[MOD] [1.7.1] (Antispam) Sicherheitscode bei Kommentar / secure code at comment

[T]

Hallo,

ich habe für die 4images Galerie 1.7.1 ein Sicherheitscode - Script geschrieben, welches gegen Spam durch Bots o.ä. wirken soll.

Hierbei muss man ein Bild mit 4-6 Zahlen abtippen und der Kommentar wird nur beim richtigen abtippen gepostet.

Download am Ende des Postings; Fragen und Support per E-Mail.

#######

Hello,

I wrote an safety or secure code - script for 4images gallery 1.7.1. The script should stop spam e.g. through bots.

Usage: You must copy a pircture with 4-6 characters (numbers). When you copied it right, your command will be posted. Otherwise, your comment will be deleted.

download at the bottom of this posting; questions and support via e-mail.

Sorry for my bad english.

#######

EDIT: Fehler in der Datei sicherheit.php behoben. / Error in sicherheit.php fixed.

[TheOracle]

Looks like a very interesting MOD I might say.

[JensF]

Hi,

irgendwie interessant aber ich habe bisher noch keine Spam Einträge gehabt. Weder von Bots noch von anderen Leuten. Liegt aber wohl eher da dran das bei mir nur registrierte User Kommentare schreiben dürfen.

Aber auch wenn nicht, mich persönlich würde das ein wenig nerven wenn ich bei jedem Kommentar den ich schreibe einen Code eingeben muss.

Bitte nicht persönlich nehmen, ist nur meine Meinung.

[mawenzi]

Hallo gheelho,

... danke für die Veröffentlichung des MODs ... !
... folgendes Problem habe ich jedoch mit der Installation ...
... die sicherheit.php erzeugt bei mir nur das Hintergrundbild mit den Linien jedoch ohne Zahlencode ... ?
... konnte von daher auch die weitere Funktionalität nicht prüfen ...
... habe mal einen Bilck in die sicherheit.php getan ...
... Zeile 32 : $text_width = $font_width * strlen($zahl); ...
... $font_width ... ist nicht definiert ... ?
... Zeile 35 : ImageString($pic, 6, $pic_center_x, $pic_center_y, $RandInt, $text); ...
... $RandInt ... ist nicht definiert ... ?
... für mich einige Ungereimtheiten ... kannst du die ganze sicherheit.php nochmals checken ... !

danke mawenzi

[mawenzi]

Hallo gheelho,

1. Der MOD funktioniert auch unter Version 1.7 ... !
2. in der sicherheit.php müssen m.E. folgende Änderungen vorgenommen werden :
- die Zeile 32 sollte so aussehen :

Code: [Select]

$text_width = $text_width * strlen($zahl);
- die Zeile 35 sollte so aussehen :

Code: [Select]

ImageString($pic, 6, $pic_center_x, $pic_center_y, $zahl, $text);
3. dann klappt es auch mit der Anzeige des Zahlencods ... und dem Kommentar-Posting !

nochmals danke mawenzi

[T]

Hi,

irgendwie interessant aber ich habe bisher noch keine Spam Einträge gehabt. Weder von Bots noch von anderen Leuten. Liegt aber wohl eher da dran das bei mir nur registrierte User Kommentare schreiben dürfen.

Aber auch wenn nicht, mich persönlich würde das ein wenig nerven wenn ich bei jedem Kommentar den ich schreibe einen Code eingeben muss.

Bitte nicht persönlich nehmen, ist nur meine Meinung.

Ja, aber ich habe den Code auf Wunsch gemacht, da ein User das Posten durch Gäste nicht abschalten wollte.

