210 } 211 $guestbook['error']['image']['general'] = "Proof uploaded image file (only JPG, GIF, PNG allowed)."; 212 213 } 214 215 } elseif(!empty($_POST['guestbook_hiddenfile'])) { //same file was just uploaded 216 217 $guestbook['hidden'] = unserialize(base64_decode($_POST['guestbook_hiddenfile'])); 218 219 $guestbook['image']['name'] = $guestbook['hidden']['name']; 220 $guestbook['image']['hash'] = $guestbook['hidden']['hash']; 221 $guestbook['image']['file'] = $guestbook['hidden']['file']; 222 if(!file_exists($guestbook['image_dir'].'/'.$guestbook['image']['file'])) { 223 224 $guestbook['image']['name'] = ''; 225 $guestbook['image']['hash'] = ''; 226 $guestbook['image']['file'] = ''; 227 228 } 229 } 230 231 $guestbook['image_error_count'] = count($guestbook['error']['image']); 232 233 if(!$guestbook['image_error_count'] && isset($guestbook['image']['file']) && file_exists($guestbook['image_dir'].'/'.$guestbook['image']['file'])) { 234 235 $guestbook['hidden'] = '<input type="hidden" name="guestbook_hiddenfile" value="'; 236 $guestbook['hidden'] .= base64_encode(serialize(array('name'=>$guestbook['image']['name'], 'hash'=>$guestbook['image']['hash'], 'file'=>$guestbook['image']['file']))); 237 $guestbook['hidden'] .= '" />'; 238 239 } else { 240 241 $guestbook['hidden'] = ''; 242 243 } 244 245 if($guestbook['image_error_count']) { 246 247 $guestbook['error'] = array_merge($guestbook['error'], $guestbook['error']['image']); 248 249 } 250 251 unset($guestbook['error']['image']); 252 253 } 254 // end of image upload 255 256 257 } else { 258 259 if(_getFeUserLoginStatus() && isset($_SESSION[ session_id().'_userdata'])) { 260 $guestbook['post']['email'] = $_SESSION[ session_id().'_userdata']['email']; 261 $guestbook['post']['name'] = $_SESSION[ session_id().'_userdata']['login']; 262 $guestbook['post']['url'] = $_SESSION[ session_id().'_userdata']['url']; 263 } else { 264 $guestbook['post']['email'] = ''; 265 $guestbook['post']['name'] = ''; 266 $guestbook['post']['url'] = ''; 267 } 268 $guestbook['post']['msg'] = ''; 269 $guestbook['post']['show'] = 0; 270 } 271 272 // set data for image 273 if(empty($guestbook["image_upload"])) { 274 275 $guestbook['form'] = replace_tmpl_section('IMAGE_UPLOAD', $guestbook['form']); 276 277 } else { 278 279 $guestbook['imgdata'] = ''; 280 $guestbook['entry'] = preg_replace_callback('/{IMAGE:(.*)}/i', create_function('$matches', '$GLOBALS["guestbook"]["imgdata"]=$matches[1]; return "{IMAGE}";'), $guestbook['entry']); 281 $guestbook['imgdata'] = explode('x', strtolower($guestbook['imgdata'])); 282 283 // image width 284 $guestbook['imgdata'][0] = empty($guestbook['imgdata'][0]) ? '' : intval($guestbook['imgdata'][0]); 285 if(!$guestbook['imgdata'][0]) $guestbook['imgdata'][0] = ''; 286 // image height 287 $guestbook['imgdata'][1] = empty($guestbook['imgdata'][1]) ? '' : intval($guestbook['imgdata'][1]); 288 if(!$guestbook['imgdata'][1]) $guestbook['imgdata'][1] = ''; 289 // image zoom 290 $guestbook['imgdata'][2] = empty($guestbook['imgdata'][2]) ? 0 : 1; 291 292 } 293 294 $guestbook['readform'] = 0; 295 $guestbook['flooding'] = 0; 296 $guestbook['spamalert'] = ''; 297 298 // flooding check (cookie and time) 299 if(!empty($guestbook['cookie']) && !empty($guestbook['time'])) { 300 301 if(isset($_COOKIE['phpwcms_guestbook'.$guestbook['cid']])) { 302 303 if($_COOKIE['phpwcms_guestbook'.$guestbook['cid']]+$guestbook['time'] >= time()) { 304 $guestbook['flooding'] = 1; 305 $guestbook['readform'] = 1; 306 } 307 308 } 309 310 if(!$guestbook['flooding']) { 311 312 $guestbook['sql'] = "SELECT MAX(guestbook_created) FROM ".DB_PREPEND."phpwcms_guestbook WHERE "; 313 $guestbook['sql'] .= "guestbook_cid='".