here is the guestbook.php
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: details.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web:
http://www.4homepages.de *
* Scriptversion: 1.7 *
* *
* Never released without support from: Nicky (
http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) f?r weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
$main_template = 'guestbook';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
if ($config['guestbook_view'] != 1) {
header("Location: ".$site_sess->url(ROOT_PATH."index.php"));
exit;
}
if ($action == "") {
$action = "showcomments";
}
if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) {
$comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]);
}
else {
$comment_id = 0;
}
if ($action == "deletecomment") {
if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_delete'];
$sql = "DELETE FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}
if ($action == "removecomment") {
if (!$comment_id || ($config['user_delete_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = $lang['comment_delete'];
$comment_user_name = $comment_row['comment_user_name'];
$site_template->register_vars(array(
"comment_id" => $comment_id,
"comment_user_name" => htmlspecialchars($comment_user_name),
"comment_site" => format_text($comment_row['comment_site'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"lang_delete_comment" => $lang['comment_delete'],
"lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$contents = $site_template->parse_template("guestbook_deletecomment");
}
if ($action == "updatecomment") {
if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_edit'];
$error = 0;
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
if ($comment_user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
} elseif ($site_db->not_empty("SELECT user_name FROM ".
GUESTBOOK_TABLE.
" WHERE user_name= '".strtolower($comment_user_name)."' AND comment_date > ".(time()-60 * 60 * 24))) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
if ($comment_site =="http://") {
$comment_site = "";
}
$sql = "UPDATE ".GUESTBOOK_TABLE."
SET comment_site = '$comment_site', comment_text = '$comment_text', user_name= '$comment_user_name'
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
} else {
$action = "editcomment";
$sendprocess = 1;
}
}
if ($action == "editcomment") {
if (!$comment_id || ($config['user_edit_guestbook'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip
FROM ".GUESTBOOK_TABLE."
WHERE comment_id = $comment_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || ($comment_row['comment_ip'] != $session_info['session_ip'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['comment_edit'];
$comment_site = (isset($HTTP_POST_VARS['comment_site'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_site']))) : (empty($comment_row['comment_site']) ? "http://" : $comment_row['comment_site']);
$comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_user_name']))) : $comment_row['comment_user_name'];
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"smiles_text" => get_smiles_text(),
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_id" => $comment_id,
"comment_user_name" => htmlspecialchars($comment_user_name),
"comment_site" => htmlspecialchars($comment_site),
"comment_text" => htmlspecialchars($comment_text),
"lang_edit_comment" => $lang['comment_edit'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no'],
));
$contents = $site_template->parse_template("guestbook_editcomment");
}
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$error = 0;
if ($action == "postcomment" && $config['guestbook_post'] == 1) {
$comment_user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$comment_site = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_site']));
// Flood Check
$sql = "SELECT comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
WHERE comment_ip = '".$session_info['session_ip']."'
ORDER BY comment_date DESC
LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 360;
if (time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= (($msg != "") ? "<br />" : "").$lang['spamming'];
$error = 1;
}
if ($comment_user_name == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['name_required'];
$error = 1;
} elseif ($site_db->not_empty("SELECT user_name FROM ".
GUESTBOOK_TABLE.
" WHERE user_name= '".strtolower($comment_user_name)."' AND comment_date > ".(time()-60 * 60 * 24))) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
if (!$error) {
if ($comment_site =="http://") {
$comment_site = "";
}
$sql = "INSERT INTO ".GUESTBOOK_TABLE."
(user_name, comment_site, comment_text, comment_ip, comment_date)
VALUES
('$comment_user_name', '$comment_site', '$comment_text', '".$session_info['session_ip']."', ".time().")";
$site_db->query($sql);
}
unset($spam_row);
}
//-----------------------------------------------------
//---Show Guestbook Comments---------------------------
//-----------------------------------------------------
if (($action == "showcomments" || $action == "postcomment" ) && $config['guestbook_view'] == 1) {
if (isset($HTTP_POST_VARS['commentsetperpage']) || isset($HTTP_GET_VARS['commentsetperpage'])) {
$commentsetperpage = (intval($HTTP_POST_VARS['commentsetperpage']) ) ? intval($HTTP_POST_VARS['commentsetperpage']) : intval($HTTP_GET_VARS['commentsetperpage']);
if ($commentsetperpage) {
$site_sess->set_session_var("commentperpage", $commentsetperpage);
$session_info['commentperpage'] = $commentsetperpage;
}
}
if (isset($session_info['commentperpage'])) {
$commentperpage = $session_info['commentperpage'];
} else {
$commentperpage = 8;
}
$sql = "SELECT COUNT(user_name) AS comments
FROM ".GUESTBOOK_TABLE;
$result = $site_db->query_firstrow($sql);
$num_comments = $result['comments'];
$site_db->free_result();
$num_rows_all = (isset($num_comments)) ? $num_comments : 0;
$link_arg = $site_sess->url(ROOT_PATH."guestbook.php");
include_once(ROOT_PATH.'includes/paging.php');
$getpaging = new Paging($page, $commentperpage, $num_rows_all, $link_arg);
$offset = $getpaging->get_offset();
$site_template->register_vars(array(
"paging" => $getpaging->get_paging(),
"paging_stats" => $getpaging->get_paging_stats()
));
$sql = "SELECT comment_id, user_name AS comment_user_name, comment_site, comment_text, comment_ip, comment_date
FROM ".GUESTBOOK_TABLE."