Hallo gheelho,

... danke für die Veröffentlichung des MODs ... !
... folgendes Problem habe ich jedoch mit der Installation ...
... die sicherheit.php erzeugt bei mir nur das Hintergrundbild mit den Linien jedoch ohne Zahlencode ... ?
... konnte von daher auch die weitere Funktionalität nicht prüfen ...
... habe mal einen Bilck in die sicherheit.php getan ...
... Zeile 32 : $text_width = $font_width * strlen($zahl); ...
... $font_width ... ist nicht definiert ... ?
... Zeile 35 : ImageString($pic, 6, $pic_center_x, $pic_center_y, $RandInt, $text); ...
... $RandInt ... ist nicht definiert ... ?
... für mich einige Ungereimtheiten ... kannst du die ganze sicherheit.php nochmals checken ... !

danke mawenzi

Habe die Sicherheit.php gefixed. Eine neue Version ist nun downloadbar.

[TheOracle]

I have one question for this MOD (if you don't mind). Does this restriction also applys from URL ?

[mawenzi]

@ gheelho,

da jetzt alles funktioniert (selbst getestet) und die downloadbare sicherheit.php aktualisiert ist, habe ich das Thema in das Forum Mods & Plugins (Publishing & Support) verschoben !

danke mawenzi

[T]

I have one question for this MOD (if you don't mind). Does this restriction also applys from URL ?

Sorry, but I don't understand what you're talking about. Can you give me an example?

[TheOracle]

I have one question for this MOD (if you don't mind). Does this restriction also applys from URL ?

Sorry, but I don't understand what you're talking about. Can you give me an example?

For instance, does this block :

/* ## Safety script ## */
mt_srand((double)microtime()*1000000);
$comment_sicherheit = mt_rand(000001,999999);
$comment_sicherheit = str_replace('=', '´|´', base64_encode(base64_encode($comment_sicherheit)));
/* ## Safety script ## */

also prevents the usage of random image IDs over the URL bar ?

[om6acw]

Nice mod, I use that for my guestbook 

[JensF]

Nice mod, I use that for my guestbook 

Hi thats great, can you say me what i must do to have this for the guestbook?? I have many Spam entrys in it. I use this guestbook

[MOD] guestbook

[om6acw]

Open templates/xxxxxx/guestbook_form.html

find:

Code: [Select]

<tr>
<td width="90" valign="top">&nbsp;</td>
                <td>{bbcode}</td>
          </tr>
add after:

Code: [Select]

<tr>
                  <td width="90" valign="top"><b>{comment_secure_scode}</b><br />{comment_secure_pleasecopy}</td>
                  <td><input type="text" name="sicherheit_code" size="15" class="commentinput" />&nbsp;<img src="sicherheit.php?z={comment_sicherheit}" alt="{comment_secure_scode}" title="{comment_secure_pleasecopy}" /></td>
                </tr>
find:

Code: [Select]

<input type="hidden" name="action" value="postcomment" />
Add after:

Code: [Select]

<input type="hidden" name="sicherheit_dec" value="{comment_sicherheit}" />
Open guestbook.php

find:

Code: [Select]

if ($config['guestbook_view'] != 1) {
  header("Location: ".$site_sess->url(ROOT_PATH."index.php"));
  exit;
}
add after:

Code: [Select]

/* ## Safety script ## */
mt_srand((double)microtime()*1000000);
$comment_sicherheit = mt_rand(000001,999999);
$comment_sicherheit = str_replace('=', '´|´', base64_encode(base64_encode($comment_sicherheit)));
/* ## Safety script ## */

find:

Code: [Select]

if ($comment_user_name == "")  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
      $error = 1;
    }

add after:

Code: [Select]

if (($sicherheit_code == "") || ($sicherheit_code != str_replace('´|´', '=', base64_decode(base64_decode($sicherheit_dec))) ))  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['secure_required'];
      $error = 1;
    }

find:

Code: [Select]

"comment_user_name" => $comment_user_name,
add after:

Code: [Select]

"comment_sicherheit" => $comment_sicherheit,
      "comment_secure_scode" => $lang['comment_secure_scode'],
      "comment_secure_pleasecopy" => $lang['comment_secure_pleasecopy'],

and change all your (lang/xxxxxx/main.php) see original post

DEMO

[JensF]

hhmm, have i forget something???