$guestbook['cid']."' AND "; 314 $guestbook['sql'] .= "guestbook_trashed != '9' AND "; 315 $guestbook['sql'] .= "guestbook_ip='".aporeplace(getRemoteIP())."' AND "; 316 $guestbook['sql'] .= "guestbook_useragent=MD5('".aporeplace($_SERVER['HTTP_USER_AGENT'])."')"; 317 318 if($guestbook['result'] = mysql_query($guestbook['sql'], $db)) { 319 if($guestbook['row'] = mysql_fetch_row($guestbook['result'])) { 320 if($guestbook['row'][0]+$guestbook['time'] >= time()) { 321 $guestbook['flooding'] = 1; 322 $guestbook['readform'] = 1; 323 } 324 } 325 mysql_free_result($guestbook['result']); 326 } 327 } 328 } 329 330 // Captcha check 331 if(empty($guestbook['captcha'])) { 332 333 $guestbook['form'] = replace_tmpl_section('CAPTCHA', $guestbook['form']); 334 335 } else { 336 337 $guestbook['captcha_maxchar'] = empty($guestbook['captcha_maxchar']) ? 5 : $guestbook['captcha_maxchar']; 338 $guestbook['form'] = str_replace('{CAPTCHA}', '<img src="img/captcha.php?regen=y&length='.$guestbook['captcha_maxchar'].'&'.time().'" alt="Captcha" border="0" id="gbCaptchaImage" />', $guestbook['form']); 339 340 } 341 342 if(isset($_POST['guestbook_email']) && !empty($guestbook['captcha'])) { 343 344 include_once (PHPWCMS_ROOT.'/include/inc_ext/SOLMETRA_FormValidator/SPAF_FormValidator.class.php'); 345 // instantiate the object 346 $spaf_obj = new SPAF_FormValidator(); 347 $guestbook['post']['captcha'] = isset($_POST['guestbook_captcha']) ? clean_slweg($_POST['guestbook_captcha']) : ''; 348 if ($spaf_obj->validRequest($guestbook['post']['captcha'])) { 349 // destroy successful code 350 $spaf_obj->destroy(); 351 } else { 352 $guestbook['error']['captcha'] = 'Fill in the correct captcha code. Proof it twice!'; 353 } 354 } 355 356 if(isset($_POST['guestbook_email']) && !$guestbook['flooding']) { 357 // make global spam check 358 if(!checkFormTrackingValue()) { 359 $guestbook['flooding'] = 1; 360 $guestbook['readform'] = 1; 361 $guestbook['spamalert'] = '<div class="spamFormAlert">Your IP '.getRemoteIP().' is not allowed to send form!</div>'; 362 } 363 } 364 365 // final guestbook form check and insert into db 366 if(isset($_POST['guestbook_email']) && !$guestbook['flooding']) { 367 368 // check URL and try to connect - if fails set to '' 369 if($guestbook['post']['url']) { 370 $guestbook['post']['url'] = preg_replace('/(mailto|http|https):{0,1}/i', '', $guestbook['post']['url']); 371 list($guestbook['post']['url']) = explode('?', $guestbook['post']['url'], 2); 372 $guestbook['post']['url'] = str_replace('//', '', trim($guestbook['post']['url'])); 373 if($content["guestbook"]["gb_urlcheck"] && @ini_get('allow_url_fopen')) { 374 if($guestbook['fp'] = @fopen('http://'.$guestbook['post']['url'], 'r')) { 375 @fclose($guestbook['fp']); 376 } 377 if(empty($guestbook['fp'])) { 378 $guestbook['error']['url'] = 'The given URL could not be verified.'; 379 } 380 } 381 } 382 383 if(!count($guestbook['error'])) { 384 385 $guestbook['sql'] = "INSERT INTO ".DB_PREPEND."phpwcms_guestbook SET "; 386 $guestbook['sql'] .= "guestbook_cid='".$guestbook['cid']."', "; 387 $guestbook['sql'] .= "guestbook_msg='".aporeplace($guestbook['post']['msg'])."', "; 388 $guestbook['sql'] .= "guestbook_name='".aporeplace($guestbook['post']['name'])."', "; 389 $guestbook['sql'] .= "guestbook_email='".aporeplace($guestbook['post']['email'])."', "; 390 $guestbook['sql'] .= "guestbook_created='".time()."', "; 391 $guestbook['sql'] .= "guestbook_url='".aporeplace($guestbook['post']['url'])."', "; 392 $guestbook['sql'] .= "guestbook_show='".$guestbook['post']['show']."', "; 393 $guestbook['sql'] .= "guestbook_ip='".aporeplace(getRemoteIP())."', "; 394 $guestbook['sql'] .