ORDER BY comment_date DESC
LIMIT $offset, $commentperpage";
$result = $site_db->query($sql);
$comment_row = array();
while ($row = $site_db->fetch_array($result)) {
$comment_row[] = $row;
}
$site_db->free_result($result);
$num_comments = sizeof($comment_row);
$comments = "";
$site_template->register_vars(array(
"lang_guest_from" => $lang['guest_from'],
"lang_guest_site" => $lang['guest_site']
));
if ($num_comments) {
$bgcounter = 0;
for ($i = 0; $i < $num_comments; $i++) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$comment_user_name = htmlspecialchars($comment_row[$i]['comment_user_name']);
$comment_user_ip = ($user_info['user_level'] == ADMIN) ? $comment_row[$i]['comment_ip'] : "";
$admin_links = "";
if ($user_info['user_level'] == ADMIN) {
$admin_links .= "<a href=\"".
$site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&comment_id=".
$comment_row[$i]['comment_id']).
"\" target=\"admin_edit\">".$lang['edit']."</a> ";
$admin_links .= "<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>";
} elseif ($comment_row[$i]['comment_ip'] == $session_info['session_ip']) { // if ip equals, permit to edit
$admin_links .= ($config['user_edit_guestbook'] != 1) ? "" :
"<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=editcomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['edit']."</a> ";
$admin_links .= ($config['user_delete_guestbook'] != 1) ? "" :
"<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=removecomment&comment_id=".$comment_row[$i]['comment_id'])."\" target=\"admin_edit\">".$lang['delete']."</a>";
}
$site_template->register_vars(array(
"comment_id" => $comment_row[$i]['comment_id'],
"comment_user_name" => $comment_user_name,
"comment_user_ip" => $comment_user_ip,
"comment_site" => format_text($comment_row[$i]['comment_site'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row[$i]['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"comment_date" => format_date($config['date_format']." ".$config['time_format'], $comment_row[$i]['comment_date']),
"row_bg_number" => $row_bg_number,
"admin_links" => $admin_links,
));
$comments .= $site_template->parse_template("guestbook_comment_bit");
} // end for
} else {
$comments = $lang['be_the_first'];
}
//---End Show Guestbook Comments----
//-----------------------------------------------------
//--- BBCode & Form -----------------------------------
//-----------------------------------------------------
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
if ($config['guestbook_post'] != 1) {
$comment_form = "";
} else {
$comment_user_name = (isset($HTTP_POST_VARS['comment_user_name']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_user_name']))) : (($user_info['user_level'] != GUEST) ? htmlspecialchars($user_info['user_name']) : "");
$comment_site = (isset($HTTP_POST_VARS['comment_site']) && $error) ? stripslashes(htmlspecialchars(trim($HTTP_POST_VARS['comment_site']))) : "http://";
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_user_name" => $comment_user_name,
"comment_site" => $comment_site,
"comment_text" => $comment_text,
"lang_post_guestbook" => $lang['post_guestbook'],
"lang_name" => $lang['name'],
"lang_site" => $lang['site'],
"lang_comment" => $lang['comment']
));
$comment_form = $site_template->parse_template("guestbook_form");
$site_template->register_vars("guestbook_form", $comment_form);
$contents = $site_template->parse_template("guestbook_showcomments");
unset($comment_form);
} // end if allow_comments
$txt_clickstream = $lang['post_guestbook'];
}
//-----------------------------------------------------
//---Clickstream---------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator']
."<a href=\"".$site_sess->url(ROOT_PATH."guestbook.php?action=showcomments")."\">".$lang['guestbook']."</a>".$config['category_separator'].$txt_clickstream."</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"contents" => $contents,
"guestbook_comments" => $comments,
"lang_sign_my_guestbook" => $lang['sign_my_guestbook'],
"msg" => $msg,
"clickstream" => $clickstream
));
unset($contents);
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>