I can sign the guestbook without the security code.

No error message, nothing. i can sign in. You can test ist here -> http://www.terraristik-galerie.de/guestbook.php

[JensF]

Hi,

i have search but found no error Can anyone look at my guestbook.php??? I can sign in my guestbook without a code

Code: [Select]

<?php 
/************************************************************************** 
 *                                                                        * 
 *    4images - A Web Based Image Gallery Management System               * 
 *    ----------------------------------------------------------------    * 
 *                                                                        * 
 *             File: guestbook.php                                          * 
 *        Copyright: (C) 2002 Jan Sorgalla                                * 
 *            Email: jan@4homepages.de                                    * 
 *              Web: http://www.4homepages.de                             * 
 *    Scriptversion: 1.7                                                  * 
 *                                                                        * 
 *    Never released without support from: Nicky (http://www.nicky.net)   * 
 *                                                                        * 
 ************************************************************************** 
 *                                                                        * 
 *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       * 
 *    bedingungen (Lizenz.txt) f?r weitere Informationen.                 * 
 *    ---------------------------------------------------------------     * 
 *    This script is NOT freeware! Please read the Copyright Notice       * 
 *    (Licence.txt) for further information.                              * 
 *                                                                        * 
 *************************************************************************/ 

$main_template = 'guestbook'; 
define('GET_CACHES', 1); 
define('ROOT_PATH', './'); 
include(ROOT_PATH.'global.php'); 
require(ROOT_PATH.'includes/sessions.php'); 
$user_access = get_permission(); 
include(ROOT_PATH.'includes/page_header.php'); 

if ($config['guestbook_view'] != 1) { 
  header("Location: ".$site_sess->url(ROOT_PATH."index.php"));
  exit; 
}

/* ## Safety script ## */
mt_srand((double)microtime()*1000000);
$comment_sicherheit = mt_rand(000001,999999);
$comment_sicherheit = str_replace('=', '´|´', base64_encode(base64_encode($comment_sicherheit)));
/* ## Safety script ## */  

if ($action == "") { 
   $action = "showcomments"; 
} 

if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) { 
  $comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]); 
} 
else { 
  $comment_id = 0; 
} 
if ($action == "deletecomment") { 
  if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) { 
    show_error_page($lang['no_permission']); 
    exit; 
  } 
  
  $sql = "SELECT comment_id, comment_ip 
          FROM ".GUESTBOOK_TABLE." 
          WHERE comment_id = $comment_id"; 
  $comment_row = $site_db->query_firstrow($sql); 
  if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) { 
    show_error_page($lang['no_permission']); 
    exit; 
  } 
  
  $txt_clickstream = $lang['comment_delete']; 
  
  $sql = "DELETE FROM ".GUESTBOOK_TABLE." 
          WHERE comment_id = $comment_id"; 
  $result = $site_db->query($sql); 
  
  $msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error']; 
} 

if ($action == "removecomment") { 
  if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) { 
    header("Location: ".$site_sess->url($url, "&")); 
    exit; 
  } 

  $sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip 
          FROM ".GUESTBOOK_TABLE." 
          WHERE comment_id = $comment_id"; 
  $comment_row = $site_db->query_firstrow($sql); 
  if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) { 
    header("Location: ".$site_sess->url($url, "&")); 
    exit; 
  } 

  $txt_clickstream = $lang['comment_delete']; 
  $comment_user_name = $comment_row['comment_user_name']; 
  