= "guestbook_useragent=MD5('".aporeplace($_SERVER['HTTP_USER_AGENT'])."')"; 395 396 if(!empty($guestbook["image_upload"]) && !empty($guestbook['image']['file']) && !empty($guestbook['image']['name'])) { 397 398 $guestbook['sql'] .= ', '; 399 $guestbook['sql'] .= "guestbook_image='".aporeplace($guestbook['image']['file'])."', "; 400 $guestbook['sql'] .= "guestbook_imagename='".aporeplace($guestbook['image']['name'])."'"; 401 402 } 403 404 mysql_query($guestbook['sql'], $db); 405 if($guestbook['new_entry_id'] = mysql_insert_id($db)) { 406 $guestbook['readform'] = 1; 407 if($guestbook['cookie'] && $guestbook['time']) { 408 setcookie('phpwcms_guestbook'.$guestbook['cid'], time(), time()+intval($guestbook['time'])); 409 } 410 411 // check if notify email should be sent 412 if(!empty($guestbook['notify'])) { 413 414 //http://dev.phpwcms.org/x/ 415 //$guestbook['image_dir'].'/'.$guestbook['image']['file'] 416 $guestbook['notify'] = @file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/guestbook/notify_email.txt'); 417 if(!$guestbook['notify']) { 418 $guestbook['notify'] = 'New entry - please proof:'.LF.PHPWCMS_URL.'index.php?id='.implode(',', $aktion); 419 } 420 421 $guestbook['notify'] = str_replace( array( '{FE_URL}', '{BE_URL}', '{IP}', '{BROWSER}', '{DATE}', '{NAME}', 422 '{EMAIL}', '{URL}', '{MESSAGE}', '{IMG_NAME}', '{IMG_URL}' 423 ) 424 , 425 array( PHPWCMS_URL.'index.php?id='.implode(',', $aktion), 426 PHPWCMS_URL.'phpwcms.php?do=articles&p=2&s=1&aktion=2&id='.$aktion[1].'&acid='.$guestbook['cid'], 427 getRemoteIP(), $_SERVER['HTTP_USER_AGENT'], date('Y/m/d H:i:s'), 428 $guestbook['post']['name'], $guestbook['post']['email'], 429 $guestbook['post']['url'], $guestbook['post']['msg'], 430 empty($guestbook['image']['name']) ? '' : $guestbook['image']['name'], 431 empty($guestbook['image']['file']) ? '' : PHPWCMS_URL.PHPWCMS_FILES.'guestbook_'.$guestbook['cid'].'/'.$guestbook['image']['file'] 432 ) 433 , 434 $guestbook['notify']); 435 436 437 438 sendEmail( array( 439 'recipient' => $guestbook['notify_email'], 440 'subject' => 'New guestbook/comment entry', 441 'isHTML' => 0, 442 'text' => $guestbook['notify'], 443 'from' => $phpwcms["admin_email"], 444 'sender' => $phpwcms["admin_email"] 445 )); 446 447 } 448 449 $GLOBALS['_getVar']['guestbookentry'] = $guestbook['new_entry_id']; 450 // to avoid double Post 451 headerRedirect(PHPWCMS_URL.'index.php'.returnGlobalGET_QueryString()); 452 453 } else { 454 $guestbook['readform'] = 0; 455 $CNT_TMP .= '<div style="color:#FF3300;">A technical problem occured while signing to the guestbook</div>'; 456 } 457 } 458 459 460 } 461 462 // do this after new gb entry was created 463 if(isset($GLOBALS['_getVar']['guestbookentry'])) { 464 465 $guestbook['sql'] = 'SELECT * FROM '.DB_PREPEND.'phpwcms_guestbook '; 466 $guestbook['sql'] .= 'WHERE guestbook_id='.intval($GLOBALS['_getVar']['guestbookentry']); 467 $guestbook['sql'] .= " AND guestbook_ip='".aporeplace(getRemoteIP())."'"; 468 469 $guestbook['new_entry'] = _dbQuery($guestbook['sql']); 470 471 if(!empty($guestbook['new_entry'][0])) { 472 473 $guestbook['readform'] = 1; 474 475 $guestbook['post']['email'] = $guestbook['new_entry'][0]['guestbook_email']; 476 $guestbook['post']['name'] = $guestbook['new_entry'][0]['guestbook_name']; 477 $guestbook['post']['url'] = $guestbook['new_entry'][0]['guestbook_url']; 478 $guestbook['post']['msg'] = $guestbook['new_entry'][0]['guestbook_msg']; 479 480 } 481 482 unset($GLOBALS['_getVar']['guestbookentry']); 483 } 484 485 486 // start guestbook form 487 if(empty($guestbook['gb_login_post'])) { 488 $guestbook['show_postform'] = true; 489 } elseif(_getFeUserLoginStatus()) { 490 $guestbook['show_postform'] = true; 491 } else { 492 $guestbook['show_postform'] = false; 493 $guestbook['form'] = get_tmpl_section('LOGIN_INFO', $guestbook['template']); 494 } 495 496 if($guestbook['show_postform']) { 497 498 499 if(!$guestbook['readform']) { 500 501 if(!count($guestbook['error'])) { 502 // remove post form error part 503 $guestbook['form'] = replace_tmpl_section('FORM_ERROR', $guestbook['form'], ''); 504 } 505 506 //try to replace all error messages first 507 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_EMAIL', empty($guestbook['error']['email']) ? '' : $guestbook['error']['email']); 508 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_NAME', empty($guestbook['error']['name']) ? '' : $guestbook['error']['name']); 509 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_IMGSIZE', empty($guestbook['error']['size']) ? '' : $guestbook['error']['size']); 510 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_IMGSAVE', empty($guestbook['error']['move']) ? '' : $guestbook['error']['move']); 511 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_IMGWRITE', empty($guestbook['error']['writable']) ? '' : $guestbook['error']['writable']); 512 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_IMGFORMAT', empty($guestbook['error']['format']) ? '' : $guestbook['error']['format']); 513 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_IMGUPLOAD', empty($guestbook['error']['system']) ? '' : $guestbook['error']['system']); 514 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_IMG', empty($guestbook['error']['general']) ? '' : $guestbook['error']['general']); 515 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_URL', empty($guestbook['error']['url']) ? '' : $guestbook['error']['url']); 516 $guestbook['form'] = render_cnt_template($guestbook['form'], 'ERROR_CAPTCHA', empty($guestbook['error']['captcha']) ? '' : $guestbook['error']['captcha']); 517 518 $guestbook['form'] = render_cnt_template($guestbook['form'], 'EMAIL', html_specialchars($guestbook['post']['email'])); 519 $guestbook['form'] = render_cnt_template($guestbook['form'], 'NAME', html_specialchars($guestbook['post']['name'])); 520 $guestbook['form'] = render_cnt_template($guestbook['form'], 'URL', html_specialchars($guestbook['post']['url'])); 521 $guestbook['form'] = render_cnt_template($guestbook['form'], 'MSG', html_specialchars($guestbook['post']['msg'])); 522 523 $guestbook['GBSHOW_0'] = ''; 524 $guestbook['GBSHOW_1'] = ''; 525 $guestbook['GBSHOW_2'] = ''; 526 527 switch($guestbook['post']['show']) { 528 case 0: $guestbook['GBSHOW_0'] = ' checked="checked"'; break; 529 case 1: $guestbook['GBSHOW_1'] = ' checked="checked"'; break; 530 case 2: $guestbook['GBSHOW_2'] = ' checked="checked"'; break; 531 } 532 533 $guestbook['form'] = str_replace('{GBSHOW_0}', $guestbook['GBSHOW_0'], $guestbook['form']); 534 $guestbook['form'] = str_replace('{GBSHOW_1}', $guestbook['GBSHOW_1'], $guestbook['form']); 535 $guestbook['form'] = str_replace('{GBSHOW_2}', $guestbook['GBSHOW_2'], $guestbook['form']); 536 537 // build sign guestbook form 538 $guestbook['form'] = '<form name="sign_guestbook" action="index.php'.returnGlobalGET_QueryString('htmlentities').'" method="post"' . 539 (empty($guestbook["image_upload"]) ? '' : ' enctype="multipart/form-data"') . 540 '>'.$guestbook['form']; 541 if(!empty($guestbook['hidden'])) { 542 $guestbook['form'] .= $guestbook['hidden']; 543 } 544 $guestbook['form'] .= getFormTrackingValue().'</form>'; 545 546 547 } else { 548 549 if(!