  $site_template->register_vars(array( 
    "comment_id" => $comment_id, 
    "comment_user_name" => htmlspecialchars($comment_user_name), 
    "comment_site" => format_text($comment_row['comment_site'], 0, $config['wordwrap_comments'], 0, 0), 
    "comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']), 
    "lang_delete_comment" => $lang['comment_delete'], 
    "lang_delete_comment_confirm" => $lang['comment_delete_confirm'], 
    "lang_name" => $lang['name'], 
    "lang_site" => $lang['site'], 
    "lang_comment" => $lang['comment'], 
    "lang_submit" => $lang['submit'], 
    "lang_reset" => $lang['reset'], 
    "lang_yes" => $lang['yes'], 
    "lang_no" => $lang['no'] 
  )); 
  $contents = $site_template->parse_template("guestbook_deletecomment"); 
} 

if ($action == "updatecomment") { 
  if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) { 
    show_error_page($lang['no_permission']); 
    exit; 
  } 
  $sql = "SELECT comment_id, comment_ip 
          FROM ".GUESTBOOK_TABLE."  
          WHERE comment_id = $comment_id"; 
  $comment_row = $site_db->query_firstrow($sql); 
  if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) { 
    show_error_page($lang['no_permission']); 
    exit; 
  } 
  
  $txt_clickstream = $lang['comment_edit']; 
  
  $error = 0; 
  
  $comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site'])); 
  $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text'])); 
  $comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name'])); 
  
  if ($comment_user_name == "")  { 
      $msg .= (($msg != "") ? "<br />" : "").$lang['name_required']; 
      $error = 1;
    }
elseif ($site_db->not_empty("SELECT user_name FROM ". 
                              GUESTBOOK_TABLE. 
                           " WHERE user_name= '".strtolower($comment_user_name)."' AND comment_date > ".(time()-60 * 60 * 24))) { 
      $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists']; 
      $error = 1; 
   } 
    if ($comment_text == "")  { 
      $msg .= (($msg != "") ? "<br />" : "").$lang['comment_required']; 
      $error = 1; 
    } 

   if (!$error)  { 
      if ($comment_site =="http://") { 
         $comment_site = ""; 
      }
      
  if (($sicherheit_code == "") || ($sicherheit_code != str_replace('´|´', '=', base64_decode(base64_decode($sicherheit_dec))) ))  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['secure_required'];
      $error = 1;
    } 

   //----------------------------------------------------- 
   // Start Emailer for guestbook 
   //----------------------------------------------------- 
   if (!empty($config['guestbook_manager'])) { 
      $current_time = time(); 
      include_once(ROOT_PATH.'includes/email.php'); 
      $site_email = new Email(); 
      $site_email->set_to($config['guestbook_manager']); 
      $site_email->set_from($config['site_email'], $config['site_name']); 
      $site_email->set_subject("Guestbook Edited"); 
      $site_email->register_vars(array( 
        "recipient_name" => "GuestBook Manager", 
        "comment_date" => format_date($config['date_format']." ".$config['time_format'], $current_time), 
        "comment_username" => $comment_user_name, 
        "comment_text" => $comment_text, 
        "comment_site" => $comment_site, 
        "site_name" => $config['site_name'], 
        "user_country" => $user_country 
      )); 
      $site_email->set_body("guestbook_email", $config['language_dir']); 
      $site_email->send_email(); 
   } 
   //--end emailer

      $sql = "UPDATE ".GUESTBOOK_TABLE." 
               SET comment_site = '$comment_site', comment_text = '$comment_text', user_name= '$comment_user_name' 
            WHERE comment_id = $comment_id"; 
      $result = $site_db->query($sql); 
      $msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error']; 
   } else { 
      $action = "editcomment"; 
      $sendprocess = 1; 
   } 
} 

if ($action == "editcomment") { 
  if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) { 
    show_error_page($lang['no_permission']); 
    exit; 
  } 

  $sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip 
          FROM ".GUESTBOOK_TABLE." 
        WHERE comment_id = $comment_id"; 
  $comment_row = $site_db->query_firstrow($sql); 
  if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) { 
    show_error_page($lang['no_permission']); 
    exit; 
  } 
  
  $txt_clickstream = $lang['comment_edit']; 