$guestbook['flooding']) { 550 // if successfully signed show signed info 551 $guestbook['signed'] = render_cnt_template($guestbook['signed'], 'EMAIL', html_specialchars($guestbook['post']['email'])); 552 $guestbook['signed'] = render_cnt_template($guestbook['signed'], 'NAME', html_specialchars($guestbook['post']['name'])); 553 $guestbook['signed'] = render_cnt_template($guestbook['signed'], 'URL', html_specialchars($guestbook['post']['url'])); 554 $guestbook['signed'] = render_cnt_template($guestbook['signed'], 'MSG', html_specialchars($guestbook['post']['msg'])); 555 $guestbook['form'] = $guestbook['signed']; 556 } else { 557 $guestbook['form'] = $guestbook['spamalert']; 558 } 559 560 } 561 562 } 563 // end guestbook form 564 565 566 567 // start guestbook listing 568 569 // first check for all available related guestbook entries 570 $guestbook['archivedate'] = false; 571 $guestbook['archiveselect'] = false; 572 $guestbook['sql'] = "SELECT * FROM ".DB_PREPEND."phpwcms_guestbook WHERE guestbook_cid="; 573 $guestbook['sql'] .= $guestbook['cid']." AND guestbook_trashed=0 "; 574 if(isset($_GET['gbd']) && $_GET['gbs']) { 575 //$aktion[5] = 0; 576 $guestbook['archivedate'] = $_GET['gbd']; 577 $guestbook['archiveselect'] = $_GET['gbs']; 578 $guestbook['sql'] .= "AND FROM_UNIXTIME(guestbook_created,'".aporeplace($guestbook['archivedate']); 579 $guestbook['sql'] .= "')='".aporeplace($guestbook['archiveselect'])."' "; 580 } 581 if(isset($_POST['showarchive']) && $_POST['showarchive']) { 582 //$aktion[5] = 0; 583 $guestbook['archivedate'] = $_POST['archivedate']; 584 $guestbook['archiveselect'] = $_POST['showarchive']; 585 $guestbook['sql'] .= "AND FROM_UNIXTIME(guestbook_created,'".aporeplace($guestbook['archivedate']); 586 $guestbook['sql'] .= "')='".aporeplace($guestbook['archiveselect'])."' "; 587 } 588 $guestbook['sql'] .= "AND guestbook_msg NOT LIKE '%[url%' "; 589 $guestbook['sql'] .= "ORDER BY guestbook_created "; 590 $guestbook['sql'] .= empty($guestbook['sorting']) ? 'DESC' : 'ASC'; 591 592 593 $guestbook['counter'] = 1; 594 595 if($guestbook['listing'] && $guestbook['listcount']) { 596 597 if($guestbook['result'] = mysql_query($guestbook['sql'].';', $db)) { 598 $guestbook['count'] = mysql_num_rows($guestbook['result']); 599 mysql_free_result($guestbook['result']); 600 } 601 602 $guestbook['pagecount'] = ceil($guestbook['count'] / $guestbook['listcount']); 603 if($guestbook['pagecount'] > 1 || $guestbook['archivedate']) { 604 605 if(isset($_POST['showguestbookpage'])) $aktion[5] = intval($_POST['showguestbookpage'])-1; 606 $guestbook['start_entry'] = $aktion[5] * $guestbook['listcount']; 607 $guestbook['sql'] .= ' LIMIT '.$guestbook['start_entry'].','.$guestbook['listcount']; 608 609 $guestbook['link_to'] = 'index.php?'; 610 $guestbook['link_to'] .= 'id='.$aktion[0].','.$aktion[1].','.$aktion[2].','.$aktion[3].','.$aktion[4].','; 611 $guestbook['link_add'] = ''; 612 if($guestbook['archivedate']) { 613 $guestbook['link_add'] .= '&gbd='.html_specialchars(urlencode($guestbook['archivedate'])); 614 $guestbook['link_add'] .= '&gbs='.html_specialchars(urlencode($guestbook['archiveselect'])); 615 } 616 617 618 // goto previous guestbook page 619 if($aktion[5] > 0) { 620 $guestbook['prev_replace'] = '<a href="'.$guestbook['link_to'].($aktion[5] - 1).$guestbook['link_add'].'">$1</a>'; 621 $guestbook['first_replace'] = '<a href="'.$guestbook['link_to'].'0'.$guestbook['link_add'].'">$1</a>'; 622 } else { 623 $guestbook['prev_replace'] = '$1'; 624 $guestbook['first_replace'] = $guestbook['prev_replace']; 625 } 626 $guestbook['nav'] = preg_replace('/{BACK:(.*?)}/s', $guestbook['prev_replace'], $guestbook['nav']); 627 $guestbook['nav'] = preg_replace('/{FIRST:(.*?)}/s', $guestbook['first_replace'], $guestbook['nav']); 628 629 // goto next guestbook page 630 if($aktion[5]+1 < $guestbook['pagecount']) { 631 $guestbook['next_replace'] = '<a href="'.$guestbook['link_to'].($aktion[5] + 1).$guestbook['link_add'].'">$1</a>'; 632 $guestbook['last_replace'] = '<a href="'.$guestbook['link_to'].($guestbook['pagecount']-1).$guestbook['link_add'].'">$1</a>'; 633 } else { 634 $guestbook['next_replace'] = '$1'; 635 $guestbook['last_replace'] = $guestbook['next_replace']; 636 } 637 $guestbook['nav'] = preg_replace('/{NEXT:(.*?)}/s', $guestbook['next_replace'], $guestbook['nav']); 638 $guestbook['nav'] = preg_replace('/{LAST:(.*?)}/s', $guestbook['last_replace'], $guestbook['nav']); 639 640 $guestbook['nav'] = preg_replace('/{PAGE:(\d+):(.*?)}/se', 'guestbook_pages($1, "$2", '.$aktion[5].', '.$guestbook['pagecount'].', "'.$guestbook['link_to'].'", "'.$guestbook['link_add'].'")', $guestbook['nav']); 641 642 // archive (form) 643 if( ! ( strpos($guestbook['nav'],'{ARCHIVE')===false ) ) { 644 preg_match('/{ARCHIVE:(.*?)}/s', $guestbook['nav'], $guestbook['archiveval']); 645 $guestbook['archiveval'] = explode('|', $guestbook['archiveval'][1]); 646 $guestbook['archive'] = '<form name="guestbookarchive" id="guestbookarchive" method="post" action="index.php?id='.implode(',', $aktion).'">'; 647 $guestbook['archive'] .= '<select name="showarchive" id="showarchive" onchange="document.guestbookarchive.submit();">'; 648 649 if(!isset($guestbook['archiveval'][1]) || !$guestbook['archiveval'][1]) { 650 $guestbook['archiveval'][1] = 'all entries'; 651 } 652 $guestbook['archive'] .= '<option value="">'.$guestbook['archiveval'][1]."</option>\n"; 653 654 if(empty($guestbook['archiveval'][0])) { 655 $guestbook['archiveval'][0] = '%m/%Y'; 656 } 657 658 $guestbook['asql'] = "SELECT DISTINCT FROM_UNIXTIME(guestbook_created,'".aporeplace($guestbook['archiveval'][0]); 659 $guestbook['asql'] .= "') AS guestbook_date FROM ".DB_PREPEND."phpwcms_guestbook WHERE guestbook_cid="; 660 $guestbook['asql'] .= $guestbook['cid']." AND guestbook_trashed=0 ORDER BY guestbook_created DESC"; 661 662 if($guestbook['result'] = mysql_query($guestbook['asql'], $db)) { 663 664 while($guestbook['row'] = mysql_fetch_row($guestbook['result'])) { 665 666 $guestbook['row'][0] = html_specialchars($guestbook['row'][0]); 667 $guestbook['archive'] .= '<option value="'.$guestbook['row'][0].'"'; 668 if($guestbook['archiveselect'] == $guestbook['row'][0]) { 669 $guestbook['archive'] .= ' selected="selected"'; 670 } 671 $guestbook['archive'] .= '>'.$guestbook['row'][0]."</option>\n"; 672 673 } 674 675 mysql_free_result($guestbook['result']); 676 677 } 678 $guestbook['archive'] .= '</select>'; 679 $guestbook['archive'] .= '<input type="hidden" name="archivedate" value="'.html_specialchars($guestbook['archiveval'][0]).'" />'; 680 if(isset($guestbook['archiveval'][2]) && $guestbook['archiveval'][2]) { 681 $guestbook['archive'] .= (empty($guestbook['archiveval'][3])) ? '' : $guestbook['archiveval'][3]; 682 // check if send button is image or text 683 if(preg_match('/[\.png|\.jpg|\.jpeg|\.gif]$/i', $guestbook['archiveval'][2], $matches)) { 684 $guestbook['archive'] .= '<input name="archivesubmit" class="guestbookArchiveSubmit" type="image" src="'.trim($guestbook['archiveval'][2]).'" border="0" />'; 685 } else { 686 $guestbook['archive'] .= '<input name="archivesubmit" class="guestbookArchiveSubmit" type="submit" value="'.$guestbook['archiveval'][2].'" />'; 687 } 688 } 689 $guestbook['archive'] .= '</form>'; 690 $guestbook['nav'] = preg_replace('/{ARCHIVE:(.*?)}/s', $guestbook['archive'], $guestbook['nav']); 691 692 } 693 694 // jump to menu (form) 695 if( ! ( strpos($guestbook['nav'],'{JUMP')===false ) ) { 696 preg_match('/{JUMP:(.*?)