  $comment_site = (isset($HTTP_POST_VARS['comment_site'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_site']))) : (empty($comment_row['comment_site']) ? "http://" : $comment_row['comment_site']); 
  $comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text']; 
  $comment_user_name = (isset($HTTP_POST_VARS['comment_user_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_user_name']))) : $comment_row['comment_user_name']; 

  $bbcode = ""; 
  if ($config['bb_comments'] == 1) { 
    $site_template->register_vars(array( 
      "lang_bbcode" => $lang['bbcode'], 
     "smiles_text" => get_smiles_text(), 
      "lang_tag_prompt" => $lang['tag_prompt'], 
      "lang_link_text_prompt" => $lang['link_text_prompt'], 
      "lang_link_url_prompt" => $lang['link_url_prompt'], 
      "lang_link_email_prompt" => $lang['link_email_prompt'], 
      "lang_list_type_prompt" => $lang['list_type_prompt'], 
      "lang_list_item_prompt" => $lang['list_item_prompt'] 
    )); 
    $bbcode = $site_template->parse_template("bbcode"); 
  } 

  $site_template->register_vars(array( 
    "bbcode" => $bbcode, 
    "comment_id" => $comment_id, 
    "comment_user_name" => htmlspecialchars($comment_user_name), 
    "comment_site" => htmlspecialchars($comment_site), 
    "comment_text" => htmlspecialchars($comment_text), 
    "lang_edit_comment" => $lang['comment_edit'], 
    "lang_name" => $lang['name'], 
    "lang_site" => $lang['site'], 
    "lang_comment" => $lang['comment'], 
    "lang_submit" => $lang['submit'], 
    "lang_reset" => $lang['reset'], 
    "lang_yes" => $lang['yes'], 
    "lang_no" => $lang['no'], 
  )); 
  $contents = $site_template->parse_template("guestbook_editcomment"); 
} 

//----------------------------------------------------- 
//--- Save Comment ------------------------------------ 
//----------------------------------------------------- 
$error = 0; 
if ($action == "postcomment" && $config['guestbook_post'] == 1) { 
    $comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name'])); 
    $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text'])); 
   $comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site'])); 
    // Flood Check 
   $sql = "SELECT comment_ip, comment_date 
              FROM ".GUESTBOOK_TABLE." 
         WHERE comment_ip = '".$session_info['session_ip']."'  
         ORDER BY comment_date DESC 
         LIMIT 1"; 
   $spam_row = $site_db->query_firstrow($sql); 
   $spamtime = $spam_row['comment_date'] + 360; 

   if (time() <= $spamtime && $user_info['user_level'] != ADMIN)  { 
      $msg .= (($msg != "") ? "<br />" : "").$lang['spamming']; 
      $error = 1; 
   } 

   if ($comment_user_name == "")  { 
      $msg .= (($msg != "") ? "<br />" : "").$lang['name_required']; 
      $error = 1; 
    } elseif ($site_db->not_empty("SELECT user_name FROM ". 
                              GUESTBOOK_TABLE. 
                           " WHERE user_name= '".strtolower($comment_user_name)."' AND comment_date > ".(time()-60 * 60 * 24))) { 
      $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists']; 
      $error = 1; 
   } 
    if ($comment_text == "")  { 
      $msg .= (($msg != "") ? "<br />" : "").$lang['comment_required']; 
      $error = 1; 
    } 

   if (!$error)  { 
      if ($comment_site =="http://") { 
         $comment_site = ""; 
      } 