}/s', $guestbook['nav'], $guestbook['jumpval']); 697 $guestbook['jumpval'] = explode('|', $guestbook['jumpval'][1]); 698 $guestbook['jump'] = '<form name="guestbookjump" id="guestbookjump" method="post" action="index.php?id='.implode(',', $aktion).'">'; 699 $guestbook['jump'] .= '<select name="showguestbookpage" id="showpage" onchange="document.guestbookjump.submit();">'; 700 for($ixx=1; $ixx <= $guestbook['pagecount']; $ixx++) { 701 if($ixx != $aktion[5]+1) { 702 $guestbook['jump'] .= '<option value="'.$ixx.'">'.$guestbook['jumpval'][0].$ixx."</option>\n"; 703 } else { 704 $guestbook['jump'] .= '<option value="'.$ixx.'" selected="selected">'.$guestbook['jumpval'][0].$ixx."</option>\n"; 705 } 706 } 707 $guestbook['jump'] .= '</select>'; 708 if($guestbook['archivedate']) { 709 $guestbook['jump'] .= '<input type="hidden" name="archivedate" value="'.html_specialchars($guestbook['archivedate']).'" />'; 710 $guestbook['jump'] .= '<input type="hidden" name="showarchive" value="'.html_specialchars($guestbook['archiveselect']).'" />'; 711 } 712 if(isset($guestbook['jumpval'][1]) && $guestbook['jumpval'][1]) { 713 $guestbook['jump'] .= empty($guestbook['jumpval'][2]) ? '' : $guestbook['jumpval'][2]; 714 // check if send button is image or text 715 if(preg_match('/[\.png|\.jpg|\.jpeg|\.gif]$/i', $guestbook['jumpval'][1], $matches)) { 716 $guestbook['jump'] .= '<input name="jumpsubmit" class="guestbookJumpSubmit" type="image" src="'.trim($guestbook['jumpval'][1]).'" border="0" />'; 717 } else { 718 $guestbook['jump'] .= '<input name="jumpsubmit" class="guestbookJumpSubmit" type="submit" value="'.$guestbook['jumpval'][1].'" />'; 719 } 720 } 721 $guestbook['jump'] .= '</form>'; 722 $guestbook['nav'] = preg_replace('/{JUMP:(.*?)}/s', $guestbook['jump'], $guestbook['nav']); 723 } 724 725 $guestbook['counter'] = $guestbook['start_entry']+1; 726 727 } else { 728 // no navigation neccessary 729 $guestbook['nav'] = ''; 730 } 731 732 } else { 733 // no navigation neccessary 734 $guestbook['nav'] = ''; 735 } 736 737 $guestbook['entry_list'] = ''; 738 739 if($guestbook['result'] = mysql_query($guestbook['sql'], $db)) { 740 741 /* 742 $guestbook['ban_count'] = 0; 743 if($guestbook['ban']) { 744 $guestbook['ban'] = preg_replace('/\s{1,}/is', ' ', $guestbook['ban']); 745 $guestbook['ban'] = explode(' ', $guestbook['ban']); 746 if(is_array($guestbook['ban']) && count($guestbook['ban'])) { 747 foreach($guestbook['ban'] as $key => $value) { 748 $value = preg_quote(trim($value)); 749 $guestbook['ban'][$key] = '/'.$value.'/i'; 750 $guestbook['ban_count']++; 751 } 752 } 753 } 754 */ 755 756 while($guestbook['row'] = mysql_fetch_assoc($guestbook['result'])) { 757 758 /* 759 if($guestbook['ban_count']) { 760 $guestbook['row']['guestbook_msg'] = preg_replace($guestbook['ban'], $guestbook['replace'], $guestbook['row']['guestbook_msg']); 761 } 762 */ 763 $guestbook['row']['guestbook_msg'] = html_specialchars($guestbook['row']['guestbook_msg']); 764 765 $guestbook['c'] = str_replace('{ID}', $guestbook['counter'], $guestbook['entry']); 766 $guestbook['c'] = str_replace('{DBID}', $guestbook['row']['guestbook_id'], $guestbook['c']); 767 768 $guestbook['c'] = render_cnt_template($guestbook['c'], 'URL', empty($guestbook['row']['guestbook_url']) ? '' : html_specialchars('http://'.$guestbook['row']['guestbook_url'])); 769 770 switch($guestbook['row']['guestbook_show']) { 771 case 1: $guestbook['row']['guestbook_email'] = ''; 772 //$guestbook['c'] = preg_replace('/<a (.*?){0,1}href=[\'|"]{0,1}mailto:.*?[\'|"]{0,1}( .*?){0,1}>(.*?)<\/a>/is', "$3", $guestbook['c']); 773 break; 774 case 2: $guestbook['row']['guestbook_email'] = preg_replace('/(.*?)@(.*?)\.([a-zA-Z]+)$/i', "$1 at $2 dot $3", $guestbook['row']['guestbook_email']); 775 $guestbook['c'] = preg_replace('/\[EMAIL\](.*?){0,1}<a (.*?)>(.*?)<\/a>(.*?){0,1}\[\/EMAIL\]/is', "[EMAIL]$1".$guestbook['row']['guestbook_email']."$4[/EMAIL]", $guestbook['c']); //"$3" 776 break; 777 778 } 779 780 $guestbook['c'] = render_cnt_template($guestbook['c'], 'EMAIL', html_specialchars($guestbook['row']['guestbook_email'])); 781 $guestbook['c'] = render_cnt_template($guestbook['c'], 'NAME', html_specialchars($guestbook['row']['guestbook_name'])); 782 $guestbook['c'] = render_cnt_template($guestbook['c'], 'MSG', nl2br($guestbook['row']['guestbook_msg'])); 783 784 $guestbook['c'] = preg_replace('/{TIMESTAMP:(.*)}/e', "date('$1',\$guestbook['row']['guestbook_created'])", $guestbook['c']); 785 786 // do gb image ;-) 787 $guestbook['entry_image'] = ''; 788 if(isset($guestbook['imgdata']) && !empty($guestbook['row']['guestbook_image'])) { 789 790 if(file_exists($guestbook['image_dir'].'/'.$guestbook['row']['guestbook_image'])) { 791 792 $thumb_image = false; 793 $thumb_img = ''; 794 795 $thumb_image = get_cached_image( 796 array( "target_ext" => which_ext($guestbook['row']['guestbook_image']), 797 "image_name" => $guestbook['row']['guestbook_image'], 798 "image_dir" => $guestbook['image_dir'].'/', 799 "max_width" => $guestbook['imgdata'][0], 800 "max_height" => $guestbook['imgdata'][1], 801 "thumb_name" => md5($guestbook['row']['guestbook_image'].$guestbook['imgdata'][0].$guestbook['imgdata'][1].$GLOBALS['phpwcms']["sharpen_level"]) 802 )); 803 804 if($thumb_image != false) { 805 806 $guestbook['entry_image'] = '<img src="'.PHPWCMS_IMAGES . $thumb_image[0] .'" border="0" '.$thumb_image[3]; 807 $guestbook['entry_image'] .= ' alt="'.html_specialchars($guestbook['row']['guestbook_imagename']).'" />'; 808 809 //zoom 810 if($guestbook['imgdata'][2]) { 811 $zoominfo = get_cached_image( 812 array( "target_ext" => which_ext($guestbook['row']['guestbook_image']), 813 "image_name" => $guestbook['row']['guestbook_image'], 814 "image_dir" => $guestbook['image_dir'].'/', 815 "max_width" => $GLOBALS['phpwcms']["img_prev_width"], 816 "max_height" => $GLOBALS['phpwcms']["img_prev_height"], 817 "thumb_name" => md5($guestbook['row']['guestbook_image'].$GLOBALS['phpwcms']["img_prev_width"].$GLOBALS['phpwcms']["img_prev_height"].$GLOBALS['phpwcms']["sharpen_level"]) 818 )); 819 820 if($zoominfo != false) { 821 822 $popup_img = 'image_zoom.php?'.getClickZoomImageParameter($zoominfo[0].'?'.$zoominfo[3]); 823 $guestbook['entry_image'] = '<a href="'.$popup_img.'" onclick="window.open(\''.$popup_img. 824 "','previewpic','width=".$zoominfo[1].",height=".$zoominfo[2]."');return false;". 825 '">'.$guestbook['entry_image'].'</a>'; 826 } 827 } 828 } 829 } 830 } 831 $guestbook['c'] = render_cnt_template($guestbook['c'], 'IMAGE', $guestbook['entry_image']); 832 833 $guestbook['entry_list'] .= $guestbook['c']; 834 835 $guestbook['counter']++; 836 } 837 mysql_free_result($guestbook['result']); 838 839 // initialize lightbox 840 if($thumb_image != false) { 841 initializeLightbox(); 842 } 843 844 // comments 845 $guestbook['entry_list'] = preg_replace('/\[c\](.*?)\[\/c\]/is', $guestbook['comment'][0]."$1".$guestbook['comment'][1], $guestbook['entry_list']); 846 847 } 848 $guestbook['list'] = str_replace('{NAV}', $guestbook['nav'], $guestbook['list']); 849 $guestbook['list'] = str_replace('{FORM}', $guestbook['form'], $guestbook['list']); 850 $guestbook['list'] = replace_tmpl_section('GUESTBOOK_ENTRY', $guestbook['list'], $guestbook['entry_list']); 851 852 $CNT_TMP .= $guestbook['list']; 853 854 } 855 856 // delete guetbook array 857 unset($guestbook); 858 859 860 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Dec 30 05:55:15 2009 | Cross-referenced by PHPXref 0.7 |