     //----------------------------------------------------- 
   // Start Emailer for guestbook 
   //----------------------------------------------------- 
   if (!empty($config['guestbook_manager'])) { 
      $current_time = time(); 
      include_once(ROOT_PATH.'includes/email.php'); 
      $site_email = new Email(); 
      $site_email->set_to($config['guestbook_manager']); 
      $site_email->set_from($config['site_email'], $config['site_name']); 
      $site_email->set_subject("Guestbook Signed"); 
      $site_email->register_vars(array( 
        "recipient_name" => "GuestBook Manager", 
        "comment_date" => format_date($config['date_format']." ".$config['time_format'], $current_time), 
        "comment_username" => $comment_user_name, 
        "comment_text" => $comment_text, 
        "comment_site" => $comment_site, 
        "site_name" => $config['site_name'], 
        "user_country" => $user_country 
      )); 
      $site_email->set_body("guestbook_email", $config['language_dir']); 
      $site_email->send_email(); 
   } 
   //--end emailer
      $sql = "INSERT INTO ".GUESTBOOK_TABLE." 
               (user_name, comment_site, comment_text, comment_ip, comment_date) 
            VALUES 
            ('$comment_user_name', '$comment_site', '$comment_text', '".$session_info['session_ip']."', ".time().")"; 
      $site_db->query($sql); 
   } 
   unset($spam_row); 
} 


//----------------------------------------------------- 
//---Show Guestbook Comments--------------------------- 
//----------------------------------------------------- 

if (($action == "showcomments" || $action == "postcomment" ) && $config['guestbook_view'] == 1) { 
     if (isset($HTTP_POST_VARS['commentsetperpage']) || isset($HTTP_GET_VARS['commentsetperpage'])) { 
      $commentsetperpage = (intval($HTTP_POST_VARS['commentsetperpage']) ) ? intval($HTTP_POST_VARS['commentsetperpage']) : intval($HTTP_GET_VARS['commentsetperpage']); 
      if ($commentsetperpage) { 
         $site_sess->set_session_var("commentperpage", $commentsetperpage); 
         $session_info['commentperpage'] = $commentsetperpage; 
      } 
   } 

   if (isset($session_info['commentperpage'])) { 
      $commentperpage = $session_info['commentperpage']; 
   } else { 
      $commentperpage = 8; 
   } 
  
   $sql = "SELECT COUNT(user_name) AS comments 
          FROM ".GUESTBOOK_TABLE; 
   $result = $site_db->query_firstrow($sql); 
   $num_comments = $result['comments']; 
   $site_db->free_result(); 
   $num_rows_all = (isset($num_comments)) ? $num_comments : 0; 
   $link_arg = $site_sess->url(ROOT_PATH."guestbook.php");  
   include_once(ROOT_PATH.'includes/paging.php'); 
   $getpaging = new Paging($page, $commentperpage, $num_rows_all, $link_arg); 
   $offset = $getpaging->get_offset(); 
   $site_template->register_vars(array( 
        "paging" => $getpaging->get_paging(), 
      "paging_stats" => $getpaging->get_paging_stats() 
   )); 

   $sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip, comment_date 
         FROM ".GUESTBOOK_TABLE." 
         ORDER BY comment_date DESC 
         LIMIT $offset, $commentperpage"; 
  
   $result = $site_db->query($sql); 
   $comment_row = array(); 
   while ($row = $site_db->fetch_array($result)) { 
      $comment_row[] = $row; 
   } 
   $site_db->free_result($result); 
   $num_comments = sizeof($comment_row); 
   $comments = ""; 
    
   $site_template->register_vars(array( 
        "lang_guest_from" => $lang['guest_from'], 
      "lang_guest_site" => $lang['guest_site'] 
   )); 
   if ($num_comments) { 
      $bgcounter = 0; 
      for ($i = 0; $i < $num_comments; $i++) { 
         $row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2; 

         $comment_user_name = htmlspecialchars($comment_row[$i]['comment_user_name']); 
         $comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : ""; 

         $admin_links = ""; 
         if ($user_info['user_level'] == ADMIN) { 
            $admin_links .= "<a href=\"". 
                          $site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&amp;comment_id=". 
                                         $comment_row[$i]['comment_id']). 
                          "\" target=\"admin_edit\">".$lang['edit']."</a>&nbsp;"; 
            $admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&amp;comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>"; 
         } elseif ($comment_row[$i]['comment_ip'] == $session_info['session_ip']) { // if ip equals, permit to edit 
            $admin_links .= ($config['user_edit_guestbook'] != 1) ? "" : 
                          "<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&amp;comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['edit']."</a>&nbsp;"; 
            $admin_links .= ($config['user_delete_guestbook'] != 1) ? "" : 
                          "<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&amp;comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>"; 
         } 
         $site_template->register_vars(array( 
            "comment_id" => $comment_row[$i]['comment_id'], 
            "comment_user_name" => $comment_user_name, 
            "comment_sicherheit" => $comment_sicherheit,
            "comment_secure_scode" => $lang['comment_secure_scode'],
            "comment_secure_pleasecopy" => $lang['comment_secure_pleasecopy'],
            "comment_user_ip" => $comment_user_ip, 
            "comment_site" => format_text($comment_row[$i]['comment_site'], 0, $config['wordwrap_comments'], 0, 0), 
            "comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']), 
            "comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']), 
            "row_bg_number" => $row_bg_number, 
            "admin_links" => $admin_links, 
         )); 
            $comments .= $site_template->parse_template("guestbook_comment_bit"); 
          
      } // end for 
   } else { 
      $comments = $lang['be_the_first']; 
   } 
   //---End Show Guestbook Comments---- 


  //----------------------------------------------------- 
  //--- BBCode & Form ----------------------------------- 
  //----------------------------------------------------- 
  $bbcode = ""; 
  if ($config['bb_comments'] == 1) { 
    $site_template->register_vars(array( 
      "lang_bbcode" => $lang['bbcode'], 
     "smiles_text" => get_smiles_text(), 
      "lang_tag_prompt" => $lang['tag_prompt'], 
      "lang_link_text_prompt" => $lang['link_text_prompt'], 
      "lang_link_url_prompt" => $lang['link_url_prompt'], 
      "lang_link_email_prompt" => $lang['link_email_prompt'], 
      "lang_list_type_prompt" => $lang['list_type_prompt'], 
      "lang_list_item_prompt" => $lang['list_item_prompt'] 
    )); 
    $bbcode = $site_template->parse_template("bbcode"); 
  } 

  if ($config['guestbook_post'] != 1) { 
     $comment_form = ""; 
  } else { 
  $comment_user_name = (isset($HTTP_POST_VARS['comment_user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : ""); 
  $comment_site = (isset($HTTP_POST_VARS['comment_site']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_site']))) : "http://"; 

  $site_template->register_vars(array( 
     "bbcode" => $bbcode, 
      "comment_user_name" => $comment_user_name, 
      "comment_site" => $comment_site, 
      "comment_text" => $comment_text, 
      "lang_post_guestbook" => $lang['post_guestbook'], 
      "lang_name" => $lang['name'], 
      "lang_site" => $lang['site'], 
      "lang_comment" => $lang['comment'] 
    )); 
    $comment_form = $site_template->parse_template("guestbook_form"); 
   $site_template->register_vars("guestbook_form", $comment_form); 
   $contents = $site_template->parse_template("guestbook_showcomments"); 
   unset($comment_form); 
  } // end if allow_comments 
  $txt_clickstream = $lang['post_guestbook']; 
} 

//----------------------------------------------------- 
//---Clickstream--------------------------------------- 
//----------------------------------------------------- 
$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'] 
            ."<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=showcomments")."\">".$lang['guestbook']."</a>".$config['category_separator'].$txt_clickstream."</span>"; 

//----------------------------------------------------- 
//--- Print Out --------------------------------------- 
//----------------------------------------------------- 
$site_template->register_vars(array( 
  "contents" => $contents, 
  "guestbook_comments" => $comments, 
  "lang_sign_my_guestbook" => $lang['sign_my_guestbook'], 
  "msg" => $msg, 
  "clickstream" => $clickstream 
)); 
unset($contents); 
$site_template->print_template($site_template->parse_template($main_template)); 
include(ROOT_PATH.'includes/page_footer.php'); 

?>